* [PATCH 4.19 000/361] 4.19.2-stable review
@ 2018-11-11 22:15 Greg Kroah-Hartman
2018-11-11 22:15 ` [PATCH 4.19 001/361] bpf: fix partial copy of map_ptr when dst is scalar Greg Kroah-Hartman
` (363 more replies)
0 siblings, 364 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:15 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, torvalds, akpm, linux, shuah, patches,
ben.hutchings, lkft-triage, stable
This is the start of the stable review cycle for the 4.19.2 release.
There are 361 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Tue Nov 13 22:14:55 UTC 2018.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.2-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linux 4.19.2-rc1
Takashi Iwai <tiwai@suse.de>
vga_switcheroo: Fix missing gpu_bound call at audio client registration
Daniel Colascione <dancol@google.com>
bpf: wait for running BPF programs when updating map-in-map
Jann Horn <jannh@google.com>
userns: also map extents in the reverse map to kernel IDs
Mikulas Patocka <mpatocka@redhat.com>
vt: fix broken display when running aptitude
David Ahern <dsahern@gmail.com>
net: sched: Remove TCA_OPTIONS from policy
Filipe Manana <fdmanana@suse.com>
Btrfs: fix use-after-free when dumping free space
Filipe Manana <fdmanana@suse.com>
Btrfs: fix use-after-free during inode eviction
Josef Bacik <josef@toxicpanda.com>
btrfs: move the dio_sem higher up the callchain
Josef Bacik <josef@toxicpanda.com>
btrfs: don't run delayed_iputs in commit
Josef Bacik <josef@toxicpanda.com>
btrfs: fix insert_reserved error handling
Josef Bacik <josef@toxicpanda.com>
btrfs: only free reserved extent if we didn't insert it
Josef Bacik <jbacik@fb.com>
btrfs: don't use ctl->free_space for max_extent_size
Josef Bacik <jbacik@fb.com>
btrfs: set max_extent_size properly
Josef Bacik <josef@toxicpanda.com>
btrfs: reset max_extent_size properly
Filipe Manana <fdmanana@suse.com>
Btrfs: fix deadlock when writing out free space caches
Filipe Manana <fdmanana@suse.com>
Btrfs: fix assertion on fsync of regular file when using no-holes feature
Filipe Manana <fdmanana@suse.com>
Btrfs: fix null pointer dereference on compressed write path error
Qu Wenruo <wqu@suse.com>
btrfs: qgroup: Dirty all qgroups before rescan
Filipe Manana <fdmanana@suse.com>
Btrfs: fix wrong dentries after fsync of file that got its parent replaced
Filipe Manana <fdmanana@suse.com>
Btrfs: fix warning when replaying log after fsync of a tmpfile
Josef Bacik <josef@toxicpanda.com>
btrfs: make sure we create all new block groups
Josef Bacik <jbacik@fb.com>
btrfs: reset max_extent_size on clear in a bitmap
Josef Bacik <josef@toxicpanda.com>
btrfs: protect space cache inode alloc with GFP_NOFS
Josef Bacik <josef@toxicpanda.com>
btrfs: release metadata before running delayed refs
Chris Mason <clm@fb.com>
Btrfs: don't clean dirty pages during buffered writes
Josef Bacik <josef@toxicpanda.com>
btrfs: wait on caching when putting the bg cache
Jeff Mahoney <jeffm@suse.com>
btrfs: keep trim from interfering with transaction commits
Jeff Mahoney <jeffm@suse.com>
btrfs: don't attempt to trim devices that don't support it
Jeff Mahoney <jeffm@suse.com>
btrfs: iterate all devices during trim, instead of fs_devices::alloc_list
Qu Wenruo <wqu@suse.com>
btrfs: Ensure btrfs_trim_fs can trim the whole filesystem
Qu Wenruo <wqu@suse.com>
btrfs: Enhance btrfs_trim_fs function to handle error better
Jeff Mahoney <jeffm@suse.com>
btrfs: fix error handling in btrfs_dev_replace_start
Jeff Mahoney <jeffm@suse.com>
btrfs: fix error handling in free_log_tree
Qu Wenruo <wqu@suse.com>
btrfs: locking: Add extra check in btrfs_init_new_buffer() to avoid deadlock
Qu Wenruo <wqu@suse.com>
btrfs: Handle owner mismatch gracefully when walking up tree
Qu Wenruo <wqu@suse.com>
btrfs: qgroup: Avoid calling qgroup functions if qgroup is not enabled
Masami Hiramatsu <mhiramat@kernel.org>
tracing: Return -ENOENT if there is no target synthetic event
Breno Leitao <leitao@debian.org>
selftests/powerpc: Fix ptrace tm failure
Masami Hiramatsu <mhiramat@kernel.org>
selftests/ftrace: Fix synthetic event test to delete event correctly
Johan Hovold <johan@kernel.org>
soc/tegra: pmc: Fix child-node lookup
Bjorn Andersson <bjorn.andersson@linaro.org>
soc: qcom: rmtfs-mem: Validate that scm is available
Thor Thayer <thor.thayer@linux.intel.com>
arm64: dts: stratix10: Correct System Manager register size
Thor Thayer <thor.thayer@linux.intel.com>
ARM: dts: socfpga: Fix SDRAM node address for Arria10
Nicolas Pitre <nicolas.pitre@linaro.org>
Cramfs: fix abad comparison when wrap-arounds occur
Colin Ian King <colin.king@canonical.com>
rpmsg: smd: fix memory leak on channel create
Tri Vo <trong@android.com>
arm64: lse: remove -fcall-used-x0 flag
Hans Verkuil <hansverk@cisco.com>
media: hdmi.h: rename ADOBE_RGB to OPRGB and ADOBE_YCC to OPYCC
Hans Verkuil <hverkuil@xs4all.nl>
media: replace ADOBERGB by OPRGB
Hans Verkuil <hansverk@cisco.com>
media: media colorspaces*.rst: rename AdobeRGB to opRGB
Johan Hovold <johan@kernel.org>
drm/mediatek: fix OF sibling-node lookup
Hans Verkuil <hans.verkuil@cisco.com>
media: adv7842: when the EDID is cleared, unconfigure CEC as well
Hans Verkuil <hans.verkuil@cisco.com>
media: adv7604: when the EDID is cleared, unconfigure CEC as well
Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
media: em28xx: fix handler for vidioc_s_input()
Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
media: em28xx: make v4l2-compliance happier by starting sequence on zero
Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
media: em28xx: fix input name for Terratec AV 350
Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
media: tvp5150: avoid going past array on v4l2_querymenu()
Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
media: em28xx: use a default format if TRY_FMT fails
Hans Verkuil <hverkuil@xs4all.nl>
media: cec: forgot to cancel delayed work
Hans Verkuil <hans.verkuil@cisco.com>
media: cec: fix the Signal Free Time calculation
Hans Verkuil <hans.verkuil@cisco.com>
media: cec: add new tx/rx status bits to detect aborts/timeouts
Manjunath Patil <manjunath.b.patil@oracle.com>
xen-blkfront: fix kernel panic with negotiate_mq error path
Juergen Gross <jgross@suse.com>
xen: remove size limit of privcmd-buf mapping interface
Juergen Gross <jgross@suse.com>
xen: fix xen_qlock_wait()
Hans Verkuil <hans.verkuil@cisco.com>
media: cec: integrate cec_validate_phys_addr() in cec-api.c
Hans Verkuil <hans.verkuil@cisco.com>
media: cec: make cec_get_edid_spa_location() an inline function
Bjorn Andersson <bjorn.andersson@linaro.org>
remoteproc: qcom: q6v5: Propagate EPROBE_DEFER
He Zhe <zhe.he@windriver.com>
kgdboc: Passing ekgdboc to command line causes panic
Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Revert "media: dvbsky: use just one mutex for serializing device R/W ops"
Hans Verkuil <hverkuil@xs4all.nl>
media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD
Johan Hovold <johan@kernel.org>
net: bcmgenet: fix OF child-node lookup
Maciej W. Rozycki <macro@linux-mips.org>
TC: Set DMA masks for devices
Will Deacon <will.deacon@arm.com>
iommu/arm-smmu: Ensure that page-table updates are visible before TLBI
Christophe Lombard <clombard@linux.vnet.ibm.com>
ocxl: Fix access to the AFU Descriptor Data
Johan Hovold <johan@kernel.org>
power: supply: twl4030-charger: fix OF sibling-node lookup
Maciej W. Rozycki <macro@linux-mips.org>
rtc: cmos: Remove the `use_acpi_alarm' module parameter for !ACPI
Maciej W. Rozycki <macro@linux-mips.org>
rtc: cmos: Fix non-ACPI undefined reference to `hpet_rtc_interrupt'
Soeren Moch <smoch@web.de>
rtc: ds1307: fix ds1339 wakealarm support
Aaro Koskinen <aaro.koskinen@iki.fi>
MIPS: OCTEON: fix out of bounds array access on CN68XX
Nicholas Piggin <npiggin@gmail.com>
powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs before POWER9
Michael Neuling <mikey@neuling.org>
powerpc/tm: Fix HFSCR bit for no suspend case
Christophe Leroy <christophe.leroy@c-s.fr>
powerpc/msi: Fix compile error on mpc83xx
Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
powerpc64/module elfv1: Set opd addresses after module relocation
Jan Kara <jack@suse.cz>
fsnotify: Fix busy inodes during unmount
Lubomir Rintel <lkundrak@v3.sk>
media: ov7670: make "xclk" clock optional
Damien Le Moal <damien.lemoal@wdc.com>
dm zoned: fix various dmz_get_mblock() issues
Damien Le Moal <damien.lemoal@wdc.com>
dm zoned: fix metadata block ref counting
Wenwen Wang <wang6495@umn.edu>
dm ioctl: harden copy_params()'s copy_from_user() from malicious users
Amir Goldstein <amir73il@gmail.com>
lockd: fix access beyond unterminated strings in prints
Trond Myklebust <trondmy@gmail.com>
nfsd: Fix an Oops in free_session()
Andrew Elble <aweits@rit.edu>
nfsd: correctly decrement odstate refcount in error path
Benjamin Coddington <bcodding@redhat.com>
nfs: Fix a missed page unlock after pg_doio()
Trond Myklebust <trond.myklebust@hammerspace.com>
NFSv4.1: Fix the r/wsize checking
Johan Hovold <johan@kernel.org>
NFC: nfcmrvl_uart: fix OF child-node lookup
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
tpm: fix response size validation in tpm_get_random()
Lukas Wunner <lukas@wunner.de>
genirq: Fix race on spurious interrupt detection
He Zhe <zhe.he@windriver.com>
printk: Fix panic caused by passing log_buf_len to command line
Steve French <stfrench@microsoft.com>
smb3: on kerberos mount if server doesn't specify auth type use krb5
Steve French <stfrench@microsoft.com>
smb3: do not attempt cifs operation in smb3 query info error path
Steve French <stfrench@microsoft.com>
smb3: allow stats which track session and share reconnects to be reset
Andreas Kemnade <andreas@kemnade.info>
w1: omap-hdq: fix missing bus unregister at removal
Eugen Hristev <eugen.hristev@microchip.com>
iio: adc: at91: fix wrong channel number in triggered buffer mode
Eugen Hristev <eugen.hristev@microchip.com>
iio: adc: at91: fix acking DRDY irq on simple conversions
Alexey Khoroshilov <khoroshilov@ispras.ru>
iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs()
Lars-Peter Clausen <lars@metafoo.de>
iio: ad5064: Fix regulator handling
Arnd Bergmann <arnd@arndb.de>
kbuild: fix kernel/bounds.c 'W=1' warning
Mark Rutland <mark.rutland@arm.com>
KVM: arm64: Fix caching of host MDCR_EL2 value
Punit Agrawal <punit.agrawal@arm.com>
KVM: arm/arm64: Ensure only THP is candidate for adjustment
Ralph Campbell <rcampbell@nvidia.com>
mm/hmm: fix race between hmm_mirror_unregister() and mmu_notifier callback
Ralph Campbell <rcampbell@nvidia.com>
mm/rmap: map_pte() was not handling private ZONE_DEVICE page properly
Mike Kravetz <mike.kravetz@oracle.com>
hugetlbfs: dirty pages as they are added to pagecache
Goldwyn Rodrigues <rgoldwyn@suse.de>
ima: open a new file instance if no read permissions
Eric Biggers <ebiggers@google.com>
ima: fix showing large 'violations' or 'runtime_measurements_count'
Christoph Hellwig <hch@lst.de>
userfaultfd: disable irqs when taking the waitqueue lock
Vlastimil Babka <vbabka@suse.cz>
mm: /proc/pid/smaps_rollup: fix NULL pointer deref in smaps_pte_range()
Jason A. Donenfeld <Jason@zx2c4.com>
crypto: speck - remove Speck
Ard Biesheuvel <ard.biesheuvel@linaro.org>
crypto: aegis/generic - fix for big endian systems
Ard Biesheuvel <ard.biesheuvel@linaro.org>
crypto: morus/generic - fix for big endian systems
Mikulas Patocka <mpatocka@redhat.com>
crypto: aesni - don't use GFP_ATOMIC allocation if the request doesn't cross a page in gcm
Horia Geantă <horia.geanta@nxp.com>
crypto: tcrypt - fix ghash-generic speed test
Ondrej Mosnacek <omosnace@redhat.com>
crypto: lrw - Fix out-of bounds access on counter overflow
Eric W. Biederman <ebiederm@xmission.com>
signal: Guard against negative signal numbers in copy_siginfo_from_user32
Eric W. Biederman <ebiederm@xmission.com>
signal/GenWQE: Fix sending of SIGKILL
Bin Meng <bmeng.cn@gmail.com>
PCI: Add Device IDs for Intel GPU "spurious interrupt" quirk
Lukas Wunner <lukas@wunner.de>
PCI/ASPM: Fix link_state teardown on device removal
Vignesh R <vigneshr@ti.com>
ARM: dts: dra7: Fix up unaligned access setting for PCIe EP
Qiuxu Zhuo <qiuxu.zhuo@intel.com>
EDAC, skx_edac: Fix logical channel intermediate decoding
Tony Luck <tony.luck@intel.com>
EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting
Michael Jin <mikhail.jin@gmail.com>
EDAC, amd64: Add Family 17h, models 10h-2fh support
Breno Leitao <leitao@debian.org>
HID: hiddev: fix potential Spectre v1
Jason Gerecke <killertofu@gmail.com>
HID: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452
Stephen Smalley <sds@tycho.nsa.gov>
selinux: fix mounting of cgroup2 under older policies
Theodore Ts'o <tytso@mit.edu>
ext4: fix use-after-free race in ext4_remount()'s error path
Wang Shilong <wshilong@ddn.com>
ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR
Wang Shilong <wangshilong1991@gmail.com>
ext4: fix setattr project check in fssetxattr ioctl
Lukas Czerner <lczerner@redhat.com>
ext4: initialize retries variable in ext4_da_write_inline_data_begin()
Theodore Ts'o <tytso@mit.edu>
ext4: fix EXT4_IOC_SWAP_BOOT
Al Viro <viro@zeniv.linux.org.uk>
gfs2_meta: ->mount() can get NULL dev_name
Jan Kara <jack@suse.cz>
jbd2: fix use after free in jbd2_log_do_checkpoint()
Jason Gunthorpe <jgg@ziepe.ca>
IB/rxe: Revise the ib_wr_opcode enum
Artemy Kovalyov <artemyko@mellanox.com>
IB/mlx5: Fix MR cache initialization
Daniel Mack <daniel@zonque.org>
ASoC: sta32x: set ->component pointer in private struct
Takashi Iwai <tiwai@suse.de>
ASoC: intel: skylake: Add missing break in skl_tplg_get_token()
Dan Williams <dan.j.williams@intel.com>
libnvdimm, pmem: Fix badblocks population for 'raw' namespaces
Dan Williams <dan.j.williams@intel.com>
libnvdimm, region: Fail badblocks listing for inactive regions
Alexander Duyck <alexander.h.duyck@linux.intel.com>
libnvdimm: Hold reference on parent while scheduling async init
Nicholas Bellinger <nab@linux-iscsi.org>
scsi: target: Fix target_wait_for_sess_cmds breakage with active signals
Nicholas Bellinger <nab@linux-iscsi.org>
scsi: sched/wait: Add wait_event_lock_irq_timeout for TASK_UNINTERRUPTIBLE usage
Christian Lamparter <chunkeey@gmail.com>
dmaengine: ppc4xx: fix off-by-one build failure
Stefan Nuernberger <snu@amazon.com>
net/ipv4: defensive cipso option parsing
Luca Coelho <luciano.coelho@intel.com>
iwlwifi: mvm: check return value of rs_rate_from_ucode_rate()
Felix Fietkau <nbd@nbd.name>
mt76: mt76x2: fix multi-interface beacon configuration
Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
usb: gadget: udc: renesas_usb3: Fix b-device mode for "workaround"
Adam Thomson <Adam.Thomson.Opensource@diasemi.com>
usb: typec: tcpm: Fix APDO PPS order checking to be based on voltage
Shuah Khan (Samsung OSG) <shuah@kernel.org>
usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten
Lubomir Rintel <lkundrak@v3.sk>
libertas: don't set URB_ZERO_PACKET on IN USB transfer
Juergen Gross <jgross@suse.com>
xen/pvh: don't try to unplug emulated devices
Roger Pau Monne <roger.pau@citrix.com>
xen/pvh: increase early stack size
Juergen Gross <jgross@suse.com>
xen: make xen_qlock_wait() nestable
Juergen Gross <jgross@suse.com>
xen: fix race in xen_qlock_wait()
Boris Ostrovsky <boris.ostrovsky@oracle.com>
xen/balloon: Support xend-based toolstack
Vasilis Liaskovitis <vliaskovitis@suse.com>
xen/blkfront: avoid NULL blkfront_info dereference on device removal
Dr. Greg Wettstein <greg@wind.enjellic.com>
tpm: Restore functionality to xen vtpm driver.
Joe Jin <joe.jin@oracle.com>
xen-swiotlb: use actually allocated size on check physical continuous
Marek Szyprowski <m.szyprowski@samsung.com>
ARM: dts: exynos: Mark 1 GHz CPU OPP as suspend OPP on Exynos5250
Marek Szyprowski <m.szyprowski@samsung.com>
ARM: dts: exynos: Convert exynos5250.dtsi to opp-v2 bindings
Viresh Kumar <viresh.kumar@linaro.org>
OPP: Free OPP table properly on performance state irregularities
Chao Yu <yuchao0@huawei.com>
f2fs: fix to account IO correctly
Chao Yu <yuchao0@huawei.com>
f2fs: fix to recover cold bit of inode block during POR
Jaegeuk Kim <jaegeuk@kernel.org>
f2fs: fix missing up_read
Jaegeuk Kim <jaegeuk@kernel.org>
Revert "f2fs: fix to clear PG_checked flag in set_page_dirty()"
Prarit Bhargava <prarit@redhat.com>
cpupower: Fix AMD Family 0x17 msr_pstate size
Takashi Iwai <tiwai@suse.de>
ALSA: hda: Check the non-cached stream buffers more explicitly
Vijay Immanuel <vijayi@attalasystems.com>
IB/rxe: fix for duplicate request processing and ack psns
Paul Cercueil <paul@crapouillou.net>
dmaengine: dma-jz4780: Return error if not probed from DT
Alexandre Belloni <alexandre.belloni@bootlin.com>
mfd: menelaus: Fix possible race condition and leak
Chao Yu <yuchao0@huawei.com>
f2fs: fix to flush all dirty inodes recovered in readonly fs
Eric W. Biederman <ebiederm@xmission.com>
signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init
Yunlei He <heyunlei@huawei.com>
f2fs: report error if quota off error during umount
Zhikang Zhang <zhangzhikang1@huawei.com>
f2fs: avoid sleeping under spin_lock
James Smart <jsmart2021@gmail.com>
scsi: lpfc: Correct race with abort on completion path
James Smart <jsmart2021@gmail.com>
scsi: lpfc: Correct soft lockup when running mds diagnostics
Alexandre Belloni <alexandre.belloni@bootlin.com>
uio: ensure class is registered before devices
Moni Shoua <monis@mellanox.com>
IB/mlx5: Allow transition of DCI QP to reset
Arseny Maslennikov <ar@cs.msu.ru>
IB/ipoib: Use dev_port to expose network interface port numbers
Stephen Boyd <swboyd@chromium.org>
firmware: coreboot: Unmap ioregion after device population
Akshu Agrawal <akshu.agrawal@amd.com>
ASoC: AMD: Fix capture unstable in beginning for some runs
Waiman Long <longman@redhat.com>
driver/dma/ioat: Call del_timer_sync() without holding prep_lock
Casey Schaufler <casey.schaufler@intel.com>
Smack: ptrace capability use fixes
Loic Poulain <loic.poulain@linaro.org>
usb: chipidea: Prevent unbalanced IRQ disable
Horia Geantă <horia.geanta@nxp.com>
crypto: caam - fix implicit casts in endianness helpers
Vignesh R <vigneshr@ti.com>
PCI: dwc: pci-dra7xx: Enable errata i870 for both EP and RC mode
Suzuki K Poulose <suzuki.poulose@arm.com>
coresight: etb10: Fix handling of perf mode
Tonghao Zhang <xiangxia.m.yue@gmail.com>
PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice
Chao Yu <yuchao0@huawei.com>
f2fs: fix to recover inode's i_flags during POR
Chao Yu <yuchao0@huawei.com>
f2fs: fix to recover inode's crtime during POR
Quinn Tran <quinn.tran@cavium.com>
scsi: qla2xxx: Fix recursive mailbox timeout
Anshuman Gupta <anshuman.gupta@intel.com>
xhci: Avoid USB autosuspend when resuming USB2 ports.
Bartosz Golaszewski <bgolaszewski@baylibre.com>
nvmem: check the return value of nvmem_add_cells()
Alan Douglas <adouglas@cadence.com>
PCI: cadence: Correct probe behaviour when failing to get PHY
Shaohua Li <shli@fb.com>
MD: fix invalid stored role for a disk
Theodore Ts'o <tytso@mit.edu>
ext4: fix argument checking in EXT4_IOC_MOVE_EXT
Alexandre Belloni <alexandre.belloni@bootlin.com>
usb: gadget: udc: atmel: handle at91sam9rl PMC
Fabrice Gasnier <fabrice.gasnier@st.com>
usb: dwc2: fix a race with external vbus supply
Fabrice Gasnier <fabrice.gasnier@st.com>
usb: dwc2: fix call to vbus supply exit routine, call it unlocked
Lina Iyer <ilina@codeaurora.org>
irqchip/pdc: Setup all edge interrupts as rising edge at GIC
Chuck Lever <chuck.lever@oracle.com>
xprtrdma: Reset credit grant properly after a disconnect
Mika Westerberg <mika.westerberg@linux.intel.com>
PCI / ACPI: Enable wake automatically for power managed bridges
Jorgen Hansen <jhansen@vmware.com>
VMCI: Resource wildcard match fixed
Dexuan Cui <decui@microsoft.com>
Drivers: hv: vmbus: Use cpumask_var_t for on-stack cpu mask
Jaegeuk Kim <jaegeuk@kernel.org>
f2fs: clear PageError on the read path
Javier Martinez Canillas <javierm@redhat.com>
tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated
Adam Thomson <Adam.Thomson.Opensource@diasemi.com>
usb: typec: tcpm: Report back negotiated PPS voltage and current
Alan Douglas <adouglas@cadence.com>
PCI: cadence: Use AXI region 0 to signal interrupts from EP
Honghui Zhang <honghui.zhang@mediatek.com>
PCI: mediatek: Fix mtk_pcie_find_port() endpoint/port matching logic
Tudor.Ambarus@microchip.com <Tudor.Ambarus@microchip.com>
usb: host: ohci-at91: fix request of irq for optional gpio
Selvin Xavier <selvin.xavier@broadcom.com>
RDMA/bnxt_re: Fix recursive lock warning in debug kernel
Selvin Xavier <selvin.xavier@broadcom.com>
RDMA/bnxt_re: Avoid accessing nq->bar_reg_iomem in failure case
Denis Drozdov <denisd@mellanox.com>
IB/ipoib: Clear IPCB before icmp_send
Leon Romanovsky <leon@kernel.org>
RDMA/cm: Respect returned status of cm_init_av_by_path
Parav Pandit <parav@mellanox.com>
RDMA/core: Do not expose unsupported counters
Wenwen Wang <wang6495@umn.edu>
scsi: megaraid_sas: fix a missing-check bug
Jim Mattson <jmattson@google.com>
KVM: nVMX: Clear reserved bits of #DB exit qualification
David Howells <dhowells@redhat.com>
UAPI: ndctl: Fix g++-unsupported initialisation in headers
Evan Green <evgreen@chromium.org>
scsi: ufs: Schedule clk gating work on correct queue
Finn Thain <fthain@telegraphics.com.au>
scsi: esp_scsi: Track residual for PIO transfers
Rob Herring <robh@kernel.org>
of: Add missing exports of node name compare functions
Jack Wang <jinpu.wang@profitbricks.com>
md: fix memleak for mempool
Xiao Ni <xni@redhat.com>
MD: Memory leak when flush bio size is zero
Chao Yu <yuchao0@huawei.com>
f2fs: fix to account IO correctly for cgroup writeback
Johan Hovold <johan@kernel.org>
net: stmmac: dwmac-sun8i: fix OF child-node lookup
Michal Hocko <mhocko@suse.com>
cgroup, netclassid: add a preemption point to write_classid
Ronnie Sahlberg <lsahlber@redhat.com>
cifs: fix a credits leak for compund commands
Geert Uytterhoeven <geert+renesas@glider.be>
thermal: da9062/61: Prevent hardware access during system suspend
Geert Uytterhoeven <geert+renesas@glider.be>
thermal: rcar_thermal: Prevent doing work after unbind
Diego Viola <diego.viola@gmail.com>
libata: Apply NOLPM quirk for SAMSUNG MZ7TD256HAFV-000L9
Martin Willi <martin@strongswan.org>
ath10k: schedule hardware restart if WMI command times out
Maya Erez <merez@codeaurora.org>
wil6210: fix RX buffers release and unmap
Sebastian Basierski <sebastianx.basierski@intel.com>
ixgbevf: VF2VF TCP RSS
Shannon Nelson <shannon.nelson@oracle.com>
ixgbe: disallow IPsec Tx offload when in SR-IOV mode
Justin Chen <justinpopo6@gmail.com>
gpio: brcmstb: allow 0 width GPIO banks
Sara Sharon <sara.sharon@intel.com>
iwlwifi: mvm: fix BAR seq ctrl reporting
Dan Carpenter <dan.carpenter@oracle.com>
libertas_tf: prevent underflow in process_cmdrequest()
Siva Rebbagondla <siva.rebbagondla@redpinesignals.com>
rsi: fix memory alignment issue in ARM32 platforms
Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
mt76x2u: run device cleanup routine if resume fails
Andrew Lunn <andrew@lunn.ch>
net: dsa: mv88e6xxx: Fix writing to a PHY page.
Yunsheng Lin <linyunsheng@huawei.com>
net: hns3: Fix for vf vlan delete failed problem
Yunsheng Lin <linyunsheng@huawei.com>
net: hns3: Fix ping exited problem when doing lp selftest
Yunsheng Lin <linyunsheng@huawei.com>
net: hns3: Preserve vlan 0 in hardware table
Douglas Anderson <dianders@chromium.org>
pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant
Douglas Anderson <dianders@chromium.org>
pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant
Arnaldo Carvalho de Melo <acme@redhat.com>
perf tests: Fix record+probe_libc_inet_pton.sh without ping's debuginfo
YueHaibing <yuehaibing@huawei.com>
failover: Add missing check to validate 'slave_dev' in net_failover_slave_unregister
Alexei Starovoitov <ast@kernel.org>
bpf/verifier: fix verifier instability
Stephen Boyd <swboyd@chromium.org>
pinctrl: qcom: spmi-mpp: Fix drive strength setting
Hans de Goede <hdegoede@redhat.com>
ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers
Linus Walleij <linus.walleij@linaro.org>
spi: gpio: No MISO does not imply no RX
Masami Hiramatsu <mhiramat@kernel.org>
kprobes: Return error if we fail to reuse kprobe instead of BUG_ON()
Will Deacon <will.deacon@arm.com>
arm64: entry: Allow handling of undefined instructions from EL1
Paolo Valente <paolo.valente@linaro.org>
block, bfq: correctly charge and reset entity service in all cases
Antoine Tenart <antoine.tenart@bootlin.com>
net: phy: phylink: ensure the carrier is off when starting phylink
Fuyun Liang <liangfuyun1@huawei.com>
net: hns3: Set STATE_DOWN bit of hdev state when stopping net
Peng Li <lipeng321@huawei.com>
net: hns3: Check hdev state when getting link status
Arend van Spriel <arend.vanspriel@broadcom.com>
brcmfmac: fix for proper support of 160MHz bandwidth
YueHaibing <yuehaibing@huawei.com>
pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux
YueHaibing <yuehaibing@huawei.com>
pinctrl: sunxi: fix 'pctrl->functions' allocation in sunxi_pinctrl_build_state
Jian Shen <shenjian15@huawei.com>
net: hns3: Fix ets validate issue
Jian Shen <shenjian15@huawei.com>
net: hns3: Add nic state check before calling netif_tx_wake_queue
Ben Hutchings <ben@decadent.org.uk>
x86: boot: Fix EFI stub alignment
Hans de Goede <hdegoede@redhat.com>
efi/x86: Call efi_parse_options() from efi_main()
Balakrishna Godavarthi <bgodavar@codeaurora.org>
Bluetooth: hci_qca: Remove hdev dereference in qca_close().
Christian Hewitt <christianshewitt@gmail.com>
Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth
Yunsheng Lin <linyunsheng@huawei.com>
net: hns3: Fix for packet buffer setting bug
Jacob Keller <jacob.e.keller@intel.com>
ice: update fw version check logic
Bruce Allan <bruce.w.allan@intel.com>
ice: fix changing of ring descriptor size (ethtool -G)
Will Deacon <will.deacon@arm.com>
signal: Introduce COMPAT_SIGMINSTKSZ for use in compat_sys_sigaltstack
Rakesh Pillai <pillair@codeaurora.org>
ath10k: fix tx status flag setting for management frames
James Smart <jsmart2021@gmail.com>
nvme: call nvme_complete_rq when nvmf_check_ready fails for mpath I/O
Gustavo A. R. Silva <gustavo@embeddedor.com>
mtd: rawnand: atmel: Fix potential NULL pointer dereference
Xiaochen Shen <xiaochen.shen@intel.com>
x86/intel_rdt: Show missing resctrl mount options
Viresh Kumar <viresh.kumar@linaro.org>
cpufreq: dt: Try freeing static OPPs only if we have added them
Dou Liyang <douly.fnst@cn.fujitsu.com>
ACPI / processor: Fix the return value of acpi_processor_ids_walk()
Rajneesh Bhardwaj <rajneesh.bhardwaj@linux.intel.com>
ACPI / PM: LPIT: Register sysfs attributes based on FADT
Jeffrey Hugo <jhugo@codeaurora.org>
ACPI/PPTT: Handle architecturally unknown cache types
Sagi Grimberg <sagi@grimberg.me>
nvmet-rdma: use a private workqueue for delete
Tony Lindgren <tony@atomide.com>
wlcore: Fix BUG with clear completion on timeout
Lubomir Rintel <lkundrak@v3.sk>
x86/olpc: Indicate that legacy PC XO-1 platform should not register RTC
Luca Coelho <luciano.coelho@intel.com>
iwlwifi: mvm: check for n_profiles validity in EWRD ACPI
Emmanuel Grumbach <emmanuel.grumbach@intel.com>
iwlwifi: mvm: clear HW_RESTART_REQUESTED when stopping the interface
Shaul Triebitz <shaul.triebitz@intel.com>
iwlwifi: pcie: avoid empty free RB queue
Masahiro Yamada <yamada.masahiro@socionext.com>
mtd: rawnand: denali: set SPARE_AREA_SKIP_BYTES register to 8 if unset
Wang Dongsheng <dongsheng.wang@hxt-semitech.com>
sdhci: acpi: add free_slot callback
Yu Zhao <yuzhao@google.com>
mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01
Ben Peddell <klightspeed@killerwolves.net>
bcache: Populate writeback_rate_minimum attribute
Prarit Bhargava <prarit@redhat.com>
cpupower: Fix coredump on VMWare
Sanskriti Sharma <sansharm@redhat.com>
perf strbuf: Match va_{add,copy} with va_end
Sanskriti Sharma <sansharm@redhat.com>
perf tools: Free 'printk' string in parse_ftrace_printk()
Sanskriti Sharma <sansharm@redhat.com>
perf tools: Cleanup trace-event-info 'tdata' leak
Sanskriti Sharma <sansharm@redhat.com>
perf tools: Free temporary 'sys' string in read_event_files()
Nathan Chancellor <natechancellor@gmail.com>
spi: spi-ep93xx: Use dma_data_direction for ep93xx_spi_dma_{finish,prepare}
Javier González <javier@cnexlabs.com>
lightnvm: pblk: fix race condition on metadata I/O
Jia-Ju Bai <baijiaju1990@gmail.com>
lightnvm: pblk: fix two sleep-in-atomic-context bugs
Javier González <javier@cnexlabs.com>
lightnvm: pblk: fix race on sysfs line state
Thierry Reding <treding@nvidia.com>
hwmon: (pwm-fan) Set fan speed to 0 on suspend
Janosch Frank <frankja@linux.ibm.com>
s390/sthyi: Fix machine name validity indication
Serhey Popovych <serhe.popovych@gmail.com>
tun: Consistently configure generic netdev params via rtnetlink
Ryan C Goodfellow <rgoodfel@isi.edu>
nfp: devlink port split support for 1x100G CXP NIC
Haiyang Zhang <haiyangz@microsoft.com>
hv_netvsc: fix vf serial matching with pci slot info
Suzuki K Poulose <suzuki.poulose@arm.com>
arm64: cpufeature: ctr: Fix cpu capability check for late CPUs
Omar Sandoval <osandov@fb.com>
swim: fix cleanup on setup error
Omar Sandoval <osandov@fb.com>
ataflop: fix error handling during setup
Paolo Abeni <pabeni@redhat.com>
netfilter: xt_nat: fix DNAT target for shifted portmap ranges
Waiman Long <longman@redhat.com>
locking/lockdep: Fix debug_locks off performance problem
Eric Dumazet <edumazet@google.com>
net: loopback: clear skb->tstamp before netif_rx()
Masahisa Kojima <masahisa.kojima@linaro.org>
net: socionext: Reset tx queue in ndo_stop
Marek Szyprowski <m.szyprowski@samsung.com>
ARM: dts: exynos: Disable pull control for MAX8997 interrupts on Origen
Dave Jiang <dave.jiang@intel.com>
x86/numa_emulation: Fix uniform-split numa emulation
Sebastian Andrzej Siewior <bigeasy@linutronix.de>
x86/mm/pat: Disable preemption around __flush_tlb_all()
Vitaly Kuznetsov <vkuznets@redhat.com>
x86/kvm/nVMX: allow bare VMXON state migration
He Zhe <zhe.he@windriver.com>
x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided
Juergen Gross <jgross@suse.com>
x86/xen: Fix boot loader version reported for PVH guests
Jiri Kosina <jkosina@suse.cz>
x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
Takashi Iwai <tiwai@suse.de>
ALSA: hda - Fix incorrect clearance of thinkpad_acpi hooks
Alex Stanoev <alex@astanoev.com>
ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops
Hans de Goede <hdegoede@redhat.com>
ALSA: hda: Add 2 more models to the power_save blacklist
Jeremy Cline <jcline@redhat.com>
ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905)
Hui Wang <hui.wang@canonical.com>
ALSA: hda/realtek - Fix the problem of the front MIC on the Lenovo M715
Takashi Iwai <tiwai@suse.de>
ALSA: hda - Fix headphone pin config for ASUS G751
Takashi Iwai <tiwai@suse.de>
ALSA: hda - Add quirk for ASUS G751 laptop
Helge Deller <deller@gmx.de>
parisc: Fix exported address of os_hpmc handler
Helge Deller <deller@gmx.de>
parisc: Fix map_pages() to not overwrite existing pte entries
John David Anglin <dave.anglin@bell.net>
parisc: Fix address in HPMC IVA
David Arcari <darcari@redhat.com>
mailbox: PCC: handle parse error
Jan Glauber <jglauber@cavium.com>
ipmi: Fix timer race with module unload
Masami Hiramatsu <mhiramat@kernel.org>
kprobes/x86: Use preempt_enable() in optimized_callback()
Dan Williams <dan.j.williams@intel.com>
acpi, nfit: Fix Address Range Scrub completion tracking
Erik Schmauss <erik.schmauss@intel.com>
ACPICA: AML Parser: fix parse loop to correctly skip erroneous extended opcodes
Erik Schmauss <erik.schmauss@intel.com>
ACPICA: AML interpreter: add region addresses in global list during initialization
Bart Van Assche <bvanassche@acm.org>
ACPI / OSL: Use 'jiffies' as the time bassis for acpi_os_get_timer()
Maciej S. Szmigiero <mail@maciej.szmigiero.name>
pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges
He Zhe <zhe.he@windriver.com>
dma-mapping: fix panic caused by passing empty cma command line argument
Rafael J. Wysocki <rafael.j.wysocki@intel.com>
cpufreq: conservative: Take limits changes into account properly
Ming Lei <ming.lei@redhat.com>
block: make sure writesame bio is aligned with logical block size
Ming Lei <ming.lei@redhat.com>
block: make sure discard bio is aligned with logical block size
Jens Axboe <axboe@kernel.dk>
block: setup bounce bio_sets properly
Hou Tao <houtao1@huawei.com>
jffs2: free jffs2_sb_info through jffs2_kill_sb()
Dmitry Bazhenov <bazhenov.dn@gmail.com>
hwmon: (pmbus) Fix page count auto-detection.
Tang Junhui <tang.junhui.linux@gmail.com>
bcache: fix miss key refill->end in writeback
Tang Junhui <tang.junhui.linux@gmail.com>
bcache: correct dirty data statistics
Tang Junhui <tang.junhui.linux@gmail.com>
bcache: fix ioctl in flash device
Tang Junhui <tang.junhui.linux@gmail.com>
bcache: trace missed reading by cache_missed
Rafał Miłecki <rafal@milecki.pl>
spi: bcm-qspi: fix calculation of address length
Rafał Miłecki <rafal@milecki.pl>
spi: bcm-qspi: switch back to reading flash using smaller chunks
Chuanhua Han <chuanhua.han@nxp.com>
spi: spi-mem: Adjust op len based on message/transfer size limitations
Ahmad Fatoum <a.fatoum@pengutronix.de>
mtd: spi-nor: fsl-quadspi: Don't let -EINVAL on the bus
Mika Westerberg <mika.westerberg@linux.intel.com>
mtd: spi-nor: intel-spi: Add support for Intel Ice Lake SPI serial flash
Liu Xiang <liu.xiang6@zte.com.cn>
mtd: spi-nor: fsl-quadspi: fix read error for flash size larger than 16MB
Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
mtd: maps: gpio-addr-flash: Fix ioremapped size
Miquel Raynal <miquel.raynal@bootlin.com>
mtd: rawnand: marvell: fix the IRQ handler complete() condition
Linus Walleij <linus.walleij@linaro.org>
gpio: mxs: Get rid of external API call
Huacai Chen <chenhc@lemote.com>
MIPS: VDSO: Reduce VDSO_RANDOMIZE_SIZE to 64MB for 64bit
Daniel Borkmann <daniel@iogearbox.net>
bpf: fix partial copy of map_ptr when dst is scalar
-------------
Diffstat:
Documentation/filesystems/fscrypt.rst | 10 -
Documentation/media/uapi/cec/cec-ioc-receive.rst | 25 +-
Documentation/media/uapi/v4l/biblio.rst | 10 -
Documentation/media/uapi/v4l/colorspaces-defs.rst | 8 +-
.../media/uapi/v4l/colorspaces-details.rst | 13 +-
Documentation/media/videodev2.h.rst.exceptions | 6 +-
Makefile | 4 +-
arch/arm/boot/dts/dra7.dtsi | 2 +-
arch/arm/boot/dts/exynos4210-origen.dts | 9 +
arch/arm/boot/dts/exynos5250.dtsi | 131 ++--
arch/arm/boot/dts/socfpga_arria10.dtsi | 2 +-
arch/arm/crypto/Kconfig | 6 -
arch/arm/crypto/Makefile | 2 -
arch/arm/crypto/speck-neon-core.S | 434 ------------
arch/arm/crypto/speck-neon-glue.c | 288 --------
arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi | 2 +-
arch/arm64/crypto/Kconfig | 6 -
arch/arm64/crypto/Makefile | 3 -
arch/arm64/crypto/speck-neon-core.S | 352 ----------
arch/arm64/crypto/speck-neon-glue.c | 282 --------
arch/arm64/kernel/cpufeature.c | 22 +-
arch/arm64/kernel/entry.S | 2 +-
arch/arm64/kernel/traps.c | 11 +-
arch/arm64/lib/Makefile | 2 +-
arch/m68k/configs/amiga_defconfig | 1 -
arch/m68k/configs/apollo_defconfig | 1 -
arch/m68k/configs/atari_defconfig | 1 -
arch/m68k/configs/bvme6000_defconfig | 1 -
arch/m68k/configs/hp300_defconfig | 1 -
arch/m68k/configs/mac_defconfig | 1 -
arch/m68k/configs/multi_defconfig | 1 -
arch/m68k/configs/mvme147_defconfig | 1 -
arch/m68k/configs/mvme16x_defconfig | 1 -
arch/m68k/configs/q40_defconfig | 1 -
arch/m68k/configs/sun3_defconfig | 1 -
arch/m68k/configs/sun3x_defconfig | 1 -
arch/mips/cavium-octeon/executive/cvmx-helper.c | 2 +-
arch/mips/include/asm/processor.h | 2 +-
arch/parisc/kernel/entry.S | 2 +-
arch/parisc/kernel/hpmc.S | 3 +-
arch/parisc/kernel/traps.c | 3 +-
arch/parisc/mm/init.c | 8 +-
arch/powerpc/include/asm/mpic.h | 7 +
arch/powerpc/kernel/mce_power.c | 7 +
arch/powerpc/kernel/module.c | 8 +
arch/powerpc/kernel/module_64.c | 5 -
arch/powerpc/kernel/setup_64.c | 18 +-
arch/powerpc/mm/hash_native_64.c | 4 +-
arch/s390/defconfig | 1 -
arch/s390/kernel/sthyi.c | 8 +-
arch/x86/boot/compressed/eboot.c | 10 +
arch/x86/boot/tools/build.c | 7 +
arch/x86/crypto/aesni-intel_glue.c | 2 +-
arch/x86/include/asm/kvm_host.h | 1 +
arch/x86/include/asm/tlbflush.h | 6 +
arch/x86/kernel/check.c | 15 +
arch/x86/kernel/cpu/bugs.c | 57 +-
arch/x86/kernel/cpu/intel_rdt_rdtgroup.c | 7 +
arch/x86/kernel/kprobes/opt.c | 2 +-
arch/x86/kvm/vmx.c | 22 +-
arch/x86/mm/numa_emulation.c | 12 +-
arch/x86/mm/pageattr.c | 6 +-
arch/x86/platform/olpc/olpc-xo1-rtc.c | 3 +
arch/x86/xen/enlighten_pvh.c | 2 +-
arch/x86/xen/platform-pci-unplug.c | 4 +
arch/x86/xen/spinlock.c | 35 +-
arch/x86/xen/xen-pvh.S | 2 +-
block/bfq-wf2q.c | 13 +-
block/blk-lib.c | 5 +-
block/blk-merge.c | 3 +-
block/blk.h | 10 +
block/bounce.c | 37 +-
crypto/Kconfig | 14 -
crypto/Makefile | 1 -
crypto/aegis.h | 20 +-
crypto/lrw.c | 7 +-
crypto/morus1280.c | 7 +-
crypto/morus640.c | 16 +-
crypto/speck.c | 307 ---------
crypto/tcrypt.c | 3 +
crypto/testmgr.c | 24 -
crypto/testmgr.h | 738 ---------------------
drivers/acpi/acpi_lpit.c | 6 +
drivers/acpi/acpi_lpss.c | 2 +
drivers/acpi/acpi_processor.c | 7 +-
drivers/acpi/acpica/dsopcode.c | 4 +
drivers/acpi/acpica/psloop.c | 14 +-
drivers/acpi/nfit/core.c | 169 +++--
drivers/acpi/nfit/nfit.h | 10 +-
drivers/acpi/osl.c | 15 +-
drivers/acpi/pptt.c | 33 +-
drivers/ata/libata-core.c | 1 +
drivers/block/ataflop.c | 25 +-
drivers/block/swim.c | 13 +-
drivers/block/xen-blkfront.c | 4 +
drivers/bluetooth/btbcm.c | 1 +
drivers/bluetooth/hci_qca.c | 15 +-
drivers/char/ipmi/ipmi_ssif.c | 10 +-
drivers/char/tpm/tpm-interface.c | 6 +-
drivers/char/tpm/tpm2-cmd.c | 4 +-
drivers/char/tpm/xen-tpmfront.c | 2 +-
drivers/cpufreq/cpufreq-dt.c | 34 +-
drivers/cpufreq/cpufreq_conservative.c | 6 +-
drivers/crypto/caam/regs.h | 28 +-
drivers/dma/dma-jz4780.c | 5 +
drivers/dma/ioat/init.c | 9 +-
drivers/dma/ppc4xx/adma.c | 2 +-
drivers/edac/amd64_edac.c | 14 +
drivers/edac/amd64_edac.h | 3 +
drivers/edac/i7core_edac.c | 1 +
drivers/edac/sb_edac.c | 1 +
drivers/edac/skx_edac.c | 3 +-
drivers/firmware/google/coreboot_table.c | 7 +-
drivers/gpio/gpio-brcmstb.c | 15 +-
drivers/gpio/gpio-mxs.c | 4 +-
drivers/gpu/drm/mediatek/mtk_hdmi.c | 5 +-
drivers/gpu/vga/vga_switcheroo.c | 3 +
drivers/hid/usbhid/hiddev.c | 18 +-
drivers/hid/wacom_wac.c | 19 +
drivers/hv/channel_mgmt.c | 14 +-
drivers/hwmon/pmbus/pmbus.c | 2 +
drivers/hwmon/pmbus/pmbus_core.c | 5 +-
drivers/hwmon/pwm-fan.c | 12 +-
drivers/hwtracing/coresight/coresight-etb10.c | 4 +
drivers/iio/adc/at91_adc.c | 6 +-
drivers/iio/adc/fsl-imx25-gcq.c | 6 +
drivers/iio/dac/ad5064.c | 53 +-
drivers/infiniband/core/cm.c | 7 +-
drivers/infiniband/core/sysfs.c | 19 +-
drivers/infiniband/hw/bnxt_re/qplib_fp.c | 3 +-
drivers/infiniband/hw/bnxt_re/qplib_rcfw.c | 13 +-
drivers/infiniband/hw/mlx5/mr.c | 2 +-
drivers/infiniband/hw/mlx5/qp.c | 4 +-
drivers/infiniband/sw/rxe/rxe_resp.c | 8 +-
drivers/infiniband/sw/rxe/rxe_verbs.h | 2 +
drivers/infiniband/ulp/ipoib/ipoib_cm.c | 8 +-
drivers/infiniband/ulp/ipoib/ipoib_main.c | 2 +
drivers/iommu/arm-smmu.c | 6 +
drivers/irqchip/qcom-pdc.c | 1 +
drivers/lightnvm/pblk-core.c | 5 +-
drivers/lightnvm/pblk-recovery.c | 6 +-
drivers/lightnvm/pblk-sysfs.c | 8 +-
drivers/lightnvm/pblk-write.c | 14 +-
drivers/mailbox/pcc.c | 7 +-
drivers/md/bcache/btree.c | 2 +-
drivers/md/bcache/request.c | 5 +-
drivers/md/bcache/super.c | 7 +-
drivers/md/bcache/sysfs.c | 2 +
drivers/md/dm-ioctl.c | 18 +-
drivers/md/dm-zoned-metadata.c | 80 ++-
drivers/md/md.c | 30 +-
drivers/media/cec/cec-adap.c | 94 +--
drivers/media/cec/cec-api.c | 19 +-
drivers/media/cec/cec-edid.c | 60 --
drivers/media/common/v4l2-tpg/v4l2-tpg-colors.c | 262 ++++----
drivers/media/common/v4l2-tpg/v4l2-tpg-core.c | 2 +-
drivers/media/i2c/adv7511.c | 6 +-
drivers/media/i2c/adv7604.c | 6 +-
drivers/media/i2c/adv7842.c | 4 +-
drivers/media/i2c/ov7670.c | 27 +-
drivers/media/i2c/tc358743.c | 4 +-
drivers/media/i2c/tvp5150.c | 2 +-
drivers/media/platform/vivid/vivid-core.h | 2 +-
drivers/media/platform/vivid/vivid-ctrls.c | 6 +-
drivers/media/platform/vivid/vivid-vid-out.c | 2 +-
drivers/media/usb/dvb-usb-v2/dvbsky.c | 16 +-
drivers/media/usb/em28xx/em28xx-cards.c | 33 +-
drivers/media/usb/em28xx/em28xx-video.c | 92 ++-
drivers/media/usb/em28xx/em28xx.h | 8 +-
drivers/media/v4l2-core/v4l2-dv-timings.c | 12 +-
drivers/mfd/menelaus.c | 13 +-
drivers/misc/genwqe/card_base.h | 2 +-
drivers/misc/genwqe/card_dev.c | 9 +-
drivers/misc/ocxl/config.c | 4 +-
drivers/misc/vmw_vmci/vmci_driver.c | 2 +-
drivers/misc/vmw_vmci/vmci_resource.c | 3 +-
drivers/mmc/host/sdhci-acpi.c | 8 +
drivers/mmc/host/sdhci-pci-o2micro.c | 3 +
drivers/mtd/maps/gpio-addr-flash.c | 2 +-
drivers/mtd/nand/raw/atmel/nand-controller.c | 4 +
drivers/mtd/nand/raw/denali.c | 14 +-
drivers/mtd/nand/raw/marvell_nand.c | 2 +-
drivers/mtd/spi-nor/fsl-quadspi.c | 15 +-
drivers/mtd/spi-nor/intel-spi-pci.c | 1 +
drivers/net/dsa/mv88e6xxx/phy.c | 3 +
drivers/net/ethernet/broadcom/genet/bcmmii.c | 2 +-
drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 4 +-
drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 4 +-
.../net/ethernet/hisilicon/hns3/hns3pf/hclge_dcb.c | 6 +-
.../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 30 +-
.../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 5 +
drivers/net/ethernet/intel/ice/ice.h | 4 +-
drivers/net/ethernet/intel/ice/ice_controlq.c | 30 +-
drivers/net/ethernet/intel/ice/ice_ethtool.c | 17 +-
drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 3 +
drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 4 +
drivers/net/ethernet/netronome/nfp/nfp_devlink.c | 17 +-
drivers/net/ethernet/socionext/netsec.c | 3 +
drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c | 12 +-
drivers/net/hyperv/netvsc_drv.c | 15 +-
drivers/net/loopback.c | 4 +
drivers/net/net_failover.c | 3 +
drivers/net/phy/phylink.c | 3 +
drivers/net/tun.c | 2 +
drivers/net/wireless/ath/ath10k/wmi.c | 13 +-
drivers/net/wireless/ath/wil6210/txrx_edma.c | 15 +-
.../net/wireless/broadcom/brcm80211/brcmutil/d11.c | 34 +-
.../broadcom/brcm80211/include/brcmu_wifi.h | 2 +
drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 8 +-
drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 9 +-
drivers/net/wireless/intel/iwlwifi/mvm/rs.c | 24 +-
drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 9 +-
drivers/net/wireless/intel/iwlwifi/pcie/rx.c | 32 +-
drivers/net/wireless/marvell/libertas/if_usb.c | 2 -
drivers/net/wireless/marvell/libertas_tf/if_usb.c | 5 +-
drivers/net/wireless/mediatek/mt76/mt76x2_mac.c | 3 +-
drivers/net/wireless/mediatek/mt76/mt76x2_usb.c | 14 +-
drivers/net/wireless/rsi/rsi_91x_usb.c | 11 +-
drivers/net/wireless/ti/wlcore/main.c | 18 +-
drivers/nfc/nfcmrvl/uart.c | 5 +-
drivers/nvdimm/bus.c | 4 +
drivers/nvdimm/pmem.c | 4 +-
drivers/nvdimm/region_devs.c | 11 +-
drivers/nvme/host/fabrics.c | 7 +-
drivers/nvme/host/multipath.c | 7 +
drivers/nvme/target/rdma.c | 19 +-
drivers/nvmem/core.c | 10 +-
drivers/of/base.c | 2 +
drivers/opp/of.c | 1 +
drivers/pci/controller/dwc/pci-dra7xx.c | 11 +-
drivers/pci/controller/pcie-cadence-ep.c | 11 +-
drivers/pci/controller/pcie-cadence.c | 20 +-
drivers/pci/controller/pcie-mediatek.c | 11 +
drivers/pci/msi.c | 9 +-
drivers/pci/pci-acpi.c | 16 +-
drivers/pci/pcie/aspm.c | 2 +-
drivers/pci/quirks.c | 4 +
drivers/pci/remove.c | 4 +-
drivers/pcmcia/ricoh.h | 35 +
drivers/pcmcia/yenta_socket.c | 3 +-
drivers/pinctrl/qcom/pinctrl-spmi-mpp.c | 27 +-
drivers/pinctrl/qcom/pinctrl-ssbi-gpio.c | 28 +-
drivers/pinctrl/sunxi/pinctrl-sunxi.c | 15 +-
drivers/power/supply/twl4030_charger.c | 5 +-
drivers/remoteproc/qcom_q6v5.c | 12 +
drivers/rpmsg/qcom_smd.c | 7 +-
drivers/rtc/rtc-cmos.c | 29 +-
drivers/rtc/rtc-ds1307.c | 1 -
drivers/scsi/esp_scsi.c | 1 +
drivers/scsi/esp_scsi.h | 2 +
drivers/scsi/lpfc/lpfc_scsi.c | 14 +-
drivers/scsi/lpfc/lpfc_sli.c | 7 +
drivers/scsi/mac_esp.c | 2 +
drivers/scsi/megaraid/megaraid_sas_base.c | 3 +
drivers/scsi/qla2xxx/qla_mbx.c | 2 +-
drivers/scsi/ufs/ufshcd.c | 5 +-
drivers/soc/qcom/rmtfs_mem.c | 5 +
drivers/soc/tegra/pmc.c | 2 +-
drivers/spi/spi-bcm-qspi.c | 4 +-
drivers/spi/spi-ep93xx.c | 36 +-
drivers/spi/spi-gpio.c | 10 +-
drivers/spi/spi-mem.c | 15 +
drivers/target/target_core_transport.c | 4 +-
drivers/tc/tc.c | 8 +-
drivers/thermal/da9062-thermal.c | 4 +-
drivers/thermal/rcar_thermal.c | 1 +
drivers/tty/serial/kgdboc.c | 5 +
drivers/tty/vt/vt.c | 2 +-
drivers/uio/uio.c | 9 +
drivers/usb/chipidea/otg.h | 3 +-
drivers/usb/dwc2/hcd.c | 12 +-
drivers/usb/gadget/udc/atmel_usba_udc.c | 2 +
drivers/usb/gadget/udc/renesas_usb3.c | 3 +
drivers/usb/host/ohci-at91.c | 2 +
drivers/usb/host/xhci-hub.c | 5 +
drivers/usb/host/xhci-ring.c | 1 +
drivers/usb/typec/tcpm.c | 10 +-
drivers/usb/usbip/vudc_main.c | 10 +-
drivers/video/hdmi.c | 8 +-
drivers/w1/masters/omap_hdq.c | 2 +
drivers/xen/privcmd-buf.c | 22 +-
drivers/xen/swiotlb-xen.c | 6 +
drivers/xen/xen-balloon.c | 13 +-
fs/btrfs/ctree.c | 17 +
fs/btrfs/dev-replace.c | 7 +-
fs/btrfs/extent-tree.c | 168 +++--
fs/btrfs/file.c | 41 +-
fs/btrfs/free-space-cache.c | 42 +-
fs/btrfs/inode.c | 15 +-
fs/btrfs/ioctl.c | 11 +-
fs/btrfs/qgroup.c | 5 +
fs/btrfs/qgroup.h | 2 +
fs/btrfs/relocation.c | 2 +-
fs/btrfs/transaction.c | 15 +-
fs/btrfs/tree-log.c | 86 ++-
fs/cifs/cifs_debug.c | 3 +
fs/cifs/cifs_spnego.c | 6 +-
fs/cifs/inode.c | 10 +-
fs/cifs/transport.c | 57 +-
fs/cramfs/inode.c | 3 +-
fs/crypto/fscrypt_private.h | 4 -
fs/crypto/keyinfo.c | 10 -
fs/ext4/ext4.h | 3 +-
fs/ext4/inline.c | 2 +-
fs/ext4/ioctl.c | 97 ++-
fs/ext4/move_extent.c | 8 +-
fs/ext4/super.c | 73 +-
fs/f2fs/checkpoint.c | 2 +
fs/f2fs/data.c | 17 +-
fs/f2fs/extent_cache.c | 51 +-
fs/f2fs/f2fs.h | 8 +-
fs/f2fs/inode.c | 6 +
fs/f2fs/node.c | 13 +-
fs/f2fs/recovery.c | 15 +-
fs/f2fs/super.c | 22 +-
fs/gfs2/ops_fstype.c | 3 +
fs/jbd2/checkpoint.c | 4 +-
fs/jffs2/super.c | 4 +-
fs/lockd/host.c | 2 +-
fs/nfs/nfs4client.c | 16 +-
fs/nfs/pagelist.c | 40 +-
fs/nfsd/nfs4state.c | 3 +-
fs/notify/fsnotify.c | 3 +
fs/notify/mark.c | 39 +-
fs/proc/task_mmu.c | 4 +-
fs/userfaultfd.c | 8 +-
include/crypto/speck.h | 62 --
include/linux/bpf_verifier.h | 3 +
include/linux/compat.h | 3 +
include/linux/fs.h | 3 +
include/linux/hdmi.h | 4 +-
include/linux/nvme.h | 1 +
include/linux/signal.h | 2 +-
include/linux/tc.h | 1 +
include/linux/wait.h | 20 +-
include/media/cec.h | 72 +-
include/rdma/ib_verbs.h | 34 +-
include/uapi/linux/cec.h | 3 +
include/uapi/linux/fs.h | 4 +-
include/uapi/linux/ndctl.h | 48 +-
include/uapi/linux/videodev2.h | 23 +-
include/uapi/rdma/ib_user_verbs.h | 20 +-
kernel/bounds.c | 4 +-
kernel/bpf/syscall.c | 13 +
kernel/bpf/verifier.c | 26 +-
kernel/cpu.c | 11 +-
kernel/dma/contiguous.c | 6 +-
kernel/irq/manage.c | 8 +-
kernel/kprobes.c | 27 +-
kernel/locking/lockdep.c | 4 +-
kernel/printk/printk.c | 7 +-
kernel/signal.c | 18 +-
kernel/trace/trace_events_hist.c | 4 +-
kernel/user_namespace.c | 12 +-
lib/debug_locks.c | 2 +-
mm/hmm.c | 36 +-
mm/hugetlb.c | 6 +
mm/page_vma_mapped.c | 24 +-
net/core/netclassid_cgroup.c | 1 +
net/ipv4/cipso_ipv4.c | 11 +-
net/netfilter/xt_nat.c | 2 +
net/sched/sch_api.c | 1 -
net/sunrpc/svc_xprt.c | 2 +-
net/sunrpc/xprtrdma/svc_rdma_backchannel.c | 1 +
net/sunrpc/xprtrdma/transport.c | 6 +
security/integrity/ima/ima_crypto.c | 54 +-
security/integrity/ima/ima_fs.c | 6 +-
security/selinux/hooks.c | 5 +
security/smack/smack_lsm.c | 13 +-
sound/pci/ca0106/ca0106.h | 2 +-
sound/pci/hda/hda_controller.h | 1 +
sound/pci/hda/hda_intel.c | 15 +-
sound/pci/hda/patch_conexant.c | 1 +
sound/pci/hda/patch_realtek.c | 26 +
sound/pci/hda/thinkpad_helper.c | 4 +-
sound/soc/amd/acp-pcm-dma.c | 22 +-
sound/soc/codecs/sta32x.c | 3 +
sound/soc/intel/skylake/skl-topology.c | 1 +
.../tests/shell/record+probe_libc_inet_pton.sh | 2 +-
tools/perf/util/strbuf.c | 10 +-
tools/perf/util/trace-event-info.c | 2 +
tools/perf/util/trace-event-parse.c | 1 +
tools/perf/util/trace-event-read.c | 5 +-
tools/power/cpupower/utils/cpufreq-info.c | 2 +
tools/power/cpupower/utils/helpers/amd.c | 7 +-
.../trigger-synthetic-event-createremove.tc | 12 +-
.../selftests/powerpc/ptrace/ptrace-tm-spd-gpr.c | 4 +-
virt/kvm/arm/arm.c | 4 +-
virt/kvm/arm/mmu.c | 8 +-
389 files changed, 3294 insertions(+), 4066 deletions(-)
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 001/361] bpf: fix partial copy of map_ptr when dst is scalar
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
@ 2018-11-11 22:15 ` Greg Kroah-Hartman
2018-11-11 22:15 ` [PATCH 4.19 002/361] MIPS: VDSO: Reduce VDSO_RANDOMIZE_SIZE to 64MB for 64bit Greg Kroah-Hartman
` (362 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:15 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Daniel Borkmann, Edward Cree,
Alexei Starovoitov, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
commit 0962590e553331db2cc0aef2dc35c57f6300dbbe upstream.
ALU operations on pointers such as scalar_reg += map_value_ptr are
handled in adjust_ptr_min_max_vals(). Problem is however that map_ptr
and range in the register state share a union, so transferring state
through dst_reg->range = ptr_reg->range is just buggy as any new
map_ptr in the dst_reg is then truncated (or null) for subsequent
checks. Fix this by adding a raw member and use it for copying state
over to dst_reg.
Fixes: f1174f77b50c ("bpf/verifier: rework value tracking")
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Cc: Edward Cree <ecree@solarflare.com>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Edward Cree <ecree@solarflare.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/bpf_verifier.h | 3 +++
kernel/bpf/verifier.c | 10 ++++++----
2 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/include/linux/bpf_verifier.h b/include/linux/bpf_verifier.h
index 38b04f559ad3..1fd6fa822d2c 100644
--- a/include/linux/bpf_verifier.h
+++ b/include/linux/bpf_verifier.h
@@ -50,6 +50,9 @@ struct bpf_reg_state {
* PTR_TO_MAP_VALUE_OR_NULL
*/
struct bpf_map *map_ptr;
+
+ /* Max size from any of the above. */
+ unsigned long raw;
};
/* Fixed part of pointer offset, pointer types only */
s32 off;
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 465952a8e465..b046564cc18d 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -2762,7 +2762,7 @@ static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env,
dst_reg->umax_value = umax_ptr;
dst_reg->var_off = ptr_reg->var_off;
dst_reg->off = ptr_reg->off + smin_val;
- dst_reg->range = ptr_reg->range;
+ dst_reg->raw = ptr_reg->raw;
break;
}
/* A new variable offset is created. Note that off_reg->off
@@ -2792,10 +2792,11 @@ static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env,
}
dst_reg->var_off = tnum_add(ptr_reg->var_off, off_reg->var_off);
dst_reg->off = ptr_reg->off;
+ dst_reg->raw = ptr_reg->raw;
if (reg_is_pkt_pointer(ptr_reg)) {
dst_reg->id = ++env->id_gen;
/* something was added to pkt_ptr, set range to zero */
- dst_reg->range = 0;
+ dst_reg->raw = 0;
}
break;
case BPF_SUB:
@@ -2824,7 +2825,7 @@ static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env,
dst_reg->var_off = ptr_reg->var_off;
dst_reg->id = ptr_reg->id;
dst_reg->off = ptr_reg->off - smin_val;
- dst_reg->range = ptr_reg->range;
+ dst_reg->raw = ptr_reg->raw;
break;
}
/* A new variable offset is created. If the subtrahend is known
@@ -2850,11 +2851,12 @@ static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env,
}
dst_reg->var_off = tnum_sub(ptr_reg->var_off, off_reg->var_off);
dst_reg->off = ptr_reg->off;
+ dst_reg->raw = ptr_reg->raw;
if (reg_is_pkt_pointer(ptr_reg)) {
dst_reg->id = ++env->id_gen;
/* something was added to pkt_ptr, set range to zero */
if (smin_val < 0)
- dst_reg->range = 0;
+ dst_reg->raw = 0;
}
break;
case BPF_AND:
--
2.17.1
^ permalink raw reply related [flat|nested] 384+ messages in thread
* [PATCH 4.19 002/361] MIPS: VDSO: Reduce VDSO_RANDOMIZE_SIZE to 64MB for 64bit
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
2018-11-11 22:15 ` [PATCH 4.19 001/361] bpf: fix partial copy of map_ptr when dst is scalar Greg Kroah-Hartman
@ 2018-11-11 22:15 ` Greg Kroah-Hartman
2018-11-11 22:15 ` [PATCH 4.19 003/361] gpio: mxs: Get rid of external API call Greg Kroah-Hartman
` (361 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:15 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Huacai Chen, Paul Burton,
Ralf Baechle, James Hogan, linux-mips, Fuxin Zhang, Zhangjin Wu,
Huacai Chen, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
[ Upstream commit c61c7def1fa0a722610d89790e0255b74f3c07dd ]
Commit ea7e0480a4b6 ("MIPS: VDSO: Always map near top of user memory")
set VDSO_RANDOMIZE_SIZE to 256MB for 64bit kernel. But take a look at
arch/mips/mm/mmap.c we can see that MIN_GAP is 128MB, which means the
mmap_base may be at (user_address_top - 128MB). This make the stack be
surrounded by mmaped areas, then stack expanding fails and causes a
segmentation fault. Therefore, VDSO_RANDOMIZE_SIZE should be less than
MIN_GAP and this patch reduce it to 64MB.
Signed-off-by: Huacai Chen <chenhc@lemote.com>
Signed-off-by: Paul Burton <paul.burton@mips.com>
Fixes: ea7e0480a4b6 ("MIPS: VDSO: Always map near top of user memory")
Patchwork: https://patchwork.linux-mips.org/patch/20910/
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: James Hogan <jhogan@kernel.org>
Cc: linux-mips@linux-mips.org
Cc: Fuxin Zhang <zhangfx@lemote.com>
Cc: Zhangjin Wu <wuzhangjin@gmail.com>
Cc: Huacai Chen <chenhuacai@gmail.com>
Cc: stable@vger.kernel.org # 4.19
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/include/asm/processor.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/mips/include/asm/processor.h b/arch/mips/include/asm/processor.h
index 49d6046ca1d0..c373eb605040 100644
--- a/arch/mips/include/asm/processor.h
+++ b/arch/mips/include/asm/processor.h
@@ -81,7 +81,7 @@ extern unsigned int vced_count, vcei_count;
#endif
-#define VDSO_RANDOMIZE_SIZE (TASK_IS_32BIT_ADDR ? SZ_1M : SZ_256M)
+#define VDSO_RANDOMIZE_SIZE (TASK_IS_32BIT_ADDR ? SZ_1M : SZ_64M)
extern unsigned long mips_stack_top(void);
#define STACK_TOP mips_stack_top()
--
2.17.1
^ permalink raw reply related [flat|nested] 384+ messages in thread
* [PATCH 4.19 003/361] gpio: mxs: Get rid of external API call
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
2018-11-11 22:15 ` [PATCH 4.19 001/361] bpf: fix partial copy of map_ptr when dst is scalar Greg Kroah-Hartman
2018-11-11 22:15 ` [PATCH 4.19 002/361] MIPS: VDSO: Reduce VDSO_RANDOMIZE_SIZE to 64MB for 64bit Greg Kroah-Hartman
@ 2018-11-11 22:15 ` Greg Kroah-Hartman
2018-11-11 22:15 ` [PATCH 4.19 004/361] mtd: rawnand: marvell: fix the IRQ handler complete() condition Greg Kroah-Hartman
` (360 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:15 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sascha Hauer, Janusz Uzycki,
Linus Walleij, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
[ Upstream commit 833eacc7b5913da9896bacd30db7d490aa777868 ]
The MXS driver was calling back into the GPIO API from
its irqchip. This is not very elegant, as we are a driver,
let's just shortcut back into the gpio_chip .get() function
instead.
This is a tricky case since the .get() callback is not in
this file, instead assigned by bgpio_init(). Calling the
function direcly in the gpio_chip is however the lesser
evil.
Cc: Sascha Hauer <s.hauer@pengutronix.de>
Cc: Janusz Uzycki <j.uzycki@elproma.com.pl>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpio/gpio-mxs.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/gpio/gpio-mxs.c b/drivers/gpio/gpio-mxs.c
index df30490da820..ea874fd033a5 100644
--- a/drivers/gpio/gpio-mxs.c
+++ b/drivers/gpio/gpio-mxs.c
@@ -18,8 +18,6 @@
#include <linux/platform_device.h>
#include <linux/slab.h>
#include <linux/gpio/driver.h>
-/* FIXME: for gpio_get_value(), replace this by direct register read */
-#include <linux/gpio.h>
#include <linux/module.h>
#define MXS_SET 0x4
@@ -86,7 +84,7 @@ static int mxs_gpio_set_irq_type(struct irq_data *d, unsigned int type)
port->both_edges &= ~pin_mask;
switch (type) {
case IRQ_TYPE_EDGE_BOTH:
- val = gpio_get_value(port->gc.base + d->hwirq);
+ val = port->gc.get(&port->gc, d->hwirq);
if (val)
edge = GPIO_INT_FALL_EDGE;
else
--
2.17.1
^ permalink raw reply related [flat|nested] 384+ messages in thread
* [PATCH 4.19 004/361] mtd: rawnand: marvell: fix the IRQ handler complete() condition
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (2 preceding siblings ...)
2018-11-11 22:15 ` [PATCH 4.19 003/361] gpio: mxs: Get rid of external API call Greg Kroah-Hartman
@ 2018-11-11 22:15 ` Greg Kroah-Hartman
2018-11-11 22:15 ` [PATCH 4.19 005/361] mtd: maps: gpio-addr-flash: Fix ioremapped size Greg Kroah-Hartman
` (359 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:15 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Daniel Mack, Miquel Raynal
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Miquel Raynal <miquel.raynal@bootlin.com>
commit 53c83b59759c1ee213f5ffa194909daee8902a28 upstream.
With the current implementation, the complete() in the IRQ handler is
supposed to be called only if the register status has one or the other
RDY bit set. Other events might trigger an interrupt as well if
enabled, but should not end-up with a complete() call.
For this purpose, the code was checking if the other bits were set, in
this case complete() was not called. This is wrong as two events might
happen in a very tight time-frame and if the NDSR status read reports
two bits set (eg. RDY(0) and RDDREQ) at the same time, complete() was
not called.
This logic would lead to timeouts in marvell_nfc_wait_op() and has
been observed on PXA boards (NFCv1) in the Hamming write path.
Fixes: 02f26ecf8c77 ("mtd: nand: add reworked Marvell NAND controller driver")
Cc: stable@vger.kernel.org
Reported-by: Daniel Mack <daniel@zonque.org>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Tested-by: Daniel Mack <daniel@zonque.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/nand/raw/marvell_nand.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/mtd/nand/raw/marvell_nand.c
+++ b/drivers/mtd/nand/raw/marvell_nand.c
@@ -686,7 +686,7 @@ static irqreturn_t marvell_nfc_isr(int i
marvell_nfc_disable_int(nfc, st & NDCR_ALL_INT);
- if (!(st & (NDSR_RDDREQ | NDSR_WRDREQ | NDSR_WRCMDREQ)))
+ if (st & (NDSR_RDY(0) | NDSR_RDY(1)))
complete(&nfc->complete);
return IRQ_HANDLED;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 005/361] mtd: maps: gpio-addr-flash: Fix ioremapped size
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (3 preceding siblings ...)
2018-11-11 22:15 ` [PATCH 4.19 004/361] mtd: rawnand: marvell: fix the IRQ handler complete() condition Greg Kroah-Hartman
@ 2018-11-11 22:15 ` Greg Kroah-Hartman
2018-11-11 22:15 ` [PATCH 4.19 006/361] mtd: spi-nor: fsl-quadspi: fix read error for flash size larger than 16MB Greg Kroah-Hartman
` (358 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:15 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ricardo Ribalda Delgado, Boris Brezillon
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
commit 6c925b333368cda4e1b0513b07f72316c0e7edd7 upstream.
We should only iomap the area of the chip that is memory mapped.
Otherwise we could be mapping devices beyond the memory space or that
belong to other devices.
Signed-off-by: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
Fixes: ebd71e3a4861 ("mtd: maps: gpio-addr-flash: fix warnings and make more portable")
Cc: <stable@vger.kernel.org>
Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/maps/gpio-addr-flash.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/mtd/maps/gpio-addr-flash.c
+++ b/drivers/mtd/maps/gpio-addr-flash.c
@@ -238,7 +238,7 @@ static int gpio_flash_probe(struct platf
state->map.copy_to = gf_copy_to;
state->map.bankwidth = pdata->width;
state->map.size = state->win_size * (1 << state->gpio_count);
- state->map.virt = ioremap_nocache(memory->start, state->map.size);
+ state->map.virt = ioremap_nocache(memory->start, state->win_size);
if (!state->map.virt)
return -ENOMEM;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 006/361] mtd: spi-nor: fsl-quadspi: fix read error for flash size larger than 16MB
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (4 preceding siblings ...)
2018-11-11 22:15 ` [PATCH 4.19 005/361] mtd: maps: gpio-addr-flash: Fix ioremapped size Greg Kroah-Hartman
@ 2018-11-11 22:15 ` Greg Kroah-Hartman
2018-11-11 22:15 ` [PATCH 4.19 007/361] mtd: spi-nor: intel-spi: Add support for Intel Ice Lake SPI serial flash Greg Kroah-Hartman
` (357 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:15 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Liu Xiang, Boris Brezillon
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Liu Xiang <liu.xiang6@zte.com.cn>
commit 41fe242979e463d6ad251077ded01b825a330b7e upstream.
If the size of spi-nor flash is larger than 16MB, the read_opcode
is set to SPINOR_OP_READ_1_1_4_4B, and fsl_qspi_get_seqid() will
return -EINVAL when cmd is SPINOR_OP_READ_1_1_4_4B. This can
cause read operation fail.
Fixes: e46ecda764dc ("mtd: spi-nor: Add Freescale QuadSPI driver")
Cc: <stable@vger.kernel.org>
Signed-off-by: Liu Xiang <liu.xiang6@zte.com.cn>
Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/spi-nor/fsl-quadspi.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/mtd/spi-nor/fsl-quadspi.c
+++ b/drivers/mtd/spi-nor/fsl-quadspi.c
@@ -478,6 +478,7 @@ static int fsl_qspi_get_seqid(struct fsl
{
switch (cmd) {
case SPINOR_OP_READ_1_1_4:
+ case SPINOR_OP_READ_1_1_4_4B:
return SEQID_READ;
case SPINOR_OP_WREN:
return SEQID_WREN;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 007/361] mtd: spi-nor: intel-spi: Add support for Intel Ice Lake SPI serial flash
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (5 preceding siblings ...)
2018-11-11 22:15 ` [PATCH 4.19 006/361] mtd: spi-nor: fsl-quadspi: fix read error for flash size larger than 16MB Greg Kroah-Hartman
@ 2018-11-11 22:15 ` Greg Kroah-Hartman
2018-11-11 22:15 ` [PATCH 4.19 008/361] mtd: spi-nor: fsl-quadspi: Dont let -EINVAL on the bus Greg Kroah-Hartman
` (356 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:15 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mika Westerberg, Marek Vasut,
Boris Brezillon
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mika Westerberg <mika.westerberg@linux.intel.com>
commit 42460c31ae96cbad5ae226ee6c10bd8d70d764ae upstream.
Intel Ice Lake exposes the SPI serial flash controller as a PCI device
in the same way than Intel Denverton. Add Ice Lake SPI serial flash PCI
ID to the driver list of supported devices.
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Acked-by: Marek Vasut <marek.vasut@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/spi-nor/intel-spi-pci.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/mtd/spi-nor/intel-spi-pci.c
+++ b/drivers/mtd/spi-nor/intel-spi-pci.c
@@ -65,6 +65,7 @@ static void intel_spi_pci_remove(struct
static const struct pci_device_id intel_spi_pci_ids[] = {
{ PCI_VDEVICE(INTEL, 0x18e0), (unsigned long)&bxt_info },
{ PCI_VDEVICE(INTEL, 0x19e0), (unsigned long)&bxt_info },
+ { PCI_VDEVICE(INTEL, 0x34a4), (unsigned long)&bxt_info },
{ PCI_VDEVICE(INTEL, 0xa1a4), (unsigned long)&bxt_info },
{ PCI_VDEVICE(INTEL, 0xa224), (unsigned long)&bxt_info },
{ },
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 008/361] mtd: spi-nor: fsl-quadspi: Dont let -EINVAL on the bus
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (6 preceding siblings ...)
2018-11-11 22:15 ` [PATCH 4.19 007/361] mtd: spi-nor: intel-spi: Add support for Intel Ice Lake SPI serial flash Greg Kroah-Hartman
@ 2018-11-11 22:15 ` Greg Kroah-Hartman
2018-11-11 22:15 ` [PATCH 4.19 009/361] spi: spi-mem: Adjust op len based on message/transfer size limitations Greg Kroah-Hartman
` (355 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:15 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ahmad Fatoum, Boris Brezillon
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ahmad Fatoum <a.fatoum@pengutronix.de>
commit 000412276370a9bcfec73b3752ceefd9a927f1db upstream.
fsl_qspi_get_seqid() may return -EINVAL, but fsl_qspi_init_ahb_read()
doesn't check for error codes with the result that -EINVAL could find
itself signalled over the bus.
In conjunction with the LS1046A SoC's A-009283 errata
("Illegal accesses to SPI flash memory can result in a system hang")
this illegal access to SPI flash memory results in a system hang
if userspace attempts reading later on.
Avoid this by always checking fsl_qspi_get_seqid()'s return value
and bail out otherwise.
Fixes: e46ecda764dc ("mtd: spi-nor: Add Freescale QuadSPI driver")
Cc: stable@vger.kernel.org
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/spi-nor/fsl-quadspi.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
--- a/drivers/mtd/spi-nor/fsl-quadspi.c
+++ b/drivers/mtd/spi-nor/fsl-quadspi.c
@@ -544,6 +544,9 @@ fsl_qspi_runcmd(struct fsl_qspi *q, u8 c
/* trigger the LUT now */
seqid = fsl_qspi_get_seqid(q, cmd);
+ if (seqid < 0)
+ return seqid;
+
qspi_writel(q, (seqid << QUADSPI_IPCR_SEQID_SHIFT) | len,
base + QUADSPI_IPCR);
@@ -672,7 +675,7 @@ static void fsl_qspi_set_map_addr(struct
* causes the controller to clear the buffer, and use the sequence pointed
* by the QUADSPI_BFGENCR[SEQID] to initiate a read from the flash.
*/
-static void fsl_qspi_init_ahb_read(struct fsl_qspi *q)
+static int fsl_qspi_init_ahb_read(struct fsl_qspi *q)
{
void __iomem *base = q->iobase;
int seqid;
@@ -697,8 +700,13 @@ static void fsl_qspi_init_ahb_read(struc
/* Set the default lut sequence for AHB Read. */
seqid = fsl_qspi_get_seqid(q, q->nor[0].read_opcode);
+ if (seqid < 0)
+ return seqid;
+
qspi_writel(q, seqid << QUADSPI_BFGENCR_SEQID_SHIFT,
q->iobase + QUADSPI_BFGENCR);
+
+ return 0;
}
/* This function was used to prepare and enable QSPI clock */
@@ -806,9 +814,7 @@ static int fsl_qspi_nor_setup_last(struc
fsl_qspi_init_lut(q);
/* Init for AHB read */
- fsl_qspi_init_ahb_read(q);
-
- return 0;
+ return fsl_qspi_init_ahb_read(q);
}
static const struct of_device_id fsl_qspi_dt_ids[] = {
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 009/361] spi: spi-mem: Adjust op len based on message/transfer size limitations
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (7 preceding siblings ...)
2018-11-11 22:15 ` [PATCH 4.19 008/361] mtd: spi-nor: fsl-quadspi: Dont let -EINVAL on the bus Greg Kroah-Hartman
@ 2018-11-11 22:15 ` Greg Kroah-Hartman
2018-11-11 22:15 ` [PATCH 4.19 010/361] spi: bcm-qspi: switch back to reading flash using smaller chunks Greg Kroah-Hartman
` (354 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:15 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chuanhua Han, Boris Brezillon, Mark Brown
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chuanhua Han <chuanhua.han@nxp.com>
commit e757996cafbeb6b71234a17130674bcd8f44c59e upstream.
We need that to adjust the len of the 2nd transfer (called data in
spi-mem) if it's too long to fit in a SPI message or SPI transfer.
Fixes: c36ff266dc82 ("spi: Extend the core to ease integration of SPI memory controllers")
Cc: <stable@vger.kernel.org>
Signed-off-by: Chuanhua Han <chuanhua.han@nxp.com>
Reviewed-by: Boris Brezillon <boris.brezillon@bootlin.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/spi/spi-mem.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
--- a/drivers/spi/spi-mem.c
+++ b/drivers/spi/spi-mem.c
@@ -346,10 +346,25 @@ EXPORT_SYMBOL_GPL(spi_mem_get_name);
int spi_mem_adjust_op_size(struct spi_mem *mem, struct spi_mem_op *op)
{
struct spi_controller *ctlr = mem->spi->controller;
+ size_t len;
+
+ len = sizeof(op->cmd.opcode) + op->addr.nbytes + op->dummy.nbytes;
if (ctlr->mem_ops && ctlr->mem_ops->adjust_op_size)
return ctlr->mem_ops->adjust_op_size(mem, op);
+ if (!ctlr->mem_ops || !ctlr->mem_ops->exec_op) {
+ if (len > spi_max_transfer_size(mem->spi))
+ return -EINVAL;
+
+ op->data.nbytes = min3((size_t)op->data.nbytes,
+ spi_max_transfer_size(mem->spi),
+ spi_max_message_size(mem->spi) -
+ len);
+ if (!op->data.nbytes)
+ return -EINVAL;
+ }
+
return 0;
}
EXPORT_SYMBOL_GPL(spi_mem_adjust_op_size);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 010/361] spi: bcm-qspi: switch back to reading flash using smaller chunks
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (8 preceding siblings ...)
2018-11-11 22:15 ` [PATCH 4.19 009/361] spi: spi-mem: Adjust op len based on message/transfer size limitations Greg Kroah-Hartman
@ 2018-11-11 22:15 ` Greg Kroah-Hartman
2018-11-11 22:15 ` [PATCH 4.19 011/361] spi: bcm-qspi: fix calculation of address length Greg Kroah-Hartman
` (353 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:15 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rafał Miłecki, Mark Brown
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Rafał Miłecki <rafal@milecki.pl>
commit 940ec770c295682993d1cccce3081fd7c74fece8 upstream.
Fixing/optimizing bcm_qspi_bspi_read() performance introduced two
changes:
1) It added a loop to read all requested data using multiple BSPI ops.
2) It bumped max size of a single BSPI block request from 256 to 512 B.
The later change resulted in occasional BSPI timeouts causing a
regression.
For some unknown reason hardware doesn't always handle reads as expected
when using 512 B chunks. In such cases it may happen that BSPI returns
amount of requested bytes without the last 1-3 ones. It provides the
remaining bytes later but doesn't raise an interrupt until another LR
start.
Switching back to 256 B reads fixes that problem and regression.
Fixes: 345309fa7c0c ("spi: bcm-qspi: Fix bcm_qspi_bspi_read() performance")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Signed-off-by: Mark Brown <broonie@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/spi/spi-bcm-qspi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/spi/spi-bcm-qspi.c
+++ b/drivers/spi/spi-bcm-qspi.c
@@ -89,7 +89,7 @@
#define BSPI_BPP_MODE_SELECT_MASK BIT(8)
#define BSPI_BPP_ADDR_SELECT_MASK BIT(16)
-#define BSPI_READ_LENGTH 512
+#define BSPI_READ_LENGTH 256
/* MSPI register offsets */
#define MSPI_SPCR0_LSB 0x000
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 011/361] spi: bcm-qspi: fix calculation of address length
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (9 preceding siblings ...)
2018-11-11 22:15 ` [PATCH 4.19 010/361] spi: bcm-qspi: switch back to reading flash using smaller chunks Greg Kroah-Hartman
@ 2018-11-11 22:15 ` Greg Kroah-Hartman
2018-11-11 22:15 ` [PATCH 4.19 012/361] bcache: trace missed reading by cache_missed Greg Kroah-Hartman
` (352 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:15 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rafał Miłecki,
Boris Brezillon, Mark Brown
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Rafał Miłecki <rafal@milecki.pl>
commit 0976eda7915507fe94e07870c19d717c9994b57a upstream.
During implementation of the new API bcm_qspi_bspi_set_flex_mode() has
been modified breaking calculation of address length. An unnecessary
multiplication was added breaking flash reads.
Fixes: 5f195ee7d830 ("spi: bcm-qspi: Implement the spi_mem interface")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Reviewed-by: Boris Brezillon <boris.brezillon@bootlin.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/spi/spi-bcm-qspi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/spi/spi-bcm-qspi.c
+++ b/drivers/spi/spi-bcm-qspi.c
@@ -355,7 +355,7 @@ static int bcm_qspi_bspi_set_flex_mode(s
int bpc = 0, bpp = 0;
u8 command = op->cmd.opcode;
int width = op->cmd.buswidth ? op->cmd.buswidth : SPI_NBITS_SINGLE;
- int addrlen = op->addr.nbytes * 8;
+ int addrlen = op->addr.nbytes;
int flex_mode = 1;
dev_dbg(&qspi->pdev->dev, "set flex mode w %x addrlen %x hp %d\n",
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 012/361] bcache: trace missed reading by cache_missed
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (10 preceding siblings ...)
2018-11-11 22:15 ` [PATCH 4.19 011/361] spi: bcm-qspi: fix calculation of address length Greg Kroah-Hartman
@ 2018-11-11 22:15 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 013/361] bcache: fix ioctl in flash device Greg Kroah-Hartman
` (351 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:15 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Tang Junhui, Coly Li, Jens Axboe
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tang Junhui <tang.junhui.linux@gmail.com>
commit 502b291568fc7faf1ebdb2c2590f12851db0ff76 upstream.
Missed reading IOs are identified by s->cache_missed, not the
s->cache_miss, so in trace_bcache_read() using trace_bcache_read
to identify whether the IO is missed or not.
Signed-off-by: Tang Junhui <tang.junhui.linux@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Coly Li <colyli@suse.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/bcache/request.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/md/bcache/request.c
+++ b/drivers/md/bcache/request.c
@@ -850,7 +850,7 @@ static void cached_dev_read_done_bh(stru
bch_mark_cache_accounting(s->iop.c, s->d,
!s->cache_missed, s->iop.bypass);
- trace_bcache_read(s->orig_bio, !s->cache_miss, s->iop.bypass);
+ trace_bcache_read(s->orig_bio, !s->cache_missed, s->iop.bypass);
if (s->iop.status)
continue_at_nobarrier(cl, cached_dev_read_error, bcache_wq);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 013/361] bcache: fix ioctl in flash device
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (11 preceding siblings ...)
2018-11-11 22:15 ` [PATCH 4.19 012/361] bcache: trace missed reading by cache_missed Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 014/361] bcache: correct dirty data statistics Greg Kroah-Hartman
` (350 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Tang Junhui, Coly Li, Jens Axboe
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tang Junhui <tang.junhui.linux@gmail.com>
commit dd0c91793b7c2658ea32c6b3a2247a8ceca45dc0 upstream.
When doing ioctl in flash device, it will call ioctl_dev() in super.c,
then we should not to get cached device since flash only device has
no backend device. This patch just move the jugement dc->io_disable
to cached_dev_ioctl() to make ioctl in flash device correctly.
Fixes: 0f0709e6bfc3c ("bcache: stop bcache device when backing device is offline")
Signed-off-by: Tang Junhui <tang.junhui.linux@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Coly Li <colyli@suse.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/bcache/request.c | 3 +++
drivers/md/bcache/super.c | 4 ----
2 files changed, 3 insertions(+), 4 deletions(-)
--- a/drivers/md/bcache/request.c
+++ b/drivers/md/bcache/request.c
@@ -1218,6 +1218,9 @@ static int cached_dev_ioctl(struct bcach
{
struct cached_dev *dc = container_of(d, struct cached_dev, disk);
+ if (dc->io_disable)
+ return -EIO;
+
return __blkdev_driver_ioctl(dc->bdev, mode, cmd, arg);
}
--- a/drivers/md/bcache/super.c
+++ b/drivers/md/bcache/super.c
@@ -643,10 +643,6 @@ static int ioctl_dev(struct block_device
unsigned int cmd, unsigned long arg)
{
struct bcache_device *d = b->bd_disk->private_data;
- struct cached_dev *dc = container_of(d, struct cached_dev, disk);
-
- if (dc->io_disable)
- return -EIO;
return d->ioctl(d, mode, cmd, arg);
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 014/361] bcache: correct dirty data statistics
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (12 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 013/361] bcache: fix ioctl in flash device Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 015/361] bcache: fix miss key refill->end in writeback Greg Kroah-Hartman
` (349 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Tang Junhui, Coly Li, Jens Axboe
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tang Junhui <tang.junhui.linux@gmail.com>
commit 2e17a262a2371d38d2ec03614a2675a32cef9912 upstream.
When bcache device is clean, dirty keys may still exist after
journal replay, so we need to count these dirty keys even
device in clean status, otherwise after writeback, the amount
of dirty data would be incorrect.
Signed-off-by: Tang Junhui <tang.junhui.linux@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Coly Li <colyli@suse.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/bcache/super.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/md/bcache/super.c
+++ b/drivers/md/bcache/super.c
@@ -1148,11 +1148,12 @@ int bch_cached_dev_attach(struct cached_
}
if (BDEV_STATE(&dc->sb) == BDEV_STATE_DIRTY) {
- bch_sectors_dirty_init(&dc->disk);
atomic_set(&dc->has_dirty, 1);
bch_writeback_queue(dc);
}
+ bch_sectors_dirty_init(&dc->disk);
+
bch_cached_dev_run(dc);
bcache_device_link(&dc->disk, c, "bdev");
atomic_inc(&c->attached_dev_nr);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 015/361] bcache: fix miss key refill->end in writeback
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (13 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 014/361] bcache: correct dirty data statistics Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 016/361] hwmon: (pmbus) Fix page count auto-detection Greg Kroah-Hartman
` (348 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Tang Junhui, Coly Li, Jens Axboe
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tang Junhui <tang.junhui.linux@gmail.com>
commit 2d6cb6edd2c7fb4f40998895bda45006281b1ac5 upstream.
refill->end record the last key of writeback, for example, at the first
time, keys (1,128K) to (1,1024K) are flush to the backend device, but
the end key (1,1024K) is not included, since the bellow code:
if (bkey_cmp(k, refill->end) >= 0) {
ret = MAP_DONE;
goto out;
}
And in the next time when we refill writeback keybuf again, we searched
key start from (1,1024K), and got a key bigger than it, so the key
(1,1024K) missed.
This patch modify the above code, and let the end key to be included to
the writeback key buffer.
Signed-off-by: Tang Junhui <tang.junhui.linux@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Coly Li <colyli@suse.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/bcache/btree.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/md/bcache/btree.c
+++ b/drivers/md/bcache/btree.c
@@ -2434,7 +2434,7 @@ static int refill_keybuf_fn(struct btree
struct keybuf *buf = refill->buf;
int ret = MAP_CONTINUE;
- if (bkey_cmp(k, refill->end) >= 0) {
+ if (bkey_cmp(k, refill->end) > 0) {
ret = MAP_DONE;
goto out;
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 016/361] hwmon: (pmbus) Fix page count auto-detection.
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (14 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 015/361] bcache: fix miss key refill->end in writeback Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 017/361] jffs2: free jffs2_sb_info through jffs2_kill_sb() Greg Kroah-Hartman
` (347 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Dmitry Bazhenov, Guenter Roeck
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Bazhenov <bazhenov.dn@gmail.com>
commit e7c6a55606b5c46b449d76588968b4d8caae903f upstream.
Devices with compatible="pmbus" field have zero initial page count,
and pmbus_clear_faults() being called before the page count auto-
detection does not actually clear faults because it depends on the
page count. Non-cleared faults in its turn may fail the subsequent
page count auto-detection.
This patch fixes this problem by calling pmbus_clear_fault_page()
for currently set page and calling pmbus_clear_faults() after the
page count was detected.
Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Bazhenov <bazhenov.dn@gmail.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hwmon/pmbus/pmbus.c | 2 ++
drivers/hwmon/pmbus/pmbus_core.c | 5 ++++-
2 files changed, 6 insertions(+), 1 deletion(-)
--- a/drivers/hwmon/pmbus/pmbus.c
+++ b/drivers/hwmon/pmbus/pmbus.c
@@ -118,6 +118,8 @@ static int pmbus_identify(struct i2c_cli
} else {
info->pages = 1;
}
+
+ pmbus_clear_faults(client);
}
if (pmbus_check_byte_register(client, 0, PMBUS_VOUT_MODE)) {
--- a/drivers/hwmon/pmbus/pmbus_core.c
+++ b/drivers/hwmon/pmbus/pmbus_core.c
@@ -2015,7 +2015,10 @@ static int pmbus_init_common(struct i2c_
if (ret >= 0 && (ret & PB_CAPABILITY_ERROR_CHECK))
client->flags |= I2C_CLIENT_PEC;
- pmbus_clear_faults(client);
+ if (data->info->pages)
+ pmbus_clear_faults(client);
+ else
+ pmbus_clear_fault_page(client, -1);
if (info->identify) {
ret = (*info->identify)(client, info);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 017/361] jffs2: free jffs2_sb_info through jffs2_kill_sb()
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (15 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 016/361] hwmon: (pmbus) Fix page count auto-detection Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 018/361] block: setup bounce bio_sets properly Greg Kroah-Hartman
` (346 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Hou Tao, Richard Weinberger,
Boris Brezillon
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hou Tao <houtao1@huawei.com>
commit 92e2921f7eee63450a5f953f4b15dc6210219430 upstream.
When an invalid mount option is passed to jffs2, jffs2_parse_options()
will fail and jffs2_sb_info will be freed, but then jffs2_sb_info will
be used (use-after-free) and freeed (double-free) in jffs2_kill_sb().
Fix it by removing the buggy invocation of kfree() when getting invalid
mount options.
Fixes: 92abc475d8de ("jffs2: implement mount option parsing and compression overriding")
Cc: stable@kernel.org
Signed-off-by: Hou Tao <houtao1@huawei.com>
Reviewed-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/jffs2/super.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
--- a/fs/jffs2/super.c
+++ b/fs/jffs2/super.c
@@ -285,10 +285,8 @@ static int jffs2_fill_super(struct super
sb->s_fs_info = c;
ret = jffs2_parse_options(c, data);
- if (ret) {
- kfree(c);
+ if (ret)
return -EINVAL;
- }
/* Initialize JFFS2 superblock locks, the further initialization will
* be done later */
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 018/361] block: setup bounce bio_sets properly
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (16 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 017/361] jffs2: free jffs2_sb_info through jffs2_kill_sb() Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 019/361] block: make sure discard bio is aligned with logical block size Greg Kroah-Hartman
` (345 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ondrej Zary, Jens Axboe
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jens Axboe <axboe@kernel.dk>
commit 52990a5fb0c991ecafebdab43138b5ed41376852 upstream.
We're only setting up the bounce bio sets if we happen
to need bouncing for regular HIGHMEM, not if we only need
it for ISA devices.
Protect the ISA bounce setup with a mutex, since it's
being invoked from driver init functions and can thus be
called in parallel.
Cc: stable@vger.kernel.org
Reported-by: Ondrej Zary <linux@rainbow-software.org>
Tested-by: Ondrej Zary <linux@rainbow-software.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/bounce.c | 37 ++++++++++++++++++++++++++++---------
1 file changed, 28 insertions(+), 9 deletions(-)
--- a/block/bounce.c
+++ b/block/bounce.c
@@ -31,6 +31,24 @@
static struct bio_set bounce_bio_set, bounce_bio_split;
static mempool_t page_pool, isa_page_pool;
+static void init_bounce_bioset(void)
+{
+ static bool bounce_bs_setup;
+ int ret;
+
+ if (bounce_bs_setup)
+ return;
+
+ ret = bioset_init(&bounce_bio_set, BIO_POOL_SIZE, 0, BIOSET_NEED_BVECS);
+ BUG_ON(ret);
+ if (bioset_integrity_create(&bounce_bio_set, BIO_POOL_SIZE))
+ BUG_ON(1);
+
+ ret = bioset_init(&bounce_bio_split, BIO_POOL_SIZE, 0, 0);
+ BUG_ON(ret);
+ bounce_bs_setup = true;
+}
+
#if defined(CONFIG_HIGHMEM)
static __init int init_emergency_pool(void)
{
@@ -44,14 +62,7 @@ static __init int init_emergency_pool(vo
BUG_ON(ret);
pr_info("pool size: %d pages\n", POOL_SIZE);
- ret = bioset_init(&bounce_bio_set, BIO_POOL_SIZE, 0, BIOSET_NEED_BVECS);
- BUG_ON(ret);
- if (bioset_integrity_create(&bounce_bio_set, BIO_POOL_SIZE))
- BUG_ON(1);
-
- ret = bioset_init(&bounce_bio_split, BIO_POOL_SIZE, 0, 0);
- BUG_ON(ret);
-
+ init_bounce_bioset();
return 0;
}
@@ -86,6 +97,8 @@ static void *mempool_alloc_pages_isa(gfp
return mempool_alloc_pages(gfp_mask | GFP_DMA, data);
}
+static DEFINE_MUTEX(isa_mutex);
+
/*
* gets called "every" time someone init's a queue with BLK_BOUNCE_ISA
* as the max address, so check if the pool has already been created.
@@ -94,14 +107,20 @@ int init_emergency_isa_pool(void)
{
int ret;
- if (mempool_initialized(&isa_page_pool))
+ mutex_lock(&isa_mutex);
+
+ if (mempool_initialized(&isa_page_pool)) {
+ mutex_unlock(&isa_mutex);
return 0;
+ }
ret = mempool_init(&isa_page_pool, ISA_POOL_SIZE, mempool_alloc_pages_isa,
mempool_free_pages, (void *) 0);
BUG_ON(ret);
pr_info("isa pool size: %d pages\n", ISA_POOL_SIZE);
+ init_bounce_bioset();
+ mutex_unlock(&isa_mutex);
return 0;
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 019/361] block: make sure discard bio is aligned with logical block size
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (17 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 018/361] block: setup bounce bio_sets properly Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 020/361] block: make sure writesame " Greg Kroah-Hartman
` (344 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mike Snitzer, Christoph Hellwig,
Xiao Ni, Mariusz Dabrowski, Rui Salvaterra, Ming Lei, Jens Axboe
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ming Lei <ming.lei@redhat.com>
commit 1adfc5e4136f5967d591c399aff95b3b035f16b7 upstream.
Obviously the created discard bio has to be aligned with logical block size.
This patch introduces the helper of bio_allowed_max_sectors() for
this purpose.
Cc: stable@vger.kernel.org
Cc: Mike Snitzer <snitzer@redhat.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Xiao Ni <xni@redhat.com>
Cc: Mariusz Dabrowski <mariusz.dabrowski@intel.com>
Fixes: 744889b7cbb56a6 ("block: don't deal with discard limit in blkdev_issue_discard()")
Fixes: a22c4d7e34402cc ("block: re-add discard_granularity and alignment checks")
Reported-by: Rui Salvaterra <rsalvaterra@gmail.com>
Tested-by: Rui Salvaterra <rsalvaterra@gmail.com>
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/blk-lib.c | 3 +--
block/blk-merge.c | 3 ++-
block/blk.h | 10 ++++++++++
3 files changed, 13 insertions(+), 3 deletions(-)
--- a/block/blk-lib.c
+++ b/block/blk-lib.c
@@ -58,8 +58,7 @@ int __blkdev_issue_discard(struct block_
if (!req_sects)
goto fail;
- if (req_sects > UINT_MAX >> 9)
- req_sects = UINT_MAX >> 9;
+ req_sects = min(req_sects, bio_allowed_max_sectors(q));
end_sect = sector + req_sects;
--- a/block/blk-merge.c
+++ b/block/blk-merge.c
@@ -27,7 +27,8 @@ static struct bio *blk_bio_discard_split
/* Zero-sector (unknown) and one-sector granularities are the same. */
granularity = max(q->limits.discard_granularity >> 9, 1U);
- max_discard_sectors = min(q->limits.max_discard_sectors, UINT_MAX >> 9);
+ max_discard_sectors = min(q->limits.max_discard_sectors,
+ bio_allowed_max_sectors(q));
max_discard_sectors -= max_discard_sectors % granularity;
if (unlikely(!max_discard_sectors)) {
--- a/block/blk.h
+++ b/block/blk.h
@@ -329,6 +329,16 @@ static inline unsigned long blk_rq_deadl
}
/*
+ * The max size one bio can handle is UINT_MAX becasue bvec_iter.bi_size
+ * is defined as 'unsigned int', meantime it has to aligned to with logical
+ * block size which is the minimum accepted unit by hardware.
+ */
+static inline unsigned int bio_allowed_max_sectors(struct request_queue *q)
+{
+ return round_down(UINT_MAX, queue_logical_block_size(q)) >> 9;
+}
+
+/*
* Internal io_context interface
*/
void get_io_context(struct io_context *ioc);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 020/361] block: make sure writesame bio is aligned with logical block size
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (18 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 019/361] block: make sure discard bio is aligned with logical block size Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 021/361] cpufreq: conservative: Take limits changes into account properly Greg Kroah-Hartman
` (343 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mike Snitzer, Christoph Hellwig,
Xiao Ni, Mariusz Dabrowski, Rui Salvaterra, Ming Lei, Jens Axboe
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ming Lei <ming.lei@redhat.com>
commit 34ffec60b27aa81d04e274e71e4c6ef740f75fc7 upstream.
Obviously the created writesame bio has to be aligned with logical block
size, and use bio_allowed_max_sectors() to retrieve this number.
Cc: stable@vger.kernel.org
Cc: Mike Snitzer <snitzer@redhat.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Xiao Ni <xni@redhat.com>
Cc: Mariusz Dabrowski <mariusz.dabrowski@intel.com>
Fixes: b49a0871be31a745b2ef ("block: remove split code in blkdev_issue_{discard,write_same}")
Tested-by: Rui Salvaterra <rsalvaterra@gmail.com>
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/blk-lib.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/block/blk-lib.c
+++ b/block/blk-lib.c
@@ -161,7 +161,7 @@ static int __blkdev_issue_write_same(str
return -EOPNOTSUPP;
/* Ensure that max_write_same_sectors doesn't overflow bi_size */
- max_write_same_sectors = UINT_MAX >> 9;
+ max_write_same_sectors = bio_allowed_max_sectors(q);
while (nr_sects) {
bio = next_bio(bio, 1, gfp_mask);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 021/361] cpufreq: conservative: Take limits changes into account properly
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (19 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 020/361] block: make sure writesame " Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 022/361] dma-mapping: fix panic caused by passing empty cma command line argument Greg Kroah-Hartman
` (342 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Waldemar Rymarkiewicz,
Rafael J. Wysocki, Viresh Kumar
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
commit da5e79bc70b84971d2b3a55fb252e34e51d81d48 upstream.
If the policy limits change between invocations of cs_dbs_update(),
the requested frequency value stored in dbs_info may not be updated
and the function may use a stale value of it next time. Moreover, if
idle periods are takem into account by cs_dbs_update(), the requested
frequency value stored in dbs_info may be below the min policy limit,
which is incorrect.
To fix these problems, always update the requested frequency value
in dbs_info along with the local copy of it when the previous
requested frequency is beyond the policy limits and avoid decreasing
the requested frequency below the min policy limit when taking
idle periods into account.
Fixes: abb6627910a1 (cpufreq: conservative: Fix next frequency selection)
Fixes: 00bfe05889e9 (cpufreq: conservative: Decrease frequency faster for deferred updates)
Reported-by: Waldemar Rymarkiewicz <waldemarx.rymarkiewicz@intel.com>
Cc: All applicable <stable@vger.kernel.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Acked-by: Waldemar Rymarkiewicz <waldemarx.rymarkiewicz@intel.com>
Acked-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/cpufreq/cpufreq_conservative.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/drivers/cpufreq/cpufreq_conservative.c
+++ b/drivers/cpufreq/cpufreq_conservative.c
@@ -80,8 +80,10 @@ static unsigned int cs_dbs_update(struct
* changed in the meantime, so fall back to current frequency in that
* case.
*/
- if (requested_freq > policy->max || requested_freq < policy->min)
+ if (requested_freq > policy->max || requested_freq < policy->min) {
requested_freq = policy->cur;
+ dbs_info->requested_freq = requested_freq;
+ }
freq_step = get_freq_step(cs_tuners, policy);
@@ -92,7 +94,7 @@ static unsigned int cs_dbs_update(struct
if (policy_dbs->idle_periods < UINT_MAX) {
unsigned int freq_steps = policy_dbs->idle_periods * freq_step;
- if (requested_freq > freq_steps)
+ if (requested_freq > policy->min + freq_steps)
requested_freq -= freq_steps;
else
requested_freq = policy->min;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 022/361] dma-mapping: fix panic caused by passing empty cma command line argument
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (20 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 021/361] cpufreq: conservative: Take limits changes into account properly Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 023/361] pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges Greg Kroah-Hartman
` (341 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, He Zhe, Marek Szyprowski, Christoph Hellwig
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: He Zhe <zhe.he@windriver.com>
commit a3ceed87b07769fb80ce9dc6b604e515dba14c4b upstream.
early_cma does not check input argument before passing it to
simple_strtoull. The argument would be a NULL pointer if "cma", without
its value, is set in command line and thus causes the following panic.
PANIC: early exception 0xe3 IP 10:ffffffffa3e9db8d error 0 cr2 0x0
[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 4.19.0-rc3-yocto-standard+ #7
[ 0.000000] RIP: 0010:_parse_integer_fixup_radix+0xd/0x70
...
[ 0.000000] Call Trace:
[ 0.000000] simple_strtoull+0x29/0x70
[ 0.000000] memparse+0x26/0x90
[ 0.000000] early_cma+0x17/0x6a
[ 0.000000] do_early_param+0x57/0x8e
[ 0.000000] parse_args+0x208/0x320
[ 0.000000] ? rdinit_setup+0x30/0x30
[ 0.000000] parse_early_options+0x29/0x2d
[ 0.000000] ? rdinit_setup+0x30/0x30
[ 0.000000] parse_early_param+0x36/0x4d
[ 0.000000] setup_arch+0x336/0x99e
[ 0.000000] start_kernel+0x6f/0x4e6
[ 0.000000] x86_64_start_reservations+0x24/0x26
[ 0.000000] x86_64_start_kernel+0x6f/0x72
[ 0.000000] secondary_startup_64+0xa4/0xb0
This patch adds a check to prevent the panic.
Signed-off-by: He Zhe <zhe.he@windriver.com>
Reviewed-by: Marek Szyprowski <m.szyprowski@samsung.com>
Cc: stable@vger.kernel.org
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/dma/contiguous.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/kernel/dma/contiguous.c
+++ b/kernel/dma/contiguous.c
@@ -49,7 +49,11 @@ static phys_addr_t limit_cmdline;
static int __init early_cma(char *p)
{
- pr_debug("%s(%s)\n", __func__, p);
+ if (!p) {
+ pr_err("Config string not provided\n");
+ return -EINVAL;
+ }
+
size_cmdline = memparse(p, &p);
if (*p != '@')
return 0;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 023/361] pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (21 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 022/361] dma-mapping: fix panic caused by passing empty cma command line argument Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 024/361] ACPI / OSL: Use jiffies as the time bassis for acpi_os_get_timer() Greg Kroah-Hartman
` (340 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maciej S. Szmigiero, Dominik Brodowski
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
commit 95691e3eddc41da2d1cd3cca51fecdfb46bd85bc upstream.
Currently, "disable_clkrun" yenta_socket module parameter is only
implemented for TI CardBus bridges.
Add also an implementation for Ricoh bridges that have the necessary
setting documented in publicly available datasheets.
Tested on a RL5C476II with a Sunrich C-160 CardBus NIC that doesn't work
correctly unless the CLKRUN protocol is disabled.
Let's also make it clear in its description that the "disable_clkrun"
module parameter only works on these two previously mentioned brands of
CardBus bridges.
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Cc: stable@vger.kernel.org
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pcmcia/ricoh.h | 35 +++++++++++++++++++++++++++++++++++
drivers/pcmcia/yenta_socket.c | 3 ++-
2 files changed, 37 insertions(+), 1 deletion(-)
--- a/drivers/pcmcia/ricoh.h
+++ b/drivers/pcmcia/ricoh.h
@@ -119,6 +119,10 @@
#define RL5C4XX_MISC_CONTROL 0x2F /* 8 bit */
#define RL5C4XX_ZV_ENABLE 0x08
+/* Misc Control 3 Register */
+#define RL5C4XX_MISC3 0x00A2 /* 16 bit */
+#define RL5C47X_MISC3_CB_CLKRUN_DIS BIT(1)
+
#ifdef __YENTA_H
#define rl_misc(socket) ((socket)->private[0])
@@ -156,6 +160,35 @@ static void ricoh_set_zv(struct yenta_so
}
}
+static void ricoh_set_clkrun(struct yenta_socket *socket, bool quiet)
+{
+ u16 misc3;
+
+ /*
+ * RL5C475II likely has this setting, too, however no datasheet
+ * is publicly available for this chip
+ */
+ if (socket->dev->device != PCI_DEVICE_ID_RICOH_RL5C476 &&
+ socket->dev->device != PCI_DEVICE_ID_RICOH_RL5C478)
+ return;
+
+ if (socket->dev->revision < 0x80)
+ return;
+
+ misc3 = config_readw(socket, RL5C4XX_MISC3);
+ if (misc3 & RL5C47X_MISC3_CB_CLKRUN_DIS) {
+ if (!quiet)
+ dev_dbg(&socket->dev->dev,
+ "CLKRUN feature already disabled\n");
+ } else if (disable_clkrun) {
+ if (!quiet)
+ dev_info(&socket->dev->dev,
+ "Disabling CLKRUN feature\n");
+ misc3 |= RL5C47X_MISC3_CB_CLKRUN_DIS;
+ config_writew(socket, RL5C4XX_MISC3, misc3);
+ }
+}
+
static void ricoh_save_state(struct yenta_socket *socket)
{
rl_misc(socket) = config_readw(socket, RL5C4XX_MISC);
@@ -172,6 +205,7 @@ static void ricoh_restore_state(struct y
config_writew(socket, RL5C4XX_16BIT_IO_0, rl_io(socket));
config_writew(socket, RL5C4XX_16BIT_MEM_0, rl_mem(socket));
config_writew(socket, RL5C4XX_CONFIG, rl_config(socket));
+ ricoh_set_clkrun(socket, true);
}
@@ -197,6 +231,7 @@ static int ricoh_override(struct yenta_s
config_writew(socket, RL5C4XX_CONFIG, config);
ricoh_set_zv(socket);
+ ricoh_set_clkrun(socket, false);
return 0;
}
--- a/drivers/pcmcia/yenta_socket.c
+++ b/drivers/pcmcia/yenta_socket.c
@@ -26,7 +26,8 @@
static bool disable_clkrun;
module_param(disable_clkrun, bool, 0444);
-MODULE_PARM_DESC(disable_clkrun, "If PC card doesn't function properly, please try this option");
+MODULE_PARM_DESC(disable_clkrun,
+ "If PC card doesn't function properly, please try this option (TI and Ricoh bridges only)");
static bool isa_probe = 1;
module_param(isa_probe, bool, 0444);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 024/361] ACPI / OSL: Use jiffies as the time bassis for acpi_os_get_timer()
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (22 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 023/361] pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 025/361] ACPICA: AML interpreter: add region addresses in global list during initialization Greg Kroah-Hartman
` (339 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Fengguang Wu, Bart Van Assche,
Rafael J. Wysocki
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bart Van Assche <bvanassche@acm.org>
commit 83b2348e2755db48fa8f40fdb791f366fabc0ba0 upstream.
Since acpi_os_get_timer() may be called after the timer subsystem has
been suspended, use the jiffies counter instead of ktime_get(). This
patch avoids that the following warning is reported during hibernation:
WARNING: CPU: 0 PID: 612 at kernel/time/timekeeping.c:751 ktime_get+0x116/0x120
RIP: 0010:ktime_get+0x116/0x120
Call Trace:
acpi_os_get_timer+0xe/0x30
acpi_ds_exec_begin_control_op+0x175/0x1de
acpi_ds_exec_begin_op+0x2c7/0x39a
acpi_ps_create_op+0x573/0x5e4
acpi_ps_parse_loop+0x349/0x1220
acpi_ps_parse_aml+0x25b/0x6da
acpi_ps_execute_method+0x327/0x41b
acpi_ns_evaluate+0x4e9/0x6f5
acpi_ut_evaluate_object+0xd9/0x2f2
acpi_rs_get_method_data+0x8f/0x114
acpi_walk_resources+0x122/0x1b6
acpi_pci_link_get_current.isra.2+0x157/0x280
acpi_pci_link_set+0x32f/0x4a0
irqrouter_resume+0x58/0x80
syscore_resume+0x84/0x380
hibernation_snapshot+0x20c/0x4f0
hibernate+0x22d/0x3a6
state_store+0x99/0xa0
kobj_attr_store+0x37/0x50
sysfs_kf_write+0x87/0xa0
kernfs_fop_write+0x1a5/0x240
__vfs_write+0xd2/0x410
vfs_write+0x101/0x250
ksys_write+0xab/0x120
__x64_sys_write+0x43/0x50
do_syscall_64+0x71/0x220
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Fixes: 164a08cee135 (ACPICA: Dispatcher: Introduce timeout mechanism for infinite loop detection)
Reported-by: Fengguang Wu <fengguang.wu@intel.com>
References: https://lists.01.org/pipermail/lkp/2018-April/008406.html
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Cc: 4.16+ <stable@vger.kernel.org> # 4.16+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/acpi/osl.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
--- a/drivers/acpi/osl.c
+++ b/drivers/acpi/osl.c
@@ -617,15 +617,18 @@ void acpi_os_stall(u32 us)
}
/*
- * Support ACPI 3.0 AML Timer operand
- * Returns 64-bit free-running, monotonically increasing timer
- * with 100ns granularity
+ * Support ACPI 3.0 AML Timer operand. Returns a 64-bit free-running,
+ * monotonically increasing timer with 100ns granularity. Do not use
+ * ktime_get() to implement this function because this function may get
+ * called after timekeeping has been suspended. Note: calling this function
+ * after timekeeping has been suspended may lead to unexpected results
+ * because when timekeeping is suspended the jiffies counter is not
+ * incremented. See also timekeeping_suspend().
*/
u64 acpi_os_get_timer(void)
{
- u64 time_ns = ktime_to_ns(ktime_get());
- do_div(time_ns, 100);
- return time_ns;
+ return (get_jiffies_64() - INITIAL_JIFFIES) *
+ (ACPI_100NSEC_PER_SEC / HZ);
}
acpi_status acpi_os_read_port(acpi_io_address port, u32 * value, u32 width)
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 025/361] ACPICA: AML interpreter: add region addresses in global list during initialization
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (23 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 024/361] ACPI / OSL: Use jiffies as the time bassis for acpi_os_get_timer() Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-12 18:30 ` Holger Hoffstätte
2018-11-11 22:16 ` [PATCH 4.19 026/361] ACPICA: AML Parser: fix parse loop to correctly skip erroneous extended opcodes Greg Kroah-Hartman
` (338 subsequent siblings)
363 siblings, 1 reply; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jean-Marc Lenoir, Erik Schmauss,
Rafael J. Wysocki
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Erik Schmauss <erik.schmauss@intel.com>
commit 4abb951b73ff0a8a979113ef185651aa3c8da19b upstream.
The table load process omitted adding the operation region address
range to the global list. This omission is problematic because the OS
queries the global list to check for address range conflicts before
deciding which drivers to load. This commit may result in warning
messages that look like the following:
[ 7.871761] ACPI Warning: system_IO range 0x00000428-0x0000042F conflicts with op_region 0x00000400-0x0000047F (\PMIO) (20180531/utaddress-213)
[ 7.871769] ACPI: If an ACPI driver is available for this device, you should use it instead of the native driver
However, these messages do not signify regressions. It is a result of
properly adding address ranges within the global address list.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=200011
Tested-by: Jean-Marc Lenoir <archlinux@jihemel.com>
Signed-off-by: Erik Schmauss <erik.schmauss@intel.com>
Cc: All applicable <stable@vger.kernel.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/acpi/acpica/dsopcode.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/acpi/acpica/dsopcode.c
+++ b/drivers/acpi/acpica/dsopcode.c
@@ -417,6 +417,10 @@ acpi_ds_eval_region_operands(struct acpi
ACPI_FORMAT_UINT64(obj_desc->region.address),
obj_desc->region.length));
+ status = acpi_ut_add_address_range(obj_desc->region.space_id,
+ obj_desc->region.address,
+ obj_desc->region.length, node);
+
/* Now the address and length are valid for this opregion */
obj_desc->region.flags |= AOPOBJ_DATA_VALID;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 026/361] ACPICA: AML Parser: fix parse loop to correctly skip erroneous extended opcodes
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (24 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 025/361] ACPICA: AML interpreter: add region addresses in global list during initialization Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 027/361] acpi, nfit: Fix Address Range Scrub completion tracking Greg Kroah-Hartman
` (337 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Erik Schmauss, Rafael J. Wysocki
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Erik Schmauss <erik.schmauss@intel.com>
commit c64baa3a6fa207d112706bc5e7fd645cd8a8663f upstream.
AML opcodes come in two lengths: 1-byte opcodes and 2-byte, extended opcodes.
If an error occurs due to illegal opcodes during table load, the AML parser
needs to continue loading the table. In order to do this, it needs to skip
parsing of the offending opcode and operands associated with that opcode.
This change fixes the AML parse loop to correctly skip parsing of incorrect
extended opcodes. Previously, only the short opcodes were skipped correctly.
Signed-off-by: Erik Schmauss <erik.schmauss@intel.com>
Cc: All applicable <stable@vger.kernel.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/acpi/acpica/psloop.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
--- a/drivers/acpi/acpica/psloop.c
+++ b/drivers/acpi/acpica/psloop.c
@@ -417,6 +417,7 @@ acpi_status acpi_ps_parse_loop(struct ac
union acpi_parse_object *op = NULL; /* current op */
struct acpi_parse_state *parser_state;
u8 *aml_op_start = NULL;
+ u8 opcode_length;
ACPI_FUNCTION_TRACE_PTR(ps_parse_loop, walk_state);
@@ -540,8 +541,19 @@ acpi_status acpi_ps_parse_loop(struct ac
"Skip parsing opcode %s",
acpi_ps_get_opcode_name
(walk_state->opcode)));
+
+ /*
+ * Determine the opcode length before skipping the opcode.
+ * An opcode can be 1 byte or 2 bytes in length.
+ */
+ opcode_length = 1;
+ if ((walk_state->opcode & 0xFF00) ==
+ AML_EXTENDED_OPCODE) {
+ opcode_length = 2;
+ }
walk_state->parser_state.aml =
- walk_state->aml + 1;
+ walk_state->aml + opcode_length;
+
walk_state->parser_state.aml =
acpi_ps_get_next_package_end
(&walk_state->parser_state);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 027/361] acpi, nfit: Fix Address Range Scrub completion tracking
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (25 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 026/361] ACPICA: AML Parser: fix parse loop to correctly skip erroneous extended opcodes Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 028/361] kprobes/x86: Use preempt_enable() in optimized_callback() Greg Kroah-Hartman
` (336 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jacek Zloch, Krzysztof Rusocki,
Dave Jiang, Dan Williams
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Williams <dan.j.williams@intel.com>
commit d3abaf43bab8d5b0a3c6b982100d9e2be96de4ad upstream.
The Address Range Scrub implementation tried to skip running scrubs
against ranges that were already scrubbed by the BIOS. Unfortunately
that support also resulted in early scrub completions as evidenced by
this debug output from nfit_test:
nd_region region9: ARS: range 1 short complete
nd_region region3: ARS: range 1 short complete
nd_region region4: ARS: range 2 ARS start (0)
nd_region region4: ARS: range 2 short complete
...i.e. completions without any indications that the scrub was started.
This state of affairs was hard to see in the code due to the
proliferation of state bits and mistakenly trying to track done state
per-range when the completion is a global property of the bus.
So, kill the four ARS state bits (ARS_REQ, ARS_REQ_REDO, ARS_DONE, and
ARS_SHORT), and replace them with just 2 request flags ARS_REQ_SHORT and
ARS_REQ_LONG. The implementation will still complete and reap the
results of BIOS initiated ARS, but it will not attempt to use that
information to affect the completion status of scrubbing the ranges from
a Linux perspective.
Instead, try to synchronously run a short ARS per range at init time and
schedule a long scrub in the background. If ARS is busy with an ARS
request, schedule both a short and a long scrub for when ARS returns to
idle. This logic also satisfies the intent of what ARS_REQ_REDO was
trying to achieve. The new rule is that the REQ flag stays set until the
next successful ars_start() for that range.
With the new policy that the REQ flags are not cleared until the next
start, the implementation no longer loses requests as can be seen from
the following log:
nd_region region3: ARS: range 1 ARS start short (0)
nd_region region9: ARS: range 1 ARS start short (0)
nd_region region3: ARS: range 1 complete
nd_region region4: ARS: range 2 ARS start short (0)
nd_region region9: ARS: range 1 complete
nd_region region9: ARS: range 1 ARS start long (0)
nd_region region4: ARS: range 2 complete
nd_region region3: ARS: range 1 ARS start long (0)
nd_region region9: ARS: range 1 complete
nd_region region3: ARS: range 1 complete
nd_region region4: ARS: range 2 ARS start long (0)
nd_region region4: ARS: range 2 complete
...note that the nfit_test emulated driver provides 2 buses, that is why
some of the range indices are duplicated. Notice that each range
now successfully completes a short and long scrub.
Cc: <stable@vger.kernel.org>
Fixes: 14c73f997a5e ("nfit, address-range-scrub: introduce nfit_spa->ars_state")
Fixes: cc3d3458d46f ("acpi/nfit: queue issuing of ars when an uc error...")
Reported-by: Jacek Zloch <jacek.zloch@intel.com>
Reported-by: Krzysztof Rusocki <krzysztof.rusocki@intel.com>
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/acpi/nfit/core.c | 167 ++++++++++++++++++++++++++---------------------
drivers/acpi/nfit/nfit.h | 10 +-
2 files changed, 100 insertions(+), 77 deletions(-)
--- a/drivers/acpi/nfit/core.c
+++ b/drivers/acpi/nfit/core.c
@@ -2466,7 +2466,8 @@ static int ars_get_cap(struct acpi_nfit_
return cmd_rc;
}
-static int ars_start(struct acpi_nfit_desc *acpi_desc, struct nfit_spa *nfit_spa)
+static int ars_start(struct acpi_nfit_desc *acpi_desc,
+ struct nfit_spa *nfit_spa, enum nfit_ars_state req_type)
{
int rc;
int cmd_rc;
@@ -2477,7 +2478,7 @@ static int ars_start(struct acpi_nfit_de
memset(&ars_start, 0, sizeof(ars_start));
ars_start.address = spa->address;
ars_start.length = spa->length;
- if (test_bit(ARS_SHORT, &nfit_spa->ars_state))
+ if (req_type == ARS_REQ_SHORT)
ars_start.flags = ND_ARS_RETURN_PREV_DATA;
if (nfit_spa_type(spa) == NFIT_SPA_PM)
ars_start.type = ND_ARS_PERSISTENT;
@@ -2534,6 +2535,15 @@ static void ars_complete(struct acpi_nfi
struct nd_region *nd_region = nfit_spa->nd_region;
struct device *dev;
+ lockdep_assert_held(&acpi_desc->init_mutex);
+ /*
+ * Only advance the ARS state for ARS runs initiated by the
+ * kernel, ignore ARS results from BIOS initiated runs for scrub
+ * completion tracking.
+ */
+ if (acpi_desc->scrub_spa != nfit_spa)
+ return;
+
if ((ars_status->address >= spa->address && ars_status->address
< spa->address + spa->length)
|| (ars_status->address < spa->address)) {
@@ -2553,28 +2563,13 @@ static void ars_complete(struct acpi_nfi
} else
return;
- if (test_bit(ARS_DONE, &nfit_spa->ars_state))
- return;
-
- if (!test_and_clear_bit(ARS_REQ, &nfit_spa->ars_state))
- return;
-
+ acpi_desc->scrub_spa = NULL;
if (nd_region) {
dev = nd_region_dev(nd_region);
nvdimm_region_notify(nd_region, NVDIMM_REVALIDATE_POISON);
} else
dev = acpi_desc->dev;
-
- dev_dbg(dev, "ARS: range %d %s complete\n", spa->range_index,
- test_bit(ARS_SHORT, &nfit_spa->ars_state)
- ? "short" : "long");
- clear_bit(ARS_SHORT, &nfit_spa->ars_state);
- if (test_and_clear_bit(ARS_REQ_REDO, &nfit_spa->ars_state)) {
- set_bit(ARS_SHORT, &nfit_spa->ars_state);
- set_bit(ARS_REQ, &nfit_spa->ars_state);
- dev_dbg(dev, "ARS: processing scrub request received while in progress\n");
- } else
- set_bit(ARS_DONE, &nfit_spa->ars_state);
+ dev_dbg(dev, "ARS: range %d complete\n", spa->range_index);
}
static int ars_status_process_records(struct acpi_nfit_desc *acpi_desc)
@@ -2855,46 +2850,55 @@ static int acpi_nfit_query_poison(struct
return 0;
}
-static int ars_register(struct acpi_nfit_desc *acpi_desc, struct nfit_spa *nfit_spa,
- int *query_rc)
+static int ars_register(struct acpi_nfit_desc *acpi_desc,
+ struct nfit_spa *nfit_spa)
{
- int rc = *query_rc;
+ int rc;
- if (no_init_ars)
+ if (no_init_ars || test_bit(ARS_FAILED, &nfit_spa->ars_state))
return acpi_nfit_register_region(acpi_desc, nfit_spa);
- set_bit(ARS_REQ, &nfit_spa->ars_state);
- set_bit(ARS_SHORT, &nfit_spa->ars_state);
+ set_bit(ARS_REQ_SHORT, &nfit_spa->ars_state);
+ set_bit(ARS_REQ_LONG, &nfit_spa->ars_state);
- switch (rc) {
+ switch (acpi_nfit_query_poison(acpi_desc)) {
case 0:
case -EAGAIN:
- rc = ars_start(acpi_desc, nfit_spa);
- if (rc == -EBUSY) {
- *query_rc = rc;
+ rc = ars_start(acpi_desc, nfit_spa, ARS_REQ_SHORT);
+ /* shouldn't happen, try again later */
+ if (rc == -EBUSY)
break;
- } else if (rc == 0) {
- rc = acpi_nfit_query_poison(acpi_desc);
- } else {
+ if (rc) {
set_bit(ARS_FAILED, &nfit_spa->ars_state);
break;
}
- if (rc == -EAGAIN)
- clear_bit(ARS_SHORT, &nfit_spa->ars_state);
- else if (rc == 0)
- ars_complete(acpi_desc, nfit_spa);
+ clear_bit(ARS_REQ_SHORT, &nfit_spa->ars_state);
+ rc = acpi_nfit_query_poison(acpi_desc);
+ if (rc)
+ break;
+ acpi_desc->scrub_spa = nfit_spa;
+ ars_complete(acpi_desc, nfit_spa);
+ /*
+ * If ars_complete() says we didn't complete the
+ * short scrub, we'll try again with a long
+ * request.
+ */
+ acpi_desc->scrub_spa = NULL;
break;
case -EBUSY:
+ case -ENOMEM:
case -ENOSPC:
+ /*
+ * BIOS was using ARS, wait for it to complete (or
+ * resources to become available) and then perform our
+ * own scrubs.
+ */
break;
default:
set_bit(ARS_FAILED, &nfit_spa->ars_state);
break;
}
- if (test_and_clear_bit(ARS_DONE, &nfit_spa->ars_state))
- set_bit(ARS_REQ, &nfit_spa->ars_state);
-
return acpi_nfit_register_region(acpi_desc, nfit_spa);
}
@@ -2916,6 +2920,8 @@ static unsigned int __acpi_nfit_scrub(st
struct device *dev = acpi_desc->dev;
struct nfit_spa *nfit_spa;
+ lockdep_assert_held(&acpi_desc->init_mutex);
+
if (acpi_desc->cancel)
return 0;
@@ -2939,21 +2945,49 @@ static unsigned int __acpi_nfit_scrub(st
ars_complete_all(acpi_desc);
list_for_each_entry(nfit_spa, &acpi_desc->spas, list) {
+ enum nfit_ars_state req_type;
+ int rc;
+
if (test_bit(ARS_FAILED, &nfit_spa->ars_state))
continue;
- if (test_bit(ARS_REQ, &nfit_spa->ars_state)) {
- int rc = ars_start(acpi_desc, nfit_spa);
- clear_bit(ARS_DONE, &nfit_spa->ars_state);
- dev = nd_region_dev(nfit_spa->nd_region);
- dev_dbg(dev, "ARS: range %d ARS start (%d)\n",
- nfit_spa->spa->range_index, rc);
- if (rc == 0 || rc == -EBUSY)
- return 1;
- dev_err(dev, "ARS: range %d ARS failed (%d)\n",
- nfit_spa->spa->range_index, rc);
- set_bit(ARS_FAILED, &nfit_spa->ars_state);
+ /* prefer short ARS requests first */
+ if (test_bit(ARS_REQ_SHORT, &nfit_spa->ars_state))
+ req_type = ARS_REQ_SHORT;
+ else if (test_bit(ARS_REQ_LONG, &nfit_spa->ars_state))
+ req_type = ARS_REQ_LONG;
+ else
+ continue;
+ rc = ars_start(acpi_desc, nfit_spa, req_type);
+
+ dev = nd_region_dev(nfit_spa->nd_region);
+ dev_dbg(dev, "ARS: range %d ARS start %s (%d)\n",
+ nfit_spa->spa->range_index,
+ req_type == ARS_REQ_SHORT ? "short" : "long",
+ rc);
+ /*
+ * Hmm, we raced someone else starting ARS? Try again in
+ * a bit.
+ */
+ if (rc == -EBUSY)
+ return 1;
+ if (rc == 0) {
+ dev_WARN_ONCE(dev, acpi_desc->scrub_spa,
+ "scrub start while range %d active\n",
+ acpi_desc->scrub_spa->spa->range_index);
+ clear_bit(req_type, &nfit_spa->ars_state);
+ acpi_desc->scrub_spa = nfit_spa;
+ /*
+ * Consider this spa last for future scrub
+ * requests
+ */
+ list_move_tail(&nfit_spa->list, &acpi_desc->spas);
+ return 1;
}
+
+ dev_err(dev, "ARS: range %d ARS failed (%d)\n",
+ nfit_spa->spa->range_index, rc);
+ set_bit(ARS_FAILED, &nfit_spa->ars_state);
}
return 0;
}
@@ -3009,6 +3043,7 @@ static void acpi_nfit_init_ars(struct ac
struct nd_cmd_ars_cap ars_cap;
int rc;
+ set_bit(ARS_FAILED, &nfit_spa->ars_state);
memset(&ars_cap, 0, sizeof(ars_cap));
rc = ars_get_cap(acpi_desc, &ars_cap, nfit_spa);
if (rc < 0)
@@ -3025,16 +3060,14 @@ static void acpi_nfit_init_ars(struct ac
nfit_spa->clear_err_unit = ars_cap.clear_err_unit;
acpi_desc->max_ars = max(nfit_spa->max_ars, acpi_desc->max_ars);
clear_bit(ARS_FAILED, &nfit_spa->ars_state);
- set_bit(ARS_REQ, &nfit_spa->ars_state);
}
static int acpi_nfit_register_regions(struct acpi_nfit_desc *acpi_desc)
{
struct nfit_spa *nfit_spa;
- int rc, query_rc;
+ int rc;
list_for_each_entry(nfit_spa, &acpi_desc->spas, list) {
- set_bit(ARS_FAILED, &nfit_spa->ars_state);
switch (nfit_spa_type(nfit_spa->spa)) {
case NFIT_SPA_VOLATILE:
case NFIT_SPA_PM:
@@ -3043,20 +3076,12 @@ static int acpi_nfit_register_regions(st
}
}
- /*
- * Reap any results that might be pending before starting new
- * short requests.
- */
- query_rc = acpi_nfit_query_poison(acpi_desc);
- if (query_rc == 0)
- ars_complete_all(acpi_desc);
-
list_for_each_entry(nfit_spa, &acpi_desc->spas, list)
switch (nfit_spa_type(nfit_spa->spa)) {
case NFIT_SPA_VOLATILE:
case NFIT_SPA_PM:
/* register regions and kick off initial ARS run */
- rc = ars_register(acpi_desc, nfit_spa, &query_rc);
+ rc = ars_register(acpi_desc, nfit_spa);
if (rc)
return rc;
break;
@@ -3251,7 +3276,8 @@ static int acpi_nfit_clear_to_send(struc
return 0;
}
-int acpi_nfit_ars_rescan(struct acpi_nfit_desc *acpi_desc, unsigned long flags)
+int acpi_nfit_ars_rescan(struct acpi_nfit_desc *acpi_desc,
+ enum nfit_ars_state req_type)
{
struct device *dev = acpi_desc->dev;
int scheduled = 0, busy = 0;
@@ -3271,14 +3297,10 @@ int acpi_nfit_ars_rescan(struct acpi_nfi
if (test_bit(ARS_FAILED, &nfit_spa->ars_state))
continue;
- if (test_and_set_bit(ARS_REQ, &nfit_spa->ars_state)) {
+ if (test_and_set_bit(req_type, &nfit_spa->ars_state))
busy++;
- set_bit(ARS_REQ_REDO, &nfit_spa->ars_state);
- } else {
- if (test_bit(ARS_SHORT, &flags))
- set_bit(ARS_SHORT, &nfit_spa->ars_state);
+ else
scheduled++;
- }
}
if (scheduled) {
sched_ars(acpi_desc);
@@ -3464,10 +3486,11 @@ static void acpi_nfit_update_notify(stru
static void acpi_nfit_uc_error_notify(struct device *dev, acpi_handle handle)
{
struct acpi_nfit_desc *acpi_desc = dev_get_drvdata(dev);
- unsigned long flags = (acpi_desc->scrub_mode == HW_ERROR_SCRUB_ON) ?
- 0 : 1 << ARS_SHORT;
- acpi_nfit_ars_rescan(acpi_desc, flags);
+ if (acpi_desc->scrub_mode == HW_ERROR_SCRUB_ON)
+ acpi_nfit_ars_rescan(acpi_desc, ARS_REQ_LONG);
+ else
+ acpi_nfit_ars_rescan(acpi_desc, ARS_REQ_SHORT);
}
void __acpi_nfit_notify(struct device *dev, acpi_handle handle, u32 event)
--- a/drivers/acpi/nfit/nfit.h
+++ b/drivers/acpi/nfit/nfit.h
@@ -118,10 +118,8 @@ enum nfit_dimm_notifiers {
};
enum nfit_ars_state {
- ARS_REQ,
- ARS_REQ_REDO,
- ARS_DONE,
- ARS_SHORT,
+ ARS_REQ_SHORT,
+ ARS_REQ_LONG,
ARS_FAILED,
};
@@ -198,6 +196,7 @@ struct acpi_nfit_desc {
struct device *dev;
u8 ars_start_flags;
struct nd_cmd_ars_status *ars_status;
+ struct nfit_spa *scrub_spa;
struct delayed_work dwork;
struct list_head list;
struct kernfs_node *scrub_count_state;
@@ -252,7 +251,8 @@ struct nfit_blk {
extern struct list_head acpi_descs;
extern struct mutex acpi_desc_lock;
-int acpi_nfit_ars_rescan(struct acpi_nfit_desc *acpi_desc, unsigned long flags);
+int acpi_nfit_ars_rescan(struct acpi_nfit_desc *acpi_desc,
+ enum nfit_ars_state req_type);
#ifdef CONFIG_X86_MCE
void nfit_mce_register(void);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 028/361] kprobes/x86: Use preempt_enable() in optimized_callback()
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (26 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 027/361] acpi, nfit: Fix Address Range Scrub completion tracking Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 029/361] ipmi: Fix timer race with module unload Greg Kroah-Hartman
` (335 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nadav Amit, Masami Hiramatsu,
Peter Zijlstra (Intel),
Alexei Starovoitov, Andy Lutomirski, Borislav Petkov,
Linus Torvalds, Oleg Nesterov, Thomas Gleixner, dwmw,
Ingo Molnar
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Masami Hiramatsu <mhiramat@kernel.org>
commit 2e62024c265aa69315ed02835623740030435380 upstream.
The following commit:
a19b2e3d7839 ("kprobes/x86: Remove IRQ disabling from ftrace-based/optimized kprobes”)
removed local_irq_save/restore() from optimized_callback(), the handler
might be interrupted by the rescheduling interrupt and might be
rescheduled - so we must not use the preempt_enable_no_resched() macro.
Use preempt_enable() instead, to not lose preemption events.
[ mingo: Improved the changelog. ]
Reported-by: Nadav Amit <namit@vmware.com>
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: <stable@vger.kernel.org>
Cc: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: dwmw@amazon.co.uk
Fixes: a19b2e3d7839 ("kprobes/x86: Remove IRQ disabling from ftrace-based/optimized kprobes”)
Link: http://lkml.kernel.org/r/154002887331.7627.10194920925792947001.stgit@devbox
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/kprobes/opt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/x86/kernel/kprobes/opt.c
+++ b/arch/x86/kernel/kprobes/opt.c
@@ -179,7 +179,7 @@ optimized_callback(struct optimized_kpro
opt_pre_handler(&op->kp, regs);
__this_cpu_write(current_kprobe, NULL);
}
- preempt_enable_no_resched();
+ preempt_enable();
}
NOKPROBE_SYMBOL(optimized_callback);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 029/361] ipmi: Fix timer race with module unload
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (27 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 028/361] kprobes/x86: Use preempt_enable() in optimized_callback() Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 030/361] mailbox: PCC: handle parse error Greg Kroah-Hartman
` (334 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jan Glauber, Corey Minyard
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jan Glauber <jglauber@cavium.com>
commit 0711e8c1b4572d076264e71b0002d223f2666ed7 upstream.
Please note that below oops is from an older kernel, but the same
race seems to be present in the upstream kernel too.
---8<---
The following panic was encountered during removing the ipmi_ssif
module:
[ 526.352555] Unable to handle kernel paging request at virtual address ffff000006923090
[ 526.360464] Mem abort info:
[ 526.363257] ESR = 0x86000007
[ 526.366304] Exception class = IABT (current EL), IL = 32 bits
[ 526.372221] SET = 0, FnV = 0
[ 526.375269] EA = 0, S1PTW = 0
[ 526.378405] swapper pgtable: 4k pages, 48-bit VAs, pgd = 000000008ae60416
[ 526.385185] [ffff000006923090] *pgd=000000bffcffe803, *pud=000000bffcffd803, *pmd=0000009f4731a003, *pte=0000000000000000
[ 526.396141] Internal error: Oops: 86000007 [#1] SMP
[ 526.401008] Modules linked in: nls_iso8859_1 ipmi_devintf joydev input_leds ipmi_msghandler shpchp sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear i2c_smbus hid_generic usbhid uas hid usb_storage ast aes_ce_blk i2c_algo_bit aes_ce_cipher qede ttm crc32_ce ptp crct10dif_ce drm_kms_helper ghash_ce syscopyarea sha2_ce sysfillrect sysimgblt pps_core fb_sys_fops sha256_arm64 sha1_ce mpt3sas qed drm raid_class ahci scsi_transport_sas libahci gpio_xlp i2c_xlp9xx aes_neon_bs aes_neon_blk crypto_simd cryptd aes_arm64 [last unloaded: ipmi_ssif]
[ 526.468085] CPU: 125 PID: 0 Comm: swapper/125 Not tainted 4.15.0-35-generic #38~lp1775396+build.1
[ 526.476942] Hardware name: To be filled by O.E.M. Saber/Saber, BIOS 0ACKL022 08/14/2018
[ 526.484932] pstate: 00400009 (nzcv daif +PAN -UAO)
[ 526.489713] pc : 0xffff000006923090
[ 526.493198] lr : call_timer_fn+0x34/0x178
[ 526.497194] sp : ffff000009b0bdd0
[ 526.500496] x29: ffff000009b0bdd0 x28: 0000000000000082
[ 526.505796] x27: 0000000000000002 x26: ffff000009515188
[ 526.511096] x25: ffff000009515180 x24: ffff0000090f1018
[ 526.516396] x23: ffff000009519660 x22: dead000000000200
[ 526.521696] x21: ffff000006923090 x20: 0000000000000100
[ 526.526995] x19: ffff809eeb466a40 x18: 0000000000000000
[ 526.532295] x17: 000000000000000e x16: 0000000000000007
[ 526.537594] x15: 0000000000000000 x14: 071c71c71c71c71c
[ 526.542894] x13: 0000000000000000 x12: 0000000000000000
[ 526.548193] x11: 0000000000000001 x10: ffff000009b0be88
[ 526.553493] x9 : 0000000000000000 x8 : 0000000000000005
[ 526.558793] x7 : ffff80befc1f8528 x6 : 0000000000000020
[ 526.564092] x5 : 0000000000000040 x4 : 0000000020001b20
[ 526.569392] x3 : 0000000000000000 x2 : ffff809eeb466a40
[ 526.574692] x1 : ffff000006923090 x0 : ffff809eeb466a40
[ 526.579992] Process swapper/125 (pid: 0, stack limit = 0x000000002eb50acc)
[ 526.586854] Call trace:
[ 526.589289] 0xffff000006923090
[ 526.592419] expire_timers+0xc8/0x130
[ 526.596070] run_timer_softirq+0xec/0x1b0
[ 526.600070] __do_softirq+0x134/0x328
[ 526.603726] irq_exit+0xc8/0xe0
[ 526.606857] __handle_domain_irq+0x6c/0xc0
[ 526.610941] gic_handle_irq+0x84/0x188
[ 526.614679] el1_irq+0xe8/0x180
[ 526.617822] cpuidle_enter_state+0xa0/0x328
[ 526.621993] cpuidle_enter+0x34/0x48
[ 526.625564] call_cpuidle+0x44/0x70
[ 526.629040] do_idle+0x1b8/0x1f0
[ 526.632256] cpu_startup_entry+0x2c/0x30
[ 526.636174] secondary_start_kernel+0x11c/0x130
[ 526.640694] Code: bad PC value
[ 526.643800] ---[ end trace d020b0b8417c2498 ]---
[ 526.648404] Kernel panic - not syncing: Fatal exception in interrupt
[ 526.654778] SMP: stopping secondary CPUs
[ 526.658734] Kernel Offset: disabled
[ 526.662211] CPU features: 0x5800c38
[ 526.665688] Memory Limit: none
[ 526.668768] ---[ end Kernel panic - not syncing: Fatal exception in interrupt
Prevent mod_timer from arming a timer that was already removed by
del_timer during module unload.
Signed-off-by: Jan Glauber <jglauber@cavium.com>
Cc: <stable@vger.kernel.org> # 3.19
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/char/ipmi/ipmi_ssif.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
--- a/drivers/char/ipmi/ipmi_ssif.c
+++ b/drivers/char/ipmi/ipmi_ssif.c
@@ -606,8 +606,9 @@ static void msg_done_handler(struct ssif
flags = ipmi_ssif_lock_cond(ssif_info, &oflags);
ssif_info->waiting_alert = true;
ssif_info->rtc_us_timer = SSIF_MSG_USEC;
- mod_timer(&ssif_info->retry_timer,
- jiffies + SSIF_MSG_JIFFIES);
+ if (!ssif_info->stopping)
+ mod_timer(&ssif_info->retry_timer,
+ jiffies + SSIF_MSG_JIFFIES);
ipmi_ssif_unlock_cond(ssif_info, flags);
return;
}
@@ -939,8 +940,9 @@ static void msg_written_handler(struct s
ssif_info->waiting_alert = true;
ssif_info->retries_left = SSIF_RECV_RETRIES;
ssif_info->rtc_us_timer = SSIF_MSG_PART_USEC;
- mod_timer(&ssif_info->retry_timer,
- jiffies + SSIF_MSG_PART_JIFFIES);
+ if (!ssif_info->stopping)
+ mod_timer(&ssif_info->retry_timer,
+ jiffies + SSIF_MSG_PART_JIFFIES);
ipmi_ssif_unlock_cond(ssif_info, flags);
}
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 030/361] mailbox: PCC: handle parse error
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (28 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 029/361] ipmi: Fix timer race with module unload Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 031/361] parisc: Fix address in HPMC IVA Greg Kroah-Hartman
` (333 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David Arcari, Al Stone, Rafael J. Wysocki
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Arcari <darcari@redhat.com>
commit afd0b1fb22269f48d68fdf269891c653818c8047 upstream.
acpi_pcc_probe() calls acpi_table_parse_entries_array() but fails
to check for an error return. This in turn can result in calling
kcalloc() with a negative count as well as emitting the following
misleading erorr message:
[ 2.642015] Could not allocate space for PCC mbox channels
Fixes: 8f8027c5f935 (mailbox: PCC: erroneous error message when parsing ACPI PCCT)
Signed-off-by: David Arcari <darcari@redhat.com>
Reviewed-by: Al Stone <ahs3@redhat.com>
Cc: 4.18+ <stable@vger.kernel.org> # 4.18+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mailbox/pcc.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--- a/drivers/mailbox/pcc.c
+++ b/drivers/mailbox/pcc.c
@@ -461,8 +461,11 @@ static int __init acpi_pcc_probe(void)
count = acpi_table_parse_entries_array(ACPI_SIG_PCCT,
sizeof(struct acpi_table_pcct), proc,
ACPI_PCCT_TYPE_RESERVED, MAX_PCC_SUBSPACES);
- if (count == 0 || count > MAX_PCC_SUBSPACES) {
- pr_warn("Invalid PCCT: %d PCC subspaces\n", count);
+ if (count <= 0 || count > MAX_PCC_SUBSPACES) {
+ if (count < 0)
+ pr_warn("Error parsing PCC subspaces from PCCT\n");
+ else
+ pr_warn("Invalid PCCT: %d PCC subspaces\n", count);
return -EINVAL;
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 031/361] parisc: Fix address in HPMC IVA
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (29 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 030/361] mailbox: PCC: handle parse error Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 032/361] parisc: Fix map_pages() to not overwrite existing pte entries Greg Kroah-Hartman
` (332 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, John David Anglin, Helge Deller
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: John David Anglin <dave.anglin@bell.net>
commit 1138b6718ff74d2a934459643e3754423d23b5e2 upstream.
Helge noticed that the address of the os_hpmc handler was not being
correctly calculated in the hpmc macro. As a result, PDCE_CHECK would
fail to call os_hpmc:
<Cpu2> e800009802e00000 0000000000000000 CC_ERR_CHECK_HPMC
<Cpu2> 37000f7302e00000 8040004000000000 CC_ERR_CPU_CHECK_SUMMARY
<Cpu2> f600105e02e00000 fffffff0f0c00000 CC_MC_HPMC_MONARCH_SELECTED
<Cpu2> 140003b202e00000 000000000000000b CC_ERR_HPMC_STATE_ENTRY
<Cpu2> 5600100b02e00000 00000000000001a0 CC_MC_OS_HPMC_LEN_ERR
<Cpu2> 5600106402e00000 fffffff0f0438e70 CC_MC_BR_TO_OS_HPMC_FAILED
<Cpu2> e800009802e00000 0000000000000000 CC_ERR_CHECK_HPMC
<Cpu2> 37000f7302e00000 8040004000000000 CC_ERR_CPU_CHECK_SUMMARY
<Cpu2> 4000109f02e00000 0000000000000000 CC_MC_HPMC_INITIATED
<Cpu2> 4000101902e00000 0000000000000000 CC_MC_MULTIPLE_HPMCS
<Cpu2> 030010d502e00000 0000000000000000 CC_CPU_STOP
The address problem can be seen by dumping the fault vector:
0000000040159000 <fault_vector_20>:
40159000: 63 6f 77 73 stb r15,-2447(dp)
40159004: 20 63 61 6e ldil L%b747000,r3
40159008: 20 66 6c 79 ldil L%-1c3b3000,r3
...
40159020: 08 00 02 40 nop
40159024: 20 6e 60 02 ldil L%15d000,r3
40159028: 34 63 00 00 ldo 0(r3),r3
4015902c: e8 60 c0 02 bv,n r0(r3)
40159030: 08 00 02 40 nop
40159034: 00 00 00 00 break 0,0
40159038: c0 00 70 00 bb,*< r0,sar,40159840 <fault_vector_20+0x840>
4015903c: 00 00 00 00 break 0,0
Location 40159038 should contain the physical address of os_hpmc:
000000004015d000 <os_hpmc>:
4015d000: 08 1a 02 43 copy r26,r3
4015d004: 01 c0 08 a4 mfctl iva,r4
4015d008: 48 85 00 68 ldw 34(r4),r5
This patch moves the address setup into initialize_ivt to resolve the
above problem. I tested the change by dumping the HPMC entry after setup:
0000000040209020: 8000240
0000000040209024: 206a2004
0000000040209028: 34630ac0
000000004020902c: e860c002
0000000040209030: 8000240
0000000040209034: 1bdddce6
0000000040209038: 15d000
000000004020903c: 1a0
Signed-off-by: John David Anglin <dave.anglin@bell.net>
Cc: <stable@vger.kernel.org>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/parisc/kernel/entry.S | 2 +-
arch/parisc/kernel/traps.c | 3 ++-
2 files changed, 3 insertions(+), 2 deletions(-)
--- a/arch/parisc/kernel/entry.S
+++ b/arch/parisc/kernel/entry.S
@@ -186,7 +186,7 @@
bv,n 0(%r3)
nop
.word 0 /* checksum (will be patched) */
- .word PA(os_hpmc) /* address of handler */
+ .word 0 /* address of handler */
.word 0 /* length of handler */
.endm
--- a/arch/parisc/kernel/traps.c
+++ b/arch/parisc/kernel/traps.c
@@ -802,7 +802,8 @@ void __init initialize_ivt(const void *i
* the Length/4 words starting at Address is zero.
*/
- /* Compute Checksum for HPMC handler */
+ /* Setup IVA and compute checksum for HPMC handler */
+ ivap[6] = (u32)__pa(os_hpmc);
length = os_hpmc_size;
ivap[7] = length;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 032/361] parisc: Fix map_pages() to not overwrite existing pte entries
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (30 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 031/361] parisc: Fix address in HPMC IVA Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 033/361] parisc: Fix exported address of os_hpmc handler Greg Kroah-Hartman
` (331 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Helge Deller
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Helge Deller <deller@gmx.de>
commit 3c229b3f2dd8133f61bb81d3cb018be92f4bba39 upstream.
Fix a long-existing small nasty bug in the map_pages() implementation which
leads to overwriting already written pte entries with zero, *if* map_pages() is
called a second time with an end address which isn't aligned on a pmd boundry.
This happens for example if we want to remap only the text segment read/write
in order to run alternative patching on the code. Exiting the loop when we
reach the end address fixes this.
Cc: stable@vger.kernel.org
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/parisc/mm/init.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
--- a/arch/parisc/mm/init.c
+++ b/arch/parisc/mm/init.c
@@ -494,12 +494,8 @@ static void __init map_pages(unsigned lo
pte = pte_mkhuge(pte);
}
- if (address >= end_paddr) {
- if (force)
- break;
- else
- pte_val(pte) = 0;
- }
+ if (address >= end_paddr)
+ break;
set_pte(pg_table, pte);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 033/361] parisc: Fix exported address of os_hpmc handler
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (31 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 032/361] parisc: Fix map_pages() to not overwrite existing pte entries Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 034/361] ALSA: hda - Add quirk for ASUS G751 laptop Greg Kroah-Hartman
` (330 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Helge Deller
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Helge Deller <deller@gmx.de>
commit 99a3ae51d557d8e38a7aece65678a31f9db215ee upstream.
In the C-code we need to put the physical address of the hpmc handler in
the interrupt vector table (IVA) in order to get HPMCs working. Since
on parisc64 function pointers are indirect (in fact they are function
descriptors) we instead export the address as variable and not as
function.
This reverts a small part of commit f39cce654f9a ("parisc: Add
cfi_startproc and cfi_endproc to assembly code").
Signed-off-by: Helge Deller <deller@gmx.de>
Cc: <stable@vger.kernel.org> [4.9+]
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/parisc/kernel/hpmc.S | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/arch/parisc/kernel/hpmc.S
+++ b/arch/parisc/kernel/hpmc.S
@@ -85,7 +85,7 @@ END(hpmc_pim_data)
.import intr_save, code
.align 16
-ENTRY_CFI(os_hpmc)
+ENTRY(os_hpmc)
.os_hpmc:
/*
@@ -302,7 +302,6 @@ os_hpmc_6:
b .
nop
.align 16 /* make function length multiple of 16 bytes */
-ENDPROC_CFI(os_hpmc)
.os_hpmc_end:
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 034/361] ALSA: hda - Add quirk for ASUS G751 laptop
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (32 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 033/361] parisc: Fix exported address of os_hpmc handler Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 035/361] ALSA: hda - Fix headphone pin config for ASUS G751 Greg Kroah-Hartman
` (329 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Iwai <tiwai@suse.de>
commit 11ba6111160290ccd35562f4e05cec08942a6c4c upstream.
ASUS G751 requires the extra COEF initialization to make it microphone
working properly.
Reported-and-tested-by: Håvard <hovardslill@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 10 ++++++++++
1 file changed, 10 insertions(+)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -7738,6 +7738,7 @@ enum {
ALC662_FIXUP_ASUS_Nx50,
ALC668_FIXUP_ASUS_Nx51_HEADSET_MODE,
ALC668_FIXUP_ASUS_Nx51,
+ ALC668_FIXUP_ASUS_G751,
ALC891_FIXUP_HEADSET_MODE,
ALC891_FIXUP_DELL_MIC_NO_PRESENCE,
ALC662_FIXUP_ACER_VERITON,
@@ -8007,6 +8008,14 @@ static const struct hda_fixup alc662_fix
.chained = true,
.chain_id = ALC668_FIXUP_ASUS_Nx51_HEADSET_MODE,
},
+ [ALC668_FIXUP_ASUS_G751] = {
+ .type = HDA_FIXUP_VERBS,
+ .v.verbs = (const struct hda_verb[]) {
+ { 0x20, AC_VERB_SET_COEF_INDEX, 0xc3 },
+ { 0x20, AC_VERB_SET_PROC_COEF, 0x4000 },
+ {}
+ },
+ },
[ALC891_FIXUP_HEADSET_MODE] = {
.type = HDA_FIXUP_FUNC,
.v.func = alc_fixup_headset_mode,
@@ -8080,6 +8089,7 @@ static const struct snd_pci_quirk alc662
SND_PCI_QUIRK(0x1043, 0x11cd, "Asus N550", ALC662_FIXUP_ASUS_Nx50),
SND_PCI_QUIRK(0x1043, 0x13df, "Asus N550JX", ALC662_FIXUP_BASS_1A),
SND_PCI_QUIRK(0x1043, 0x129d, "Asus N750", ALC662_FIXUP_ASUS_Nx50),
+ SND_PCI_QUIRK(0x1043, 0x12ff, "ASUS G751", ALC668_FIXUP_ASUS_G751),
SND_PCI_QUIRK(0x1043, 0x1477, "ASUS N56VZ", ALC662_FIXUP_BASS_MODE4_CHMAP),
SND_PCI_QUIRK(0x1043, 0x15a7, "ASUS UX51VZH", ALC662_FIXUP_BASS_16),
SND_PCI_QUIRK(0x1043, 0x177d, "ASUS N551", ALC668_FIXUP_ASUS_Nx51),
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 035/361] ALSA: hda - Fix headphone pin config for ASUS G751
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (33 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 034/361] ALSA: hda - Add quirk for ASUS G751 laptop Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 036/361] ALSA: hda/realtek - Fix the problem of the front MIC on the Lenovo M715 Greg Kroah-Hartman
` (328 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Håvard, Takashi Iwai
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Iwai <tiwai@suse.de>
commit 5b7c5e1f4c36b99d0f694f38b9ad910f520cb7ef upstream.
BIOS on ASUS G751 doesn't seem to map the headphone pin (NID 0x16)
correctly. Add a quirk to address it, as well as chaining to the
previous fix for the microphone.
Reported-by: Håvard <hovardslill@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -7738,6 +7738,7 @@ enum {
ALC662_FIXUP_ASUS_Nx50,
ALC668_FIXUP_ASUS_Nx51_HEADSET_MODE,
ALC668_FIXUP_ASUS_Nx51,
+ ALC668_FIXUP_MIC_COEF,
ALC668_FIXUP_ASUS_G751,
ALC891_FIXUP_HEADSET_MODE,
ALC891_FIXUP_DELL_MIC_NO_PRESENCE,
@@ -8008,7 +8009,7 @@ static const struct hda_fixup alc662_fix
.chained = true,
.chain_id = ALC668_FIXUP_ASUS_Nx51_HEADSET_MODE,
},
- [ALC668_FIXUP_ASUS_G751] = {
+ [ALC668_FIXUP_MIC_COEF] = {
.type = HDA_FIXUP_VERBS,
.v.verbs = (const struct hda_verb[]) {
{ 0x20, AC_VERB_SET_COEF_INDEX, 0xc3 },
@@ -8016,6 +8017,15 @@ static const struct hda_fixup alc662_fix
{}
},
},
+ [ALC668_FIXUP_ASUS_G751] = {
+ .type = HDA_FIXUP_PINS,
+ .v.pins = (const struct hda_pintbl[]) {
+ { 0x16, 0x0421101f }, /* HP */
+ {}
+ },
+ .chained = true,
+ .chain_id = ALC668_FIXUP_MIC_COEF
+ },
[ALC891_FIXUP_HEADSET_MODE] = {
.type = HDA_FIXUP_FUNC,
.v.func = alc_fixup_headset_mode,
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 036/361] ALSA: hda/realtek - Fix the problem of the front MIC on the Lenovo M715
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (34 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 035/361] ALSA: hda - Fix headphone pin config for ASUS G751 Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 037/361] ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905) Greg Kroah-Hartman
` (327 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Hui Wang, Takashi Iwai
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hui Wang <hui.wang@canonical.com>
commit d06fb562bff5d14defdacbd92449bacbaedd5cdf upstream.
The front MIC on the Lenovo M715 can't record sound, after applying
the ALC294_FIXUP_LENOVO_MIC_LOCATION, the problem is fixed. So add
the pin configuration of this machine to the pin quirk table.
Cc: <stable@vger.kernel.org>
Signed-off-by: Hui Wang <hui.wang@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -6843,6 +6843,12 @@ static const struct snd_hda_pin_quirk al
{0x21, 0x0221101f}),
SND_HDA_PIN_QUIRK(0x10ec0235, 0x17aa, "Lenovo", ALC294_FIXUP_LENOVO_MIC_LOCATION,
{0x14, 0x90170110},
+ {0x19, 0x02a11030},
+ {0x1a, 0x02a11040},
+ {0x1b, 0x01011020},
+ {0x21, 0x0221101f}),
+ SND_HDA_PIN_QUIRK(0x10ec0235, 0x17aa, "Lenovo", ALC294_FIXUP_LENOVO_MIC_LOCATION,
+ {0x14, 0x90170110},
{0x19, 0x02a11020},
{0x1a, 0x02a11030},
{0x21, 0x0221101f}),
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 037/361] ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905)
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (35 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 036/361] ALSA: hda/realtek - Fix the problem of the front MIC on the Lenovo M715 Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 038/361] ALSA: hda: Add 2 more models to the power_save blacklist Greg Kroah-Hartman
` (326 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexander Ploumistos, Jeremy Cline,
Takashi Iwai
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jeremy Cline <jcline@redhat.com>
commit e7bb6ad5685f05685dd8a6a5eda7bfcd14d5f95b upstream.
The Lenovo G50-30, like other G50 models, has a Conexant codec that
requires a quirk for its inverted stereo dmic.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1249364
Reported-by: Alexander Ploumistos <alex.ploumistos@gmail.com>
Tested-by: Alexander Ploumistos <alex.ploumistos@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Jeremy Cline <jcline@redhat.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_conexant.c | 1 +
1 file changed, 1 insertion(+)
--- a/sound/pci/hda/patch_conexant.c
+++ b/sound/pci/hda/patch_conexant.c
@@ -943,6 +943,7 @@ static const struct snd_pci_quirk cxt506
SND_PCI_QUIRK(0x17aa, 0x21da, "Lenovo X220", CXT_PINCFG_LENOVO_TP410),
SND_PCI_QUIRK(0x17aa, 0x21db, "Lenovo X220-tablet", CXT_PINCFG_LENOVO_TP410),
SND_PCI_QUIRK(0x17aa, 0x38af, "Lenovo IdeaPad Z560", CXT_FIXUP_MUTE_LED_EAPD),
+ SND_PCI_QUIRK(0x17aa, 0x3905, "Lenovo G50-30", CXT_FIXUP_STEREO_DMIC),
SND_PCI_QUIRK(0x17aa, 0x390b, "Lenovo G50-80", CXT_FIXUP_STEREO_DMIC),
SND_PCI_QUIRK(0x17aa, 0x3975, "Lenovo U300s", CXT_FIXUP_STEREO_DMIC),
SND_PCI_QUIRK(0x17aa, 0x3977, "Lenovo IdeaPad U310", CXT_FIXUP_STEREO_DMIC),
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 038/361] ALSA: hda: Add 2 more models to the power_save blacklist
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (36 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 037/361] ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905) Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 039/361] ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops Greg Kroah-Hartman
` (325 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Hans de Goede, Takashi Iwai
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans de Goede <hdegoede@redhat.com>
commit 5cb6b5fc013ee711d19bfc4e9deb8d6ae80741db upstream.
Power-saving is causing plops on audio start/stop on Dell Precision T3600
laptops and Intel DZ77BH boards, add these to the power_save blacklist.
BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1525104
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/hda_intel.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/sound/pci/hda/hda_intel.c
+++ b/sound/pci/hda/hda_intel.c
@@ -2257,8 +2257,12 @@ static struct snd_pci_quirk power_save_b
/* https://bugzilla.redhat.com/show_bug.cgi?id=1581607 */
SND_PCI_QUIRK(0x1558, 0x3501, "Clevo W35xSS_370SS", 0),
/* https://bugzilla.redhat.com/show_bug.cgi?id=1525104 */
+ SND_PCI_QUIRK(0x1028, 0x0497, "Dell Precision T3600", 0),
+ /* https://bugzilla.redhat.com/show_bug.cgi?id=1525104 */
/* Note the P55A-UD3 and Z87-D3HP share the subsys id for the HDA dev */
SND_PCI_QUIRK(0x1458, 0xa002, "Gigabyte P55A-UD3 / Z87-D3HP", 0),
+ /* https://bugzilla.redhat.com/show_bug.cgi?id=1525104 */
+ SND_PCI_QUIRK(0x8086, 0x2040, "Intel DZ77BH-55K", 0),
/* https://bugzilla.kernel.org/show_bug.cgi?id=199607 */
SND_PCI_QUIRK(0x8086, 0x2057, "Intel NUC5i7RYB", 0),
/* https://bugzilla.redhat.com/show_bug.cgi?id=1520902 */
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 039/361] ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (37 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 038/361] ALSA: hda: Add 2 more models to the power_save blacklist Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 040/361] ALSA: hda - Fix incorrect clearance of thinkpad_acpi hooks Greg Kroah-Hartman
` (324 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alex Stanoev, Takashi Iwai
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alex Stanoev <alex@astanoev.com>
commit ac237c28d5ac1b241d58b1b7b4b9fa10efb22fb5 upstream.
The Creative Audigy SE (SB0570) card currently exhibits an audible pop
whenever playback is stopped or resumed, or during silent periods of an
audio stream. Initialise the IZD bit to the 0 to eliminate these pops.
The Infinite Zero Detection (IZD) feature on the DAC causes the output
to be shunted to Vcap after 2048 samples of silence. This discharges the
AC coupling capacitor through the output and causes the aforementioned
pop/click noise.
The behaviour of the IZD bit is described on page 15 of the WM8768GEDS
datasheet: "With IZD=1, applying MUTE for 1024 consecutive input samples
will cause all outputs to be connected directly to VCAP. This also
happens if 2048 consecutive zero input samples are applied to all 6
channels, and IZD=0. It will be removed as soon as any channel receives
a non-zero input". I believe the second sentence might be referring to
IZD=1 instead of IZD=0 given the observed behaviour of the card.
This change should make the DAC initialisation consistent with
Creative's Windows driver, as this popping persists when initialising
the card in Linux and soft rebooting into Windows, but is not present on
a cold boot to Windows.
Signed-off-by: Alex Stanoev <alex@astanoev.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/ca0106/ca0106.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/sound/pci/ca0106/ca0106.h
+++ b/sound/pci/ca0106/ca0106.h
@@ -582,7 +582,7 @@
#define SPI_PL_BIT_R_R (2<<7) /* right channel = right */
#define SPI_PL_BIT_R_C (3<<7) /* right channel = (L+R)/2 */
#define SPI_IZD_REG 2
-#define SPI_IZD_BIT (1<<4) /* infinite zero detect */
+#define SPI_IZD_BIT (0<<4) /* infinite zero detect */
#define SPI_FMT_REG 3
#define SPI_FMT_BIT_RJ (0<<0) /* right justified mode */
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 040/361] ALSA: hda - Fix incorrect clearance of thinkpad_acpi hooks
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (38 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 039/361] ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 041/361] x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation Greg Kroah-Hartman
` (323 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Iwai <tiwai@suse.de>
commit 5e93a125f521efd00d71af31c2a301f3d46af48c upstream.
Since the commit c647f806b8c2 ("ALSA: hda - Allow multiple ADCs for
mic mute LED controls") we allow enabling the mic mute LED with
multiple ADCs. The commit changed the function return value to be
zero or a negative error, while this change was overlooked in the
thinkpad_acpi helper code where it still expects a positive return
value for success. This eventually leads to a NULL dereference on a
system that has only a mic mute LED.
This patch corrects the return value check in the corresponding code
as well.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=201621
Fixes: c647f806b8c2 ("ALSA: hda - Allow multiple ADCs for mic mute LED controls")
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/thinkpad_helper.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/sound/pci/hda/thinkpad_helper.c
+++ b/sound/pci/hda/thinkpad_helper.c
@@ -58,8 +58,8 @@ static void hda_fixup_thinkpad_acpi(stru
removefunc = false;
}
if (led_set_func(TPACPI_LED_MICMUTE, false) >= 0 &&
- snd_hda_gen_add_micmute_led(codec,
- update_tpacpi_micmute) > 0)
+ !snd_hda_gen_add_micmute_led(codec,
+ update_tpacpi_micmute))
removefunc = false;
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 041/361] x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (39 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 040/361] ALSA: hda - Fix incorrect clearance of thinkpad_acpi hooks Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-21 13:21 ` Jiri Kosina
2018-11-11 22:16 ` [PATCH 4.19 042/361] x86/xen: Fix boot loader version reported for PVH guests Greg Kroah-Hartman
` (322 subsequent siblings)
363 siblings, 1 reply; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiri Kosina, Thomas Gleixner,
Peter Zijlstra, Josh Poimboeuf, Andrea Arcangeli, WoodhouseDavid,
Andi Kleen, Tim Chen, SchauflerCasey
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiri Kosina <jkosina@suse.cz>
commit 53c613fe6349994f023245519265999eed75957f upstream.
STIBP is a feature provided by certain Intel ucodes / CPUs. This feature
(once enabled) prevents cross-hyperthread control of decisions made by
indirect branch predictors.
Enable this feature if
- the CPU is vulnerable to spectre v2
- the CPU supports SMT and has SMT siblings online
- spectre_v2 mitigation autoselection is enabled (default)
After some previous discussion, this leaves STIBP on all the time, as wrmsr
on crossing kernel boundary is a no-no. This could perhaps later be a bit
more optimized (like disabling it in NOHZ, experiment with disabling it in
idle, etc) if needed.
Note that the synchronization of the mask manipulation via newly added
spec_ctrl_mutex is currently not strictly needed, as the only updater is
already being serialized by cpu_add_remove_lock, but let's make this a
little bit more future-proof.
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: "WoodhouseDavid" <dwmw@amazon.co.uk>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Tim Chen <tim.c.chen@linux.intel.com>
Cc: "SchauflerCasey" <casey.schaufler@intel.com>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/nycvar.YFH.7.76.1809251438240.15880@cbobk.fhfr.pm
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/cpu/bugs.c | 57 ++++++++++++++++++++++++++++++++++++++++-----
kernel/cpu.c | 11 +++++++-
2 files changed, 61 insertions(+), 7 deletions(-)
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -35,12 +35,10 @@ static void __init spectre_v2_select_mit
static void __init ssb_select_mitigation(void);
static void __init l1tf_select_mitigation(void);
-/*
- * Our boot-time value of the SPEC_CTRL MSR. We read it once so that any
- * writes to SPEC_CTRL contain whatever reserved bits have been set.
- */
-u64 __ro_after_init x86_spec_ctrl_base;
+/* The base value of the SPEC_CTRL MSR that always has to be preserved. */
+u64 x86_spec_ctrl_base;
EXPORT_SYMBOL_GPL(x86_spec_ctrl_base);
+static DEFINE_MUTEX(spec_ctrl_mutex);
/*
* The vendor and possibly platform specific bits which can be modified in
@@ -325,6 +323,46 @@ static enum spectre_v2_mitigation_cmd __
return cmd;
}
+static bool stibp_needed(void)
+{
+ if (spectre_v2_enabled == SPECTRE_V2_NONE)
+ return false;
+
+ if (!boot_cpu_has(X86_FEATURE_STIBP))
+ return false;
+
+ return true;
+}
+
+static void update_stibp_msr(void *info)
+{
+ wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base);
+}
+
+void arch_smt_update(void)
+{
+ u64 mask;
+
+ if (!stibp_needed())
+ return;
+
+ mutex_lock(&spec_ctrl_mutex);
+ mask = x86_spec_ctrl_base;
+ if (cpu_smt_control == CPU_SMT_ENABLED)
+ mask |= SPEC_CTRL_STIBP;
+ else
+ mask &= ~SPEC_CTRL_STIBP;
+
+ if (mask != x86_spec_ctrl_base) {
+ pr_info("Spectre v2 cross-process SMT mitigation: %s STIBP\n",
+ cpu_smt_control == CPU_SMT_ENABLED ?
+ "Enabling" : "Disabling");
+ x86_spec_ctrl_base = mask;
+ on_each_cpu(update_stibp_msr, NULL, 1);
+ }
+ mutex_unlock(&spec_ctrl_mutex);
+}
+
static void __init spectre_v2_select_mitigation(void)
{
enum spectre_v2_mitigation_cmd cmd = spectre_v2_parse_cmdline();
@@ -424,6 +462,9 @@ specv2_set_mode:
setup_force_cpu_cap(X86_FEATURE_USE_IBRS_FW);
pr_info("Enabling Restricted Speculation for firmware calls\n");
}
+
+ /* Enable STIBP if appropriate */
+ arch_smt_update();
}
#undef pr_fmt
@@ -814,6 +855,8 @@ static ssize_t l1tf_show_state(char *buf
static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr,
char *buf, unsigned int bug)
{
+ int ret;
+
if (!boot_cpu_has_bug(bug))
return sprintf(buf, "Not affected\n");
@@ -831,10 +874,12 @@ static ssize_t cpu_show_common(struct de
return sprintf(buf, "Mitigation: __user pointer sanitization\n");
case X86_BUG_SPECTRE_V2:
- return sprintf(buf, "%s%s%s%s\n", spectre_v2_strings[spectre_v2_enabled],
+ ret = sprintf(buf, "%s%s%s%s%s\n", spectre_v2_strings[spectre_v2_enabled],
boot_cpu_has(X86_FEATURE_USE_IBPB) ? ", IBPB" : "",
boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : "",
+ (x86_spec_ctrl_base & SPEC_CTRL_STIBP) ? ", STIBP" : "",
spectre_v2_module_string());
+ return ret;
case X86_BUG_SPEC_STORE_BYPASS:
return sprintf(buf, "%s\n", ssb_strings[ssb_mode]);
--- a/kernel/cpu.c
+++ b/kernel/cpu.c
@@ -2026,6 +2026,12 @@ static void cpuhp_online_cpu_device(unsi
kobject_uevent(&dev->kobj, KOBJ_ONLINE);
}
+/*
+ * Architectures that need SMT-specific errata handling during SMT hotplug
+ * should override this.
+ */
+void __weak arch_smt_update(void) { };
+
static int cpuhp_smt_disable(enum cpuhp_smt_control ctrlval)
{
int cpu, ret = 0;
@@ -2052,8 +2058,10 @@ static int cpuhp_smt_disable(enum cpuhp_
*/
cpuhp_offline_cpu_device(cpu);
}
- if (!ret)
+ if (!ret) {
cpu_smt_control = ctrlval;
+ arch_smt_update();
+ }
cpu_maps_update_done();
return ret;
}
@@ -2064,6 +2072,7 @@ static int cpuhp_smt_enable(void)
cpu_maps_update_begin();
cpu_smt_control = CPU_SMT_ENABLED;
+ arch_smt_update();
for_each_present_cpu(cpu) {
/* Skip online CPUs and CPUs on offline nodes */
if (cpu_online(cpu) || !node_online(cpu_to_node(cpu)))
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 042/361] x86/xen: Fix boot loader version reported for PVH guests
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (40 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 041/361] x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 043/361] x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided Greg Kroah-Hartman
` (321 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Juergen Gross, Linus Torvalds,
Peter Zijlstra, Thomas Gleixner, boris.ostrovsky, bp, corbet,
linux-doc, xen-devel, Ingo Molnar
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Juergen Gross <jgross@suse.com>
commit 357d291ce035d1b757568058f3c9898c60d125b1 upstream.
The boot loader version reported via sysfs is wrong in case of the
kernel being booted via the Xen PVH boot entry. it should be 2.12
(0x020c), but it is reported to be 2.18 (0x0212).
As the current way to set the version is error prone use the more
readable variant (2 << 8) | 12.
Signed-off-by: Juergen Gross <jgross@suse.com>
Cc: <stable@vger.kernel.org> # 4.12
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: boris.ostrovsky@oracle.com
Cc: bp@alien8.de
Cc: corbet@lwn.net
Cc: linux-doc@vger.kernel.org
Cc: xen-devel@lists.xenproject.org
Link: http://lkml.kernel.org/r/20181010061456.22238-2-jgross@suse.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/xen/enlighten_pvh.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/x86/xen/enlighten_pvh.c
+++ b/arch/x86/xen/enlighten_pvh.c
@@ -75,7 +75,7 @@ static void __init init_pvh_bootparams(v
* Version 2.12 supports Xen entry point but we will use default x86/PC
* environment (i.e. hardware_subarch 0).
*/
- pvh_bootparams.hdr.version = 0x212;
+ pvh_bootparams.hdr.version = (2 << 8) | 12;
pvh_bootparams.hdr.type_of_loader = (9 << 4) | 0; /* Xen loader */
x86_init.acpi.get_root_pointer = pvh_get_root_pointer;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 043/361] x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (41 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 042/361] x86/xen: Fix boot loader version reported for PVH guests Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 044/361] x86/kvm/nVMX: allow bare VMXON state migration Greg Kroah-Hartman
` (320 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, He Zhe, Linus Torvalds,
Peter Zijlstra, Thomas Gleixner, kstewart, pombredanne,
Ingo Molnar
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: He Zhe <zhe.he@windriver.com>
commit ccde460b9ae5c2bd5e4742af0a7f623c2daad566 upstream.
memory_corruption_check[{_period|_size}]()'s handlers do not check input
argument before passing it to kstrtoul() or simple_strtoull(). The argument
would be a NULL pointer if each of the kernel parameters, without its
value, is set in command line and thus cause the following panic.
PANIC: early exception 0xe3 IP 10:ffffffff73587c22 error 0 cr2 0x0
[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 4.18-rc8+ #2
[ 0.000000] RIP: 0010:kstrtoull+0x2/0x10
...
[ 0.000000] Call Trace
[ 0.000000] ? set_corruption_check+0x21/0x49
[ 0.000000] ? do_early_param+0x4d/0x82
[ 0.000000] ? parse_args+0x212/0x330
[ 0.000000] ? rdinit_setup+0x26/0x26
[ 0.000000] ? parse_early_options+0x20/0x23
[ 0.000000] ? rdinit_setup+0x26/0x26
[ 0.000000] ? parse_early_param+0x2d/0x39
[ 0.000000] ? setup_arch+0x2f7/0xbf4
[ 0.000000] ? start_kernel+0x5e/0x4c2
[ 0.000000] ? load_ucode_bsp+0x113/0x12f
[ 0.000000] ? secondary_startup_64+0xa5/0xb0
This patch adds checks to prevent the panic.
Signed-off-by: He Zhe <zhe.he@windriver.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: gregkh@linuxfoundation.org
Cc: kstewart@linuxfoundation.org
Cc: pombredanne@nexb.com
Cc: stable@vger.kernel.org
Link: http://lkml.kernel.org/r/1534260823-87917-1-git-send-email-zhe.he@windriver.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/check.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
--- a/arch/x86/kernel/check.c
+++ b/arch/x86/kernel/check.c
@@ -31,6 +31,11 @@ static __init int set_corruption_check(c
ssize_t ret;
unsigned long val;
+ if (!arg) {
+ pr_err("memory_corruption_check config string not provided\n");
+ return -EINVAL;
+ }
+
ret = kstrtoul(arg, 10, &val);
if (ret)
return ret;
@@ -45,6 +50,11 @@ static __init int set_corruption_check_p
ssize_t ret;
unsigned long val;
+ if (!arg) {
+ pr_err("memory_corruption_check_period config string not provided\n");
+ return -EINVAL;
+ }
+
ret = kstrtoul(arg, 10, &val);
if (ret)
return ret;
@@ -59,6 +69,11 @@ static __init int set_corruption_check_s
char *end;
unsigned size;
+ if (!arg) {
+ pr_err("memory_corruption_check_size config string not provided\n");
+ return -EINVAL;
+ }
+
size = memparse(arg, &end);
if (*end == '\0')
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 044/361] x86/kvm/nVMX: allow bare VMXON state migration
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (42 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 043/361] x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 045/361] x86/mm/pat: Disable preemption around __flush_tlb_all() Greg Kroah-Hartman
` (319 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Vitaly Kuznetsov, Paolo Bonzini
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vitaly Kuznetsov <vkuznets@redhat.com>
commit a1b0c1c64dfef0cff8555bb708bfc5d7c66c6ca4 upstream.
It is perfectly valid for a guest to do VMXON and not do VMPTRLD. This
state needs to be preserved on migration.
Cc: stable@vger.kernel.org
Fixes: 8fcc4b5923af5de58b80b53a069453b135693304
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/vmx.c | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -14010,13 +14010,6 @@ static int vmx_set_nested_state(struct k
if (!page_address_valid(vcpu, kvm_state->vmx.vmxon_pa))
return -EINVAL;
- if (kvm_state->size < sizeof(kvm_state) + sizeof(*vmcs12))
- return -EINVAL;
-
- if (kvm_state->vmx.vmcs_pa == kvm_state->vmx.vmxon_pa ||
- !page_address_valid(vcpu, kvm_state->vmx.vmcs_pa))
- return -EINVAL;
-
if ((kvm_state->vmx.smm.flags & KVM_STATE_NESTED_SMM_GUEST_MODE) &&
(kvm_state->flags & KVM_STATE_NESTED_GUEST_MODE))
return -EINVAL;
@@ -14046,6 +14039,14 @@ static int vmx_set_nested_state(struct k
if (ret)
return ret;
+ /* Empty 'VMXON' state is permitted */
+ if (kvm_state->size < sizeof(kvm_state) + sizeof(*vmcs12))
+ return 0;
+
+ if (kvm_state->vmx.vmcs_pa == kvm_state->vmx.vmxon_pa ||
+ !page_address_valid(vcpu, kvm_state->vmx.vmcs_pa))
+ return -EINVAL;
+
set_current_vmptr(vmx, kvm_state->vmx.vmcs_pa);
if (kvm_state->vmx.smm.flags & KVM_STATE_NESTED_SMM_VMXON) {
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 045/361] x86/mm/pat: Disable preemption around __flush_tlb_all()
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (43 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 044/361] x86/kvm/nVMX: allow bare VMXON state migration Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 046/361] x86/numa_emulation: Fix uniform-split numa emulation Greg Kroah-Hartman
` (318 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sebastian Andrzej Siewior,
Thomas Gleixner, Andy Lutomirski, Dave Hansen, Peter Zijlstra,
Borislav Petkov
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
commit f77084d96355f5fba8e2c1fb3a51a393b1570de7 upstream.
The WARN_ON_ONCE(__read_cr3() != build_cr3()) in switch_mm_irqs_off()
triggers every once in a while during a snapshotted system upgrade.
The warning triggers since commit decab0888e6e ("x86/mm: Remove
preempt_disable/enable() from __native_flush_tlb()"). The callchain is:
get_page_from_freelist() -> post_alloc_hook() -> __kernel_map_pages()
with CONFIG_DEBUG_PAGEALLOC enabled.
Disable preemption during CR3 reset / __flush_tlb_all() and add a comment
why preemption has to be disabled so it won't be removed accidentaly.
Add another preemptible() check in __flush_tlb_all() to catch callers with
enabled preemption when PGE is enabled, because PGE enabled does not
trigger the warning in __native_flush_tlb(). Suggested by Andy Lutomirski.
Fixes: decab0888e6e ("x86/mm: Remove preempt_disable/enable() from __native_flush_tlb()")
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/20181017103432.zgv46nlu3hc7k4rq@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/include/asm/tlbflush.h | 6 ++++++
arch/x86/mm/pageattr.c | 6 +++++-
2 files changed, 11 insertions(+), 1 deletion(-)
--- a/arch/x86/include/asm/tlbflush.h
+++ b/arch/x86/include/asm/tlbflush.h
@@ -469,6 +469,12 @@ static inline void __native_flush_tlb_on
*/
static inline void __flush_tlb_all(void)
{
+ /*
+ * This is to catch users with enabled preemption and the PGE feature
+ * and don't trigger the warning in __native_flush_tlb().
+ */
+ VM_WARN_ON_ONCE(preemptible());
+
if (boot_cpu_has(X86_FEATURE_PGE)) {
__flush_tlb_global();
} else {
--- a/arch/x86/mm/pageattr.c
+++ b/arch/x86/mm/pageattr.c
@@ -2086,9 +2086,13 @@ void __kernel_map_pages(struct page *pag
/*
* We should perform an IPI and flush all tlbs,
- * but that can deadlock->flush only current cpu:
+ * but that can deadlock->flush only current cpu.
+ * Preemption needs to be disabled around __flush_tlb_all() due to
+ * CR3 reload in __native_flush_tlb().
*/
+ preempt_disable();
__flush_tlb_all();
+ preempt_enable();
arch_flush_lazy_mmu_mode();
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 046/361] x86/numa_emulation: Fix uniform-split numa emulation
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (44 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 045/361] x86/mm/pat: Disable preemption around __flush_tlb_all() Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 047/361] ARM: dts: exynos: Disable pull control for MAX8997 interrupts on Origen Greg Kroah-Hartman
` (317 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dave Jiang, Dan Williams,
Thomas Gleixner, Alexander Duyck, Dave Hansen, Borislav Petkov,
H. Peter Anvin, Andy Lutomirski, Peter Zijlstra
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dave Jiang <dave.jiang@intel.com>
commit c6ee7a548e2c291398b4f32c1f741c66b9f98e1c upstream.
The numa_emulation() routine in the 'uniform' case walks through all the
physical 'memblk' instances and divides them into N emulated nodes with
split_nodes_size_interleave_uniform(). As each physical node is consumed it
is removed from the physical memblk array in the numa_remove_memblk_from()
helper.
Since split_nodes_size_interleave_uniform() handles advancing the array as
the 'memblk' is consumed it is expected that the base of the array is
always specified as the argument.
Otherwise, on multi-socket (> 2) configurations the uniform-split
capability can generate an invalid numa configuration leading to boot
failures with signatures like the following:
rcu: INFO: rcu_sched detected stalls on CPUs/tasks:
Sending NMI from CPU 0 to CPUs 2:
NMI backtrace for cpu 2
CPU: 2 PID: 1332 Comm: pgdatinit0 Not tainted 4.19.0-rc8-next-20181019-baseline #59
RIP: 0010:__init_single_page.isra.74+0x81/0x90
[..]
Call Trace:
deferred_init_pages+0xaa/0xe3
deferred_init_memmap+0x18f/0x318
kthread+0xf8/0x130
? deferred_free_pages.isra.105+0xc9/0xc9
? kthread_stop+0x110/0x110
ret_from_fork+0x35/0x40
Fixes: 1f6a2c6d9f121 ("x86/numa_emulation: Introduce uniform split capability")
Signed-off-by: Dave Jiang <dave.jiang@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Alexander Duyck <alexander.h.duyck@linux.intel.com>
Reviewed-by: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/154049911459.2685845.9210186007479774286.stgit@dwillia2-desk3.amr.corp.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/mm/numa_emulation.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
--- a/arch/x86/mm/numa_emulation.c
+++ b/arch/x86/mm/numa_emulation.c
@@ -400,9 +400,17 @@ void __init numa_emulation(struct numa_m
n = simple_strtoul(emu_cmdline, &emu_cmdline, 0);
ret = -1;
for_each_node_mask(i, physnode_mask) {
+ /*
+ * The reason we pass in blk[0] is due to
+ * numa_remove_memblk_from() called by
+ * emu_setup_memblk() will delete entry 0
+ * and then move everything else up in the pi.blk
+ * array. Therefore we should always be looking
+ * at blk[0].
+ */
ret = split_nodes_size_interleave_uniform(&ei, &pi,
- pi.blk[i].start, pi.blk[i].end, 0,
- n, &pi.blk[i], nid);
+ pi.blk[0].start, pi.blk[0].end, 0,
+ n, &pi.blk[0], nid);
if (ret < 0)
break;
if (ret < n) {
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 047/361] ARM: dts: exynos: Disable pull control for MAX8997 interrupts on Origen
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (45 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 046/361] x86/numa_emulation: Fix uniform-split numa emulation Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 048/361] net: socionext: Reset tx queue in ndo_stop Greg Kroah-Hartman
` (316 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marek Szyprowski, Krzysztof Kozlowski
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Marek Szyprowski <m.szyprowski@samsung.com>
commit f5e758b8358f6c27e8a351ddf0b441a64cdabb94 upstream.
PMIC_IRQB and PMIC_KEYINB lines on Exynos4210-based Origen board have
external pull-up resistors, so disable any pull control for those lines
in respective pin controller node. This fixes support for MAX8997
interrupts and enables operation of wakeup from MAX8997 RTC alarm.
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Fixes: 17419726aaa1 ("ARM: dts: add max8997 device node for exynos4210-origen board")
Cc: <stable@vger.kernel.org>
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/boot/dts/exynos4210-origen.dts | 9 +++++++++
1 file changed, 9 insertions(+)
--- a/arch/arm/boot/dts/exynos4210-origen.dts
+++ b/arch/arm/boot/dts/exynos4210-origen.dts
@@ -151,6 +151,8 @@
reg = <0x66>;
interrupt-parent = <&gpx0>;
interrupts = <4 IRQ_TYPE_NONE>, <3 IRQ_TYPE_NONE>;
+ pinctrl-names = "default";
+ pinctrl-0 = <&max8997_irq>;
max8997,pmic-buck1-dvs-voltage = <1350000>;
max8997,pmic-buck2-dvs-voltage = <1100000>;
@@ -288,6 +290,13 @@
};
};
+&pinctrl_1 {
+ max8997_irq: max8997-irq {
+ samsung,pins = "gpx0-3", "gpx0-4";
+ samsung,pin-pud = <EXYNOS_PIN_PULL_NONE>;
+ };
+};
+
&sdhci_0 {
bus-width = <4>;
pinctrl-0 = <&sd0_clk &sd0_cmd &sd0_bus4 &sd0_cd>;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 048/361] net: socionext: Reset tx queue in ndo_stop
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (46 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 047/361] ARM: dts: exynos: Disable pull control for MAX8997 interrupts on Origen Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 049/361] net: loopback: clear skb->tstamp before netif_rx() Greg Kroah-Hartman
` (315 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Masahisa Kojima, Yoshitoyo Osaki,
David S. Miller, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Masahisa Kojima <masahisa.kojima@linaro.org>
[ Upstream commit 8d5b0bf611ec5b7618d5b772dddc93b8afa78cb8 ]
We observed that packets and bytes count are not reset
when user performs interface down. Eventually, tx queue is
exhausted and packets will not be sent out.
To avoid this problem, resets tx queue in ndo_stop.
Fixes: 533dd11a12f6 ("net: socionext: Add Synquacer NetSec driver")
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Signed-off-by: Yoshitoyo Osaki <osaki.yoshitoyo@socionext.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/socionext/netsec.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/net/ethernet/socionext/netsec.c
+++ b/drivers/net/ethernet/socionext/netsec.c
@@ -940,6 +940,9 @@ static void netsec_uninit_pkt_dring(stru
dring->head = 0;
dring->tail = 0;
dring->pkt_cnt = 0;
+
+ if (id == NETSEC_RING_TX)
+ netdev_reset_queue(priv->ndev);
}
static void netsec_free_dring(struct netsec_priv *priv, int id)
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 049/361] net: loopback: clear skb->tstamp before netif_rx()
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (47 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 048/361] net: socionext: Reset tx queue in ndo_stop Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 050/361] locking/lockdep: Fix debug_locks off performance problem Greg Kroah-Hartman
` (314 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet, Willem de Bruijn,
Soheil Hassas Yeganeh, David S. Miller, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 4c16128b6271e70c8743178e90cccee147858503 ]
At least UDP / TCP stacks can now cook skbs with a tstamp using
MONOTONIC base (or arbitrary values with SCM_TXTIME)
Since loopback driver does not call (directly or indirectly)
skb_scrub_packet(), we need to clear skb->tstamp so that
net_timestamp_check() can eventually resample the time,
using ktime_get_real().
Fixes: 80b14dee2bea ("net: Add a new socket option for a future transmit time.")
Fixes: fb420d5d91c1 ("tcp/fq: move back to CLOCK_MONOTONIC")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Willem de Bruijn <willemb@google.com>
Cc: Soheil Hassas Yeganeh <soheil@google.com>
Acked-by: Soheil Hassas Yeganeh <soheil@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/loopback.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/net/loopback.c
+++ b/drivers/net/loopback.c
@@ -75,6 +75,10 @@ static netdev_tx_t loopback_xmit(struct
int len;
skb_tx_timestamp(skb);
+
+ /* do not fool net_timestamp_check() with various clock bases */
+ skb->tstamp = 0;
+
skb_orphan(skb);
/* Before queueing this packet to netif_rx(),
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 050/361] locking/lockdep: Fix debug_locks off performance problem
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (48 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 049/361] net: loopback: clear skb->tstamp before netif_rx() Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 051/361] netfilter: xt_nat: fix DNAT target for shifted portmap ranges Greg Kroah-Hartman
` (313 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Waiman Long, Andrew Morton,
Linus Torvalds, Paul E. McKenney, Peter Zijlstra,
Thomas Gleixner, Will Deacon, Ingo Molnar, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Waiman Long <longman@redhat.com>
[ Upstream commit 9506a7425b094d2f1d9c877ed5a78f416669269b ]
It was found that when debug_locks was turned off because of a problem
found by the lockdep code, the system performance could drop quite
significantly when the lock_stat code was also configured into the
kernel. For instance, parallel kernel build time on a 4-socket x86-64
server nearly doubled.
Further analysis into the cause of the slowdown traced back to the
frequent call to debug_locks_off() from the __lock_acquired() function
probably due to some inconsistent lockdep states with debug_locks
off. The debug_locks_off() function did an unconditional atomic xchg
to write a 0 value into debug_locks which had already been set to 0.
This led to severe cacheline contention in the cacheline that held
debug_locks. As debug_locks is being referenced in quite a few different
places in the kernel, this greatly slow down the system performance.
To prevent that trashing of debug_locks cacheline, lock_acquired()
and lock_contended() now checks the state of debug_locks before
proceeding. The debug_locks_off() function is also modified to check
debug_locks before calling __debug_locks_off().
Signed-off-by: Waiman Long <longman@redhat.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Will Deacon <will.deacon@arm.com>
Link: http://lkml.kernel.org/r/1539913518-15598-1-git-send-email-longman@redhat.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/locking/lockdep.c | 4 ++--
lib/debug_locks.c | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
--- a/kernel/locking/lockdep.c
+++ b/kernel/locking/lockdep.c
@@ -4122,7 +4122,7 @@ void lock_contended(struct lockdep_map *
{
unsigned long flags;
- if (unlikely(!lock_stat))
+ if (unlikely(!lock_stat || !debug_locks))
return;
if (unlikely(current->lockdep_recursion))
@@ -4142,7 +4142,7 @@ void lock_acquired(struct lockdep_map *l
{
unsigned long flags;
- if (unlikely(!lock_stat))
+ if (unlikely(!lock_stat || !debug_locks))
return;
if (unlikely(current->lockdep_recursion))
--- a/lib/debug_locks.c
+++ b/lib/debug_locks.c
@@ -37,7 +37,7 @@ EXPORT_SYMBOL_GPL(debug_locks_silent);
*/
int debug_locks_off(void)
{
- if (__debug_locks_off()) {
+ if (debug_locks && __debug_locks_off()) {
if (!debug_locks_silent) {
console_verbose();
return 1;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 051/361] netfilter: xt_nat: fix DNAT target for shifted portmap ranges
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (49 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 050/361] locking/lockdep: Fix debug_locks off performance problem Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 052/361] ataflop: fix error handling during setup Greg Kroah-Hartman
` (312 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Paolo Abeni, Pablo Neira Ayuso, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paolo Abeni <pabeni@redhat.com>
[ Upstream commit cb20f2d2c0507d60d94ef896991e95708f051dd1 ]
The commit 2eb0f624b709 ("netfilter: add NAT support for shifted
portmap ranges") did not set the checkentry/destroy callbacks for
the newly added DNAT target. As a result, rulesets using only
such nat targets are not effective, as the relevant conntrack hooks
are not enabled.
The above affect also nft_compat rulesets.
Fix the issue adding the missing initializers.
Fixes: 2eb0f624b709 ("netfilter: add NAT support for shifted portmap ranges")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/xt_nat.c | 2 ++
1 file changed, 2 insertions(+)
--- a/net/netfilter/xt_nat.c
+++ b/net/netfilter/xt_nat.c
@@ -216,6 +216,8 @@ static struct xt_target xt_nat_target_re
{
.name = "DNAT",
.revision = 2,
+ .checkentry = xt_nat_checkentry,
+ .destroy = xt_nat_destroy,
.target = xt_dnat_target_v2,
.targetsize = sizeof(struct nf_nat_range2),
.table = "nat",
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 052/361] ataflop: fix error handling during setup
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (50 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 051/361] netfilter: xt_nat: fix DNAT target for shifted portmap ranges Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 053/361] swim: fix cleanup on setup error Greg Kroah-Hartman
` (311 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Omar Sandoval, Jens Axboe, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Omar Sandoval <osandov@fb.com>
[ Upstream commit 71327f547ee3a46ec5c39fdbbd268401b2578d0e ]
Move queue allocation next to disk allocation to fix a couple of issues:
- If add_disk() hasn't been called, we should clear disk->queue before
calling put_disk().
- If we fail to allocate a request queue, we still need to put all of
the disks, not just the ones that we allocated queues for.
Signed-off-by: Omar Sandoval <osandov@fb.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/block/ataflop.c | 25 +++++++++++++++----------
1 file changed, 15 insertions(+), 10 deletions(-)
--- a/drivers/block/ataflop.c
+++ b/drivers/block/ataflop.c
@@ -1935,6 +1935,11 @@ static int __init atari_floppy_init (voi
unit[i].disk = alloc_disk(1);
if (!unit[i].disk)
goto Enomem;
+
+ unit[i].disk->queue = blk_init_queue(do_fd_request,
+ &ataflop_lock);
+ if (!unit[i].disk->queue)
+ goto Enomem;
}
if (UseTrackbuffer < 0)
@@ -1966,10 +1971,6 @@ static int __init atari_floppy_init (voi
sprintf(unit[i].disk->disk_name, "fd%d", i);
unit[i].disk->fops = &floppy_fops;
unit[i].disk->private_data = &unit[i];
- unit[i].disk->queue = blk_init_queue(do_fd_request,
- &ataflop_lock);
- if (!unit[i].disk->queue)
- goto Enomem;
set_capacity(unit[i].disk, MAX_DISK_SIZE * 2);
add_disk(unit[i].disk);
}
@@ -1984,13 +1985,17 @@ static int __init atari_floppy_init (voi
return 0;
Enomem:
- while (i--) {
- struct request_queue *q = unit[i].disk->queue;
+ do {
+ struct gendisk *disk = unit[i].disk;
- put_disk(unit[i].disk);
- if (q)
- blk_cleanup_queue(q);
- }
+ if (disk) {
+ if (disk->queue) {
+ blk_cleanup_queue(disk->queue);
+ disk->queue = NULL;
+ }
+ put_disk(unit[i].disk);
+ }
+ } while (i--);
unregister_blkdev(FLOPPY_MAJOR, "fd");
return -ENOMEM;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 053/361] swim: fix cleanup on setup error
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (51 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 052/361] ataflop: fix error handling during setup Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 054/361] arm64: cpufeature: ctr: Fix cpu capability check for late CPUs Greg Kroah-Hartman
` (310 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Omar Sandoval, Jens Axboe, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Omar Sandoval <osandov@fb.com>
[ Upstream commit 1448a2a5360ae06f25e2edc61ae070dff5c0beb4 ]
If we fail to allocate the request queue for a disk, we still need to
free that disk, not just the previous ones. Additionally, we need to
cleanup the previous request queues.
Signed-off-by: Omar Sandoval <osandov@fb.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/block/swim.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
--- a/drivers/block/swim.c
+++ b/drivers/block/swim.c
@@ -887,8 +887,17 @@ static int swim_floppy_init(struct swim_
exit_put_disks:
unregister_blkdev(FLOPPY_MAJOR, "fd");
- while (drive--)
- put_disk(swd->unit[drive].disk);
+ do {
+ struct gendisk *disk = swd->unit[drive].disk;
+
+ if (disk) {
+ if (disk->queue) {
+ blk_cleanup_queue(disk->queue);
+ disk->queue = NULL;
+ }
+ put_disk(disk);
+ }
+ } while (drive--);
return err;
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 054/361] arm64: cpufeature: ctr: Fix cpu capability check for late CPUs
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (52 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 053/361] swim: fix cleanup on setup error Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 055/361] hv_netvsc: fix vf serial matching with pci slot info Greg Kroah-Hartman
` (309 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Philip Elcan, Shanker Donthineni,
Mark Rutland, Will Deacon, Suzuki K Poulose, Catalin Marinas,
Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Suzuki K Poulose <suzuki.poulose@arm.com>
[ Upstream commit 8ab66cbe63aeaf9e5970fb4aaef1c660fca59321 ]
The matches() routine for a capability must honor the "scope"
passed to it and return the proper results.
i.e, when passed with SCOPE_LOCAL_CPU, it should check the
status of the capability on the current CPU. This is used by
verify_local_cpu_capabilities() on a late secondary CPU to make
sure that it's compliant with the established system features.
However, ARM64_HAS_CACHE_{IDC/DIC} always checks the system wide
registers and this could mean that a late secondary CPU could return
"true" (since the CPU hasn't updated the system wide registers yet)
and thus lead the system in an inconsistent state, where
the system assumes it has IDC/DIC feature, while the new CPU
doesn't.
Fixes: commit 6ae4b6e0578886eb36 ("arm64: Add support for new control bits CTR_EL0.DIC and CTR_EL0.IDC")
Cc: Philip Elcan <pelcan@codeaurora.org>
Cc: Shanker Donthineni <shankerd@codeaurora.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/kernel/cpufeature.c | 22 ++++++++++++++++++----
1 file changed, 18 insertions(+), 4 deletions(-)
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -848,15 +848,29 @@ static bool has_no_fpsimd(const struct a
}
static bool has_cache_idc(const struct arm64_cpu_capabilities *entry,
- int __unused)
+ int scope)
{
- return read_sanitised_ftr_reg(SYS_CTR_EL0) & BIT(CTR_IDC_SHIFT);
+ u64 ctr;
+
+ if (scope == SCOPE_SYSTEM)
+ ctr = arm64_ftr_reg_ctrel0.sys_val;
+ else
+ ctr = read_cpuid_cachetype();
+
+ return ctr & BIT(CTR_IDC_SHIFT);
}
static bool has_cache_dic(const struct arm64_cpu_capabilities *entry,
- int __unused)
+ int scope)
{
- return read_sanitised_ftr_reg(SYS_CTR_EL0) & BIT(CTR_DIC_SHIFT);
+ u64 ctr;
+
+ if (scope == SCOPE_SYSTEM)
+ ctr = arm64_ftr_reg_ctrel0.sys_val;
+ else
+ ctr = read_cpuid_cachetype();
+
+ return ctr & BIT(CTR_DIC_SHIFT);
}
#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 055/361] hv_netvsc: fix vf serial matching with pci slot info
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (53 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 054/361] arm64: cpufeature: ctr: Fix cpu capability check for late CPUs Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 056/361] nfp: devlink port split support for 1x100G CXP NIC Greg Kroah-Hartman
` (308 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vitaly Kuznetsov, Haiyang Zhang,
Stephen Hemminger, David S. Miller, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Haiyang Zhang <haiyangz@microsoft.com>
[ Upstream commit 005479556197f80139771960dda0dfdcd2d2aad5 ]
The VF device's serial number is saved as a string in PCI slot's
kobj name, not the slot->number. This patch corrects the netvsc
driver, so the VF device can be successfully paired with synthetic
NIC.
Fixes: 00d7ddba1143 ("hv_netvsc: pair VF based on serial number")
Reported-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Haiyang Zhang <haiyangz@microsoft.com>
Reviewed-by: Stephen Hemminger <sthemmin@microsoft.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/hyperv/netvsc_drv.c | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
--- a/drivers/net/hyperv/netvsc_drv.c
+++ b/drivers/net/hyperv/netvsc_drv.c
@@ -2022,14 +2022,15 @@ static void netvsc_vf_setup(struct work_
rtnl_unlock();
}
-/* Find netvsc by VMBus serial number.
- * The PCI hyperv controller records the serial number as the slot.
+/* Find netvsc by VF serial number.
+ * The PCI hyperv controller records the serial number as the slot kobj name.
*/
static struct net_device *get_netvsc_byslot(const struct net_device *vf_netdev)
{
struct device *parent = vf_netdev->dev.parent;
struct net_device_context *ndev_ctx;
struct pci_dev *pdev;
+ u32 serial;
if (!parent || !dev_is_pci(parent))
return NULL; /* not a PCI device */
@@ -2040,16 +2041,22 @@ static struct net_device *get_netvsc_bys
return NULL;
}
+ if (kstrtou32(pci_slot_name(pdev->slot), 10, &serial)) {
+ netdev_notice(vf_netdev, "Invalid vf serial:%s\n",
+ pci_slot_name(pdev->slot));
+ return NULL;
+ }
+
list_for_each_entry(ndev_ctx, &netvsc_dev_list, list) {
if (!ndev_ctx->vf_alloc)
continue;
- if (ndev_ctx->vf_serial == pdev->slot->number)
+ if (ndev_ctx->vf_serial == serial)
return hv_get_drvdata(ndev_ctx->device_ctx);
}
netdev_notice(vf_netdev,
- "no netdev found for slot %u\n", pdev->slot->number);
+ "no netdev found for vf serial:%u\n", serial);
return NULL;
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 056/361] nfp: devlink port split support for 1x100G CXP NIC
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (54 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 055/361] hv_netvsc: fix vf serial matching with pci slot info Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 057/361] tun: Consistently configure generic netdev params via rtnetlink Greg Kroah-Hartman
` (307 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ryan C Goodfellow, Jakub Kicinski,
Greg Weeks, David S. Miller, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ryan C Goodfellow <rgoodfel@isi.edu>
[ Upstream commit 5948185b97fa1f83d7855e638a72982a1073ebf5 ]
This commit makes it possible to use devlink to split the 100G CXP
Netronome into two 40G interfaces. Currently when you ask for 2
interfaces, the math in src/nfp_devlink.c:nfp_devlink_port_split
calculates that you want 5 lanes per port because for some reason
eth_port.port_lanes=10 (shouldn't this be 12 for CXP?). What we really
want when asking for 2 breakout interfaces is 4 lanes per port. This
commit makes that happen by calculating based on 8 lanes if 10 are
present.
Signed-off-by: Ryan C Goodfellow <rgoodfel@isi.edu>
Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Greg Weeks <greg.weeks@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/netronome/nfp/nfp_devlink.c | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
--- a/drivers/net/ethernet/netronome/nfp/nfp_devlink.c
+++ b/drivers/net/ethernet/netronome/nfp/nfp_devlink.c
@@ -96,6 +96,7 @@ nfp_devlink_port_split(struct devlink *d
{
struct nfp_pf *pf = devlink_priv(devlink);
struct nfp_eth_table_port eth_port;
+ unsigned int lanes;
int ret;
if (count < 2)
@@ -114,8 +115,12 @@ nfp_devlink_port_split(struct devlink *d
goto out;
}
- ret = nfp_devlink_set_lanes(pf, eth_port.index,
- eth_port.port_lanes / count);
+ /* Special case the 100G CXP -> 2x40G split */
+ lanes = eth_port.port_lanes / count;
+ if (eth_port.lanes == 10 && count == 2)
+ lanes = 8 / count;
+
+ ret = nfp_devlink_set_lanes(pf, eth_port.index, lanes);
out:
mutex_unlock(&pf->lock);
@@ -128,6 +133,7 @@ nfp_devlink_port_unsplit(struct devlink
{
struct nfp_pf *pf = devlink_priv(devlink);
struct nfp_eth_table_port eth_port;
+ unsigned int lanes;
int ret;
mutex_lock(&pf->lock);
@@ -143,7 +149,12 @@ nfp_devlink_port_unsplit(struct devlink
goto out;
}
- ret = nfp_devlink_set_lanes(pf, eth_port.index, eth_port.port_lanes);
+ /* Special case the 100G CXP -> 2x40G unsplit */
+ lanes = eth_port.port_lanes;
+ if (eth_port.port_lanes == 8)
+ lanes = 10;
+
+ ret = nfp_devlink_set_lanes(pf, eth_port.index, lanes);
out:
mutex_unlock(&pf->lock);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 057/361] tun: Consistently configure generic netdev params via rtnetlink
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (55 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 056/361] nfp: devlink port split support for 1x100G CXP NIC Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 058/361] s390/sthyi: Fix machine name validity indication Greg Kroah-Hartman
` (306 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Serhey Popovych, David S. Miller,
Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Serhey Popovych <serhe.popovych@gmail.com>
[ Upstream commit df52eab23d703142c766ac00bdb8db19d71238d0 ]
Configuring generic network device parameters on tun will fail in
presence of IFLA_INFO_KIND attribute in IFLA_LINKINFO nested attribute
since tun_validate() always return failure.
This can be visualized with following ip-link(8) command sequences:
# ip link set dev tun0 group 100
# ip link set dev tun0 group 100 type tun
RTNETLINK answers: Invalid argument
with contrast to dummy and veth drivers:
# ip link set dev dummy0 group 100
# ip link set dev dummy0 type dummy
# ip link set dev veth0 group 100
# ip link set dev veth0 group 100 type veth
Fix by returning zero in tun_validate() when @data is NULL that is
always in case since rtnl_link_ops->maxtype is zero in tun driver.
Fixes: f019a7a594d9 ("tun: Implement ip link del tunXXX")
Signed-off-by: Serhey Popovych <serhe.popovych@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/tun.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -2264,6 +2264,8 @@ static void tun_setup(struct net_device
static int tun_validate(struct nlattr *tb[], struct nlattr *data[],
struct netlink_ext_ack *extack)
{
+ if (!data)
+ return 0;
return -EINVAL;
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 058/361] s390/sthyi: Fix machine name validity indication
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (56 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 057/361] tun: Consistently configure generic netdev params via rtnetlink Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 059/361] hwmon: (pwm-fan) Set fan speed to 0 on suspend Greg Kroah-Hartman
` (305 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Janosch Frank, Martin Schwidefsky,
Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Janosch Frank <frankja@linux.ibm.com>
[ Upstream commit b5130dc2224d1881f24224c0590c6d97f2168d6a ]
When running as a level 3 guest with no host provided sthyi support
sclp_ocf_cpc_name_copy() will only return zeroes. Zeroes are not a
valid group name, so let's not indicate that the group name field is
valid.
Also the group name is not dependent on stsi, let's not return based
on stsi before setting it.
Fixes: 95ca2cb57985 ("KVM: s390: Add sthyi emulation")
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/s390/kernel/sthyi.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
--- a/arch/s390/kernel/sthyi.c
+++ b/arch/s390/kernel/sthyi.c
@@ -183,17 +183,19 @@ static void fill_hdr(struct sthyi_sctns
static void fill_stsi_mac(struct sthyi_sctns *sctns,
struct sysinfo_1_1_1 *sysinfo)
{
+ sclp_ocf_cpc_name_copy(sctns->mac.infmname);
+ if (*(u64 *)sctns->mac.infmname != 0)
+ sctns->mac.infmval1 |= MAC_NAME_VLD;
+
if (stsi(sysinfo, 1, 1, 1))
return;
- sclp_ocf_cpc_name_copy(sctns->mac.infmname);
-
memcpy(sctns->mac.infmtype, sysinfo->type, sizeof(sctns->mac.infmtype));
memcpy(sctns->mac.infmmanu, sysinfo->manufacturer, sizeof(sctns->mac.infmmanu));
memcpy(sctns->mac.infmpman, sysinfo->plant, sizeof(sctns->mac.infmpman));
memcpy(sctns->mac.infmseq, sysinfo->sequence, sizeof(sctns->mac.infmseq));
- sctns->mac.infmval1 |= MAC_ID_VLD | MAC_NAME_VLD;
+ sctns->mac.infmval1 |= MAC_ID_VLD;
}
static void fill_stsi_par(struct sthyi_sctns *sctns,
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 059/361] hwmon: (pwm-fan) Set fan speed to 0 on suspend
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (57 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 058/361] s390/sthyi: Fix machine name validity indication Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 060/361] lightnvm: pblk: fix race on sysfs line state Greg Kroah-Hartman
` (304 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thierry Reding, Guenter Roeck, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thierry Reding <treding@nvidia.com>
[ Upstream commit 95dcd64bc5a27080beaa344edfe5bdcca3d2e7dc ]
Technically this is not required because disabling the PWM should be
enough. However, when support for atomic operations was implemented in
the PWM subsystem, only actual changes to the PWM channel are applied
during pwm_config(), which means that during after resume from suspend
the old settings won't be applied.
One possible solution is for the PWM driver to implement its own PM
operations such that settings from before suspend get applied on resume.
This has the disadvantage of completely ignoring any particular ordering
requirements that PWM user drivers might have, so it is best to leave it
up to the user drivers to apply the settings that they want at the
appropriate time.
Another way to solve this would be to read back the current state of the
PWM at the time of resume. That way, in case the configuration was lost
during suspend, applying the old settings in PWM user drivers would
actually get them applied because they differ from the current settings.
However, not all PWM drivers support reading the hardware state, and not
all hardware may support it.
The best workaround at this point seems to be to let PWM user drivers
tell the PWM subsystem that the PWM is turned off by, in addition to
disabling it, also setting the duty cycle to 0. This causes the resume
operation to apply a configuration that is different from the current
configuration, resulting in the proper state from before suspend getting
restored.
Signed-off-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hwmon/pwm-fan.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
--- a/drivers/hwmon/pwm-fan.c
+++ b/drivers/hwmon/pwm-fan.c
@@ -290,9 +290,19 @@ static int pwm_fan_remove(struct platfor
static int pwm_fan_suspend(struct device *dev)
{
struct pwm_fan_ctx *ctx = dev_get_drvdata(dev);
+ struct pwm_args args;
+ int ret;
+
+ pwm_get_args(ctx->pwm, &args);
+
+ if (ctx->pwm_value) {
+ ret = pwm_config(ctx->pwm, 0, args.period);
+ if (ret < 0)
+ return ret;
- if (ctx->pwm_value)
pwm_disable(ctx->pwm);
+ }
+
return 0;
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 060/361] lightnvm: pblk: fix race on sysfs line state
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (58 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 059/361] hwmon: (pwm-fan) Set fan speed to 0 on suspend Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 061/361] lightnvm: pblk: fix two sleep-in-atomic-context bugs Greg Kroah-Hartman
` (303 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Javier González,
Matias Bjørling, Jens Axboe, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Javier González <javier@cnexlabs.com>
[ Upstream commit 44cdbdc657b23f75736eca3e88b781f009104363 ]
pblk exposes a sysfs interface that represents its internal state. Part
of this state is the map bitmap for the current open line, which should
be protected by the line lock to avoid a race when freeing the line
metadata. Currently, it is not.
This patch makes sure that the line state is consistent and NULL
bitmap pointers are not dereferenced.
Signed-off-by: Javier González <javier@cnexlabs.com>
Signed-off-by: Matias Bjørling <mb@lightnvm.io>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/lightnvm/pblk-core.c | 5 +++--
drivers/lightnvm/pblk-sysfs.c | 8 +++++++-
2 files changed, 10 insertions(+), 3 deletions(-)
--- a/drivers/lightnvm/pblk-core.c
+++ b/drivers/lightnvm/pblk-core.c
@@ -1539,13 +1539,14 @@ struct pblk_line *pblk_line_replace_data
struct pblk_line *cur, *new = NULL;
unsigned int left_seblks;
- cur = l_mg->data_line;
new = l_mg->data_next;
if (!new)
goto out;
- l_mg->data_line = new;
spin_lock(&l_mg->free_lock);
+ cur = l_mg->data_line;
+ l_mg->data_line = new;
+
pblk_line_setup_metadata(new, l_mg, &pblk->lm);
spin_unlock(&l_mg->free_lock);
--- a/drivers/lightnvm/pblk-sysfs.c
+++ b/drivers/lightnvm/pblk-sysfs.c
@@ -262,8 +262,14 @@ static ssize_t pblk_sysfs_lines(struct p
sec_in_line = l_mg->data_line->sec_in_line;
meta_weight = bitmap_weight(&l_mg->meta_bitmap,
PBLK_DATA_LINES);
- map_weight = bitmap_weight(l_mg->data_line->map_bitmap,
+
+ spin_lock(&l_mg->data_line->lock);
+ if (l_mg->data_line->map_bitmap)
+ map_weight = bitmap_weight(l_mg->data_line->map_bitmap,
lm->sec_per_line);
+ else
+ map_weight = 0;
+ spin_unlock(&l_mg->data_line->lock);
}
spin_unlock(&l_mg->free_lock);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 061/361] lightnvm: pblk: fix two sleep-in-atomic-context bugs
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (59 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 060/361] lightnvm: pblk: fix race on sysfs line state Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 062/361] lightnvm: pblk: fix race condition on metadata I/O Greg Kroah-Hartman
` (302 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jia-Ju Bai, Javier González,
Matias Bjørling, Jens Axboe, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jia-Ju Bai <baijiaju1990@gmail.com>
[ Upstream commit 7325b4bbe5952e3e939f15de812f2ee0c0d33ca9 ]
The driver may sleep with holding a spinlock.
The function call paths (from bottom to top) in Linux-4.16 are:
[FUNC] nvm_dev_dma_alloc(GFP_KERNEL)
drivers/lightnvm/pblk-core.c, 754:
nvm_dev_dma_alloc in pblk_line_submit_smeta_io
drivers/lightnvm/pblk-core.c, 1048:
pblk_line_submit_smeta_io in pblk_line_init_bb
drivers/lightnvm/pblk-core.c, 1434:
pblk_line_init_bb in pblk_line_replace_data
drivers/lightnvm/pblk-recovery.c, 980:
pblk_line_replace_data in pblk_recov_l2p
drivers/lightnvm/pblk-recovery.c, 976:
spin_lock in pblk_recov_l2p
[FUNC] bio_map_kern(GFP_KERNEL)
drivers/lightnvm/pblk-core.c, 762:
bio_map_kern in pblk_line_submit_smeta_io
drivers/lightnvm/pblk-core.c, 1048:
pblk_line_submit_smeta_io in pblk_line_init_bb
drivers/lightnvm/pblk-core.c, 1434:
pblk_line_init_bb in pblk_line_replace_data
drivers/lightnvm/pblk-recovery.c, 980:
pblk_line_replace_data in pblk_recov_l2p
drivers/lightnvm/pblk-recovery.c, 976:
spin_lock in pblk_recov_l2p
To fix these bugs, the call to pblk_line_replace_data()
is moved out of the spinlock protection.
These bugs are found by my static analysis tool DSAC.
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Reviewed-by: Javier González <javier@cnexlabs.com>
Signed-off-by: Matias Bjørling <mb@lightnvm.io>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/lightnvm/pblk-recovery.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/drivers/lightnvm/pblk-recovery.c
+++ b/drivers/lightnvm/pblk-recovery.c
@@ -956,12 +956,14 @@ next:
}
}
- spin_lock(&l_mg->free_lock);
if (!open_lines) {
+ spin_lock(&l_mg->free_lock);
WARN_ON_ONCE(!test_and_clear_bit(meta_line,
&l_mg->meta_bitmap));
+ spin_unlock(&l_mg->free_lock);
pblk_line_replace_data(pblk);
} else {
+ spin_lock(&l_mg->free_lock);
/* Allocate next line for preparation */
l_mg->data_next = pblk_line_get(pblk);
if (l_mg->data_next) {
@@ -969,8 +971,8 @@ next:
l_mg->data_next->type = PBLK_LINETYPE_DATA;
is_next = 1;
}
+ spin_unlock(&l_mg->free_lock);
}
- spin_unlock(&l_mg->free_lock);
if (is_next)
pblk_line_erase(pblk, l_mg->data_next);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 062/361] lightnvm: pblk: fix race condition on metadata I/O
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (60 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 061/361] lightnvm: pblk: fix two sleep-in-atomic-context bugs Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 063/361] spi: spi-ep93xx: Use dma_data_direction for ep93xx_spi_dma_{finish,prepare} Greg Kroah-Hartman
` (301 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Javier González,
Matias Bjørling, Jens Axboe, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Javier González <javier@cnexlabs.com>
[ Upstream commit d8adaa3b86324c6186d0adf74bc256bdacfffdb6 ]
In pblk, when a new line is allocated, metadata for the previously
written line is scheduled. This is done through a fixed memory region
that is shared through time and contexts across different lines and
therefore protected by a lock. Unfortunately, this lock is not properly
covering all the metadata used for sharing this memory regions,
resulting in a race condition.
This patch fixes this race condition by protecting this metadata
properly.
Fixes: dd2a43437337 ("lightnvm: pblk: sched. metadata on write thread")
Signed-off-by: Javier González <javier@cnexlabs.com>
Signed-off-by: Matias Bjørling <mb@lightnvm.io>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/lightnvm/pblk-write.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
--- a/drivers/lightnvm/pblk-write.c
+++ b/drivers/lightnvm/pblk-write.c
@@ -417,12 +417,11 @@ int pblk_submit_meta_io(struct pblk *pbl
rqd->ppa_list[i] = addr_to_gen_ppa(pblk, paddr, id);
}
+ spin_lock(&l_mg->close_lock);
emeta->mem += rq_len;
- if (emeta->mem >= lm->emeta_len[0]) {
- spin_lock(&l_mg->close_lock);
+ if (emeta->mem >= lm->emeta_len[0])
list_del(&meta_line->list);
- spin_unlock(&l_mg->close_lock);
- }
+ spin_unlock(&l_mg->close_lock);
pblk_down_page(pblk, rqd->ppa_list, rqd->nr_ppas);
@@ -491,14 +490,15 @@ static struct pblk_line *pblk_should_sub
struct pblk_line *meta_line;
spin_lock(&l_mg->close_lock);
-retry:
if (list_empty(&l_mg->emeta_list)) {
spin_unlock(&l_mg->close_lock);
return NULL;
}
meta_line = list_first_entry(&l_mg->emeta_list, struct pblk_line, list);
- if (meta_line->emeta->mem >= lm->emeta_len[0])
- goto retry;
+ if (meta_line->emeta->mem >= lm->emeta_len[0]) {
+ spin_unlock(&l_mg->close_lock);
+ return NULL;
+ }
spin_unlock(&l_mg->close_lock);
if (!pblk_valid_meta_ppa(pblk, meta_line, data_rqd))
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 063/361] spi: spi-ep93xx: Use dma_data_direction for ep93xx_spi_dma_{finish,prepare}
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (61 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 062/361] lightnvm: pblk: fix race condition on metadata I/O Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 064/361] perf tools: Free temporary sys string in read_event_files() Greg Kroah-Hartman
` (300 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nathan Chancellor, Nick Desaulniers,
Mika Westerberg, Mark Brown, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nathan Chancellor <natechancellor@gmail.com>
[ Upstream commit a1108c7b2efb892350ba6a0e932dfd45622f4e2b ]
Clang warns when one enumerated type is implicitly converted to another.
drivers/spi/spi-ep93xx.c:342:62: warning: implicit conversion from
enumeration type 'enum dma_transfer_direction' to different enumeration
type 'enum dma_data_direction' [-Wenum-conversion]
nents = dma_map_sg(chan->device->dev, sgt->sgl, sgt->nents, dir);
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~
./include/linux/dma-mapping.h:428:58: note: expanded from macro
'dma_map_sg'
#define dma_map_sg(d, s, n, r) dma_map_sg_attrs(d, s, n, r, 0)
~~~~~~~~~~~~~~~~ ^
drivers/spi/spi-ep93xx.c:348:57: warning: implicit conversion from
enumeration type 'enum dma_transfer_direction' to different enumeration
type 'enum dma_data_direction' [-Wenum-conversion]
dma_unmap_sg(chan->device->dev, sgt->sgl, sgt->nents, dir);
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~
./include/linux/dma-mapping.h:429:62: note: expanded from macro
'dma_unmap_sg'
#define dma_unmap_sg(d, s, n, r) dma_unmap_sg_attrs(d, s, n, r, 0)
~~~~~~~~~~~~~~~~~~ ^
drivers/spi/spi-ep93xx.c:377:56: warning: implicit conversion from
enumeration type 'enum dma_transfer_direction' to different enumeration
type 'enum dma_data_direction' [-Wenum-conversion]
dma_unmap_sg(chan->device->dev, sgt->sgl, sgt->nents, dir);
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~
./include/linux/dma-mapping.h:429:62: note: expanded from macro
'dma_unmap_sg'
#define dma_unmap_sg(d, s, n, r) dma_unmap_sg_attrs(d, s, n, r, 0)
~~~~~~~~~~~~~~~~~~ ^
3 warnings generated.
dma_{,un}map_sg expect an enum of type dma_data_direction but this
driver uses dma_transfer_direction for everything. Convert the driver to
use dma_data_direction for these two functions.
There are two places that strictly require an enum of type
dma_transfer_direction: the direction member in struct dma_slave_config
and the direction parameter in dmaengine_prep_slave_sg. To avoid using
an explicit cast, add a simple function, ep93xx_dma_data_to_trans_dir,
to safely map between the two types because they are not 1 to 1 in
meaning.
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Reviewed-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/spi/spi-ep93xx.c | 36 +++++++++++++++++++++++++-----------
1 file changed, 25 insertions(+), 11 deletions(-)
--- a/drivers/spi/spi-ep93xx.c
+++ b/drivers/spi/spi-ep93xx.c
@@ -246,6 +246,19 @@ static int ep93xx_spi_read_write(struct
return -EINPROGRESS;
}
+static enum dma_transfer_direction
+ep93xx_dma_data_to_trans_dir(enum dma_data_direction dir)
+{
+ switch (dir) {
+ case DMA_TO_DEVICE:
+ return DMA_MEM_TO_DEV;
+ case DMA_FROM_DEVICE:
+ return DMA_DEV_TO_MEM;
+ default:
+ return DMA_TRANS_NONE;
+ }
+}
+
/**
* ep93xx_spi_dma_prepare() - prepares a DMA transfer
* @master: SPI master
@@ -257,7 +270,7 @@ static int ep93xx_spi_read_write(struct
*/
static struct dma_async_tx_descriptor *
ep93xx_spi_dma_prepare(struct spi_master *master,
- enum dma_transfer_direction dir)
+ enum dma_data_direction dir)
{
struct ep93xx_spi *espi = spi_master_get_devdata(master);
struct spi_transfer *xfer = master->cur_msg->state;
@@ -277,9 +290,9 @@ ep93xx_spi_dma_prepare(struct spi_master
buswidth = DMA_SLAVE_BUSWIDTH_1_BYTE;
memset(&conf, 0, sizeof(conf));
- conf.direction = dir;
+ conf.direction = ep93xx_dma_data_to_trans_dir(dir);
- if (dir == DMA_DEV_TO_MEM) {
+ if (dir == DMA_FROM_DEVICE) {
chan = espi->dma_rx;
buf = xfer->rx_buf;
sgt = &espi->rx_sgt;
@@ -343,7 +356,8 @@ ep93xx_spi_dma_prepare(struct spi_master
if (!nents)
return ERR_PTR(-ENOMEM);
- txd = dmaengine_prep_slave_sg(chan, sgt->sgl, nents, dir, DMA_CTRL_ACK);
+ txd = dmaengine_prep_slave_sg(chan, sgt->sgl, nents, conf.direction,
+ DMA_CTRL_ACK);
if (!txd) {
dma_unmap_sg(chan->device->dev, sgt->sgl, sgt->nents, dir);
return ERR_PTR(-ENOMEM);
@@ -360,13 +374,13 @@ ep93xx_spi_dma_prepare(struct spi_master
* unmapped.
*/
static void ep93xx_spi_dma_finish(struct spi_master *master,
- enum dma_transfer_direction dir)
+ enum dma_data_direction dir)
{
struct ep93xx_spi *espi = spi_master_get_devdata(master);
struct dma_chan *chan;
struct sg_table *sgt;
- if (dir == DMA_DEV_TO_MEM) {
+ if (dir == DMA_FROM_DEVICE) {
chan = espi->dma_rx;
sgt = &espi->rx_sgt;
} else {
@@ -381,8 +395,8 @@ static void ep93xx_spi_dma_callback(void
{
struct spi_master *master = callback_param;
- ep93xx_spi_dma_finish(master, DMA_MEM_TO_DEV);
- ep93xx_spi_dma_finish(master, DMA_DEV_TO_MEM);
+ ep93xx_spi_dma_finish(master, DMA_TO_DEVICE);
+ ep93xx_spi_dma_finish(master, DMA_FROM_DEVICE);
spi_finalize_current_transfer(master);
}
@@ -392,15 +406,15 @@ static int ep93xx_spi_dma_transfer(struc
struct ep93xx_spi *espi = spi_master_get_devdata(master);
struct dma_async_tx_descriptor *rxd, *txd;
- rxd = ep93xx_spi_dma_prepare(master, DMA_DEV_TO_MEM);
+ rxd = ep93xx_spi_dma_prepare(master, DMA_FROM_DEVICE);
if (IS_ERR(rxd)) {
dev_err(&master->dev, "DMA RX failed: %ld\n", PTR_ERR(rxd));
return PTR_ERR(rxd);
}
- txd = ep93xx_spi_dma_prepare(master, DMA_MEM_TO_DEV);
+ txd = ep93xx_spi_dma_prepare(master, DMA_TO_DEVICE);
if (IS_ERR(txd)) {
- ep93xx_spi_dma_finish(master, DMA_DEV_TO_MEM);
+ ep93xx_spi_dma_finish(master, DMA_FROM_DEVICE);
dev_err(&master->dev, "DMA TX failed: %ld\n", PTR_ERR(txd));
return PTR_ERR(txd);
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 064/361] perf tools: Free temporary sys string in read_event_files()
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (62 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 063/361] spi: spi-ep93xx: Use dma_data_direction for ep93xx_spi_dma_{finish,prepare} Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 065/361] perf tools: Cleanup trace-event-info tdata leak Greg Kroah-Hartman
` (299 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sanskriti Sharma, Jiri Olsa,
Joe Lawrence, Arnaldo Carvalho de Melo, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sanskriti Sharma <sansharm@redhat.com>
[ Upstream commit 1e44224fb0528b4c0cc176bde2bb31e9127eb14b ]
For each system in a given pevent, read_event_files() reads in a
temporary 'sys' string. Be sure to free this string before moving onto
to the next system and/or leaving read_event_files().
Fixes the following coverity complaints:
Error: RESOURCE_LEAK (CWE-772):
tools/perf/util/trace-event-read.c:343: overwrite_var: Overwriting
"sys" in "sys = read_string()" leaks the storage that "sys" points to.
tools/perf/util/trace-event-read.c:353: leaked_storage: Variable "sys"
going out of scope leaks the storage it points to.
Signed-off-by: Sanskriti Sharma <sansharm@redhat.com>
Reviewed-by: Jiri Olsa <jolsa@kernel.org>
Cc: Joe Lawrence <joe.lawrence@redhat.com>
Link: http://lkml.kernel.org/r/1538490554-8161-6-git-send-email-sansharm@redhat.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/perf/util/trace-event-read.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/tools/perf/util/trace-event-read.c
+++ b/tools/perf/util/trace-event-read.c
@@ -349,9 +349,12 @@ static int read_event_files(struct tep_h
for (x=0; x < count; x++) {
size = read8(pevent);
ret = read_event_file(pevent, sys, size);
- if (ret)
+ if (ret) {
+ free(sys);
return ret;
+ }
}
+ free(sys);
}
return 0;
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 065/361] perf tools: Cleanup trace-event-info tdata leak
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (63 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 064/361] perf tools: Free temporary sys string in read_event_files() Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 066/361] perf tools: Free printk string in parse_ftrace_printk() Greg Kroah-Hartman
` (298 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sanskriti Sharma, Jiri Olsa,
Joe Lawrence, Arnaldo Carvalho de Melo, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sanskriti Sharma <sansharm@redhat.com>
[ Upstream commit faedbf3fd19f2511a39397f76359e4cc6ee93072 ]
Free tracing_data structure in tracing_data_get() error paths.
Fixes the following coverity complaint:
Error: RESOURCE_LEAK (CWE-772):
leaked_storage: Variable "tdata" going out of scope leaks the storage
Signed-off-by: Sanskriti Sharma <sansharm@redhat.com>
Reviewed-by: Jiri Olsa <jolsa@kernel.org>
Cc: Joe Lawrence <joe.lawrence@redhat.com>
Link: http://lkml.kernel.org/r/1538490554-8161-3-git-send-email-sansharm@redhat.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/perf/util/trace-event-info.c | 2 ++
1 file changed, 2 insertions(+)
--- a/tools/perf/util/trace-event-info.c
+++ b/tools/perf/util/trace-event-info.c
@@ -531,12 +531,14 @@ struct tracing_data *tracing_data_get(st
"/tmp/perf-XXXXXX");
if (!mkstemp(tdata->temp_file)) {
pr_debug("Can't make temp file");
+ free(tdata);
return NULL;
}
temp_fd = open(tdata->temp_file, O_RDWR);
if (temp_fd < 0) {
pr_debug("Can't read '%s'", tdata->temp_file);
+ free(tdata);
return NULL;
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 066/361] perf tools: Free printk string in parse_ftrace_printk()
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (64 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 065/361] perf tools: Cleanup trace-event-info tdata leak Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 067/361] perf strbuf: Match va_{add,copy} with va_end Greg Kroah-Hartman
` (297 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sanskriti Sharma, Jiri Olsa,
Joe Lawrence, Arnaldo Carvalho de Melo, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sanskriti Sharma <sansharm@redhat.com>
[ Upstream commit 9c8a182e5a73e01afd11742a2ab887bf338fdafd ]
parse_ftrace_printk() tokenizes and parses a line, calling strdup() each
iteration. Add code to free this temporary format string duplicate.
Fixes the following coverity complaints:
Error: RESOURCE_LEAK (CWE-772):
tools/perf/util/trace-event-parse.c:158: overwrite_var: Overwriting
"printk" in "printk = strdup(fmt + 1)" leaks the storage that "printk"
points to.
tools/perf/util/trace-event-parse.c:162: leaked_storage: Variable
"printk" going out of scope leaks the storage it points to.
Signed-off-by: Sanskriti Sharma <sansharm@redhat.com>
Reviewed-by: Jiri Olsa <jolsa@kernel.org>
Cc: Joe Lawrence <joe.lawrence@redhat.com>
Link: http://lkml.kernel.org/r/1538490554-8161-4-git-send-email-sansharm@redhat.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/perf/util/trace-event-parse.c | 1 +
1 file changed, 1 insertion(+)
--- a/tools/perf/util/trace-event-parse.c
+++ b/tools/perf/util/trace-event-parse.c
@@ -158,6 +158,7 @@ void parse_ftrace_printk(struct tep_hand
printk = strdup(fmt+1);
line = strtok_r(NULL, "\n", &next);
tep_register_print_string(pevent, printk, addr);
+ free(printk);
}
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 067/361] perf strbuf: Match va_{add,copy} with va_end
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (65 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 066/361] perf tools: Free printk string in parse_ftrace_printk() Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 068/361] cpupower: Fix coredump on VMWare Greg Kroah-Hartman
` (296 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sanskriti Sharma, Jiri Olsa,
Joe Lawrence, Arnaldo Carvalho de Melo, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sanskriti Sharma <sansharm@redhat.com>
[ Upstream commit ce49d8436cffa9b7a6a5f110879d53e89dbc6746 ]
Ensure that all code paths in strbuf_addv() call va_end() on the
ap_saved copy that was made.
Fixes the following coverity complaint:
Error: VARARGS (CWE-237): [#def683]
tools/perf/util/strbuf.c:106: missing_va_end: va_end was not called
for "ap_saved".
Signed-off-by: Sanskriti Sharma <sansharm@redhat.com>
Reviewed-by: Jiri Olsa <jolsa@kernel.org>
Cc: Joe Lawrence <joe.lawrence@redhat.com>
Link: http://lkml.kernel.org/r/1538490554-8161-2-git-send-email-sansharm@redhat.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/perf/util/strbuf.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
--- a/tools/perf/util/strbuf.c
+++ b/tools/perf/util/strbuf.c
@@ -98,19 +98,25 @@ static int strbuf_addv(struct strbuf *sb
va_copy(ap_saved, ap);
len = vsnprintf(sb->buf + sb->len, sb->alloc - sb->len, fmt, ap);
- if (len < 0)
+ if (len < 0) {
+ va_end(ap_saved);
return len;
+ }
if (len > strbuf_avail(sb)) {
ret = strbuf_grow(sb, len);
- if (ret)
+ if (ret) {
+ va_end(ap_saved);
return ret;
+ }
len = vsnprintf(sb->buf + sb->len, sb->alloc - sb->len, fmt, ap_saved);
va_end(ap_saved);
if (len > strbuf_avail(sb)) {
pr_debug("this should not happen, your vsnprintf is broken");
+ va_end(ap_saved);
return -EINVAL;
}
}
+ va_end(ap_saved);
return strbuf_setlen(sb, sb->len + len);
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 068/361] cpupower: Fix coredump on VMWare
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (66 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 067/361] perf strbuf: Match va_{add,copy} with va_end Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 069/361] bcache: Populate writeback_rate_minimum attribute Greg Kroah-Hartman
` (295 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Prarit Bhargava, Shuah Khan,
Stafford Horne, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Prarit Bhargava <prarit@redhat.com>
[ Upstream commit f69ffc5d3db8f1f03fd6d1df5930f9a1fbd787b6 ]
cpupower crashes on VMWare guests. The guests have the AMD PStateDef MSR
(0xC0010064 + state number) set to zero. As a result fid and did are zero
and the crash occurs because of a divide by zero (cof = fid/did). This
can be prevented by checking the enable bit in the PStateDef MSR before
calculating cof. By doing this the value of pstate[i] remains zero and
the value can be tested before displaying the active Pstates.
Check the enable bit in the PstateDef register for all supported families
and only print out enabled Pstates.
Signed-off-by: Prarit Bhargava <prarit@redhat.com>
Cc: Shuah Khan <shuah@kernel.org>
Cc: Stafford Horne <shorne@gmail.com>
Signed-off-by: Shuah Khan (Samsung OSG) <shuah@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/power/cpupower/utils/cpufreq-info.c | 2 ++
tools/power/cpupower/utils/helpers/amd.c | 5 +++++
2 files changed, 7 insertions(+)
--- a/tools/power/cpupower/utils/cpufreq-info.c
+++ b/tools/power/cpupower/utils/cpufreq-info.c
@@ -200,6 +200,8 @@ static int get_boost_mode(unsigned int c
printf(_(" Boost States: %d\n"), b_states);
printf(_(" Total States: %d\n"), pstate_no);
for (i = 0; i < pstate_no; i++) {
+ if (!pstates[i])
+ continue;
if (i < b_states)
printf(_(" Pstate-Pb%d: %luMHz (boost state)"
"\n"), i, pstates[i]);
--- a/tools/power/cpupower/utils/helpers/amd.c
+++ b/tools/power/cpupower/utils/helpers/amd.c
@@ -119,6 +119,11 @@ int decode_pstates(unsigned int cpu, uns
}
if (read_msr(cpu, MSR_AMD_PSTATE + i, &pstate.val))
return -1;
+ if ((cpu_family == 0x17) && (!pstate.fam17h_bits.en))
+ continue;
+ else if (!pstate.bits.en)
+ continue;
+
pstates[i] = get_cof(cpu_family, pstate);
}
*no = i;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 069/361] bcache: Populate writeback_rate_minimum attribute
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (67 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 068/361] cpupower: Fix coredump on VMWare Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 070/361] mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 Greg Kroah-Hartman
` (294 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ben Peddell, Coly Li, Jens Axboe,
Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ben Peddell <klightspeed@killerwolves.net>
[ Upstream commit 7567c2a2ad9e80a2ce977eef535e64b61899633e ]
Forgot to include the maintainers with my first email.
Somewhere between Michael Lyle's original
"bcache: PI controller for writeback rate V2" patch dated 07 Sep 2017
and 1d316e6 bcache: implement PI controller for writeback rate,
the mapping of the writeback_rate_minimum attribute was dropped.
Re-add the missing sysfs writeback_rate_minimum attribute mapping to
"allow the user to specify a minimum rate at which dirty blocks are
retired."
Fixes: 1d316e6 ("bcache: implement PI controller for writeback rate")
Signed-off-by: Ben Peddell <klightspeed@killerwolves.net>
Signed-off-by: Coly Li <colyli@suse.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/bcache/sysfs.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/md/bcache/sysfs.c
+++ b/drivers/md/bcache/sysfs.c
@@ -285,6 +285,7 @@ STORE(__cached_dev)
1, WRITEBACK_RATE_UPDATE_SECS_MAX);
d_strtoul(writeback_rate_i_term_inverse);
d_strtoul_nonzero(writeback_rate_p_term_inverse);
+ d_strtoul_nonzero(writeback_rate_minimum);
sysfs_strtoul_clamp(io_error_limit, dc->error_limit, 0, INT_MAX);
@@ -412,6 +413,7 @@ static struct attribute *bch_cached_dev_
&sysfs_writeback_rate_update_seconds,
&sysfs_writeback_rate_i_term_inverse,
&sysfs_writeback_rate_p_term_inverse,
+ &sysfs_writeback_rate_minimum,
&sysfs_writeback_rate_debug,
&sysfs_errors,
&sysfs_io_error_limit,
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 070/361] mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (68 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 069/361] bcache: Populate writeback_rate_minimum attribute Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 071/361] sdhci: acpi: add free_slot callback Greg Kroah-Hartman
` (293 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yu Zhao, Ulf Hansson, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yu Zhao <yuzhao@google.com>
[ Upstream commit 5169894982bb67486d93cc1e10151712bb86bcb6 ]
This device reports SDHCI_CLOCK_INT_STABLE even though it's not
ready to take SDHCI_CLOCK_CARD_EN. The symptom is that reading
SDHCI_CLOCK_CONTROL after enabling the clock shows absence of the
bit from the register (e.g. expecting 0x0000fa07 = 0x0000fa03 |
SDHCI_CLOCK_CARD_EN but only observed the first operand).
mmc1: Timeout waiting for hardware cmd interrupt.
mmc1: sdhci: ============ SDHCI REGISTER DUMP ===========
mmc1: sdhci: Sys addr: 0x00000000 | Version: 0x00000603
mmc1: sdhci: Blk size: 0x00000000 | Blk cnt: 0x00000000
mmc1: sdhci: Argument: 0x00000000 | Trn mode: 0x00000000
mmc1: sdhci: Present: 0x01ff0001 | Host ctl: 0x00000001
mmc1: sdhci: Power: 0x0000000f | Blk gap: 0x00000000
mmc1: sdhci: Wake-up: 0x00000000 | Clock: 0x0000fa03
mmc1: sdhci: Timeout: 0x00000000 | Int stat: 0x00000000
mmc1: sdhci: Int enab: 0x00ff0083 | Sig enab: 0x00ff0083
mmc1: sdhci: AC12 err: 0x00000000 | Slot int: 0x00000000
mmc1: sdhci: Caps: 0x25fcc8bf | Caps_1: 0x00002077
mmc1: sdhci: Cmd: 0x00000000 | Max curr: 0x005800c8
mmc1: sdhci: Resp[0]: 0x00000000 | Resp[1]: 0x00000000
mmc1: sdhci: Resp[2]: 0x00000000 | Resp[3]: 0x00000000
mmc1: sdhci: Host ctl2: 0x00000008
mmc1: sdhci: ADMA Err: 0x00000000 | ADMA Ptr: 0x00000000
mmc1: sdhci: ============================================
The problem happens during wakeup from S3. Adding a delay quirk
after power up reliably fixes the problem.
Signed-off-by: Yu Zhao <yuzhao@google.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/host/sdhci-pci-o2micro.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/mmc/host/sdhci-pci-o2micro.c
+++ b/drivers/mmc/host/sdhci-pci-o2micro.c
@@ -490,6 +490,9 @@ int sdhci_pci_o2_probe(struct sdhci_pci_
pci_write_config_byte(chip->pdev, O2_SD_LOCK_WP, scratch);
break;
case PCI_DEVICE_ID_O2_SEABIRD0:
+ if (chip->pdev->revision == 0x01)
+ chip->quirks |= SDHCI_QUIRK_DELAY_AFTER_POWER;
+ /* fall through */
case PCI_DEVICE_ID_O2_SEABIRD1:
/* UnLock WP */
ret = pci_read_config_byte(chip->pdev,
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 071/361] sdhci: acpi: add free_slot callback
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (69 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 070/361] mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 072/361] mtd: rawnand: denali: set SPARE_AREA_SKIP_BYTES register to 8 if unset Greg Kroah-Hartman
` (292 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wang Dongsheng, Adrian Hunter,
Ulf Hansson, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Wang Dongsheng <dongsheng.wang@hxt-semitech.com>
[ Upstream commit c7eabbee3de99347105faa7fd925a500ccf43baf ]
The device specific resource can be free in free_slot after
removing host controller.
Signed-off-by: Wang Dongsheng <dongsheng.wang@hxt-semitech.com>
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/host/sdhci-acpi.c | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/drivers/mmc/host/sdhci-acpi.c
+++ b/drivers/mmc/host/sdhci-acpi.c
@@ -76,6 +76,7 @@ struct sdhci_acpi_slot {
size_t priv_size;
int (*probe_slot)(struct platform_device *, const char *, const char *);
int (*remove_slot)(struct platform_device *);
+ int (*free_slot)(struct platform_device *pdev);
int (*setup_host)(struct platform_device *pdev);
};
@@ -756,6 +757,9 @@ static int sdhci_acpi_probe(struct platf
err_cleanup:
sdhci_cleanup_host(c->host);
err_free:
+ if (c->slot && c->slot->free_slot)
+ c->slot->free_slot(pdev);
+
sdhci_free_host(c->host);
return err;
}
@@ -777,6 +781,10 @@ static int sdhci_acpi_remove(struct plat
dead = (sdhci_readl(c->host, SDHCI_INT_STATUS) == ~0);
sdhci_remove_host(c->host, dead);
+
+ if (c->slot && c->slot->free_slot)
+ c->slot->free_slot(pdev);
+
sdhci_free_host(c->host);
return 0;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 072/361] mtd: rawnand: denali: set SPARE_AREA_SKIP_BYTES register to 8 if unset
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (70 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 071/361] sdhci: acpi: add free_slot callback Greg Kroah-Hartman
@ 2018-11-11 22:16 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 073/361] iwlwifi: pcie: avoid empty free RB queue Greg Kroah-Hartman
` (291 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Masahiro Yamada, Boris Brezillon,
Miquel Raynal, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Masahiro Yamada <yamada.masahiro@socionext.com>
[ Upstream commit 0d55c668b218a1db68b5044bce4de74e1bd0f0c8 ]
NAND devices need additional data area (OOB) for error correction,
but it is also used for Bad Block Marker (BBM). In many cases, the
first byte in OOB is used for BBM, but the location actually depends
on chip vendors. The NAND controller should preserve the precious
BBM to keep track of bad blocks.
In Denali IP, the SPARE_AREA_SKIP_BYTES register is used to specify
the number of bytes to skip from the start of OOB. The ECC engine
will automatically skip the specified number of bytes when it gets
access to OOB area.
The same value for SPARE_AREA_SKIP_BYTES should be used between
firmware and the operating system if you intend to use the NAND
device across the control hand-off.
In fact, the current denali.c code expects firmware to have already
set the SPARE_AREA_SKIP_BYTES register, then reads the value out.
If no firmware (or bootloader) has initialized the controller, the
register value is zero, which is the default after power-on-reset.
In other words, the Linux driver cannot initialize the controller
by itself.
Some possible solutions are:
[1] Add a DT property to specify the skipped bytes in OOB
[2] Associate the preferred value with compatible
[3] Hard-code the default value in the driver
My first attempt was [1], but in the review process, [3] was suggested
as a counter-implementation.
(https://lore.kernel.org/patchwork/patch/983055/)
The default value 8 was chosen to match to the boot ROM of the UniPhier
platform. The preferred value may vary by platform. If so, please
trade up to a different solution.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reviewed-by: Boris Brezillon <boris.brezillon@bootlin.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/nand/raw/denali.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
--- a/drivers/mtd/nand/raw/denali.c
+++ b/drivers/mtd/nand/raw/denali.c
@@ -28,6 +28,7 @@
MODULE_LICENSE("GPL");
#define DENALI_NAND_NAME "denali-nand"
+#define DENALI_DEFAULT_OOB_SKIP_BYTES 8
/* for Indexed Addressing */
#define DENALI_INDEXED_CTRL 0x00
@@ -1105,12 +1106,17 @@ static void denali_hw_init(struct denali
denali->revision = swab16(ioread32(denali->reg + REVISION));
/*
- * tell driver how many bit controller will skip before
- * writing ECC code in OOB, this register may be already
- * set by firmware. So we read this value out.
- * if this value is 0, just let it be.
+ * Set how many bytes should be skipped before writing data in OOB.
+ * If a non-zero value has already been set (by firmware or something),
+ * just use it. Otherwise, set the driver default.
*/
denali->oob_skip_bytes = ioread32(denali->reg + SPARE_AREA_SKIP_BYTES);
+ if (!denali->oob_skip_bytes) {
+ denali->oob_skip_bytes = DENALI_DEFAULT_OOB_SKIP_BYTES;
+ iowrite32(denali->oob_skip_bytes,
+ denali->reg + SPARE_AREA_SKIP_BYTES);
+ }
+
denali_detect_max_banks(denali);
iowrite32(0x0F, denali->reg + RB_PIN_ENABLED);
iowrite32(CHIP_EN_DONT_CARE__FLAG, denali->reg + CHIP_ENABLE_DONT_CARE);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 073/361] iwlwifi: pcie: avoid empty free RB queue
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (71 preceding siblings ...)
2018-11-11 22:16 ` [PATCH 4.19 072/361] mtd: rawnand: denali: set SPARE_AREA_SKIP_BYTES register to 8 if unset Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 074/361] iwlwifi: mvm: clear HW_RESTART_REQUESTED when stopping the interface Greg Kroah-Hartman
` (290 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Shaul Triebitz, Luca Coelho, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Shaul Triebitz <shaul.triebitz@intel.com>
[ Upstream commit 868a1e863f95183f00809363fefba6d4f5bcd116 ]
If all free RB queues are empty, the driver will never restock the
free RB queue. That's because the restocking happens in the Rx flow,
and if the free queue is empty there will be no Rx.
Although there's a background worker (a.k.a. allocator) allocating
memory for RBs so that the Rx handler can restock them, the worker may
run only after the free queue has become empty (and then it is too
late for restocking as explained above).
There is a solution for that called 'emergency': If the number of used
RB's reaches half the amount of all RB's, the Rx handler will not wait
for the allocator but immediately allocate memory for the used RB's
and restock the free queue.
But, since the used RB's is per queue, it may happen that the used
RB's are spread between the queues such that the emergency check will
fail for each of the queues
(and still run out of RBs, causing the above symptom).
To fix it, move to emergency mode if the sum of *all* used RBs (for
all Rx queues) reaches half the amount of all RB's
Signed-off-by: Shaul Triebitz <shaul.triebitz@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/intel/iwlwifi/pcie/rx.c | 32 +++++++++++++++++----------
1 file changed, 21 insertions(+), 11 deletions(-)
--- a/drivers/net/wireless/intel/iwlwifi/pcie/rx.c
+++ b/drivers/net/wireless/intel/iwlwifi/pcie/rx.c
@@ -1144,6 +1144,14 @@ void iwl_pcie_rx_free(struct iwl_trans *
kfree(trans_pcie->rxq);
}
+static void iwl_pcie_rx_move_to_allocator(struct iwl_rxq *rxq,
+ struct iwl_rb_allocator *rba)
+{
+ spin_lock(&rba->lock);
+ list_splice_tail_init(&rxq->rx_used, &rba->rbd_empty);
+ spin_unlock(&rba->lock);
+}
+
/*
* iwl_pcie_rx_reuse_rbd - Recycle used RBDs
*
@@ -1175,9 +1183,7 @@ static void iwl_pcie_rx_reuse_rbd(struct
if ((rxq->used_count % RX_CLAIM_REQ_ALLOC) == RX_POST_REQ_ALLOC) {
/* Move the 2 RBDs to the allocator ownership.
Allocator has another 6 from pool for the request completion*/
- spin_lock(&rba->lock);
- list_splice_tail_init(&rxq->rx_used, &rba->rbd_empty);
- spin_unlock(&rba->lock);
+ iwl_pcie_rx_move_to_allocator(rxq, rba);
atomic_inc(&rba->req_pending);
queue_work(rba->alloc_wq, &rba->rx_alloc);
@@ -1396,10 +1402,18 @@ restart:
IWL_DEBUG_RX(trans, "Q %d: HW = SW = %d\n", rxq->id, r);
while (i != r) {
+ struct iwl_rb_allocator *rba = &trans_pcie->rba;
struct iwl_rx_mem_buffer *rxb;
-
- if (unlikely(rxq->used_count == rxq->queue_size / 2))
+ /* number of RBDs still waiting for page allocation */
+ u32 rb_pending_alloc =
+ atomic_read(&trans_pcie->rba.req_pending) *
+ RX_CLAIM_REQ_ALLOC;
+
+ if (unlikely(rb_pending_alloc >= rxq->queue_size / 2 &&
+ !emergency)) {
+ iwl_pcie_rx_move_to_allocator(rxq, rba);
emergency = true;
+ }
rxb = iwl_pcie_get_rxb(trans, rxq, i);
if (!rxb)
@@ -1421,17 +1435,13 @@ restart:
iwl_pcie_rx_allocator_get(trans, rxq);
if (rxq->used_count % RX_CLAIM_REQ_ALLOC == 0 && !emergency) {
- struct iwl_rb_allocator *rba = &trans_pcie->rba;
-
/* Add the remaining empty RBDs for allocator use */
- spin_lock(&rba->lock);
- list_splice_tail_init(&rxq->rx_used, &rba->rbd_empty);
- spin_unlock(&rba->lock);
+ iwl_pcie_rx_move_to_allocator(rxq, rba);
} else if (emergency) {
count++;
if (count == 8) {
count = 0;
- if (rxq->used_count < rxq->queue_size / 3)
+ if (rb_pending_alloc < rxq->queue_size / 3)
emergency = false;
rxq->read = i;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 074/361] iwlwifi: mvm: clear HW_RESTART_REQUESTED when stopping the interface
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (72 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 073/361] iwlwifi: pcie: avoid empty free RB queue Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 075/361] iwlwifi: mvm: check for n_profiles validity in EWRD ACPI Greg Kroah-Hartman
` (289 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Emmanuel Grumbach, Luca Coelho, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
[ Upstream commit 155f7e0441cd121b1e673d465a35e99f4b9b2f0b ]
Fix a bug that happens in the following scenario:
1) suspend without WoWLAN
2) mac80211 calls drv_stop because of the suspend
3) __iwl_mvm_mac_stop deallocates the aux station
4) during drv_stop the firmware crashes
5) iwlmvm:
* sets IWL_MVM_STATUS_HW_RESTART_REQUESTED
* asks mac80211 to kick the restart flow
6) mac80211 puts the restart worker into a freezable
queue which means that the worker will not run for now
since the workqueue is already frozen
7) ...
8) resume
9) mac80211 runs ieee80211_reconfig as part of the resume
10) mac80211 detects that a restart flow has been requested
and that we are now resuming from suspend and cancels
the restart worker
11) mac80211 calls drv_start()
12) __iwl_mvm_mac_start checks that IWL_MVM_STATUS_HW_RESTART_REQUESTED
clears it, sets IWL_MVM_STATUS_IN_HW_RESTART and calls
iwl_mvm_restart_cleanup()
13) iwl_fw_error_dump gets called and accesses the device
to get debug data
14) iwl_mvm_up adds the aux station
15) iwl_mvm_add_aux_sta() allocates an internal station for
the aux station
16) iwl_mvm_allocate_int_sta() tests IWL_MVM_STATUS_IN_HW_RESTART
and doesn't really allocate a station ID for the aux
station
17) a new queue is added for the aux station
Note that steps from 5 to 9 aren't really part of the
problem but were described for the sake of completeness.
Once the iwl_mvm_mac_stop() is called, the device is not
accessible, meaning that step 12) can't succeed and we'll
see the following:
drivers/net/wireless/intel/iwlwifi/pcie/trans.c:2122 iwl_trans_pcie_grab_nic_access+0xc0/0x1d6 [iwlwifi]()
Timeout waiting for hardware access (CSR_GP_CNTRL 0x080403d8)
Call Trace:
[<ffffffffc03e6ad3>] iwl_trans_pcie_grab_nic_access+0xc0/0x1d6 [iwlwifi]
[<ffffffffc03e6a13>] iwl_trans_pcie_dump_regs+0x3fd/0x3fd [iwlwifi]
[<ffffffffc03dad42>] iwl_fw_error_dump+0x4f5/0xe8b [iwlwifi]
[<ffffffffc04bd43e>] __iwl_mvm_mac_start+0x5a/0x21a [iwlmvm]
[<ffffffffc04bd6d2>] iwl_mvm_mac_start+0xd4/0x103 [iwlmvm]
[<ffffffffc042d378>] drv_start+0xa1/0xc5 [iwl7000_mac80211]
[<ffffffffc045a339>] ieee80211_reconfig+0x145/0xf50 [mac80211]
[<ffffffffc044788b>] ieee80211_resume+0x62/0x66 [mac80211]
[<ffffffffc0366c5b>] wiphy_resume+0xa9/0xc6 [cfg80211]
The station id of the aux station is set to 0xff in step 3
and because we don't really allocate a new station id for
the auxliary station (as explained in 16), we end up sending
a command to the firmware asking to connect the queue
to station id 0xff. This makes the firmware crash with the
following information:
0x00002093 | ADVANCED_SYSASSERT
0x000002F0 | trm_hw_status0
0x00000000 | trm_hw_status1
0x00000B38 | branchlink2
0x0001978C | interruptlink1
0x00000000 | interruptlink2
0xFF080501 | data1
0xDEADBEEF | data2
0xDEADBEEF | data3
Firmware error during reconfiguration - reprobe!
FW error in SYNC CMD SCD_QUEUE_CFG
Fix this by clearing IWL_MVM_STATUS_HW_RESTART_REQUESTED
in iwl_mvm_mac_stop(). We won't be able to collect debug
data anyway and when we will brought up again, we will
have a clean state from the firmware perspective.
Since we won't have IWL_MVM_STATUS_IN_HW_RESTART set in
step 12) we won't get to the 2093 ASSERT either.
Fixes: bf8b286f86fc ("iwlwifi: mvm: defer setting IWL_MVM_STATUS_IN_HW_RESTART")
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
--- a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
@@ -1233,12 +1233,15 @@ void __iwl_mvm_mac_stop(struct iwl_mvm *
iwl_mvm_del_aux_sta(mvm);
/*
- * Clear IN_HW_RESTART flag when stopping the hw (as restart_complete()
- * won't be called in this case).
+ * Clear IN_HW_RESTART and HW_RESTART_REQUESTED flag when stopping the
+ * hw (as restart_complete() won't be called in this case) and mac80211
+ * won't execute the restart.
* But make sure to cleanup interfaces that have gone down before/during
* HW restart was requested.
*/
- if (test_and_clear_bit(IWL_MVM_STATUS_IN_HW_RESTART, &mvm->status))
+ if (test_and_clear_bit(IWL_MVM_STATUS_IN_HW_RESTART, &mvm->status) ||
+ test_and_clear_bit(IWL_MVM_STATUS_HW_RESTART_REQUESTED,
+ &mvm->status))
ieee80211_iterate_interfaces(mvm->hw, 0,
iwl_mvm_cleanup_iterator, mvm);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 075/361] iwlwifi: mvm: check for n_profiles validity in EWRD ACPI
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (73 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 074/361] iwlwifi: mvm: clear HW_RESTART_REQUESTED when stopping the interface Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 076/361] x86/olpc: Indicate that legacy PC XO-1 platform should not register RTC Greg Kroah-Hartman
` (288 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Luca Coelho, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Luca Coelho <luciano.coelho@intel.com>
[ Upstream commit 2e1976bb75263fbad918e82184b16a23bd721546 ]
When reading the profiles from the EWRD table in ACPI, we loop over
the data and set it into our internal table. We use the number of
profiles specified in ACPI without checking its validity, so if the
ACPI table is corrupted and the number is larger than our array size,
we will try to make an out-of-bounds access.
Fix this by making sure the value specified in the ACPI table is
valid.
Fixes: 6996490501ed ("iwlwifi: mvm: add support for EWRD (Dynamic SAR) ACPI table")
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/drivers/net/wireless/intel/iwlwifi/mvm/fw.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/fw.c
@@ -704,8 +704,12 @@ static int iwl_mvm_sar_get_ewrd_table(st
enabled = !!(wifi_pkg->package.elements[1].integer.value);
n_profiles = wifi_pkg->package.elements[2].integer.value;
- /* in case of BIOS bug */
- if (n_profiles <= 0) {
+ /*
+ * Check the validity of n_profiles. The EWRD profiles start
+ * from index 1, so the maximum value allowed here is
+ * ACPI_SAR_PROFILES_NUM - 1.
+ */
+ if (n_profiles <= 0 || n_profiles >= ACPI_SAR_PROFILE_NUM) {
ret = -EINVAL;
goto out_free;
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 076/361] x86/olpc: Indicate that legacy PC XO-1 platform should not register RTC
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (74 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 075/361] iwlwifi: mvm: check for n_profiles validity in EWRD ACPI Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 077/361] wlcore: Fix BUG with clear completion on timeout Greg Kroah-Hartman
` (287 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lubomir Rintel, Borislav Petkov,
Thomas Gleixner, H. Peter Anvin, Ingo Molnar, x86-ml,
Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lubomir Rintel <lkundrak@v3.sk>
[ Upstream commit d92116b800fb79a72ad26121f5011f6aa3ad94c2 ]
On OLPC XO-1, the RTC is discovered via device tree from the arch
initcall. Don't let the PC platform register another one from its device
initcall, it's not going to work:
sysfs: cannot create duplicate filename '/devices/platform/rtc_cmos'
CPU: 0 PID: 1 Comm: swapper Not tainted 4.19.0-rc6 #12
Hardware name: OLPC XO/XO, BIOS OLPC Ver 1.00.01 06/11/2014
Call Trace:
dump_stack+0x16/0x18
sysfs_warn_dup+0x46/0x58
sysfs_create_dir_ns+0x76/0x9b
kobject_add_internal+0xed/0x209
? __schedule+0x3fa/0x447
kobject_add+0x5b/0x66
device_add+0x298/0x535
? insert_resource_conflict+0x2a/0x3e
platform_device_add+0x14d/0x192
? io_delay_init+0x19/0x19
platform_device_register+0x1c/0x1f
add_rtc_cmos+0x16/0x31
do_one_initcall+0x78/0x14a
? do_early_param+0x75/0x75
kernel_init_freeable+0x152/0x1e0
? rest_init+0xa2/0xa2
kernel_init+0x8/0xd5
ret_from_fork+0x2e/0x38
kobject_add_internal failed for rtc_cmos with -EEXIST, don't try to
register things with the same name in the same directory.
platform rtc_cmos: registered platform RTC device (no PNP device found)
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Signed-off-by: Borislav Petkov <bp@suse.de>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
CC: "H. Peter Anvin" <hpa@zytor.com>
CC: Ingo Molnar <mingo@redhat.com>
CC: x86-ml <x86@kernel.org>
Link: http://lkml.kernel.org/r/20181004160808.307738-1-lkundrak@v3.sk
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/platform/olpc/olpc-xo1-rtc.c | 3 +++
1 file changed, 3 insertions(+)
--- a/arch/x86/platform/olpc/olpc-xo1-rtc.c
+++ b/arch/x86/platform/olpc/olpc-xo1-rtc.c
@@ -16,6 +16,7 @@
#include <asm/msr.h>
#include <asm/olpc.h>
+#include <asm/x86_init.h>
static void rtc_wake_on(struct device *dev)
{
@@ -75,6 +76,8 @@ static int __init xo1_rtc_init(void)
if (r)
return r;
+ x86_platform.legacy.rtc = 0;
+
device_init_wakeup(&xo1_rtc_device.dev, 1);
return 0;
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 077/361] wlcore: Fix BUG with clear completion on timeout
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (75 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 076/361] x86/olpc: Indicate that legacy PC XO-1 platform should not register RTC Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 078/361] nvmet-rdma: use a private workqueue for delete Greg Kroah-Hartman
` (286 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eyal Reizer, Tony Lindgren,
Kalle Valo, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tony Lindgren <tony@atomide.com>
[ Upstream commit 4e651bad848955d88b29a568bfbfb4b831270e16 ]
We do not currently clear wl->elp_compl on ELP timeout and we have bogus
lingering pointer that wlcore_irq then will try to access after recovery
is done:
BUG: spinlock bad magic on CPU#1, irq/255-wl12xx/580
...
(spin_dump) from [<c01b9344>] (do_raw_spin_lock+0xc8/0x124)
(do_raw_spin_lock) from [<c09b3970>] (_raw_spin_lock_irqsave+0x68/0x74)
(_raw_spin_lock_irqsave) from [<c01a02f0>] (complete+0x24/0x58)
(complete) from [<bf572610>] (wlcore_irq+0x48/0x17c [wlcore])
(wlcore_irq [wlcore]) from [<c01c5efc>] (irq_thread_fn+0x2c/0x64)
(irq_thread_fn) from [<c01c623c>] (irq_thread+0x148/0x290)
(irq_thread) from [<c016b4b0>] (kthread+0x160/0x17c)
(kthread) from [<c01010b4>] (ret_from_fork+0x14/0x20)
...
After that the system will hang. Let's fix this by adding a flag for
recovery and moving the recovery work call to to the error handling
section.
And we want to set WL1271_FLAG_INTENDED_FW_RECOVERY and actually clear
it too in wl1271_recovery_work() and just downgrade the error to a
warning to prevent overly verbose output.
Cc: Eyal Reizer <eyalr@ti.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/ti/wlcore/main.c | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
--- a/drivers/net/wireless/ti/wlcore/main.c
+++ b/drivers/net/wireless/ti/wlcore/main.c
@@ -957,6 +957,8 @@ static void wl1271_recovery_work(struct
BUG_ON(wl->conf.recovery.bug_on_recovery &&
!test_bit(WL1271_FLAG_INTENDED_FW_RECOVERY, &wl->flags));
+ clear_bit(WL1271_FLAG_INTENDED_FW_RECOVERY, &wl->flags);
+
if (wl->conf.recovery.no_recovery) {
wl1271_info("No recovery (chosen on module load). Fw will remain stuck.");
goto out_unlock;
@@ -6710,6 +6712,7 @@ static int __maybe_unused wlcore_runtime
int ret;
unsigned long start_time = jiffies;
bool pending = false;
+ bool recovery = false;
/* Nothing to do if no ELP mode requested */
if (!test_bit(WL1271_FLAG_IN_ELP, &wl->flags))
@@ -6726,7 +6729,7 @@ static int __maybe_unused wlcore_runtime
ret = wlcore_raw_write32(wl, HW_ACCESS_ELP_CTRL_REG, ELPCTRL_WAKE_UP);
if (ret < 0) {
- wl12xx_queue_recovery_work(wl);
+ recovery = true;
goto err;
}
@@ -6734,11 +6737,12 @@ static int __maybe_unused wlcore_runtime
ret = wait_for_completion_timeout(&compl,
msecs_to_jiffies(WL1271_WAKEUP_TIMEOUT));
if (ret == 0) {
- wl1271_error("ELP wakeup timeout!");
- wl12xx_queue_recovery_work(wl);
+ wl1271_warning("ELP wakeup timeout!");
/* Return no error for runtime PM for recovery */
- return 0;
+ ret = 0;
+ recovery = true;
+ goto err;
}
}
@@ -6753,6 +6757,12 @@ err:
spin_lock_irqsave(&wl->wl_lock, flags);
wl->elp_compl = NULL;
spin_unlock_irqrestore(&wl->wl_lock, flags);
+
+ if (recovery) {
+ set_bit(WL1271_FLAG_INTENDED_FW_RECOVERY, &wl->flags);
+ wl12xx_queue_recovery_work(wl);
+ }
+
return ret;
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 078/361] nvmet-rdma: use a private workqueue for delete
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (76 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 077/361] wlcore: Fix BUG with clear completion on timeout Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-12 1:27 ` Bart Van Assche
2018-11-11 22:17 ` [PATCH 4.19 079/361] ACPI/PPTT: Handle architecturally unknown cache types Greg Kroah-Hartman
` (285 subsequent siblings)
363 siblings, 1 reply; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bart Van Assche, Sagi Grimberg,
Christoph Hellwig, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sagi Grimberg <sagi@grimberg.me>
[ Upstream commit 2acf70ade79d26b97611a8df52eb22aa33814cd4 ]
Queue deletion is done asynchronous when the last reference on the queue
is dropped. Thus, in order to make sure we don't over allocate under a
connect/disconnect storm, we let queue deletion complete before making
forward progress.
However, given that we flush the system_wq from rdma_cm context which
runs from a workqueue context, we can have a circular locking complaint
[1]. Fix that by using a private workqueue for queue deletion.
[1]:
======================================================
WARNING: possible circular locking dependency detected
4.19.0-rc4-dbg+ #3 Not tainted
------------------------------------------------------
kworker/5:0/39 is trying to acquire lock:
00000000a10b6db9 (&id_priv->handler_mutex){+.+.}, at: rdma_destroy_id+0x6f/0x440 [rdma_cm]
but task is already holding lock:
00000000331b4e2c ((work_completion)(&queue->release_work)){+.+.}, at: process_one_work+0x3ed/0xa20
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #3 ((work_completion)(&queue->release_work)){+.+.}:
process_one_work+0x474/0xa20
worker_thread+0x63/0x5a0
kthread+0x1cf/0x1f0
ret_from_fork+0x24/0x30
-> #2 ((wq_completion)"events"){+.+.}:
flush_workqueue+0xf3/0x970
nvmet_rdma_cm_handler+0x133d/0x1734 [nvmet_rdma]
cma_ib_req_handler+0x72f/0xf90 [rdma_cm]
cm_process_work+0x2e/0x110 [ib_cm]
cm_req_handler+0x135b/0x1c30 [ib_cm]
cm_work_handler+0x2b7/0x38cd [ib_cm]
process_one_work+0x4ae/0xa20
nvmet_rdma:nvmet_rdma_cm_handler: nvmet_rdma: disconnected (10): status 0 id 0000000040357082
worker_thread+0x63/0x5a0
kthread+0x1cf/0x1f0
ret_from_fork+0x24/0x30
nvme nvme0: Reconnecting in 10 seconds...
-> #1 (&id_priv->handler_mutex/1){+.+.}:
__mutex_lock+0xfe/0xbe0
mutex_lock_nested+0x1b/0x20
cma_ib_req_handler+0x6aa/0xf90 [rdma_cm]
cm_process_work+0x2e/0x110 [ib_cm]
cm_req_handler+0x135b/0x1c30 [ib_cm]
cm_work_handler+0x2b7/0x38cd [ib_cm]
process_one_work+0x4ae/0xa20
worker_thread+0x63/0x5a0
kthread+0x1cf/0x1f0
ret_from_fork+0x24/0x30
-> #0 (&id_priv->handler_mutex){+.+.}:
lock_acquire+0xc5/0x200
__mutex_lock+0xfe/0xbe0
mutex_lock_nested+0x1b/0x20
rdma_destroy_id+0x6f/0x440 [rdma_cm]
nvmet_rdma_release_queue_work+0x8e/0x1b0 [nvmet_rdma]
process_one_work+0x4ae/0xa20
worker_thread+0x63/0x5a0
kthread+0x1cf/0x1f0
ret_from_fork+0x24/0x30
Fixes: 777dc82395de ("nvmet-rdma: occasionally flush ongoing controller teardown")
Reported-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Sagi Grimberg <sagi@grimberg.me>
Tested-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/nvme/target/rdma.c | 19 +++++++++++++++----
1 file changed, 15 insertions(+), 4 deletions(-)
--- a/drivers/nvme/target/rdma.c
+++ b/drivers/nvme/target/rdma.c
@@ -122,6 +122,7 @@ struct nvmet_rdma_device {
int inline_page_count;
};
+struct workqueue_struct *nvmet_rdma_delete_wq;
static bool nvmet_rdma_use_srq;
module_param_named(use_srq, nvmet_rdma_use_srq, bool, 0444);
MODULE_PARM_DESC(use_srq, "Use shared receive queue.");
@@ -1267,12 +1268,12 @@ static int nvmet_rdma_queue_connect(stru
if (queue->host_qid == 0) {
/* Let inflight controller teardown complete */
- flush_scheduled_work();
+ flush_workqueue(nvmet_rdma_delete_wq);
}
ret = nvmet_rdma_cm_accept(cm_id, queue, &event->param.conn);
if (ret) {
- schedule_work(&queue->release_work);
+ queue_work(nvmet_rdma_delete_wq, &queue->release_work);
/* Destroying rdma_cm id is not needed here */
return 0;
}
@@ -1337,7 +1338,7 @@ static void __nvmet_rdma_queue_disconnec
if (disconnect) {
rdma_disconnect(queue->cm_id);
- schedule_work(&queue->release_work);
+ queue_work(nvmet_rdma_delete_wq, &queue->release_work);
}
}
@@ -1367,7 +1368,7 @@ static void nvmet_rdma_queue_connect_fai
mutex_unlock(&nvmet_rdma_queue_mutex);
pr_err("failed to connect queue %d\n", queue->idx);
- schedule_work(&queue->release_work);
+ queue_work(nvmet_rdma_delete_wq, &queue->release_work);
}
/**
@@ -1649,8 +1650,17 @@ static int __init nvmet_rdma_init(void)
if (ret)
goto err_ib_client;
+ nvmet_rdma_delete_wq = alloc_workqueue("nvmet-rdma-delete-wq",
+ WQ_UNBOUND | WQ_MEM_RECLAIM | WQ_SYSFS, 0);
+ if (!nvmet_rdma_delete_wq) {
+ ret = -ENOMEM;
+ goto err_unreg_transport;
+ }
+
return 0;
+err_unreg_transport:
+ nvmet_unregister_transport(&nvmet_rdma_ops);
err_ib_client:
ib_unregister_client(&nvmet_rdma_ib_client);
return ret;
@@ -1658,6 +1668,7 @@ err_ib_client:
static void __exit nvmet_rdma_exit(void)
{
+ destroy_workqueue(nvmet_rdma_delete_wq);
nvmet_unregister_transport(&nvmet_rdma_ops);
ib_unregister_client(&nvmet_rdma_ib_client);
WARN_ON_ONCE(!list_empty(&nvmet_rdma_queue_list));
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 079/361] ACPI/PPTT: Handle architecturally unknown cache types
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (77 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 078/361] nvmet-rdma: use a private workqueue for delete Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 080/361] ACPI / PM: LPIT: Register sysfs attributes based on FADT Greg Kroah-Hartman
` (284 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vijaya Kumar K, Jeffrey Hugo,
Sudeep Holla, Rafael J. Wysocki, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jeffrey Hugo <jhugo@codeaurora.org>
[ Upstream commit 59bbff3775c0951300f7b41345a54b999438f8d0 ]
The type of a cache might not be specified by architectural mechanisms (ie
system registers), but its type might be specified in the PPTT. In this
case, we should populate the type of the cache, rather than leave it
undefined.
This fixes the issue where the cacheinfo driver will not populate sysfs
for such caches, resulting in the information missing from utilities like
lstopo and lscpu, thus degrading the user experience.
Fixes: 2bd00bcd73e5 (ACPI/PPTT: Add Processor Properties Topology Table parsing)
Reported-by: Vijaya Kumar K <vkilari@codeaurora.org>
Signed-off-by: Jeffrey Hugo <jhugo@codeaurora.org>
Reviewed-by: Sudeep Holla <sudeep.holla@arm.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/acpi/pptt.c | 33 +++++++++++++--------------------
1 file changed, 13 insertions(+), 20 deletions(-)
--- a/drivers/acpi/pptt.c
+++ b/drivers/acpi/pptt.c
@@ -338,9 +338,6 @@ static struct acpi_pptt_cache *acpi_find
return found;
}
-/* total number of attributes checked by the properties code */
-#define PPTT_CHECKED_ATTRIBUTES 4
-
/**
* update_cache_properties() - Update cacheinfo for the given processor
* @this_leaf: Kernel cache info structure being updated
@@ -357,25 +354,15 @@ static void update_cache_properties(stru
struct acpi_pptt_cache *found_cache,
struct acpi_pptt_processor *cpu_node)
{
- int valid_flags = 0;
-
this_leaf->fw_token = cpu_node;
- if (found_cache->flags & ACPI_PPTT_SIZE_PROPERTY_VALID) {
+ if (found_cache->flags & ACPI_PPTT_SIZE_PROPERTY_VALID)
this_leaf->size = found_cache->size;
- valid_flags++;
- }
- if (found_cache->flags & ACPI_PPTT_LINE_SIZE_VALID) {
+ if (found_cache->flags & ACPI_PPTT_LINE_SIZE_VALID)
this_leaf->coherency_line_size = found_cache->line_size;
- valid_flags++;
- }
- if (found_cache->flags & ACPI_PPTT_NUMBER_OF_SETS_VALID) {
+ if (found_cache->flags & ACPI_PPTT_NUMBER_OF_SETS_VALID)
this_leaf->number_of_sets = found_cache->number_of_sets;
- valid_flags++;
- }
- if (found_cache->flags & ACPI_PPTT_ASSOCIATIVITY_VALID) {
+ if (found_cache->flags & ACPI_PPTT_ASSOCIATIVITY_VALID)
this_leaf->ways_of_associativity = found_cache->associativity;
- valid_flags++;
- }
if (found_cache->flags & ACPI_PPTT_WRITE_POLICY_VALID) {
switch (found_cache->attributes & ACPI_PPTT_MASK_WRITE_POLICY) {
case ACPI_PPTT_CACHE_POLICY_WT:
@@ -402,11 +389,17 @@ static void update_cache_properties(stru
}
}
/*
- * If the above flags are valid, and the cache type is NOCACHE
- * update the cache type as well.
+ * If cache type is NOCACHE, then the cache hasn't been specified
+ * via other mechanisms. Update the type if a cache type has been
+ * provided.
+ *
+ * Note, we assume such caches are unified based on conventional system
+ * design and known examples. Significant work is required elsewhere to
+ * fully support data/instruction only type caches which are only
+ * specified in PPTT.
*/
if (this_leaf->type == CACHE_TYPE_NOCACHE &&
- valid_flags == PPTT_CHECKED_ATTRIBUTES)
+ found_cache->flags & ACPI_PPTT_CACHE_TYPE_VALID)
this_leaf->type = CACHE_TYPE_UNIFIED;
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 080/361] ACPI / PM: LPIT: Register sysfs attributes based on FADT
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (78 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 079/361] ACPI/PPTT: Handle architecturally unknown cache types Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 081/361] ACPI / processor: Fix the return value of acpi_processor_ids_walk() Greg Kroah-Hartman
` (283 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rajneesh Bhardwaj, Rafael J. Wysocki,
Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Rajneesh Bhardwaj <rajneesh.bhardwaj@linux.intel.com>
[ Upstream commit 1cdda9486f5103fb133f88e662e48c504adbb779 ]
ACPI Low Power S0 Idle capabilities are announced via FADT table and can
be used to inform the kernel about the presence of one or more Low Power
Idle (LPI) entries as descried in LPIT table. LPIT table can exist
independently even if the FADT S0 Idle flag is not set and thus it could
confuse user since the following cpuidle attributes are created.
/sys/devices/system/cpu/cpuidle/low_power_idle_cpu_residency_us
/sys/devices/system/cpu/cpuidle/low_power_idle_system_residency_us
Presence or absence of above attributes could mean that the given
platform supports S0ix state or not.
This change allows to create the above cpuidle attributes only if
FADT table supports Low Power S0 Idle.
Signed-off-by: Rajneesh Bhardwaj <rajneesh.bhardwaj@linux.intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/acpi/acpi_lpit.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/drivers/acpi/acpi_lpit.c
+++ b/drivers/acpi/acpi_lpit.c
@@ -117,11 +117,17 @@ static void lpit_update_residency(struct
if (!info->iomem_addr)
return;
+ if (!(acpi_gbl_FADT.flags & ACPI_FADT_LOW_POWER_S0))
+ return;
+
/* Silently fail, if cpuidle attribute group is not present */
sysfs_add_file_to_group(&cpu_subsys.dev_root->kobj,
&dev_attr_low_power_idle_system_residency_us.attr,
"cpuidle");
} else if (info->gaddr.space_id == ACPI_ADR_SPACE_FIXED_HARDWARE) {
+ if (!(acpi_gbl_FADT.flags & ACPI_FADT_LOW_POWER_S0))
+ return;
+
/* Silently fail, if cpuidle attribute group is not present */
sysfs_add_file_to_group(&cpu_subsys.dev_root->kobj,
&dev_attr_low_power_idle_cpu_residency_us.attr,
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 081/361] ACPI / processor: Fix the return value of acpi_processor_ids_walk()
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (79 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 080/361] ACPI / PM: LPIT: Register sysfs attributes based on FADT Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 082/361] cpufreq: dt: Try freeing static OPPs only if we have added them Greg Kroah-Hartman
` (282 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dou Liyang, Rafael J. Wysocki, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dou Liyang <douly.fnst@cn.fujitsu.com>
[ Upstream commit d0381bf4f80c571dde1244fe5b85dc35e8b3f546 ]
ACPI driver should make sure all the processor IDs in their ACPI Namespace
are unique. the driver performs a depth-first walk of the namespace tree
and calls the acpi_processor_ids_walk() to check the duplicate IDs.
But, the acpi_processor_ids_walk() mistakes the return value. If a
processor is checked, it returns true which causes the walk break
immediately, and other processors will never be checked.
Repace the value with AE_OK which is the standard acpi_status value.
And don't abort the namespace walk even on error.
Fixes: 8c8cb30f49b8 (acpi/processor: Implement DEVICE operator for processor enumeration)
Signed-off-by: Dou Liyang <douly.fnst@cn.fujitsu.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/acpi/acpi_processor.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
--- a/drivers/acpi/acpi_processor.c
+++ b/drivers/acpi/acpi_processor.c
@@ -643,7 +643,7 @@ static acpi_status __init acpi_processor
status = acpi_get_type(handle, &acpi_type);
if (ACPI_FAILURE(status))
- return false;
+ return status;
switch (acpi_type) {
case ACPI_TYPE_PROCESSOR:
@@ -663,11 +663,12 @@ static acpi_status __init acpi_processor
}
processor_validated_ids_update(uid);
- return true;
+ return AE_OK;
err:
+ /* Exit on error, but don't abort the namespace walk */
acpi_handle_info(handle, "Invalid processor object\n");
- return false;
+ return AE_OK;
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 082/361] cpufreq: dt: Try freeing static OPPs only if we have added them
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (80 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 081/361] ACPI / processor: Fix the return value of acpi_processor_ids_walk() Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 083/361] x86/intel_rdt: Show missing resctrl mount options Greg Kroah-Hartman
` (281 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Niklas Cassel, Viresh Kumar, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Viresh Kumar <viresh.kumar@linaro.org>
[ Upstream commit 51c99dd2c06b234575661fa1e0a1dea6c3ef566f ]
We can not call dev_pm_opp_of_cpumask_remove_table() freely anymore
since the latest OPP core updates as that uses reference counting to
free resources. There are cases where no static OPPs are added (using
DT) for a platform and trying to remove the OPP table may end up
decrementing refcount which is already zero and hence generating
warnings.
Lets track if we were able to add static OPPs or not and then only
remove the table based on that. Some reshuffling of code is also done to
do that.
Reported-by: Niklas Cassel <niklas.cassel@linaro.org>
Tested-by: Niklas Cassel <niklas.cassel@linaro.org>
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/cpufreq/cpufreq-dt.c | 34 +++++++++++++++++++---------------
1 file changed, 19 insertions(+), 15 deletions(-)
--- a/drivers/cpufreq/cpufreq-dt.c
+++ b/drivers/cpufreq/cpufreq-dt.c
@@ -32,6 +32,7 @@ struct private_data {
struct device *cpu_dev;
struct thermal_cooling_device *cdev;
const char *reg_name;
+ bool have_static_opps;
};
static struct freq_attr *cpufreq_dt_attr[] = {
@@ -204,6 +205,15 @@ static int cpufreq_init(struct cpufreq_p
}
}
+ priv = kzalloc(sizeof(*priv), GFP_KERNEL);
+ if (!priv) {
+ ret = -ENOMEM;
+ goto out_put_regulator;
+ }
+
+ priv->reg_name = name;
+ priv->opp_table = opp_table;
+
/*
* Initialize OPP tables for all policy->cpus. They will be shared by
* all CPUs which have marked their CPUs shared with OPP bindings.
@@ -214,7 +224,8 @@ static int cpufreq_init(struct cpufreq_p
*
* OPPs might be populated at runtime, don't check for error here
*/
- dev_pm_opp_of_cpumask_add_table(policy->cpus);
+ if (!dev_pm_opp_of_cpumask_add_table(policy->cpus))
+ priv->have_static_opps = true;
/*
* But we need OPP table to function so if it is not there let's
@@ -240,19 +251,10 @@ static int cpufreq_init(struct cpufreq_p
__func__, ret);
}
- priv = kzalloc(sizeof(*priv), GFP_KERNEL);
- if (!priv) {
- ret = -ENOMEM;
- goto out_free_opp;
- }
-
- priv->reg_name = name;
- priv->opp_table = opp_table;
-
ret = dev_pm_opp_init_cpufreq_table(cpu_dev, &freq_table);
if (ret) {
dev_err(cpu_dev, "failed to init cpufreq table: %d\n", ret);
- goto out_free_priv;
+ goto out_free_opp;
}
priv->cpu_dev = cpu_dev;
@@ -282,10 +284,11 @@ static int cpufreq_init(struct cpufreq_p
out_free_cpufreq_table:
dev_pm_opp_free_cpufreq_table(cpu_dev, &freq_table);
-out_free_priv:
- kfree(priv);
out_free_opp:
- dev_pm_opp_of_cpumask_remove_table(policy->cpus);
+ if (priv->have_static_opps)
+ dev_pm_opp_of_cpumask_remove_table(policy->cpus);
+ kfree(priv);
+out_put_regulator:
if (name)
dev_pm_opp_put_regulators(opp_table);
out_put_clk:
@@ -300,7 +303,8 @@ static int cpufreq_exit(struct cpufreq_p
cpufreq_cooling_unregister(priv->cdev);
dev_pm_opp_free_cpufreq_table(priv->cpu_dev, &policy->freq_table);
- dev_pm_opp_of_cpumask_remove_table(policy->related_cpus);
+ if (priv->have_static_opps)
+ dev_pm_opp_of_cpumask_remove_table(policy->related_cpus);
if (priv->reg_name)
dev_pm_opp_put_regulators(priv->opp_table);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 083/361] x86/intel_rdt: Show missing resctrl mount options
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (81 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 082/361] cpufreq: dt: Try freeing static OPPs only if we have added them Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 084/361] mtd: rawnand: atmel: Fix potential NULL pointer dereference Greg Kroah-Hartman
` (280 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xiaochen Shen, Fenghua Yu,
Thomas Gleixner, H Peter Anvin, Tony Luck, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Xiaochen Shen <xiaochen.shen@intel.com>
[ Upstream commit 2cc81c6992248ea37d0241bc325977bab310bc3b ]
In resctrl filesystem, mount options exist to enable L3/L2 CDP and MBA
Software Controller features if the platform supports them:
mount -t resctrl resctrl [-o cdp[,cdpl2][,mba_MBps]] /sys/fs/resctrl
But currently only "cdp" option is displayed in /proc/mounts. "cdpl2" and
"mba_MBps" options are not shown even when they are active.
Before:
# mount -t resctrl resctrl -o cdp,mba_MBps /sys/fs/resctrl
# grep resctrl /proc/mounts
/sys/fs/resctrl /sys/fs/resctrl resctrl rw,relatime,cdp 0 0
After:
# mount -t resctrl resctrl -o cdp,mba_MBps /sys/fs/resctrl
# grep resctrl /proc/mounts
/sys/fs/resctrl /sys/fs/resctrl resctrl rw,relatime,cdp,mba_MBps 0 0
Signed-off-by: Xiaochen Shen <xiaochen.shen@intel.com>
Signed-off-by: Fenghua Yu <fenghua.yu@intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: "H Peter Anvin" <hpa@zytor.com>
Cc: "Tony Luck" <tony.luck@intel.com>
Link: https://lkml.kernel.org/r/1536796118-60135-1-git-send-email-fenghua.yu@intel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/cpu/intel_rdt_rdtgroup.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c
+++ b/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c
@@ -2805,6 +2805,13 @@ static int rdtgroup_show_options(struct
{
if (rdt_resources_all[RDT_RESOURCE_L3DATA].alloc_enabled)
seq_puts(seq, ",cdp");
+
+ if (rdt_resources_all[RDT_RESOURCE_L2DATA].alloc_enabled)
+ seq_puts(seq, ",cdpl2");
+
+ if (is_mba_sc(&rdt_resources_all[RDT_RESOURCE_MBA]))
+ seq_puts(seq, ",mba_MBps");
+
return 0;
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 084/361] mtd: rawnand: atmel: Fix potential NULL pointer dereference
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (82 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 083/361] x86/intel_rdt: Show missing resctrl mount options Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 085/361] nvme: call nvme_complete_rq when nvmf_check_ready fails for mpath I/O Greg Kroah-Hartman
` (279 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Gustavo A. R. Silva, Boris Brezillon,
Tudor Ambarus, Miquel Raynal, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Gustavo A. R. Silva" <gustavo@embeddedor.com>
[ Upstream commit fbed20280d912449cfb40c382cb55e3d11502587 ]
There is a potential execution path in which function
of_find_compatible_node() returns NULL. In such a case,
we end up having a NULL pointer dereference when accessing
pointer *nfc_np* in function of_clk_get().
So, we better don't take any chances and fix this by null
checking pointer *nfc_np* before calling of_clk_get().
Addresses-Coverity-ID: 1473052 ("Dereference null return value")
Fixes: f88fc122cc34 ("mtd: nand: Cleanup/rework the atmel_nand driver")
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Reviewed-by: Boris Brezillon <boris.brezillon@bootlin.com>
Acked-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/nand/raw/atmel/nand-controller.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/mtd/nand/raw/atmel/nand-controller.c
+++ b/drivers/mtd/nand/raw/atmel/nand-controller.c
@@ -2063,6 +2063,10 @@ atmel_hsmc_nand_controller_legacy_init(s
nand_np = dev->of_node;
nfc_np = of_find_compatible_node(dev->of_node, NULL,
"atmel,sama5d3-nfc");
+ if (!nfc_np) {
+ dev_err(dev, "Could not find device node for sama5d3-nfc\n");
+ return -ENODEV;
+ }
nc->clk = of_clk_get(nfc_np, 0);
if (IS_ERR(nc->clk)) {
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 085/361] nvme: call nvme_complete_rq when nvmf_check_ready fails for mpath I/O
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (83 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 084/361] mtd: rawnand: atmel: Fix potential NULL pointer dereference Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 086/361] ath10k: fix tx status flag setting for management frames Greg Kroah-Hartman
` (278 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, James Smart, Sagi Grimberg,
Christoph Hellwig, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: James Smart <jsmart2021@gmail.com>
[ Upstream commit 783f4a4408e1251d17f333ad56abac24dde988b9 ]
When an io is rejected by nvmf_check_ready() due to validation of the
controller state, the nvmf_fail_nonready_command() will normally return
BLK_STS_RESOURCE to requeue and retry. However, if the controller is
dying or the I/O is marked for NVMe multipath, the I/O is failed so that
the controller can terminate or so that the io can be issued on a
different path. Unfortunately, as this reject point is before the
transport has accepted the command, blk-mq ends up completing the I/O
and never calls nvme_complete_rq(), which is where multipath may preserve
or re-route the I/O. The end result is, the device user ends up seeing an
EIO error.
Example: single path connectivity, controller is under load, and a reset
is induced. An I/O is received:
a) while the reset state has been set but the queues have yet to be
stopped; or
b) after queues are started (at end of reset) but before the reconnect
has completed.
The I/O finishes with an EIO status.
This patch makes the following changes:
- Adds the HOST_PATH_ERROR pathing status from TP4028
- Modifies the reject point such that it appears to queue successfully,
but actually completes the io with the new pathing status and calls
nvme_complete_rq().
- nvme_complete_rq() recognizes the new status, avoids resetting the
controller (likely was already done in order to get this new status),
and calls the multipather to clear the current path that errored.
This allows the next command (retry or new command) to select a new
path if there is one.
Signed-off-by: James Smart <jsmart2021@gmail.com>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/nvme/host/fabrics.c | 7 +++++--
drivers/nvme/host/multipath.c | 7 +++++++
include/linux/nvme.h | 1 +
3 files changed, 13 insertions(+), 2 deletions(-)
--- a/drivers/nvme/host/fabrics.c
+++ b/drivers/nvme/host/fabrics.c
@@ -552,8 +552,11 @@ blk_status_t nvmf_fail_nonready_command(
ctrl->state != NVME_CTRL_DEAD &&
!blk_noretry_request(rq) && !(rq->cmd_flags & REQ_NVME_MPATH))
return BLK_STS_RESOURCE;
- nvme_req(rq)->status = NVME_SC_ABORT_REQ;
- return BLK_STS_IOERR;
+
+ nvme_req(rq)->status = NVME_SC_HOST_PATH_ERROR;
+ blk_mq_start_request(rq);
+ nvme_complete_rq(rq);
+ return BLK_STS_OK;
}
EXPORT_SYMBOL_GPL(nvmf_fail_nonready_command);
--- a/drivers/nvme/host/multipath.c
+++ b/drivers/nvme/host/multipath.c
@@ -77,6 +77,13 @@ void nvme_failover_req(struct request *r
queue_work(nvme_wq, &ns->ctrl->ana_work);
}
break;
+ case NVME_SC_HOST_PATH_ERROR:
+ /*
+ * Temporary transport disruption in talking to the controller.
+ * Try to send on a new path.
+ */
+ nvme_mpath_clear_current_path(ns);
+ break;
default:
/*
* Reset the controller for any non-ANA error as we don't know
--- a/include/linux/nvme.h
+++ b/include/linux/nvme.h
@@ -1241,6 +1241,7 @@ enum {
NVME_SC_ANA_PERSISTENT_LOSS = 0x301,
NVME_SC_ANA_INACCESSIBLE = 0x302,
NVME_SC_ANA_TRANSITION = 0x303,
+ NVME_SC_HOST_PATH_ERROR = 0x370,
NVME_SC_DNR = 0x4000,
};
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 086/361] ath10k: fix tx status flag setting for management frames
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (84 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 085/361] nvme: call nvme_complete_rq when nvmf_check_ready fails for mpath I/O Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 087/361] signal: Introduce COMPAT_SIGMINSTKSZ for use in compat_sys_sigaltstack Greg Kroah-Hartman
` (277 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rakesh Pillai, Kalle Valo, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Rakesh Pillai <pillair@codeaurora.org>
[ Upstream commit 058a7eab9d9ee12f57282eb0b606668dada70d7a ]
The tx_status for management frames is being filled
incorrectly in the flags of skb_cb. This incorrect
flag setting causes the upper layers to consider that
the particular frame was not transmitted properly,
leading to improper behavior.
Set the IEEE80211_TX_STAT_ACK flag in the info flags
of skb_cb, to indicate the successful transmission of
the management frame.
Tested HW: WCN3990
Tested FW: WLAN.HL.2.0-01188-QCAHLSWMTPLZ-1
Fixes: dc405152bb64d4ae01c9ac669de25b2d1fb6fc2d
Signed-off-by: Rakesh Pillai <pillair@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/ath/ath10k/wmi.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- a/drivers/net/wireless/ath/ath10k/wmi.c
+++ b/drivers/net/wireless/ath/ath10k/wmi.c
@@ -2336,7 +2336,12 @@ static int wmi_process_mgmt_tx_comp(stru
dma_unmap_single(ar->dev, pkt_addr->paddr,
msdu->len, DMA_FROM_DEVICE);
info = IEEE80211_SKB_CB(msdu);
- info->flags |= status;
+
+ if (status)
+ info->flags &= ~IEEE80211_TX_STAT_ACK;
+ else
+ info->flags |= IEEE80211_TX_STAT_ACK;
+
ieee80211_tx_status_irqsafe(ar->hw, msdu);
ret = 0;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 087/361] signal: Introduce COMPAT_SIGMINSTKSZ for use in compat_sys_sigaltstack
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (85 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 086/361] ath10k: fix tx status flag setting for management frames Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-12 11:49 ` Steve McIntyre
2018-11-11 22:17 ` [PATCH 4.19 088/361] ice: fix changing of ring descriptor size (ethtool -G) Greg Kroah-Hartman
` (276 subsequent siblings)
363 siblings, 1 reply; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Dominik Brodowski,
Eric W. Biederman, Andrew Morton, Al Viro, Oleg Nesterov,
Steve McIntyre, Steve McIntyre, Will Deacon, Catalin Marinas,
Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Will Deacon <will.deacon@arm.com>
[ Upstream commit 22839869f21ab3850fbbac9b425ccc4c0023926f ]
The sigaltstack(2) system call fails with -ENOMEM if the new alternative
signal stack is found to be smaller than SIGMINSTKSZ. On architectures
such as arm64, where the native value for SIGMINSTKSZ is larger than
the compat value, this can result in an unexpected error being reported
to a compat task. See, for example:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904385
This patch fixes the problem by extending do_sigaltstack to take the
minimum signal stack size as an additional parameter, allowing the
native and compat system call entry code to pass in their respective
values. COMPAT_SIGMINSTKSZ is just defined as SIGMINSTKSZ if it has not
been defined by the architecture.
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Dominik Brodowski <linux@dominikbrodowski.net>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Oleg Nesterov <oleg@redhat.com>
Reported-by: Steve McIntyre <steve.mcintyre@arm.com>
Tested-by: Steve McIntyre <93sam@debian.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/compat.h | 3 +++
kernel/signal.c | 14 +++++++++-----
2 files changed, 12 insertions(+), 5 deletions(-)
--- a/include/linux/compat.h
+++ b/include/linux/compat.h
@@ -103,6 +103,9 @@ typedef struct compat_sigaltstack {
compat_size_t ss_size;
} compat_stack_t;
#endif
+#ifndef COMPAT_MINSIGSTKSZ
+#define COMPAT_MINSIGSTKSZ MINSIGSTKSZ
+#endif
#define compat_jiffies_to_clock_t(x) \
(((unsigned long)(x) * COMPAT_USER_HZ) / HZ)
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -3460,7 +3460,8 @@ int do_sigaction(int sig, struct k_sigac
}
static int
-do_sigaltstack (const stack_t *ss, stack_t *oss, unsigned long sp)
+do_sigaltstack (const stack_t *ss, stack_t *oss, unsigned long sp,
+ size_t min_ss_size)
{
struct task_struct *t = current;
@@ -3490,7 +3491,7 @@ do_sigaltstack (const stack_t *ss, stack
ss_size = 0;
ss_sp = NULL;
} else {
- if (unlikely(ss_size < MINSIGSTKSZ))
+ if (unlikely(ss_size < min_ss_size))
return -ENOMEM;
}
@@ -3508,7 +3509,8 @@ SYSCALL_DEFINE2(sigaltstack,const stack_
if (uss && copy_from_user(&new, uss, sizeof(stack_t)))
return -EFAULT;
err = do_sigaltstack(uss ? &new : NULL, uoss ? &old : NULL,
- current_user_stack_pointer());
+ current_user_stack_pointer(),
+ MINSIGSTKSZ);
if (!err && uoss && copy_to_user(uoss, &old, sizeof(stack_t)))
err = -EFAULT;
return err;
@@ -3519,7 +3521,8 @@ int restore_altstack(const stack_t __use
stack_t new;
if (copy_from_user(&new, uss, sizeof(stack_t)))
return -EFAULT;
- (void)do_sigaltstack(&new, NULL, current_user_stack_pointer());
+ (void)do_sigaltstack(&new, NULL, current_user_stack_pointer(),
+ MINSIGSTKSZ);
/* squash all but EFAULT for now */
return 0;
}
@@ -3553,7 +3556,8 @@ static int do_compat_sigaltstack(const c
uss.ss_size = uss32.ss_size;
}
ret = do_sigaltstack(uss_ptr ? &uss : NULL, &uoss,
- compat_user_stack_pointer());
+ compat_user_stack_pointer(),
+ COMPAT_MINSIGSTKSZ);
if (ret >= 0 && uoss_ptr) {
compat_stack_t old;
memset(&old, 0, sizeof(old));
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 088/361] ice: fix changing of ring descriptor size (ethtool -G)
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (86 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 087/361] signal: Introduce COMPAT_SIGMINSTKSZ for use in compat_sys_sigaltstack Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 089/361] ice: update fw version check logic Greg Kroah-Hartman
` (275 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bruce Allan, Anirudh Venkataramanan,
Andrew Bowers, Jeff Kirsher, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bruce Allan <bruce.w.allan@intel.com>
[ Upstream commit f934bb9b8b6136edd261b2dc2c9ad4dbc39ffc66 ]
rx_mini_pending was set to an incorrect value. This was causing EINVAL to
always be returned to 'ethtool -G'. The driver does not support mini or
jumbo rings so the respective settings should be zero.
Also, change the valid range of the number of descriptors in the rings to
make the code simpler and easier for users to understand (this removes the
valid settings of 8 and 16). Add a system log message indicating when the
number is rounded-up from what the user specifies with the 'ethtool -G'
command (i.e. when it is not a multiple of 32), and update the log message
when a user-provided value is out of range to also indicate the stride.
Signed-off-by: Bruce Allan <bruce.w.allan@intel.com>
Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/intel/ice/ice.h | 4 ++--
drivers/net/ethernet/intel/ice/ice_ethtool.c | 17 ++++++++++++++---
2 files changed, 16 insertions(+), 5 deletions(-)
--- a/drivers/net/ethernet/intel/ice/ice.h
+++ b/drivers/net/ethernet/intel/ice/ice.h
@@ -39,9 +39,9 @@
extern const char ice_drv_ver[];
#define ICE_BAR0 0
#define ICE_DFLT_NUM_DESC 128
-#define ICE_MIN_NUM_DESC 8
-#define ICE_MAX_NUM_DESC 8160
#define ICE_REQ_DESC_MULTIPLE 32
+#define ICE_MIN_NUM_DESC ICE_REQ_DESC_MULTIPLE
+#define ICE_MAX_NUM_DESC 8160
#define ICE_DFLT_TRAFFIC_CLASS BIT(0)
#define ICE_INT_NAME_STR_LEN (IFNAMSIZ + 16)
#define ICE_ETHTOOL_FWVER_LEN 32
--- a/drivers/net/ethernet/intel/ice/ice_ethtool.c
+++ b/drivers/net/ethernet/intel/ice/ice_ethtool.c
@@ -478,9 +478,11 @@ ice_get_ringparam(struct net_device *net
ring->tx_max_pending = ICE_MAX_NUM_DESC;
ring->rx_pending = vsi->rx_rings[0]->count;
ring->tx_pending = vsi->tx_rings[0]->count;
- ring->rx_mini_pending = ICE_MIN_NUM_DESC;
+
+ /* Rx mini and jumbo rings are not supported */
ring->rx_mini_max_pending = 0;
ring->rx_jumbo_max_pending = 0;
+ ring->rx_mini_pending = 0;
ring->rx_jumbo_pending = 0;
}
@@ -498,14 +500,23 @@ ice_set_ringparam(struct net_device *net
ring->tx_pending < ICE_MIN_NUM_DESC ||
ring->rx_pending > ICE_MAX_NUM_DESC ||
ring->rx_pending < ICE_MIN_NUM_DESC) {
- netdev_err(netdev, "Descriptors requested (Tx: %d / Rx: %d) out of range [%d-%d]\n",
+ netdev_err(netdev, "Descriptors requested (Tx: %d / Rx: %d) out of range [%d-%d] (increment %d)\n",
ring->tx_pending, ring->rx_pending,
- ICE_MIN_NUM_DESC, ICE_MAX_NUM_DESC);
+ ICE_MIN_NUM_DESC, ICE_MAX_NUM_DESC,
+ ICE_REQ_DESC_MULTIPLE);
return -EINVAL;
}
new_tx_cnt = ALIGN(ring->tx_pending, ICE_REQ_DESC_MULTIPLE);
+ if (new_tx_cnt != ring->tx_pending)
+ netdev_info(netdev,
+ "Requested Tx descriptor count rounded up to %d\n",
+ new_tx_cnt);
new_rx_cnt = ALIGN(ring->rx_pending, ICE_REQ_DESC_MULTIPLE);
+ if (new_rx_cnt != ring->rx_pending)
+ netdev_info(netdev,
+ "Requested Rx descriptor count rounded up to %d\n",
+ new_rx_cnt);
/* if nothing to do return success */
if (new_tx_cnt == vsi->tx_rings[0]->count &&
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 089/361] ice: update fw version check logic
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (87 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 088/361] ice: fix changing of ring descriptor size (ethtool -G) Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 090/361] net: hns3: Fix for packet buffer setting bug Greg Kroah-Hartman
` (274 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jacob Keller, Anirudh Venkataramanan,
Andrew Bowers, Jeff Kirsher, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jacob Keller <jacob.e.keller@intel.com>
[ Upstream commit 396fbf9cab5dc07f8f87773062a8d35f54b40a05 ]
We have MAX_FW_API_VER_BRANCH, MAX_FW_API_VER_MAJOR, and
MAX_FW_API_VER_MINOR that we use in ice_controlq.h to test when a
firmware version is newer than expected. This is currently tested by
comparing each field separately. Thus, we compare the branch field
against the MAX_FW_API_VER_BRANCH, and so forth.
This means that currently, if we suppose that the max firmware version
is defined as 0.2.1, i.e.
Then firmware 0.1.3 will fail to load. This is because the minor version
3 is greater than the max minor version 1.
This is not intuitive, because of the notion that increasing the major
firmware version to 2 should mean any firmware version with a major
version is less than 2 should be considered older than 2...
In order to allow both 0.2.1 and 0.1.3 to load, you would have to define
the "max" firmware version as 0.2.3.. It is possible that such
a firmware version doesn't even exist yet!
Fix this by replacing the current logic with an updated check that
behaves as follows:
First, we check the major version. If it is greater than the expected
version, then we prevent driver load. Additionally, a warning message is
logged to indicate to the system administrator that they need to update
their driver. This is now the only case where the driver will refuse to
load.
Second, if the major version is less than the expected version, we log
an information message indicating the NVM should be updated.
Third, if the major version is exact, we'll then check the minor
version. If the minor version is more than two versions less than
expected, we log an information message indicating the NVM should be
updated. If it is more than two versions greater than the expected
version, we log an information message that the driver should be
updated.
To support this, the ice_aq_ver_check function needs its signature
updated to pass the HW structure. Since we now pass this structure,
there is no need to pass the firmware API versions separately.
Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/intel/ice/ice_controlq.c | 30 ++++++++++++++++----------
1 file changed, 19 insertions(+), 11 deletions(-)
--- a/drivers/net/ethernet/intel/ice/ice_controlq.c
+++ b/drivers/net/ethernet/intel/ice/ice_controlq.c
@@ -518,22 +518,31 @@ shutdown_sq_out:
/**
* ice_aq_ver_check - Check the reported AQ API version.
- * @fw_branch: The "branch" of FW, typically describes the device type
- * @fw_major: The major version of the FW API
- * @fw_minor: The minor version increment of the FW API
+ * @hw: pointer to the hardware structure
*
* Checks if the driver should load on a given AQ API version.
*
* Return: 'true' iff the driver should attempt to load. 'false' otherwise.
*/
-static bool ice_aq_ver_check(u8 fw_branch, u8 fw_major, u8 fw_minor)
+static bool ice_aq_ver_check(struct ice_hw *hw)
{
- if (fw_branch != EXP_FW_API_VER_BRANCH)
- return false;
- if (fw_major != EXP_FW_API_VER_MAJOR)
- return false;
- if (fw_minor != EXP_FW_API_VER_MINOR)
+ if (hw->api_maj_ver > EXP_FW_API_VER_MAJOR) {
+ /* Major API version is newer than expected, don't load */
+ dev_warn(ice_hw_to_dev(hw),
+ "The driver for the device stopped because the NVM image is newer than expected. You must install the most recent version of the network driver.\n");
return false;
+ } else if (hw->api_maj_ver == EXP_FW_API_VER_MAJOR) {
+ if (hw->api_min_ver > (EXP_FW_API_VER_MINOR + 2))
+ dev_info(ice_hw_to_dev(hw),
+ "The driver for the device detected a newer version of the NVM image than expected. Please install the most recent version of the network driver.\n");
+ else if ((hw->api_min_ver + 2) < EXP_FW_API_VER_MINOR)
+ dev_info(ice_hw_to_dev(hw),
+ "The driver for the device detected an older version of the NVM image than expected. Please update the NVM image.\n");
+ } else {
+ /* Major API version is older than expected, log a warning */
+ dev_info(ice_hw_to_dev(hw),
+ "The driver for the device detected an older version of the NVM image than expected. Please update the NVM image.\n");
+ }
return true;
}
@@ -588,8 +597,7 @@ static enum ice_status ice_init_check_ad
if (status)
goto init_ctrlq_free_rq;
- if (!ice_aq_ver_check(hw->api_branch, hw->api_maj_ver,
- hw->api_min_ver)) {
+ if (!ice_aq_ver_check(hw)) {
status = ICE_ERR_FW_API_VER;
goto init_ctrlq_free_rq;
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 090/361] net: hns3: Fix for packet buffer setting bug
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (88 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 089/361] ice: update fw version check logic Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 091/361] Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth Greg Kroah-Hartman
` (273 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yunsheng Lin, Peng Li, Salil Mehta,
David S. Miller, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yunsheng Lin <linyunsheng@huawei.com>
[ Upstream commit 996ff91840eb6f288826e472685abde78bac20ea ]
The hardware expects a unit of 128 bytes when setting
packet buffer. When calculating the packet buffer size,
hclge_rx_buffer_calc does not round up the size as a unit
of 128 byte, which may casue packet lost problem when stress
testing.
This patch fixes it by rounding up packet size when calculating.
Fixes: 46a3df9f9718 ("net: hns3: Add HNS3 Acceleration Engine & Compatibility Layer Support")
Signed-off-by: Yunsheng Lin <linyunsheng@huawei.com>
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: Salil Mehta <salil.mehta@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
--- a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c
@@ -1657,11 +1657,13 @@ static int hclge_tx_buffer_calc(struct h
static int hclge_rx_buffer_calc(struct hclge_dev *hdev,
struct hclge_pkt_buf_alloc *buf_alloc)
{
- u32 rx_all = hdev->pkt_buf_size;
+#define HCLGE_BUF_SIZE_UNIT 128
+ u32 rx_all = hdev->pkt_buf_size, aligned_mps;
int no_pfc_priv_num, pfc_priv_num;
struct hclge_priv_buf *priv;
int i;
+ aligned_mps = round_up(hdev->mps, HCLGE_BUF_SIZE_UNIT);
rx_all -= hclge_get_tx_buff_alloced(buf_alloc);
/* When DCB is not supported, rx private
@@ -1680,13 +1682,13 @@ static int hclge_rx_buffer_calc(struct h
if (hdev->hw_tc_map & BIT(i)) {
priv->enable = 1;
if (hdev->tm_info.hw_pfc_map & BIT(i)) {
- priv->wl.low = hdev->mps;
- priv->wl.high = priv->wl.low + hdev->mps;
+ priv->wl.low = aligned_mps;
+ priv->wl.high = priv->wl.low + aligned_mps;
priv->buf_size = priv->wl.high +
HCLGE_DEFAULT_DV;
} else {
priv->wl.low = 0;
- priv->wl.high = 2 * hdev->mps;
+ priv->wl.high = 2 * aligned_mps;
priv->buf_size = priv->wl.high;
}
} else {
@@ -1718,11 +1720,11 @@ static int hclge_rx_buffer_calc(struct h
if (hdev->tm_info.hw_pfc_map & BIT(i)) {
priv->wl.low = 128;
- priv->wl.high = priv->wl.low + hdev->mps;
+ priv->wl.high = priv->wl.low + aligned_mps;
priv->buf_size = priv->wl.high + HCLGE_DEFAULT_DV;
} else {
priv->wl.low = 0;
- priv->wl.high = hdev->mps;
+ priv->wl.high = aligned_mps;
priv->buf_size = priv->wl.high;
}
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 091/361] Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (89 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 090/361] net: hns3: Fix for packet buffer setting bug Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 092/361] Bluetooth: hci_qca: Remove hdev dereference in qca_close() Greg Kroah-Hartman
` (272 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christian Hewitt, Marcel Holtmann,
Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christian Hewitt <christianshewitt@gmail.com>
[ Upstream commit a357ea098c9605f60d92a66a9073f56ce25726da ]
This patch adds the device ID for the AMPAK AP6335 combo module used
in the 1st generation WeTek Hub Android/LibreELEC HTPC box. The WiFI
chip identifies itself as BCM4339, while Bluetooth identifies itself
as BCM4335 (rev C0):
```
[ 4.864248] Bluetooth: hci0: BCM: chip id 86
[ 4.866388] Bluetooth: hci0: BCM: features 0x2f
[ 4.889317] Bluetooth: hci0: BCM4335C0
[ 4.889332] Bluetooth: hci0: BCM4335C0 (003.001.009) build 0000
[ 9.778383] Bluetooth: hci0: BCM4335C0 (003.001.009) build 0268
```
Output from hciconfig:
```
hci0: Type: Primary Bus: UART
BD Address: 43:39:00:00:1F:AC ACL MTU: 1021:8 SCO MTU: 64:1
UP RUNNING
RX bytes:7567 acl:234 sco:0 events:386 errors:0
TX bytes:53844 acl:77 sco:0 commands:304 errors:0
Features: 0xbf 0xfe 0xcf 0xfe 0xdb 0xff 0x7b 0x87
Packet type: DM1 DM3 DM5 DH1 DH3 DH5 HV1 HV2 HV3
Link policy: RSWITCH SNIFF
Link mode: SLAVE ACCEPT
Name: 'HUB'
Class: 0x0c0000
Service Classes: Rendering, Capturing
Device Class: Miscellaneous,
HCI Version: 4.0 (0x6) Revision: 0x10c
LMP Version: 4.0 (0x6) Subversion: 0x6109
Manufacturer: Broadcom Corporation (15)
```
Signed-off-by: Christian Hewitt <christianshewitt@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/bluetooth/btbcm.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/bluetooth/btbcm.c
+++ b/drivers/bluetooth/btbcm.c
@@ -324,6 +324,7 @@ static const struct bcm_subver_table bcm
{ 0x4103, "BCM4330B1" }, /* 002.001.003 */
{ 0x410e, "BCM43341B0" }, /* 002.001.014 */
{ 0x4406, "BCM4324B3" }, /* 002.004.006 */
+ { 0x6109, "BCM4335C0" }, /* 003.001.009 */
{ 0x610c, "BCM4354" }, /* 003.001.012 */
{ 0x2122, "BCM4343A0" }, /* 001.001.034 */
{ 0x2209, "BCM43430A1" }, /* 001.002.009 */
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 092/361] Bluetooth: hci_qca: Remove hdev dereference in qca_close().
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (90 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 091/361] Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 093/361] efi/x86: Call efi_parse_options() from efi_main() Greg Kroah-Hartman
` (271 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Balakrishna Godavarthi,
Marcel Holtmann, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Balakrishna Godavarthi <bgodavar@codeaurora.org>
[ Upstream commit c2d7827338618a9e73a3f892ca63d9082bb7a94d ]
When flag KASAN is set, we are seeing an following crash while removing
hci_uart module.
[ 50.589909] Unable to handle kernel paging request at virtual address 6b6b6b6b6b6b73
[ 50.597902] Mem abort info:
[ 50.600846] Exception class = DABT (current EL), IL = 32 bits
[ 50.606959] SET = 0, FnV = 0
[ 50.610142] EA = 0, S1PTW = 0
[ 50.613396] Data abort info:
[ 50.616401] ISV = 0, ISS = 0x00000004
[ 50.620373] CM = 0, WnR = 0
[ 50.623466] [006b6b6b6b6b6b73] address between user and kernel address ranges
[ 50.630818] Internal error: Oops: 96000004 [#1] PREEMPT SMP
[ 50.671670] PC is at qca_power_shutdown+0x28/0x100 [hci_uart]
[ 50.677593] LR is at qca_close+0x74/0xb0 [hci_uart]
[ 50.775689] Process rmmod (pid: 2144, stack limit = 0xffffff801ba90000)
[ 50.782493] Call trace:
[ 50.872150] [<ffffff8000c3c81c>] qca_power_shutdown+0x28/0x100 [hci_uart]
[ 50.879138] [<ffffff8000c3c968>] qca_close+0x74/0xb0 [hci_uart]
[ 50.885238] [<ffffff8000c3a71c>] hci_uart_unregister_device+0x44/0x50 [hci_uart]
[ 50.892846] [<ffffff8000c3c9f4>] qca_serdev_remove+0x50/0x5c [hci_uart]
[ 50.899654] [<ffffff800844f630>] serdev_drv_remove+0x28/0x38
[ 50.905489] [<ffffff800850fc44>] device_release_driver_internal+0x140/0x1e4
[ 50.912653] [<ffffff800850fd94>] driver_detach+0x78/0x84
[ 50.918121] [<ffffff800850edac>] bus_remove_driver+0x80/0xa8
[ 50.923942] [<ffffff80085107dc>] driver_unregister+0x4c/0x58
[ 50.929768] [<ffffff8000c3ca8c>] qca_deinit+0x24/0x598 [hci_uart]
[ 50.936045] [<ffffff8000c3ca10>] hci_uart_exit+0x10/0x48 [hci_uart]
[ 50.942495] [<ffffff8008136630>] SyS_delete_module+0x17c/0x224
This crash is due to dereference of hdev, after freeing it.
Signed-off-by: Balakrishna Godavarthi <bgodavar@codeaurora.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/bluetooth/hci_qca.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
--- a/drivers/bluetooth/hci_qca.c
+++ b/drivers/bluetooth/hci_qca.c
@@ -167,7 +167,7 @@ struct qca_serdev {
};
static int qca_power_setup(struct hci_uart *hu, bool on);
-static void qca_power_shutdown(struct hci_dev *hdev);
+static void qca_power_shutdown(struct hci_uart *hu);
static void __serial_clock_on(struct tty_struct *tty)
{
@@ -609,7 +609,7 @@ static int qca_close(struct hci_uart *hu
if (hu->serdev) {
qcadev = serdev_device_get_drvdata(hu->serdev);
if (qcadev->btsoc_type == QCA_WCN3990)
- qca_power_shutdown(hu->hdev);
+ qca_power_shutdown(hu);
else
gpiod_set_value_cansleep(qcadev->bt_en, 0);
@@ -1232,12 +1232,15 @@ static const struct qca_vreg_data qca_so
.num_vregs = 4,
};
-static void qca_power_shutdown(struct hci_dev *hdev)
+static void qca_power_shutdown(struct hci_uart *hu)
{
- struct hci_uart *hu = hci_get_drvdata(hdev);
+ struct serdev_device *serdev = hu->serdev;
+ unsigned char cmd = QCA_WCN3990_POWEROFF_PULSE;
host_set_baudrate(hu, 2400);
- qca_send_power_pulse(hdev, QCA_WCN3990_POWEROFF_PULSE);
+ hci_uart_set_flow_control(hu, true);
+ serdev_device_write_buf(serdev, &cmd, sizeof(cmd));
+ hci_uart_set_flow_control(hu, false);
qca_power_setup(hu, false);
}
@@ -1413,7 +1416,7 @@ static void qca_serdev_remove(struct ser
struct qca_serdev *qcadev = serdev_device_get_drvdata(serdev);
if (qcadev->btsoc_type == QCA_WCN3990)
- qca_power_shutdown(qcadev->serdev_hu.hdev);
+ qca_power_shutdown(&qcadev->serdev_hu);
else
clk_disable_unprepare(qcadev->susclk);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 093/361] efi/x86: Call efi_parse_options() from efi_main()
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (91 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 092/361] Bluetooth: hci_qca: Remove hdev dereference in qca_close() Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 094/361] x86: boot: Fix EFI stub alignment Greg Kroah-Hartman
` (270 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peter Robinson, Hans de Goede,
Ard Biesheuvel, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit c33ce984435bb6142792802d75513a71e55d1969 ]
Before this commit we were only calling efi_parse_options() from
make_boot_params(), but make_boot_params() only gets called if the
kernel gets booted directly as an EFI executable. So when booted through
e.g. grub we ended up not parsing the commandline in the boot code.
This makes the drivers/firmware/efi/libstub code ignore the "quiet"
commandline argument resulting in the following message being printed:
"EFI stub: UEFI Secure Boot is enabled."
Despite the quiet request. This commits adds an extra call to
efi_parse_options() to efi_main() to make sure that the options are
always processed. This fixes quiet not working.
This also fixes the libstub code ignoring nokaslr and efi=nochunk.
Reported-by: Peter Robinson <pbrobinson@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/boot/compressed/eboot.c | 10 ++++++++++
1 file changed, 10 insertions(+)
--- a/arch/x86/boot/compressed/eboot.c
+++ b/arch/x86/boot/compressed/eboot.c
@@ -738,6 +738,7 @@ efi_main(struct efi_config *c, struct bo
struct desc_struct *desc;
void *handle;
efi_system_table_t *_table;
+ unsigned long cmdline_paddr;
efi_early = c;
@@ -756,6 +757,15 @@ efi_main(struct efi_config *c, struct bo
setup_boot_services32(efi_early);
/*
+ * make_boot_params() may have been called before efi_main(), in which
+ * case this is the second time we parse the cmdline. This is ok,
+ * parsing the cmdline multiple times does not have side-effects.
+ */
+ cmdline_paddr = ((u64)hdr->cmd_line_ptr |
+ ((u64)boot_params->ext_cmd_line_ptr << 32));
+ efi_parse_options((char *)cmdline_paddr);
+
+ /*
* If the boot loader gave us a value for secure_boot then we use that,
* otherwise we ask the BIOS.
*/
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 094/361] x86: boot: Fix EFI stub alignment
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (92 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 093/361] efi/x86: Call efi_parse_options() from efi_main() Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 095/361] net: hns3: Add nic state check before calling netif_tx_wake_queue Greg Kroah-Hartman
` (269 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ben Hutchings, Ard Biesheuvel, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ben Hutchings <ben@decadent.org.uk>
[ Upstream commit 9c1442a9d039a1a3302fa93e9a11001c5f23b624 ]
We currently align the end of the compressed image to a multiple of
16. However, the PE-COFF header included in the EFI stub says that
the file alignment is 32 bytes, and when adding an EFI signature to
the file it must first be padded to this alignment.
sbsigntool commands warn about this:
warning: file-aligned section .text extends beyond end of file
warning: checksum areas are greater than image size. Invalid section table?
Worse, pesign -at least when creating a detached signature- uses the
hash of the unpadded file, resulting in an invalid signature if
padding is required.
Avoid both these problems by increasing alignment to 32 bytes when
CONFIG_EFI_STUB is enabled.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/boot/tools/build.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/arch/x86/boot/tools/build.c
+++ b/arch/x86/boot/tools/build.c
@@ -391,6 +391,13 @@ int main(int argc, char ** argv)
die("Unable to mmap '%s': %m", argv[2]);
/* Number of 16-byte paragraphs, including space for a 4-byte CRC */
sys_size = (sz + 15 + 4) / 16;
+#ifdef CONFIG_EFI_STUB
+ /*
+ * COFF requires minimum 32-byte alignment of sections, and
+ * adding a signature is problematic without that alignment.
+ */
+ sys_size = (sys_size + 1) & ~1;
+#endif
/* Patch the setup code with the appropriate size parameters */
buf[0x1f1] = setup_sectors-1;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 095/361] net: hns3: Add nic state check before calling netif_tx_wake_queue
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (93 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 094/361] x86: boot: Fix EFI stub alignment Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 096/361] net: hns3: Fix ets validate issue Greg Kroah-Hartman
` (268 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jian Shen, Peng Li, Salil Mehta,
David S. Miller, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jian Shen <shenjian15@huawei.com>
[ Upstream commit 7a8101109dd37837f587cd56f3111d4fc17a07f5 ]
When nic down, it firstly calls netif_tx_stop_all_queues(), then calls
napi_disable(). But napi_disable() will wait current napi_poll finish,
it may call netif_tx_wake_queue(). This patch fixes it by add nic state
checking.
Fixes: 424eb834a9be ("net: hns3: Unified HNS3 {VF|PF} Ethernet Driver for hip08 SoC")
Signed-off-by: Jian Shen <shenjian15@huawei.com>
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: Salil Mehta <salil.mehta@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c
@@ -1915,6 +1915,7 @@ static int is_valid_clean_head(struct hn
bool hns3_clean_tx_ring(struct hns3_enet_ring *ring, int budget)
{
struct net_device *netdev = ring->tqp->handle->kinfo.netdev;
+ struct hns3_nic_priv *priv = netdev_priv(netdev);
struct netdev_queue *dev_queue;
int bytes, pkts;
int head;
@@ -1961,7 +1962,8 @@ bool hns3_clean_tx_ring(struct hns3_enet
* sees the new next_to_clean.
*/
smp_mb();
- if (netif_tx_queue_stopped(dev_queue)) {
+ if (netif_tx_queue_stopped(dev_queue) &&
+ !test_bit(HNS3_NIC_STATE_DOWN, &priv->state)) {
netif_tx_wake_queue(dev_queue);
ring->stats.restart_queue++;
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 096/361] net: hns3: Fix ets validate issue
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (94 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 095/361] net: hns3: Add nic state check before calling netif_tx_wake_queue Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 097/361] pinctrl: sunxi: fix pctrl->functions allocation in sunxi_pinctrl_build_state Greg Kroah-Hartman
` (267 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jian Shen, Peng Li, Salil Mehta,
David S. Miller, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jian Shen <shenjian15@huawei.com>
[ Upstream commit adefc0a2ff465f4ac4a88450fe69d336c8b074c5 ]
There is a defect in hclge_ets_validate(). If each member of tc_tsa is
not IEEE_8021QAZ_TSA_ETS, the variable total_ets_bw won't be updated.
In this case, the check for value of total_ets_bw will fail. This patch
fixes it by checking total_ets_bw only after it has been updated.
Fixes: cacde272dd00 ("net: hns3: Add hclge_dcb module for the support of DCB feature")
Signed-off-by: Jian Shen <shenjian15@huawei.com>
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: Salil Mehta <salil.mehta@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_dcb.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_dcb.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_dcb.c
@@ -73,6 +73,7 @@ static int hclge_ieee_getets(struct hnae
static int hclge_ets_validate(struct hclge_dev *hdev, struct ieee_ets *ets,
u8 *tc, bool *changed)
{
+ bool has_ets_tc = false;
u32 total_ets_bw = 0;
u8 max_tc = 0;
u8 i;
@@ -100,13 +101,14 @@ static int hclge_ets_validate(struct hcl
*changed = true;
total_ets_bw += ets->tc_tx_bw[i];
- break;
+ has_ets_tc = true;
+ break;
default:
return -EINVAL;
}
}
- if (total_ets_bw != BW_PERCENT)
+ if (has_ets_tc && total_ets_bw != BW_PERCENT)
return -EINVAL;
*tc = max_tc + 1;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 097/361] pinctrl: sunxi: fix pctrl->functions allocation in sunxi_pinctrl_build_state
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (95 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 096/361] net: hns3: Fix ets validate issue Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 098/361] pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux Greg Kroah-Hartman
` (266 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, YueHaibing, Maxime Ripard,
Linus Walleij, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: YueHaibing <yuehaibing@huawei.com>
[ Upstream commit a4925311a5443126ecc90671a1604ea7b0f5b32e ]
fixes following Smatch static check warning:
./drivers/pinctrl/sunxi/pinctrl-sunxi.c:1112 sunxi_pinctrl_build_state()
warn: passing devm_ allocated variable to kfree. 'pctrl->functions'
As we will be calling krealloc() on pointer 'pctrl->functions', which means
kfree() will be called in there, devm_kzalloc() shouldn't be used with
the allocation in the first place. Fix the warning by calling kcalloc()
and managing the free procedure in error path on our own.
Fixes: 0e37f88d9ad8 ("ARM: sunxi: Add pinctrl driver for Allwinner SoCs")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Acked-by: Maxime Ripard <maxime.ripard@bootlin.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pinctrl/sunxi/pinctrl-sunxi.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
--- a/drivers/pinctrl/sunxi/pinctrl-sunxi.c
+++ b/drivers/pinctrl/sunxi/pinctrl-sunxi.c
@@ -1079,10 +1079,9 @@ static int sunxi_pinctrl_build_state(str
* We suppose that we won't have any more functions than pins,
* we'll reallocate that later anyway
*/
- pctl->functions = devm_kcalloc(&pdev->dev,
- pctl->ngroups,
- sizeof(*pctl->functions),
- GFP_KERNEL);
+ pctl->functions = kcalloc(pctl->ngroups,
+ sizeof(*pctl->functions),
+ GFP_KERNEL);
if (!pctl->functions)
return -ENOMEM;
@@ -1133,8 +1132,10 @@ static int sunxi_pinctrl_build_state(str
func_item = sunxi_pinctrl_find_function_by_name(pctl,
func->name);
- if (!func_item)
+ if (!func_item) {
+ kfree(pctl->functions);
return -EINVAL;
+ }
if (!func_item->groups) {
func_item->groups =
@@ -1142,8 +1143,10 @@ static int sunxi_pinctrl_build_state(str
func_item->ngroups,
sizeof(*func_item->groups),
GFP_KERNEL);
- if (!func_item->groups)
+ if (!func_item->groups) {
+ kfree(pctl->functions);
return -ENOMEM;
+ }
}
func_grp = func_item->groups;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 098/361] pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (96 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 097/361] pinctrl: sunxi: fix pctrl->functions allocation in sunxi_pinctrl_build_state Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 099/361] brcmfmac: fix for proper support of 160MHz bandwidth Greg Kroah-Hartman
` (265 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, YueHaibing, Linus Walleij, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: YueHaibing <yuehaibing@huawei.com>
[ Upstream commit 69f8455f6cc78fa6cdf80d0105d7a748106271dc ]
'ret' should be returned while pmic_mpp_write_mode_ctl fails.
Fixes: 0e948042c420 ("pinctrl: qcom: spmi-mpp: Implement support for sink mode")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pinctrl/qcom/pinctrl-spmi-mpp.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/pinctrl/qcom/pinctrl-spmi-mpp.c
+++ b/drivers/pinctrl/qcom/pinctrl-spmi-mpp.c
@@ -319,6 +319,8 @@ static int pmic_mpp_set_mux(struct pinct
pad->function = function;
ret = pmic_mpp_write_mode_ctl(state, pad);
+ if (ret < 0)
+ return ret;
val = pad->is_enabled << PMIC_MPP_REG_MASTER_EN_SHIFT;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 099/361] brcmfmac: fix for proper support of 160MHz bandwidth
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (97 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 098/361] pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 100/361] net: hns3: Check hdev state when getting link status Greg Kroah-Hartman
` (264 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hante Meuleman,
Pieter-Paul Giesberts, Franky Lin, Arend van Spriel, Kalle Valo,
Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arend van Spriel <arend.vanspriel@broadcom.com>
[ Upstream commit 330994e8e8ec5d0b269a5265e6032b37e29aa336 ]
Decoding of firmware channel information was not complete for 160MHz
support. This resulted in the following warning:
WARNING: CPU: 2 PID: 2222 at .../broadcom/brcm80211/brcmutil/d11.c:196
brcmu_d11ac_decchspec+0x2e/0x100 [brcmutil]
Modules linked in: brcmfmac(O) brcmutil(O) sha256_generic cfg80211 ...
CPU: 2 PID: 2222 Comm: kworker/2:0 Tainted: G O
4.17.0-wt-testing-x64-00002-gf1bed50 #1
Hardware name: Dell Inc. Latitude E6410/07XJP9, BIOS A07 02/15/2011
Workqueue: events request_firmware_work_func
RIP: 0010:brcmu_d11ac_decchspec+0x2e/0x100 [brcmutil]
RSP: 0018:ffffc90000047bd0 EFLAGS: 00010206
RAX: 000000000000e832 RBX: ffff8801146fe910 RCX: ffff8801146fd3c0
RDX: 0000000000002800 RSI: 0000000000000070 RDI: ffffc90000047c30
RBP: ffffc90000047bd0 R08: 0000000000000000 R09: ffffffffa0798c80
R10: ffff88012bca55e0 R11: ffff880110a4ea00 R12: ffff8801146f8000
R13: ffffc90000047c30 R14: ffff8801146fe930 R15: ffff8801138e02e0
FS: 0000000000000000(0000) GS:ffff88012bc80000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f18ce8b8070 CR3: 000000000200a003 CR4: 00000000000206e0
Call Trace:
brcmf_setup_wiphybands+0x212/0x780 [brcmfmac]
brcmf_cfg80211_attach+0xae2/0x11a0 [brcmfmac]
brcmf_attach+0x1fc/0x4b0 [brcmfmac]
? __kmalloc+0x13c/0x1c0
brcmf_pcie_setup+0x99b/0xe00 [brcmfmac]
brcmf_fw_request_done+0x16a/0x1f0 [brcmfmac]
request_firmware_work_func+0x36/0x60
process_one_work+0x146/0x350
worker_thread+0x4a/0x3b0
kthread+0x102/0x140
? process_one_work+0x350/0x350
? kthread_bind+0x20/0x20
ret_from_fork+0x35/0x40
Code: 66 90 0f b7 07 55 48 89 e5 89 c2 88 47 02 88 47 03 66 81 e2 00 38
66 81 fa 00 18 74 6e 66 81 fa 00 20 74 39 66 81 fa 00 10 74 14 <0f>
0b 66 25 00 c0 74 20 66 3d 00 c0 75 20 c6 47 04 01 5d c3 66
---[ end trace 550c46682415b26d ]---
brcmfmac: brcmf_construct_chaninfo: Ignoring unexpected firmware channel 50
This patch adds the missing stuff to properly handle this.
Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com>
Reviewed-by: Franky Lin <franky.lin@broadcom.com>
Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/broadcom/brcm80211/brcmutil/d11.c | 34 ++++++++++-
drivers/net/wireless/broadcom/brcm80211/include/brcmu_wifi.h | 2
2 files changed, 35 insertions(+), 1 deletion(-)
--- a/drivers/net/wireless/broadcom/brcm80211/brcmutil/d11.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmutil/d11.c
@@ -77,6 +77,8 @@ static u16 d11ac_bw(enum brcmu_chan_bw b
return BRCMU_CHSPEC_D11AC_BW_40;
case BRCMU_CHAN_BW_80:
return BRCMU_CHSPEC_D11AC_BW_80;
+ case BRCMU_CHAN_BW_160:
+ return BRCMU_CHSPEC_D11AC_BW_160;
default:
WARN_ON(1);
}
@@ -190,8 +192,38 @@ static void brcmu_d11ac_decchspec(struct
break;
}
break;
- case BRCMU_CHSPEC_D11AC_BW_8080:
case BRCMU_CHSPEC_D11AC_BW_160:
+ switch (ch->sb) {
+ case BRCMU_CHAN_SB_LLL:
+ ch->control_ch_num -= CH_70MHZ_APART;
+ break;
+ case BRCMU_CHAN_SB_LLU:
+ ch->control_ch_num -= CH_50MHZ_APART;
+ break;
+ case BRCMU_CHAN_SB_LUL:
+ ch->control_ch_num -= CH_30MHZ_APART;
+ break;
+ case BRCMU_CHAN_SB_LUU:
+ ch->control_ch_num -= CH_10MHZ_APART;
+ break;
+ case BRCMU_CHAN_SB_ULL:
+ ch->control_ch_num += CH_10MHZ_APART;
+ break;
+ case BRCMU_CHAN_SB_ULU:
+ ch->control_ch_num += CH_30MHZ_APART;
+ break;
+ case BRCMU_CHAN_SB_UUL:
+ ch->control_ch_num += CH_50MHZ_APART;
+ break;
+ case BRCMU_CHAN_SB_UUU:
+ ch->control_ch_num += CH_70MHZ_APART;
+ break;
+ default:
+ WARN_ON_ONCE(1);
+ break;
+ }
+ break;
+ case BRCMU_CHSPEC_D11AC_BW_8080:
default:
WARN_ON_ONCE(1);
break;
--- a/drivers/net/wireless/broadcom/brcm80211/include/brcmu_wifi.h
+++ b/drivers/net/wireless/broadcom/brcm80211/include/brcmu_wifi.h
@@ -29,6 +29,8 @@
#define CH_UPPER_SB 0x01
#define CH_LOWER_SB 0x02
#define CH_EWA_VALID 0x04
+#define CH_70MHZ_APART 14
+#define CH_50MHZ_APART 10
#define CH_30MHZ_APART 6
#define CH_20MHZ_APART 4
#define CH_10MHZ_APART 2
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 100/361] net: hns3: Check hdev state when getting link status
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (98 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 099/361] brcmfmac: fix for proper support of 160MHz bandwidth Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 101/361] net: hns3: Set STATE_DOWN bit of hdev state when stopping net Greg Kroah-Hartman
` (263 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Fuyun Liang, Peng Li, Salil Mehta,
David S. Miller, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Peng Li <lipeng321@huawei.com>
[ Upstream commit 582d37bbb613b8ad86bf82845d3a74a02a5a0fa1 ]
By default, HW link status is up. If hclge_update_link_status is called
before net up, driver will print "link up". It is not suitable. hdev
state check is needed when getting link status.
Fixes: 46a3df9f9718 ("net: hns3: Add HNS3 Acceleration Engine & Compatibility Layer Support")
Fixes: e2cb1dec9779 ("net: hns3: Add HNS3 VF HCL(Hardware Compatibility Layer) Support")
Signed-off-by: Fuyun Liang <liangfuyun1@huawei.com>
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: Salil Mehta <salil.mehta@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 3 +++
drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 3 +++
2 files changed, 6 insertions(+)
--- a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c
@@ -2362,6 +2362,9 @@ static int hclge_get_mac_phy_link(struct
int mac_state;
int link_stat;
+ if (test_bit(HCLGE_STATE_DOWN, &hdev->state))
+ return 0;
+
mac_state = hclge_get_mac_link_status(hdev);
if (hdev->hw.mac.phydev) {
--- a/drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c
@@ -299,6 +299,9 @@ void hclgevf_update_link_status(struct h
client = handle->client;
+ link_state =
+ test_bit(HCLGEVF_STATE_DOWN, &hdev->state) ? 0 : link_state;
+
if (link_state != hdev->hw.mac.link) {
client->ops->link_status_change(handle, !!link_state);
hdev->hw.mac.link = link_state;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 101/361] net: hns3: Set STATE_DOWN bit of hdev state when stopping net
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (99 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 100/361] net: hns3: Check hdev state when getting link status Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 102/361] net: phy: phylink: ensure the carrier is off when starting phylink Greg Kroah-Hartman
` (262 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Fuyun Liang, Peng Li, Salil Mehta,
David S. Miller, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Fuyun Liang <liangfuyun1@huawei.com>
[ Upstream commit 2f7e489611bc685b8e00aba436032a8aac6cac57 ]
We clear STATE_DOWN bit of hdev state when starting net, but do not set
it again when stopping net. It causes that the net is down, but hdev state
is still up. STATE_DOWN bit of hdev state should be set when stopping net.
Fixes: 46a3df9f9718 ("net: hns3: Add HNS3 Acceleration Engine & Compatibility Layer Support")
Fixes: e2cb1dec9779 ("net: hns3: Add HNS3 VF HCL(Hardware Compatibility Layer) Support")
Signed-off-by: Fuyun Liang <liangfuyun1@huawei.com>
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: Salil Mehta <salil.mehta@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 2 ++
drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 2 ++
2 files changed, 4 insertions(+)
--- a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c
@@ -3814,6 +3814,8 @@ static void hclge_ae_stop(struct hnae3_h
struct hclge_dev *hdev = vport->back;
int i;
+ set_bit(HCLGE_STATE_DOWN, &hdev->state);
+
del_timer_sync(&hdev->service_timer);
cancel_work_sync(&hdev->service_task);
clear_bit(HCLGE_STATE_SERVICE_SCHED, &hdev->state);
--- a/drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c
@@ -1451,6 +1451,8 @@ static void hclgevf_ae_stop(struct hnae3
struct hclgevf_dev *hdev = hclgevf_ae_get_hdev(handle);
int i, queue_id;
+ set_bit(HCLGEVF_STATE_DOWN, &hdev->state);
+
for (i = 0; i < hdev->num_tqps; i++) {
/* Ring disable */
queue_id = hclgevf_get_queue_id(handle->kinfo.tqp[i]);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 102/361] net: phy: phylink: ensure the carrier is off when starting phylink
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (100 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 101/361] net: hns3: Set STATE_DOWN bit of hdev state when stopping net Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 103/361] block, bfq: correctly charge and reset entity service in all cases Greg Kroah-Hartman
` (261 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Antoine Tenart, Russell King,
David S. Miller, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Antoine Tenart <antoine.tenart@bootlin.com>
[ Upstream commit aeeb2e8fdefdd5d257a1446351c70cb3df540199 ]
Phylink made an assumption about the carrier state being down when
calling phylink_start(). If this assumption isn't satisfied, the
internal phylink state could misbehave and a net device could end up not
being functional.
This patch fixes this by explicitly calling netif_carrier_off() in
phylink_start().
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Acked-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/phy/phylink.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/net/phy/phylink.c
+++ b/drivers/net/phy/phylink.c
@@ -907,6 +907,9 @@ void phylink_start(struct phylink *pl)
phylink_an_mode_str(pl->link_an_mode),
phy_modes(pl->link_config.interface));
+ /* Always set the carrier off */
+ netif_carrier_off(pl->netdev);
+
/* Apply the link configuration to the MAC when starting. This allows
* a fixed-link to start with the correct parameters, and also
* ensures that we set the appropriate advertisement for Serdes links.
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 103/361] block, bfq: correctly charge and reset entity service in all cases
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (101 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 102/361] net: phy: phylink: ensure the carrier is off when starting phylink Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 104/361] arm64: entry: Allow handling of undefined instructions from EL1 Greg Kroah-Hartman
` (260 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Paolo Valente, Jens Axboe, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paolo Valente <paolo.valente@linaro.org>
[ Upstream commit cbeb869a3d1110450186b738199963c5e68c2a71 ]
BFQ schedules entities (which represent either per-process queues or
groups of queues) as a function of their timestamps. In particular, as
a function of their (virtual) finish times. The finish time of an
entity is computed as a function of the budget assigned to the entity,
assuming, tentatively, that the entity, once in service, will receive
an amount of service equal to its budget. Then, when the entity is
expired because it finishes to be served, this finish time is updated
as a function of the actual service received by the entity. This
allows the entity to be correctly charged with only the service
received, and then to be correctly re-scheduled.
Yet an entity may receive service also while not being the entity in
service (in the scheduling environment of its parent entity), for
several reasons. If the entity remains with no backlog while receiving
this 'unofficial' service, then it is expired. Also on such an
expiration, the finish time of the entity should be updated to account
for only the service actually received by the entity. Unfortunately,
such an update is not performed for an entity expiring without being
the entity in service.
In a similar vein, the service counter of the entity in service is
reset when the entity is expired, to be ready to be used for next
service cycle. This reset too should be performed also in case an
entity is expired because it remains empty after receiving service
while not being the entity in service. But in this case the reset is
not performed.
This commit performs the above update of the finish time and reset of
the service received, also for an entity expiring while not being the
entity in service.
Signed-off-by: Paolo Valente <paolo.valente@linaro.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/bfq-wf2q.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
--- a/block/bfq-wf2q.c
+++ b/block/bfq-wf2q.c
@@ -1181,10 +1181,17 @@ bool __bfq_deactivate_entity(struct bfq_
st = bfq_entity_service_tree(entity);
is_in_service = entity == sd->in_service_entity;
- if (is_in_service) {
- bfq_calc_finish(entity, entity->service);
+ bfq_calc_finish(entity, entity->service);
+
+ if (is_in_service)
sd->in_service_entity = NULL;
- }
+ else
+ /*
+ * Non in-service entity: nobody will take care of
+ * resetting its service counter on expiration. Do it
+ * now.
+ */
+ entity->service = 0;
if (entity->tree == &st->active)
bfq_active_extract(st, entity);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 104/361] arm64: entry: Allow handling of undefined instructions from EL1
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (102 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 103/361] block, bfq: correctly charge and reset entity service in all cases Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 105/361] kprobes: Return error if we fail to reuse kprobe instead of BUG_ON() Greg Kroah-Hartman
` (259 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Will Deacon, Catalin Marinas, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Will Deacon <will.deacon@arm.com>
[ Upstream commit 0bf0f444b2c49241b2b39aa3cf210d7c95ef6c34 ]
Rather than panic() when taking an undefined instruction exception from
EL1, allow a hook to be registered in case we want to emulate the
instruction, like we will for the SSBS PSTATE manipulation instructions.
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/kernel/entry.S | 2 +-
arch/arm64/kernel/traps.c | 11 +++++++----
2 files changed, 8 insertions(+), 5 deletions(-)
--- a/arch/arm64/kernel/entry.S
+++ b/arch/arm64/kernel/entry.S
@@ -589,7 +589,7 @@ el1_undef:
inherit_daif pstate=x23, tmp=x2
mov x0, sp
bl do_undefinstr
- ASM_BUG()
+ kernel_exit 1
el1_dbg:
/*
* Debug exception handling
--- a/arch/arm64/kernel/traps.c
+++ b/arch/arm64/kernel/traps.c
@@ -310,10 +310,12 @@ static int call_undef_hook(struct pt_reg
int (*fn)(struct pt_regs *regs, u32 instr) = NULL;
void __user *pc = (void __user *)instruction_pointer(regs);
- if (!user_mode(regs))
- return 1;
-
- if (compat_thumb_mode(regs)) {
+ if (!user_mode(regs)) {
+ __le32 instr_le;
+ if (probe_kernel_address((__force __le32 *)pc, instr_le))
+ goto exit;
+ instr = le32_to_cpu(instr_le);
+ } else if (compat_thumb_mode(regs)) {
/* 16-bit Thumb instruction */
__le16 instr_le;
if (get_user(instr_le, (__le16 __user *)pc))
@@ -407,6 +409,7 @@ asmlinkage void __exception do_undefinst
return;
force_signal_inject(SIGILL, ILL_ILLOPC, regs->pc);
+ BUG_ON(!user_mode(regs));
}
void cpu_enable_cache_maint_trap(const struct arm64_cpu_capabilities *__unused)
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 105/361] kprobes: Return error if we fail to reuse kprobe instead of BUG_ON()
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (103 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 104/361] arm64: entry: Allow handling of undefined instructions from EL1 Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 106/361] spi: gpio: No MISO does not imply no RX Greg Kroah-Hartman
` (258 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Masami Hiramatsu,
Anil S Keshavamurthy, David S . Miller, Linus Torvalds,
Naveen N . Rao, Peter Zijlstra, Thomas Gleixner, Ingo Molnar,
Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Masami Hiramatsu <mhiramat@kernel.org>
[ Upstream commit 819319fc93461c07b9cdb3064f154bd8cfd48172 ]
Make reuse_unused_kprobe() to return error code if
it fails to reuse unused kprobe for optprobe instead
of calling BUG_ON().
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com>
Cc: David S . Miller <davem@davemloft.net>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Naveen N . Rao <naveen.n.rao@linux.vnet.ibm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/153666124040.21306.14150398706331307654.stgit@devbox
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/kprobes.c | 27 ++++++++++++++++++++-------
1 file changed, 20 insertions(+), 7 deletions(-)
--- a/kernel/kprobes.c
+++ b/kernel/kprobes.c
@@ -700,9 +700,10 @@ static void unoptimize_kprobe(struct kpr
}
/* Cancel unoptimizing for reusing */
-static void reuse_unused_kprobe(struct kprobe *ap)
+static int reuse_unused_kprobe(struct kprobe *ap)
{
struct optimized_kprobe *op;
+ int ret;
BUG_ON(!kprobe_unused(ap));
/*
@@ -714,8 +715,12 @@ static void reuse_unused_kprobe(struct k
/* Enable the probe again */
ap->flags &= ~KPROBE_FLAG_DISABLED;
/* Optimize it again (remove from op->list) */
- BUG_ON(!kprobe_optready(ap));
+ ret = kprobe_optready(ap);
+ if (ret)
+ return ret;
+
optimize_kprobe(ap);
+ return 0;
}
/* Remove optimized instructions */
@@ -940,11 +945,16 @@ static void __disarm_kprobe(struct kprob
#define kprobe_disarmed(p) kprobe_disabled(p)
#define wait_for_kprobe_optimizer() do {} while (0)
-/* There should be no unused kprobes can be reused without optimization */
-static void reuse_unused_kprobe(struct kprobe *ap)
+static int reuse_unused_kprobe(struct kprobe *ap)
{
+ /*
+ * If the optimized kprobe is NOT supported, the aggr kprobe is
+ * released at the same time that the last aggregated kprobe is
+ * unregistered.
+ * Thus there should be no chance to reuse unused kprobe.
+ */
printk(KERN_ERR "Error: There should be no unused kprobe here.\n");
- BUG_ON(kprobe_unused(ap));
+ return -EINVAL;
}
static void free_aggr_kprobe(struct kprobe *p)
@@ -1318,9 +1328,12 @@ static int register_aggr_kprobe(struct k
goto out;
}
init_aggr_kprobe(ap, orig_p);
- } else if (kprobe_unused(ap))
+ } else if (kprobe_unused(ap)) {
/* This probe is going to die. Rescue it */
- reuse_unused_kprobe(ap);
+ ret = reuse_unused_kprobe(ap);
+ if (ret)
+ goto out;
+ }
if (kprobe_gone(ap)) {
/*
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 106/361] spi: gpio: No MISO does not imply no RX
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (104 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 105/361] kprobes: Return error if we fail to reuse kprobe instead of BUG_ON() Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 107/361] ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers Greg Kroah-Hartman
` (257 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andrzej Hajda, Lorenzo Bianconi,
Linus Walleij, Mark Brown, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Linus Walleij <linus.walleij@linaro.org>
[ Upstream commit abf5feef3ff0cefade0c76be53b59e55fdd46093 ]
There is a logical problem in spi-gpio with host just
assigning a MOSI line and no MISO: this is interpreted
as the host cannot do RX and the host is flagged with
SPI_MASTER_NO_RX.
This is wrong: since GPIO lines can switch direction,
in 3WIRE operation the host will simply reverse the
direction of the GPIO line and start reading from it,
there is even code for doing this in the driver, but
it went unnoticed because it was tested by using a
master with 4 wires but a device using just 3 wires.
Remove the offending flag.
Cc: Andrzej Hajda <a.hajda@samsung.com>
Cc: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/spi/spi-gpio.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
--- a/drivers/spi/spi-gpio.c
+++ b/drivers/spi/spi-gpio.c
@@ -295,9 +295,11 @@ static int spi_gpio_request(struct devic
spi_gpio->miso = devm_gpiod_get_optional(dev, "miso", GPIOD_IN);
if (IS_ERR(spi_gpio->miso))
return PTR_ERR(spi_gpio->miso);
- if (!spi_gpio->miso)
- /* HW configuration without MISO pin */
- *mflags |= SPI_MASTER_NO_RX;
+ /*
+ * No setting SPI_MASTER_NO_RX here - if there is only a MOSI
+ * pin connected the host can still do RX by changing the
+ * direction of the line.
+ */
spi_gpio->sck = devm_gpiod_get(dev, "sck", GPIOD_OUT_LOW);
if (IS_ERR(spi_gpio->sck))
@@ -423,7 +425,7 @@ static int spi_gpio_probe(struct platfor
spi_gpio->bitbang.chipselect = spi_gpio_chipselect;
spi_gpio->bitbang.set_line_direction = spi_gpio_set_direction;
- if ((master_flags & (SPI_MASTER_NO_TX | SPI_MASTER_NO_RX)) == 0) {
+ if ((master_flags & SPI_MASTER_NO_TX) == 0) {
spi_gpio->bitbang.txrx_word[SPI_MODE_0] = spi_gpio_txrx_word_mode0;
spi_gpio->bitbang.txrx_word[SPI_MODE_1] = spi_gpio_txrx_word_mode1;
spi_gpio->bitbang.txrx_word[SPI_MODE_2] = spi_gpio_txrx_word_mode2;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 107/361] ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (105 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 106/361] spi: gpio: No MISO does not imply no RX Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 108/361] pinctrl: qcom: spmi-mpp: Fix drive strength setting Greg Kroah-Hartman
` (256 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans de Goede, Andy Shevchenko,
Rafael J. Wysocki, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 240714061c58e6b1abfb3322398a7634151c06cb ]
Bay and Cherry Trail DSTDs represent a different set of devices depending
on which OS the device think it is booting. One set of decices for Windows
and another set of devices for Android which targets the Android-x86 Linux
kernel fork (which e.g. used to have its own display driver instead of
using the i915 driver).
Which set of devices we are actually going to get is out of our control,
this is controlled by the ACPI OSID variable, which gets either set through
an EFI setup option, or sometimes is autodetected. So we need to support
both.
This commit adds support for the 80862286 and 808622C0 ACPI HIDs which we
get for the first resp. second DMA controller on Cherry Trail devices when
OSID is set to Android.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/acpi/acpi_lpss.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/acpi/acpi_lpss.c
+++ b/drivers/acpi/acpi_lpss.c
@@ -327,9 +327,11 @@ static const struct acpi_device_id acpi_
{ "INT33FC", },
/* Braswell LPSS devices */
+ { "80862286", LPSS_ADDR(lpss_dma_desc) },
{ "80862288", LPSS_ADDR(bsw_pwm_dev_desc) },
{ "8086228A", LPSS_ADDR(bsw_uart_dev_desc) },
{ "8086228E", LPSS_ADDR(bsw_spi_dev_desc) },
+ { "808622C0", LPSS_ADDR(lpss_dma_desc) },
{ "808622C1", LPSS_ADDR(bsw_i2c_dev_desc) },
/* Broadwell LPSS devices */
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 108/361] pinctrl: qcom: spmi-mpp: Fix drive strength setting
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (106 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 107/361] ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 109/361] bpf/verifier: fix verifier instability Greg Kroah-Hartman
` (255 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Doug Anderson, Stephen Boyd,
Bjorn Andersson, Linus Walleij, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stephen Boyd <swboyd@chromium.org>
[ Upstream commit 89c68b102f13f123aaef22b292526d6b92501334 ]
It looks like we parse the drive strength setting here, but never
actually write it into the hardware to update it. Parse the setting and
then write it at the end of the pinconf setting function so that it
actually sticks in the hardware.
Fixes: 0e948042c420 ("pinctrl: qcom: spmi-mpp: Implement support for sink mode")
Cc: Doug Anderson <dianders@chromium.org>
Signed-off-by: Stephen Boyd <swboyd@chromium.org>
Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pinctrl/qcom/pinctrl-spmi-mpp.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/drivers/pinctrl/qcom/pinctrl-spmi-mpp.c
+++ b/drivers/pinctrl/qcom/pinctrl-spmi-mpp.c
@@ -457,7 +457,7 @@ static int pmic_mpp_config_set(struct pi
pad->dtest = arg;
break;
case PIN_CONFIG_DRIVE_STRENGTH:
- arg = pad->drive_strength;
+ pad->drive_strength = arg;
break;
case PMIC_MPP_CONF_AMUX_ROUTE:
if (arg >= PMIC_MPP_AMUX_ROUTE_ABUS4)
@@ -504,6 +504,10 @@ static int pmic_mpp_config_set(struct pi
if (ret < 0)
return ret;
+ ret = pmic_mpp_write(state, pad, PMIC_MPP_REG_SINK_CTL, pad->drive_strength);
+ if (ret < 0)
+ return ret;
+
val = pad->is_enabled << PMIC_MPP_REG_MASTER_EN_SHIFT;
return pmic_mpp_write(state, pad, PMIC_MPP_REG_EN_CTL, val);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 109/361] bpf/verifier: fix verifier instability
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (107 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 108/361] pinctrl: qcom: spmi-mpp: Fix drive strength setting Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 110/361] failover: Add missing check to validate slave_dev in net_failover_slave_unregister Greg Kroah-Hartman
` (254 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Edward Cree, Alexei Starovoitov, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexei Starovoitov <ast@kernel.org>
[ Upstream commit a9c676bc8fc58d00eea9836fb14ee43c0346416a ]
Edward Cree says:
In check_mem_access(), for the PTR_TO_CTX case, after check_ctx_access()
has supplied a reg_type, the other members of the register state are set
appropriately. Previously reg.range was set to 0, but as it is in a
union with reg.map_ptr, which is larger, upper bytes of the latter were
left in place. This then caused the memcmp() in regsafe() to fail,
preventing some branches from being pruned (and occasionally causing the
same program to take a varying number of processed insns on repeated
verifier runs).
Fix the instability by clearing bpf_reg_state in __mark_reg_[un]known()
Fixes: f1174f77b50c ("bpf/verifier: rework value tracking")
Debugged-by: Edward Cree <ecree@solarflare.com>
Acked-by: Edward Cree <ecree@solarflare.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/bpf/verifier.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -553,7 +553,9 @@ static void __mark_reg_not_init(struct b
*/
static void __mark_reg_known(struct bpf_reg_state *reg, u64 imm)
{
- reg->id = 0;
+ /* Clear id, off, and union(map_ptr, range) */
+ memset(((u8 *)reg) + sizeof(reg->type), 0,
+ offsetof(struct bpf_reg_state, var_off) - sizeof(reg->type));
reg->var_off = tnum_const(imm);
reg->smin_value = (s64)imm;
reg->smax_value = (s64)imm;
@@ -572,7 +574,6 @@ static void __mark_reg_known_zero(struct
static void __mark_reg_const_zero(struct bpf_reg_state *reg)
{
__mark_reg_known(reg, 0);
- reg->off = 0;
reg->type = SCALAR_VALUE;
}
@@ -683,9 +684,12 @@ static void __mark_reg_unbounded(struct
/* Mark a register as having a completely unknown (scalar) value. */
static void __mark_reg_unknown(struct bpf_reg_state *reg)
{
+ /*
+ * Clear type, id, off, and union(map_ptr, range) and
+ * padding between 'type' and union
+ */
+ memset(reg, 0, offsetof(struct bpf_reg_state, var_off));
reg->type = SCALAR_VALUE;
- reg->id = 0;
- reg->off = 0;
reg->var_off = tnum_unknown;
reg->frameno = 0;
__mark_reg_unbounded(reg);
@@ -1727,9 +1731,6 @@ static int check_mem_access(struct bpf_v
else
mark_reg_known_zero(env, regs,
value_regno);
- regs[value_regno].id = 0;
- regs[value_regno].off = 0;
- regs[value_regno].range = 0;
regs[value_regno].type = reg_type;
}
@@ -2580,7 +2581,6 @@ static int check_helper_call(struct bpf_
regs[BPF_REG_0].type = PTR_TO_MAP_VALUE_OR_NULL;
/* There is no offset yet applied, variable or fixed */
mark_reg_known_zero(env, regs, BPF_REG_0);
- regs[BPF_REG_0].off = 0;
/* remember map_ptr, so that check_map_access()
* can check 'value_size' boundary of memory access
* to map element returned from bpf_map_lookup_elem()
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 110/361] failover: Add missing check to validate slave_dev in net_failover_slave_unregister
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (108 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 109/361] bpf/verifier: fix verifier instability Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 111/361] perf tests: Fix record+probe_libc_inet_pton.sh without pings debuginfo Greg Kroah-Hartman
` (253 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, YueHaibing, Sridhar Samudrala,
David S. Miller, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: YueHaibing <yuehaibing@huawei.com>
[ Upstream commit 9e7e6cabf371cc008cb2244a04c012b516753693 ]
Fixes gcc '-Wunused-but-set-variable' warning:
drivers/net/net_failover.c: In function 'net_failover_slave_unregister':
drivers/net/net_failover.c:598:35: warning:
variable 'primary_dev' set but not used [-Wunused-but-set-variable]
There should check the validity of 'slave_dev'.
Fixes: cfc80d9a1163 ("net: Introduce net_failover driver")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Acked-by: Sridhar Samudrala <sridhar.samudrala@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/net_failover.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/net/net_failover.c
+++ b/drivers/net/net_failover.c
@@ -603,6 +603,9 @@ static int net_failover_slave_unregister
primary_dev = rtnl_dereference(nfo_info->primary_dev);
standby_dev = rtnl_dereference(nfo_info->standby_dev);
+ if (WARN_ON_ONCE(slave_dev != primary_dev && slave_dev != standby_dev))
+ return -ENODEV;
+
vlan_vids_del_by_dev(slave_dev, failover_dev);
dev_uc_unsync(slave_dev, failover_dev);
dev_mc_unsync(slave_dev, failover_dev);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 111/361] perf tests: Fix record+probe_libc_inet_pton.sh without pings debuginfo
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (109 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 110/361] failover: Add missing check to validate slave_dev in net_failover_slave_unregister Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 112/361] pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant Greg Kroah-Hartman
` (252 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Adrian Hunter, Alexander Shishkin,
David Ahern, Hendrik Brueckner, Jiri Olsa, Kim Phillips,
Michael Petlan, Namhyung Kim, Naveen N. Rao, Peter Zijlstra,
Ravi Bangoria, Sandipan Das, Sukadev Bhattiprolu, Thomas Richter,
Wang Nan, Arnaldo Carvalho de Melo, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arnaldo Carvalho de Melo <acme@redhat.com>
[ Upstream commit 1632936480a53d85ef3012cd9f290e247251cbb9 ]
When we don't have the iputils-debuginfo package installed, i.e. when we
don't have the DWARF information needed to resolve ping's samples, we
end up failing this 'perf test' entry:
# perf test ping
62: probe libc's inet_pton & backtrace it with ping : Ok
# rpm -e iputils-debuginfo
# perf test ping
62: probe libc's inet_pton & backtrace it with ping : FAILED!
#
Fix it to accept "[unknown]" where the symbol + offset, when resolved,
is expected.
I think this will fail in the other arches as well, but since I can't
test now, I'm leaving s390x and ppc cases as-is.
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Kim Phillips <kim.phillips@arm.com>
Cc: Michael Petlan <mpetlan@redhat.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Ravi Bangoria <ravi.bangoria@linux.ibm.com>
Cc: Sandipan Das <sandipan@linux.vnet.ibm.com>
Cc: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
Cc: Thomas Richter <tmricht@linux.vnet.ibm.com>
Cc: Wang Nan <wangnan0@huawei.com>
Fixes: 7903a7086723 ("perf script: Show symbol offsets by default")
Link: https://lkml.kernel.org/n/tip-hnizqwqrs03vcq1b74yao0f6@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/perf/tests/shell/record+probe_libc_inet_pton.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/tools/perf/tests/shell/record+probe_libc_inet_pton.sh
+++ b/tools/perf/tests/shell/record+probe_libc_inet_pton.sh
@@ -48,7 +48,7 @@ trace_libc_inet_pton_backtrace() {
*)
eventattr='max-stack=3'
echo "getaddrinfo\+0x[[:xdigit:]]+[[:space:]]\($libc\)$" >> $expected
- echo ".*\+0x[[:xdigit:]]+[[:space:]]\(.*/bin/ping.*\)$" >> $expected
+ echo ".*(\+0x[[:xdigit:]]+|\[unknown\])[[:space:]]\(.*/bin/ping.*\)$" >> $expected
;;
esac
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 112/361] pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (110 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 111/361] perf tests: Fix record+probe_libc_inet_pton.sh without pings debuginfo Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 113/361] pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() " Greg Kroah-Hartman
` (251 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Douglas Anderson, Stephen Boyd,
Bjorn Andersson, Linus Walleij, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Douglas Anderson <dianders@chromium.org>
[ Upstream commit 0d5b476f8f57fcb06c45fe27681ac47254f63fd2 ]
If you look at "pinconf-groups" in debugfs for ssbi-mpp you'll notice
it looks like nonsense.
The problem is fairly well described in commit 1cf86bc21257 ("pinctrl:
qcom: spmi-gpio: Fix pmic_gpio_config_get() to be compliant") and
commit 05e0c828955c ("pinctrl: msm: Fix msm_config_group_get() to be
compliant"), but it was pointed out that ssbi-mpp has the same
problem. Let's fix it there too.
NOTE: in case it's helpful to someone reading this, the way to tell
whether to do the -EINVAL or not is to look at the PCONFDUMP for a
given attribute. If the last element (has_arg) is false then you need
to do the -EINVAL trick.
ALSO NOTE: it seems unlikely that the values returned when we try to
get PIN_CONFIG_BIAS_PULL_UP will actually be printed since "has_arg"
is false for that one, but I guess it's still fine to return different
values so I kept doing that. It seems like another driver (ssbi-gpio)
uses a custom attribute (PM8XXX_QCOM_PULL_UP_STRENGTH) for something
similar so maybe a future change should do that here too.
Fixes: cfb24f6ebd38 ("pinctrl: Qualcomm SPMI PMIC MPP pin controller driver")
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Reviewed-by: Stephen Boyd <sboyd@kernel.org>
Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pinctrl/qcom/pinctrl-spmi-mpp.c | 19 ++++++++++++-------
1 file changed, 12 insertions(+), 7 deletions(-)
--- a/drivers/pinctrl/qcom/pinctrl-spmi-mpp.c
+++ b/drivers/pinctrl/qcom/pinctrl-spmi-mpp.c
@@ -345,13 +345,12 @@ static int pmic_mpp_config_get(struct pi
switch (param) {
case PIN_CONFIG_BIAS_DISABLE:
- arg = pad->pullup == PMIC_MPP_PULL_UP_OPEN;
+ if (pad->pullup != PMIC_MPP_PULL_UP_OPEN)
+ return -EINVAL;
+ arg = 1;
break;
case PIN_CONFIG_BIAS_PULL_UP:
switch (pad->pullup) {
- case PMIC_MPP_PULL_UP_OPEN:
- arg = 0;
- break;
case PMIC_MPP_PULL_UP_0P6KOHM:
arg = 600;
break;
@@ -366,13 +365,17 @@ static int pmic_mpp_config_get(struct pi
}
break;
case PIN_CONFIG_BIAS_HIGH_IMPEDANCE:
- arg = !pad->is_enabled;
+ if (pad->is_enabled)
+ return -EINVAL;
+ arg = 1;
break;
case PIN_CONFIG_POWER_SOURCE:
arg = pad->power_source;
break;
case PIN_CONFIG_INPUT_ENABLE:
- arg = pad->input_enabled;
+ if (!pad->input_enabled)
+ return -EINVAL;
+ arg = 1;
break;
case PIN_CONFIG_OUTPUT:
arg = pad->out_value;
@@ -384,7 +387,9 @@ static int pmic_mpp_config_get(struct pi
arg = pad->amux_input;
break;
case PMIC_MPP_CONF_PAIRED:
- arg = pad->paired;
+ if (!pad->paired)
+ return -EINVAL;
+ arg = 1;
break;
case PIN_CONFIG_DRIVE_STRENGTH:
arg = pad->drive_strength;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 113/361] pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (111 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 112/361] pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 114/361] net: hns3: Preserve vlan 0 in hardware table Greg Kroah-Hartman
` (250 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Douglas Anderson, Stephen Boyd,
Bjorn Andersson, Linus Walleij, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Douglas Anderson <dianders@chromium.org>
[ Upstream commit b432414b996d32a1bd9afe2bd595bd5729c1477f ]
If you look at "pinconf-groups" in debugfs for ssbi-gpio you'll notice
it looks like nonsense.
The problem is fairly well described in commit 1cf86bc21257 ("pinctrl:
qcom: spmi-gpio: Fix pmic_gpio_config_get() to be compliant") and
commit 05e0c828955c ("pinctrl: msm: Fix msm_config_group_get() to be
compliant"), but it was pointed out that ssbi-gpio has the same
problem. Let's fix it there too.
Fixes: b4c45fe974bc ("pinctrl: qcom: ssbi: Family A gpio & mpp drivers")
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Reviewed-by: Stephen Boyd <sboyd@kernel.org>
Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pinctrl/qcom/pinctrl-ssbi-gpio.c | 28 +++++++++++++++++++++-------
1 file changed, 21 insertions(+), 7 deletions(-)
--- a/drivers/pinctrl/qcom/pinctrl-ssbi-gpio.c
+++ b/drivers/pinctrl/qcom/pinctrl-ssbi-gpio.c
@@ -260,22 +260,32 @@ static int pm8xxx_pin_config_get(struct
switch (param) {
case PIN_CONFIG_BIAS_DISABLE:
- arg = pin->bias == PM8XXX_GPIO_BIAS_NP;
+ if (pin->bias != PM8XXX_GPIO_BIAS_NP)
+ return -EINVAL;
+ arg = 1;
break;
case PIN_CONFIG_BIAS_PULL_DOWN:
- arg = pin->bias == PM8XXX_GPIO_BIAS_PD;
+ if (pin->bias != PM8XXX_GPIO_BIAS_PD)
+ return -EINVAL;
+ arg = 1;
break;
case PIN_CONFIG_BIAS_PULL_UP:
- arg = pin->bias <= PM8XXX_GPIO_BIAS_PU_1P5_30;
+ if (pin->bias > PM8XXX_GPIO_BIAS_PU_1P5_30)
+ return -EINVAL;
+ arg = 1;
break;
case PM8XXX_QCOM_PULL_UP_STRENGTH:
arg = pin->pull_up_strength;
break;
case PIN_CONFIG_BIAS_HIGH_IMPEDANCE:
- arg = pin->disable;
+ if (!pin->disable)
+ return -EINVAL;
+ arg = 1;
break;
case PIN_CONFIG_INPUT_ENABLE:
- arg = pin->mode == PM8XXX_GPIO_MODE_INPUT;
+ if (pin->mode != PM8XXX_GPIO_MODE_INPUT)
+ return -EINVAL;
+ arg = 1;
break;
case PIN_CONFIG_OUTPUT:
if (pin->mode & PM8XXX_GPIO_MODE_OUTPUT)
@@ -290,10 +300,14 @@ static int pm8xxx_pin_config_get(struct
arg = pin->output_strength;
break;
case PIN_CONFIG_DRIVE_PUSH_PULL:
- arg = !pin->open_drain;
+ if (pin->open_drain)
+ return -EINVAL;
+ arg = 1;
break;
case PIN_CONFIG_DRIVE_OPEN_DRAIN:
- arg = pin->open_drain;
+ if (!pin->open_drain)
+ return -EINVAL;
+ arg = 1;
break;
default:
return -EINVAL;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 114/361] net: hns3: Preserve vlan 0 in hardware table
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (112 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 113/361] pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() " Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 115/361] net: hns3: Fix ping exited problem when doing lp selftest Greg Kroah-Hartman
` (249 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yunsheng Lin, Peng Li, Salil Mehta,
David S. Miller, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yunsheng Lin <linyunsheng@huawei.com>
[ Upstream commit daaa8521760ee4d4e65f309c4c37b3a1e58c9d4e ]
When netdev is down, the stack will delete the vlan from
hardware including vlan0, which will cause problem when
doing loopback selftest when netdev is down.
This patch fixes it by always preserving vlan 0 in hardware,
because vlan 0 is defalut vlan, which should always be in
hardware.
Fixes: c39c4d98dc65 ("net: hns3: Add mac loopback selftest support in hns3 driver")
Signed-off-by: Yunsheng Lin <linyunsheng@huawei.com>
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: Salil Mehta <salil.mehta@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c
@@ -4739,6 +4739,9 @@ static int hclge_set_vlan_filter_hw(stru
u16 vport_idx, vport_num = 0;
int ret;
+ if (is_kill && !vlan_id)
+ return 0;
+
ret = hclge_set_vf_vlan_common(hdev, vport_id, is_kill, vlan_id,
0, proto);
if (ret) {
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 115/361] net: hns3: Fix ping exited problem when doing lp selftest
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (113 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 114/361] net: hns3: Preserve vlan 0 in hardware table Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 116/361] net: hns3: Fix for vf vlan delete failed problem Greg Kroah-Hartman
` (248 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yunsheng Lin, Peng Li, Salil Mehta,
David S. Miller, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yunsheng Lin <linyunsheng@huawei.com>
[ Upstream commit 3f8601f0f5716c4e63a9f215bbc581df42859d61 ]
When ping is runnig and user executes the loopback selftest, the
ping cmd will stop and exit.
This patch fixes it by using the hns3_nic_net_open/stop to offline
the netdev when doing loopback selftest.
Fixes: c39c4d98dc65 ("net: hns3: Add mac loopback selftest support in hns3 driver")
Signed-off-by: Yunsheng Lin <linyunsheng@huawei.com>
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: Salil Mehta <salil.mehta@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c
@@ -309,7 +309,7 @@ static void hns3_self_test(struct net_de
h->flags & HNAE3_SUPPORT_SERDES_LOOPBACK;
if (if_running)
- dev_close(ndev);
+ ndev->netdev_ops->ndo_stop(ndev);
#if IS_ENABLED(CONFIG_VLAN_8021Q)
/* Disable the vlan filter for selftest does not support it */
@@ -347,7 +347,7 @@ static void hns3_self_test(struct net_de
#endif
if (if_running)
- dev_open(ndev);
+ ndev->netdev_ops->ndo_open(ndev);
}
static int hns3_get_sset_count(struct net_device *netdev, int stringset)
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 116/361] net: hns3: Fix for vf vlan delete failed problem
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (114 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 115/361] net: hns3: Fix ping exited problem when doing lp selftest Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 117/361] net: dsa: mv88e6xxx: Fix writing to a PHY page Greg Kroah-Hartman
` (247 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yunsheng Lin, Peng Li, Salil Mehta,
David S. Miller, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yunsheng Lin <linyunsheng@huawei.com>
[ Upstream commit 41dafea2af781d8e3ab8626d236b52e4172905a3 ]
There are only 128 entries in vf vlan table, if user has added
more than 128 vlan, fw will ignore it and disable the vf vlan
table. So when user deletes the vlan entry that has not been
set to vf vlan table, fw will return not found result and driver
treat that as error, which will cause vlan delete failed problem.
This patch fixes it by returning ok when fw returns not found
result.
Fixes: 6c251711b37f ("net: hns3: Disable vf vlan filter when vf vlan table is full")
Signed-off-by: Yunsheng Lin <linyunsheng@huawei.com>
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: Salil Mehta <salil.mehta@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c
@@ -4693,9 +4693,17 @@ static int hclge_set_vf_vlan_common(stru
"Add vf vlan filter fail, ret =%d.\n",
req0->resp_code);
} else {
+#define HCLGE_VF_VLAN_DEL_NO_FOUND 1
if (!req0->resp_code)
return 0;
+ if (req0->resp_code == HCLGE_VF_VLAN_DEL_NO_FOUND) {
+ dev_warn(&hdev->pdev->dev,
+ "vlan %d filter is not in vf vlan table\n",
+ vlan);
+ return 0;
+ }
+
dev_err(&hdev->pdev->dev,
"Kill vf vlan filter fail, ret =%d.\n",
req0->resp_code);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 117/361] net: dsa: mv88e6xxx: Fix writing to a PHY page.
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (115 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 116/361] net: hns3: Fix for vf vlan delete failed problem Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 118/361] mt76x2u: run device cleanup routine if resume fails Greg Kroah-Hartman
` (246 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andrew Lunn, David S. Miller, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andrew Lunn <andrew@lunn.ch>
[ Upstream commit c309b158090d788e96ee597444965cb79b040484 ]
After changing to the needed page, actually write the value to the
register!
Fixes: 09cb7dfd3f14 ("net: dsa: mv88e6xxx: describe PHY page and SerDes")
Signed-off-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/dsa/mv88e6xxx/phy.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/net/dsa/mv88e6xxx/phy.c
+++ b/drivers/net/dsa/mv88e6xxx/phy.c
@@ -110,6 +110,9 @@ int mv88e6xxx_phy_page_write(struct mv88
err = mv88e6xxx_phy_page_get(chip, phy, page);
if (!err) {
err = mv88e6xxx_phy_write(chip, phy, MV88E6XXX_PHY_PAGE, page);
+ if (!err)
+ err = mv88e6xxx_phy_write(chip, phy, reg, val);
+
mv88e6xxx_phy_page_put(chip, phy);
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 118/361] mt76x2u: run device cleanup routine if resume fails
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (116 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 117/361] net: dsa: mv88e6xxx: Fix writing to a PHY page Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 119/361] rsi: fix memory alignment issue in ARM32 platforms Greg Kroah-Hartman
` (245 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lorenzo Bianconi, Kalle Valo, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
[ Upstream commit 9b2fd48d36e25b9be9ddb8be8cc1eb263a1d1843 ]
Cleanup {tx,rx} and mcu queues if resume operation fails
Fixes: ee676cd5017c ("mt76: add driver code for MT76x2u based devices")
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/mediatek/mt76/mt76x2_usb.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
--- a/drivers/net/wireless/mediatek/mt76/mt76x2_usb.c
+++ b/drivers/net/wireless/mediatek/mt76/mt76x2_usb.c
@@ -107,16 +107,24 @@ static int __maybe_unused mt76x2u_resume
mt76u_mcu_complete_urb,
&usb->mcu.cmpl);
if (err < 0)
- return err;
+ goto err;
err = mt76u_submit_rx_buffers(&dev->mt76);
if (err < 0)
- return err;
+ goto err;
tasklet_enable(&usb->rx_tasklet);
tasklet_enable(&usb->tx_tasklet);
- return mt76x2u_init_hardware(dev);
+ err = mt76x2u_init_hardware(dev);
+ if (err < 0)
+ goto err;
+
+ return 0;
+
+err:
+ mt76x2u_cleanup(dev);
+ return err;
}
MODULE_DEVICE_TABLE(usb, mt76x2u_device_table);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 119/361] rsi: fix memory alignment issue in ARM32 platforms
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (117 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 118/361] mt76x2u: run device cleanup routine if resume fails Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 120/361] libertas_tf: prevent underflow in process_cmdrequest() Greg Kroah-Hartman
` (244 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Siva Rebbagondla, Kalle Valo, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Siva Rebbagondla <siva.rebbagondla@redpinesignals.com>
[ Upstream commit baa8caf4ab7af2d9e84b566b99fe919a4e9e7562 ]
During testing in ARM32 platforms, observed below kernel panic, as driver
accessing data beyond the allocated memory while submitting URB to USB.
Fix: Resolved this by specifying correct length by considering 64 bit
alignment. so that, USB bus driver will access only allocated memory.
Unit-test: Tested and confirm that driver bring up and scanning,
connection and data transfer works fine with this fix.
...skipping...
[ 25.389450] Unable to handle kernel paging request at virtual
address 5aa11422
[ 25.403078] Internal error: Oops: 5 [#1] SMP ARM
[ 25.407703] Modules linked in: rsi_usb
[ 25.411473] CPU: 1 PID: 317 Comm: RX-Thread Not tainted 4.18.0-rc7 #1
[ 25.419221] Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
[ 25.425764] PC is at skb_release_data+0x90/0x168
[ 25.430393] LR is at skb_release_all+0x28/0x2c
[ 25.434842] pc : [<807435b0>] lr : [<80742ba0>] psr: 200e0013 5aa1141e
[ 25.464633] Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
[ 25.477524] Process RX-Thread (pid: 317, stack limit = 0x(ptrval))
[ 25.483709] Stack: (0xedf69ed8 to 0xedf6a000)
[ 25.569907] Backtrace:
[ 25.572368] [<80743520>] (skb_release_data) from [<80742ba0>]
(skb_release_all+0x28/0x2c)
[ 25.580555] r9:7f00258c r8:00000001 r7:ee355000 r6:eddab0d0
r5:eddab000 r4:eddbb840
[ 25.588308] [<80742b78>] (skb_release_all) from [<807432cc>]
(consume_skb+0x30/0x50)
[ 25.596055] r5:eddab000 r4:eddbb840
[ 25.599648] [<8074329c>] (consume_skb) from [<7f00117c>]
(rsi_usb_rx_thread+0x64/0x12c [rsi_usb])
[ 25.608524] r5:eddab000 r4:eddbb840
[ 25.612116] [<7f001118>] (rsi_usb_rx_thread [rsi_usb]) from
[<80142750>] (kthread+0x11c/0x15c)
[ 25.620735] r10:ee9ff9e0 r9:edcde3b8 r8:ee355000 r7:edf68000
r6:edd3a780 r5:00000000
[ 25.628567] r4:edcde380
[ 25.631110] [<80142634>] (kthread) from [<801010e8>]
(ret_from_fork+0x14/0x2c)
[ 25.638336] Exception stack(0xedf69fb0 to 0xedf69ff8)
[ 25.682929] ---[ end trace 8236a5496f5b5d3b ]---
Signed-off-by: Siva Rebbagondla <siva.rebbagondla@redpinesignals.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/rsi/rsi_91x_usb.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
--- a/drivers/net/wireless/rsi/rsi_91x_usb.c
+++ b/drivers/net/wireless/rsi/rsi_91x_usb.c
@@ -266,15 +266,17 @@ static void rsi_rx_done_handler(struct u
if (urb->status)
goto out;
- if (urb->actual_length <= 0) {
- rsi_dbg(INFO_ZONE, "%s: Zero length packet\n", __func__);
+ if (urb->actual_length <= 0 ||
+ urb->actual_length > rx_cb->rx_skb->len) {
+ rsi_dbg(INFO_ZONE, "%s: Invalid packet length = %d\n",
+ __func__, urb->actual_length);
goto out;
}
if (skb_queue_len(&dev->rx_q) >= RSI_MAX_RX_PKTS) {
rsi_dbg(INFO_ZONE, "Max RX packets reached\n");
goto out;
}
- skb_put(rx_cb->rx_skb, urb->actual_length);
+ skb_trim(rx_cb->rx_skb, urb->actual_length);
skb_queue_tail(&dev->rx_q, rx_cb->rx_skb);
rsi_set_event(&dev->rx_thread.event);
@@ -308,6 +310,7 @@ static int rsi_rx_urb_submit(struct rsi_
if (!skb)
return -ENOMEM;
skb_reserve(skb, MAX_DWORD_ALIGN_BYTES);
+ skb_put(skb, RSI_MAX_RX_USB_PKT_SIZE - MAX_DWORD_ALIGN_BYTES);
dword_align_bytes = (unsigned long)skb->data & 0x3f;
if (dword_align_bytes > 0)
skb_push(skb, dword_align_bytes);
@@ -319,7 +322,7 @@ static int rsi_rx_urb_submit(struct rsi_
usb_rcvbulkpipe(dev->usbdev,
dev->bulkin_endpoint_addr[ep_num - 1]),
urb->transfer_buffer,
- RSI_MAX_RX_USB_PKT_SIZE,
+ skb->len,
rsi_rx_done_handler,
rx_cb);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 120/361] libertas_tf: prevent underflow in process_cmdrequest()
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (118 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 119/361] rsi: fix memory alignment issue in ARM32 platforms Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 121/361] iwlwifi: mvm: fix BAR seq ctrl reporting Greg Kroah-Hartman
` (243 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Kalle Valo, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 3348ef6a6a126706d6a73ed40c18d8033df72783 ]
If recvlength is less than MESSAGE_HEADER_LEN (4) we would end up
corrupting memory.
Fixes: c305a19a0d0a ("libertas_tf: usb specific functions")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/marvell/libertas_tf/if_usb.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/drivers/net/wireless/marvell/libertas_tf/if_usb.c
+++ b/drivers/net/wireless/marvell/libertas_tf/if_usb.c
@@ -605,9 +605,10 @@ static inline void process_cmdrequest(in
{
unsigned long flags;
- if (recvlength > LBS_CMD_BUFFER_SIZE) {
+ if (recvlength < MESSAGE_HEADER_LEN ||
+ recvlength > LBS_CMD_BUFFER_SIZE) {
lbtf_deb_usbd(&cardp->udev->dev,
- "The receive buffer is too large\n");
+ "The receive buffer is invalid: %d\n", recvlength);
kfree_skb(skb);
return;
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 121/361] iwlwifi: mvm: fix BAR seq ctrl reporting
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (119 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 120/361] libertas_tf: prevent underflow in process_cmdrequest() Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 122/361] gpio: brcmstb: allow 0 width GPIO banks Greg Kroah-Hartman
` (242 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sara Sharon, Luca Coelho, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sara Sharon <sara.sharon@intel.com>
[ Upstream commit 941ab4eb66c10bc5c7234e83a7a858b2806ed151 ]
There is a bug in FW where the sequence control may be
incorrect, and the driver overrides it with the value
of the ieee80211 header.
However, in BAR there is no sequence control in the header,
which result with arbitrary sequence.
This access to an unknown location is bad and it makes the
logs very confusing - so fix it.
Signed-off-by: Sara Sharon <sara.sharon@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
--- a/drivers/net/wireless/intel/iwlwifi/mvm/tx.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/tx.c
@@ -1405,6 +1405,7 @@ static void iwl_mvm_rx_tx_cmd_single(str
while (!skb_queue_empty(&skbs)) {
struct sk_buff *skb = __skb_dequeue(&skbs);
struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
+ struct ieee80211_hdr *hdr = (void *)skb->data;
bool flushed = false;
skb_freed++;
@@ -1449,11 +1450,11 @@ static void iwl_mvm_rx_tx_cmd_single(str
info->flags |= IEEE80211_TX_STAT_AMPDU_NO_BACK;
info->flags &= ~IEEE80211_TX_CTL_AMPDU;
- /* W/A FW bug: seq_ctl is wrong when the status isn't success */
- if (status != TX_STATUS_SUCCESS) {
- struct ieee80211_hdr *hdr = (void *)skb->data;
+ /* W/A FW bug: seq_ctl is wrong upon failure / BAR frame */
+ if (ieee80211_is_back_req(hdr->frame_control))
+ seq_ctl = 0;
+ else if (status != TX_STATUS_SUCCESS)
seq_ctl = le16_to_cpu(hdr->seq_ctrl);
- }
if (unlikely(!seq_ctl)) {
struct ieee80211_hdr *hdr = (void *)skb->data;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 122/361] gpio: brcmstb: allow 0 width GPIO banks
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (120 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 121/361] iwlwifi: mvm: fix BAR seq ctrl reporting Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 123/361] ixgbe: disallow IPsec Tx offload when in SR-IOV mode Greg Kroah-Hartman
` (241 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Justin Chen, Florian Fainelli,
Linus Walleij, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Justin Chen <justinpopo6@gmail.com>
[ Upstream commit bfba223dcc4548632d8f3bfd15690a86d4c68504 ]
Sometimes we have empty banks within the GPIO block. This commit allows
proper handling of 0 width GPIO banks. We handle 0 width GPIO banks by
incrementing the bank and number of GPIOs, but not initializing them.
This will mean a call into the non-existent GPIOs will return an error.
Also remove "GPIO registered" dev print. This information is misleading
since the incremented banks and gpio_base do not reflect the actual GPIOs
that get initialized. We leave this information out since it is already
printed with dev_dbg.
Signed-off-by: Justin Chen <justinpopo6@gmail.com>
Acked-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpio/gpio-brcmstb.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
--- a/drivers/gpio/gpio-brcmstb.c
+++ b/drivers/gpio/gpio-brcmstb.c
@@ -664,6 +664,18 @@ static int brcmstb_gpio_probe(struct pla
struct brcmstb_gpio_bank *bank;
struct gpio_chip *gc;
+ /*
+ * If bank_width is 0, then there is an empty bank in the
+ * register block. Special handling for this case.
+ */
+ if (bank_width == 0) {
+ dev_dbg(dev, "Width 0 found: Empty bank @ %d\n",
+ num_banks);
+ num_banks++;
+ gpio_base += MAX_GPIO_PER_BANK;
+ continue;
+ }
+
bank = devm_kzalloc(dev, sizeof(*bank), GFP_KERNEL);
if (!bank) {
err = -ENOMEM;
@@ -740,9 +752,6 @@ static int brcmstb_gpio_probe(struct pla
goto fail;
}
- dev_info(dev, "Registered %d banks (GPIO(s): %d-%d)\n",
- num_banks, priv->gpio_base, gpio_base - 1);
-
if (priv->parent_wake_irq && need_wakeup_event)
pm_wakeup_event(dev, 0);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 123/361] ixgbe: disallow IPsec Tx offload when in SR-IOV mode
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (121 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 122/361] gpio: brcmstb: allow 0 width GPIO banks Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 124/361] ixgbevf: VF2VF TCP RSS Greg Kroah-Hartman
` (240 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Shannon Nelson, Andrew Bowers,
Jeff Kirsher, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Shannon Nelson <shannon.nelson@oracle.com>
[ Upstream commit 47b6f50077e68bcd544f657526dad4bfdce7e87d ]
There seems to be a problem in the x540's internal switch wherein if SR-IOV
mode is enabled and an offloaded IPsec packet is sent to a local VF,
the packet is silently dropped. This might never be a problem as it is
somewhat a corner case, but if someone happens to be using IPsec offload
from the PF to a VF that just happens to get migrated to the local box,
communication will mysteriously fail.
Not good.
A simple way to protect from this is to simply not allow any IPsec offloads
for outgoing packets when num_vfs != 0. This doesn't help any offloads that
were created before SR-IOV was enabled, but we'll get to that later.
Signed-off-by: Shannon Nelson <shannon.nelson@oracle.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
@@ -676,6 +676,9 @@ static int ixgbe_ipsec_add_sa(struct xfr
} else {
struct tx_sa tsa;
+ if (adapter->num_vfs)
+ return -EOPNOTSUPP;
+
/* find the first unused index */
ret = ixgbe_ipsec_find_empty_idx(ipsec, false);
if (ret < 0) {
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 124/361] ixgbevf: VF2VF TCP RSS
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (122 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 123/361] ixgbe: disallow IPsec Tx offload when in SR-IOV mode Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 125/361] wil6210: fix RX buffers release and unmap Greg Kroah-Hartman
` (239 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sebastian Basierski, Andrew Bowers,
Jeff Kirsher, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sebastian Basierski <sebastianx.basierski@intel.com>
[ Upstream commit 7fb94bd58dd6650a0158e68d414e185077d8b57a ]
While VF2VF with RSS communication, RSS Type were wrongly recognized
and RSS hash was not calculated as it should be. Packets was
distributed on various queues by accident.
This commit fixes that behaviour and causes proper RSS Type recognition.
Signed-off-by: Sebastian Basierski <sebastianx.basierski@intel.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c
+++ b/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c
@@ -3849,6 +3849,10 @@ static void ixgbevf_tx_csum(struct ixgbe
skb_checksum_help(skb);
goto no_csum;
}
+
+ if (first->protocol == htons(ETH_P_IP))
+ type_tucmd |= IXGBE_ADVTXD_TUCMD_IPV4;
+
/* update TX checksum flag */
first->tx_flags |= IXGBE_TX_FLAGS_CSUM;
vlan_macip_lens = skb_checksum_start_offset(skb) -
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 125/361] wil6210: fix RX buffers release and unmap
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (123 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 124/361] ixgbevf: VF2VF TCP RSS Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 126/361] ath10k: schedule hardware restart if WMI command times out Greg Kroah-Hartman
` (238 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maya Erez, Kalle Valo, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Maya Erez <merez@codeaurora.org>
[ Upstream commit 84f16fbb62384fb209cd35741d94eb00b5ca2746 ]
RX SKBs are released in both wil6210 rmmod and RX handle.
As there is no lock to protect the buffers DMA unmap,
the SKB pointer in buff_arr is used to check if the buffer
memory was already released.
Setting wil->rx_buff_mgmt.buff_arr[buff_id].skb to NULL before the DMA
memory unmap will prevent duplicate unmapping of the same memory.
Move the buffer ID to the free list also in case the SKB is NULL.
Signed-off-by: Maya Erez <merez@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/ath/wil6210/txrx_edma.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
--- a/drivers/net/wireless/ath/wil6210/txrx_edma.c
+++ b/drivers/net/wireless/ath/wil6210/txrx_edma.c
@@ -279,9 +279,6 @@ static void wil_move_all_rx_buff_to_free
u16 buff_id;
*d = *_d;
- pa = wil_rx_desc_get_addr_edma(&d->dma);
- dmalen = le16_to_cpu(d->dma.length);
- dma_unmap_single(dev, pa, dmalen, DMA_FROM_DEVICE);
/* Extract the SKB from the rx_buff management array */
buff_id = __le16_to_cpu(d->mac.buff_id);
@@ -291,10 +288,15 @@ static void wil_move_all_rx_buff_to_free
}
skb = wil->rx_buff_mgmt.buff_arr[buff_id].skb;
wil->rx_buff_mgmt.buff_arr[buff_id].skb = NULL;
- if (unlikely(!skb))
+ if (unlikely(!skb)) {
wil_err(wil, "No Rx skb at buff_id %d\n", buff_id);
- else
+ } else {
+ pa = wil_rx_desc_get_addr_edma(&d->dma);
+ dmalen = le16_to_cpu(d->dma.length);
+ dma_unmap_single(dev, pa, dmalen, DMA_FROM_DEVICE);
+
kfree_skb(skb);
+ }
/* Move the buffer from the active to the free list */
list_move(&wil->rx_buff_mgmt.buff_arr[buff_id].list,
@@ -906,6 +908,9 @@ again:
wil->rx_buff_mgmt.buff_arr[buff_id].skb = NULL;
if (!skb) {
wil_err(wil, "No Rx skb at buff_id %d\n", buff_id);
+ /* Move the buffer from the active list to the free list */
+ list_move(&wil->rx_buff_mgmt.buff_arr[buff_id].list,
+ &wil->rx_buff_mgmt.free);
goto again;
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 126/361] ath10k: schedule hardware restart if WMI command times out
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (124 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 125/361] wil6210: fix RX buffers release and unmap Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 127/361] libata: Apply NOLPM quirk for SAMSUNG MZ7TD256HAFV-000L9 Greg Kroah-Hartman
` (237 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Martin Willi, Kalle Valo, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Martin Willi <martin@strongswan.org>
[ Upstream commit a9911937e7d332761e8c4fcbc7ba0426bdc3956f ]
When running in AP mode, ath10k sometimes suffers from TX credit
starvation. The issue is hard to reproduce and shows up once in a
few days, but has been repeatedly seen with QCA9882 and a large
range of firmwares, including 10.2.4.70.67.
Once the module is in this state, TX credits are never replenished,
which results in "SWBA overrun" errors, as no beacons can be sent.
Even worse, WMI commands run in a timeout while holding the conf
mutex for three seconds each, making any further operations slow
and the whole system unresponsive.
The firmware/driver never recovers from that state automatically,
and triggering TX flush or warm restarts won't work over WMI. So
issue a hardware restart if a WMI command times out due to missing
TX credits. This implies a connectivity outage of about 1.4s in AP
mode, but brings back the interface and the whole system to a usable
state. WMI command timeouts have not been seen in absent of this
specific issue, so taking such drastic actions seems legitimate.
Signed-off-by: Martin Willi <martin@strongswan.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/ath/ath10k/wmi.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/drivers/net/wireless/ath/ath10k/wmi.c
+++ b/drivers/net/wireless/ath/ath10k/wmi.c
@@ -1869,6 +1869,12 @@ int ath10k_wmi_cmd_send(struct ath10k *a
if (ret)
dev_kfree_skb_any(skb);
+ if (ret == -EAGAIN) {
+ ath10k_warn(ar, "wmi command %d timeout, restarting hardware\n",
+ cmd_id);
+ queue_work(ar->workqueue, &ar->restart_work);
+ }
+
return ret;
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 127/361] libata: Apply NOLPM quirk for SAMSUNG MZ7TD256HAFV-000L9
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (125 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 126/361] ath10k: schedule hardware restart if WMI command times out Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 128/361] thermal: rcar_thermal: Prevent doing work after unbind Greg Kroah-Hartman
` (236 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans de Goede, Diego Viola,
Jens Axboe, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Diego Viola <diego.viola@gmail.com>
[ Upstream commit a435ab4f80f983c53b4ca4f8c12b3ddd3ca17670 ]
med_power_with_dipm causes my T450 to freeze with a SAMSUNG
MZ7TD256HAFV-000L9 SSD (firmware DXT02L5Q).
Switching the LPM to max_performance fixes this issue.
Acked-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Diego Viola <diego.viola@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/ata/libata-core.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/ata/libata-core.c
+++ b/drivers/ata/libata-core.c
@@ -4553,6 +4553,7 @@ static const struct ata_blacklist_entry
/* These specific Samsung models/firmware-revs do not handle LPM well */
{ "SAMSUNG MZMPC128HBFU-000MV", "CXM14M1Q", ATA_HORKAGE_NOLPM, },
{ "SAMSUNG SSD PM830 mSATA *", "CXM13D1Q", ATA_HORKAGE_NOLPM, },
+ { "SAMSUNG MZ7TD256HAFV-000L9", "DXT02L5Q", ATA_HORKAGE_NOLPM, },
/* devices that don't properly handle queued TRIM commands */
{ "Micron_M500IT_*", "MU01", ATA_HORKAGE_NO_NCQ_TRIM |
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 128/361] thermal: rcar_thermal: Prevent doing work after unbind
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (126 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 127/361] libata: Apply NOLPM quirk for SAMSUNG MZ7TD256HAFV-000L9 Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 129/361] thermal: da9062/61: Prevent hardware access during system suspend Greg Kroah-Hartman
` (235 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Geert Uytterhoeven,
Niklas Söderlund, Eduardo Valentin, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Geert Uytterhoeven <geert+renesas@glider.be>
[ Upstream commit 697ee786f15d7b65c7f3045d45fe3a05d28e0911 ]
When testing bind/unbind on r8a7791/koelsch:
WARNING: CPU: 1 PID: 697 at lib/debugobjects.c:329 debug_print_object+0x8c/0xb4
ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x10
This happens if the workqueue runs after the device has been unbound.
Fix this by cancelling any queued work during remove.
Fixes: e0a5172e9eec7f0d ("thermal: rcar: add interrupt support")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Niklas Söderlund <niklas.soderlund+renesas@ragnatech.se>
Signed-off-by: Eduardo Valentin <edubezval@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/thermal/rcar_thermal.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/thermal/rcar_thermal.c
+++ b/drivers/thermal/rcar_thermal.c
@@ -453,6 +453,7 @@ static int rcar_thermal_remove(struct pl
rcar_thermal_for_each_priv(priv, common) {
rcar_thermal_irq_disable(priv);
+ cancel_delayed_work_sync(&priv->work);
if (priv->chip->use_of_thermal)
thermal_remove_hwmon_sysfs(priv->zone);
else
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 129/361] thermal: da9062/61: Prevent hardware access during system suspend
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (127 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 128/361] thermal: rcar_thermal: Prevent doing work after unbind Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 130/361] cifs: fix a credits leak for compund commands Greg Kroah-Hartman
` (234 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Geert Uytterhoeven, Steve Twiss,
Eduardo Valentin, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Geert Uytterhoeven <geert+renesas@glider.be>
[ Upstream commit 760eea43f8c6d48684f1f34b8a02fddc1456e849 ]
The workqueue used for monitoring the hardware may run while the device
is already suspended. Fix this by using the freezable system workqueue
instead, cfr. commit 51e20d0e3a60cf46 ("thermal: Prevent polling from
happening during system suspend").
Fixes: 608567aac3206ae8 ("thermal: da9062/61: Thermal junction temperature monitoring driver")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Acked-by: Steve Twiss <stwiss.opensource@diasemi.com>
Signed-off-by: Eduardo Valentin <edubezval@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/thermal/da9062-thermal.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/thermal/da9062-thermal.c
+++ b/drivers/thermal/da9062-thermal.c
@@ -106,7 +106,7 @@ static void da9062_thermal_poll_on(struc
THERMAL_EVENT_UNSPECIFIED);
delay = msecs_to_jiffies(thermal->zone->passive_delay);
- schedule_delayed_work(&thermal->work, delay);
+ queue_delayed_work(system_freezable_wq, &thermal->work, delay);
return;
}
@@ -125,7 +125,7 @@ static irqreturn_t da9062_thermal_irq_ha
struct da9062_thermal *thermal = data;
disable_irq_nosync(thermal->irq);
- schedule_delayed_work(&thermal->work, 0);
+ queue_delayed_work(system_freezable_wq, &thermal->work, 0);
return IRQ_HANDLED;
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 130/361] cifs: fix a credits leak for compund commands
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (128 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 129/361] thermal: da9062/61: Prevent hardware access during system suspend Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 131/361] cgroup, netclassid: add a preemption point to write_classid Greg Kroah-Hartman
` (233 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ronnie Sahlberg, Steve French, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ronnie Sahlberg <lsahlber@redhat.com>
[ Upstream commit cb5c2e63948451d38c977685fffc06e23beb4517 ]
When processing the mids for compounds we would only add credits based on
the last successful mid in the compound which would leak credits and
eventually triggering a re-connect.
Fix this by splitting the mid processing part into two loops instead of one
where the first loop just waits for all mids and then counts how many
credits we were granted for the whole compound.
Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/transport.c | 57 +++++++++++++++++++++++++++++++++-------------------
1 file changed, 37 insertions(+), 20 deletions(-)
--- a/fs/cifs/transport.c
+++ b/fs/cifs/transport.c
@@ -786,7 +786,7 @@ compound_send_recv(const unsigned int xi
int i, j, rc = 0;
int timeout, optype;
struct mid_q_entry *midQ[MAX_COMPOUND];
- unsigned int credits = 1;
+ unsigned int credits = 0;
char *buf;
timeout = flags & CIFS_TIMEOUT_MASK;
@@ -851,17 +851,20 @@ compound_send_recv(const unsigned int xi
mutex_unlock(&ses->server->srv_mutex);
- for (i = 0; i < num_rqst; i++) {
- if (rc < 0)
- goto out;
+ if (rc < 0)
+ goto out;
- if ((ses->status == CifsNew) || (optype & CIFS_NEG_OP))
- smb311_update_preauth_hash(ses, rqst[i].rq_iov,
- rqst[i].rq_nvec);
+ /*
+ * Compounding is never used during session establish.
+ */
+ if ((ses->status == CifsNew) || (optype & CIFS_NEG_OP))
+ smb311_update_preauth_hash(ses, rqst[0].rq_iov,
+ rqst[0].rq_nvec);
- if (timeout == CIFS_ASYNC_OP)
- goto out;
+ if (timeout == CIFS_ASYNC_OP)
+ goto out;
+ for (i = 0; i < num_rqst; i++) {
rc = wait_for_response(ses->server, midQ[i]);
if (rc != 0) {
cifs_dbg(FYI, "Cancelling wait for mid %llu\n",
@@ -877,10 +880,21 @@ compound_send_recv(const unsigned int xi
}
spin_unlock(&GlobalMid_Lock);
}
+ }
+
+ for (i = 0; i < num_rqst; i++)
+ if (midQ[i]->resp_buf)
+ credits += ses->server->ops->get_credits(midQ[i]);
+ if (!credits)
+ credits = 1;
+
+ for (i = 0; i < num_rqst; i++) {
+ if (rc < 0)
+ goto out;
rc = cifs_sync_mid_result(midQ[i], ses->server);
if (rc != 0) {
- add_credits(ses->server, 1, optype);
+ add_credits(ses->server, credits, optype);
return rc;
}
@@ -901,23 +915,26 @@ compound_send_recv(const unsigned int xi
else
resp_buf_type[i] = CIFS_SMALL_BUFFER;
- if ((ses->status == CifsNew) || (optype & CIFS_NEG_OP)) {
- struct kvec iov = {
- .iov_base = resp_iov[i].iov_base,
- .iov_len = resp_iov[i].iov_len
- };
- smb311_update_preauth_hash(ses, &iov, 1);
- }
-
- credits = ses->server->ops->get_credits(midQ[i]);
-
rc = ses->server->ops->check_receive(midQ[i], ses->server,
flags & CIFS_LOG_ERROR);
/* mark it so buf will not be freed by cifs_delete_mid */
if ((flags & CIFS_NO_RESP) == 0)
midQ[i]->resp_buf = NULL;
+
+ }
+
+ /*
+ * Compounding is never used during session establish.
+ */
+ if ((ses->status == CifsNew) || (optype & CIFS_NEG_OP)) {
+ struct kvec iov = {
+ .iov_base = resp_iov[0].iov_base,
+ .iov_len = resp_iov[0].iov_len
+ };
+ smb311_update_preauth_hash(ses, &iov, 1);
}
+
out:
/*
* This will dequeue all mids. After this it is important that the
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 131/361] cgroup, netclassid: add a preemption point to write_classid
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (129 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 130/361] cifs: fix a credits leak for compund commands Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 132/361] net: stmmac: dwmac-sun8i: fix OF child-node lookup Greg Kroah-Hartman
` (232 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michal Hocko, Tejun Heo, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michal Hocko <mhocko@suse.com>
[ Upstream commit a90e90b7d55e789c71d85b946ffb5c1ab2f137ca ]
We have seen a customer complaining about soft lockups on !PREEMPT
kernel config with 4.4 based kernel
[1072141.435366] NMI watchdog: BUG: soft lockup - CPU#21 stuck for 22s! [systemd:1]
[1072141.444090] Modules linked in: mpt3sas raid_class binfmt_misc af_packet 8021q garp mrp stp llc xfs libcrc32c bonding iscsi_ibft iscsi_boot_sysfs msr ext4 crc16 jbd2 mbcache cdc_ether usbnet mii joydev hid_generic usbhid intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp crct10dif_pclmul crc32_pclmul ghash_clmulni_intel ipmi_ssif mgag200 i2c_algo_bit ttm ipmi_devintf drbg ixgbe drm_kms_helper vxlan ansi_cprng ip6_udp_tunnel drm aesni_intel udp_tunnel aes_x86_64 iTCO_wdt syscopyarea ptp xhci_pci lrw iTCO_vendor_support pps_core gf128mul ehci_pci glue_helper sysfillrect mdio pcspkr sb_edac ablk_helper cryptd ehci_hcd sysimgblt xhci_hcd fb_sys_fops edac_core mei_me lpc_ich ses usbcore enclosure dca mfd_core ipmi_si mei i2c_i801 scsi_transport_sas usb_common ipmi_msghandler shpchp fjes wmi processor button acpi_pad btrfs xor raid6_pq sd_mod crc32c_intel megaraid_sas sg dm_multipath dm_mod scsi_dh_rdac scsi_dh_emc scsi_dh_alua scsi_mod md_mod autofs4
[1072141.444146] Supported: Yes
[1072141.444149] CPU: 21 PID: 1 Comm: systemd Not tainted 4.4.121-92.80-default #1
[1072141.444150] Hardware name: LENOVO Lenovo System x3650 M5 -[5462P4U]- -[5462P4U]-/01GR451, BIOS -[TCE136H-2.70]- 06/13/2018
[1072141.444151] task: ffff880191bd0040 ti: ffff880191bd4000 task.ti: ffff880191bd4000
[1072141.444153] RIP: 0010:[<ffffffff815229f9>] [<ffffffff815229f9>] update_classid_sock+0x29/0x40
[1072141.444157] RSP: 0018:ffff880191bd7d58 EFLAGS: 00000286
[1072141.444158] RAX: ffff883b177cb7c0 RBX: 0000000000000000 RCX: 0000000000000000
[1072141.444159] RDX: 00000000000009c7 RSI: ffff880191bd7d5c RDI: ffff8822e29bb200
[1072141.444160] RBP: ffff883a72230980 R08: 0000000000000101 R09: 0000000000000000
[1072141.444161] R10: 0000000000000008 R11: f000000000000000 R12: ffffffff815229d0
[1072141.444162] R13: 0000000000000000 R14: ffff881fd0a47ac0 R15: ffff880191bd7f28
[1072141.444163] FS: 00007f3e2f1eb8c0(0000) GS:ffff882000340000(0000) knlGS:0000000000000000
[1072141.444164] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[1072141.444165] CR2: 00007f3e2f200000 CR3: 0000001ffea4e000 CR4: 00000000001606f0
[1072141.444166] Stack:
[1072141.444166] ffffffa800000246 00000000000009c7 ffffffff8121d583 ffff8818312a05c0
[1072141.444168] ffff8818312a1100 ffff880197c3b280 ffff881861422858 ffffffffffffffea
[1072141.444170] ffffffff81522b1c ffffffff81d0ca20 ffff8817fa17b950 ffff883fdd8121e0
[1072141.444171] Call Trace:
[1072141.444179] [<ffffffff8121d583>] iterate_fd+0x53/0x80
[1072141.444182] [<ffffffff81522b1c>] write_classid+0x4c/0x80
[1072141.444187] [<ffffffff8111328b>] cgroup_file_write+0x9b/0x100
[1072141.444193] [<ffffffff81278bcb>] kernfs_fop_write+0x11b/0x150
[1072141.444198] [<ffffffff81201566>] __vfs_write+0x26/0x100
[1072141.444201] [<ffffffff81201bed>] vfs_write+0x9d/0x190
[1072141.444203] [<ffffffff812028c2>] SyS_write+0x42/0xa0
[1072141.444207] [<ffffffff815f58c3>] entry_SYSCALL_64_fastpath+0x1e/0xca
[1072141.445490] DWARF2 unwinder stuck at entry_SYSCALL_64_fastpath+0x1e/0xca
If a cgroup has many tasks with many open file descriptors then we would
end up in a large loop without any rescheduling point throught the
operation. Add cond_resched once per task.
Signed-off-by: Michal Hocko <mhocko@suse.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/core/netclassid_cgroup.c | 1 +
1 file changed, 1 insertion(+)
--- a/net/core/netclassid_cgroup.c
+++ b/net/core/netclassid_cgroup.c
@@ -106,6 +106,7 @@ static int write_classid(struct cgroup_s
iterate_fd(p->files, 0, update_classid_sock,
(void *)(unsigned long)cs->classid);
task_unlock(p);
+ cond_resched();
}
css_task_iter_end(&it);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 132/361] net: stmmac: dwmac-sun8i: fix OF child-node lookup
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (130 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 131/361] cgroup, netclassid: add a preemption point to write_classid Greg Kroah-Hartman
@ 2018-11-11 22:17 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 133/361] f2fs: fix to account IO correctly for cgroup writeback Greg Kroah-Hartman
` (231 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Corentin Labbe, Andrew Lunn,
Giuseppe Cavallaro, Alexandre Torgue, Jose Abreu,
David S. Miller, Johan Hovold, Rob Herring, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johan Hovold <johan@kernel.org>
[ Upstream commit ac63043d8cb5503c7e0fe110f947eacf2663804e ]
Use the new of_get_compatible_child() helper to lookup the mdio-internal
child node instead of using of_find_compatible_node(), which searches
the entire tree from a given start node and thus can return an unrelated
(i.e. non-child) node.
This also addresses a potential use-after-free (e.g. after probe
deferral) as the tree-wide helper drops a reference to its first
argument (i.e. the mdio-mux node). Fortunately, this was inadvertently
balanced by a failure to drop the mdio-mux reference after lookup.
While at it, also fix the related mdio-internal- and phy-node reference
leaks.
Fixes: 634db83b8265 ("net: stmmac: dwmac-sun8i: Handle integrated/external MDIOs")
Tested-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Cc: Andrew Lunn <andrew@lunn.ch>
Cc: Giuseppe Cavallaro <peppe.cavallaro@st.com>
Cc: Alexandre Torgue <alexandre.torgue@st.com>
Cc: Jose Abreu <joabreu@synopsys.com>
Cc: David S. Miller <davem@davemloft.net>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
--- a/drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c
+++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c
@@ -714,8 +714,9 @@ static int get_ephy_nodes(struct stmmac_
return -ENODEV;
}
- mdio_internal = of_find_compatible_node(mdio_mux, NULL,
+ mdio_internal = of_get_compatible_child(mdio_mux,
"allwinner,sun8i-h3-mdio-internal");
+ of_node_put(mdio_mux);
if (!mdio_internal) {
dev_err(priv->device, "Cannot get internal_mdio node\n");
return -ENODEV;
@@ -729,13 +730,20 @@ static int get_ephy_nodes(struct stmmac_
gmac->rst_ephy = of_reset_control_get_exclusive(iphynode, NULL);
if (IS_ERR(gmac->rst_ephy)) {
ret = PTR_ERR(gmac->rst_ephy);
- if (ret == -EPROBE_DEFER)
+ if (ret == -EPROBE_DEFER) {
+ of_node_put(iphynode);
+ of_node_put(mdio_internal);
return ret;
+ }
continue;
}
dev_info(priv->device, "Found internal PHY node\n");
+ of_node_put(iphynode);
+ of_node_put(mdio_internal);
return 0;
}
+
+ of_node_put(mdio_internal);
return -ENODEV;
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 133/361] f2fs: fix to account IO correctly for cgroup writeback
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (131 preceding siblings ...)
2018-11-11 22:17 ` [PATCH 4.19 132/361] net: stmmac: dwmac-sun8i: fix OF child-node lookup Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 134/361] MD: Memory leak when flush bio size is zero Greg Kroah-Hartman
` (230 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chao Yu, Jaegeuk Kim, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chao Yu <yuchao0@huawei.com>
[ Upstream commit 78efac537de33faab9a4302cc05a70bb4a8b3b63 ]
Now, we have supported cgroup writeback, it depends on correctly IO
account of specified filesystem.
But in commit d1b3e72d5490 ("f2fs: submit bio of in-place-update pages"),
we split write paths from f2fs_submit_page_mbio() to two:
- f2fs_submit_page_bio() for IPU path
- f2fs_submit_page_bio() for OPU path
But still we account write IO only in f2fs_submit_page_mbio(), result in
incorrect IO account, fix it by adding missing IO account in IPU path.
Fixes: d1b3e72d5490 ("f2fs: submit bio of in-place-update pages")
Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/data.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/fs/f2fs/data.c
+++ b/fs/f2fs/data.c
@@ -456,6 +456,10 @@ int f2fs_submit_page_bio(struct f2fs_io_
bio_put(bio);
return -EFAULT;
}
+
+ if (fio->io_wbc && !is_read_io(fio->op))
+ wbc_account_io(fio->io_wbc, page, PAGE_SIZE);
+
bio_set_op_attrs(bio, fio->op, fio->op_flags);
__submit_bio(fio->sbi, bio, fio->type);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 134/361] MD: Memory leak when flush bio size is zero
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (132 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 133/361] f2fs: fix to account IO correctly for cgroup writeback Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 135/361] md: fix memleak for mempool Greg Kroah-Hartman
` (229 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David Jeffery, Xiao Ni, Shaohua Li,
Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Xiao Ni <xni@redhat.com>
[ Upstream commit af9b926de9c5986ab009e64917de87c9758bab10 ]
flush_pool is leaked when flush bio size is zero
Fixes: 5a409b4f56d5 ("MD: fix lock contention for flush bios")
Signed-off-by: David Jeffery <djeffery@redhat.com>
Signed-off-by: Xiao Ni <xni@redhat.com>
Signed-off-by: Shaohua Li <shli@fb.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/md.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -452,10 +452,11 @@ static void md_end_flush(struct bio *fbi
rdev_dec_pending(rdev, mddev);
if (atomic_dec_and_test(&fi->flush_pending)) {
- if (bio->bi_iter.bi_size == 0)
+ if (bio->bi_iter.bi_size == 0) {
/* an empty barrier - all done */
bio_endio(bio);
- else {
+ mempool_free(fi, mddev->flush_pool);
+ } else {
INIT_WORK(&fi->flush_work, submit_flushes);
queue_work(md_wq, &fi->flush_work);
}
@@ -509,10 +510,11 @@ void md_flush_request(struct mddev *mdde
rcu_read_unlock();
if (atomic_dec_and_test(&fi->flush_pending)) {
- if (bio->bi_iter.bi_size == 0)
+ if (bio->bi_iter.bi_size == 0) {
/* an empty barrier - all done */
bio_endio(bio);
- else {
+ mempool_free(fi, mddev->flush_pool);
+ } else {
INIT_WORK(&fi->flush_work, submit_flushes);
queue_work(md_wq, &fi->flush_work);
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 135/361] md: fix memleak for mempool
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (133 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 134/361] MD: Memory leak when flush bio size is zero Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 136/361] of: Add missing exports of node name compare functions Greg Kroah-Hartman
` (228 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jack Wang, Xiao Ni, Shaohua Li, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jack Wang <jinpu.wang@profitbricks.com>
[ Upstream commit 6aaa58c994277647f8b05ffef3b9b225a2d08f36 ]
I noticed kmemleak report memory leak when run create/stop
md in a loop, backtrace:
[<000000001ca975e7>] mempool_create_node+0x86/0xd0
[<0000000095576bcd>] md_run+0x1057/0x1410 [md_mod]
[<000000007b45c5fc>] do_md_run+0x15/0x130 [md_mod]
[<000000001ede9ec0>] md_ioctl+0x1f49/0x25d0 [md_mod]
[<000000004142cacf>] blkdev_ioctl+0x680/0xd00
The root cause is we alloc mddev->flush_pool and
mddev->flush_bio_pool in md_run, but from do_md_stop
will not call into md_stop but __md_stop, move the
mempool_destroy to __md_stop fixes the problem for me.
The bug was introduced in 5a409b4f56d5, the fixes should go to
4.18+
Fixes: 5a409b4f56d5 ("MD: fix lock contention for flush bios")
Signed-off-by: Jack Wang <jinpu.wang@profitbricks.com>
Reviewed-by: Xiao Ni <xni@redhat.com>
Signed-off-by: Shaohua Li <shli@fb.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/md.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -5906,14 +5906,6 @@ static void __md_stop(struct mddev *mdde
mddev->to_remove = &md_redundancy_group;
module_put(pers->owner);
clear_bit(MD_RECOVERY_FROZEN, &mddev->recovery);
-}
-
-void md_stop(struct mddev *mddev)
-{
- /* stop the array and free an attached data structures.
- * This is called from dm-raid
- */
- __md_stop(mddev);
if (mddev->flush_bio_pool) {
mempool_destroy(mddev->flush_bio_pool);
mddev->flush_bio_pool = NULL;
@@ -5922,6 +5914,14 @@ void md_stop(struct mddev *mddev)
mempool_destroy(mddev->flush_pool);
mddev->flush_pool = NULL;
}
+}
+
+void md_stop(struct mddev *mddev)
+{
+ /* stop the array and free an attached data structures.
+ * This is called from dm-raid
+ */
+ __md_stop(mddev);
bioset_exit(&mddev->bio_set);
bioset_exit(&mddev->sync_set);
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 136/361] of: Add missing exports of node name compare functions
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (134 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 135/361] md: fix memleak for mempool Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 137/361] scsi: esp_scsi: Track residual for PIO transfers Greg Kroah-Hartman
` (227 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Rob Herring, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Rob Herring <robh@kernel.org>
[ Upstream commit 173ee3962959a1985a109f81539a403b5cd07ae7 ]
Commit f42b0e18f2e5 ("of: add node name compare helper functions")
failed to add the module exports to of_node_name_eq() and
of_node_name_prefix(). Add them now.
Fixes: f42b0e18f2e5 ("of: add node name compare helper functions")
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/of/base.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/of/base.c
+++ b/drivers/of/base.c
@@ -67,6 +67,7 @@ bool of_node_name_eq(const struct device
return (strlen(name) == len) && (strncmp(node_name, name, len) == 0);
}
+EXPORT_SYMBOL(of_node_name_eq);
bool of_node_name_prefix(const struct device_node *np, const char *prefix)
{
@@ -75,6 +76,7 @@ bool of_node_name_prefix(const struct de
return strncmp(kbasename(np->full_name), prefix, strlen(prefix)) == 0;
}
+EXPORT_SYMBOL(of_node_name_prefix);
int of_n_addr_cells(struct device_node *np)
{
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 137/361] scsi: esp_scsi: Track residual for PIO transfers
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (135 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 136/361] of: Add missing exports of node name compare functions Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 138/361] scsi: ufs: Schedule clk gating work on correct queue Greg Kroah-Hartman
` (226 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stan Johnson, Finn Thain,
Michael Schmitz, Martin K. Petersen, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Finn Thain <fthain@telegraphics.com.au>
[ Upstream commit fd47d919d0c336e7c22862b51ee94927ffea227a ]
If a target disconnects during a PIO data transfer the command may fail
when the target reconnects:
scsi host1: DMA length is zero!
scsi host1: cur adr[04380000] len[00000000]
The scsi bus is then reset. This happens because the residual reached
zero before the transfer was completed.
The usual residual calculation relies on the Transfer Count registers.
That works for DMA transfers but not for PIO transfers. Fix the problem
by storing the PIO transfer residual and using that to correctly
calculate bytes_sent.
Fixes: 6fe07aaffbf0 ("[SCSI] m68k: new mac_esp scsi driver")
Tested-by: Stan Johnson <userm57@yahoo.com>
Signed-off-by: Finn Thain <fthain@telegraphics.com.au>
Tested-by: Michael Schmitz <schmitzmic@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/esp_scsi.c | 1 +
drivers/scsi/esp_scsi.h | 2 ++
drivers/scsi/mac_esp.c | 2 ++
3 files changed, 5 insertions(+)
--- a/drivers/scsi/esp_scsi.c
+++ b/drivers/scsi/esp_scsi.c
@@ -1338,6 +1338,7 @@ static int esp_data_bytes_sent(struct es
bytes_sent = esp->data_dma_len;
bytes_sent -= ecount;
+ bytes_sent -= esp->send_cmd_residual;
/*
* The am53c974 has a DMA 'pecularity'. The doc states:
--- a/drivers/scsi/esp_scsi.h
+++ b/drivers/scsi/esp_scsi.h
@@ -540,6 +540,8 @@ struct esp {
void *dma;
int dmarev;
+
+ u32 send_cmd_residual;
};
/* A front-end driver for the ESP chip should do the following in
--- a/drivers/scsi/mac_esp.c
+++ b/drivers/scsi/mac_esp.c
@@ -427,6 +427,8 @@ static void mac_esp_send_pio_cmd(struct
scsi_esp_cmd(esp, ESP_CMD_TI);
}
}
+
+ esp->send_cmd_residual = esp_count;
}
static int mac_esp_irq_pending(struct esp *esp)
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 138/361] scsi: ufs: Schedule clk gating work on correct queue
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (136 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 137/361] scsi: esp_scsi: Track residual for PIO transfers Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 139/361] UAPI: ndctl: Fix g++-unsupported initialisation in headers Greg Kroah-Hartman
` (225 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Evan Green, Douglas Anderson,
Stephen Boyd, Martin K. Petersen, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Evan Green <evgreen@chromium.org>
[ Upstream commit f4bb7704699beee9edfbee875daa9089c86cf724 ]
With commit 10e5e37581fc ("scsi: ufs: Add clock ungating to a separate
workqueue"), clock gating work was moved to a separate work queue with
WQ_MEM_RECLAIM set, since clock gating could occur from a memory reclaim
context. Unfortunately, clk_gating.gate_work was left queued via
schedule_delayed_work, which is a system workqueue that does not have
WQ_MEM_RECLAIM set. Because ufshcd_ungate_work attempts to cancel
gate_work, the following warning appears:
[ 14.174170] workqueue: WQ_MEM_RECLAIM ufs_clk_gating_0:ufshcd_ungate_work is flushing !WQ_MEM_RECLAIM events:ufshcd_gate_work
[ 14.174179] WARNING: CPU: 4 PID: 173 at kernel/workqueue.c:2440 check_flush_dependency+0x110/0x118
[ 14.205725] CPU: 4 PID: 173 Comm: kworker/u16:3 Not tainted 4.14.68 #1
[ 14.212437] Hardware name: Google Cheza (rev1) (DT)
[ 14.217459] Workqueue: ufs_clk_gating_0 ufshcd_ungate_work
[ 14.223107] task: ffffffc0f6a40080 task.stack: ffffff800a490000
[ 14.229195] PC is at check_flush_dependency+0x110/0x118
[ 14.234569] LR is at check_flush_dependency+0x110/0x118
[ 14.239944] pc : [<ffffff80080cad14>] lr : [<ffffff80080cad14>] pstate: 60c001c9
[ 14.333050] Call trace:
[ 14.427767] [<ffffff80080cad14>] check_flush_dependency+0x110/0x118
[ 14.434219] [<ffffff80080cafec>] start_flush_work+0xac/0x1fc
[ 14.440046] [<ffffff80080caeec>] flush_work+0x40/0x94
[ 14.445246] [<ffffff80080cb288>] __cancel_work_timer+0x11c/0x1b8
[ 14.451433] [<ffffff80080cb4b8>] cancel_delayed_work_sync+0x20/0x30
[ 14.457886] [<ffffff80085b9294>] ufshcd_ungate_work+0x24/0xd0
[ 14.463800] [<ffffff80080cfb04>] process_one_work+0x32c/0x690
[ 14.469713] [<ffffff80080d0154>] worker_thread+0x218/0x338
[ 14.475361] [<ffffff80080d527c>] kthread+0x120/0x130
[ 14.480470] [<ffffff8008084814>] ret_from_fork+0x10/0x18
The simple solution is to put the gate_work on the same WQ_MEM_RECLAIM
work queue as the ungate_work.
Fixes: 10e5e37581fc ("scsi: ufs: Add clock ungating to a separate workqueue")
Signed-off-by: Evan Green <evgreen@chromium.org>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Reviewed-by: Stephen Boyd <swboyd@chromium.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/ufs/ufshcd.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/drivers/scsi/ufs/ufshcd.c
+++ b/drivers/scsi/ufs/ufshcd.c
@@ -1691,8 +1691,9 @@ static void __ufshcd_release(struct ufs_
hba->clk_gating.state = REQ_CLKS_OFF;
trace_ufshcd_clk_gating(dev_name(hba->dev), hba->clk_gating.state);
- schedule_delayed_work(&hba->clk_gating.gate_work,
- msecs_to_jiffies(hba->clk_gating.delay_ms));
+ queue_delayed_work(hba->clk_gating.clk_gating_workq,
+ &hba->clk_gating.gate_work,
+ msecs_to_jiffies(hba->clk_gating.delay_ms));
}
void ufshcd_release(struct ufs_hba *hba)
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 139/361] UAPI: ndctl: Fix g++-unsupported initialisation in headers
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (137 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 138/361] scsi: ufs: Schedule clk gating work on correct queue Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 140/361] KVM: nVMX: Clear reserved bits of #DB exit qualification Greg Kroah-Hartman
` (224 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David Howells, Dan Williams, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Howells <dhowells@redhat.com>
[ Upstream commit 9607871f37dc3e717639694b8d0dc738f2a68efc ]
The following code in the linux/ndctl header file:
static inline const char *nvdimm_bus_cmd_name(unsigned cmd)
{
static const char * const names[] = {
[ND_CMD_ARS_CAP] = "ars_cap",
[ND_CMD_ARS_START] = "ars_start",
[ND_CMD_ARS_STATUS] = "ars_status",
[ND_CMD_CLEAR_ERROR] = "clear_error",
[ND_CMD_CALL] = "cmd_call",
};
if (cmd < ARRAY_SIZE(names) && names[cmd])
return names[cmd];
return "unknown";
}
is broken in a number of ways:
(1) ARRAY_SIZE() is not generally defined.
(2) g++ does not support "non-trivial" array initialisers fully yet.
(3) Every file that calls this function will acquire a copy of names[].
The same goes for nvdimm_cmd_name().
Fix all three by converting to a switch statement where each case returns a
string. That way if cmd is a constant, the compiler can trivially reduce it
and, if not, the compiler can use a shared lookup table if it thinks that is
more efficient.
A better way would be to remove these functions and their arrays from the
header entirely.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/uapi/linux/ndctl.h | 48 +++++++++++++++++++--------------------------
1 file changed, 21 insertions(+), 27 deletions(-)
--- a/include/uapi/linux/ndctl.h
+++ b/include/uapi/linux/ndctl.h
@@ -128,37 +128,31 @@ enum {
static inline const char *nvdimm_bus_cmd_name(unsigned cmd)
{
- static const char * const names[] = {
- [ND_CMD_ARS_CAP] = "ars_cap",
- [ND_CMD_ARS_START] = "ars_start",
- [ND_CMD_ARS_STATUS] = "ars_status",
- [ND_CMD_CLEAR_ERROR] = "clear_error",
- [ND_CMD_CALL] = "cmd_call",
- };
-
- if (cmd < ARRAY_SIZE(names) && names[cmd])
- return names[cmd];
- return "unknown";
+ switch (cmd) {
+ case ND_CMD_ARS_CAP: return "ars_cap";
+ case ND_CMD_ARS_START: return "ars_start";
+ case ND_CMD_ARS_STATUS: return "ars_status";
+ case ND_CMD_CLEAR_ERROR: return "clear_error";
+ case ND_CMD_CALL: return "cmd_call";
+ default: return "unknown";
+ }
}
static inline const char *nvdimm_cmd_name(unsigned cmd)
{
- static const char * const names[] = {
- [ND_CMD_SMART] = "smart",
- [ND_CMD_SMART_THRESHOLD] = "smart_thresh",
- [ND_CMD_DIMM_FLAGS] = "flags",
- [ND_CMD_GET_CONFIG_SIZE] = "get_size",
- [ND_CMD_GET_CONFIG_DATA] = "get_data",
- [ND_CMD_SET_CONFIG_DATA] = "set_data",
- [ND_CMD_VENDOR_EFFECT_LOG_SIZE] = "effect_size",
- [ND_CMD_VENDOR_EFFECT_LOG] = "effect_log",
- [ND_CMD_VENDOR] = "vendor",
- [ND_CMD_CALL] = "cmd_call",
- };
-
- if (cmd < ARRAY_SIZE(names) && names[cmd])
- return names[cmd];
- return "unknown";
+ switch (cmd) {
+ case ND_CMD_SMART: return "smart";
+ case ND_CMD_SMART_THRESHOLD: return "smart_thresh";
+ case ND_CMD_DIMM_FLAGS: return "flags";
+ case ND_CMD_GET_CONFIG_SIZE: return "get_size";
+ case ND_CMD_GET_CONFIG_DATA: return "get_data";
+ case ND_CMD_SET_CONFIG_DATA: return "set_data";
+ case ND_CMD_VENDOR_EFFECT_LOG_SIZE: return "effect_size";
+ case ND_CMD_VENDOR_EFFECT_LOG: return "effect_log";
+ case ND_CMD_VENDOR: return "vendor";
+ case ND_CMD_CALL: return "cmd_call";
+ default: return "unknown";
+ }
}
#define ND_IOCTL 'N'
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 140/361] KVM: nVMX: Clear reserved bits of #DB exit qualification
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (138 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 139/361] UAPI: ndctl: Fix g++-unsupported initialisation in headers Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 141/361] scsi: megaraid_sas: fix a missing-check bug Greg Kroah-Hartman
` (223 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jim Mattson, Sean Christopherson,
Paolo Bonzini, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jim Mattson <jmattson@google.com>
[ Upstream commit cfb634fe3052aefc4e1360fa322018c9a0b49755 ]
According to volume 3 of the SDM, bits 63:15 and 12:4 of the exit
qualification field for debug exceptions are reserved (cleared to
0). However, the SDM is incorrect about bit 16 (corresponding to
DR6.RTM). This bit should be set if a debug exception (#DB) or a
breakpoint exception (#BP) occurred inside an RTM region while
advanced debugging of RTM transactional regions was enabled. Note that
this is the opposite of DR6.RTM, which "indicates (when clear) that a
debug exception (#DB) or breakpoint exception (#BP) occurred inside an
RTM region while advanced debugging of RTM transactional regions was
enabled."
There is still an issue with stale DR6 bits potentially being
misreported for the current debug exception. DR6 should not have been
modified before vectoring the #DB exception, and the "new DR6 bits"
should be available somewhere, but it was and they aren't.
Fixes: b96fb439774e1 ("KVM: nVMX: fixes to nested virt interrupt injection")
Signed-off-by: Jim Mattson <jmattson@google.com>
Reviewed-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/include/asm/kvm_host.h | 1 +
arch/x86/kvm/vmx.c | 7 +++++--
2 files changed, 6 insertions(+), 2 deletions(-)
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -177,6 +177,7 @@ enum {
#define DR6_BD (1 << 13)
#define DR6_BS (1 << 14)
+#define DR6_BT (1 << 15)
#define DR6_RTM (1 << 16)
#define DR6_FIXED_1 0xfffe0ff0
#define DR6_INIT 0xffff0ff0
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -3294,10 +3294,13 @@ static int nested_vmx_check_exception(st
}
} else {
if (vmcs12->exception_bitmap & (1u << nr)) {
- if (nr == DB_VECTOR)
+ if (nr == DB_VECTOR) {
*exit_qual = vcpu->arch.dr6;
- else
+ *exit_qual &= ~(DR6_FIXED_1 | DR6_BT);
+ *exit_qual ^= DR6_RTM;
+ } else {
*exit_qual = 0;
+ }
return 1;
}
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 141/361] scsi: megaraid_sas: fix a missing-check bug
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (139 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 140/361] KVM: nVMX: Clear reserved bits of #DB exit qualification Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 142/361] RDMA/core: Do not expose unsupported counters Greg Kroah-Hartman
` (222 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wenwen Wang, Sumit Saxena,
Martin K. Petersen, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Wenwen Wang <wang6495@umn.edu>
[ Upstream commit 47db7873136a9c57c45390a53b57019cf73c8259 ]
In megasas_mgmt_compat_ioctl_fw(), to handle the structure
compat_megasas_iocpacket 'cioc', a user-space structure megasas_iocpacket
'ioc' is allocated before megasas_mgmt_ioctl_fw() is invoked to handle
the packet. Since the two data structures have different fields, the data
is copied from 'cioc' to 'ioc' field by field. In the copy process,
'sense_ptr' is prepared if the field 'sense_len' is not null, because it
will be used in megasas_mgmt_ioctl_fw(). To prepare 'sense_ptr', the
user-space data 'ioc->sense_off' and 'cioc->sense_off' are copied and
saved to kernel-space variables 'local_sense_off' and 'user_sense_off'
respectively. Given that 'ioc->sense_off' is also copied from
'cioc->sense_off', 'local_sense_off' and 'user_sense_off' should have the
same value. However, 'cioc' is in the user space and a malicious user can
race to change the value of 'cioc->sense_off' after it is copied to
'ioc->sense_off' but before it is copied to 'user_sense_off'. By doing
so, the attacker can inject different values into 'local_sense_off' and
'user_sense_off'. This can cause undefined behavior in the following
execution, because the two variables are supposed to be same.
This patch enforces a check on the two kernel variables 'local_sense_off'
and 'user_sense_off' to make sure they are the same after the copy. In
case they are not, an error code EINVAL will be returned.
Signed-off-by: Wenwen Wang <wang6495@umn.edu>
Acked-by: Sumit Saxena <sumit.saxena@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/megaraid/megaraid_sas_base.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/scsi/megaraid/megaraid_sas_base.c
+++ b/drivers/scsi/megaraid/megaraid_sas_base.c
@@ -7523,6 +7523,9 @@ static int megasas_mgmt_compat_ioctl_fw(
get_user(user_sense_off, &cioc->sense_off))
return -EFAULT;
+ if (local_sense_off != user_sense_off)
+ return -EINVAL;
+
if (local_sense_len) {
void __user **sense_ioc_ptr =
(void __user **)((u8 *)((unsigned long)&ioc->frame.raw) + local_sense_off);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 142/361] RDMA/core: Do not expose unsupported counters
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (140 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 141/361] scsi: megaraid_sas: fix a missing-check bug Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 143/361] RDMA/cm: Respect returned status of cm_init_av_by_path Greg Kroah-Hartman
` (221 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Holger Hoffstätte, Parav Pandit,
Leon Romanovsky, Doug Ledford, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Parav Pandit <parav@mellanox.com>
[ Upstream commit 0f6ef65d1c6ec8deb5d0f11f86631ec4cfe8f22e ]
If the provider driver (such as rdma_rxe) doesn't support pma counters,
avoid exposing its directory similar to optional hw_counters directory.
If core fails to read the PMA counter, return an error so that user can
retry later if needed.
Fixes: 35c4cbb17811 ("IB/core: Create get_perf_mad function in sysfs.c")
Reported-by: Holger Hoffstätte <holger@applied-asynchrony.com>
Tested-by: Holger Hoffstätte <holger@applied-asynchrony.com>
Signed-off-by: Parav Pandit <parav@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/core/sysfs.c | 19 ++++++++++++-------
1 file changed, 12 insertions(+), 7 deletions(-)
--- a/drivers/infiniband/core/sysfs.c
+++ b/drivers/infiniband/core/sysfs.c
@@ -512,7 +512,7 @@ static ssize_t show_pma_counter(struct i
ret = get_perf_mad(p->ibdev, p->port_num, tab_attr->attr_id, &data,
40 + offset / 8, sizeof(data));
if (ret < 0)
- return sprintf(buf, "N/A (no PMA)\n");
+ return ret;
switch (width) {
case 4:
@@ -1057,10 +1057,12 @@ static int add_port(struct ib_device *de
goto err_put;
}
- p->pma_table = get_counter_table(device, port_num);
- ret = sysfs_create_group(&p->kobj, p->pma_table);
- if (ret)
- goto err_put_gid_attrs;
+ if (device->process_mad) {
+ p->pma_table = get_counter_table(device, port_num);
+ ret = sysfs_create_group(&p->kobj, p->pma_table);
+ if (ret)
+ goto err_put_gid_attrs;
+ }
p->gid_group.name = "gids";
p->gid_group.attrs = alloc_group_attrs(show_port_gid, attr.gid_tbl_len);
@@ -1173,7 +1175,8 @@ err_free_gid:
p->gid_group.attrs = NULL;
err_remove_pma:
- sysfs_remove_group(&p->kobj, p->pma_table);
+ if (p->pma_table)
+ sysfs_remove_group(&p->kobj, p->pma_table);
err_put_gid_attrs:
kobject_put(&p->gid_attr_group->kobj);
@@ -1285,7 +1288,9 @@ static void free_port_list_attributes(st
kfree(port->hw_stats);
free_hsag(&port->kobj, port->hw_stats_ag);
}
- sysfs_remove_group(p, port->pma_table);
+
+ if (port->pma_table)
+ sysfs_remove_group(p, port->pma_table);
sysfs_remove_group(p, &port->pkey_group);
sysfs_remove_group(p, &port->gid_group);
sysfs_remove_group(&port->gid_attr_group->kobj,
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 143/361] RDMA/cm: Respect returned status of cm_init_av_by_path
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (141 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 142/361] RDMA/core: Do not expose unsupported counters Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 144/361] IB/ipoib: Clear IPCB before icmp_send Greg Kroah-Hartman
` (220 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Slava Shwartsman, Parav Pandit,
Leon Romanovsky, Jason Gunthorpe, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Leon Romanovsky <leonro@mellanox.com>
[ Upstream commit e54b6a3bcd1ec972b25a164bdf495d9e7120b107 ]
Add missing check for failure of cm_init_av_by_path
Fixes: e1444b5a163e ("IB/cm: Fix automatic path migration support")
Reported-by: Slava Shwartsman <slavash@mellanox.com>
Reviewed-by: Parav Pandit <parav@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/core/cm.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--- a/drivers/infiniband/core/cm.c
+++ b/drivers/infiniband/core/cm.c
@@ -3292,8 +3292,11 @@ static int cm_lap_handler(struct cm_work
if (ret)
goto unlock;
- cm_init_av_by_path(param->alternate_path, NULL, &cm_id_priv->alt_av,
- cm_id_priv);
+ ret = cm_init_av_by_path(param->alternate_path, NULL,
+ &cm_id_priv->alt_av, cm_id_priv);
+ if (ret)
+ goto unlock;
+
cm_id_priv->id.lap_state = IB_CM_LAP_RCVD;
cm_id_priv->tid = lap_msg->hdr.tid;
ret = atomic_inc_and_test(&cm_id_priv->work_count);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 144/361] IB/ipoib: Clear IPCB before icmp_send
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (142 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 143/361] RDMA/cm: Respect returned status of cm_init_av_by_path Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 145/361] RDMA/bnxt_re: Avoid accessing nq->bar_reg_iomem in failure case Greg Kroah-Hartman
` (219 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Denis Drozdov, Erez Shitrit,
Feras Daoud, Leon Romanovsky, Jason Gunthorpe, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Denis Drozdov <denisd@mellanox.com>
[ Upstream commit 4d6e4d12da2c308f8f976d3955c45ee62539ac98 ]
IPCB should be cleared before icmp_send, since it may contain data from
previous layers and the data could be misinterpreted as ip header options,
which later caused the ihl to be set to an invalid value and resulted in
the following stack corruption:
[ 1083.031512] ib0: packet len 57824 (> 2048) too long to send, dropping
[ 1083.031843] ib0: packet len 37904 (> 2048) too long to send, dropping
[ 1083.032004] ib0: packet len 4040 (> 2048) too long to send, dropping
[ 1083.032253] ib0: packet len 63800 (> 2048) too long to send, dropping
[ 1083.032481] ib0: packet len 23960 (> 2048) too long to send, dropping
[ 1083.033149] ib0: packet len 63800 (> 2048) too long to send, dropping
[ 1083.033439] ib0: packet len 63800 (> 2048) too long to send, dropping
[ 1083.033700] ib0: packet len 63800 (> 2048) too long to send, dropping
[ 1083.034124] ib0: packet len 63800 (> 2048) too long to send, dropping
[ 1083.034387] ==================================================================
[ 1083.034602] BUG: KASAN: stack-out-of-bounds in __ip_options_echo+0xf08/0x1310
[ 1083.034798] Write of size 4 at addr ffff880353457c5f by task kworker/u16:0/7
[ 1083.034990]
[ 1083.035104] CPU: 7 PID: 7 Comm: kworker/u16:0 Tainted: G O 4.19.0-rc5+ #1
[ 1083.035316] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu2 04/01/2014
[ 1083.035573] Workqueue: ipoib_wq ipoib_cm_skb_reap [ib_ipoib]
[ 1083.035750] Call Trace:
[ 1083.035888] dump_stack+0x9a/0xeb
[ 1083.036031] print_address_description+0xe3/0x2e0
[ 1083.036213] kasan_report+0x18a/0x2e0
[ 1083.036356] ? __ip_options_echo+0xf08/0x1310
[ 1083.036522] __ip_options_echo+0xf08/0x1310
[ 1083.036688] icmp_send+0x7b9/0x1cd0
[ 1083.036843] ? icmp_route_lookup.constprop.9+0x1070/0x1070
[ 1083.037018] ? netif_schedule_queue+0x5/0x200
[ 1083.037180] ? debug_show_all_locks+0x310/0x310
[ 1083.037341] ? rcu_dynticks_curr_cpu_in_eqs+0x85/0x120
[ 1083.037519] ? debug_locks_off+0x11/0x80
[ 1083.037673] ? debug_check_no_obj_freed+0x207/0x4c6
[ 1083.037841] ? check_flags.part.27+0x450/0x450
[ 1083.037995] ? debug_check_no_obj_freed+0xc3/0x4c6
[ 1083.038169] ? debug_locks_off+0x11/0x80
[ 1083.038318] ? skb_dequeue+0x10e/0x1a0
[ 1083.038476] ? ipoib_cm_skb_reap+0x2b5/0x650 [ib_ipoib]
[ 1083.038642] ? netif_schedule_queue+0xa8/0x200
[ 1083.038820] ? ipoib_cm_skb_reap+0x544/0x650 [ib_ipoib]
[ 1083.038996] ipoib_cm_skb_reap+0x544/0x650 [ib_ipoib]
[ 1083.039174] process_one_work+0x912/0x1830
[ 1083.039336] ? wq_pool_ids_show+0x310/0x310
[ 1083.039491] ? lock_acquire+0x145/0x3a0
[ 1083.042312] worker_thread+0x87/0xbb0
[ 1083.045099] ? process_one_work+0x1830/0x1830
[ 1083.047865] kthread+0x322/0x3e0
[ 1083.050624] ? kthread_create_worker_on_cpu+0xc0/0xc0
[ 1083.053354] ret_from_fork+0x3a/0x50
For instance __ip_options_echo is failing to proceed with invalid srr and
optlen passed from another layer via IPCB
[ 762.139568] IPv4: __ip_options_echo rr=0 ts=0 srr=43 cipso=0
[ 762.139720] IPv4: ip_options_build: IPCB 00000000f3cd969e opt 000000002ccb3533
[ 762.139838] IPv4: __ip_options_echo in srr: optlen 197 soffset 84
[ 762.139852] IPv4: ip_options_build srr=0 is_frag=0 rr_needaddr=0 ts_needaddr=0 ts_needtime=0 rr=0 ts=0
[ 762.140269] ==================================================================
[ 762.140713] IPv4: __ip_options_echo rr=0 ts=0 srr=0 cipso=0
[ 762.141078] BUG: KASAN: stack-out-of-bounds in __ip_options_echo+0x12ec/0x1680
[ 762.141087] Write of size 4 at addr ffff880353457c7f by task kworker/u16:0/7
Signed-off-by: Denis Drozdov <denisd@mellanox.com>
Reviewed-by: Erez Shitrit <erezsh@mellanox.com>
Reviewed-by: Feras Daoud <ferasda@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/ulp/ipoib/ipoib_cm.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/drivers/infiniband/ulp/ipoib/ipoib_cm.c
+++ b/drivers/infiniband/ulp/ipoib/ipoib_cm.c
@@ -1438,11 +1438,15 @@ static void ipoib_cm_skb_reap(struct wor
spin_unlock_irqrestore(&priv->lock, flags);
netif_tx_unlock_bh(dev);
- if (skb->protocol == htons(ETH_P_IP))
+ if (skb->protocol == htons(ETH_P_IP)) {
+ memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, htonl(mtu));
+ }
#if IS_ENABLED(CONFIG_IPV6)
- else if (skb->protocol == htons(ETH_P_IPV6))
+ else if (skb->protocol == htons(ETH_P_IPV6)) {
+ memset(IP6CB(skb), 0, sizeof(*IP6CB(skb)));
icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
+ }
#endif
dev_kfree_skb_any(skb);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 145/361] RDMA/bnxt_re: Avoid accessing nq->bar_reg_iomem in failure case
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (143 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 144/361] IB/ipoib: Clear IPCB before icmp_send Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 146/361] RDMA/bnxt_re: Fix recursive lock warning in debug kernel Greg Kroah-Hartman
` (218 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Selvin Xavier,
Jason Gunthorpe, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Selvin Xavier <selvin.xavier@broadcom.com>
[ Upstream commit ed51efd2ce44091a858ad829f666727e7c95695e ]
In the failure path, nq->bar_reg_iomem gets accessed without
initializing. Avoid this by calling the bnxt_qplib_nq_stop_irq only if the
initialization is complete.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Fixes: 1ac5a4047975 ("RDMA/bnxt_re: Add bnxt_re RoCE driver")
Fixes: 6e04b1035689 ("RDMA/bnxt_re: Fix broken RoCE driver due to recent L2 driver changes")
Signed-off-by: Selvin Xavier <selvin.xavier@broadcom.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/hw/bnxt_re/qplib_fp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/infiniband/hw/bnxt_re/qplib_fp.c
+++ b/drivers/infiniband/hw/bnxt_re/qplib_fp.c
@@ -360,7 +360,8 @@ void bnxt_qplib_disable_nq(struct bnxt_q
}
/* Make sure the HW is stopped! */
- bnxt_qplib_nq_stop_irq(nq, true);
+ if (nq->requested)
+ bnxt_qplib_nq_stop_irq(nq, true);
if (nq->bar_reg_iomem)
iounmap(nq->bar_reg_iomem);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 146/361] RDMA/bnxt_re: Fix recursive lock warning in debug kernel
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (144 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 145/361] RDMA/bnxt_re: Avoid accessing nq->bar_reg_iomem in failure case Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 147/361] usb: host: ohci-at91: fix request of irq for optional gpio Greg Kroah-Hartman
` (217 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Selvin Xavier, Jason Gunthorpe, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Selvin Xavier <selvin.xavier@broadcom.com>
[ Upstream commit d455f29f6d76a5f94881ca1289aaa1e90617ff5d ]
Fix possible recursive lock warning. Its a false warning as the locks are
part of two differnt HW Queue data structure - cmdq and creq. Debug kernel
is throwing the following warning and stack trace.
[ 783.914967] ============================================
[ 783.914970] WARNING: possible recursive locking detected
[ 783.914973] 4.19.0-rc2+ #33 Not tainted
[ 783.914976] --------------------------------------------
[ 783.914979] swapper/2/0 is trying to acquire lock:
[ 783.914982] 000000002aa3949d (&(&hwq->lock)->rlock){..-.}, at: bnxt_qplib_service_creq+0x232/0x350 [bnxt_re]
[ 783.914999]
but task is already holding lock:
[ 783.915002] 00000000be73920d (&(&hwq->lock)->rlock){..-.}, at: bnxt_qplib_service_creq+0x2a/0x350 [bnxt_re]
[ 783.915013]
other info that might help us debug this:
[ 783.915016] Possible unsafe locking scenario:
[ 783.915019] CPU0
[ 783.915021] ----
[ 783.915034] lock(&(&hwq->lock)->rlock);
[ 783.915035] lock(&(&hwq->lock)->rlock);
[ 783.915037]
*** DEADLOCK ***
[ 783.915038] May be due to missing lock nesting notation
[ 783.915039] 1 lock held by swapper/2/0:
[ 783.915040] #0: 00000000be73920d (&(&hwq->lock)->rlock){..-.}, at: bnxt_qplib_service_creq+0x2a/0x350 [bnxt_re]
[ 783.915044]
stack backtrace:
[ 783.915046] CPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.19.0-rc2+ #33
[ 783.915047] Hardware name: Dell Inc. PowerEdge R730/0599V5, BIOS 1.0.4 08/28/2014
[ 783.915048] Call Trace:
[ 783.915049] <IRQ>
[ 783.915054] dump_stack+0x90/0xe3
[ 783.915058] __lock_acquire+0x106c/0x1080
[ 783.915061] ? sched_clock+0x5/0x10
[ 783.915063] lock_acquire+0xbd/0x1a0
[ 783.915065] ? bnxt_qplib_service_creq+0x232/0x350 [bnxt_re]
[ 783.915069] _raw_spin_lock_irqsave+0x4a/0x90
[ 783.915071] ? bnxt_qplib_service_creq+0x232/0x350 [bnxt_re]
[ 783.915073] bnxt_qplib_service_creq+0x232/0x350 [bnxt_re]
[ 783.915078] tasklet_action_common.isra.17+0x197/0x1b0
[ 783.915081] __do_softirq+0xcb/0x3a6
[ 783.915084] irq_exit+0xe9/0x100
[ 783.915085] do_IRQ+0x6a/0x120
[ 783.915087] common_interrupt+0xf/0xf
[ 783.915088] </IRQ>
Use nested notation for the spin_lock to avoid this warning.
Signed-off-by: Selvin Xavier <selvin.xavier@broadcom.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/hw/bnxt_re/qplib_rcfw.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
--- a/drivers/infiniband/hw/bnxt_re/qplib_rcfw.c
+++ b/drivers/infiniband/hw/bnxt_re/qplib_rcfw.c
@@ -309,8 +309,17 @@ static int bnxt_qplib_process_qp_event(s
rcfw->aeq_handler(rcfw, qp_event, qp);
break;
default:
- /* Command Response */
- spin_lock_irqsave(&cmdq->lock, flags);
+ /*
+ * Command Response
+ * cmdq->lock needs to be acquired to synchronie
+ * the command send and completion reaping. This function
+ * is always called with creq->lock held. Using
+ * the nested variant of spin_lock.
+ *
+ */
+
+ spin_lock_irqsave_nested(&cmdq->lock, flags,
+ SINGLE_DEPTH_NESTING);
cookie = le16_to_cpu(qp_event->cookie);
mcookie = qp_event->cookie;
blocked = cookie & RCFW_CMD_IS_BLOCKING;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 147/361] usb: host: ohci-at91: fix request of irq for optional gpio
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (145 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 146/361] RDMA/bnxt_re: Fix recursive lock warning in debug kernel Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 148/361] PCI: mediatek: Fix mtk_pcie_find_port() endpoint/port matching logic Greg Kroah-Hartman
` (216 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tudor Ambarus, Nicolas Ferre, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Tudor.Ambarus@microchip.com" <Tudor.Ambarus@microchip.com>
[ Upstream commit 325b9313ec3be56c8e2fe03f977fee19cec75820 ]
atmel,oc-gpio is optional. Request its irq only when atmel,oc is set
in device tree.
devm_gpiod_get_index_optional returns NULL if -ENOENT. Check its
return value for NULL before error, because it is more probable that
atmel,oc is not set.
This fixes the following errors on boards where atmel,oc is not set in
device tree:
[ 0.960000] at91_ohci 500000.ohci: failed to request gpio "overcurrent" IRQ
[ 0.960000] at91_ohci 500000.ohci: failed to request gpio "overcurrent" IRQ
[ 0.970000] at91_ohci 500000.ohci: failed to request gpio "overcurrent" IRQ
Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Acked-by: Nicolas Ferre <nicolas.ferre@microchip.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/ohci-at91.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/usb/host/ohci-at91.c
+++ b/drivers/usb/host/ohci-at91.c
@@ -551,6 +551,8 @@ static int ohci_hcd_at91_drv_probe(struc
pdata->overcurrent_pin[i] =
devm_gpiod_get_index_optional(&pdev->dev, "atmel,oc",
i, GPIOD_IN);
+ if (!pdata->overcurrent_pin[i])
+ continue;
if (IS_ERR(pdata->overcurrent_pin[i])) {
err = PTR_ERR(pdata->overcurrent_pin[i]);
dev_err(&pdev->dev, "unable to claim gpio \"overcurrent\": %d\n", err);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 148/361] PCI: mediatek: Fix mtk_pcie_find_port() endpoint/port matching logic
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (146 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 147/361] usb: host: ohci-at91: fix request of irq for optional gpio Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 149/361] PCI: cadence: Use AXI region 0 to signal interrupts from EP Greg Kroah-Hartman
` (215 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Honghui Zhang, Lorenzo Pieralisi,
Ryder Lee, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Honghui Zhang <honghui.zhang@mediatek.com>
[ Upstream commit 074d6f32689ce05a084b6fa3db38445745bf11cc ]
The Mediatek's host controller has two slots, each with its own control
registers. The host driver needs to identify what slot is connected to
what port in order to access the device's configuration space.
Current code retrieving slot connected to a given endpoint device.
Assuming each slot is connected to one endpoint device as below:
host bridge
bus 0 --> __________|_______
| |
| |
slot 0 slot 1
bus 1 -->| bus 2 --> |
| |
EP 0 EP 1
During PCI enumeration, system software will scan all the PCI devices on
every bus starting from devfn 0. Using PCI_SLOT(devfn) for matching an
endpoint to its slot is erroneous in that the devfn does not contain the
hierarchical bus numbering in it. In order to match an endpoint with its
slot (and related port), the PCI tree must be walked up to the root bus
(where the root ports are situated) and then the PCI_SLOT(devfn)
matching logic can be correctly applied for matching.
This patch fixes the mtk_pcie_find_port() slot matching logic by adding
appropriate PCI tree walking code to retrieve the slot/port a given
endpoint is connected to.
Signed-off-by: Honghui Zhang <honghui.zhang@mediatek.com>
[lorenzo.pieralisi@arm.com: rewrote the commit log]
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Acked-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/controller/pcie-mediatek.c | 11 +++++++++++
1 file changed, 11 insertions(+)
--- a/drivers/pci/controller/pcie-mediatek.c
+++ b/drivers/pci/controller/pcie-mediatek.c
@@ -337,6 +337,17 @@ static struct mtk_pcie_port *mtk_pcie_fi
{
struct mtk_pcie *pcie = bus->sysdata;
struct mtk_pcie_port *port;
+ struct pci_dev *dev = NULL;
+
+ /*
+ * Walk the bus hierarchy to get the devfn value
+ * of the port in the root bus.
+ */
+ while (bus && bus->number) {
+ dev = bus->self;
+ bus = dev->bus;
+ devfn = dev->devfn;
+ }
list_for_each_entry(port, &pcie->ports, list)
if (port->slot == PCI_SLOT(devfn))
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 149/361] PCI: cadence: Use AXI region 0 to signal interrupts from EP
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (147 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 148/361] PCI: mediatek: Fix mtk_pcie_find_port() endpoint/port matching logic Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 150/361] usb: typec: tcpm: Report back negotiated PPS voltage and current Greg Kroah-Hartman
` (214 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alan Douglas, Lorenzo Pieralisi, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alan Douglas <adouglas@cadence.com>
[ Upstream commit 0652d4b6b56f73c81abbdbc7e26f772cb2dfe370 ]
The IRQ physical address is allocated from region 0, rather than
the highest region. Update the driver to reserve this region in
the bitmap and to use region 0 for all types of interrupt.
This corrects a problem which prevents the interrupt being
signalled correctly if using the first address in the AXI region,
since an offset of zero will always be mapped to region 0.
Fixes: 37dddf14f1ae ("PCI: cadence: Add EndPoint Controller driver for Cadence PCIe controller")
Signed-off-by: Alan Douglas <adouglas@cadence.com>
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/controller/pcie-cadence-ep.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
--- a/drivers/pci/controller/pcie-cadence-ep.c
+++ b/drivers/pci/controller/pcie-cadence-ep.c
@@ -258,7 +258,6 @@ static void cdns_pcie_ep_assert_intx(str
u8 intx, bool is_asserted)
{
struct cdns_pcie *pcie = &ep->pcie;
- u32 r = ep->max_regions - 1;
u32 offset;
u16 status;
u8 msg_code;
@@ -268,8 +267,8 @@ static void cdns_pcie_ep_assert_intx(str
/* Set the outbound region if needed. */
if (unlikely(ep->irq_pci_addr != CDNS_PCIE_EP_IRQ_PCI_ADDR_LEGACY ||
ep->irq_pci_fn != fn)) {
- /* Last region was reserved for IRQ writes. */
- cdns_pcie_set_outbound_region_for_normal_msg(pcie, fn, r,
+ /* First region was reserved for IRQ writes. */
+ cdns_pcie_set_outbound_region_for_normal_msg(pcie, fn, 0,
ep->irq_phys_addr);
ep->irq_pci_addr = CDNS_PCIE_EP_IRQ_PCI_ADDR_LEGACY;
ep->irq_pci_fn = fn;
@@ -347,8 +346,8 @@ static int cdns_pcie_ep_send_msi_irq(str
/* Set the outbound region if needed. */
if (unlikely(ep->irq_pci_addr != (pci_addr & ~pci_addr_mask) ||
ep->irq_pci_fn != fn)) {
- /* Last region was reserved for IRQ writes. */
- cdns_pcie_set_outbound_region(pcie, fn, ep->max_regions - 1,
+ /* First region was reserved for IRQ writes. */
+ cdns_pcie_set_outbound_region(pcie, fn, 0,
false,
ep->irq_phys_addr,
pci_addr & ~pci_addr_mask,
@@ -517,6 +516,8 @@ static int cdns_pcie_ep_probe(struct pla
goto free_epc_mem;
}
ep->irq_pci_addr = CDNS_PCIE_EP_IRQ_PCI_ADDR_NONE;
+ /* Reserve region 0 for IRQs */
+ set_bit(0, &ep->ob_region_map);
return 0;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 150/361] usb: typec: tcpm: Report back negotiated PPS voltage and current
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (148 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 149/361] PCI: cadence: Use AXI region 0 to signal interrupts from EP Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 151/361] tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated Greg Kroah-Hartman
` (213 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Adam Thomson, Guenter Roeck, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Adam Thomson <Adam.Thomson.Opensource@diasemi.com>
[ Upstream commit 554fab6dbf20ee7298ed2d4e8398b85e6058abb7 ]
Currently when requesting a specific voltage or current through
the psy interface, for PPS, when reading back from that interface
the values will always be the same as previously given, if the
request was successful. However PPS only allows for 20mV voltage
steps and 50mA current steps, and the psy class expects microvolt
and micro amp requests, so inbetween values can be provided through
this interface. Really when reading back the true values negotiated
should be given, and not the ones originally asked for.
To report the actual values negotiated with the Source, the values
stored are now rounded down to the relevant step units prior to
building the PPS request, so that those values are later correctly
reported through the psy interface. In addition this improves the
adjustments made to meet the operating power requirements of the
platform, which previously could have been slightly out due to not
using valid PPS units of voltage and current.
Signed-off-by: Adam Thomson <Adam.Thomson.Opensource@diasemi.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/typec/tcpm.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/drivers/usb/typec/tcpm.c
+++ b/drivers/usb/typec/tcpm.c
@@ -4116,6 +4116,9 @@ static int tcpm_pps_set_op_curr(struct t
goto port_unlock;
}
+ /* Round down operating current to align with PPS valid steps */
+ op_curr = op_curr - (op_curr % RDO_PROG_CURR_MA_STEP);
+
reinit_completion(&port->pps_complete);
port->pps_data.op_curr = op_curr;
port->pps_status = 0;
@@ -4169,6 +4172,9 @@ static int tcpm_pps_set_out_volt(struct
goto port_unlock;
}
+ /* Round down output voltage to align with PPS valid steps */
+ out_volt = out_volt - (out_volt % RDO_PROG_VOLT_MV_STEP);
+
reinit_completion(&port->pps_complete);
port->pps_data.out_volt = out_volt;
port->pps_status = 0;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 151/361] tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (149 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 150/361] usb: typec: tcpm: Report back negotiated PPS voltage and current Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 152/361] f2fs: clear PageError on the read path Greg Kroah-Hartman
` (212 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans de Goede,
Javier Martinez Canillas, Jarkko Sakkinen, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Javier Martinez Canillas <javierm@redhat.com>
[ Upstream commit 0d6d0d62d9505a9816716aa484ebd0b04c795063 ]
For TPM 1.2 chips the system setup utility allows to set the TPM device in
one of the following states:
* Active: Security chip is functional
* Inactive: Security chip is visible, but is not functional
* Disabled: Security chip is hidden and is not functional
When choosing the "Inactive" state, the TPM 1.2 device is enumerated and
registered, but sending TPM commands fail with either TPM_DEACTIVATED or
TPM_DISABLED depending if the firmware deactivated or disabled the TPM.
Since these TPM 1.2 error codes don't have special treatment, inactivating
the TPM leads to a very noisy kernel log buffer that shows messages like
the following:
tpm_tis 00:05: 1.2 TPM (device-id 0x0, rev-id 78)
tpm tpm0: A TPM error (6) occurred attempting to read a pcr value
tpm tpm0: TPM is disabled/deactivated (0x6)
tpm tpm0: A TPM error (6) occurred attempting get random
tpm tpm0: A TPM error (6) occurred attempting to read a pcr value
ima: No TPM chip found, activating TPM-bypass! (rc=6)
tpm tpm0: A TPM error (6) occurred attempting get random
tpm tpm0: A TPM error (6) occurred attempting get random
tpm tpm0: A TPM error (6) occurred attempting get random
tpm tpm0: A TPM error (6) occurred attempting get random
Let's just suppress error log messages for the TPM_{DEACTIVATED,DISABLED}
return codes, since this is expected when the TPM 1.2 is set to Inactive.
In that case the kernel log is cleaner and less confusing for users, i.e:
tpm_tis 00:05: 1.2 TPM (device-id 0x0, rev-id 78)
tpm tpm0: TPM is disabled/deactivated (0x6)
ima: No TPM chip found, activating TPM-bypass! (rc=6)
Reported-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/char/tpm/tpm-interface.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/char/tpm/tpm-interface.c
+++ b/drivers/char/tpm/tpm-interface.c
@@ -663,7 +663,8 @@ ssize_t tpm_transmit_cmd(struct tpm_chip
return len;
err = be32_to_cpu(header->return_code);
- if (err != 0 && desc)
+ if (err != 0 && err != TPM_ERR_DISABLED && err != TPM_ERR_DEACTIVATED
+ && desc)
dev_err(&chip->dev, "A TPM error (%d) occurred %s\n", err,
desc);
if (err)
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 152/361] f2fs: clear PageError on the read path
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (150 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 151/361] tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 153/361] Drivers: hv: vmbus: Use cpumask_var_t for on-stack cpu mask Greg Kroah-Hartman
` (211 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jaegeuk Kim, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jaegeuk Kim <jaegeuk@kernel.org>
[ Upstream commit fb7d70db305a1446864227abf711b756568f8242 ]
When running fault injection test, I hit somewhat wrong behavior in f2fs_gc ->
gc_data_segment():
0. fault injection generated some PageError'ed pages
1. gc_data_segment
-> f2fs_get_read_data_page(REQ_RAHEAD)
2. move_data_page
-> f2fs_get_lock_data_page()
-> f2f_get_read_data_page()
-> f2fs_submit_page_read()
-> submit_bio(READ)
-> return EIO due to PageError
-> fail to move data
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/data.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/fs/f2fs/data.c
+++ b/fs/f2fs/data.c
@@ -80,7 +80,8 @@ static void __read_end_io(struct bio *bi
/* PG_error was set if any post_read step failed */
if (bio->bi_status || PageError(page)) {
ClearPageUptodate(page);
- SetPageError(page);
+ /* will re-read again later */
+ ClearPageError(page);
} else {
SetPageUptodate(page);
}
@@ -590,6 +591,7 @@ static int f2fs_submit_page_read(struct
bio_put(bio);
return -EFAULT;
}
+ ClearPageError(page);
__submit_bio(F2FS_I_SB(inode), bio, DATA);
return 0;
}
@@ -1565,6 +1567,7 @@ submit_and_realloc:
if (bio_add_page(bio, page, blocksize, 0) < blocksize)
goto submit_and_realloc;
+ ClearPageError(page);
last_block_in_bio = block_nr;
goto next_page;
set_error_page:
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 153/361] Drivers: hv: vmbus: Use cpumask_var_t for on-stack cpu mask
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (151 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 152/361] f2fs: clear PageError on the read path Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 154/361] VMCI: Resource wildcard match fixed Greg Kroah-Hartman
` (210 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dexuan Cui, K. Y. Srinivasan,
Haiyang Zhang, Stephen Hemminger, Stable, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dexuan Cui <decui@microsoft.com>
[ Upstream commit 25355252607ca288f329ee033f387764883393f6 ]
A cpumask structure on the stack can cause a warning with
CONFIG_NR_CPUS=8192 (e.g. Ubuntu 16.04 and 18.04 use this):
drivers/hv//channel_mgmt.c: In function ‘init_vp_index’:
drivers/hv//channel_mgmt.c:702:1: warning: the frame size of 1032 bytes
is larger than 1024 bytes [-Wframe-larger-than=]
Nowadays it looks most distros enable CONFIG_CPUMASK_OFFSTACK=y, and
hence we can work around the warning by using cpumask_var_t.
Signed-off-by: Dexuan Cui <decui@microsoft.com>
Cc: K. Y. Srinivasan <kys@microsoft.com>
Cc: Haiyang Zhang <haiyangz@microsoft.com>
Cc: Stephen Hemminger <sthemmin@microsoft.com>
Cc: <Stable@vger.kernel.org>
Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hv/channel_mgmt.c | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
--- a/drivers/hv/channel_mgmt.c
+++ b/drivers/hv/channel_mgmt.c
@@ -606,16 +606,18 @@ static void init_vp_index(struct vmbus_c
bool perf_chn = vmbus_devs[dev_type].perf_device;
struct vmbus_channel *primary = channel->primary_channel;
int next_node;
- struct cpumask available_mask;
+ cpumask_var_t available_mask;
struct cpumask *alloced_mask;
if ((vmbus_proto_version == VERSION_WS2008) ||
- (vmbus_proto_version == VERSION_WIN7) || (!perf_chn)) {
+ (vmbus_proto_version == VERSION_WIN7) || (!perf_chn) ||
+ !alloc_cpumask_var(&available_mask, GFP_KERNEL)) {
/*
* Prior to win8, all channel interrupts are
* delivered on cpu 0.
* Also if the channel is not a performance critical
* channel, bind it to cpu 0.
+ * In case alloc_cpumask_var() fails, bind it to cpu 0.
*/
channel->numa_node = 0;
channel->target_cpu = 0;
@@ -653,7 +655,7 @@ static void init_vp_index(struct vmbus_c
cpumask_clear(alloced_mask);
}
- cpumask_xor(&available_mask, alloced_mask,
+ cpumask_xor(available_mask, alloced_mask,
cpumask_of_node(primary->numa_node));
cur_cpu = -1;
@@ -671,10 +673,10 @@ static void init_vp_index(struct vmbus_c
}
while (true) {
- cur_cpu = cpumask_next(cur_cpu, &available_mask);
+ cur_cpu = cpumask_next(cur_cpu, available_mask);
if (cur_cpu >= nr_cpu_ids) {
cur_cpu = -1;
- cpumask_copy(&available_mask,
+ cpumask_copy(available_mask,
cpumask_of_node(primary->numa_node));
continue;
}
@@ -704,6 +706,8 @@ static void init_vp_index(struct vmbus_c
channel->target_cpu = cur_cpu;
channel->target_vp = hv_cpu_number_to_vp_number(cur_cpu);
+
+ free_cpumask_var(available_mask);
}
static void vmbus_wait_for_unload(void)
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 154/361] VMCI: Resource wildcard match fixed
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (152 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 153/361] Drivers: hv: vmbus: Use cpumask_var_t for on-stack cpu mask Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 155/361] PCI / ACPI: Enable wake automatically for power managed bridges Greg Kroah-Hartman
` (209 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hangbin Liu, Adit Ranadive,
Vishnu Dasa, Jorgen Hansen, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jorgen Hansen <jhansen@vmware.com>
[ Upstream commit 11924ba5e671d6caef1516923e2bd8c72929a3fe ]
When adding a VMCI resource, the check for an existing entry
would ignore that the new entry could be a wildcard. This could
result in multiple resource entries that would match a given
handle. One disastrous outcome of this is that the
refcounting used to ensure that delayed callbacks for VMCI
datagrams have run before the datagram is destroyed can be
wrong, since the refcount could be increased on the duplicate
entry. This in turn leads to a use after free bug. This issue
was discovered by Hangbin Liu using KASAN and syzkaller.
Fixes: bc63dedb7d46 ("VMCI: resource object implementation")
Reported-by: Hangbin Liu <liuhangbin@gmail.com>
Reviewed-by: Adit Ranadive <aditr@vmware.com>
Reviewed-by: Vishnu Dasa <vdasa@vmware.com>
Signed-off-by: Jorgen Hansen <jhansen@vmware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/misc/vmw_vmci/vmci_driver.c | 2 +-
drivers/misc/vmw_vmci/vmci_resource.c | 3 ++-
2 files changed, 3 insertions(+), 2 deletions(-)
--- a/drivers/misc/vmw_vmci/vmci_driver.c
+++ b/drivers/misc/vmw_vmci/vmci_driver.c
@@ -113,5 +113,5 @@ module_exit(vmci_drv_exit);
MODULE_AUTHOR("VMware, Inc.");
MODULE_DESCRIPTION("VMware Virtual Machine Communication Interface.");
-MODULE_VERSION("1.1.5.0-k");
+MODULE_VERSION("1.1.6.0-k");
MODULE_LICENSE("GPL v2");
--- a/drivers/misc/vmw_vmci/vmci_resource.c
+++ b/drivers/misc/vmw_vmci/vmci_resource.c
@@ -57,7 +57,8 @@ static struct vmci_resource *vmci_resour
if (r->type == type &&
rid == handle.resource &&
- (cid == handle.context || cid == VMCI_INVALID_ID)) {
+ (cid == handle.context || cid == VMCI_INVALID_ID ||
+ handle.context == VMCI_INVALID_ID)) {
resource = r;
break;
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 155/361] PCI / ACPI: Enable wake automatically for power managed bridges
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (153 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 154/361] VMCI: Resource wildcard match fixed Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 156/361] xprtrdma: Reset credit grant properly after a disconnect Greg Kroah-Hartman
` (208 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mika Westerberg, Bjorn Helgaas,
Rafael J. Wysocki, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mika Westerberg <mika.westerberg@linux.intel.com>
[ Upstream commit 6299cf9ec3985cac70bede8a855b5087b81a6640 ]
We enable power management automatically for bridges where
pci_bridge_d3_possible() returns true. However, these bridges may have
ACPI methods such as _DSW that need to be called before D3 entry. For
example in Lenovo Thinkpad X1 Carbon 6th _DSW method is used to prepare
D3cold for the PCIe root port hosting Thunderbolt chain. Because wake is
not enabled _DSW method is never called and the port does not enter
D3cold properly consuming more power than necessary.
Users can work this around by writing "enabled" to "wakeup" sysfs file
under the device in question but that is not something an ordinary user
is expected to do.
Since we already automatically enable power management for PCIe ports
with ->bridge_d3 set extend that to enable wake for them as well,
assuming the port has any ACPI wakeup related objects implemented in the
namespace (adev->wakeup.flags.valid is true). This ensures the necessary
ACPI methods get called at appropriate times and allows the root port in
Thinkpad X1 Carbon 6th to go into D3cold.
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/pci-acpi.c | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
--- a/drivers/pci/pci-acpi.c
+++ b/drivers/pci/pci-acpi.c
@@ -762,19 +762,33 @@ static void pci_acpi_setup(struct device
return;
device_set_wakeup_capable(dev, true);
+ /*
+ * For bridges that can do D3 we enable wake automatically (as
+ * we do for the power management itself in that case). The
+ * reason is that the bridge may have additional methods such as
+ * _DSW that need to be called.
+ */
+ if (pci_dev->bridge_d3)
+ device_wakeup_enable(dev);
+
acpi_pci_wakeup(pci_dev, false);
}
static void pci_acpi_cleanup(struct device *dev)
{
struct acpi_device *adev = ACPI_COMPANION(dev);
+ struct pci_dev *pci_dev = to_pci_dev(dev);
if (!adev)
return;
pci_acpi_remove_pm_notifier(adev);
- if (adev->wakeup.flags.valid)
+ if (adev->wakeup.flags.valid) {
+ if (pci_dev->bridge_d3)
+ device_wakeup_disable(dev);
+
device_set_wakeup_capable(dev, false);
+ }
}
static bool pci_acpi_bus_match(struct device *dev)
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 156/361] xprtrdma: Reset credit grant properly after a disconnect
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (154 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 155/361] PCI / ACPI: Enable wake automatically for power managed bridges Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 157/361] irqchip/pdc: Setup all edge interrupts as rising edge at GIC Greg Kroah-Hartman
` (207 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chuck Lever, stable, Anna Schumaker,
Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chuck Lever <chuck.lever@oracle.com>
[ Upstream commit ef739b2175dde9c05594f768cb78149f1ce2ac36 ]
On a fresh connection, an RPC/RDMA client is supposed to send only
one RPC Call until it gets a credit grant in the first RPC Reply
from the server [RFC 8166, Section 3.3.3].
There is a bug in the Linux client's credit accounting mechanism
introduced by commit e7ce710a8802 ("xprtrdma: Avoid deadlock when
credit window is reset"). On connect, it simply dumps all pending
RPC Calls onto the new connection.
Servers have been tolerant of this bad behavior. Currently no server
implementation ever changes its credit grant over reconnects, and
servers always repost enough Receives before connections are fully
established.
To correct this issue, ensure that the client resets both the credit
grant _and_ the congestion window when handling a reconnect.
Fixes: e7ce710a8802 ("xprtrdma: Avoid deadlock when credit ... ")
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Cc: stable@kernel.org
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sunrpc/xprtrdma/svc_rdma_backchannel.c | 1 +
net/sunrpc/xprtrdma/transport.c | 6 ++++++
2 files changed, 7 insertions(+)
--- a/net/sunrpc/xprtrdma/svc_rdma_backchannel.c
+++ b/net/sunrpc/xprtrdma/svc_rdma_backchannel.c
@@ -248,6 +248,7 @@ static void
xprt_rdma_bc_close(struct rpc_xprt *xprt)
{
dprintk("svcrdma: %s: xprt %p\n", __func__, xprt);
+ xprt->cwnd = RPC_CWNDSHIFT;
}
static void
--- a/net/sunrpc/xprtrdma/transport.c
+++ b/net/sunrpc/xprtrdma/transport.c
@@ -468,6 +468,12 @@ xprt_rdma_close(struct rpc_xprt *xprt)
xprt->reestablish_timeout = 0;
xprt_disconnect_done(xprt);
rpcrdma_ep_disconnect(ep, ia);
+
+ /* Prepare @xprt for the next connection by reinitializing
+ * its credit grant to one (see RFC 8166, Section 3.3.3).
+ */
+ r_xprt->rx_buf.rb_credits = 1;
+ xprt->cwnd = RPC_CWNDSHIFT;
}
/**
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 157/361] irqchip/pdc: Setup all edge interrupts as rising edge at GIC
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (155 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 156/361] xprtrdma: Reset credit grant properly after a disconnect Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 158/361] usb: dwc2: fix call to vbus supply exit routine, call it unlocked Greg Kroah-Hartman
` (206 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Evan Green, Lina Iyer, Marc Zyngier,
Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lina Iyer <ilina@codeaurora.org>
[ Upstream commit 7bae48b22c8d38c5cd50f52b6e15d134e2bb3935 ]
The PDC irqchp can convert a falling edge or level low interrupt to a
rising edge or level high interrupt at the GIC. We just need to setup
the GIC correctly. Set up the interrupt type for the IRQ_TYPE_EDGE_BOTH
as IRQ_TYPE_EDGE_RISING at the GIC.
Fixes: f55c73aef890 ("irqchip/pdc: Add PDC interrupt controller for QCOM SoCs")
Reported-by: Evan Green <evgreen@chromium.org>
Reviewed-by: Evan Green <evgreen@chromium.org>
Signed-off-by: Lina Iyer <ilina@codeaurora.org>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/irqchip/qcom-pdc.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/irqchip/qcom-pdc.c
+++ b/drivers/irqchip/qcom-pdc.c
@@ -124,6 +124,7 @@ static int qcom_pdc_gic_set_type(struct
break;
case IRQ_TYPE_EDGE_BOTH:
pdc_type = PDC_EDGE_DUAL;
+ type = IRQ_TYPE_EDGE_RISING;
break;
case IRQ_TYPE_LEVEL_HIGH:
pdc_type = PDC_LEVEL_HIGH;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 158/361] usb: dwc2: fix call to vbus supply exit routine, call it unlocked
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (156 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 157/361] irqchip/pdc: Setup all edge interrupts as rising edge at GIC Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 159/361] usb: dwc2: fix a race with external vbus supply Greg Kroah-Hartman
` (205 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Artur Petrosyan, Minas Harutyunyan,
Fabrice Gasnier, Amelie Delaunay, Felipe Balbi, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Fabrice Gasnier <fabrice.gasnier@st.com>
[ Upstream commit 5aa678c7fd5371769efde30763fb43a43a118cd0 ]
dwc2_vbus_supply_exit() may call regulator_disable(). It shouldn't be
called with interrupts disabled as it might sleep.
This is seen with DEBUG_ATOMIC_SLEEP=y.
Fixes: 531ef5ebea96 ("usb: dwc2: add support for host mode external
vbus supply")
Tested-by: Artur Petrosyan <arturp@synopsys.com>
Acked-by: Minas Harutyunyan <hminas@synopsys.com>
Signed-off-by: Fabrice Gasnier <fabrice.gasnier@st.com>
Signed-off-by: Amelie Delaunay <amelie.delaunay@st.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/dwc2/hcd.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/usb/dwc2/hcd.c
+++ b/drivers/usb/dwc2/hcd.c
@@ -4482,7 +4482,9 @@ static int _dwc2_hcd_suspend(struct usb_
hprt0 |= HPRT0_SUSP;
hprt0 &= ~HPRT0_PWR;
dwc2_writel(hsotg, hprt0, HPRT0);
+ spin_unlock_irqrestore(&hsotg->lock, flags);
dwc2_vbus_supply_exit(hsotg);
+ spin_lock_irqsave(&hsotg->lock, flags);
}
/* Enter partial_power_down */
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 159/361] usb: dwc2: fix a race with external vbus supply
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (157 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 158/361] usb: dwc2: fix call to vbus supply exit routine, call it unlocked Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 160/361] usb: gadget: udc: atmel: handle at91sam9rl PMC Greg Kroah-Hartman
` (204 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Artur Petrosyan, Minas Harutyunyan,
Fabrice Gasnier, Amelie Delaunay, Felipe Balbi, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Fabrice Gasnier <fabrice.gasnier@st.com>
[ Upstream commit 41ee1ea21052583eaf5487dfa0d0c907c9667548 ]
There's a race with root hub resume, when using external vbus supply.
Root hub gets resumed, but runtime pm autosuspend runs as external vbus
supply isn't enabled. So, host never exit from power down properly.
Initialize vbus external supply before, rater that after hub resume.
Fixes: 531ef5ebea96 ("usb: dwc2: add support for host mode external
vbus supply")
Tested-by: Artur Petrosyan <arturp@synopsys.com>
Acked-by: Minas Harutyunyan <hminas@synopsys.com>
Signed-off-by: Fabrice Gasnier <fabrice.gasnier@st.com>
Signed-off-by: Amelie Delaunay <amelie.delaunay@st.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/dwc2/hcd.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
--- a/drivers/usb/dwc2/hcd.c
+++ b/drivers/usb/dwc2/hcd.c
@@ -4393,6 +4393,7 @@ static int _dwc2_hcd_start(struct usb_hc
struct dwc2_hsotg *hsotg = dwc2_hcd_to_hsotg(hcd);
struct usb_bus *bus = hcd_to_bus(hcd);
unsigned long flags;
+ int ret;
dev_dbg(hsotg->dev, "DWC OTG HCD START\n");
@@ -4408,6 +4409,13 @@ static int _dwc2_hcd_start(struct usb_hc
dwc2_hcd_reinit(hsotg);
+ /* enable external vbus supply before resuming root hub */
+ spin_unlock_irqrestore(&hsotg->lock, flags);
+ ret = dwc2_vbus_supply_init(hsotg);
+ if (ret)
+ return ret;
+ spin_lock_irqsave(&hsotg->lock, flags);
+
/* Initialize and connect root hub if one is not already attached */
if (bus->root_hub) {
dev_dbg(hsotg->dev, "DWC OTG HCD Has Root Hub\n");
@@ -4417,7 +4425,7 @@ static int _dwc2_hcd_start(struct usb_hc
spin_unlock_irqrestore(&hsotg->lock, flags);
- return dwc2_vbus_supply_init(hsotg);
+ return 0;
}
/*
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 160/361] usb: gadget: udc: atmel: handle at91sam9rl PMC
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (158 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 159/361] usb: dwc2: fix a race with external vbus supply Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 161/361] ext4: fix argument checking in EXT4_IOC_MOVE_EXT Greg Kroah-Hartman
` (203 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Cristian Birsan, Alexandre Belloni,
Felipe Balbi, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexandre Belloni <alexandre.belloni@bootlin.com>
[ Upstream commit bb80e4fa57eb75ebd64ae9be4155da6d12c1a997 ]
The at91sam9rl PMC is not quite the same as the at91sam9g45 one and now has
its own compatible string. Add support for that.
Fixes: 217bace8e548 ("ARM: dts: fix PMC compatible")
Acked-by: Cristian Birsan <cristian.birsan@microchip.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/gadget/udc/atmel_usba_udc.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/usb/gadget/udc/atmel_usba_udc.c
+++ b/drivers/usb/gadget/udc/atmel_usba_udc.c
@@ -2018,6 +2018,8 @@ static struct usba_ep * atmel_udc_of_ini
udc->errata = match->data;
udc->pmc = syscon_regmap_lookup_by_compatible("atmel,at91sam9g45-pmc");
if (IS_ERR(udc->pmc))
+ udc->pmc = syscon_regmap_lookup_by_compatible("atmel,at91sam9rl-pmc");
+ if (IS_ERR(udc->pmc))
udc->pmc = syscon_regmap_lookup_by_compatible("atmel,at91sam9x5-pmc");
if (udc->errata && IS_ERR(udc->pmc))
return ERR_CAST(udc->pmc);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 161/361] ext4: fix argument checking in EXT4_IOC_MOVE_EXT
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (159 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 160/361] usb: gadget: udc: atmel: handle at91sam9rl PMC Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 162/361] MD: fix invalid stored role for a disk Greg Kroah-Hartman
` (202 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+c61979f6f2cba5cb3c06,
Theodore Tso, stable, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Theodore Ts'o <tytso@mit.edu>
[ Upstream commit f18b2b83a727a3db208308057d2c7945f368e625 ]
If the starting block number of either the source or destination file
exceeds the EOF, EXT4_IOC_MOVE_EXT should return EINVAL.
Also fixed the helper function mext_check_coverage() so that if the
logical block is beyond EOF, make it return immediately, instead of
looping until the block number wraps all the away around. This takes
long enough that if there are multiple threads trying to do pound on
an the same inode doing non-sensical things, it can end up triggering
the kernel's soft lockup detector.
Reported-by: syzbot+c61979f6f2cba5cb3c06@syzkaller.appspotmail.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/move_extent.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/fs/ext4/move_extent.c
+++ b/fs/ext4/move_extent.c
@@ -516,9 +516,13 @@ mext_check_arguments(struct inode *orig_
orig_inode->i_ino, donor_inode->i_ino);
return -EINVAL;
}
- if (orig_eof < orig_start + *len - 1)
+ if (orig_eof <= orig_start)
+ *len = 0;
+ else if (orig_eof < orig_start + *len - 1)
*len = orig_eof - orig_start;
- if (donor_eof < donor_start + *len - 1)
+ if (donor_eof <= donor_start)
+ *len = 0;
+ else if (donor_eof < donor_start + *len - 1)
*len = donor_eof - donor_start;
if (!*len) {
ext4_debug("ext4 move extent: len should not be 0 "
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 162/361] MD: fix invalid stored role for a disk
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (160 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 161/361] ext4: fix argument checking in EXT4_IOC_MOVE_EXT Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 163/361] PCI: cadence: Correct probe behaviour when failing to get PHY Greg Kroah-Hartman
` (201 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Gioh Kim, Guoqing Jiang, Shaohua Li,
Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Shaohua Li <shli@fb.com>
[ Upstream commit d595567dc4f0c1d90685ec1e2e296e2cad2643ac ]
If we change the number of array's device after device is removed from array,
then add the device back to array, we can see that device is added as active
role instead of spare which we expected.
Please see the below link for details:
https://marc.info/?l=linux-raid&m=153736982015076&w=2
This is caused by that we prefer to use device's previous role which is
recorded by saved_raid_disk, but we should respect the new number of
conf->raid_disks since it could be changed after device is removed.
Reported-by: Gioh Kim <gi-oh.kim@profitbricks.com>
Tested-by: Gioh Kim <gi-oh.kim@profitbricks.com>
Acked-by: Guoqing Jiang <gqjiang@suse.com>
Signed-off-by: Shaohua Li <shli@fb.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/md.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -1776,6 +1776,10 @@ static int super_1_validate(struct mddev
} else
set_bit(In_sync, &rdev->flags);
rdev->raid_disk = role;
+ if (role >= mddev->raid_disks) {
+ rdev->saved_raid_disk = -1;
+ rdev->raid_disk = -1;
+ }
break;
}
if (sb->devflags & WriteMostly1)
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 163/361] PCI: cadence: Correct probe behaviour when failing to get PHY
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (161 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 162/361] MD: fix invalid stored role for a disk Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 164/361] nvmem: check the return value of nvmem_add_cells() Greg Kroah-Hartman
` (200 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Colin King, Alan Douglas,
Lorenzo Pieralisi, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alan Douglas <adouglas@cadence.com>
[ Upstream commit aa77e55d48124d0d78456eabf872fffb5decdbe1 ]
Test the correct value to see whether the PHY get failed.
Use devm_phy_get() instead of devm_phy_optional_get(), since it is
only called if phy name is given in devicetree and so should exist.
If failure when getting or linking PHY, put any PHYs which were
already got and unlink them.
Fixes: dfb80534692ddc5b ("PCI: cadence: Add generic PHY support to host and EP drivers")
Reported-by: Colin King <colin.king@canonical.com>
Signed-off-by: Alan Douglas <adouglas@cadence.com>
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/controller/pcie-cadence.c | 20 ++++++++++++--------
1 file changed, 12 insertions(+), 8 deletions(-)
--- a/drivers/pci/controller/pcie-cadence.c
+++ b/drivers/pci/controller/pcie-cadence.c
@@ -190,14 +190,16 @@ int cdns_pcie_init_phy(struct device *de
for (i = 0; i < phy_count; i++) {
of_property_read_string_index(np, "phy-names", i, &name);
- phy[i] = devm_phy_optional_get(dev, name);
- if (IS_ERR(phy))
- return PTR_ERR(phy);
-
+ phy[i] = devm_phy_get(dev, name);
+ if (IS_ERR(phy[i])) {
+ ret = PTR_ERR(phy[i]);
+ goto err_phy;
+ }
link[i] = device_link_add(dev, &phy[i]->dev, DL_FLAG_STATELESS);
if (!link[i]) {
+ devm_phy_put(dev, phy[i]);
ret = -EINVAL;
- goto err_link;
+ goto err_phy;
}
}
@@ -207,13 +209,15 @@ int cdns_pcie_init_phy(struct device *de
ret = cdns_pcie_enable_phy(pcie);
if (ret)
- goto err_link;
+ goto err_phy;
return 0;
-err_link:
- while (--i >= 0)
+err_phy:
+ while (--i >= 0) {
device_link_del(link[i]);
+ devm_phy_put(dev, phy[i]);
+ }
return ret;
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 164/361] nvmem: check the return value of nvmem_add_cells()
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (162 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 163/361] PCI: cadence: Correct probe behaviour when failing to get PHY Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 165/361] xhci: Avoid USB autosuspend when resuming USB2 ports Greg Kroah-Hartman
` (199 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bartosz Golaszewski,
Srinivas Kandagatla, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bartosz Golaszewski <bgolaszewski@baylibre.com>
[ Upstream commit fa72d847d68d7833b77a4bef944cf2c5baf56f49 ]
This function can fail so check its return value in nvmem_register()
and act accordingly.
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/nvmem/core.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
--- a/drivers/nvmem/core.c
+++ b/drivers/nvmem/core.c
@@ -516,11 +516,17 @@ struct nvmem_device *nvmem_register(cons
goto err_device_del;
}
- if (config->cells)
- nvmem_add_cells(nvmem, config->cells, config->ncells);
+ if (config->cells) {
+ rval = nvmem_add_cells(nvmem, config->cells, config->ncells);
+ if (rval)
+ goto err_teardown_compat;
+ }
return nvmem;
+err_teardown_compat:
+ if (config->compat)
+ device_remove_bin_file(nvmem->base_dev, &nvmem->eeprom);
err_device_del:
device_del(&nvmem->dev);
err_put_device:
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 165/361] xhci: Avoid USB autosuspend when resuming USB2 ports.
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (163 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 164/361] nvmem: check the return value of nvmem_add_cells() Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 166/361] scsi: qla2xxx: Fix recursive mailbox timeout Greg Kroah-Hartman
` (198 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Anshuman Gupta, Mathias Nyman, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Anshuman Gupta <anshuman.gupta@intel.com>
[ Upstream commit 330e2d61cdd58363eb5e66b2e72f76fe3c5492e0 ]
When USB bus host controller root hub resumes from autosuspend,
it immediately tries to enter auto-suspend, but there can be a
scenario when root hub is resuming its usb2 ports, in that particular
case USB host controller auto suspend fails since it is busy
to resuming its usb2 ports.
This makes multiple failed cycles of auto-suspend until all usb2
ports of host controller root hub do not resume.
This patch uses USB core framework usb_hcd_start_port_resume,
usb_hcd_end_port_resume API's in order to autoresume/autosuspend
root hub properly.
Signed-off-by: Anshuman Gupta <anshuman.gupta@intel.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/xhci-hub.c | 5 +++++
drivers/usb/host/xhci-ring.c | 1 +
2 files changed, 6 insertions(+)
--- a/drivers/usb/host/xhci-hub.c
+++ b/drivers/usb/host/xhci-hub.c
@@ -900,6 +900,7 @@ static u32 xhci_get_port_status(struct u
set_bit(wIndex, &bus_state->resuming_ports);
bus_state->resume_done[wIndex] = timeout;
mod_timer(&hcd->rh_timer, timeout);
+ usb_hcd_start_port_resume(&hcd->self, wIndex);
}
/* Has resume been signalled for USB_RESUME_TIME yet? */
} else if (time_after_eq(jiffies,
@@ -940,6 +941,7 @@ static u32 xhci_get_port_status(struct u
clear_bit(wIndex, &bus_state->rexit_ports);
}
+ usb_hcd_end_port_resume(&hcd->self, wIndex);
bus_state->port_c_suspend |= 1 << wIndex;
bus_state->suspended_ports &= ~(1 << wIndex);
} else {
@@ -962,6 +964,7 @@ static u32 xhci_get_port_status(struct u
(raw_port_status & PORT_PLS_MASK) != XDEV_RESUME) {
bus_state->resume_done[wIndex] = 0;
clear_bit(wIndex, &bus_state->resuming_ports);
+ usb_hcd_end_port_resume(&hcd->self, wIndex);
}
@@ -1337,6 +1340,7 @@ int xhci_hub_control(struct usb_hcd *hcd
goto error;
set_bit(wIndex, &bus_state->resuming_ports);
+ usb_hcd_start_port_resume(&hcd->self, wIndex);
xhci_set_link_state(xhci, ports[wIndex],
XDEV_RESUME);
spin_unlock_irqrestore(&xhci->lock, flags);
@@ -1345,6 +1349,7 @@ int xhci_hub_control(struct usb_hcd *hcd
xhci_set_link_state(xhci, ports[wIndex],
XDEV_U0);
clear_bit(wIndex, &bus_state->resuming_ports);
+ usb_hcd_end_port_resume(&hcd->self, wIndex);
}
bus_state->port_c_suspend |= 1 << wIndex;
--- a/drivers/usb/host/xhci-ring.c
+++ b/drivers/usb/host/xhci-ring.c
@@ -1602,6 +1602,7 @@ static void handle_port_status(struct xh
set_bit(HCD_FLAG_POLL_RH, &hcd->flags);
mod_timer(&hcd->rh_timer,
bus_state->resume_done[hcd_portnum]);
+ usb_hcd_start_port_resume(&hcd->self, hcd_portnum);
bogus_port_status = true;
}
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 166/361] scsi: qla2xxx: Fix recursive mailbox timeout
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (164 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 165/361] xhci: Avoid USB autosuspend when resuming USB2 ports Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 167/361] f2fs: fix to recover inodes crtime during POR Greg Kroah-Hartman
` (197 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Quinn Tran, Ewan D. Milne,
Himanshu Madhani, Martin K. Petersen, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Quinn Tran <quinn.tran@cavium.com>
[ Upstream commit 710bc78f829d014eca95ed7ccc4052bc064b1320 ]
This patch prevents user space mailbox request from doing chip reset if the
mailbox timed out. The chip reset is only reserved for the DPC thread to
ensure all mailbox requests are flushed properly. The DPC thread is
responsible for the flushing all MBs and chip reset.
Fixes: b2000805a975 ("scsi: qla2xxx: Flush mailbox commands on chip reset")
Cc: <stable@ger.kernel.org>
Signed-off-by: Quinn Tran <quinn.tran@cavium.com>
Reviewed-by: Ewan D. Milne <emilne@redhat.com>
Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/qla2xxx/qla_mbx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/scsi/qla2xxx/qla_mbx.c
+++ b/drivers/scsi/qla2xxx/qla_mbx.c
@@ -493,7 +493,7 @@ qla2x00_mailbox_command(scsi_qla_host_t
set_bit(ISP_ABORT_NEEDED, &vha->dpc_flags);
qla2xxx_wake_dpc(vha);
}
- } else if (!abort_active) {
+ } else if (current == ha->dpc_thread) {
/* call abort directly since we are in the DPC thread */
ql_dbg(ql_dbg_mbx, vha, 0x101d,
"Timeout, calling abort_isp.\n");
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 167/361] f2fs: fix to recover inodes crtime during POR
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (165 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 166/361] scsi: qla2xxx: Fix recursive mailbox timeout Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 168/361] f2fs: fix to recover inodes i_flags " Greg Kroah-Hartman
` (196 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chao Yu, Jaegeuk Kim, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chao Yu <yuchao0@huawei.com>
[ Upstream commit 5cd1f387a13b5188b4edb4c834310302a85a6ea2 ]
Testcase to reproduce this bug:
1. mkfs.f2fs -O extra_attr -O inode_crtime /dev/sdd
2. mount -t f2fs /dev/sdd /mnt/f2fs
3. touch /mnt/f2fs/file
4. xfs_io -f /mnt/f2fs/file -c "fsync"
5. godown /mnt/f2fs
6. umount /mnt/f2fs
7. mount -t f2fs /dev/sdd /mnt/f2fs
8. xfs_io -f /mnt/f2fs/file -c "statx -r"
stat.btime.tv_sec = 0
stat.btime.tv_nsec = 0
This patch fixes to recover inode creation time fields during
mount.
Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/node.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/fs/f2fs/node.c
+++ b/fs/f2fs/node.c
@@ -2560,6 +2560,13 @@ retry:
F2FS_FITS_IN_INODE(src, le16_to_cpu(src->i_extra_isize),
i_projid))
dst->i_projid = src->i_projid;
+
+ if (f2fs_sb_has_inode_crtime(sbi->sb) &&
+ F2FS_FITS_IN_INODE(src, le16_to_cpu(src->i_extra_isize),
+ i_crtime_nsec)) {
+ dst->i_crtime = src->i_crtime;
+ dst->i_crtime_nsec = src->i_crtime_nsec;
+ }
}
new_ni = old_ni;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 168/361] f2fs: fix to recover inodes i_flags during POR
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (166 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 167/361] f2fs: fix to recover inodes crtime during POR Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 169/361] PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice Greg Kroah-Hartman
` (195 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chao Yu, Jaegeuk Kim, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chao Yu <yuchao0@huawei.com>
[ Upstream commit 19c73a691ccf6fb2f12d4e9cf9830023966cec88 ]
Testcase to reproduce this bug:
1. mkfs.f2fs /dev/sdd
2. mount -t f2fs /dev/sdd /mnt/f2fs
3. touch /mnt/f2fs/file
4. sync
5. chattr +A /mnt/f2fs/file
6. xfs_io -f /mnt/f2fs/file -c "fsync"
7. godown /mnt/f2fs
8. umount /mnt/f2fs
9. mount -t f2fs /dev/sdd /mnt/f2fs
10. lsattr /mnt/f2fs/file
-----------------N- /mnt/f2fs/file
But actually, we expect the corrct result is:
-------A---------N- /mnt/f2fs/file
The reason is we didn't recover inode.i_flags field during mount,
fix it.
Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/recovery.c | 1 +
1 file changed, 1 insertion(+)
--- a/fs/f2fs/recovery.c
+++ b/fs/f2fs/recovery.c
@@ -221,6 +221,7 @@ static void recover_inode(struct inode *
inode->i_mtime.tv_nsec = le32_to_cpu(raw->i_mtime_nsec);
F2FS_I(inode)->i_advise = raw->i_advise;
+ F2FS_I(inode)->i_flags = le32_to_cpu(raw->i_flags);
recover_inline_flags(inode, raw);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 169/361] PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (167 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 168/361] f2fs: fix to recover inodes i_flags " Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 170/361] coresight: etb10: Fix handling of perf mode Greg Kroah-Hartman
` (194 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tonghao Zhang, Bjorn Helgaas, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tonghao Zhang <xiangxia.m.yue@gmail.com>
[ Upstream commit 4c1ef72e9b71a19fb405ebfcd37c0a5e16fa44ca ]
It is a serious driver defect to enable MSI or MSI-X more than once. Doing
so may panic the kernel as in the stack trace below:
Call Trace:
sysfs_add_one+0xa5/0xd0
create_dir+0x7c/0xe0
sysfs_create_subdir+0x1c/0x20
internal_create_group+0x6d/0x290
sysfs_create_groups+0x4a/0xa0
populate_msi_sysfs+0x1cd/0x210
pci_enable_msix+0x31c/0x3e0
igbuio_pci_open+0x72/0x300 [igb_uio]
uio_open+0xcc/0x120 [uio]
chrdev_open+0xa1/0x1e0
[...]
do_sys_open+0xf3/0x1f0
SyS_open+0x1e/0x20
system_call_fastpath+0x16/0x1b
---[ end trace 11042e2848880209 ]---
Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ffffffffa056b4fa
We want to keep the WARN_ON() and stack trace so the driver can be fixed,
but we can avoid the kernel panic by returning an error. We may still get
warnings like this:
Call Trace:
pci_enable_msix+0x3c9/0x3e0
igbuio_pci_open+0x72/0x300 [igb_uio]
uio_open+0xcc/0x120 [uio]
chrdev_open+0xa1/0x1e0
[...]
do_sys_open+0xf3/0x1f0
SyS_open+0x1e/0x20
system_call_fastpath+0x16/0x1b
------------[ cut here ]------------
WARNING: at fs/sysfs/dir.c:526 sysfs_add_one+0xa5/0xd0()
sysfs: cannot create duplicate filename '/devices/pci0000:00/0000:00:03.0/0000:01:00.1/msi_irqs'
Signed-off-by: Tonghao Zhang <xiangxia.m.yue@gmail.com>
[bhelgaas: changelog, fix patch whitespace, remove !!]
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/msi.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
--- a/drivers/pci/msi.c
+++ b/drivers/pci/msi.c
@@ -958,7 +958,6 @@ static int __pci_enable_msix(struct pci_
}
}
}
- WARN_ON(!!dev->msix_enabled);
/* Check whether driver already requested for MSI irq */
if (dev->msi_enabled) {
@@ -1028,8 +1027,6 @@ static int __pci_enable_msi_range(struct
if (!pci_msi_supported(dev, minvec))
return -EINVAL;
- WARN_ON(!!dev->msi_enabled);
-
/* Check whether driver already requested MSI-X irqs */
if (dev->msix_enabled) {
pci_info(dev, "can't enable MSI (MSI-X already enabled)\n");
@@ -1039,6 +1036,9 @@ static int __pci_enable_msi_range(struct
if (maxvec < minvec)
return -ERANGE;
+ if (WARN_ON_ONCE(dev->msi_enabled))
+ return -EINVAL;
+
nvec = pci_msi_vec_count(dev);
if (nvec < 0)
return nvec;
@@ -1087,6 +1087,9 @@ static int __pci_enable_msix_range(struc
if (maxvec < minvec)
return -ERANGE;
+ if (WARN_ON_ONCE(dev->msix_enabled))
+ return -EINVAL;
+
for (;;) {
if (affd) {
nvec = irq_calc_affinity_vectors(minvec, nvec, affd);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 170/361] coresight: etb10: Fix handling of perf mode
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (168 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 169/361] PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 171/361] PCI: dwc: pci-dra7xx: Enable errata i870 for both EP and RC mode Greg Kroah-Hartman
` (193 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mathieu Poirier, Suzuki K Poulose,
Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Suzuki K Poulose <suzuki.poulose@arm.com>
[ Upstream commit 987d1e8dcd370d96029a3d76a0031b043c4a69ae ]
If the ETB is already enabled in sysfs mode, the ETB reports
success even if a perf mode is requested. Fix this by checking
the requested mode.
Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hwtracing/coresight/coresight-etb10.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/hwtracing/coresight/coresight-etb10.c
+++ b/drivers/hwtracing/coresight/coresight-etb10.c
@@ -147,6 +147,10 @@ static int etb_enable(struct coresight_d
if (val == CS_MODE_PERF)
return -EBUSY;
+ /* Don't let perf disturb sysFS sessions */
+ if (val == CS_MODE_SYSFS && mode == CS_MODE_PERF)
+ return -EBUSY;
+
/* Nothing to do, the tracer is already enabled. */
if (val == CS_MODE_SYSFS)
goto out;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 171/361] PCI: dwc: pci-dra7xx: Enable errata i870 for both EP and RC mode
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (169 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 170/361] coresight: etb10: Fix handling of perf mode Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 172/361] crypto: caam - fix implicit casts in endianness helpers Greg Kroah-Hartman
` (192 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chris Welch, Vignesh R,
Lorenzo Pieralisi, Kishon Vijay Abraham I, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vignesh R <vigneshr@ti.com>
[ Upstream commit 726d75a6d243bf6730da3216f3592503f6f0f588 ]
Errata i870 is applicable in both EP and RC mode. Therefore rename
function dra7xx_pcie_ep_unaligned_memaccess(), that implements errata
workaround, to dra7xx_pcie_unaligned_memaccess() and call it for both RC
and EP. Make sure driver probe does not fail in case the workaround is not
applied for RC mode in order to maintain DT backward compatibility.
Reported-by: Chris Welch <Chris.Welch@viavisolutions.com>
Signed-off-by: Vignesh R <vigneshr@ti.com>
[lorenzo.pieralisi@arm.com: reworded the log]
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Acked-by: Kishon Vijay Abraham I <kishon@ti.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/controller/dwc/pci-dra7xx.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
--- a/drivers/pci/controller/dwc/pci-dra7xx.c
+++ b/drivers/pci/controller/dwc/pci-dra7xx.c
@@ -542,7 +542,7 @@ static const struct of_device_id of_dra7
};
/*
- * dra7xx_pcie_ep_unaligned_memaccess: workaround for AM572x/AM571x Errata i870
+ * dra7xx_pcie_unaligned_memaccess: workaround for AM572x/AM571x Errata i870
* @dra7xx: the dra7xx device where the workaround should be applied
*
* Access to the PCIe slave port that are not 32-bit aligned will result
@@ -552,7 +552,7 @@ static const struct of_device_id of_dra7
*
* To avoid this issue set PCIE_SS1_AXI2OCP_LEGACY_MODE_ENABLE to 1.
*/
-static int dra7xx_pcie_ep_unaligned_memaccess(struct device *dev)
+static int dra7xx_pcie_unaligned_memaccess(struct device *dev)
{
int ret;
struct device_node *np = dev->of_node;
@@ -704,6 +704,11 @@ static int __init dra7xx_pcie_probe(stru
dra7xx_pcie_writel(dra7xx, PCIECTRL_TI_CONF_DEVICE_TYPE,
DEVICE_TYPE_RC);
+
+ ret = dra7xx_pcie_unaligned_memaccess(dev);
+ if (ret)
+ dev_err(dev, "WA for Errata i870 not applied\n");
+
ret = dra7xx_add_pcie_port(dra7xx, pdev);
if (ret < 0)
goto err_gpio;
@@ -717,7 +722,7 @@ static int __init dra7xx_pcie_probe(stru
dra7xx_pcie_writel(dra7xx, PCIECTRL_TI_CONF_DEVICE_TYPE,
DEVICE_TYPE_EP);
- ret = dra7xx_pcie_ep_unaligned_memaccess(dev);
+ ret = dra7xx_pcie_unaligned_memaccess(dev);
if (ret)
goto err_gpio;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 172/361] crypto: caam - fix implicit casts in endianness helpers
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (170 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 171/361] PCI: dwc: pci-dra7xx: Enable errata i870 for both EP and RC mode Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 173/361] usb: chipidea: Prevent unbalanced IRQ disable Greg Kroah-Hartman
` (191 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kbuild test robot, Horia Geantă,
Herbert Xu, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Horia Geantă" <horia.geanta@nxp.com>
[ Upstream commit aae733a3f46f5ef338fbdde26e14cbb205a23de0 ]
Fix the following sparse endianness warnings:
drivers/crypto/caam/regs.h:95:1: sparse: incorrect type in return expression (different base types) @@ expected unsigned int @@ got restricted __le32unsigned int @@
drivers/crypto/caam/regs.h:95:1: expected unsigned int
drivers/crypto/caam/regs.h:95:1: got restricted __le32 [usertype] <noident>
drivers/crypto/caam/regs.h:95:1: sparse: incorrect type in return expression (different base types) @@ expected unsigned int @@ got restricted __be32unsigned int @@
drivers/crypto/caam/regs.h:95:1: expected unsigned int
drivers/crypto/caam/regs.h:95:1: got restricted __be32 [usertype] <noident>
drivers/crypto/caam/regs.h:92:1: sparse: cast to restricted __le32
drivers/crypto/caam/regs.h:92:1: sparse: cast to restricted __be32
Fixes: 261ea058f016 ("crypto: caam - handle core endianness != caam endianness")
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/crypto/caam/regs.h | 28 ++++++++++++++--------------
1 file changed, 14 insertions(+), 14 deletions(-)
--- a/drivers/crypto/caam/regs.h
+++ b/drivers/crypto/caam/regs.h
@@ -70,22 +70,22 @@
extern bool caam_little_end;
extern bool caam_imx;
-#define caam_to_cpu(len) \
-static inline u##len caam##len ## _to_cpu(u##len val) \
-{ \
- if (caam_little_end) \
- return le##len ## _to_cpu(val); \
- else \
- return be##len ## _to_cpu(val); \
+#define caam_to_cpu(len) \
+static inline u##len caam##len ## _to_cpu(u##len val) \
+{ \
+ if (caam_little_end) \
+ return le##len ## _to_cpu((__force __le##len)val); \
+ else \
+ return be##len ## _to_cpu((__force __be##len)val); \
}
-#define cpu_to_caam(len) \
-static inline u##len cpu_to_caam##len(u##len val) \
-{ \
- if (caam_little_end) \
- return cpu_to_le##len(val); \
- else \
- return cpu_to_be##len(val); \
+#define cpu_to_caam(len) \
+static inline u##len cpu_to_caam##len(u##len val) \
+{ \
+ if (caam_little_end) \
+ return (__force u##len)cpu_to_le##len(val); \
+ else \
+ return (__force u##len)cpu_to_be##len(val); \
}
caam_to_cpu(16)
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 173/361] usb: chipidea: Prevent unbalanced IRQ disable
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (171 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 172/361] crypto: caam - fix implicit casts in endianness helpers Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 174/361] Smack: ptrace capability use fixes Greg Kroah-Hartman
` (190 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Loic Poulain, Peter Chen, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Loic Poulain <loic.poulain@linaro.org>
[ Upstream commit 8b97d73c4d72a2abf58f8e49062a7ee1e5f1334e ]
The ChipIdea IRQ is disabled before scheduling the otg work and
re-enabled on otg work completion. However if the job is already
scheduled we have to undo the effect of disable_irq int order to
balance the IRQ disable-depth value.
Fixes: be6b0c1bd0be ("usb: chipidea: using one inline function to cover queue work operations")
Signed-off-by: Loic Poulain <loic.poulain@linaro.org>
Signed-off-by: Peter Chen <peter.chen@nxp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/chipidea/otg.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/usb/chipidea/otg.h
+++ b/drivers/usb/chipidea/otg.h
@@ -17,7 +17,8 @@ void ci_handle_vbus_change(struct ci_hdr
static inline void ci_otg_queue_work(struct ci_hdrc *ci)
{
disable_irq_nosync(ci->irq);
- queue_work(ci->wq, &ci->work);
+ if (queue_work(ci->wq, &ci->work) == false)
+ enable_irq(ci->irq);
}
#endif /* __DRIVERS_USB_CHIPIDEA_OTG_H */
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 174/361] Smack: ptrace capability use fixes
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (172 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 173/361] usb: chipidea: Prevent unbalanced IRQ disable Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 175/361] driver/dma/ioat: Call del_timer_sync() without holding prep_lock Greg Kroah-Hartman
` (189 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Casey Schaufler, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Casey Schaufler <casey.schaufler@intel.com>
[ Upstream commit dcb569cf6ac99ca899b8109c128b6ae52477a015 ]
This fixes a pair of problems in the Smack ptrace checks
related to checking capabilities. In both cases, as reported
by Lukasz Pawelczyk, the raw capability calls are used rather
than the Smack wrapper that check addition restrictions.
In one case, as reported by Jann Horn, the wrong task is being
checked for capabilities.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
security/smack/smack_lsm.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -421,6 +421,7 @@ static int smk_ptrace_rule_check(struct
struct smk_audit_info ad, *saip = NULL;
struct task_smack *tsp;
struct smack_known *tracer_known;
+ const struct cred *tracercred;
if ((mode & PTRACE_MODE_NOAUDIT) == 0) {
smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK);
@@ -429,7 +430,8 @@ static int smk_ptrace_rule_check(struct
}
rcu_read_lock();
- tsp = __task_cred(tracer)->security;
+ tracercred = __task_cred(tracer);
+ tsp = tracercred->security;
tracer_known = smk_of_task(tsp);
if ((mode & PTRACE_MODE_ATTACH) &&
@@ -439,7 +441,7 @@ static int smk_ptrace_rule_check(struct
rc = 0;
else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)
rc = -EACCES;
- else if (capable(CAP_SYS_PTRACE))
+ else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred))
rc = 0;
else
rc = -EACCES;
@@ -1841,6 +1843,7 @@ static int smack_file_send_sigiotask(str
{
struct smack_known *skp;
struct smack_known *tkp = smk_of_task(tsk->cred->security);
+ const struct cred *tcred;
struct file *file;
int rc;
struct smk_audit_info ad;
@@ -1854,8 +1857,12 @@ static int smack_file_send_sigiotask(str
skp = file->f_security;
rc = smk_access(skp, tkp, MAY_DELIVER, NULL);
rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc);
- if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE))
+
+ rcu_read_lock();
+ tcred = __task_cred(tsk);
+ if (rc != 0 && smack_privileged_cred(CAP_MAC_OVERRIDE, tcred))
rc = 0;
+ rcu_read_unlock();
smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
smk_ad_setfield_u_tsk(&ad, tsk);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 175/361] driver/dma/ioat: Call del_timer_sync() without holding prep_lock
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (173 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 174/361] Smack: ptrace capability use fixes Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 176/361] ASoC: AMD: Fix capture unstable in beginning for some runs Greg Kroah-Hartman
` (188 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Waiman Long, Dave Jiang, Vinod Koul,
Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Waiman Long <longman@redhat.com>
[ Upstream commit cfb03be6c7e8a1591285849c361d67b09f5149f7 ]
The following lockdep splat was observed:
[ 1222.241750] ======================================================
[ 1222.271301] WARNING: possible circular locking dependency detected
[ 1222.301060] 4.16.0-10.el8+5.x86_64+debug #1 Not tainted
[ 1222.326659] ------------------------------------------------------
[ 1222.356565] systemd-shutdow/1 is trying to acquire lock:
[ 1222.382660] ((&ioat_chan->timer)){+.-.}, at: [<00000000f71e1a28>] del_timer_sync+0x5/0xf0
[ 1222.422928]
[ 1222.422928] but task is already holding lock:
[ 1222.451743] (&(&ioat_chan->prep_lock)->rlock){+.-.}, at: [<000000008ea98b12>] ioat_shutdown+0x86/0x100 [ioatdma]
:
[ 1223.524987] Chain exists of:
[ 1223.524987] (&ioat_chan->timer) --> &(&ioat_chan->cleanup_lock)->rlock --> &(&ioat_chan->prep_lock)->rlock
[ 1223.524987]
[ 1223.594082] Possible unsafe locking scenario:
[ 1223.594082]
[ 1223.622630] CPU0 CPU1
[ 1223.645080] ---- ----
[ 1223.667404] lock(&(&ioat_chan->prep_lock)->rlock);
[ 1223.691535] lock(&(&ioat_chan->cleanup_lock)->rlock);
[ 1223.728657] lock(&(&ioat_chan->prep_lock)->rlock);
[ 1223.765122] lock((&ioat_chan->timer));
[ 1223.784095]
[ 1223.784095] *** DEADLOCK ***
[ 1223.784095]
[ 1223.813492] 4 locks held by systemd-shutdow/1:
[ 1223.834677] #0: (reboot_mutex){+.+.}, at: [<0000000056d33456>] SYSC_reboot+0x10f/0x300
[ 1223.873310] #1: (&dev->mutex){....}, at: [<00000000258dfdd7>] device_shutdown+0x1c8/0x660
[ 1223.913604] #2: (&dev->mutex){....}, at: [<0000000068331147>] device_shutdown+0x1d6/0x660
[ 1223.954000] #3: (&(&ioat_chan->prep_lock)->rlock){+.-.}, at: [<000000008ea98b12>] ioat_shutdown+0x86/0x100 [ioatdma]
In the ioat_shutdown() function:
spin_lock_bh(&ioat_chan->prep_lock);
set_bit(IOAT_CHAN_DOWN, &ioat_chan->state);
del_timer_sync(&ioat_chan->timer);
spin_unlock_bh(&ioat_chan->prep_lock);
According to the synchronization rule for the del_timer_sync() function,
the caller must not hold locks which would prevent completion of the
timer's handler.
The timer structure has its own lock that manages its synchronization.
Setting the IOAT_CHAN_DOWN bit should prevent other CPUs from
trying to use that device anyway, there is probably no need to call
del_timer_sync() while holding the prep_lock. So the del_timer_sync()
call is now moved outside of the prep_lock critical section to prevent
the circular lock dependency.
Signed-off-by: Waiman Long <longman@redhat.com>
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/dma/ioat/init.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
--- a/drivers/dma/ioat/init.c
+++ b/drivers/dma/ioat/init.c
@@ -1205,8 +1205,15 @@ static void ioat_shutdown(struct pci_dev
spin_lock_bh(&ioat_chan->prep_lock);
set_bit(IOAT_CHAN_DOWN, &ioat_chan->state);
- del_timer_sync(&ioat_chan->timer);
spin_unlock_bh(&ioat_chan->prep_lock);
+ /*
+ * Synchronization rule for del_timer_sync():
+ * - The caller must not hold locks which would prevent
+ * completion of the timer's handler.
+ * So prep_lock cannot be held before calling it.
+ */
+ del_timer_sync(&ioat_chan->timer);
+
/* this should quiesce then reset */
ioat_reset_hw(ioat_chan);
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 176/361] ASoC: AMD: Fix capture unstable in beginning for some runs
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (174 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 175/361] driver/dma/ioat: Call del_timer_sync() without holding prep_lock Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 177/361] firmware: coreboot: Unmap ioregion after device population Greg Kroah-Hartman
` (187 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Akshu Agrawal, Mark Brown, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Akshu Agrawal <akshu.agrawal@amd.com>
[ Upstream commit c50535ed6a10fcae1b64ae83c0f6b1eeb5535afc ]
alsa_conformance_test -C hw:0,4 -p 1024 --debug
would sometime show:
TIME_DIFF(s) HW_LEVEL READ RATE
0.000095970 1024 1024 10670001.041992
0.042609555 1024 2048 24032.168372
0.021330364 1024 3072 48006.681930
0.021339559 1024 4096 47985.996337
The issue is that in dma pointer function we can have stale value
of the register for current descriptor of channel.
The register retains the number of the last descriptor that
was transferred.
Fix ensures that we report position, 0, till the one period worth of
data is transferred. After one period of data, in handler of period
completion interrupt we update the config and correct value of descriptor
starts reflecting.
Signed-off-by: Akshu Agrawal <akshu.agrawal@amd.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/soc/amd/acp-pcm-dma.c | 22 ++++++++++++++--------
1 file changed, 14 insertions(+), 8 deletions(-)
--- a/sound/soc/amd/acp-pcm-dma.c
+++ b/sound/soc/amd/acp-pcm-dma.c
@@ -1036,16 +1036,22 @@ static snd_pcm_uframes_t acp_dma_pointer
if (substream->stream == SNDRV_PCM_STREAM_CAPTURE) {
period_bytes = frames_to_bytes(runtime, runtime->period_size);
- dscr = acp_reg_read(rtd->acp_mmio, rtd->dma_curr_dscr);
- if (dscr == rtd->dma_dscr_idx_1)
- pos = period_bytes;
- else
- pos = 0;
bytescount = acp_get_byte_count(rtd);
- if (bytescount > rtd->bytescount)
+ if (bytescount >= rtd->bytescount)
bytescount -= rtd->bytescount;
- delay = do_div(bytescount, period_bytes);
- runtime->delay = bytes_to_frames(runtime, delay);
+ if (bytescount < period_bytes) {
+ pos = 0;
+ } else {
+ dscr = acp_reg_read(rtd->acp_mmio, rtd->dma_curr_dscr);
+ if (dscr == rtd->dma_dscr_idx_1)
+ pos = period_bytes;
+ else
+ pos = 0;
+ }
+ if (bytescount > 0) {
+ delay = do_div(bytescount, period_bytes);
+ runtime->delay = bytes_to_frames(runtime, delay);
+ }
} else {
buffersize = frames_to_bytes(runtime, runtime->buffer_size);
bytescount = acp_get_byte_count(rtd);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 177/361] firmware: coreboot: Unmap ioregion after device population
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (175 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 176/361] ASoC: AMD: Fix capture unstable in beginning for some runs Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 178/361] IB/ipoib: Use dev_port to expose network interface port numbers Greg Kroah-Hartman
` (186 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wei-Ning Huang, Julius Werner,
Brian Norris, Samuel Holland, Stephen Boyd, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stephen Boyd <swboyd@chromium.org>
[ Upstream commit 20edec388277b62ddfddb8b2b376a937a2cd6d1b ]
Both callers of coreboot_table_init() ioremap the pointer that comes in
but they don't unmap the memory on failure. Both of them also fail probe
immediately with the return value of coreboot_table_init(), leaking a
mapping when it fails. The mapping isn't necessary at all after devices
are populated either, so we can just drop the mapping here when we exit
the function. Let's do that to simplify the code a bit and plug the leak.
Cc: Wei-Ning Huang <wnhuang@chromium.org>
Cc: Julius Werner <jwerner@chromium.org>
Cc: Brian Norris <briannorris@chromium.org>
Cc: Samuel Holland <samuel@sholland.org>
Fixes: 570d30c2823f ("firmware: coreboot: Expose the coreboot table as a bus")
Signed-off-by: Stephen Boyd <swboyd@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/firmware/google/coreboot_table.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
--- a/drivers/firmware/google/coreboot_table.c
+++ b/drivers/firmware/google/coreboot_table.c
@@ -110,7 +110,8 @@ int coreboot_table_init(struct device *d
if (strncmp(header.signature, "LBIO", sizeof(header.signature))) {
pr_warn("coreboot_table: coreboot table missing or corrupt!\n");
- return -ENODEV;
+ ret = -ENODEV;
+ goto out;
}
ptr_entry = (void *)ptr_header + header.header_bytes;
@@ -137,7 +138,8 @@ int coreboot_table_init(struct device *d
ptr_entry += entry.size;
}
-
+out:
+ iounmap(ptr);
return ret;
}
EXPORT_SYMBOL(coreboot_table_init);
@@ -146,7 +148,6 @@ int coreboot_table_exit(void)
{
if (ptr_header) {
bus_unregister(&coreboot_bus_type);
- iounmap(ptr_header);
ptr_header = NULL;
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 178/361] IB/ipoib: Use dev_port to expose network interface port numbers
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (176 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 177/361] firmware: coreboot: Unmap ioregion after device population Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 179/361] IB/mlx5: Allow transition of DCI QP to reset Greg Kroah-Hartman
` (185 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arseny Maslennikov, Doug Ledford,
Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arseny Maslennikov <ar@cs.msu.ru>
[ Upstream commit 9b8b2a323008aedd39a8debb861b825707f01420 ]
Some InfiniBand network devices have multiple ports on the same PCI
function. This initializes the `dev_port' sysfs field of those
network interfaces with their port number.
Prior to this the kernel erroneously used the `dev_id' sysfs
field of those network interfaces to convey the port number to userspace.
The use of `dev_id' was considered correct until Linux 3.15,
when another field, `dev_port', was defined for this particular
purpose and `dev_id' was reserved for distinguishing stacked ifaces
(e.g: VLANs) with the same hardware address as their parent device.
Similar fixes to net/mlx4_en and many other drivers, which started
exporting this information through `dev_id' before 3.15, were accepted
into the kernel 4 years ago.
See 76a066f2a2a0 (`net/mlx4_en: Expose port number through sysfs').
Signed-off-by: Arseny Maslennikov <ar@cs.msu.ru>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/ulp/ipoib/ipoib_main.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/infiniband/ulp/ipoib/ipoib_main.c
+++ b/drivers/infiniband/ulp/ipoib/ipoib_main.c
@@ -1880,6 +1880,8 @@ static int ipoib_parent_init(struct net_
sizeof(union ib_gid));
SET_NETDEV_DEV(priv->dev, priv->ca->dev.parent);
+ priv->dev->dev_port = priv->port - 1;
+ /* Let's set this one too for backwards compatibility. */
priv->dev->dev_id = priv->port - 1;
return 0;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 179/361] IB/mlx5: Allow transition of DCI QP to reset
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (177 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 178/361] IB/ipoib: Use dev_port to expose network interface port numbers Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 180/361] uio: ensure class is registered before devices Greg Kroah-Hartman
` (184 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Moni Shoua, Artemy Kovalyov,
Leon Romanovsky, Jason Gunthorpe, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Moni Shoua <monis@mellanox.com>
[ Upstream commit 99ed748e878a99c6c7b87bbec063eefd9e47cb42 ]
The transition is allowed from any state and the atrribute mask must be
IB_QP_STATE.
Fixes: c32a4f296e1d ("IB/mlx5: Add support for DC Initiator QP")
Signed-off-by: Moni Shoua <monis@mellanox.com>
Reviewed-by: Artemy Kovalyov <artemyko@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/hw/mlx5/qp.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/infiniband/hw/mlx5/qp.c
+++ b/drivers/infiniband/hw/mlx5/qp.c
@@ -3243,7 +3243,9 @@ static bool modify_dci_qp_is_ok(enum ib_
int req = IB_QP_STATE;
int opt = 0;
- if (cur_state == IB_QPS_RESET && new_state == IB_QPS_INIT) {
+ if (new_state == IB_QPS_RESET) {
+ return is_valid_mask(attr_mask, req, opt);
+ } else if (cur_state == IB_QPS_RESET && new_state == IB_QPS_INIT) {
req |= IB_QP_PKEY_INDEX | IB_QP_PORT;
return is_valid_mask(attr_mask, req, opt);
} else if (cur_state == IB_QPS_INIT && new_state == IB_QPS_INIT) {
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 180/361] uio: ensure class is registered before devices
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (178 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 179/361] IB/mlx5: Allow transition of DCI QP to reset Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 181/361] scsi: lpfc: Correct soft lockup when running mds diagnostics Greg Kroah-Hartman
` (183 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alexandre Belloni, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexandre Belloni <alexandre.belloni@bootlin.com>
[ Upstream commit ae61cf5b9913027c6953a79ed3894da4f47061bd ]
When both uio and the uio drivers are built in the kernel, it is possible
for a driver to register devices before the uio class is registered.
This may result in a NULL pointer dereference later on in
get_device_parent() when accessing the class glue_dirs spinlock.
The trace looks like that:
Unable to handle kernel NULL pointer dereference at virtual address 00000140
[...]
[<ffff0000089cc234>] _raw_spin_lock+0x14/0x48
[<ffff0000084f56bc>] device_add+0x154/0x6a0
[<ffff0000084f5e48>] device_create_groups_vargs+0x120/0x128
[<ffff0000084f5edc>] device_create+0x54/0x60
[<ffff0000086e72c0>] __uio_register_device+0x120/0x4a8
[<ffff000008528b7c>] jaguar2_pci_probe+0x2d4/0x558
[<ffff0000083fc18c>] local_pci_probe+0x3c/0xb8
[<ffff0000083fd81c>] pci_device_probe+0x11c/0x180
[<ffff0000084f88bc>] driver_probe_device+0x22c/0x2d8
[<ffff0000084f8a24>] __driver_attach+0xbc/0xc0
[<ffff0000084f69fc>] bus_for_each_dev+0x4c/0x98
[<ffff0000084f81b8>] driver_attach+0x20/0x28
[<ffff0000084f7d08>] bus_add_driver+0x1b8/0x228
[<ffff0000084f93c0>] driver_register+0x60/0xf8
[<ffff0000083fb918>] __pci_register_driver+0x40/0x48
Return EPROBE_DEFER in that case so the driver can register the device
later.
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/uio/uio.c | 9 +++++++++
1 file changed, 9 insertions(+)
--- a/drivers/uio/uio.c
+++ b/drivers/uio/uio.c
@@ -274,6 +274,8 @@ static struct class uio_class = {
.dev_groups = uio_groups,
};
+bool uio_class_registered;
+
/*
* device functions
*/
@@ -876,6 +878,9 @@ static int init_uio_class(void)
printk(KERN_ERR "class_register failed for uio\n");
goto err_class_register;
}
+
+ uio_class_registered = true;
+
return 0;
err_class_register:
@@ -886,6 +891,7 @@ exit:
static void release_uio_class(void)
{
+ uio_class_registered = false;
class_unregister(&uio_class);
uio_major_cleanup();
}
@@ -912,6 +918,9 @@ int __uio_register_device(struct module
struct uio_device *idev;
int ret = 0;
+ if (!uio_class_registered)
+ return -EPROBE_DEFER;
+
if (!parent || !info || !info->name || !info->version)
return -EINVAL;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 181/361] scsi: lpfc: Correct soft lockup when running mds diagnostics
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (179 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 180/361] uio: ensure class is registered before devices Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 182/361] scsi: lpfc: Correct race with abort on completion path Greg Kroah-Hartman
` (182 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dick Kennedy, James Smart,
Martin K. Petersen, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: James Smart <jsmart2021@gmail.com>
[ Upstream commit 0ef01a2d95fd62bb4f536e7ce4d5e8e74b97a244 ]
When running an mds diagnostic that passes frames with the switch, soft
lockups are detected. The driver is in a CQE processing loop and has
sufficient amount of traffic that it never exits the ring processing routine,
thus the "lockup".
Cap the number of elements in the work processing routine to 64 elements. This
ensures that the cpu will be given up and the handler reschedule to process
additional items.
Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <james.smart@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/lpfc/lpfc_sli.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/drivers/scsi/lpfc/lpfc_sli.c
+++ b/drivers/scsi/lpfc/lpfc_sli.c
@@ -3797,6 +3797,7 @@ lpfc_sli_handle_slow_ring_event_s4(struc
struct hbq_dmabuf *dmabuf;
struct lpfc_cq_event *cq_event;
unsigned long iflag;
+ int count = 0;
spin_lock_irqsave(&phba->hbalock, iflag);
phba->hba_flag &= ~HBA_SP_QUEUE_EVT;
@@ -3818,16 +3819,22 @@ lpfc_sli_handle_slow_ring_event_s4(struc
if (irspiocbq)
lpfc_sli_sp_handle_rspiocb(phba, pring,
irspiocbq);
+ count++;
break;
case CQE_CODE_RECEIVE:
case CQE_CODE_RECEIVE_V1:
dmabuf = container_of(cq_event, struct hbq_dmabuf,
cq_event);
lpfc_sli4_handle_received_buffer(phba, dmabuf);
+ count++;
break;
default:
break;
}
+
+ /* Limit the number of events to 64 to avoid soft lockups */
+ if (count == 64)
+ break;
}
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 182/361] scsi: lpfc: Correct race with abort on completion path
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (180 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 181/361] scsi: lpfc: Correct soft lockup when running mds diagnostics Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 183/361] f2fs: avoid sleeping under spin_lock Greg Kroah-Hartman
` (181 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dick Kennedy, James Smart,
Martin K. Petersen, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: James Smart <jsmart2021@gmail.com>
[ Upstream commit ca7fb76e091f889cfda1287c07a9358f73832b39 ]
On io completion, the driver is taking an adapter wide lock and nulling the
scsi command back pointer. The nulling of the back pointer is to signify the
io was completed and the scsi_done() routine was called. However, the routine
makes no check to see if the abort routine had done the same thing and
possibly nulled the pointer. Thus it may doubly-complete the io.
Make the following mods:
- Check to make sure forward progress (call scsi_done()) only happens if the
command pointer was non-null.
- As the taking of the lock, which is adapter wide, is very costly on a system
under load, null the pointer using an xchg operation rather than under lock.
Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <james.smart@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/lpfc/lpfc_scsi.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
--- a/drivers/scsi/lpfc/lpfc_scsi.c
+++ b/drivers/scsi/lpfc/lpfc_scsi.c
@@ -4158,9 +4158,17 @@ lpfc_scsi_cmd_iocb_cmpl(struct lpfc_hba
}
lpfc_scsi_unprep_dma_buf(phba, lpfc_cmd);
- spin_lock_irqsave(&phba->hbalock, flags);
- lpfc_cmd->pCmd = NULL;
- spin_unlock_irqrestore(&phba->hbalock, flags);
+ /* If pCmd was set to NULL from abort path, do not call scsi_done */
+ if (xchg(&lpfc_cmd->pCmd, NULL) == NULL) {
+ lpfc_printf_vlog(vport, KERN_INFO, LOG_FCP,
+ "0711 FCP cmd already NULL, sid: 0x%06x, "
+ "did: 0x%06x, oxid: 0x%04x\n",
+ vport->fc_myDID,
+ (pnode) ? pnode->nlp_DID : 0,
+ phba->sli_rev == LPFC_SLI_REV4 ?
+ lpfc_cmd->cur_iocbq.sli4_xritag : 0xffff);
+ return;
+ }
/* The sdev is not guaranteed to be valid post scsi_done upcall. */
cmd->scsi_done(cmd);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 183/361] f2fs: avoid sleeping under spin_lock
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (181 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 182/361] scsi: lpfc: Correct race with abort on completion path Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 184/361] f2fs: report error if quota off error during umount Greg Kroah-Hartman
` (180 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhikang Zhang, Chao Yu, Jaegeuk Kim,
Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zhikang Zhang <zhangzhikang1@huawei.com>
[ Upstream commit b430f7263673eab1dc40e662ae3441a9619d16b8 ]
In the call trace below, we might sleep in function dput().
So in order to avoid sleeping under spin_lock, we remove f2fs_mark_inode_dirty_sync
from __try_update_largest_extent && __drop_largest_extent.
BUG: sleeping function called from invalid context at fs/dcache.c:796
Call trace:
dump_backtrace+0x0/0x3f4
show_stack+0x24/0x30
dump_stack+0xe0/0x138
___might_sleep+0x2a8/0x2c8
__might_sleep+0x78/0x10c
dput+0x7c/0x750
block_dump___mark_inode_dirty+0x120/0x17c
__mark_inode_dirty+0x344/0x11f0
f2fs_mark_inode_dirty_sync+0x40/0x50
__insert_extent_tree+0x2e0/0x2f4
f2fs_update_extent_tree_range+0xcf4/0xde8
f2fs_update_extent_cache+0x114/0x12c
f2fs_update_data_blkaddr+0x40/0x50
write_data_page+0x150/0x314
do_write_data_page+0x648/0x2318
__write_data_page+0xdb4/0x1640
f2fs_write_cache_pages+0x768/0xafc
__f2fs_write_data_pages+0x590/0x1218
f2fs_write_data_pages+0x64/0x74
do_writepages+0x74/0xe4
__writeback_single_inode+0xdc/0x15f0
writeback_sb_inodes+0x574/0xc98
__writeback_inodes_wb+0x190/0x204
wb_writeback+0x730/0xf14
wb_check_old_data_flush+0x1bc/0x1c8
wb_workfn+0x554/0xf74
process_one_work+0x440/0x118c
worker_thread+0xac/0x974
kthread+0x1a0/0x1c8
ret_from_fork+0x10/0x1c
Signed-off-by: Zhikang Zhang <zhangzhikang1@huawei.com>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/extent_cache.c | 51 ++++++++++++++++++++++++++++++-------------------
fs/f2fs/f2fs.h | 7 +++---
2 files changed, 36 insertions(+), 22 deletions(-)
--- a/fs/f2fs/extent_cache.c
+++ b/fs/f2fs/extent_cache.c
@@ -308,14 +308,13 @@ static unsigned int __free_extent_tree(s
return count - atomic_read(&et->node_cnt);
}
-static void __drop_largest_extent(struct inode *inode,
+static void __drop_largest_extent(struct extent_tree *et,
pgoff_t fofs, unsigned int len)
{
- struct extent_info *largest = &F2FS_I(inode)->extent_tree->largest;
-
- if (fofs < largest->fofs + largest->len && fofs + len > largest->fofs) {
- largest->len = 0;
- f2fs_mark_inode_dirty_sync(inode, true);
+ if (fofs < et->largest.fofs + et->largest.len &&
+ fofs + len > et->largest.fofs) {
+ et->largest.len = 0;
+ et->largest_updated = true;
}
}
@@ -416,12 +415,11 @@ out:
return ret;
}
-static struct extent_node *__try_merge_extent_node(struct inode *inode,
+static struct extent_node *__try_merge_extent_node(struct f2fs_sb_info *sbi,
struct extent_tree *et, struct extent_info *ei,
struct extent_node *prev_ex,
struct extent_node *next_ex)
{
- struct f2fs_sb_info *sbi = F2FS_I_SB(inode);
struct extent_node *en = NULL;
if (prev_ex && __is_back_mergeable(ei, &prev_ex->ei)) {
@@ -443,7 +441,7 @@ static struct extent_node *__try_merge_e
if (!en)
return NULL;
- __try_update_largest_extent(inode, et, en);
+ __try_update_largest_extent(et, en);
spin_lock(&sbi->extent_lock);
if (!list_empty(&en->list)) {
@@ -454,12 +452,11 @@ static struct extent_node *__try_merge_e
return en;
}
-static struct extent_node *__insert_extent_tree(struct inode *inode,
+static struct extent_node *__insert_extent_tree(struct f2fs_sb_info *sbi,
struct extent_tree *et, struct extent_info *ei,
struct rb_node **insert_p,
struct rb_node *insert_parent)
{
- struct f2fs_sb_info *sbi = F2FS_I_SB(inode);
struct rb_node **p;
struct rb_node *parent = NULL;
struct extent_node *en = NULL;
@@ -476,7 +473,7 @@ do_insert:
if (!en)
return NULL;
- __try_update_largest_extent(inode, et, en);
+ __try_update_largest_extent(et, en);
/* update in global extent list */
spin_lock(&sbi->extent_lock);
@@ -497,6 +494,7 @@ static void f2fs_update_extent_tree_rang
struct rb_node **insert_p = NULL, *insert_parent = NULL;
unsigned int end = fofs + len;
unsigned int pos = (unsigned int)fofs;
+ bool updated = false;
if (!et)
return;
@@ -517,7 +515,7 @@ static void f2fs_update_extent_tree_rang
* drop largest extent before lookup, in case it's already
* been shrunk from extent tree
*/
- __drop_largest_extent(inode, fofs, len);
+ __drop_largest_extent(et, fofs, len);
/* 1. lookup first extent node in range [fofs, fofs + len - 1] */
en = (struct extent_node *)f2fs_lookup_rb_tree_ret(&et->root,
@@ -550,7 +548,7 @@ static void f2fs_update_extent_tree_rang
set_extent_info(&ei, end,
end - dei.fofs + dei.blk,
org_end - end);
- en1 = __insert_extent_tree(inode, et, &ei,
+ en1 = __insert_extent_tree(sbi, et, &ei,
NULL, NULL);
next_en = en1;
} else {
@@ -570,7 +568,7 @@ static void f2fs_update_extent_tree_rang
}
if (parts)
- __try_update_largest_extent(inode, et, en);
+ __try_update_largest_extent(et, en);
else
__release_extent_node(sbi, et, en);
@@ -590,15 +588,16 @@ static void f2fs_update_extent_tree_rang
if (blkaddr) {
set_extent_info(&ei, fofs, blkaddr, len);
- if (!__try_merge_extent_node(inode, et, &ei, prev_en, next_en))
- __insert_extent_tree(inode, et, &ei,
+ if (!__try_merge_extent_node(sbi, et, &ei, prev_en, next_en))
+ __insert_extent_tree(sbi, et, &ei,
insert_p, insert_parent);
/* give up extent_cache, if split and small updates happen */
if (dei.len >= 1 &&
prev.len < F2FS_MIN_EXTENT_LEN &&
et->largest.len < F2FS_MIN_EXTENT_LEN) {
- __drop_largest_extent(inode, 0, UINT_MAX);
+ et->largest.len = 0;
+ et->largest_updated = true;
set_inode_flag(inode, FI_NO_EXTENT);
}
}
@@ -606,7 +605,15 @@ static void f2fs_update_extent_tree_rang
if (is_inode_flag_set(inode, FI_NO_EXTENT))
__free_extent_tree(sbi, et);
+ if (et->largest_updated) {
+ et->largest_updated = false;
+ updated = true;
+ }
+
write_unlock(&et->lock);
+
+ if (updated)
+ f2fs_mark_inode_dirty_sync(inode, true);
}
unsigned int f2fs_shrink_extent_tree(struct f2fs_sb_info *sbi, int nr_shrink)
@@ -705,6 +712,7 @@ void f2fs_drop_extent_tree(struct inode
{
struct f2fs_sb_info *sbi = F2FS_I_SB(inode);
struct extent_tree *et = F2FS_I(inode)->extent_tree;
+ bool updated = false;
if (!f2fs_may_extent_tree(inode))
return;
@@ -713,8 +721,13 @@ void f2fs_drop_extent_tree(struct inode
write_lock(&et->lock);
__free_extent_tree(sbi, et);
- __drop_largest_extent(inode, 0, UINT_MAX);
+ if (et->largest.len) {
+ et->largest.len = 0;
+ updated = true;
+ }
write_unlock(&et->lock);
+ if (updated)
+ f2fs_mark_inode_dirty_sync(inode, true);
}
void f2fs_destroy_extent_tree(struct inode *inode)
--- a/fs/f2fs/f2fs.h
+++ b/fs/f2fs/f2fs.h
@@ -572,6 +572,7 @@ struct extent_tree {
struct list_head list; /* to be used by sbi->zombie_list */
rwlock_t lock; /* protect extent info rb-tree */
atomic_t node_cnt; /* # of extent node in rb-tree*/
+ bool largest_updated; /* largest extent updated */
};
/*
@@ -754,12 +755,12 @@ static inline bool __is_front_mergeable(
}
extern void f2fs_mark_inode_dirty_sync(struct inode *inode, bool sync);
-static inline void __try_update_largest_extent(struct inode *inode,
- struct extent_tree *et, struct extent_node *en)
+static inline void __try_update_largest_extent(struct extent_tree *et,
+ struct extent_node *en)
{
if (en->ei.len > et->largest.len) {
et->largest = en->ei;
- f2fs_mark_inode_dirty_sync(inode, true);
+ et->largest_updated = true;
}
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 184/361] f2fs: report error if quota off error during umount
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (182 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 183/361] f2fs: avoid sleeping under spin_lock Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 185/361] signal: Always deliver the kernels SIGKILL and SIGSTOP to a pid namespace init Greg Kroah-Hartman
` (179 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yunlei He, Chao Yu, Jaegeuk Kim, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yunlei He <heyunlei@huawei.com>
[ Upstream commit cda9cc595f0bb6ffa51a4efc4b6533dfa4039b4c ]
Now, we depend on fsck to ensure quota file data is ok,
so we scan whole partition if checkpoint without umount
flag. It's same for quota off error case, which may make
quota file data inconsistent.
generic/019 reports below error:
__quota_error: 1160 callbacks suppressed
Quota error (device zram1): write_blk: dquota write failed
Quota error (device zram1): qtree_write_dquot: Error -28 occurred while creating quota
Quota error (device zram1): write_blk: dquota write failed
Quota error (device zram1): qtree_write_dquot: Error -28 occurred while creating quota
Quota error (device zram1): write_blk: dquota write failed
Quota error (device zram1): qtree_write_dquot: Error -28 occurred while creating quota
Quota error (device zram1): write_blk: dquota write failed
Quota error (device zram1): qtree_write_dquot: Error -28 occurred while creating quota
Quota error (device zram1): write_blk: dquota write failed
Quota error (device zram1): qtree_write_dquot: Error -28 occurred while creating quota
VFS: Busy inodes after unmount of zram1. Self-destruct in 5 seconds. Have a nice day...
If we failed in below path due to fail to write dquot block, we will miss
to release quota inode, fix it.
- f2fs_put_super
- f2fs_quota_off_umount
- f2fs_quota_off
- f2fs_quota_sync <-- failed
- dquot_quota_off <-- missed to call
Signed-off-by: Yunlei He <heyunlei@huawei.com>
Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/super.c | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
--- a/fs/f2fs/super.c
+++ b/fs/f2fs/super.c
@@ -1852,7 +1852,9 @@ static int f2fs_quota_off(struct super_b
if (!inode || !igrab(inode))
return dquot_quota_off(sb, type);
- f2fs_quota_sync(sb, type);
+ err = f2fs_quota_sync(sb, type);
+ if (err)
+ goto out_put;
err = dquot_quota_off(sb, type);
if (err || f2fs_sb_has_quota_ino(sb))
@@ -1871,9 +1873,20 @@ out_put:
void f2fs_quota_off_umount(struct super_block *sb)
{
int type;
+ int err;
- for (type = 0; type < MAXQUOTAS; type++)
- f2fs_quota_off(sb, type);
+ for (type = 0; type < MAXQUOTAS; type++) {
+ err = f2fs_quota_off(sb, type);
+ if (err) {
+ int ret = dquot_quota_off(sb, type);
+
+ f2fs_msg(sb, KERN_ERR,
+ "Fail to turn off disk quota "
+ "(type: %d, err: %d, ret:%d), Please "
+ "run fsck to fix it.", type, err, ret);
+ set_sbi_flag(F2FS_SB(sb), SBI_NEED_FSCK);
+ }
+ }
}
static int f2fs_get_projid(struct inode *inode, kprojid_t *projid)
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 185/361] signal: Always deliver the kernels SIGKILL and SIGSTOP to a pid namespace init
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (183 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 184/361] f2fs: report error if quota off error during umount Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 186/361] f2fs: fix to flush all dirty inodes recovered in readonly fs Greg Kroah-Hartman
` (178 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thomas Gleixner, Eric W. Biederman,
Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Eric W. Biederman" <ebiederm@xmission.com>
[ Upstream commit 3597dfe01d12f570bc739da67f857fd222a3ea66 ]
Instead of playing whack-a-mole and changing SEND_SIG_PRIV to
SEND_SIG_FORCED throughout the kernel to ensure a pid namespace init
gets signals sent by the kernel, stop allowing a pid namespace init to
ignore SIGKILL or SIGSTOP sent by the kernel. A pid namespace init is
only supposed to be able to ignore signals sent from itself and
children with SIG_DFL.
Fixes: 921cf9f63089 ("signals: protect cinit from unblocked SIG_DFL signals")
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/signal.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -1035,7 +1035,7 @@ static int __send_signal(int sig, struct
result = TRACE_SIGNAL_IGNORED;
if (!prepare_signal(sig, t,
- from_ancestor_ns || (info == SEND_SIG_FORCED)))
+ from_ancestor_ns || (info == SEND_SIG_PRIV) || (info == SEND_SIG_FORCED)))
goto ret;
pending = (type != PIDTYPE_PID) ? &t->signal->shared_pending : &t->pending;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 186/361] f2fs: fix to flush all dirty inodes recovered in readonly fs
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (184 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 185/361] signal: Always deliver the kernels SIGKILL and SIGSTOP to a pid namespace init Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 187/361] mfd: menelaus: Fix possible race condition and leak Greg Kroah-Hartman
` (177 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chao Yu, Jaegeuk Kim, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chao Yu <yuchao0@huawei.com>
[ Upstream commit 1378752b9921e60749eaf18ec6c47b33f9001abb ]
generic/417 reported as blow:
------------[ cut here ]------------
kernel BUG at /home/yuchao/git/devf2fs/inode.c:695!
invalid opcode: 0000 [#1] PREEMPT SMP
CPU: 1 PID: 21697 Comm: umount Tainted: G W O 4.18.0-rc2+ #39
Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
EIP: f2fs_evict_inode+0x556/0x580 [f2fs]
Call Trace:
? _raw_spin_unlock+0x2c/0x50
evict+0xa8/0x170
dispose_list+0x34/0x40
evict_inodes+0x118/0x120
generic_shutdown_super+0x41/0x100
? rcu_read_lock_sched_held+0x97/0xa0
kill_block_super+0x22/0x50
kill_f2fs_super+0x6f/0x80 [f2fs]
deactivate_locked_super+0x3d/0x70
deactivate_super+0x40/0x60
cleanup_mnt+0x39/0x70
__cleanup_mnt+0x10/0x20
task_work_run+0x81/0xa0
exit_to_usermode_loop+0x59/0xa7
do_fast_syscall_32+0x1f5/0x22c
entry_SYSENTER_32+0x53/0x86
EIP: f2fs_evict_inode+0x556/0x580 [f2fs]
It can simply reproduced with scripts:
Enable quota feature during mkfs.
Testcase1:
1. mkfs.f2fs /dev/zram0
2. mount -t f2fs /dev/zram0 /mnt/f2fs
3. xfs_io -f /mnt/f2fs/file -c "pwrite 0 4k" -c "fsync"
4. godown /mnt/f2fs
5. umount /mnt/f2fs
6. mount -t f2fs -o ro /dev/zram0 /mnt/f2fs
7. umount /mnt/f2fs
Testcase2:
1. mkfs.f2fs /dev/zram0
2. mount -t f2fs /dev/zram0 /mnt/f2fs
3. touch /mnt/f2fs/file
4. create process[pid = x] do:
a) open /mnt/f2fs/file;
b) unlink /mnt/f2fs/file
5. godown -f /mnt/f2fs
6. kill process[pid = x]
7. umount /mnt/f2fs
8. mount -t f2fs -o ro /dev/zram0 /mnt/f2fs
9. umount /mnt/f2fs
The reason is: during recovery, i_{c,m}time of inode will be updated, then
the inode can be set dirty w/o being tracked in sbi->inode_list[DIRTY_META]
global list, so later write_checkpoint will not flush such dirty inode into
node page.
Once umount is called, sync_filesystem() in generic_shutdown_super() will
skip syncng dirty inodes due to sb_rdonly check, leaving dirty inodes
there.
To solve this issue, during umount, add remove SB_RDONLY flag in
sb->s_flags, to make sure sync_filesystem() will not be skipped.
Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/checkpoint.c | 2 ++
fs/f2fs/f2fs.h | 1 +
fs/f2fs/recovery.c | 14 +++++++++-----
fs/f2fs/super.c | 3 +++
4 files changed, 15 insertions(+), 5 deletions(-)
--- a/fs/f2fs/checkpoint.c
+++ b/fs/f2fs/checkpoint.c
@@ -696,6 +696,8 @@ int f2fs_recover_orphan_inodes(struct f2
/* clear Orphan Flag */
clear_ckpt_flags(sbi, CP_ORPHAN_PRESENT_FLAG);
out:
+ set_sbi_flag(sbi, SBI_IS_RECOVERED);
+
#ifdef CONFIG_QUOTA
/* Turn quotas off */
if (quota_enabled)
--- a/fs/f2fs/f2fs.h
+++ b/fs/f2fs/f2fs.h
@@ -1089,6 +1089,7 @@ enum {
SBI_NEED_SB_WRITE, /* need to recover superblock */
SBI_NEED_CP, /* need to checkpoint */
SBI_IS_SHUTDOWN, /* shutdown by ioctl */
+ SBI_IS_RECOVERED, /* recovered orphan/data */
};
enum {
--- a/fs/f2fs/recovery.c
+++ b/fs/f2fs/recovery.c
@@ -698,11 +698,15 @@ skip:
/* let's drop all the directory inodes for clean checkpoint */
destroy_fsync_dnodes(&dir_list);
- if (!err && need_writecp) {
- struct cp_control cpc = {
- .reason = CP_RECOVERY,
- };
- err = f2fs_write_checkpoint(sbi, &cpc);
+ if (need_writecp) {
+ set_sbi_flag(sbi, SBI_IS_RECOVERED);
+
+ if (!err) {
+ struct cp_control cpc = {
+ .reason = CP_RECOVERY,
+ };
+ err = f2fs_write_checkpoint(sbi, &cpc);
+ }
}
kmem_cache_destroy(fsync_entry_slab);
--- a/fs/f2fs/super.c
+++ b/fs/f2fs/super.c
@@ -3188,6 +3188,9 @@ static void kill_f2fs_super(struct super
};
f2fs_write_checkpoint(sbi, &cpc);
}
+
+ if (is_sbi_flag_set(sbi, SBI_IS_RECOVERED) && f2fs_readonly(sb))
+ sb->s_flags &= ~SB_RDONLY;
}
kill_block_super(sb);
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 187/361] mfd: menelaus: Fix possible race condition and leak
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (185 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 186/361] f2fs: fix to flush all dirty inodes recovered in readonly fs Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 188/361] dmaengine: dma-jz4780: Return error if not probed from DT Greg Kroah-Hartman
` (176 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexandre Belloni, Lee Jones, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexandre Belloni <alexandre.belloni@bootlin.com>
[ Upstream commit 9612f8f503804d2fd2f63aa6ba1e58bba4612d96 ]
The IRQ work is added before the struct rtc is allocated and registered,
but this struct is used in the IRQ handler. This may lead to a NULL pointer
dereference.
Switch to devm_rtc_allocate_device/rtc_register_device to allocate the rtc
before calling menelaus_add_irq_work.
Also, this solves a possible leak as the RTC is never released.
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mfd/menelaus.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
--- a/drivers/mfd/menelaus.c
+++ b/drivers/mfd/menelaus.c
@@ -1094,6 +1094,7 @@ static void menelaus_rtc_alarm_work(stru
static inline void menelaus_rtc_init(struct menelaus_chip *m)
{
int alarm = (m->client->irq > 0);
+ int err;
/* assume 32KDETEN pin is pulled high */
if (!(menelaus_read_reg(MENELAUS_OSC_CTRL) & 0x80)) {
@@ -1101,6 +1102,12 @@ static inline void menelaus_rtc_init(str
return;
}
+ m->rtc = devm_rtc_allocate_device(&m->client->dev);
+ if (IS_ERR(m->rtc))
+ return;
+
+ m->rtc->ops = &menelaus_rtc_ops;
+
/* support RTC alarm; it can issue wakeups */
if (alarm) {
if (menelaus_add_irq_work(MENELAUS_RTCALM_IRQ,
@@ -1125,10 +1132,8 @@ static inline void menelaus_rtc_init(str
menelaus_write_reg(MENELAUS_RTC_CTRL, m->rtc_control);
}
- m->rtc = rtc_device_register(DRIVER_NAME,
- &m->client->dev,
- &menelaus_rtc_ops, THIS_MODULE);
- if (IS_ERR(m->rtc)) {
+ err = rtc_register_device(m->rtc);
+ if (err) {
if (alarm) {
menelaus_remove_irq_work(MENELAUS_RTCALM_IRQ);
device_init_wakeup(&m->client->dev, 0);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 188/361] dmaengine: dma-jz4780: Return error if not probed from DT
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (186 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 187/361] mfd: menelaus: Fix possible race condition and leak Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 189/361] IB/rxe: fix for duplicate request processing and ack psns Greg Kroah-Hartman
` (175 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Paul Cercueil, Mathieu Malaterre,
Vinod Koul, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paul Cercueil <paul@crapouillou.net>
[ Upstream commit 54f919a04cf221bc1601d1193682d4379dacacbd ]
The driver calls clk_get() with the clock name set to NULL, which means
that the driver could only work when probed from devicetree. From now
on, we explicitly require the driver to be probed from devicetree.
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Tested-by: Mathieu Malaterre <malat@debian.org>
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/dma/dma-jz4780.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/dma/dma-jz4780.c
+++ b/drivers/dma/dma-jz4780.c
@@ -761,6 +761,11 @@ static int jz4780_dma_probe(struct platf
struct resource *res;
int i, ret;
+ if (!dev->of_node) {
+ dev_err(dev, "This driver must be probed from devicetree\n");
+ return -EINVAL;
+ }
+
jzdma = devm_kzalloc(dev, sizeof(*jzdma), GFP_KERNEL);
if (!jzdma)
return -ENOMEM;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 189/361] IB/rxe: fix for duplicate request processing and ack psns
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (187 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 188/361] dmaengine: dma-jz4780: Return error if not probed from DT Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 190/361] ALSA: hda: Check the non-cached stream buffers more explicitly Greg Kroah-Hartman
` (174 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vijay Immanuel, Doug Ledford, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vijay Immanuel <vijayi@attalasystems.com>
[ Upstream commit b97db58557f4aa6d9903f8e1deea6b3d1ed0ba43 ]
Don't reset the resp opcode for a replayed read response.
The resp opcode could be in the middle of a write or send
sequence, when the duplicate read request was received.
An example sequence is as follows:
- Receive read request for 12KB PSN 20. Transmit read response
first, middle and last with PSNs 20,21,22.
- Receive write first PSN 23.
At this point the resp psn is 24 and resp opcode is write first.
- The sender notices that PSN 20 is dropped and retransmits.
Receive read request for 12KB PSN 20. Transmit read response
first, middle and last with PSNs 20,21,22. The resp opcode is
set to -1, the resp psn remains 24.
- Receive write first PSN 23. This is processed by duplicate_request().
The resp opcode remains -1 and resp psn remains 24.
- Receive write middle PSN 24. check_op_seq() reports a missing
first error since the resp opcode is -1.
When sending an ack for a duplicate send or write request,
use the psn of the previous ack sent. Do not use the psn
of a read response for the ack.
An example sequence is as follows:
- Receive write PSN 30. Transmit ACK for PSN 30.
- Receive read request 4KB PSN 31. Transmit read response with
PSN 31. The resp psn is now 32.
- The sender notices that PSN 30 is dropped and retransmits.
Receive write PSN 30. duplicate_request() sends an ACK with
PSN 31. That is incorrect since PSN 31 was a read request.
Signed-off-by: Vijay Immanuel <vijayi@attalasystems.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/sw/rxe/rxe_resp.c | 8 ++++++--
drivers/infiniband/sw/rxe/rxe_verbs.h | 2 ++
2 files changed, 8 insertions(+), 2 deletions(-)
--- a/drivers/infiniband/sw/rxe/rxe_resp.c
+++ b/drivers/infiniband/sw/rxe/rxe_resp.c
@@ -682,6 +682,7 @@ static enum resp_states read_reply(struc
rxe_advance_resp_resource(qp);
res->type = RXE_READ_MASK;
+ res->replay = 0;
res->read.va = qp->resp.va;
res->read.va_org = qp->resp.va;
@@ -752,7 +753,8 @@ static enum resp_states read_reply(struc
state = RESPST_DONE;
} else {
qp->resp.res = NULL;
- qp->resp.opcode = -1;
+ if (!res->replay)
+ qp->resp.opcode = -1;
if (psn_compare(res->cur_psn, qp->resp.psn) >= 0)
qp->resp.psn = res->cur_psn;
state = RESPST_CLEANUP;
@@ -814,6 +816,7 @@ static enum resp_states execute(struct r
/* next expected psn, read handles this separately */
qp->resp.psn = (pkt->psn + 1) & BTH_PSN_MASK;
+ qp->resp.ack_psn = qp->resp.psn;
qp->resp.opcode = pkt->opcode;
qp->resp.status = IB_WC_SUCCESS;
@@ -1065,7 +1068,7 @@ static enum resp_states duplicate_reques
struct rxe_pkt_info *pkt)
{
enum resp_states rc;
- u32 prev_psn = (qp->resp.psn - 1) & BTH_PSN_MASK;
+ u32 prev_psn = (qp->resp.ack_psn - 1) & BTH_PSN_MASK;
if (pkt->mask & RXE_SEND_MASK ||
pkt->mask & RXE_WRITE_MASK) {
@@ -1108,6 +1111,7 @@ static enum resp_states duplicate_reques
res->state = (pkt->psn == res->first_psn) ?
rdatm_res_state_new :
rdatm_res_state_replay;
+ res->replay = 1;
/* Reset the resource, except length. */
res->read.va_org = iova;
--- a/drivers/infiniband/sw/rxe/rxe_verbs.h
+++ b/drivers/infiniband/sw/rxe/rxe_verbs.h
@@ -171,6 +171,7 @@ enum rdatm_res_state {
struct resp_res {
int type;
+ int replay;
u32 first_psn;
u32 last_psn;
u32 cur_psn;
@@ -195,6 +196,7 @@ struct rxe_resp_info {
enum rxe_qp_state state;
u32 msn;
u32 psn;
+ u32 ack_psn;
int opcode;
int drop_msg;
int goto_error;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 190/361] ALSA: hda: Check the non-cached stream buffers more explicitly
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (188 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 189/361] IB/rxe: fix for duplicate request processing and ack psns Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 191/361] cpupower: Fix AMD Family 0x17 msr_pstate size Greg Kroah-Hartman
` (173 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit 78c9be61c3a5cd9e2439fd27a5ffad73a81958c7 ]
Introduce a new flag, uc_buffer, to indicate that the controller
requires the non-cached pages for stream buffers, either as a
chip-specific requirement or specified via snoop=0 option.
This improves the code-readability.
Also, this patch fixes the incorrect behavior for C-Media chip where
the stream buffers were never handled as non-cached due to the check
of driver_type even if you pass snoop=0 option.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/hda_controller.h | 1 +
sound/pci/hda/hda_intel.c | 11 ++++++++---
2 files changed, 9 insertions(+), 3 deletions(-)
--- a/sound/pci/hda/hda_controller.h
+++ b/sound/pci/hda/hda_controller.h
@@ -160,6 +160,7 @@ struct azx {
unsigned int msi:1;
unsigned int probing:1; /* codec probing phase */
unsigned int snoop:1;
+ unsigned int uc_buffer:1; /* non-cached pages for stream buffers */
unsigned int align_buffer_size:1;
unsigned int region_requested:1;
unsigned int disabled:1; /* disabled by vga_switcheroo */
--- a/sound/pci/hda/hda_intel.c
+++ b/sound/pci/hda/hda_intel.c
@@ -412,7 +412,7 @@ static void __mark_pages_wc(struct azx *
#ifdef CONFIG_SND_DMA_SGBUF
if (dmab->dev.type == SNDRV_DMA_TYPE_DEV_SG) {
struct snd_sg_buf *sgbuf = dmab->private_data;
- if (chip->driver_type == AZX_DRIVER_CMEDIA)
+ if (!chip->uc_buffer)
return; /* deal with only CORB/RIRB buffers */
if (on)
set_pages_array_wc(sgbuf->page_table, sgbuf->pages);
@@ -1678,6 +1678,7 @@ static void azx_check_snoop_available(st
dev_info(chip->card->dev, "Force to %s mode by module option\n",
snoop ? "snoop" : "non-snoop");
chip->snoop = snoop;
+ chip->uc_buffer = !snoop;
return;
}
@@ -1698,8 +1699,12 @@ static void azx_check_snoop_available(st
snoop = false;
chip->snoop = snoop;
- if (!snoop)
+ if (!snoop) {
dev_info(chip->card->dev, "Force to non-snoop mode\n");
+ /* C-Media requires non-cached pages only for CORB/RIRB */
+ if (chip->driver_type != AZX_DRIVER_CMEDIA)
+ chip->uc_buffer = true;
+ }
}
static void azx_probe_work(struct work_struct *work)
@@ -2138,7 +2143,7 @@ static void pcm_mmap_prepare(struct snd_
#ifdef CONFIG_X86
struct azx_pcm *apcm = snd_pcm_substream_chip(substream);
struct azx *chip = apcm->chip;
- if (!azx_snoop(chip) && chip->driver_type != AZX_DRIVER_CMEDIA)
+ if (chip->uc_buffer)
area->vm_page_prot = pgprot_writecombine(area->vm_page_prot);
#endif
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 191/361] cpupower: Fix AMD Family 0x17 msr_pstate size
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (189 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 190/361] ALSA: hda: Check the non-cached stream buffers more explicitly Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 192/361] Revert "f2fs: fix to clear PG_checked flag in set_page_dirty()" Greg Kroah-Hartman
` (172 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Prarit Bhargava, Shuah Khan,
Stafford Horne, Sasha Levin
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Prarit Bhargava <prarit@redhat.com>
[ Upstream commit 8c22e2f695920ebd94f9a53bcf2a65eb36d4dba1 ]
The msr_pstate data is only 63 bits long and should be 64 bits.
Add in the missing bit from res1 for AMD Family 0x17.
Reference: https://www.amd.com/system/files/TechDocs/54945_PPR_Family_17h_Models_00h-0Fh.pdf, page 138.
Signed-off-by: Prarit Bhargava <prarit@redhat.com>
Cc: Shuah Khan <shuah@kernel.org>
Cc: Stafford Horne <shorne@gmail.com>
Signed-off-by: Shuah Khan (Samsung OSG) <shuah@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/power/cpupower/utils/helpers/amd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/tools/power/cpupower/utils/helpers/amd.c
+++ b/tools/power/cpupower/utils/helpers/amd.c
@@ -33,7 +33,7 @@ union msr_pstate {
unsigned vid:8;
unsigned iddval:8;
unsigned idddiv:2;
- unsigned res1:30;
+ unsigned res1:31;
unsigned en:1;
} fam17h_bits;
unsigned long long val;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 192/361] Revert "f2fs: fix to clear PG_checked flag in set_page_dirty()"
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (190 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 191/361] cpupower: Fix AMD Family 0x17 msr_pstate size Greg Kroah-Hartman
@ 2018-11-11 22:18 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 193/361] f2fs: fix missing up_read Greg Kroah-Hartman
` (171 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:18 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Chao Yu, Jaegeuk Kim
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jaegeuk Kim <jaegeuk@kernel.org>
commit 164a63fa6b384e30ceb96ed80bc7dc3379bc0960 upstream.
This reverts commit 66110abc4c931f879d70e83e1281f891699364bf.
If we clear the cold data flag out of the writeback flow, we can miscount
-1 by end_io, which incurs a deadlock caused by all I/Os being blocked during
heavy GC.
Balancing F2FS Async:
- IO (CP: 1, Data: -1, Flush: ( 0 0 1), Discard: ( ...
GC thread: IRQ
- move_data_page()
- set_page_dirty()
- clear_cold_data()
- f2fs_write_end_io()
- type = WB_DATA_TYPE(page);
here, we get wrong type
- dec_page_count(sbi, type);
- f2fs_wait_on_page_writeback()
Cc: <stable@vger.kernel.org>
Reported-and-Tested-by: Park Ju Hyung <qkrwngud825@gmail.com>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/data.c | 4 ----
1 file changed, 4 deletions(-)
--- a/fs/f2fs/data.c
+++ b/fs/f2fs/data.c
@@ -2590,10 +2590,6 @@ static int f2fs_set_data_page_dirty(stru
if (!PageUptodate(page))
SetPageUptodate(page);
- /* don't remain PG_checked flag which was set during GC */
- if (is_cold_data(page))
- clear_cold_data(page);
-
if (f2fs_is_atomic_file(inode) && !f2fs_is_commit_atomic_write(inode)) {
if (!IS_ATOMIC_WRITTEN_PAGE(page)) {
f2fs_register_inmem_page(inode, page);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 193/361] f2fs: fix missing up_read
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (191 preceding siblings ...)
2018-11-11 22:18 ` [PATCH 4.19 192/361] Revert "f2fs: fix to clear PG_checked flag in set_page_dirty()" Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 194/361] f2fs: fix to recover cold bit of inode block during POR Greg Kroah-Hartman
` (170 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Chao Yu, Jaegeuk Kim
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jaegeuk Kim <jaegeuk@kernel.org>
commit 89d13c38501df730cbb2e02c4499da1b5187119d upstream.
This patch fixes missing up_read call.
Fixes: c9b60788fc76 ("f2fs: fix to do sanity check with block address in main area")
Cc: <stable@vger.kernel.org> # 4.19+
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/node.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/fs/f2fs/node.c
+++ b/fs/f2fs/node.c
@@ -1542,8 +1542,10 @@ static int __write_node_page(struct page
}
if (__is_valid_data_blkaddr(ni.blk_addr) &&
- !f2fs_is_valid_blkaddr(sbi, ni.blk_addr, DATA_GENERIC))
+ !f2fs_is_valid_blkaddr(sbi, ni.blk_addr, DATA_GENERIC)) {
+ up_read(&sbi->node_write);
goto redirty_out;
+ }
if (atomic && !test_opt(sbi, NOBARRIER))
fio.op_flags |= REQ_PREFLUSH | REQ_FUA;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 194/361] f2fs: fix to recover cold bit of inode block during POR
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (192 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 193/361] f2fs: fix missing up_read Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 195/361] f2fs: fix to account IO correctly Greg Kroah-Hartman
` (169 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Chao Yu, Jaegeuk Kim
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chao Yu <yuchao0@huawei.com>
commit ef2a007134b4eaa39264c885999f296577bc87d2 upstream.
Testcase to reproduce this bug:
1. mkfs.f2fs /dev/sdd
2. mount -t f2fs /dev/sdd /mnt/f2fs
3. touch /mnt/f2fs/file
4. sync
5. chattr +A /mnt/f2fs/file
6. xfs_io -f /mnt/f2fs/file -c "fsync"
7. godown /mnt/f2fs
8. umount /mnt/f2fs
9. mount -t f2fs /dev/sdd /mnt/f2fs
10. chattr -A /mnt/f2fs/file
11. xfs_io -f /mnt/f2fs/file -c "fsync"
12. umount /mnt/f2fs
13. mount -t f2fs /dev/sdd /mnt/f2fs
14. lsattr /mnt/f2fs/file
-----------------N- /mnt/f2fs/file
But actually, we expect the corrct result is:
-------A---------N- /mnt/f2fs/file
The reason is in step 9) we missed to recover cold bit flag in inode
block, so later, in fsync, we will skip write inode block due to below
condition check, result in lossing data in another SPOR.
f2fs_fsync_node_pages()
if (!IS_DNODE(page) || !is_cold_node(page))
continue;
Note that, I guess that some non-dir inode has already lost cold bit
during POR, so in order to reenable recovery for those inode, let's
try to recover cold bit in f2fs_iget() to save more fsynced data.
Fixes: c56675750d7c ("f2fs: remove unneeded set_cold_node()")
Cc: <stable@vger.kernel.org> 4.17+
Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/inode.c | 6 ++++++
fs/f2fs/node.c | 2 +-
2 files changed, 7 insertions(+), 1 deletion(-)
--- a/fs/f2fs/inode.c
+++ b/fs/f2fs/inode.c
@@ -368,6 +368,12 @@ static int do_read_inode(struct inode *i
if (f2fs_has_inline_data(inode) && !f2fs_exist_data(inode))
__recover_inline_status(inode, node_page);
+ /* try to recover cold bit for non-dir inode */
+ if (!S_ISDIR(inode->i_mode) && !is_cold_node(node_page)) {
+ set_cold_node(node_page, false);
+ set_page_dirty(node_page);
+ }
+
/* get rdev by using inline_info */
__get_inode_rdev(inode, ri);
--- a/fs/f2fs/node.c
+++ b/fs/f2fs/node.c
@@ -2539,7 +2539,7 @@ retry:
if (!PageUptodate(ipage))
SetPageUptodate(ipage);
fill_node_footer(ipage, ino, ino, 0, true);
- set_cold_node(page, false);
+ set_cold_node(ipage, false);
src = F2FS_INODE(page);
dst = F2FS_INODE(ipage);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 195/361] f2fs: fix to account IO correctly
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (193 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 194/361] f2fs: fix to recover cold bit of inode block during POR Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 196/361] OPP: Free OPP table properly on performance state irregularities Greg Kroah-Hartman
` (168 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Chao Yu, Jaegeuk Kim
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chao Yu <yuchao0@huawei.com>
commit 4c58ed076875f36dae0f240da1e25e99e5d4afb8 upstream.
Below race can cause reversed reference on dirty count, fix it by
relocating __submit_bio() and inc_page_count().
Thread A Thread B
- f2fs_inplace_write_data
- f2fs_submit_page_bio
- __submit_bio
- f2fs_write_end_io
- dec_page_count
- inc_page_count
Cc: <stable@vger.kernel.org>
Fixes: d1b3e72d5490 ("f2fs: submit bio of in-place-update pages")
Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/data.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/fs/f2fs/data.c
+++ b/fs/f2fs/data.c
@@ -463,10 +463,10 @@ int f2fs_submit_page_bio(struct f2fs_io_
bio_set_op_attrs(bio, fio->op, fio->op_flags);
- __submit_bio(fio->sbi, bio, fio->type);
-
if (!is_read_io(fio->op))
inc_page_count(fio->sbi, WB_DATA_TYPE(fio->page));
+
+ __submit_bio(fio->sbi, bio, fio->type);
return 0;
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 196/361] OPP: Free OPP table properly on performance state irregularities
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (194 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 195/361] f2fs: fix to account IO correctly Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 197/361] ARM: dts: exynos: Convert exynos5250.dtsi to opp-v2 bindings Greg Kroah-Hartman
` (167 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Niklas Cassel, Viresh Kumar
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Viresh Kumar <viresh.kumar@linaro.org>
commit 2fbb8670b4ff4454f1c0de510f788d737edc4b90 upstream.
The OPP table was freed, but not the individual OPPs which is done from
_dev_pm_opp_remove_table(). Fix it by calling _dev_pm_opp_remove_table()
as well.
Cc: 4.18 <stable@vger.kernel.org> # v4.18
Fixes: 3ba98324e81a ("PM / OPP: Get performance state using genpd helper")
Tested-by: Niklas Cassel <niklas.cassel@linaro.org>
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/opp/of.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/opp/of.c
+++ b/drivers/opp/of.c
@@ -425,6 +425,7 @@ static int _of_add_opp_table_v2(struct d
dev_err(dev, "Not all nodes have performance state set (%d: %d)\n",
count, pstate_count);
ret = -ENOENT;
+ _dev_pm_opp_remove_table(opp_table, dev, false);
goto put_opp_table;
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 197/361] ARM: dts: exynos: Convert exynos5250.dtsi to opp-v2 bindings
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (195 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 196/361] OPP: Free OPP table properly on performance state irregularities Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 198/361] ARM: dts: exynos: Mark 1 GHz CPU OPP as suspend OPP on Exynos5250 Greg Kroah-Hartman
` (166 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marek Szyprowski, Chanwoo Choi,
Bartlomiej Zolnierkiewicz, Krzysztof Kozlowski
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Marek Szyprowski <m.szyprowski@samsung.com>
commit eb9e16d8573e243f8175647f851eb5085dbe97a4 upstream.
Convert Exynos5250 to OPP-v2 bindings. This is a preparation to add proper
support for suspend operation point, which cannot be marked in opp-v1.
Cc: <stable@vger.kernel.org> # 4.3.x: cd6f55457eb4: ARM: dts: exynos: Remove "cooling-{min|max}-level" for CPU nodes
Cc: <stable@vger.kernel.org> # 4.3.x: 672f33198bee: arm: dts: exynos: Add missing cooling device properties for CPUs
Cc: <stable@vger.kernel.org> # 4.3.x
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Reviewed-by: Chanwoo Choi <cw00.choi@samsung.com>
Acked-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/boot/dts/exynos5250.dtsi | 130 +++++++++++++++++++++++++-------------
1 file changed, 88 insertions(+), 42 deletions(-)
--- a/arch/arm/boot/dts/exynos5250.dtsi
+++ b/arch/arm/boot/dts/exynos5250.dtsi
@@ -54,62 +54,108 @@
device_type = "cpu";
compatible = "arm,cortex-a15";
reg = <0>;
- clock-frequency = <1700000000>;
clocks = <&clock CLK_ARM_CLK>;
clock-names = "cpu";
- clock-latency = <140000>;
-
- operating-points = <
- 1700000 1300000
- 1600000 1250000
- 1500000 1225000
- 1400000 1200000
- 1300000 1150000
- 1200000 1125000
- 1100000 1100000
- 1000000 1075000
- 900000 1050000
- 800000 1025000
- 700000 1012500
- 600000 1000000
- 500000 975000
- 400000 950000
- 300000 937500
- 200000 925000
- >;
+ operating-points-v2 = <&cpu0_opp_table>;
#cooling-cells = <2>; /* min followed by max */
};
cpu@1 {
device_type = "cpu";
compatible = "arm,cortex-a15";
reg = <1>;
- clock-frequency = <1700000000>;
clocks = <&clock CLK_ARM_CLK>;
clock-names = "cpu";
- clock-latency = <140000>;
-
- operating-points = <
- 1700000 1300000
- 1600000 1250000
- 1500000 1225000
- 1400000 1200000
- 1300000 1150000
- 1200000 1125000
- 1100000 1100000
- 1000000 1075000
- 900000 1050000
- 800000 1025000
- 700000 1012500
- 600000 1000000
- 500000 975000
- 400000 950000
- 300000 937500
- 200000 925000
- >;
+ operating-points-v2 = <&cpu0_opp_table>;
#cooling-cells = <2>; /* min followed by max */
};
};
+ cpu0_opp_table: opp_table0 {
+ compatible = "operating-points-v2";
+ opp-shared;
+
+ opp-200000000 {
+ opp-hz = /bits/ 64 <200000000>;
+ opp-microvolt = <925000>;
+ clock-latency-ns = <140000>;
+ };
+ opp-300000000 {
+ opp-hz = /bits/ 64 <300000000>;
+ opp-microvolt = <937500>;
+ clock-latency-ns = <140000>;
+ };
+ opp-400000000 {
+ opp-hz = /bits/ 64 <400000000>;
+ opp-microvolt = <950000>;
+ clock-latency-ns = <140000>;
+ };
+ opp-500000000 {
+ opp-hz = /bits/ 64 <500000000>;
+ opp-microvolt = <975000>;
+ clock-latency-ns = <140000>;
+ };
+ opp-600000000 {
+ opp-hz = /bits/ 64 <600000000>;
+ opp-microvolt = <1000000>;
+ clock-latency-ns = <140000>;
+ };
+ opp-700000000 {
+ opp-hz = /bits/ 64 <700000000>;
+ opp-microvolt = <1012500>;
+ clock-latency-ns = <140000>;
+ };
+ opp-800000000 {
+ opp-hz = /bits/ 64 <800000000>;
+ opp-microvolt = <1025000>;
+ clock-latency-ns = <140000>;
+ };
+ opp-900000000 {
+ opp-hz = /bits/ 64 <900000000>;
+ opp-microvolt = <1050000>;
+ clock-latency-ns = <140000>;
+ };
+ opp-1000000000 {
+ opp-hz = /bits/ 64 <1000000000>;
+ opp-microvolt = <1075000>;
+ clock-latency-ns = <140000>;
+ };
+ opp-1100000000 {
+ opp-hz = /bits/ 64 <1100000000>;
+ opp-microvolt = <1100000>;
+ clock-latency-ns = <140000>;
+ };
+ opp-1200000000 {
+ opp-hz = /bits/ 64 <1200000000>;
+ opp-microvolt = <1125000>;
+ clock-latency-ns = <140000>;
+ };
+ opp-1300000000 {
+ opp-hz = /bits/ 64 <1300000000>;
+ opp-microvolt = <1150000>;
+ clock-latency-ns = <140000>;
+ };
+ opp-1400000000 {
+ opp-hz = /bits/ 64 <1400000000>;
+ opp-microvolt = <1200000>;
+ clock-latency-ns = <140000>;
+ };
+ opp-1500000000 {
+ opp-hz = /bits/ 64 <1500000000>;
+ opp-microvolt = <1225000>;
+ clock-latency-ns = <140000>;
+ };
+ opp-1600000000 {
+ opp-hz = /bits/ 64 <1600000000>;
+ opp-microvolt = <1250000>;
+ clock-latency-ns = <140000>;
+ };
+ opp-1700000000 {
+ opp-hz = /bits/ 64 <1700000000>;
+ opp-microvolt = <1300000>;
+ clock-latency-ns = <140000>;
+ };
+ };
+
soc: soc {
sysram@2020000 {
compatible = "mmio-sram";
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 198/361] ARM: dts: exynos: Mark 1 GHz CPU OPP as suspend OPP on Exynos5250
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (196 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 197/361] ARM: dts: exynos: Convert exynos5250.dtsi to opp-v2 bindings Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 199/361] xen-swiotlb: use actually allocated size on check physical continuous Greg Kroah-Hartman
` (165 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marek Szyprowski, Chanwoo Choi,
Bartlomiej Zolnierkiewicz, Krzysztof Kozlowski
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Marek Szyprowski <m.szyprowski@samsung.com>
commit 645b23da6f8b47f295fa87051335d41d139717a5 upstream.
1 GHz CPU OPP is the default boot value for the Exynos5250 SOC, so mark it
as suspend OPP. This fixes suspend/resume on Samsung Exynos5250 Snow
Chomebook, which was broken since switching to generic cpufreq-dt driver
in v4.3.
Cc: <stable@vger.kernel.org> # 4.3.x: cd6f55457eb4: ARM: dts: exynos: Remove "cooling-{min|max}-level" for CPU nodes
Cc: <stable@vger.kernel.org> # 4.3.x: 672f33198bee: arm: dts: exynos: Add missing cooling device properties for CPUs
Cc: <stable@vger.kernel.org> # 4.3.x
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Reviewed-by: Chanwoo Choi <cw00.choi@samsung.com>
Acked-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/boot/dts/exynos5250.dtsi | 1 +
1 file changed, 1 insertion(+)
--- a/arch/arm/boot/dts/exynos5250.dtsi
+++ b/arch/arm/boot/dts/exynos5250.dtsi
@@ -118,6 +118,7 @@
opp-hz = /bits/ 64 <1000000000>;
opp-microvolt = <1075000>;
clock-latency-ns = <140000>;
+ opp-suspend;
};
opp-1100000000 {
opp-hz = /bits/ 64 <1100000000>;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 199/361] xen-swiotlb: use actually allocated size on check physical continuous
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (197 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 198/361] ARM: dts: exynos: Mark 1 GHz CPU OPP as suspend OPP on Exynos5250 Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 200/361] tpm: Restore functionality to xen vtpm driver Greg Kroah-Hartman
` (164 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Joe Jin, Konrad Rzeszutek Wilk,
Boris Ostrovsky, Christoph Helwig, Dongli Zhang, John Sobecki
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Joe Jin <joe.jin@oracle.com>
commit 7250f422da0480d8512b756640f131b9b893ccda upstream.
xen_swiotlb_{alloc,free}_coherent() allocate/free memory based on the
order of the pages and not size argument (bytes). This is inconsistent with
range_straddles_page_boundary and memset which use the 'size' value,
which may lead to not exchanging memory with Xen (range_straddles_page_boundary()
returned true). And then the call to xen_swiotlb_free_coherent() would
actually try to exchange the memory with Xen, leading to the kernel
hitting an BUG (as the hypercall returned an error).
This patch fixes it by making the 'size' variable be of the same size
as the amount of memory allocated.
CC: stable@vger.kernel.org
Signed-off-by: Joe Jin <joe.jin@oracle.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: Christoph Helwig <hch@lst.de>
Cc: Dongli Zhang <dongli.zhang@oracle.com>
Cc: John Sobecki <john.sobecki@oracle.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/xen/swiotlb-xen.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/drivers/xen/swiotlb-xen.c
+++ b/drivers/xen/swiotlb-xen.c
@@ -303,6 +303,9 @@ xen_swiotlb_alloc_coherent(struct device
*/
flags &= ~(__GFP_DMA | __GFP_HIGHMEM);
+ /* Convert the size to actually allocated. */
+ size = 1UL << (order + XEN_PAGE_SHIFT);
+
/* On ARM this function returns an ioremap'ped virtual address for
* which virt_to_phys doesn't return the corresponding physical
* address. In fact on ARM virt_to_phys only works for kernel direct
@@ -351,6 +354,9 @@ xen_swiotlb_free_coherent(struct device
* physical address */
phys = xen_bus_to_phys(dev_addr);
+ /* Convert the size to actually allocated. */
+ size = 1UL << (order + XEN_PAGE_SHIFT);
+
if (((dev_addr + size - 1 <= dma_mask)) ||
range_straddles_page_boundary(phys, size))
xen_destroy_contiguous_region(phys, order);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 200/361] tpm: Restore functionality to xen vtpm driver.
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (198 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 199/361] xen-swiotlb: use actually allocated size on check physical continuous Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 201/361] xen/blkfront: avoid NULL blkfront_info dereference on device removal Greg Kroah-Hartman
` (163 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dr. Greg Wettstein, Boris Ostrovsky,
Jarkko Sakkinen
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dr. Greg Wettstein <greg@wind.enjellic.com>
commit e487a0f52301293152a6f8c4e217f2a11dd808e3 upstream.
Functionality of the xen-tpmfront driver was lost secondary to
the introduction of xenbus multi-page support in commit ccc9d90a9a8b
("xenbus_client: Extend interface to support multi-page ring").
In this commit pointer to location of where the shared page address
is stored was being passed to the xenbus_grant_ring() function rather
then the address of the shared page itself. This resulted in a situation
where the driver would attach to the vtpm-stubdom but any attempt
to send a command to the stub domain would timeout.
A diagnostic finding for this regression is the following error
message being generated when the xen-tpmfront driver probes for a
device:
<3>vtpm vtpm-0: tpm_transmit: tpm_send: error -62
<3>vtpm vtpm-0: A TPM error (-62) occurred attempting to determine
the timeouts
This fix is relevant to all kernels from 4.1 forward which is the
release in which multi-page xenbus support was introduced.
Daniel De Graaf formulated the fix by code inspection after the
regression point was located.
Fixes: ccc9d90a9a8b ("xenbus_client: Extend interface to support multi-page ring")
Signed-off-by: Dr. Greg Wettstein <greg@enjellic.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[boris: Updated commit message, added Fixes tag]
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: stable@vger.kernel.org # v4.1+
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
---
drivers/char/tpm/xen-tpmfront.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/char/tpm/xen-tpmfront.c
+++ b/drivers/char/tpm/xen-tpmfront.c
@@ -264,7 +264,7 @@ static int setup_ring(struct xenbus_devi
return -ENOMEM;
}
- rv = xenbus_grant_ring(dev, &priv->shr, 1, &gref);
+ rv = xenbus_grant_ring(dev, priv->shr, 1, &gref);
if (rv < 0)
return rv;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 201/361] xen/blkfront: avoid NULL blkfront_info dereference on device removal
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (199 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 200/361] tpm: Restore functionality to xen vtpm driver Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 202/361] xen/balloon: Support xend-based toolstack Greg Kroah-Hartman
` (162 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vasilis Liaskovitis,
Roger Pau Monné,
Konrad Rzeszutek Wilk, Jens Axboe
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vasilis Liaskovitis <vliaskovitis@suse.com>
commit f92898e7f32e3533bfd95be174044bc349d416ca upstream.
If a block device is hot-added when we are out of grants,
gnttab_grant_foreign_access fails with -ENOSPC (log message "28
granting access to ring page") in this code path:
talk_to_blkback ->
setup_blkring ->
xenbus_grant_ring ->
gnttab_grant_foreign_access
and the failing path in talk_to_blkback sets the driver_data to NULL:
destroy_blkring:
blkif_free(info, 0);
mutex_lock(&blkfront_mutex);
free_info(info);
mutex_unlock(&blkfront_mutex);
dev_set_drvdata(&dev->dev, NULL);
This results in a NULL pointer BUG when blkfront_remove and blkif_free
try to access the failing device's NULL struct blkfront_info.
Cc: stable@vger.kernel.org # 4.5 and later
Signed-off-by: Vasilis Liaskovitis <vliaskovitis@suse.com>
Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/block/xen-blkfront.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/block/xen-blkfront.c
+++ b/drivers/block/xen-blkfront.c
@@ -2493,6 +2493,9 @@ static int blkfront_remove(struct xenbus
dev_dbg(&xbdev->dev, "%s removed", xbdev->nodename);
+ if (!info)
+ return 0;
+
blkif_free(info, 0);
mutex_lock(&info->mutex);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 202/361] xen/balloon: Support xend-based toolstack
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (200 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 201/361] xen/blkfront: avoid NULL blkfront_info dereference on device removal Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 203/361] xen: fix race in xen_qlock_wait() Greg Kroah-Hartman
` (161 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Boris Ostrovsky, Juergen Gross
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Boris Ostrovsky <boris.ostrovsky@oracle.com>
commit 3aa6c19d2f38be9c6e9a8ad5fa8e3c9d29ee3c35 upstream.
Xend-based toolstacks don't have static-max entry in xenstore. The
equivalent node for those toolstacks is memory_static_max.
Fixes: 5266b8e4445c (xen: fix booting ballooned down hvm guest)
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: <stable@vger.kernel.org> # 4.13
Reviewed-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/xen/xen-balloon.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
--- a/drivers/xen/xen-balloon.c
+++ b/drivers/xen/xen-balloon.c
@@ -76,12 +76,15 @@ static void watch_target(struct xenbus_w
if (!watch_fired) {
watch_fired = true;
- err = xenbus_scanf(XBT_NIL, "memory", "static-max", "%llu",
- &static_max);
- if (err != 1)
- static_max = new_target;
- else
+
+ if ((xenbus_scanf(XBT_NIL, "memory", "static-max",
+ "%llu", &static_max) == 1) ||
+ (xenbus_scanf(XBT_NIL, "memory", "memory_static_max",
+ "%llu", &static_max) == 1))
static_max >>= PAGE_SHIFT - 10;
+ else
+ static_max = new_target;
+
target_diff = (xen_pv_domain() || xen_initial_domain()) ? 0
: static_max - balloon_stats.target_pages;
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 203/361] xen: fix race in xen_qlock_wait()
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (201 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 202/361] xen/balloon: Support xend-based toolstack Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 204/361] xen: make xen_qlock_wait() nestable Greg Kroah-Hartman
` (160 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Waiman.Long, peterz, Juergen Gross,
Jan Beulich
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Juergen Gross <jgross@suse.com>
commit 2ac2a7d4d9ff4e01e36f9c3d116582f6f655ab47 upstream.
In the following situation a vcpu waiting for a lock might not be
woken up from xen_poll_irq():
CPU 1: CPU 2: CPU 3:
takes a spinlock
tries to get lock
-> xen_qlock_wait()
frees the lock
-> xen_qlock_kick(cpu2)
-> xen_clear_irq_pending()
takes lock again
tries to get lock
-> *lock = _Q_SLOW_VAL
-> *lock == _Q_SLOW_VAL ?
-> xen_poll_irq()
frees the lock
-> xen_qlock_kick(cpu3)
And cpu 2 will sleep forever.
This can be avoided easily by modifying xen_qlock_wait() to call
xen_poll_irq() only if the related irq was not pending and to call
xen_clear_irq_pending() only if it was pending.
Cc: stable@vger.kernel.org
Cc: Waiman.Long@hp.com
Cc: peterz@infradead.org
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/xen/spinlock.c | 15 +++++----------
1 file changed, 5 insertions(+), 10 deletions(-)
--- a/arch/x86/xen/spinlock.c
+++ b/arch/x86/xen/spinlock.c
@@ -45,17 +45,12 @@ static void xen_qlock_wait(u8 *byte, u8
if (irq == -1)
return;
- /* clear pending */
- xen_clear_irq_pending(irq);
- barrier();
+ /* If irq pending already clear it and return. */
+ if (xen_test_irq_pending(irq)) {
+ xen_clear_irq_pending(irq);
+ return;
+ }
- /*
- * We check the byte value after clearing pending IRQ to make sure
- * that we won't miss a wakeup event because of the clearing.
- *
- * The sync_clear_bit() call in xen_clear_irq_pending() is atomic.
- * So it is effectively a memory barrier for x86.
- */
if (READ_ONCE(*byte) != val)
return;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 204/361] xen: make xen_qlock_wait() nestable
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (202 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 203/361] xen: fix race in xen_qlock_wait() Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 205/361] xen/pvh: increase early stack size Greg Kroah-Hartman
` (159 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Waiman.Long, peterz, Juergen Gross,
Jan Beulich
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Juergen Gross <jgross@suse.com>
commit a856531951dc8094359dfdac21d59cee5969c18e upstream.
xen_qlock_wait() isn't safe for nested calls due to interrupts. A call
of xen_qlock_kick() might be ignored in case a deeper nesting level
was active right before the call of xen_poll_irq():
CPU 1: CPU 2:
spin_lock(lock1)
spin_lock(lock1)
-> xen_qlock_wait()
-> xen_clear_irq_pending()
Interrupt happens
spin_unlock(lock1)
-> xen_qlock_kick(CPU 2)
spin_lock_irqsave(lock2)
spin_lock_irqsave(lock2)
-> xen_qlock_wait()
-> xen_clear_irq_pending()
clears kick for lock1
-> xen_poll_irq()
spin_unlock_irq_restore(lock2)
-> xen_qlock_kick(CPU 2)
wakes up
spin_unlock_irq_restore(lock2)
IRET
resumes in xen_qlock_wait()
-> xen_poll_irq()
never wakes up
The solution is to disable interrupts in xen_qlock_wait() and not to
poll for the irq in case xen_qlock_wait() is called in nmi context.
Cc: stable@vger.kernel.org
Cc: Waiman.Long@hp.com
Cc: peterz@infradead.org
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/xen/spinlock.c | 24 ++++++++++--------------
1 file changed, 10 insertions(+), 14 deletions(-)
--- a/arch/x86/xen/spinlock.c
+++ b/arch/x86/xen/spinlock.c
@@ -39,29 +39,25 @@ static void xen_qlock_kick(int cpu)
*/
static void xen_qlock_wait(u8 *byte, u8 val)
{
+ unsigned long flags;
int irq = __this_cpu_read(lock_kicker_irq);
/* If kicker interrupts not initialized yet, just spin */
- if (irq == -1)
+ if (irq == -1 || in_nmi())
return;
- /* If irq pending already clear it and return. */
+ /* Guard against reentry. */
+ local_irq_save(flags);
+
+ /* If irq pending already clear it. */
if (xen_test_irq_pending(irq)) {
xen_clear_irq_pending(irq);
- return;
+ } else if (READ_ONCE(*byte) == val) {
+ /* Block until irq becomes pending (or a spurious wakeup) */
+ xen_poll_irq(irq);
}
- if (READ_ONCE(*byte) != val)
- return;
-
- /*
- * If an interrupt happens here, it will leave the wakeup irq
- * pending, which will cause xen_poll_irq() to return
- * immediately.
- */
-
- /* Block until irq becomes pending (or perhaps a spurious wakeup) */
- xen_poll_irq(irq);
+ local_irq_restore(flags);
}
static irqreturn_t dummy_handler(int irq, void *dev_id)
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 205/361] xen/pvh: increase early stack size
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (203 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 204/361] xen: make xen_qlock_wait() nestable Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 206/361] xen/pvh: dont try to unplug emulated devices Greg Kroah-Hartman
` (158 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Roger Pau Monné, Juergen Gross
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Roger Pau Monne <roger.pau@citrix.com>
commit 7deecbda3026f5e2a8cc095d7ef7261a920efcf2 upstream.
While booting on an AMD EPYC box the stack canary would detect stack
overflows when using the current PVH early stack size (256). Switch to
using the value defined by BOOT_STACK_SIZE, which prevents the stack
overflow.
Cc: <stable@vger.kernel.org> # 4.11
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/xen/xen-pvh.S | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/x86/xen/xen-pvh.S
+++ b/arch/x86/xen/xen-pvh.S
@@ -181,7 +181,7 @@ canary:
.fill 48, 1, 0
early_stack:
- .fill 256, 1, 0
+ .fill BOOT_STACK_SIZE, 1, 0
early_stack_end:
ELFNOTE(Xen, XEN_ELFNOTE_PHYS32_ENTRY,
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 206/361] xen/pvh: dont try to unplug emulated devices
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (204 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 205/361] xen/pvh: increase early stack size Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 207/361] libertas: dont set URB_ZERO_PACKET on IN USB transfer Greg Kroah-Hartman
` (157 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Juergen Gross, Boris Ostrovsky
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Juergen Gross <jgross@suse.com>
commit e6111161c0a02d58919d776eec94b313bb57911f upstream.
A Xen PVH guest has no associated qemu device model, so trying to
unplug any emulated devices is making no sense at all.
Bail out early from xen_unplug_emulated_devices() when running as PVH
guest. This will avoid issuing the boot message:
[ 0.000000] Xen Platform PCI: unrecognised magic value
Cc: <stable@vger.kernel.org> # 4.11
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/xen/platform-pci-unplug.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/arch/x86/xen/platform-pci-unplug.c
+++ b/arch/x86/xen/platform-pci-unplug.c
@@ -146,6 +146,10 @@ void xen_unplug_emulated_devices(void)
{
int r;
+ /* PVH guests don't have emulated devices. */
+ if (xen_pvh_domain())
+ return;
+
/* user explicitly requested no unplug */
if (xen_emul_unplug & XEN_UNPLUG_NEVER)
return;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 207/361] libertas: dont set URB_ZERO_PACKET on IN USB transfer
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (205 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 206/361] xen/pvh: dont try to unplug emulated devices Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 208/361] usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten Greg Kroah-Hartman
` (156 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Lubomir Rintel, Kalle Valo
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lubomir Rintel <lkundrak@v3.sk>
commit 6528d88047801b80d2a5370ad46fb6eff2f509e0 upstream.
The USB core gets rightfully upset:
usb 1-1: BOGUS urb flags, 240 --> 200
WARNING: CPU: 0 PID: 60 at drivers/usb/core/urb.c:503 usb_submit_urb+0x2f8/0x3ed
Modules linked in:
CPU: 0 PID: 60 Comm: kworker/0:3 Not tainted 4.19.0-rc6-00319-g5206d00a45c7 #39
Hardware name: OLPC XO/XO, BIOS OLPC Ver 1.00.01 06/11/2014
Workqueue: events request_firmware_work_func
EIP: usb_submit_urb+0x2f8/0x3ed
Code: 75 06 8b 8f 80 00 00 00 8d 47 78 89 4d e4 89 55 e8 e8 35 1c f6 ff 8b 55 e8 56 52 8b 4d e4 51 50 68 e3 ce c7 c0 e8 ed 18 c6 ff <0f> 0b 83 c4 14 80 7d ef 01 74 0a 80 7d ef 03 0f 85 b8 00 00 00 8b
EAX: 00000025 EBX: ce7d4980 ECX: 00000000 EDX: 00000001
ESI: 00000200 EDI: ce7d8800 EBP: ce7f5ea8 ESP: ce7f5e70
DS: 007b ES: 007b FS: 0000 GS: 00e0 SS: 0068 EFLAGS: 00210292
CR0: 80050033 CR2: 00000000 CR3: 00e80000 CR4: 00000090
Call Trace:
? if_usb_fw_timeo+0x64/0x64
__if_usb_submit_rx_urb+0x85/0xe6
? if_usb_fw_timeo+0x64/0x64
if_usb_submit_rx_urb_fwload+0xd/0xf
if_usb_prog_firmware+0xc0/0x3db
? _request_firmware+0x54/0x47b
? _request_firmware+0x89/0x47b
? if_usb_probe+0x412/0x412
lbs_fw_loaded+0x55/0xa6
? debug_smp_processor_id+0x12/0x14
helper_firmware_cb+0x3c/0x3f
request_firmware_work_func+0x37/0x6f
process_one_work+0x164/0x25a
worker_thread+0x1c4/0x284
kthread+0xec/0xf1
? cancel_delayed_work_sync+0xf/0xf
? kthread_create_on_node+0x1a/0x1a
ret_from_fork+0x2e/0x38
---[ end trace 3ef1e3b2dd53852f ]---
Cc: stable@vger.kernel.org
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/marvell/libertas/if_usb.c | 2 --
1 file changed, 2 deletions(-)
--- a/drivers/net/wireless/marvell/libertas/if_usb.c
+++ b/drivers/net/wireless/marvell/libertas/if_usb.c
@@ -456,8 +456,6 @@ static int __if_usb_submit_rx_urb(struct
MRVDRV_ETH_RX_PACKET_BUFFER_SIZE, callbackfn,
cardp);
- cardp->rx_urb->transfer_flags |= URB_ZERO_PACKET;
-
lbs_deb_usb2(&cardp->udev->dev, "Pointer for rx_urb %p\n", cardp->rx_urb);
if ((ret = usb_submit_urb(cardp->rx_urb, GFP_ATOMIC))) {
lbs_deb_usbd(&cardp->udev->dev, "Submit Rx URB failed: %d\n", ret);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 208/361] usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (206 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 207/361] libertas: dont set URB_ZERO_PACKET on IN USB transfer Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 209/361] usb: typec: tcpm: Fix APDO PPS order checking to be based on voltage Greg Kroah-Hartman
` (155 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Randy Dunlap, Shuah Khan (Samsung OSG)
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Shuah Khan (Samsung OSG) <shuah@kernel.org>
commit e28fd56ad5273be67d0fae5bedc7e1680e729952 upstream.
In rmmod path, usbip_vudc does platform_device_put() twice once from
platform_device_unregister() and then from put_vudc_device().
The second put results in:
BUG kmalloc-2048 (Not tainted): Poison overwritten error or
BUG: KASAN: use-after-free in kobject_put+0x1e/0x230 if KASAN is
enabled.
[ 169.042156] calling init+0x0/0x1000 [usbip_vudc] @ 1697
[ 169.042396] =============================================================================
[ 169.043678] probe of usbip-vudc.0 returned 1 after 350 usecs
[ 169.044508] BUG kmalloc-2048 (Not tainted): Poison overwritten
[ 169.044509] -----------------------------------------------------------------------------
...
[ 169.057849] INFO: Freed in device_release+0x2b/0x80 age=4223 cpu=3 pid=1693
[ 169.057852] kobject_put+0x86/0x1b0
[ 169.057853] 0xffffffffc0c30a96
[ 169.057855] __x64_sys_delete_module+0x157/0x240
Fix it to call platform_device_del() instead and let put_vudc_device() do
the platform_device_put().
Reported-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Shuah Khan (Samsung OSG) <shuah@kernel.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/usbip/vudc_main.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
--- a/drivers/usb/usbip/vudc_main.c
+++ b/drivers/usb/usbip/vudc_main.c
@@ -73,6 +73,10 @@ static int __init init(void)
cleanup:
list_for_each_entry_safe(udc_dev, udc_dev2, &vudc_devices, dev_entry) {
list_del(&udc_dev->dev_entry);
+ /*
+ * Just do platform_device_del() here, put_vudc_device()
+ * calls the platform_device_put()
+ */
platform_device_del(udc_dev->pdev);
put_vudc_device(udc_dev);
}
@@ -89,7 +93,11 @@ static void __exit cleanup(void)
list_for_each_entry_safe(udc_dev, udc_dev2, &vudc_devices, dev_entry) {
list_del(&udc_dev->dev_entry);
- platform_device_unregister(udc_dev->pdev);
+ /*
+ * Just do platform_device_del() here, put_vudc_device()
+ * calls the platform_device_put()
+ */
+ platform_device_del(udc_dev->pdev);
put_vudc_device(udc_dev);
}
platform_driver_unregister(&vudc_driver);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 209/361] usb: typec: tcpm: Fix APDO PPS order checking to be based on voltage
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (207 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 208/361] usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 210/361] usb: gadget: udc: renesas_usb3: Fix b-device mode for "workaround" Greg Kroah-Hartman
` (154 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Adam Thomson, Heikki Krogerus, Guenter Roeck
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Adam Thomson <Adam.Thomson.Opensource@diasemi.com>
commit 1b6af2f58c2b1522e0804b150ca95e50a9e80ea7 upstream.
Current code mistakenly checks against max current to determine
order but this should be max voltage. This commit fixes the issue
so order is correctly determined, thus avoiding failure based on
a higher voltage PPS APDO having a lower maximum current output,
which is actually valid.
Fixes: 2eadc33f40d4 ("typec: tcpm: Add core support for sink side PPS")
Cc: <stable@vger.kernel.org>
Signed-off-by: Adam Thomson <Adam.Thomson.Opensource@diasemi.com>
Reviewed-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/typec/tcpm.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/usb/typec/tcpm.c
+++ b/drivers/usb/typec/tcpm.c
@@ -1430,8 +1430,8 @@ static enum pdo_err tcpm_caps_err(struct
if (pdo_apdo_type(pdo[i]) != APDO_TYPE_PPS)
break;
- if (pdo_pps_apdo_max_current(pdo[i]) <
- pdo_pps_apdo_max_current(pdo[i - 1]))
+ if (pdo_pps_apdo_max_voltage(pdo[i]) <
+ pdo_pps_apdo_max_voltage(pdo[i - 1]))
return PDO_ERR_PPS_APDO_NOT_SORTED;
else if (pdo_pps_apdo_min_voltage(pdo[i]) ==
pdo_pps_apdo_min_voltage(pdo[i - 1]) &&
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 210/361] usb: gadget: udc: renesas_usb3: Fix b-device mode for "workaround"
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (208 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 209/361] usb: typec: tcpm: Fix APDO PPS order checking to be based on voltage Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 211/361] mt76: mt76x2: fix multi-interface beacon configuration Greg Kroah-Hartman
` (153 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Yoshihiro Shimoda, Felipe Balbi
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
commit afc92514a34c7414b28047b1205a6b709103c699 upstream.
If the "workaround_for_vbus" is true, the driver will not call
usb_disconnect(). So, since the controller keeps some registers'
value, the driver doesn't re-enumarate suitable speed after
the b-device mode is disabled. To fix the issue, this patch
adds usb_disconnect() calling in renesas_usb3_b_device_write()
if workaround_for_vbus is true.
Fixes: 43ba968b00ea ("usb: gadget: udc: renesas_usb3: add debugfs to set the b-device mode")
Cc: <stable@vger.kernel.org> # v4.14+
Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/gadget/udc/renesas_usb3.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/usb/gadget/udc/renesas_usb3.c
+++ b/drivers/usb/gadget/udc/renesas_usb3.c
@@ -2437,6 +2437,9 @@ static ssize_t renesas_usb3_b_device_wri
else
usb3->forced_b_device = false;
+ if (usb3->workaround_for_vbus)
+ usb3_disconnect(usb3);
+
/* Let this driver call usb3_connect() anyway */
usb3_check_id(usb3);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 211/361] mt76: mt76x2: fix multi-interface beacon configuration
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (209 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 210/361] usb: gadget: udc: renesas_usb3: Fix b-device mode for "workaround" Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 212/361] iwlwifi: mvm: check return value of rs_rate_from_ucode_rate() Greg Kroah-Hartman
` (152 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Felix Fietkau
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Felix Fietkau <nbd@nbd.name>
commit 5289976ad887deb07c76df7eecf553c264aeebed upstream.
If the first virtual interface is a station (or an AP with beacons
temporarily disabled), the beacon of the second interface needs to
occupy hardware beacon slot 0.
For some reason the beacon index was incorrectly masked with the
virtual interface beacon mask, which prevents the secondary
interface from sending beacons unless the first one also does.
Cc: stable@vger.kernel.org
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/mediatek/mt76/mt76x2_mac.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/drivers/net/wireless/mediatek/mt76/mt76x2_mac.c
+++ b/drivers/net/wireless/mediatek/mt76/mt76x2_mac.c
@@ -128,8 +128,7 @@ __mt76x2_mac_set_beacon(struct mt76x2_de
if (skb) {
ret = mt76_write_beacon(dev, beacon_addr, skb);
if (!ret)
- dev->beacon_data_mask |= BIT(bcn_idx) &
- dev->beacon_mask;
+ dev->beacon_data_mask |= BIT(bcn_idx);
} else {
dev->beacon_data_mask &= ~BIT(bcn_idx);
for (i = 0; i < beacon_len; i += 4)
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 212/361] iwlwifi: mvm: check return value of rs_rate_from_ucode_rate()
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (210 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 211/361] mt76: mt76x2: fix multi-interface beacon configuration Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 213/361] net/ipv4: defensive cipso option parsing Greg Kroah-Hartman
` (151 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Luca Coelho, Kalle Valo
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Luca Coelho <luciano.coelho@intel.com>
commit 3d71c3f1f50cf309bd20659422af549bc784bfff upstream.
The rs_rate_from_ucode_rate() function may return -EINVAL if the rate
is invalid, but none of the callsites check for the error, potentially
making us access arrays with index IWL_RATE_INVALID, which is larger
than the arrays, causing an out-of-bounds access. This will trigger
KASAN warnings, such as the one reported in the bugzilla issue
mentioned below.
This fixes https://bugzilla.kernel.org/show_bug.cgi?id=200659
Cc: stable@vger.kernel.org
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/intel/iwlwifi/mvm/rs.c | 24 +++++++++++++++++++-----
1 file changed, 19 insertions(+), 5 deletions(-)
--- a/drivers/net/wireless/intel/iwlwifi/mvm/rs.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/rs.c
@@ -1239,7 +1239,11 @@ void iwl_mvm_rs_tx_status(struct iwl_mvm
!(info->flags & IEEE80211_TX_STAT_AMPDU))
return;
- rs_rate_from_ucode_rate(tx_resp_hwrate, info->band, &tx_resp_rate);
+ if (rs_rate_from_ucode_rate(tx_resp_hwrate, info->band,
+ &tx_resp_rate)) {
+ WARN_ON_ONCE(1);
+ return;
+ }
#ifdef CONFIG_MAC80211_DEBUGFS
/* Disable last tx check if we are debugging with fixed rate but
@@ -1290,7 +1294,10 @@ void iwl_mvm_rs_tx_status(struct iwl_mvm
*/
table = &lq_sta->lq;
lq_hwrate = le32_to_cpu(table->rs_table[0]);
- rs_rate_from_ucode_rate(lq_hwrate, info->band, &lq_rate);
+ if (rs_rate_from_ucode_rate(lq_hwrate, info->band, &lq_rate)) {
+ WARN_ON_ONCE(1);
+ return;
+ }
/* Here we actually compare this rate to the latest LQ command */
if (lq_color != LQ_FLAG_COLOR_GET(table->flags)) {
@@ -1392,8 +1399,12 @@ void iwl_mvm_rs_tx_status(struct iwl_mvm
/* Collect data for each rate used during failed TX attempts */
for (i = 0; i <= retries; ++i) {
lq_hwrate = le32_to_cpu(table->rs_table[i]);
- rs_rate_from_ucode_rate(lq_hwrate, info->band,
- &lq_rate);
+ if (rs_rate_from_ucode_rate(lq_hwrate, info->band,
+ &lq_rate)) {
+ WARN_ON_ONCE(1);
+ return;
+ }
+
/*
* Only collect stats if retried rate is in the same RS
* table as active/search.
@@ -3262,7 +3273,10 @@ static void rs_build_rates_table_from_fi
for (i = 0; i < num_rates; i++)
lq_cmd->rs_table[i] = ucode_rate_le32;
- rs_rate_from_ucode_rate(ucode_rate, band, &rate);
+ if (rs_rate_from_ucode_rate(ucode_rate, band, &rate)) {
+ WARN_ON_ONCE(1);
+ return;
+ }
if (is_mimo(&rate))
lq_cmd->mimo_delim = num_rates - 1;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 213/361] net/ipv4: defensive cipso option parsing
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (211 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 212/361] iwlwifi: mvm: check return value of rs_rate_from_ucode_rate() Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 214/361] dmaengine: ppc4xx: fix off-by-one build failure Greg Kroah-Hartman
` (150 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stefan Nuernberger, David Woodhouse,
Simon Veith, Paul Moore, David S. Miller
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stefan Nuernberger <snu@amazon.com>
commit 076ed3da0c9b2f88d9157dbe7044a45641ae369e upstream.
commit 40413955ee26 ("Cipso: cipso_v4_optptr enter infinite loop") fixed
a possible infinite loop in the IP option parsing of CIPSO. The fix
assumes that ip_options_compile filtered out all zero length options and
that no other one-byte options beside IPOPT_END and IPOPT_NOOP exist.
While this assumption currently holds true, add explicit checks for zero
length and invalid length options to be safe for the future. Even though
ip_options_compile should have validated the options, the introduction of
new one-byte options can still confuse this code without the additional
checks.
Signed-off-by: Stefan Nuernberger <snu@amazon.com>
Cc: David Woodhouse <dwmw@amazon.co.uk>
Cc: Simon Veith <sveith@amazon.de>
Cc: stable@vger.kernel.org
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/cipso_ipv4.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
--- a/net/ipv4/cipso_ipv4.c
+++ b/net/ipv4/cipso_ipv4.c
@@ -1512,7 +1512,7 @@ static int cipso_v4_parsetag_loc(const s
*
* Description:
* Parse the packet's IP header looking for a CIPSO option. Returns a pointer
- * to the start of the CIPSO option on success, NULL if one if not found.
+ * to the start of the CIPSO option on success, NULL if one is not found.
*
*/
unsigned char *cipso_v4_optptr(const struct sk_buff *skb)
@@ -1522,10 +1522,8 @@ unsigned char *cipso_v4_optptr(const str
int optlen;
int taglen;
- for (optlen = iph->ihl*4 - sizeof(struct iphdr); optlen > 0; ) {
+ for (optlen = iph->ihl*4 - sizeof(struct iphdr); optlen > 1; ) {
switch (optptr[0]) {
- case IPOPT_CIPSO:
- return optptr;
case IPOPT_END:
return NULL;
case IPOPT_NOOP:
@@ -1534,6 +1532,11 @@ unsigned char *cipso_v4_optptr(const str
default:
taglen = optptr[1];
}
+ if (!taglen || taglen > optlen)
+ return NULL;
+ if (optptr[0] == IPOPT_CIPSO)
+ return optptr;
+
optlen -= taglen;
optptr += taglen;
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 214/361] dmaengine: ppc4xx: fix off-by-one build failure
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (212 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 213/361] net/ipv4: defensive cipso option parsing Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 215/361] scsi: sched/wait: Add wait_event_lock_irq_timeout for TASK_UNINTERRUPTIBLE usage Greg Kroah-Hartman
` (149 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Christian Lamparter, Vinod Koul
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christian Lamparter <chunkeey@gmail.com>
commit 27d8d2d7a9b7eb05c4484b74b749eaee7b50b845 upstream.
There are two poly_store, but one should have been poly_show.
|adma.c:4382:16: error: conflicting types for 'poly_store'
| static ssize_t poly_store(struct device_driver *dev, const char *buf,
| ^~~~~~~~~~
|adma.c:4363:16: note: previous definition of 'poly_store' was here
| static ssize_t poly_store(struct device_driver *dev, char *buf)
| ^~~~~~~~~~
CC: stable@vger.kernel.org
Fixes: 13efe1a05384 ("dmaengine: ppc4xx: remove DRIVER_ATTR() usage")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/dma/ppc4xx/adma.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/dma/ppc4xx/adma.c
+++ b/drivers/dma/ppc4xx/adma.c
@@ -4360,7 +4360,7 @@ static ssize_t enable_store(struct devic
}
static DRIVER_ATTR_RW(enable);
-static ssize_t poly_store(struct device_driver *dev, char *buf)
+static ssize_t poly_show(struct device_driver *dev, char *buf)
{
ssize_t size = 0;
u32 reg;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 215/361] scsi: sched/wait: Add wait_event_lock_irq_timeout for TASK_UNINTERRUPTIBLE usage
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (213 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 214/361] dmaengine: ppc4xx: fix off-by-one build failure Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 216/361] scsi: target: Fix target_wait_for_sess_cmds breakage with active signals Greg Kroah-Hartman
` (148 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bart Van Assche, Mike Christie,
Hannes Reinecke, Christoph Hellwig, Sagi Grimberg, Bryant G. Ly,
Peter Zijlstra (Intel),
Nicholas Bellinger, Bryant G. Ly, Martin K. Petersen
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nicholas Bellinger <nab@linux-iscsi.org>
commit 25ab0bc334b43bbbe4eabc255006ce42a9424da2 upstream.
Short of reverting commit 00d909a10710 ("scsi: target: Make the session
shutdown code also wait for commands that are being aborted") for v4.19,
target-core needs a wait_event_t macro can be executed using
TASK_UNINTERRUPTIBLE to function correctly with existing fabric drivers that
expect to run with signals pending during session shutdown and active se_cmd
I/O quiesce.
The most notable is iscsi-target/iser-target, while ibmvscsi_tgt invokes
session shutdown logic from userspace via configfs attribute that could also
potentially have signals pending.
So go ahead and introduce wait_event_lock_irq_timeout() to achieve this, and
update + rename __wait_event_lock_irq_timeout() to make it accept 'state' as a
parameter.
Fixes: 00d909a10710 ("scsi: target: Make the session shutdown code also wait for commands that are being aborted")
Cc: <stable@vger.kernel.org> # v4.19+
Cc: Bart Van Assche <bvanassche@acm.org>
Cc: Mike Christie <mchristi@redhat.com>
Cc: Hannes Reinecke <hare@suse.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Sagi Grimberg <sagi@grimberg.me>
Cc: Bryant G. Ly <bryantly@linux.vnet.ibm.com>
Cc: Peter Zijlstra (Intel) <peterz@infradead.org>
Tested-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Reviewed-by: Bryant G. Ly <bly@catalogicsoftware.com>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/wait.h | 20 +++++++++++++++-----
1 file changed, 15 insertions(+), 5 deletions(-)
--- a/include/linux/wait.h
+++ b/include/linux/wait.h
@@ -1052,10 +1052,9 @@ do { \
__ret; \
})
-#define __wait_event_interruptible_lock_irq_timeout(wq_head, condition, \
- lock, timeout) \
+#define __wait_event_lock_irq_timeout(wq_head, condition, lock, timeout, state) \
___wait_event(wq_head, ___wait_cond_timeout(condition), \
- TASK_INTERRUPTIBLE, 0, timeout, \
+ state, 0, timeout, \
spin_unlock_irq(&lock); \
__ret = schedule_timeout(__ret); \
spin_lock_irq(&lock));
@@ -1089,8 +1088,19 @@ do { \
({ \
long __ret = timeout; \
if (!___wait_cond_timeout(condition)) \
- __ret = __wait_event_interruptible_lock_irq_timeout( \
- wq_head, condition, lock, timeout); \
+ __ret = __wait_event_lock_irq_timeout( \
+ wq_head, condition, lock, timeout, \
+ TASK_INTERRUPTIBLE); \
+ __ret; \
+})
+
+#define wait_event_lock_irq_timeout(wq_head, condition, lock, timeout) \
+({ \
+ long __ret = timeout; \
+ if (!___wait_cond_timeout(condition)) \
+ __ret = __wait_event_lock_irq_timeout( \
+ wq_head, condition, lock, timeout, \
+ TASK_UNINTERRUPTIBLE); \
__ret; \
})
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 216/361] scsi: target: Fix target_wait_for_sess_cmds breakage with active signals
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (214 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 215/361] scsi: sched/wait: Add wait_event_lock_irq_timeout for TASK_UNINTERRUPTIBLE usage Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 217/361] libnvdimm: Hold reference on parent while scheduling async init Greg Kroah-Hartman
` (147 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bart Van Assche, Mike Christie,
Hannes Reinecke, Christoph Hellwig, Sagi Grimberg, Bryant G. Ly,
Nicholas Bellinger, Bryant G. Ly, Martin K. Petersen
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nicholas Bellinger <nab@linux-iscsi.org>
commit 38fe73cc2c96fbc9942b07220f2a4f1bab37392d upstream.
With the addition of commit 00d909a10710 ("scsi: target: Make the session
shutdown code also wait for commands that are being aborted") in v4.19-rc, it
incorrectly assumes no signals will be pending for task_struct executing the
normal session shutdown and I/O quiesce code-path.
For example, iscsi-target and iser-target issue SIGINT to all kthreads as part
of session shutdown. This has been the behaviour since day one.
As-is when signals are pending with se_cmds active in se_sess->sess_cmd_list,
wait_event_interruptible_lock_irq_timeout() returns a negative number and
immediately kills the machine because of the do while (ret <= 0) loop that was
added in commit 00d909a107 to spin while backend I/O is taking any amount of
extended time (say 30 seconds) to complete.
Here's what it looks like in action with debug plus delayed backend I/O
completion:
[ 4951.909951] se_sess: 000000003e7e08fa before target_wait_for_sess_cmds
[ 4951.914600] target_wait_for_sess_cmds: signal_pending: 1
[ 4951.918015] wait_event_interruptible_lock_irq_timeout ret: -512 signal_pending: 1 loop count: 0
[ 4951.921639] wait_event_interruptible_lock_irq_timeout ret: -512 signal_pending: 1 loop count: 1
[ 4951.921944] wait_event_interruptible_lock_irq_timeout ret: -512 signal_pending: 1 loop count: 2
[ 4951.921944] wait_event_interruptible_lock_irq_timeout ret: -512 signal_pending: 1 loop count: 3
[ 4951.921944] wait_event_interruptible_lock_irq_timeout ret: -512 signal_pending: 1 loop count: 4
[ 4951.921944] wait_event_interruptible_lock_irq_timeout ret: -512 signal_pending: 1 loop count: 5
[ 4951.921944] wait_event_interruptible_lock_irq_timeout ret: -512 signal_pending: 1 loop count: 6
[ 4951.921944] wait_event_interruptible_lock_irq_timeout ret: -512 signal_pending: 1 loop count: 7
[ 4951.921944] wait_event_interruptible_lock_irq_timeout ret: -512 signal_pending: 1 loop count: 8
[ 4951.921944] wait_event_interruptible_lock_irq_timeout ret: -512 signal_pending: 1 loop count: 9
... followed by the usual RCU CPU stalls and deadlock.
There was never a case pre commit 00d909a107 where
wait_for_complete(&se_cmd->cmd_wait_comp) was able to be interrupted, so to
address this for v4.19+ moving forward go ahead and use
wait_event_lock_irq_timeout() instead so new code works with all fabric
drivers.
Also for commit 00d909a107, fix a minor regression in
target_release_cmd_kref() to only wake_up the new se_sess->cmd_list_wq only
when shutdown has actually been triggered via se_sess->sess_tearing_down.
Fixes: 00d909a10710 ("scsi: target: Make the session shutdown code also wait for commands that are being aborted")
Cc: <stable@vger.kernel.org> # v4.19+
Cc: Bart Van Assche <bvanassche@acm.org>
Cc: Mike Christie <mchristi@redhat.com>
Cc: Hannes Reinecke <hare@suse.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Sagi Grimberg <sagi@grimberg.me>
Cc: Bryant G. Ly <bryantly@linux.vnet.ibm.com>
Tested-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Reviewed-by: Bryant G. Ly <bly@catalogicsoftware.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/target/target_core_transport.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/target/target_core_transport.c
+++ b/drivers/target/target_core_transport.c
@@ -2754,7 +2754,7 @@ static void target_release_cmd_kref(stru
if (se_sess) {
spin_lock_irqsave(&se_sess->sess_cmd_lock, flags);
list_del_init(&se_cmd->se_cmd_list);
- if (list_empty(&se_sess->sess_cmd_list))
+ if (se_sess->sess_tearing_down && list_empty(&se_sess->sess_cmd_list))
wake_up(&se_sess->cmd_list_wq);
spin_unlock_irqrestore(&se_sess->sess_cmd_lock, flags);
}
@@ -2907,7 +2907,7 @@ void target_wait_for_sess_cmds(struct se
spin_lock_irq(&se_sess->sess_cmd_lock);
do {
- ret = wait_event_interruptible_lock_irq_timeout(
+ ret = wait_event_lock_irq_timeout(
se_sess->cmd_list_wq,
list_empty(&se_sess->sess_cmd_list),
se_sess->sess_cmd_lock, 180 * HZ);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 217/361] libnvdimm: Hold reference on parent while scheduling async init
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (215 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 216/361] scsi: target: Fix target_wait_for_sess_cmds breakage with active signals Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 218/361] libnvdimm, region: Fail badblocks listing for inactive regions Greg Kroah-Hartman
` (146 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alexander Duyck, Dan Williams
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexander Duyck <alexander.h.duyck@linux.intel.com>
commit b6eae0f61db27748606cc00dafcfd1e2c032f0a5 upstream.
Unlike asynchronous initialization in the core we have not yet associated
the device with the parent, and as such the device doesn't hold a reference
to the parent.
In order to resolve that we should be holding a reference on the parent
until the asynchronous initialization has completed.
Cc: <stable@vger.kernel.org>
Fixes: 4d88a97aa9e8 ("libnvdimm: ...base ... infrastructure")
Signed-off-by: Alexander Duyck <alexander.h.duyck@linux.intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/nvdimm/bus.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/nvdimm/bus.c
+++ b/drivers/nvdimm/bus.c
@@ -488,6 +488,8 @@ static void nd_async_device_register(voi
put_device(dev);
}
put_device(dev);
+ if (dev->parent)
+ put_device(dev->parent);
}
static void nd_async_device_unregister(void *d, async_cookie_t cookie)
@@ -507,6 +509,8 @@ void __nd_device_register(struct device
if (!dev)
return;
dev->bus = &nvdimm_bus_type;
+ if (dev->parent)
+ get_device(dev->parent);
get_device(dev);
async_schedule_domain(nd_async_device_register, dev,
&nd_async_domain);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 218/361] libnvdimm, region: Fail badblocks listing for inactive regions
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (216 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 217/361] libnvdimm: Hold reference on parent while scheduling async init Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 219/361] libnvdimm, pmem: Fix badblocks population for raw namespaces Greg Kroah-Hartman
` (145 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johannes Thumshirn, Dave Jiang, Dan Williams
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Williams <dan.j.williams@intel.com>
commit 5d394eee2c102453278d81d9a7cf94c80253486a upstream.
While experimenting with region driver loading the following backtrace
was triggered:
INFO: trying to register non-static key.
the code is fine but needs lockdep annotation.
turning off the locking correctness validator.
[..]
Call Trace:
dump_stack+0x85/0xcb
register_lock_class+0x571/0x580
? __lock_acquire+0x2ba/0x1310
? kernfs_seq_start+0x2a/0x80
__lock_acquire+0xd4/0x1310
? dev_attr_show+0x1c/0x50
? __lock_acquire+0x2ba/0x1310
? kernfs_seq_start+0x2a/0x80
? lock_acquire+0x9e/0x1a0
lock_acquire+0x9e/0x1a0
? dev_attr_show+0x1c/0x50
badblocks_show+0x70/0x190
? dev_attr_show+0x1c/0x50
dev_attr_show+0x1c/0x50
This results from a missing successful call to devm_init_badblocks()
from nd_region_probe(). Block attempts to show badblocks while the
region is not enabled.
Fixes: 6a6bef90425e ("libnvdimm: add mechanism to publish badblocks...")
Cc: <stable@vger.kernel.org>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/nvdimm/region_devs.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
--- a/drivers/nvdimm/region_devs.c
+++ b/drivers/nvdimm/region_devs.c
@@ -560,10 +560,17 @@ static ssize_t region_badblocks_show(str
struct device_attribute *attr, char *buf)
{
struct nd_region *nd_region = to_nd_region(dev);
+ ssize_t rc;
- return badblocks_show(&nd_region->bb, buf, 0);
-}
+ device_lock(dev);
+ if (dev->driver)
+ rc = badblocks_show(&nd_region->bb, buf, 0);
+ else
+ rc = -ENXIO;
+ device_unlock(dev);
+ return rc;
+}
static DEVICE_ATTR(badblocks, 0444, region_badblocks_show, NULL);
static ssize_t resource_show(struct device *dev,
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 219/361] libnvdimm, pmem: Fix badblocks population for raw namespaces
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (217 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 218/361] libnvdimm, region: Fail badblocks listing for inactive regions Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 220/361] ASoC: intel: skylake: Add missing break in skl_tplg_get_token() Greg Kroah-Hartman
` (144 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christoph Hellwig, Jacek Zloch,
Krzysztof Rusocki, Vishal Verma, Dan Williams
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Williams <dan.j.williams@intel.com>
commit 91ed7ac444ef749603a95629a5ec483988c4f14b upstream.
The driver is only initializing bb_res in the devm_memremap_pages()
paths, but the raw namespace case is passing an uninitialized bb_res to
nvdimm_badblocks_populate().
Fixes: e8d513483300 ("memremap: change devm_memremap_pages interface...")
Cc: <stable@vger.kernel.org>
Cc: Christoph Hellwig <hch@lst.de>
Reported-by: Jacek Zloch <jacek.zloch@intel.com>
Reported-by: Krzysztof Rusocki <krzysztof.rusocki@intel.com>
Reviewed-by: Vishal Verma <vishal.l.verma@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/nvdimm/pmem.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/nvdimm/pmem.c
+++ b/drivers/nvdimm/pmem.c
@@ -421,9 +421,11 @@ static int pmem_attach_disk(struct devic
addr = devm_memremap_pages(dev, &pmem->pgmap);
pmem->pfn_flags |= PFN_MAP;
memcpy(&bb_res, &pmem->pgmap.res, sizeof(bb_res));
- } else
+ } else {
addr = devm_memremap(dev, pmem->phys_addr,
pmem->size, ARCH_MEMREMAP_PMEM);
+ memcpy(&bb_res, &nsio->res, sizeof(bb_res));
+ }
/*
* At release time the queue must be frozen before
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 220/361] ASoC: intel: skylake: Add missing break in skl_tplg_get_token()
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (218 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 219/361] libnvdimm, pmem: Fix badblocks population for raw namespaces Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 221/361] ASoC: sta32x: set ->component pointer in private struct Greg Kroah-Hartman
` (143 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai, Mark Brown
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Iwai <tiwai@suse.de>
commit 9c80c5a8831471e0a3e139aad1b0d4c0fdc50b2f upstream.
skl_tplg_get_token() misses a break in the big switch() block for
SKL_TKN_U8_CORE_ID entry.
Spotted nicely by -Wimplicit-fallthrough compiler option.
Fixes: 6277e83292a2 ("ASoC: Intel: Skylake: Parse vendor tokens to build module data")
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/soc/intel/skylake/skl-topology.c | 1 +
1 file changed, 1 insertion(+)
--- a/sound/soc/intel/skylake/skl-topology.c
+++ b/sound/soc/intel/skylake/skl-topology.c
@@ -2461,6 +2461,7 @@ static int skl_tplg_get_token(struct dev
case SKL_TKN_U8_CORE_ID:
mconfig->core_id = tkn_elem->value;
+ break;
case SKL_TKN_U8_MOD_TYPE:
mconfig->m_type = tkn_elem->value;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 221/361] ASoC: sta32x: set ->component pointer in private struct
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (219 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 220/361] ASoC: intel: skylake: Add missing break in skl_tplg_get_token() Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 222/361] IB/mlx5: Fix MR cache initialization Greg Kroah-Hartman
` (142 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Daniel Mack, Mark Brown
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Daniel Mack <daniel@zonque.org>
commit 747df19747bc9752cd40b9cce761e17a033aa5c2 upstream.
The ESD watchdog code in sta32x_watchdog() dereferences the pointer
which is never assigned.
This is a regression from a1be4cead9b950 ("ASoC: sta32x: Convert to direct
regmap API usage.") which went unnoticed since nobody seems to use that ESD
workaround.
Fixes: a1be4cead9b950 ("ASoC: sta32x: Convert to direct regmap API usage.")
Signed-off-by: Daniel Mack <daniel@zonque.org>
Signed-off-by: Mark Brown <broonie@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/soc/codecs/sta32x.c | 3 +++
1 file changed, 3 insertions(+)
--- a/sound/soc/codecs/sta32x.c
+++ b/sound/soc/codecs/sta32x.c
@@ -879,6 +879,9 @@ static int sta32x_probe(struct snd_soc_c
struct sta32x_priv *sta32x = snd_soc_component_get_drvdata(component);
struct sta32x_platform_data *pdata = sta32x->pdata;
int i, ret = 0, thermal = 0;
+
+ sta32x->component = component;
+
ret = regulator_bulk_enable(ARRAY_SIZE(sta32x->supplies),
sta32x->supplies);
if (ret != 0) {
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 222/361] IB/mlx5: Fix MR cache initialization
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (220 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 221/361] ASoC: sta32x: set ->component pointer in private struct Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 223/361] IB/rxe: Revise the ib_wr_opcode enum Greg Kroah-Hartman
` (141 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Artemy Kovalyov, Majd Dibbiny,
Leon Romanovsky, Jason Gunthorpe
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Artemy Kovalyov <artemyko@mellanox.com>
commit 013c2403bf32e48119aeb13126929f81352cc7ac upstream.
Schedule MR cache work only after bucket was initialized.
Cc: <stable@vger.kernel.org> # 4.10
Fixes: 49780d42dfc9 ("IB/mlx5: Expose MR cache for mlx5_ib")
Signed-off-by: Artemy Kovalyov <artemyko@mellanox.com>
Reviewed-by: Majd Dibbiny <majd@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/hw/mlx5/mr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/infiniband/hw/mlx5/mr.c
+++ b/drivers/infiniband/hw/mlx5/mr.c
@@ -691,7 +691,6 @@ int mlx5_mr_cache_init(struct mlx5_ib_de
init_completion(&ent->compl);
INIT_WORK(&ent->work, cache_work_func);
INIT_DELAYED_WORK(&ent->dwork, delayed_cache_work_func);
- queue_work(cache->wq, &ent->work);
if (i > MR_CACHE_LAST_STD_ENTRY) {
mlx5_odp_init_mr_cache_entry(ent);
@@ -711,6 +710,7 @@ int mlx5_mr_cache_init(struct mlx5_ib_de
ent->limit = dev->mdev->profile->mr_cache[i].limit;
else
ent->limit = 0;
+ queue_work(cache->wq, &ent->work);
}
err = mlx5_mr_cache_debugfs_init(dev);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 223/361] IB/rxe: Revise the ib_wr_opcode enum
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (221 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 222/361] IB/mlx5: Fix MR cache initialization Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 224/361] jbd2: fix use after free in jbd2_log_do_checkpoint() Greg Kroah-Hartman
` (140 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Seth Howell, Jason Gunthorpe
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jason Gunthorpe <jgg@mellanox.com>
commit 9a59739bd01f77db6fbe2955a4fce165f0f43568 upstream.
This enum has become part of the uABI, as both RXE and the
ib_uverbs_post_send() command expect userspace to supply values from this
enum. So it should be properly placed in include/uapi/rdma.
In userspace this enum is called 'enum ibv_wr_opcode' as part of
libibverbs.h. That enum defines different values for IB_WR_LOCAL_INV,
IB_WR_SEND_WITH_INV, and IB_WR_LSO. These were introduced (incorrectly, it
turns out) into libiberbs in 2015.
The kernel has changed its mind on the numbering for several of the IB_WC
values over the years, but has remained stable on IB_WR_LOCAL_INV and
below.
Based on this we can conclude that there is no real user space user of the
values beyond IB_WR_ATOMIC_FETCH_AND_ADD, as they have never worked via
rdma-core. This is confirmed by inspection, only rxe uses the kernel enum
and implements the latter operations. rxe has clearly never worked with
these attributes from userspace. Other drivers that support these opcodes
implement the functionality without calling out to the kernel.
To make IB_WR_SEND_WITH_INV and related work for RXE in userspace we
choose to renumber the IB_WR enum in the kernel to match the uABI that
userspace has bee using since before Soft RoCE was merged. This is an
overall simpler configuration for the whole software stack, and obviously
can't break anything existing.
Reported-by: Seth Howell <seth.howell@intel.com>
Tested-by: Seth Howell <seth.howell@intel.com>
Fixes: 8700e3e7c485 ("Soft RoCE driver")
Cc: <stable@vger.kernel.org>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/rdma/ib_verbs.h | 34 ++++++++++++++++++++--------------
include/uapi/rdma/ib_user_verbs.h | 20 +++++++++++++++++++-
2 files changed, 39 insertions(+), 15 deletions(-)
--- a/include/rdma/ib_verbs.h
+++ b/include/rdma/ib_verbs.h
@@ -1278,21 +1278,27 @@ struct ib_qp_attr {
};
enum ib_wr_opcode {
- IB_WR_RDMA_WRITE,
- IB_WR_RDMA_WRITE_WITH_IMM,
- IB_WR_SEND,
- IB_WR_SEND_WITH_IMM,
- IB_WR_RDMA_READ,
- IB_WR_ATOMIC_CMP_AND_SWP,
- IB_WR_ATOMIC_FETCH_AND_ADD,
- IB_WR_LSO,
- IB_WR_SEND_WITH_INV,
- IB_WR_RDMA_READ_WITH_INV,
- IB_WR_LOCAL_INV,
- IB_WR_REG_MR,
- IB_WR_MASKED_ATOMIC_CMP_AND_SWP,
- IB_WR_MASKED_ATOMIC_FETCH_AND_ADD,
+ /* These are shared with userspace */
+ IB_WR_RDMA_WRITE = IB_UVERBS_WR_RDMA_WRITE,
+ IB_WR_RDMA_WRITE_WITH_IMM = IB_UVERBS_WR_RDMA_WRITE_WITH_IMM,
+ IB_WR_SEND = IB_UVERBS_WR_SEND,
+ IB_WR_SEND_WITH_IMM = IB_UVERBS_WR_SEND_WITH_IMM,
+ IB_WR_RDMA_READ = IB_UVERBS_WR_RDMA_READ,
+ IB_WR_ATOMIC_CMP_AND_SWP = IB_UVERBS_WR_ATOMIC_CMP_AND_SWP,
+ IB_WR_ATOMIC_FETCH_AND_ADD = IB_UVERBS_WR_ATOMIC_FETCH_AND_ADD,
+ IB_WR_LSO = IB_UVERBS_WR_TSO,
+ IB_WR_SEND_WITH_INV = IB_UVERBS_WR_SEND_WITH_INV,
+ IB_WR_RDMA_READ_WITH_INV = IB_UVERBS_WR_RDMA_READ_WITH_INV,
+ IB_WR_LOCAL_INV = IB_UVERBS_WR_LOCAL_INV,
+ IB_WR_MASKED_ATOMIC_CMP_AND_SWP =
+ IB_UVERBS_WR_MASKED_ATOMIC_CMP_AND_SWP,
+ IB_WR_MASKED_ATOMIC_FETCH_AND_ADD =
+ IB_UVERBS_WR_MASKED_ATOMIC_FETCH_AND_ADD,
+
+ /* These are kernel only and can not be issued by userspace */
+ IB_WR_REG_MR = 0x20,
IB_WR_REG_SIG_MR,
+
/* reserve values for low level drivers' internal use.
* These values will not be used at all in the ib core layer.
*/
--- a/include/uapi/rdma/ib_user_verbs.h
+++ b/include/uapi/rdma/ib_user_verbs.h
@@ -763,10 +763,28 @@ struct ib_uverbs_sge {
__u32 lkey;
};
+enum ib_uverbs_wr_opcode {
+ IB_UVERBS_WR_RDMA_WRITE = 0,
+ IB_UVERBS_WR_RDMA_WRITE_WITH_IMM = 1,
+ IB_UVERBS_WR_SEND = 2,
+ IB_UVERBS_WR_SEND_WITH_IMM = 3,
+ IB_UVERBS_WR_RDMA_READ = 4,
+ IB_UVERBS_WR_ATOMIC_CMP_AND_SWP = 5,
+ IB_UVERBS_WR_ATOMIC_FETCH_AND_ADD = 6,
+ IB_UVERBS_WR_LOCAL_INV = 7,
+ IB_UVERBS_WR_BIND_MW = 8,
+ IB_UVERBS_WR_SEND_WITH_INV = 9,
+ IB_UVERBS_WR_TSO = 10,
+ IB_UVERBS_WR_RDMA_READ_WITH_INV = 11,
+ IB_UVERBS_WR_MASKED_ATOMIC_CMP_AND_SWP = 12,
+ IB_UVERBS_WR_MASKED_ATOMIC_FETCH_AND_ADD = 13,
+ /* Review enum ib_wr_opcode before modifying this */
+};
+
struct ib_uverbs_send_wr {
__aligned_u64 wr_id;
__u32 num_sge;
- __u32 opcode;
+ __u32 opcode; /* see enum ib_uverbs_wr_opcode */
__u32 send_flags;
union {
__be32 imm_data;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 224/361] jbd2: fix use after free in jbd2_log_do_checkpoint()
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (222 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 223/361] IB/rxe: Revise the ib_wr_opcode enum Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 225/361] gfs2_meta: ->mount() can get NULL dev_name Greg Kroah-Hartman
` (139 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+7f4a27091759e2fe7453,
Lukas Czerner, Jan Kara, Theodore Tso
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jan Kara <jack@suse.cz>
commit ccd3c4373eacb044eb3832966299d13d2631f66f upstream.
The code cleaning transaction's lists of checkpoint buffers has a bug
where it increases bh refcount only after releasing
journal->j_list_lock. Thus the following race is possible:
CPU0 CPU1
jbd2_log_do_checkpoint()
jbd2_journal_try_to_free_buffers()
__journal_try_to_free_buffer(bh)
...
while (transaction->t_checkpoint_io_list)
...
if (buffer_locked(bh)) {
<-- IO completes now, buffer gets unlocked -->
spin_unlock(&journal->j_list_lock);
spin_lock(&journal->j_list_lock);
__jbd2_journal_remove_checkpoint(jh);
spin_unlock(&journal->j_list_lock);
try_to_free_buffers(page);
get_bh(bh) <-- accesses freed bh
Fix the problem by grabbing bh reference before unlocking
journal->j_list_lock.
Fixes: dc6e8d669cf5 ("jbd2: don't call get_bh() before calling __jbd2_journal_remove_checkpoint()")
Fixes: be1158cc615f ("jbd2: fold __process_buffer() into jbd2_log_do_checkpoint()")
Reported-by: syzbot+7f4a27091759e2fe7453@syzkaller.appspotmail.com
CC: stable@vger.kernel.org
Reviewed-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/jbd2/checkpoint.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/fs/jbd2/checkpoint.c
+++ b/fs/jbd2/checkpoint.c
@@ -251,8 +251,8 @@ restart:
bh = jh2bh(jh);
if (buffer_locked(bh)) {
- spin_unlock(&journal->j_list_lock);
get_bh(bh);
+ spin_unlock(&journal->j_list_lock);
wait_on_buffer(bh);
/* the journal_head may have gone by now */
BUFFER_TRACE(bh, "brelse");
@@ -333,8 +333,8 @@ restart2:
jh = transaction->t_checkpoint_io_list;
bh = jh2bh(jh);
if (buffer_locked(bh)) {
- spin_unlock(&journal->j_list_lock);
get_bh(bh);
+ spin_unlock(&journal->j_list_lock);
wait_on_buffer(bh);
/* the journal_head may have gone by now */
BUFFER_TRACE(bh, "brelse");
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 225/361] gfs2_meta: ->mount() can get NULL dev_name
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (223 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 224/361] jbd2: fix use after free in jbd2_log_do_checkpoint() Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 226/361] ext4: fix EXT4_IOC_SWAP_BOOT Greg Kroah-Hartman
` (138 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+c54f8e94e6bba03b04e9, Al Viro
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Al Viro <viro@zeniv.linux.org.uk>
commit 3df629d873f8683af6f0d34dfc743f637966d483 upstream.
get in sync with mount_bdev() handling of the same
Reported-by: syzbot+c54f8e94e6bba03b04e9@syzkaller.appspotmail.com
Cc: stable@vger.kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/gfs2/ops_fstype.c | 3 +++
1 file changed, 3 insertions(+)
--- a/fs/gfs2/ops_fstype.c
+++ b/fs/gfs2/ops_fstype.c
@@ -1333,6 +1333,9 @@ static struct dentry *gfs2_mount_meta(st
struct path path;
int error;
+ if (!dev_name || !*dev_name)
+ return ERR_PTR(-EINVAL);
+
error = kern_path(dev_name, LOOKUP_FOLLOW, &path);
if (error) {
pr_warn("path_lookup on %s returned error %d\n",
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 226/361] ext4: fix EXT4_IOC_SWAP_BOOT
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (224 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 225/361] gfs2_meta: ->mount() can get NULL dev_name Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 227/361] ext4: initialize retries variable in ext4_da_write_inline_data_begin() Greg Kroah-Hartman
` (137 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Theodore Tso, stable,
syzbot+e81ccd4744c6c4f71354
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Theodore Ts'o <tytso@mit.edu>
commit 18aded17492088962ef43f00825179598b3e8c58 upstream.
The code EXT4_IOC_SWAP_BOOT ioctl hasn't been updated in a while, and
it's a bit broken with respect to more modern ext4 kernels, especially
metadata checksums.
Other problems fixed with this commit:
* Don't allow installing a DAX, swap file, or an encrypted file as a
boot loader.
* Respect the immutable and append-only flags.
* Wait until any DIO operations are finished *before* calling
truncate_inode_pages().
* Don't swap inode->i_flags, since these flags have nothing to do with
the inode blocks --- and it will give the IMA/audit code heartburn
when the inode is evicted.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Reported-by: syzbot+e81ccd4744c6c4f71354@syzkaller.appspotmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/ioctl.c | 33 +++++++++++++++++++++++++++------
1 file changed, 27 insertions(+), 6 deletions(-)
--- a/fs/ext4/ioctl.c
+++ b/fs/ext4/ioctl.c
@@ -67,7 +67,6 @@ static void swap_inode_data(struct inode
ei1 = EXT4_I(inode1);
ei2 = EXT4_I(inode2);
- swap(inode1->i_flags, inode2->i_flags);
swap(inode1->i_version, inode2->i_version);
swap(inode1->i_blocks, inode2->i_blocks);
swap(inode1->i_bytes, inode2->i_bytes);
@@ -85,6 +84,21 @@ static void swap_inode_data(struct inode
i_size_write(inode2, isize);
}
+static void reset_inode_seed(struct inode *inode)
+{
+ struct ext4_inode_info *ei = EXT4_I(inode);
+ struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
+ __le32 inum = cpu_to_le32(inode->i_ino);
+ __le32 gen = cpu_to_le32(inode->i_generation);
+ __u32 csum;
+
+ if (!ext4_has_metadata_csum(inode->i_sb))
+ return;
+
+ csum = ext4_chksum(sbi, sbi->s_csum_seed, (__u8 *)&inum, sizeof(inum));
+ ei->i_csum_seed = ext4_chksum(sbi, csum, (__u8 *)&gen, sizeof(gen));
+}
+
/**
* Swap the information from the given @inode and the inode
* EXT4_BOOT_LOADER_INO. It will basically swap i_data and all other
@@ -102,10 +116,13 @@ static long swap_inode_boot_loader(struc
struct inode *inode_bl;
struct ext4_inode_info *ei_bl;
- if (inode->i_nlink != 1 || !S_ISREG(inode->i_mode))
+ if (inode->i_nlink != 1 || !S_ISREG(inode->i_mode) ||
+ IS_SWAPFILE(inode) || IS_ENCRYPTED(inode) ||
+ ext4_has_inline_data(inode))
return -EINVAL;
- if (!inode_owner_or_capable(inode) || !capable(CAP_SYS_ADMIN))
+ if (IS_RDONLY(inode) || IS_APPEND(inode) || IS_IMMUTABLE(inode) ||
+ !inode_owner_or_capable(inode) || !capable(CAP_SYS_ADMIN))
return -EPERM;
inode_bl = ext4_iget(sb, EXT4_BOOT_LOADER_INO);
@@ -120,13 +137,13 @@ static long swap_inode_boot_loader(struc
* that only 1 swap_inode_boot_loader is running. */
lock_two_nondirectories(inode, inode_bl);
- truncate_inode_pages(&inode->i_data, 0);
- truncate_inode_pages(&inode_bl->i_data, 0);
-
/* Wait for all existing dio workers */
inode_dio_wait(inode);
inode_dio_wait(inode_bl);
+ truncate_inode_pages(&inode->i_data, 0);
+ truncate_inode_pages(&inode_bl->i_data, 0);
+
handle = ext4_journal_start(inode_bl, EXT4_HT_MOVE_EXTENTS, 2);
if (IS_ERR(handle)) {
err = -EINVAL;
@@ -159,6 +176,8 @@ static long swap_inode_boot_loader(struc
inode->i_generation = prandom_u32();
inode_bl->i_generation = prandom_u32();
+ reset_inode_seed(inode);
+ reset_inode_seed(inode_bl);
ext4_discard_preallocations(inode);
@@ -169,6 +188,7 @@ static long swap_inode_boot_loader(struc
inode->i_ino, err);
/* Revert all changes: */
swap_inode_data(inode, inode_bl);
+ ext4_mark_inode_dirty(handle, inode);
} else {
err = ext4_mark_inode_dirty(handle, inode_bl);
if (err < 0) {
@@ -178,6 +198,7 @@ static long swap_inode_boot_loader(struc
/* Revert all changes: */
swap_inode_data(inode, inode_bl);
ext4_mark_inode_dirty(handle, inode);
+ ext4_mark_inode_dirty(handle, inode_bl);
}
}
ext4_journal_stop(handle);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 227/361] ext4: initialize retries variable in ext4_da_write_inline_data_begin()
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (225 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 226/361] ext4: fix EXT4_IOC_SWAP_BOOT Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 228/361] ext4: fix setattr project check in fssetxattr ioctl Greg Kroah-Hartman
` (136 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lukas Czerner, Theodore Tso, stable
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lukas Czerner <lczerner@redhat.com>
commit 625ef8a3acd111d5f496d190baf99d1a815bd03e upstream.
Variable retries is not initialized in ext4_da_write_inline_data_begin()
which can lead to nondeterministic number of retries in case we hit
ENOSPC. Initialize retries to zero as we do everywhere else.
Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Fixes: bc0ca9df3b2a ("ext4: retry allocation when inline->extent conversion failed")
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/inline.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/ext4/inline.c
+++ b/fs/ext4/inline.c
@@ -863,7 +863,7 @@ int ext4_da_write_inline_data_begin(stru
handle_t *handle;
struct page *page;
struct ext4_iloc iloc;
- int retries;
+ int retries = 0;
ret = ext4_get_inode_loc(inode, &iloc);
if (ret)
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 228/361] ext4: fix setattr project check in fssetxattr ioctl
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (226 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 227/361] ext4: initialize retries variable in ext4_da_write_inline_data_begin() Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 229/361] ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR Greg Kroah-Hartman
` (135 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wang Shilong, Theodore Tso,
Andreas Dilger, stable
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Wang Shilong <wangshilong1991@gmail.com>
commit dc7ac6c4cae3b58724c2f1e21a7c05ce19ecd5a8 upstream.
Currently, project quota could be changed by fssetxattr
ioctl, and existed permission check inode_owner_or_capable()
is obviously not enough, just think that common users could
change project id of file, that could make users to
break project quota easily.
This patch try to follow same regular of xfs project
quota:
"Project Quota ID state is only allowed to change from
within the init namespace. Enforce that restriction only
if we are trying to change the quota ID state.
Everything else is allowed in user namespaces."
Besides that, check and set project id'state should
be an atomic operation, protect whole operation with
inode lock, ext4_ioctl_setproject() is only used for
ioctl EXT4_IOC_FSSETXATTR, we have held mnt_want_write_file()
before ext4_ioctl_setflags(), and ext4_ioctl_setproject()
is called after ext4_ioctl_setflags(), we could share
codes, so remove it inside ext4_ioctl_setproject().
Signed-off-by: Wang Shilong <wshilong@ddn.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/ioctl.c | 60 ++++++++++++++++++++++++++++++++++----------------------
1 file changed, 37 insertions(+), 23 deletions(-)
--- a/fs/ext4/ioctl.c
+++ b/fs/ext4/ioctl.c
@@ -360,19 +360,14 @@ static int ext4_ioctl_setproject(struct
if (projid_eq(kprojid, EXT4_I(inode)->i_projid))
return 0;
- err = mnt_want_write_file(filp);
- if (err)
- return err;
-
err = -EPERM;
- inode_lock(inode);
/* Is it quota file? Do not allow user to mess with it */
if (ext4_is_quota_file(inode))
- goto out_unlock;
+ return err;
err = ext4_get_inode_loc(inode, &iloc);
if (err)
- goto out_unlock;
+ return err;
raw_inode = ext4_raw_inode(&iloc);
if (!EXT4_FITS_IN_INODE(raw_inode, ei, i_projid)) {
@@ -380,7 +375,7 @@ static int ext4_ioctl_setproject(struct
EXT4_SB(sb)->s_want_extra_isize,
&iloc);
if (err)
- goto out_unlock;
+ return err;
} else {
brelse(iloc.bh);
}
@@ -390,10 +385,8 @@ static int ext4_ioctl_setproject(struct
handle = ext4_journal_start(inode, EXT4_HT_QUOTA,
EXT4_QUOTA_INIT_BLOCKS(sb) +
EXT4_QUOTA_DEL_BLOCKS(sb) + 3);
- if (IS_ERR(handle)) {
- err = PTR_ERR(handle);
- goto out_unlock;
- }
+ if (IS_ERR(handle))
+ return PTR_ERR(handle);
err = ext4_reserve_inode_write(handle, inode, &iloc);
if (err)
@@ -421,9 +414,6 @@ out_dirty:
err = rc;
out_stop:
ext4_journal_stop(handle);
-out_unlock:
- inode_unlock(inode);
- mnt_drop_write_file(filp);
return err;
}
#else
@@ -647,6 +637,30 @@ group_add_out:
return err;
}
+static int ext4_ioctl_check_project(struct inode *inode, struct fsxattr *fa)
+{
+ /*
+ * Project Quota ID state is only allowed to change from within the init
+ * namespace. Enforce that restriction only if we are trying to change
+ * the quota ID state. Everything else is allowed in user namespaces.
+ */
+ if (current_user_ns() == &init_user_ns)
+ return 0;
+
+ if (__kprojid_val(EXT4_I(inode)->i_projid) != fa->fsx_projid)
+ return -EINVAL;
+
+ if (ext4_test_inode_flag(inode, EXT4_INODE_PROJINHERIT)) {
+ if (!(fa->fsx_xflags & FS_XFLAG_PROJINHERIT))
+ return -EINVAL;
+ } else {
+ if (fa->fsx_xflags & FS_XFLAG_PROJINHERIT)
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
{
struct inode *inode = file_inode(filp);
@@ -1046,19 +1060,19 @@ resizefs_out:
return err;
inode_lock(inode);
+ err = ext4_ioctl_check_project(inode, &fa);
+ if (err)
+ goto out;
flags = (ei->i_flags & ~EXT4_FL_XFLAG_VISIBLE) |
(flags & EXT4_FL_XFLAG_VISIBLE);
err = ext4_ioctl_setflags(inode, flags);
- inode_unlock(inode);
- mnt_drop_write_file(filp);
if (err)
- return err;
-
+ goto out;
err = ext4_ioctl_setproject(filp, fa.fsx_projid);
- if (err)
- return err;
-
- return 0;
+out:
+ inode_unlock(inode);
+ mnt_drop_write_file(filp);
+ return err;
}
case EXT4_IOC_SHUTDOWN:
return ext4_shutdown(sb, arg);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 229/361] ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (227 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 228/361] ext4: fix setattr project check in fssetxattr ioctl Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 230/361] ext4: fix use-after-free race in ext4_remount()s error path Greg Kroah-Hartman
` (134 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wang Shilong, Theodore Tso, stable
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Wang Shilong <wshilong@ddn.com>
commit 182a79e0c17147d2c2d3990a9a7b6b58a1561c7a upstream.
We return most failure of dquota_initialize() except
inode evict, this could make a bit sense, for example
we allow file removal even quota files are broken?
But it dosen't make sense to allow setting project
if quota files etc are broken.
Signed-off-by: Wang Shilong <wshilong@ddn.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/ioctl.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/fs/ext4/ioctl.c
+++ b/fs/ext4/ioctl.c
@@ -380,7 +380,9 @@ static int ext4_ioctl_setproject(struct
brelse(iloc.bh);
}
- dquot_initialize(inode);
+ err = dquot_initialize(inode);
+ if (err)
+ return err;
handle = ext4_journal_start(inode, EXT4_HT_QUOTA,
EXT4_QUOTA_INIT_BLOCKS(sb) +
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 230/361] ext4: fix use-after-free race in ext4_remount()s error path
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (228 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 229/361] ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 231/361] selinux: fix mounting of cgroup2 under older policies Greg Kroah-Hartman
` (133 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+a2872d6feea6918008a9,
Theodore Tso, stable
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Theodore Ts'o <tytso@mit.edu>
commit 33458eaba4dfe778a426df6a19b7aad2ff9f7eec upstream.
It's possible for ext4_show_quota_options() to try reading
s_qf_names[i] while it is being modified by ext4_remount() --- most
notably, in ext4_remount's error path when the original values of the
quota file name gets restored.
Reported-by: syzbot+a2872d6feea6918008a9@syzkaller.appspotmail.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org # 3.2+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/ext4.h | 3 +-
fs/ext4/super.c | 73 ++++++++++++++++++++++++++++++++++++--------------------
2 files changed, 50 insertions(+), 26 deletions(-)
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
@@ -1401,7 +1401,8 @@ struct ext4_sb_info {
u32 s_min_batch_time;
struct block_device *journal_bdev;
#ifdef CONFIG_QUOTA
- char *s_qf_names[EXT4_MAXQUOTAS]; /* Names of quota files with journalled quota */
+ /* Names of quota files with journalled quota */
+ char __rcu *s_qf_names[EXT4_MAXQUOTAS];
int s_jquota_fmt; /* Format of quota to use */
#endif
unsigned int s_want_extra_isize; /* New inodes should reserve # bytes */
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -914,6 +914,18 @@ static inline void ext4_quota_off_umount
for (type = 0; type < EXT4_MAXQUOTAS; type++)
ext4_quota_off(sb, type);
}
+
+/*
+ * This is a helper function which is used in the mount/remount
+ * codepaths (which holds s_umount) to fetch the quota file name.
+ */
+static inline char *get_qf_name(struct super_block *sb,
+ struct ext4_sb_info *sbi,
+ int type)
+{
+ return rcu_dereference_protected(sbi->s_qf_names[type],
+ lockdep_is_held(&sb->s_umount));
+}
#else
static inline void ext4_quota_off_umount(struct super_block *sb)
{
@@ -965,7 +977,7 @@ static void ext4_put_super(struct super_
percpu_free_rwsem(&sbi->s_journal_flag_rwsem);
#ifdef CONFIG_QUOTA
for (i = 0; i < EXT4_MAXQUOTAS; i++)
- kfree(sbi->s_qf_names[i]);
+ kfree(get_qf_name(sb, sbi, i));
#endif
/* Debugging code just in case the in-memory inode orphan list
@@ -1530,11 +1542,10 @@ static const char deprecated_msg[] =
static int set_qf_name(struct super_block *sb, int qtype, substring_t *args)
{
struct ext4_sb_info *sbi = EXT4_SB(sb);
- char *qname;
+ char *qname, *old_qname = get_qf_name(sb, sbi, qtype);
int ret = -1;
- if (sb_any_quota_loaded(sb) &&
- !sbi->s_qf_names[qtype]) {
+ if (sb_any_quota_loaded(sb) && !old_qname) {
ext4_msg(sb, KERN_ERR,
"Cannot change journaled "
"quota options when quota turned on");
@@ -1551,8 +1562,8 @@ static int set_qf_name(struct super_bloc
"Not enough memory for storing quotafile name");
return -1;
}
- if (sbi->s_qf_names[qtype]) {
- if (strcmp(sbi->s_qf_names[qtype], qname) == 0)
+ if (old_qname) {
+ if (strcmp(old_qname, qname) == 0)
ret = 1;
else
ext4_msg(sb, KERN_ERR,
@@ -1565,7 +1576,7 @@ static int set_qf_name(struct super_bloc
"quotafile must be on filesystem root");
goto errout;
}
- sbi->s_qf_names[qtype] = qname;
+ rcu_assign_pointer(sbi->s_qf_names[qtype], qname);
set_opt(sb, QUOTA);
return 1;
errout:
@@ -1577,15 +1588,16 @@ static int clear_qf_name(struct super_bl
{
struct ext4_sb_info *sbi = EXT4_SB(sb);
+ char *old_qname = get_qf_name(sb, sbi, qtype);
- if (sb_any_quota_loaded(sb) &&
- sbi->s_qf_names[qtype]) {
+ if (sb_any_quota_loaded(sb) && old_qname) {
ext4_msg(sb, KERN_ERR, "Cannot change journaled quota options"
" when quota turned on");
return -1;
}
- kfree(sbi->s_qf_names[qtype]);
- sbi->s_qf_names[qtype] = NULL;
+ rcu_assign_pointer(sbi->s_qf_names[qtype], NULL);
+ synchronize_rcu();
+ kfree(old_qname);
return 1;
}
#endif
@@ -1960,7 +1972,7 @@ static int parse_options(char *options,
int is_remount)
{
struct ext4_sb_info *sbi = EXT4_SB(sb);
- char *p;
+ char *p, __maybe_unused *usr_qf_name, __maybe_unused *grp_qf_name;
substring_t args[MAX_OPT_ARGS];
int token;
@@ -1991,11 +2003,13 @@ static int parse_options(char *options,
"Cannot enable project quota enforcement.");
return 0;
}
- if (sbi->s_qf_names[USRQUOTA] || sbi->s_qf_names[GRPQUOTA]) {
- if (test_opt(sb, USRQUOTA) && sbi->s_qf_names[USRQUOTA])
+ usr_qf_name = get_qf_name(sb, sbi, USRQUOTA);
+ grp_qf_name = get_qf_name(sb, sbi, GRPQUOTA);
+ if (usr_qf_name || grp_qf_name) {
+ if (test_opt(sb, USRQUOTA) && usr_qf_name)
clear_opt(sb, USRQUOTA);
- if (test_opt(sb, GRPQUOTA) && sbi->s_qf_names[GRPQUOTA])
+ if (test_opt(sb, GRPQUOTA) && grp_qf_name)
clear_opt(sb, GRPQUOTA);
if (test_opt(sb, GRPQUOTA) || test_opt(sb, USRQUOTA)) {
@@ -2029,6 +2043,7 @@ static inline void ext4_show_quota_optio
{
#if defined(CONFIG_QUOTA)
struct ext4_sb_info *sbi = EXT4_SB(sb);
+ char *usr_qf_name, *grp_qf_name;
if (sbi->s_jquota_fmt) {
char *fmtname = "";
@@ -2047,11 +2062,14 @@ static inline void ext4_show_quota_optio
seq_printf(seq, ",jqfmt=%s", fmtname);
}
- if (sbi->s_qf_names[USRQUOTA])
- seq_show_option(seq, "usrjquota", sbi->s_qf_names[USRQUOTA]);
-
- if (sbi->s_qf_names[GRPQUOTA])
- seq_show_option(seq, "grpjquota", sbi->s_qf_names[GRPQUOTA]);
+ rcu_read_lock();
+ usr_qf_name = rcu_dereference(sbi->s_qf_names[USRQUOTA]);
+ grp_qf_name = rcu_dereference(sbi->s_qf_names[GRPQUOTA]);
+ if (usr_qf_name)
+ seq_show_option(seq, "usrjquota", usr_qf_name);
+ if (grp_qf_name)
+ seq_show_option(seq, "grpjquota", grp_qf_name);
+ rcu_read_unlock();
#endif
}
@@ -5103,6 +5121,7 @@ static int ext4_remount(struct super_blo
int err = 0;
#ifdef CONFIG_QUOTA
int i, j;
+ char *to_free[EXT4_MAXQUOTAS];
#endif
char *orig_data = kstrdup(data, GFP_KERNEL);
@@ -5122,8 +5141,9 @@ static int ext4_remount(struct super_blo
old_opts.s_jquota_fmt = sbi->s_jquota_fmt;
for (i = 0; i < EXT4_MAXQUOTAS; i++)
if (sbi->s_qf_names[i]) {
- old_opts.s_qf_names[i] = kstrdup(sbi->s_qf_names[i],
- GFP_KERNEL);
+ char *qf_name = get_qf_name(sb, sbi, i);
+
+ old_opts.s_qf_names[i] = kstrdup(qf_name, GFP_KERNEL);
if (!old_opts.s_qf_names[i]) {
for (j = 0; j < i; j++)
kfree(old_opts.s_qf_names[j]);
@@ -5352,9 +5372,12 @@ restore_opts:
#ifdef CONFIG_QUOTA
sbi->s_jquota_fmt = old_opts.s_jquota_fmt;
for (i = 0; i < EXT4_MAXQUOTAS; i++) {
- kfree(sbi->s_qf_names[i]);
- sbi->s_qf_names[i] = old_opts.s_qf_names[i];
+ to_free[i] = get_qf_name(sb, sbi, i);
+ rcu_assign_pointer(sbi->s_qf_names[i], old_opts.s_qf_names[i]);
}
+ synchronize_rcu();
+ for (i = 0; i < EXT4_MAXQUOTAS; i++)
+ kfree(to_free[i]);
#endif
kfree(orig_data);
return err;
@@ -5545,7 +5568,7 @@ static int ext4_write_info(struct super_
*/
static int ext4_quota_on_mount(struct super_block *sb, int type)
{
- return dquot_quota_on_mount(sb, EXT4_SB(sb)->s_qf_names[type],
+ return dquot_quota_on_mount(sb, get_qf_name(sb, EXT4_SB(sb), type),
EXT4_SB(sb)->s_jquota_fmt, type);
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 231/361] selinux: fix mounting of cgroup2 under older policies
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (229 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 230/361] ext4: fix use-after-free race in ext4_remount()s error path Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 232/361] HID: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452 Greg Kroah-Hartman
` (132 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dmitry Vyukov, Waiman Long,
Stephen Smalley, Paul Moore
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stephen Smalley <sds@tycho.nsa.gov>
commit 7bb185edb0306bb90029a5fa6b9cff900ffdbf4b upstream.
commit 901ef845fa2469c ("selinux: allow per-file labeling for cgroupfs")
broke mounting of cgroup2 under older SELinux policies which lacked
a genfscon rule for cgroup2. This prevents mounting of cgroup2 even
when SELinux is permissive.
Change the handling when there is no genfscon rule in policy to
just mark the inode unlabeled and not return an error to the caller.
This permits mounting and access if allowed by policy, e.g. to
unconfined domains.
I also considered changing the behavior of security_genfs_sid() to
never return -ENOENT, but the current behavior is relied upon by
other callers to perform caller-specific handling.
Fixes: 901ef845fa2469c ("selinux: allow per-file labeling for cgroupfs")
CC: <stable@vger.kernel.org>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Reported-by: Waiman Long <longman@redhat.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Tested-by: Waiman Long <longman@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
security/selinux/hooks.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1508,6 +1508,11 @@ static int selinux_genfs_get_sid(struct
}
rc = security_genfs_sid(&selinux_state, sb->s_type->name,
path, tclass, sid);
+ if (rc == -ENOENT) {
+ /* No match in policy, mark as unlabeled. */
+ *sid = SECINITSID_UNLABELED;
+ rc = 0;
+ }
}
free_page((unsigned long)buffer);
return rc;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 232/361] HID: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (230 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 231/361] selinux: fix mounting of cgroup2 under older policies Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 233/361] HID: hiddev: fix potential Spectre v1 Greg Kroah-Hartman
` (131 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jason Gerecke, Jiri Kosina
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jason Gerecke <killertofu@gmail.com>
commit 11db8173dbab7a94cf5ba5225fcedbfc0f3b7e54 upstream.
The DTK-2451 and DTH-2452 have a buggy HID descriptor which incorrectly
contains a Cintiq-like report, complete with pen tilt, rotation, twist, serial
number, etc. The hardware doesn't actually support this data but our driver
duitifully sets up the device as though it does. To ensure userspace has a
correct view of devices without updated firmware, we clean up this incorrect
data in wacom_setup_device_quirks.
We're also careful to clear the WACOM_QUIRK_TOOLSERIAL flag since its presence
causes the driver to wait for serial number information (via
wacom_wac_pen_serial_enforce) that never comes, resulting in
the pen being non-responsive.
Signed-off-by: Jason Gerecke <jason.gerecke@wacom.com>
Fixes: 8341720642 ("HID: wacom: Queue events with missing type/serial data for later processing")
Cc: stable@vger.kernel.org # v4.16+
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hid/wacom_wac.c | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
--- a/drivers/hid/wacom_wac.c
+++ b/drivers/hid/wacom_wac.c
@@ -3335,6 +3335,7 @@ static void wacom_setup_intuos(struct wa
void wacom_setup_device_quirks(struct wacom *wacom)
{
+ struct wacom_wac *wacom_wac = &wacom->wacom_wac;
struct wacom_features *features = &wacom->wacom_wac.features;
/* The pen and pad share the same interface on most devices */
@@ -3464,6 +3465,24 @@ void wacom_setup_device_quirks(struct wa
if (features->type == REMOTE)
features->device_type |= WACOM_DEVICETYPE_WL_MONITOR;
+
+ /* HID descriptor for DTK-2451 / DTH-2452 claims to report lots
+ * of things it shouldn't. Lets fix up the damage...
+ */
+ if (wacom->hdev->product == 0x382 || wacom->hdev->product == 0x37d) {
+ features->quirks &= ~WACOM_QUIRK_TOOLSERIAL;
+ __clear_bit(BTN_TOOL_BRUSH, wacom_wac->pen_input->keybit);
+ __clear_bit(BTN_TOOL_PENCIL, wacom_wac->pen_input->keybit);
+ __clear_bit(BTN_TOOL_AIRBRUSH, wacom_wac->pen_input->keybit);
+ __clear_bit(ABS_Z, wacom_wac->pen_input->absbit);
+ __clear_bit(ABS_DISTANCE, wacom_wac->pen_input->absbit);
+ __clear_bit(ABS_TILT_X, wacom_wac->pen_input->absbit);
+ __clear_bit(ABS_TILT_Y, wacom_wac->pen_input->absbit);
+ __clear_bit(ABS_WHEEL, wacom_wac->pen_input->absbit);
+ __clear_bit(ABS_MISC, wacom_wac->pen_input->absbit);
+ __clear_bit(MSC_SERIAL, wacom_wac->pen_input->mscbit);
+ __clear_bit(EV_MSC, wacom_wac->pen_input->evbit);
+ }
}
int wacom_setup_pen_input_capabilities(struct input_dev *input_dev,
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 233/361] HID: hiddev: fix potential Spectre v1
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (231 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 232/361] HID: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452 Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 234/361] EDAC, amd64: Add Family 17h, models 10h-2fh support Greg Kroah-Hartman
` (130 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Breno Leitao, Jiri Kosina
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Breno Leitao <leitao@debian.org>
commit f11274396a538b31bc010f782e05c2ce3f804c13 upstream.
uref->usage_index can be indirectly controlled by userspace, hence leading
to a potential exploitation of the Spectre variant 1 vulnerability.
This field is used as an array index by the hiddev_ioctl_usage() function,
when 'cmd' is either HIDIOCGCOLLECTIONINDEX, HIDIOCGUSAGES or
HIDIOCSUSAGES.
For cmd == HIDIOCGCOLLECTIONINDEX case, uref->usage_index is compared to
field->maxusage and then used as an index to dereference field->usage
array. The same thing happens to the cmd == HIDIOC{G,S}USAGES cases, where
uref->usage_index is checked against an array maximum value and then it is
used as an index in an array.
This is a summary of the HIDIOCGCOLLECTIONINDEX case, which matches the
traditional Spectre V1 first load:
copy_from_user(uref, user_arg, sizeof(*uref))
if (uref->usage_index >= field->maxusage)
goto inval;
i = field->usage[uref->usage_index].collection_index;
return i;
This patch fixes this by sanitizing field uref->usage_index before using it
to index field->usage (HIDIOCGCOLLECTIONINDEX) or field->value in
HIDIOC{G,S}USAGES arrays, thus, avoiding speculation in the first load.
Cc: <stable@vger.kernel.org>
Signed-off-by: Breno Leitao <leitao@debian.org>
v2: Contemplate cmd == HIDIOC{G,S}USAGES case
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hid/usbhid/hiddev.c | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
--- a/drivers/hid/usbhid/hiddev.c
+++ b/drivers/hid/usbhid/hiddev.c
@@ -512,14 +512,24 @@ static noinline int hiddev_ioctl_usage(s
if (cmd == HIDIOCGCOLLECTIONINDEX) {
if (uref->usage_index >= field->maxusage)
goto inval;
+ uref->usage_index =
+ array_index_nospec(uref->usage_index,
+ field->maxusage);
} else if (uref->usage_index >= field->report_count)
goto inval;
}
- if ((cmd == HIDIOCGUSAGES || cmd == HIDIOCSUSAGES) &&
- (uref_multi->num_values > HID_MAX_MULTI_USAGES ||
- uref->usage_index + uref_multi->num_values > field->report_count))
- goto inval;
+ if (cmd == HIDIOCGUSAGES || cmd == HIDIOCSUSAGES) {
+ if (uref_multi->num_values > HID_MAX_MULTI_USAGES ||
+ uref->usage_index + uref_multi->num_values >
+ field->report_count)
+ goto inval;
+
+ uref->usage_index =
+ array_index_nospec(uref->usage_index,
+ field->report_count -
+ uref_multi->num_values);
+ }
switch (cmd) {
case HIDIOCGUSAGE:
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 234/361] EDAC, amd64: Add Family 17h, models 10h-2fh support
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (232 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 233/361] HID: hiddev: fix potential Spectre v1 Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 235/361] EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting Greg Kroah-Hartman
` (129 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michael Jin, Yazen Ghannam, Borislav Petkov
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Jin <mikhail.jin@gmail.com>
commit 8960de4a5ca7980ed1e19e7ca5a774d3b7a55c38 upstream.
Add new device IDs for family 17h, models 10h-2fh.
This is required by amd64_edac_mod in order to properly detect PCI
device functions 0 and 6.
Signed-off-by: Michael Jin <mikhail.jin@gmail.com>
Reviewed-by: Yazen Ghannam <Yazen.Ghannam@amd.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20180816192840.31166-1-mikhail.jin@gmail.com
Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/edac/amd64_edac.c | 14 ++++++++++++++
drivers/edac/amd64_edac.h | 3 +++
2 files changed, 17 insertions(+)
--- a/drivers/edac/amd64_edac.c
+++ b/drivers/edac/amd64_edac.c
@@ -2200,6 +2200,15 @@ static struct amd64_family_type family_t
.dbam_to_cs = f17_base_addr_to_cs_size,
}
},
+ [F17_M10H_CPUS] = {
+ .ctl_name = "F17h_M10h",
+ .f0_id = PCI_DEVICE_ID_AMD_17H_M10H_DF_F0,
+ .f6_id = PCI_DEVICE_ID_AMD_17H_M10H_DF_F6,
+ .ops = {
+ .early_channel_count = f17_early_channel_count,
+ .dbam_to_cs = f17_base_addr_to_cs_size,
+ }
+ },
};
/*
@@ -3188,6 +3197,11 @@ static struct amd64_family_type *per_fam
break;
case 0x17:
+ if (pvt->model >= 0x10 && pvt->model <= 0x2f) {
+ fam_type = &family_types[F17_M10H_CPUS];
+ pvt->ops = &family_types[F17_M10H_CPUS].ops;
+ break;
+ }
fam_type = &family_types[F17_CPUS];
pvt->ops = &family_types[F17_CPUS].ops;
break;
--- a/drivers/edac/amd64_edac.h
+++ b/drivers/edac/amd64_edac.h
@@ -115,6 +115,8 @@
#define PCI_DEVICE_ID_AMD_16H_M30H_NB_F2 0x1582
#define PCI_DEVICE_ID_AMD_17H_DF_F0 0x1460
#define PCI_DEVICE_ID_AMD_17H_DF_F6 0x1466
+#define PCI_DEVICE_ID_AMD_17H_M10H_DF_F0 0x15e8
+#define PCI_DEVICE_ID_AMD_17H_M10H_DF_F6 0x15ee
/*
* Function 1 - Address Map
@@ -281,6 +283,7 @@ enum amd_families {
F16_CPUS,
F16_M30H_CPUS,
F17_CPUS,
+ F17_M10H_CPUS,
NUM_FAMILIES,
};
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 235/361] EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (233 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 234/361] EDAC, amd64: Add Family 17h, models 10h-2fh support Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 236/361] EDAC, skx_edac: Fix logical channel intermediate decoding Greg Kroah-Hartman
` (128 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tony Luck, Borislav Petkov,
Aristeu Rozanski, Mauro Carvalho Chehab, Qiuxu Zhuo, linux-edac
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tony Luck <tony.luck@intel.com>
commit 432de7fd7630c84ad24f1c2acd1e3bb4ce3741ca upstream.
The count of errors is picked up from bits 52:38 of the machine check
bank status register. But this is the count of *corrected* errors. If an
uncorrected error is being logged, the h/w sets this field to 0. Which
means that when edac_mc_handle_error() is called, the EDAC core will
carefully add zero to the appropriate uncorrected error counts.
Signed-off-by: Tony Luck <tony.luck@intel.com>
[ Massage commit message. ]
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: stable@vger.kernel.org
Cc: Aristeu Rozanski <aris@redhat.com>
Cc: Mauro Carvalho Chehab <mchehab@kernel.org>
Cc: Qiuxu Zhuo <qiuxu.zhuo@intel.com>
Cc: linux-edac <linux-edac@vger.kernel.org>
Link: http://lkml.kernel.org/r/20180928213934.19890-1-tony.luck@intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/edac/i7core_edac.c | 1 +
drivers/edac/sb_edac.c | 1 +
drivers/edac/skx_edac.c | 1 +
3 files changed, 3 insertions(+)
--- a/drivers/edac/i7core_edac.c
+++ b/drivers/edac/i7core_edac.c
@@ -1711,6 +1711,7 @@ static void i7core_mce_output_error(stru
u32 errnum = find_first_bit(&error, 32);
if (uncorrected_error) {
+ core_err_cnt = 1;
if (ripv)
tp_event = HW_EVENT_ERR_FATAL;
else
--- a/drivers/edac/sb_edac.c
+++ b/drivers/edac/sb_edac.c
@@ -2888,6 +2888,7 @@ static void sbridge_mce_output_error(str
recoverable = GET_BITFIELD(m->status, 56, 56);
if (uncorrected_error) {
+ core_err_cnt = 1;
if (ripv) {
type = "FATAL";
tp_event = HW_EVENT_ERR_FATAL;
--- a/drivers/edac/skx_edac.c
+++ b/drivers/edac/skx_edac.c
@@ -959,6 +959,7 @@ static void skx_mce_output_error(struct
recoverable = GET_BITFIELD(m->status, 56, 56);
if (uncorrected_error) {
+ core_err_cnt = 1;
if (ripv) {
type = "FATAL";
tp_event = HW_EVENT_ERR_FATAL;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 236/361] EDAC, skx_edac: Fix logical channel intermediate decoding
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (234 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 235/361] EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 237/361] ARM: dts: dra7: Fix up unaligned access setting for PCIe EP Greg Kroah-Hartman
` (127 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Qiuxu Zhuo, Tony Luck,
Borislav Petkov, Aristeu Rozanski, Mauro Carvalho Chehab,
linux-edac
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Qiuxu Zhuo <qiuxu.zhuo@intel.com>
commit 8f18973877204dc8ca4ce1004a5d28683b9a7086 upstream.
The code "lchan = (lchan << 1) | ~lchan" for logical channel
intermediate decoding is wrong. The wrong intermediate decoding
result is {0xffffffff, 0xfffffffe}.
Fix it by replacing '~' with '!'. The correct intermediate
decoding result is {0x1, 0x2}.
Signed-off-by: Qiuxu Zhuo <qiuxu.zhuo@intel.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
CC: Aristeu Rozanski <aris@redhat.com>
CC: Mauro Carvalho Chehab <mchehab@kernel.org>
CC: linux-edac <linux-edac@vger.kernel.org>
Cc: stable@vger.kernel.org
Link: http://lkml.kernel.org/r/20181009172025.18594-1-tony.luck@intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/edac/skx_edac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/edac/skx_edac.c
+++ b/drivers/edac/skx_edac.c
@@ -668,7 +668,7 @@ sad_found:
break;
case 2:
lchan = (addr >> shift) % 2;
- lchan = (lchan << 1) | ~lchan;
+ lchan = (lchan << 1) | !lchan;
break;
case 3:
lchan = ((addr >> shift) % 2) << 1;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 237/361] ARM: dts: dra7: Fix up unaligned access setting for PCIe EP
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (235 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 236/361] EDAC, skx_edac: Fix logical channel intermediate decoding Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 238/361] PCI/ASPM: Fix link_state teardown on device removal Greg Kroah-Hartman
` (126 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Vignesh R, Tony Lindgren
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vignesh R <vigneshr@ti.com>
commit 6d0af44a82be87c13f2320821e9fbb8b8cf5a56f upstream.
Bit positions of PCIE_SS1_AXI2OCP_LEGACY_MODE_ENABLE and
PCIE_SS1_AXI2OCP_LEGACY_MODE_ENABLE in CTRL_CORE_SMA_SW_7 are
incorrectly documented in the TRM. In fact, the bit positions are
swapped. Update the DT bindings for PCIe EP to reflect the same.
Fixes: d23f3839fe97 ("ARM: dts: DRA7: Add pcie1 dt node for EP mode")
Cc: stable@vger.kernel.org
Signed-off-by: Vignesh R <vigneshr@ti.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/boot/dts/dra7.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm/boot/dts/dra7.dtsi
+++ b/arch/arm/boot/dts/dra7.dtsi
@@ -354,7 +354,7 @@
ti,hwmods = "pcie1";
phys = <&pcie1_phy>;
phy-names = "pcie-phy0";
- ti,syscon-unaligned-access = <&scm_conf1 0x14 2>;
+ ti,syscon-unaligned-access = <&scm_conf1 0x14 1>;
status = "disabled";
};
};
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 238/361] PCI/ASPM: Fix link_state teardown on device removal
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (236 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 237/361] ARM: dts: dra7: Fix up unaligned access setting for PCIe EP Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 239/361] PCI: Add Device IDs for Intel GPU "spurious interrupt" quirk Greg Kroah-Hartman
` (125 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lukas Wunner, Bjorn Helgaas, Shaohua Li
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lukas Wunner <lukas@wunner.de>
commit aeae4f3e5c38d47bdaef50446dc0ec857307df68 upstream.
Upon removal of the last device on a bus, the link_state of the bridge
leading to that bus is sought to be torn down by having pci_stop_dev()
call pcie_aspm_exit_link_state().
When ASPM was originally introduced by commit 7d715a6c1ae5 ("PCI: add
PCI Express ASPM support"), it determined whether the device being
removed is the last one by calling list_empty() on the bridge's
subordinate devices list. That didn't work because the device is only
removed from the list slightly later in pci_destroy_dev().
Commit 3419c75e15f8 ("PCI: properly clean up ASPM link state on device
remove") attempted to fix it by calling list_is_last(), but that's not
correct either because it checks whether the device is at the *end* of
the list, not whether it's the last one *left* in the list. If the user
removes the device which happens to be at the end of the list via sysfs
but other devices are preceding the device in the list, the link_state
is torn down prematurely.
The real fix is to move the invocation of pcie_aspm_exit_link_state() to
pci_destroy_dev() and reinstate the call to list_empty(). Remove a
duplicate check for dev->bus->self because pcie_aspm_exit_link_state()
already contains an identical check.
Fixes: 7d715a6c1ae5 ("PCI: add PCI Express ASPM support")
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: Shaohua Li <shaohua.li@intel.com>
Cc: stable@vger.kernel.org # v2.6.26
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/pcie/aspm.c | 2 +-
drivers/pci/remove.c | 4 +---
2 files changed, 2 insertions(+), 4 deletions(-)
--- a/drivers/pci/pcie/aspm.c
+++ b/drivers/pci/pcie/aspm.c
@@ -991,7 +991,7 @@ void pcie_aspm_exit_link_state(struct pc
* All PCIe functions are in one slot, remove one function will remove
* the whole slot, so just wait until we are the last function left.
*/
- if (!list_is_last(&pdev->bus_list, &parent->subordinate->devices))
+ if (!list_empty(&parent->subordinate->devices))
goto out;
link = parent->link_state;
--- a/drivers/pci/remove.c
+++ b/drivers/pci/remove.c
@@ -25,9 +25,6 @@ static void pci_stop_dev(struct pci_dev
pci_dev_assign_added(dev, false);
}
-
- if (dev->bus->self)
- pcie_aspm_exit_link_state(dev);
}
static void pci_destroy_dev(struct pci_dev *dev)
@@ -41,6 +38,7 @@ static void pci_destroy_dev(struct pci_d
list_del(&dev->bus_list);
up_write(&pci_bus_sem);
+ pcie_aspm_exit_link_state(dev);
pci_bridge_d3_update(dev);
pci_free_resources(dev);
put_device(&dev->dev);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 239/361] PCI: Add Device IDs for Intel GPU "spurious interrupt" quirk
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (237 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 238/361] PCI/ASPM: Fix link_state teardown on device removal Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 240/361] signal/GenWQE: Fix sending of SIGKILL Greg Kroah-Hartman
` (124 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Bin Meng, Bjorn Helgaas
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bin Meng <bmeng.cn@gmail.com>
commit d0c9606b31a21028fb5b753c8ad79626292accfd upstream.
Add Device IDs to the Intel GPU "spurious interrupt" quirk table.
For these devices, unplugging the VGA cable and plugging it in again causes
spurious interrupts from the IGD. Linux eventually disables the interrupt,
but of course that disables any other devices sharing the interrupt.
The theory is that this is a VGA BIOS defect: it should have disabled the
IGD interrupt but failed to do so.
See f67fd55fa96f ("PCI: Add quirk for still enabled interrupts on Intel
Sandy Bridge GPUs") and 7c82126a94e6 ("PCI: Add new ID for Intel GPU
"spurious interrupt" quirk") for some history.
[bhelgaas: See link below for discussion about how to fix this more
generically instead of adding device IDs for every new Intel GPU. I hope
this is the last patch to add device IDs.]
Link: https://lore.kernel.org/linux-pci/1537974841-29928-1-git-send-email-bmeng.cn@gmail.com
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
[bhelgaas: changelog]
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: stable@vger.kernel.org # v3.4+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/quirks.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/pci/quirks.c
+++ b/drivers/pci/quirks.c
@@ -3190,7 +3190,11 @@ static void disable_igfx_irq(struct pci_
pci_iounmap(dev, regs);
}
+DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x0042, disable_igfx_irq);
+DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x0046, disable_igfx_irq);
+DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x004a, disable_igfx_irq);
DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x0102, disable_igfx_irq);
+DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x0106, disable_igfx_irq);
DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x010a, disable_igfx_irq);
DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x0152, disable_igfx_irq);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 240/361] signal/GenWQE: Fix sending of SIGKILL
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (238 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 239/361] PCI: Add Device IDs for Intel GPU "spurious interrupt" quirk Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 241/361] signal: Guard against negative signal numbers in copy_siginfo_from_user32 Greg Kroah-Hartman
` (123 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Frank Haverkamp, Joerg-Stephan Vogt,
Michael Jung, Michael Ruettger, Kleber Sacilotto de Souza,
Sebastian Ott, Eberhard S. Amann, Gabriel Krisman Bertazi,
Guilherme G. Piccoli, Eric W. Biederman
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric W. Biederman <ebiederm@xmission.com>
commit 0ab93e9c99f8208c0a1a7b7170c827936268c996 upstream.
The genweq_add_file and genwqe_del_file by caching current without
using reference counting embed the assumption that a file descriptor
will never be passed from one process to another. It even embeds the
assumption that the the thread that opened the file will be in
existence when the process terminates. Neither of which are
guaranteed to be true.
Therefore replace caching the task_struct of the opener with
pid of the openers thread group id. All the knowledge of the
opener is used for is as the target of SIGKILL and a SIGKILL
will kill the entire process group.
Rename genwqe_force_sig to genwqe_terminate, remove it's unncessary
signal argument, update it's ownly caller, and use kill_pid
instead of force_sig.
The work force_sig does in changing signal handling state is not
relevant to SIGKILL sent as SEND_SIG_PRIV. The exact same processess
will be killed just with less work, and less confusion. The work done
by force_sig is really only needed for handling syncrhonous
exceptions.
It will still be possible to cause genwqe_device_remove to wait
8 seconds by passing a file descriptor to another process but
the possible user after free is fixed.
Fixes: eaf4722d4645 ("GenWQE Character device and DDCB queue")
Cc: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Frank Haverkamp <haver@linux.vnet.ibm.com>
Cc: Joerg-Stephan Vogt <jsvogt@de.ibm.com>
Cc: Michael Jung <mijung@gmx.net>
Cc: Michael Ruettger <michael@ibmra.de>
Cc: Kleber Sacilotto de Souza <klebers@linux.vnet.ibm.com>
Cc: Sebastian Ott <sebott@linux.vnet.ibm.com>
Cc: Eberhard S. Amann <esa@linux.vnet.ibm.com>
Cc: Gabriel Krisman Bertazi <krisman@linux.vnet.ibm.com>
Cc: Guilherme G. Piccoli <gpiccoli@linux.vnet.ibm.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/misc/genwqe/card_base.h | 2 +-
drivers/misc/genwqe/card_dev.c | 9 +++++----
2 files changed, 6 insertions(+), 5 deletions(-)
--- a/drivers/misc/genwqe/card_base.h
+++ b/drivers/misc/genwqe/card_base.h
@@ -408,7 +408,7 @@ struct genwqe_file {
struct file *filp;
struct fasync_struct *async_queue;
- struct task_struct *owner;
+ struct pid *opener;
struct list_head list; /* entry in list of open files */
spinlock_t map_lock; /* lock for dma_mappings */
--- a/drivers/misc/genwqe/card_dev.c
+++ b/drivers/misc/genwqe/card_dev.c
@@ -52,7 +52,7 @@ static void genwqe_add_file(struct genwq
{
unsigned long flags;
- cfile->owner = current;
+ cfile->opener = get_pid(task_tgid(current));
spin_lock_irqsave(&cd->file_lock, flags);
list_add(&cfile->list, &cd->file_list);
spin_unlock_irqrestore(&cd->file_lock, flags);
@@ -65,6 +65,7 @@ static int genwqe_del_file(struct genwqe
spin_lock_irqsave(&cd->file_lock, flags);
list_del(&cfile->list);
spin_unlock_irqrestore(&cd->file_lock, flags);
+ put_pid(cfile->opener);
return 0;
}
@@ -275,7 +276,7 @@ static int genwqe_kill_fasync(struct gen
return files;
}
-static int genwqe_force_sig(struct genwqe_dev *cd, int sig)
+static int genwqe_terminate(struct genwqe_dev *cd)
{
unsigned int files = 0;
unsigned long flags;
@@ -283,7 +284,7 @@ static int genwqe_force_sig(struct genwq
spin_lock_irqsave(&cd->file_lock, flags);
list_for_each_entry(cfile, &cd->file_list, list) {
- force_sig(sig, cfile->owner);
+ kill_pid(cfile->opener, SIGKILL, 1);
files++;
}
spin_unlock_irqrestore(&cd->file_lock, flags);
@@ -1352,7 +1353,7 @@ static int genwqe_inform_and_stop_proces
dev_warn(&pci_dev->dev,
"[%s] send SIGKILL and wait ...\n", __func__);
- rc = genwqe_force_sig(cd, SIGKILL); /* force terminate */
+ rc = genwqe_terminate(cd);
if (rc) {
/* Give kill_timout more seconds to end processes */
for (i = 0; (i < GENWQE_KILL_TIMEOUT) &&
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 241/361] signal: Guard against negative signal numbers in copy_siginfo_from_user32
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (239 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 240/361] signal/GenWQE: Fix sending of SIGKILL Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 242/361] crypto: lrw - Fix out-of bounds access on counter overflow Greg Kroah-Hartman
` (122 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Eric W. Biederman
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric W. Biederman <ebiederm@xmission.com>
commit a36700589b85443e28170be59fa11c8a104130a5 upstream.
While fixing an out of bounds array access in known_siginfo_layout
reported by the kernel test robot it became apparent that the same bug
exists in siginfo_layout and affects copy_siginfo_from_user32.
The straight forward fix that makes guards against making this mistake
in the future and should keep the code size small is to just take an
unsigned signal number instead of a signed signal number, as I did to
fix known_siginfo_layout.
Cc: stable@vger.kernel.org
Fixes: cc731525f26a ("signal: Remove kernel interal si_code magic")
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/signal.h | 2 +-
kernel/signal.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
--- a/include/linux/signal.h
+++ b/include/linux/signal.h
@@ -36,7 +36,7 @@ enum siginfo_layout {
SIL_SYS,
};
-enum siginfo_layout siginfo_layout(int sig, int si_code);
+enum siginfo_layout siginfo_layout(unsigned sig, int si_code);
/*
* Define some primitives to manipulate sigset_t.
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -2847,7 +2847,7 @@ COMPAT_SYSCALL_DEFINE2(rt_sigpending, co
}
#endif
-enum siginfo_layout siginfo_layout(int sig, int si_code)
+enum siginfo_layout siginfo_layout(unsigned sig, int si_code)
{
enum siginfo_layout layout = SIL_KILL;
if ((si_code > SI_USER) && (si_code < SI_KERNEL)) {
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 242/361] crypto: lrw - Fix out-of bounds access on counter overflow
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (240 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 241/361] signal: Guard against negative signal numbers in copy_siginfo_from_user32 Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 243/361] crypto: tcrypt - fix ghash-generic speed test Greg Kroah-Hartman
` (121 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Biggers, Ondrej Mosnacek, Herbert Xu
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ondrej Mosnacek <omosnace@redhat.com>
commit fbe1a850b3b1522e9fc22319ccbbcd2ab05328d2 upstream.
When the LRW block counter overflows, the current implementation returns
128 as the index to the precomputed multiplication table, which has 128
entries. This patch fixes it to return the correct value (127).
Fixes: 64470f1b8510 ("[CRYPTO] lrw: Liskov Rivest Wagner, a tweakable narrow block cipher mode")
Cc: <stable@vger.kernel.org> # 2.6.20+
Reported-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
crypto/lrw.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- a/crypto/lrw.c
+++ b/crypto/lrw.c
@@ -143,7 +143,12 @@ static inline int get_index128(be128 *bl
return x + ffz(val);
}
- return x;
+ /*
+ * If we get here, then x == 128 and we are incrementing the counter
+ * from all ones to all zeros. This means we must return index 127, i.e.
+ * the one corresponding to key2*{ 1,...,1 }.
+ */
+ return 127;
}
static int post_crypt(struct skcipher_request *req)
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 243/361] crypto: tcrypt - fix ghash-generic speed test
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (241 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 242/361] crypto: lrw - Fix out-of bounds access on counter overflow Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 244/361] crypto: aesni - dont use GFP_ATOMIC allocation if the request doesnt cross a page in gcm Greg Kroah-Hartman
` (120 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Franck Lenormand, Horia Geantă,
Ard Biesheuvel, Herbert Xu
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Horia Geantă <horia.geanta@nxp.com>
commit 331351f89c36bf7d03561a28b6f64fa10a9f6f3a upstream.
ghash is a keyed hash algorithm, thus setkey needs to be called.
Otherwise the following error occurs:
$ modprobe tcrypt mode=318 sec=1
testing speed of async ghash-generic (ghash-generic)
tcrypt: test 0 ( 16 byte blocks, 16 bytes per update, 1 updates):
tcrypt: hashing failed ret=-126
Cc: <stable@vger.kernel.org> # 4.6+
Fixes: 0660511c0bee ("crypto: tcrypt - Use ahash")
Tested-by: Franck Lenormand <franck.lenormand@nxp.com>
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
crypto/tcrypt.c | 3 +++
1 file changed, 3 insertions(+)
--- a/crypto/tcrypt.c
+++ b/crypto/tcrypt.c
@@ -1103,6 +1103,9 @@ static void test_ahash_speed_common(cons
break;
}
+ if (speed[i].klen)
+ crypto_ahash_setkey(tfm, tvmem[0], speed[i].klen);
+
pr_info("test%3u "
"(%5u byte blocks,%5u bytes per update,%4u updates): ",
i, speed[i].blen, speed[i].plen, speed[i].blen / speed[i].plen);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 244/361] crypto: aesni - dont use GFP_ATOMIC allocation if the request doesnt cross a page in gcm
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (242 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 243/361] crypto: tcrypt - fix ghash-generic speed test Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 245/361] crypto: morus/generic - fix for big endian systems Greg Kroah-Hartman
` (119 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mikulas Patocka, Herbert Xu
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mikulas Patocka <mpatocka@redhat.com>
commit a788848116454d753b13a4888e0e31ada3c4d393 upstream.
This patch fixes gcmaes_crypt_by_sg so that it won't use memory
allocation if the data doesn't cross a page boundary.
Authenticated encryption may be used by dm-crypt. If the encryption or
decryption fails, it would result in I/O error and filesystem corruption.
The function gcmaes_crypt_by_sg is using GFP_ATOMIC allocation that can
fail anytime. This patch fixes the logic so that it won't attempt the
failing allocation if the data doesn't cross a page boundary.
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/crypto/aesni-intel_glue.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/x86/crypto/aesni-intel_glue.c
+++ b/arch/x86/crypto/aesni-intel_glue.c
@@ -817,7 +817,7 @@ static int gcmaes_crypt_by_sg(bool enc,
/* Linearize assoc, if not already linear */
if (req->src->length >= assoclen && req->src->length &&
(!PageHighMem(sg_page(req->src)) ||
- req->src->offset + req->src->length < PAGE_SIZE)) {
+ req->src->offset + req->src->length <= PAGE_SIZE)) {
scatterwalk_start(&assoc_sg_walk, req->src);
assoc = scatterwalk_map(&assoc_sg_walk);
} else {
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 245/361] crypto: morus/generic - fix for big endian systems
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (243 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 244/361] crypto: aesni - dont use GFP_ATOMIC allocation if the request doesnt cross a page in gcm Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 246/361] crypto: aegis/generic " Greg Kroah-Hartman
` (118 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ondrej Mosnacek, Ard Biesheuvel, Herbert Xu
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
commit 5a8dedfa3276e88c5865f265195d63d72aec3e72 upstream.
Omit the endian swabbing when folding the lengths of the assoc and
crypt input buffers into the state to finalize the tag. This is not
necessary given that the memory representation of the state is in
machine native endianness already.
This fixes an error reported by tcrypt running on a big endian system:
alg: aead: Test 2 failed on encryption for morus640-generic
00000000: a8 30 ef fb e6 26 eb 23 b0 87 dd 98 57 f3 e1 4b
00000010: 21
alg: aead: Test 2 failed on encryption for morus1280-generic
00000000: 88 19 1b fb 1c 29 49 0e ee 82 2f cb 97 a6 a5 ee
00000010: 5f
Fixes: 396be41f16fd ("crypto: morus - Add generic MORUS AEAD implementations")
Cc: <stable@vger.kernel.org> # v4.18+
Reviewed-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
crypto/morus1280.c | 7 ++-----
crypto/morus640.c | 16 ++++------------
2 files changed, 6 insertions(+), 17 deletions(-)
--- a/crypto/morus1280.c
+++ b/crypto/morus1280.c
@@ -385,14 +385,11 @@ static void crypto_morus1280_final(struc
struct morus1280_block *tag_xor,
u64 assoclen, u64 cryptlen)
{
- u64 assocbits = assoclen * 8;
- u64 cryptbits = cryptlen * 8;
-
struct morus1280_block tmp;
unsigned int i;
- tmp.words[0] = cpu_to_le64(assocbits);
- tmp.words[1] = cpu_to_le64(cryptbits);
+ tmp.words[0] = assoclen * 8;
+ tmp.words[1] = cryptlen * 8;
tmp.words[2] = 0;
tmp.words[3] = 0;
--- a/crypto/morus640.c
+++ b/crypto/morus640.c
@@ -384,21 +384,13 @@ static void crypto_morus640_final(struct
struct morus640_block *tag_xor,
u64 assoclen, u64 cryptlen)
{
- u64 assocbits = assoclen * 8;
- u64 cryptbits = cryptlen * 8;
-
- u32 assocbits_lo = (u32)assocbits;
- u32 assocbits_hi = (u32)(assocbits >> 32);
- u32 cryptbits_lo = (u32)cryptbits;
- u32 cryptbits_hi = (u32)(cryptbits >> 32);
-
struct morus640_block tmp;
unsigned int i;
- tmp.words[0] = cpu_to_le32(assocbits_lo);
- tmp.words[1] = cpu_to_le32(assocbits_hi);
- tmp.words[2] = cpu_to_le32(cryptbits_lo);
- tmp.words[3] = cpu_to_le32(cryptbits_hi);
+ tmp.words[0] = lower_32_bits(assoclen * 8);
+ tmp.words[1] = upper_32_bits(assoclen * 8);
+ tmp.words[2] = lower_32_bits(cryptlen * 8);
+ tmp.words[3] = upper_32_bits(cryptlen * 8);
for (i = 0; i < MORUS_BLOCK_WORDS; i++)
state->s[4].words[i] ^= state->s[0].words[i];
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 246/361] crypto: aegis/generic - fix for big endian systems
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (244 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 245/361] crypto: morus/generic - fix for big endian systems Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 247/361] crypto: speck - remove Speck Greg Kroah-Hartman
` (117 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ard Biesheuvel, Ondrej Mosnacek, Herbert Xu
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
commit 4a34e3c2f2f48f47213702a84a123af0fe21ad60 upstream.
Use the correct __le32 annotation and accessors to perform the
single round of AES encryption performed inside the AEGIS transform.
Otherwise, tcrypt reports:
alg: aead: Test 1 failed on encryption for aegis128-generic
00000000: 6c 25 25 4a 3c 10 1d 27 2b c1 d4 84 9a ef 7f 6e
alg: aead: Test 1 failed on encryption for aegis128l-generic
00000000: cd c6 e3 b8 a0 70 9d 8e c2 4f 6f fe 71 42 df 28
alg: aead: Test 1 failed on encryption for aegis256-generic
00000000: aa ed 07 b1 96 1d e9 e6 f2 ed b5 8e 1c 5f dc 1c
Fixes: f606a88e5823 ("crypto: aegis - Add generic AEGIS AEAD implementations")
Cc: <stable@vger.kernel.org> # v4.18+
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
crypto/aegis.h | 22 ++++++++++------------
1 file changed, 10 insertions(+), 12 deletions(-)
--- a/crypto/aegis.h
+++ b/crypto/aegis.h
@@ -21,7 +21,7 @@
union aegis_block {
__le64 words64[AEGIS_BLOCK_SIZE / sizeof(__le64)];
- u32 words32[AEGIS_BLOCK_SIZE / sizeof(u32)];
+ __le32 words32[AEGIS_BLOCK_SIZE / sizeof(__le32)];
u8 bytes[AEGIS_BLOCK_SIZE];
};
@@ -57,24 +57,22 @@ static void crypto_aegis_aesenc(union ae
const union aegis_block *src,
const union aegis_block *key)
{
- u32 *d = dst->words32;
const u8 *s = src->bytes;
- const u32 *k = key->words32;
const u32 *t0 = crypto_ft_tab[0];
const u32 *t1 = crypto_ft_tab[1];
const u32 *t2 = crypto_ft_tab[2];
const u32 *t3 = crypto_ft_tab[3];
u32 d0, d1, d2, d3;
- d0 = t0[s[ 0]] ^ t1[s[ 5]] ^ t2[s[10]] ^ t3[s[15]] ^ k[0];
- d1 = t0[s[ 4]] ^ t1[s[ 9]] ^ t2[s[14]] ^ t3[s[ 3]] ^ k[1];
- d2 = t0[s[ 8]] ^ t1[s[13]] ^ t2[s[ 2]] ^ t3[s[ 7]] ^ k[2];
- d3 = t0[s[12]] ^ t1[s[ 1]] ^ t2[s[ 6]] ^ t3[s[11]] ^ k[3];
-
- d[0] = d0;
- d[1] = d1;
- d[2] = d2;
- d[3] = d3;
+ d0 = t0[s[ 0]] ^ t1[s[ 5]] ^ t2[s[10]] ^ t3[s[15]];
+ d1 = t0[s[ 4]] ^ t1[s[ 9]] ^ t2[s[14]] ^ t3[s[ 3]];
+ d2 = t0[s[ 8]] ^ t1[s[13]] ^ t2[s[ 2]] ^ t3[s[ 7]];
+ d3 = t0[s[12]] ^ t1[s[ 1]] ^ t2[s[ 6]] ^ t3[s[11]];
+
+ dst->words32[0] = cpu_to_le32(d0) ^ key->words32[0];
+ dst->words32[1] = cpu_to_le32(d1) ^ key->words32[1];
+ dst->words32[2] = cpu_to_le32(d2) ^ key->words32[2];
+ dst->words32[3] = cpu_to_le32(d3) ^ key->words32[3];
}
#endif /* _CRYPTO_AEGIS_H */
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 247/361] crypto: speck - remove Speck
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (245 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 246/361] crypto: aegis/generic " Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 248/361] mm: /proc/pid/smaps_rollup: fix NULL pointer deref in smaps_pte_range() Greg Kroah-Hartman
` (116 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jason A. Donenfeld, Eric Biggers,
Ard Biesheuvel, Herbert Xu
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jason A. Donenfeld <Jason@zx2c4.com>
commit 578bdaabd015b9b164842c3e8ace9802f38e7ecc upstream.
These are unused, undesired, and have never actually been used by
anybody. The original authors of this code have changed their mind about
its inclusion. While originally proposed for disk encryption on low-end
devices, the idea was discarded [1] in favor of something else before
that could really get going. Therefore, this patch removes Speck.
[1] https://marc.info/?l=linux-crypto-vger&m=153359499015659
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Acked-by: Eric Biggers <ebiggers@google.com>
Cc: stable@vger.kernel.org
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Documentation/filesystems/fscrypt.rst | 10
arch/arm/crypto/Kconfig | 6
arch/arm/crypto/Makefile | 2
arch/arm/crypto/speck-neon-core.S | 434 -------------------
arch/arm/crypto/speck-neon-glue.c | 288 -------------
arch/arm64/crypto/Kconfig | 6
arch/arm64/crypto/Makefile | 3
arch/arm64/crypto/speck-neon-core.S | 352 ----------------
arch/arm64/crypto/speck-neon-glue.c | 282 ------------
arch/m68k/configs/amiga_defconfig | 1
arch/m68k/configs/apollo_defconfig | 1
arch/m68k/configs/atari_defconfig | 1
arch/m68k/configs/bvme6000_defconfig | 1
arch/m68k/configs/hp300_defconfig | 1
arch/m68k/configs/mac_defconfig | 1
arch/m68k/configs/multi_defconfig | 1
arch/m68k/configs/mvme147_defconfig | 1
arch/m68k/configs/mvme16x_defconfig | 1
arch/m68k/configs/q40_defconfig | 1
arch/m68k/configs/sun3_defconfig | 1
arch/m68k/configs/sun3x_defconfig | 1
arch/s390/defconfig | 1
crypto/Kconfig | 14
crypto/Makefile | 1
crypto/speck.c | 307 --------------
crypto/testmgr.c | 24 -
crypto/testmgr.h | 738 ----------------------------------
fs/crypto/fscrypt_private.h | 4
fs/crypto/keyinfo.c | 10
include/crypto/speck.h | 62 --
include/uapi/linux/fs.h | 4
31 files changed, 2 insertions(+), 2558 deletions(-)
--- a/Documentation/filesystems/fscrypt.rst
+++ b/Documentation/filesystems/fscrypt.rst
@@ -191,21 +191,11 @@ Currently, the following pairs of encryp
- AES-256-XTS for contents and AES-256-CTS-CBC for filenames
- AES-128-CBC for contents and AES-128-CTS-CBC for filenames
-- Speck128/256-XTS for contents and Speck128/256-CTS-CBC for filenames
It is strongly recommended to use AES-256-XTS for contents encryption.
AES-128-CBC was added only for low-powered embedded devices with
crypto accelerators such as CAAM or CESA that do not support XTS.
-Similarly, Speck128/256 support was only added for older or low-end
-CPUs which cannot do AES fast enough -- especially ARM CPUs which have
-NEON instructions but not the Cryptography Extensions -- and for which
-it would not otherwise be feasible to use encryption at all. It is
-not recommended to use Speck on CPUs that have AES instructions.
-Speck support is only available if it has been enabled in the crypto
-API via CONFIG_CRYPTO_SPECK. Also, on ARM platforms, to get
-acceptable performance CONFIG_CRYPTO_SPECK_NEON must be enabled.
-
New encryption modes can be added relatively easily, without changes
to individual filesystems. However, authenticated encryption (AE)
modes are not currently supported because of the difficulty of dealing
--- a/arch/arm/crypto/Kconfig
+++ b/arch/arm/crypto/Kconfig
@@ -121,10 +121,4 @@ config CRYPTO_CHACHA20_NEON
select CRYPTO_BLKCIPHER
select CRYPTO_CHACHA20
-config CRYPTO_SPECK_NEON
- tristate "NEON accelerated Speck cipher algorithms"
- depends on KERNEL_MODE_NEON
- select CRYPTO_BLKCIPHER
- select CRYPTO_SPECK
-
endif
--- a/arch/arm/crypto/Makefile
+++ b/arch/arm/crypto/Makefile
@@ -10,7 +10,6 @@ obj-$(CONFIG_CRYPTO_SHA1_ARM_NEON) += sh
obj-$(CONFIG_CRYPTO_SHA256_ARM) += sha256-arm.o
obj-$(CONFIG_CRYPTO_SHA512_ARM) += sha512-arm.o
obj-$(CONFIG_CRYPTO_CHACHA20_NEON) += chacha20-neon.o
-obj-$(CONFIG_CRYPTO_SPECK_NEON) += speck-neon.o
ce-obj-$(CONFIG_CRYPTO_AES_ARM_CE) += aes-arm-ce.o
ce-obj-$(CONFIG_CRYPTO_SHA1_ARM_CE) += sha1-arm-ce.o
@@ -54,7 +53,6 @@ ghash-arm-ce-y := ghash-ce-core.o ghash-
crct10dif-arm-ce-y := crct10dif-ce-core.o crct10dif-ce-glue.o
crc32-arm-ce-y:= crc32-ce-core.o crc32-ce-glue.o
chacha20-neon-y := chacha20-neon-core.o chacha20-neon-glue.o
-speck-neon-y := speck-neon-core.o speck-neon-glue.o
ifdef REGENERATE_ARM_CRYPTO
quiet_cmd_perl = PERL $@
--- a/arch/arm/crypto/speck-neon-core.S
+++ /dev/null
@@ -1,434 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0
-/*
- * NEON-accelerated implementation of Speck128-XTS and Speck64-XTS
- *
- * Copyright (c) 2018 Google, Inc
- *
- * Author: Eric Biggers <ebiggers@google.com>
- */
-
-#include <linux/linkage.h>
-
- .text
- .fpu neon
-
- // arguments
- ROUND_KEYS .req r0 // const {u64,u32} *round_keys
- NROUNDS .req r1 // int nrounds
- DST .req r2 // void *dst
- SRC .req r3 // const void *src
- NBYTES .req r4 // unsigned int nbytes
- TWEAK .req r5 // void *tweak
-
- // registers which hold the data being encrypted/decrypted
- X0 .req q0
- X0_L .req d0
- X0_H .req d1
- Y0 .req q1
- Y0_H .req d3
- X1 .req q2
- X1_L .req d4
- X1_H .req d5
- Y1 .req q3
- Y1_H .req d7
- X2 .req q4
- X2_L .req d8
- X2_H .req d9
- Y2 .req q5
- Y2_H .req d11
- X3 .req q6
- X3_L .req d12
- X3_H .req d13
- Y3 .req q7
- Y3_H .req d15
-
- // the round key, duplicated in all lanes
- ROUND_KEY .req q8
- ROUND_KEY_L .req d16
- ROUND_KEY_H .req d17
-
- // index vector for vtbl-based 8-bit rotates
- ROTATE_TABLE .req d18
-
- // multiplication table for updating XTS tweaks
- GF128MUL_TABLE .req d19
- GF64MUL_TABLE .req d19
-
- // current XTS tweak value(s)
- TWEAKV .req q10
- TWEAKV_L .req d20
- TWEAKV_H .req d21
-
- TMP0 .req q12
- TMP0_L .req d24
- TMP0_H .req d25
- TMP1 .req q13
- TMP2 .req q14
- TMP3 .req q15
-
- .align 4
-.Lror64_8_table:
- .byte 1, 2, 3, 4, 5, 6, 7, 0
-.Lror32_8_table:
- .byte 1, 2, 3, 0, 5, 6, 7, 4
-.Lrol64_8_table:
- .byte 7, 0, 1, 2, 3, 4, 5, 6
-.Lrol32_8_table:
- .byte 3, 0, 1, 2, 7, 4, 5, 6
-.Lgf128mul_table:
- .byte 0, 0x87
- .fill 14
-.Lgf64mul_table:
- .byte 0, 0x1b, (0x1b << 1), (0x1b << 1) ^ 0x1b
- .fill 12
-
-/*
- * _speck_round_128bytes() - Speck encryption round on 128 bytes at a time
- *
- * Do one Speck encryption round on the 128 bytes (8 blocks for Speck128, 16 for
- * Speck64) stored in X0-X3 and Y0-Y3, using the round key stored in all lanes
- * of ROUND_KEY. 'n' is the lane size: 64 for Speck128, or 32 for Speck64.
- *
- * The 8-bit rotates are implemented using vtbl instead of vshr + vsli because
- * the vtbl approach is faster on some processors and the same speed on others.
- */
-.macro _speck_round_128bytes n
-
- // x = ror(x, 8)
- vtbl.8 X0_L, {X0_L}, ROTATE_TABLE
- vtbl.8 X0_H, {X0_H}, ROTATE_TABLE
- vtbl.8 X1_L, {X1_L}, ROTATE_TABLE
- vtbl.8 X1_H, {X1_H}, ROTATE_TABLE
- vtbl.8 X2_L, {X2_L}, ROTATE_TABLE
- vtbl.8 X2_H, {X2_H}, ROTATE_TABLE
- vtbl.8 X3_L, {X3_L}, ROTATE_TABLE
- vtbl.8 X3_H, {X3_H}, ROTATE_TABLE
-
- // x += y
- vadd.u\n X0, Y0
- vadd.u\n X1, Y1
- vadd.u\n X2, Y2
- vadd.u\n X3, Y3
-
- // x ^= k
- veor X0, ROUND_KEY
- veor X1, ROUND_KEY
- veor X2, ROUND_KEY
- veor X3, ROUND_KEY
-
- // y = rol(y, 3)
- vshl.u\n TMP0, Y0, #3
- vshl.u\n TMP1, Y1, #3
- vshl.u\n TMP2, Y2, #3
- vshl.u\n TMP3, Y3, #3
- vsri.u\n TMP0, Y0, #(\n - 3)
- vsri.u\n TMP1, Y1, #(\n - 3)
- vsri.u\n TMP2, Y2, #(\n - 3)
- vsri.u\n TMP3, Y3, #(\n - 3)
-
- // y ^= x
- veor Y0, TMP0, X0
- veor Y1, TMP1, X1
- veor Y2, TMP2, X2
- veor Y3, TMP3, X3
-.endm
-
-/*
- * _speck_unround_128bytes() - Speck decryption round on 128 bytes at a time
- *
- * This is the inverse of _speck_round_128bytes().
- */
-.macro _speck_unround_128bytes n
-
- // y ^= x
- veor TMP0, Y0, X0
- veor TMP1, Y1, X1
- veor TMP2, Y2, X2
- veor TMP3, Y3, X3
-
- // y = ror(y, 3)
- vshr.u\n Y0, TMP0, #3
- vshr.u\n Y1, TMP1, #3
- vshr.u\n Y2, TMP2, #3
- vshr.u\n Y3, TMP3, #3
- vsli.u\n Y0, TMP0, #(\n - 3)
- vsli.u\n Y1, TMP1, #(\n - 3)
- vsli.u\n Y2, TMP2, #(\n - 3)
- vsli.u\n Y3, TMP3, #(\n - 3)
-
- // x ^= k
- veor X0, ROUND_KEY
- veor X1, ROUND_KEY
- veor X2, ROUND_KEY
- veor X3, ROUND_KEY
-
- // x -= y
- vsub.u\n X0, Y0
- vsub.u\n X1, Y1
- vsub.u\n X2, Y2
- vsub.u\n X3, Y3
-
- // x = rol(x, 8);
- vtbl.8 X0_L, {X0_L}, ROTATE_TABLE
- vtbl.8 X0_H, {X0_H}, ROTATE_TABLE
- vtbl.8 X1_L, {X1_L}, ROTATE_TABLE
- vtbl.8 X1_H, {X1_H}, ROTATE_TABLE
- vtbl.8 X2_L, {X2_L}, ROTATE_TABLE
- vtbl.8 X2_H, {X2_H}, ROTATE_TABLE
- vtbl.8 X3_L, {X3_L}, ROTATE_TABLE
- vtbl.8 X3_H, {X3_H}, ROTATE_TABLE
-.endm
-
-.macro _xts128_precrypt_one dst_reg, tweak_buf, tmp
-
- // Load the next source block
- vld1.8 {\dst_reg}, [SRC]!
-
- // Save the current tweak in the tweak buffer
- vst1.8 {TWEAKV}, [\tweak_buf:128]!
-
- // XOR the next source block with the current tweak
- veor \dst_reg, TWEAKV
-
- /*
- * Calculate the next tweak by multiplying the current one by x,
- * modulo p(x) = x^128 + x^7 + x^2 + x + 1.
- */
- vshr.u64 \tmp, TWEAKV, #63
- vshl.u64 TWEAKV, #1
- veor TWEAKV_H, \tmp\()_L
- vtbl.8 \tmp\()_H, {GF128MUL_TABLE}, \tmp\()_H
- veor TWEAKV_L, \tmp\()_H
-.endm
-
-.macro _xts64_precrypt_two dst_reg, tweak_buf, tmp
-
- // Load the next two source blocks
- vld1.8 {\dst_reg}, [SRC]!
-
- // Save the current two tweaks in the tweak buffer
- vst1.8 {TWEAKV}, [\tweak_buf:128]!
-
- // XOR the next two source blocks with the current two tweaks
- veor \dst_reg, TWEAKV
-
- /*
- * Calculate the next two tweaks by multiplying the current ones by x^2,
- * modulo p(x) = x^64 + x^4 + x^3 + x + 1.
- */
- vshr.u64 \tmp, TWEAKV, #62
- vshl.u64 TWEAKV, #2
- vtbl.8 \tmp\()_L, {GF64MUL_TABLE}, \tmp\()_L
- vtbl.8 \tmp\()_H, {GF64MUL_TABLE}, \tmp\()_H
- veor TWEAKV, \tmp
-.endm
-
-/*
- * _speck_xts_crypt() - Speck-XTS encryption/decryption
- *
- * Encrypt or decrypt NBYTES bytes of data from the SRC buffer to the DST buffer
- * using Speck-XTS, specifically the variant with a block size of '2n' and round
- * count given by NROUNDS. The expanded round keys are given in ROUND_KEYS, and
- * the current XTS tweak value is given in TWEAK. It's assumed that NBYTES is a
- * nonzero multiple of 128.
- */
-.macro _speck_xts_crypt n, decrypting
- push {r4-r7}
- mov r7, sp
-
- /*
- * The first four parameters were passed in registers r0-r3. Load the
- * additional parameters, which were passed on the stack.
- */
- ldr NBYTES, [sp, #16]
- ldr TWEAK, [sp, #20]
-
- /*
- * If decrypting, modify the ROUND_KEYS parameter to point to the last
- * round key rather than the first, since for decryption the round keys
- * are used in reverse order.
- */
-.if \decrypting
-.if \n == 64
- add ROUND_KEYS, ROUND_KEYS, NROUNDS, lsl #3
- sub ROUND_KEYS, #8
-.else
- add ROUND_KEYS, ROUND_KEYS, NROUNDS, lsl #2
- sub ROUND_KEYS, #4
-.endif
-.endif
-
- // Load the index vector for vtbl-based 8-bit rotates
-.if \decrypting
- ldr r12, =.Lrol\n\()_8_table
-.else
- ldr r12, =.Lror\n\()_8_table
-.endif
- vld1.8 {ROTATE_TABLE}, [r12:64]
-
- // One-time XTS preparation
-
- /*
- * Allocate stack space to store 128 bytes worth of tweaks. For
- * performance, this space is aligned to a 16-byte boundary so that we
- * can use the load/store instructions that declare 16-byte alignment.
- * For Thumb2 compatibility, don't do the 'bic' directly on 'sp'.
- */
- sub r12, sp, #128
- bic r12, #0xf
- mov sp, r12
-
-.if \n == 64
- // Load first tweak
- vld1.8 {TWEAKV}, [TWEAK]
-
- // Load GF(2^128) multiplication table
- ldr r12, =.Lgf128mul_table
- vld1.8 {GF128MUL_TABLE}, [r12:64]
-.else
- // Load first tweak
- vld1.8 {TWEAKV_L}, [TWEAK]
-
- // Load GF(2^64) multiplication table
- ldr r12, =.Lgf64mul_table
- vld1.8 {GF64MUL_TABLE}, [r12:64]
-
- // Calculate second tweak, packing it together with the first
- vshr.u64 TMP0_L, TWEAKV_L, #63
- vtbl.u8 TMP0_L, {GF64MUL_TABLE}, TMP0_L
- vshl.u64 TWEAKV_H, TWEAKV_L, #1
- veor TWEAKV_H, TMP0_L
-.endif
-
-.Lnext_128bytes_\@:
-
- /*
- * Load the source blocks into {X,Y}[0-3], XOR them with their XTS tweak
- * values, and save the tweaks on the stack for later. Then
- * de-interleave the 'x' and 'y' elements of each block, i.e. make it so
- * that the X[0-3] registers contain only the second halves of blocks,
- * and the Y[0-3] registers contain only the first halves of blocks.
- * (Speck uses the order (y, x) rather than the more intuitive (x, y).)
- */
- mov r12, sp
-.if \n == 64
- _xts128_precrypt_one X0, r12, TMP0
- _xts128_precrypt_one Y0, r12, TMP0
- _xts128_precrypt_one X1, r12, TMP0
- _xts128_precrypt_one Y1, r12, TMP0
- _xts128_precrypt_one X2, r12, TMP0
- _xts128_precrypt_one Y2, r12, TMP0
- _xts128_precrypt_one X3, r12, TMP0
- _xts128_precrypt_one Y3, r12, TMP0
- vswp X0_L, Y0_H
- vswp X1_L, Y1_H
- vswp X2_L, Y2_H
- vswp X3_L, Y3_H
-.else
- _xts64_precrypt_two X0, r12, TMP0
- _xts64_precrypt_two Y0, r12, TMP0
- _xts64_precrypt_two X1, r12, TMP0
- _xts64_precrypt_two Y1, r12, TMP0
- _xts64_precrypt_two X2, r12, TMP0
- _xts64_precrypt_two Y2, r12, TMP0
- _xts64_precrypt_two X3, r12, TMP0
- _xts64_precrypt_two Y3, r12, TMP0
- vuzp.32 Y0, X0
- vuzp.32 Y1, X1
- vuzp.32 Y2, X2
- vuzp.32 Y3, X3
-.endif
-
- // Do the cipher rounds
-
- mov r12, ROUND_KEYS
- mov r6, NROUNDS
-
-.Lnext_round_\@:
-.if \decrypting
-.if \n == 64
- vld1.64 ROUND_KEY_L, [r12]
- sub r12, #8
- vmov ROUND_KEY_H, ROUND_KEY_L
-.else
- vld1.32 {ROUND_KEY_L[],ROUND_KEY_H[]}, [r12]
- sub r12, #4
-.endif
- _speck_unround_128bytes \n
-.else
-.if \n == 64
- vld1.64 ROUND_KEY_L, [r12]!
- vmov ROUND_KEY_H, ROUND_KEY_L
-.else
- vld1.32 {ROUND_KEY_L[],ROUND_KEY_H[]}, [r12]!
-.endif
- _speck_round_128bytes \n
-.endif
- subs r6, r6, #1
- bne .Lnext_round_\@
-
- // Re-interleave the 'x' and 'y' elements of each block
-.if \n == 64
- vswp X0_L, Y0_H
- vswp X1_L, Y1_H
- vswp X2_L, Y2_H
- vswp X3_L, Y3_H
-.else
- vzip.32 Y0, X0
- vzip.32 Y1, X1
- vzip.32 Y2, X2
- vzip.32 Y3, X3
-.endif
-
- // XOR the encrypted/decrypted blocks with the tweaks we saved earlier
- mov r12, sp
- vld1.8 {TMP0, TMP1}, [r12:128]!
- vld1.8 {TMP2, TMP3}, [r12:128]!
- veor X0, TMP0
- veor Y0, TMP1
- veor X1, TMP2
- veor Y1, TMP3
- vld1.8 {TMP0, TMP1}, [r12:128]!
- vld1.8 {TMP2, TMP3}, [r12:128]!
- veor X2, TMP0
- veor Y2, TMP1
- veor X3, TMP2
- veor Y3, TMP3
-
- // Store the ciphertext in the destination buffer
- vst1.8 {X0, Y0}, [DST]!
- vst1.8 {X1, Y1}, [DST]!
- vst1.8 {X2, Y2}, [DST]!
- vst1.8 {X3, Y3}, [DST]!
-
- // Continue if there are more 128-byte chunks remaining, else return
- subs NBYTES, #128
- bne .Lnext_128bytes_\@
-
- // Store the next tweak
-.if \n == 64
- vst1.8 {TWEAKV}, [TWEAK]
-.else
- vst1.8 {TWEAKV_L}, [TWEAK]
-.endif
-
- mov sp, r7
- pop {r4-r7}
- bx lr
-.endm
-
-ENTRY(speck128_xts_encrypt_neon)
- _speck_xts_crypt n=64, decrypting=0
-ENDPROC(speck128_xts_encrypt_neon)
-
-ENTRY(speck128_xts_decrypt_neon)
- _speck_xts_crypt n=64, decrypting=1
-ENDPROC(speck128_xts_decrypt_neon)
-
-ENTRY(speck64_xts_encrypt_neon)
- _speck_xts_crypt n=32, decrypting=0
-ENDPROC(speck64_xts_encrypt_neon)
-
-ENTRY(speck64_xts_decrypt_neon)
- _speck_xts_crypt n=32, decrypting=1
-ENDPROC(speck64_xts_decrypt_neon)
--- a/arch/arm/crypto/speck-neon-glue.c
+++ /dev/null
@@ -1,288 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0
-/*
- * NEON-accelerated implementation of Speck128-XTS and Speck64-XTS
- *
- * Copyright (c) 2018 Google, Inc
- *
- * Note: the NIST recommendation for XTS only specifies a 128-bit block size,
- * but a 64-bit version (needed for Speck64) is fairly straightforward; the math
- * is just done in GF(2^64) instead of GF(2^128), with the reducing polynomial
- * x^64 + x^4 + x^3 + x + 1 from the original XEX paper (Rogaway, 2004:
- * "Efficient Instantiations of Tweakable Blockciphers and Refinements to Modes
- * OCB and PMAC"), represented as 0x1B.
- */
-
-#include <asm/hwcap.h>
-#include <asm/neon.h>
-#include <asm/simd.h>
-#include <crypto/algapi.h>
-#include <crypto/gf128mul.h>
-#include <crypto/internal/skcipher.h>
-#include <crypto/speck.h>
-#include <crypto/xts.h>
-#include <linux/kernel.h>
-#include <linux/module.h>
-
-/* The assembly functions only handle multiples of 128 bytes */
-#define SPECK_NEON_CHUNK_SIZE 128
-
-/* Speck128 */
-
-struct speck128_xts_tfm_ctx {
- struct speck128_tfm_ctx main_key;
- struct speck128_tfm_ctx tweak_key;
-};
-
-asmlinkage void speck128_xts_encrypt_neon(const u64 *round_keys, int nrounds,
- void *dst, const void *src,
- unsigned int nbytes, void *tweak);
-
-asmlinkage void speck128_xts_decrypt_neon(const u64 *round_keys, int nrounds,
- void *dst, const void *src,
- unsigned int nbytes, void *tweak);
-
-typedef void (*speck128_crypt_one_t)(const struct speck128_tfm_ctx *,
- u8 *, const u8 *);
-typedef void (*speck128_xts_crypt_many_t)(const u64 *, int, void *,
- const void *, unsigned int, void *);
-
-static __always_inline int
-__speck128_xts_crypt(struct skcipher_request *req,
- speck128_crypt_one_t crypt_one,
- speck128_xts_crypt_many_t crypt_many)
-{
- struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
- const struct speck128_xts_tfm_ctx *ctx = crypto_skcipher_ctx(tfm);
- struct skcipher_walk walk;
- le128 tweak;
- int err;
-
- err = skcipher_walk_virt(&walk, req, true);
-
- crypto_speck128_encrypt(&ctx->tweak_key, (u8 *)&tweak, walk.iv);
-
- while (walk.nbytes > 0) {
- unsigned int nbytes = walk.nbytes;
- u8 *dst = walk.dst.virt.addr;
- const u8 *src = walk.src.virt.addr;
-
- if (nbytes >= SPECK_NEON_CHUNK_SIZE && may_use_simd()) {
- unsigned int count;
-
- count = round_down(nbytes, SPECK_NEON_CHUNK_SIZE);
- kernel_neon_begin();
- (*crypt_many)(ctx->main_key.round_keys,
- ctx->main_key.nrounds,
- dst, src, count, &tweak);
- kernel_neon_end();
- dst += count;
- src += count;
- nbytes -= count;
- }
-
- /* Handle any remainder with generic code */
- while (nbytes >= sizeof(tweak)) {
- le128_xor((le128 *)dst, (const le128 *)src, &tweak);
- (*crypt_one)(&ctx->main_key, dst, dst);
- le128_xor((le128 *)dst, (const le128 *)dst, &tweak);
- gf128mul_x_ble(&tweak, &tweak);
-
- dst += sizeof(tweak);
- src += sizeof(tweak);
- nbytes -= sizeof(tweak);
- }
- err = skcipher_walk_done(&walk, nbytes);
- }
-
- return err;
-}
-
-static int speck128_xts_encrypt(struct skcipher_request *req)
-{
- return __speck128_xts_crypt(req, crypto_speck128_encrypt,
- speck128_xts_encrypt_neon);
-}
-
-static int speck128_xts_decrypt(struct skcipher_request *req)
-{
- return __speck128_xts_crypt(req, crypto_speck128_decrypt,
- speck128_xts_decrypt_neon);
-}
-
-static int speck128_xts_setkey(struct crypto_skcipher *tfm, const u8 *key,
- unsigned int keylen)
-{
- struct speck128_xts_tfm_ctx *ctx = crypto_skcipher_ctx(tfm);
- int err;
-
- err = xts_verify_key(tfm, key, keylen);
- if (err)
- return err;
-
- keylen /= 2;
-
- err = crypto_speck128_setkey(&ctx->main_key, key, keylen);
- if (err)
- return err;
-
- return crypto_speck128_setkey(&ctx->tweak_key, key + keylen, keylen);
-}
-
-/* Speck64 */
-
-struct speck64_xts_tfm_ctx {
- struct speck64_tfm_ctx main_key;
- struct speck64_tfm_ctx tweak_key;
-};
-
-asmlinkage void speck64_xts_encrypt_neon(const u32 *round_keys, int nrounds,
- void *dst, const void *src,
- unsigned int nbytes, void *tweak);
-
-asmlinkage void speck64_xts_decrypt_neon(const u32 *round_keys, int nrounds,
- void *dst, const void *src,
- unsigned int nbytes, void *tweak);
-
-typedef void (*speck64_crypt_one_t)(const struct speck64_tfm_ctx *,
- u8 *, const u8 *);
-typedef void (*speck64_xts_crypt_many_t)(const u32 *, int, void *,
- const void *, unsigned int, void *);
-
-static __always_inline int
-__speck64_xts_crypt(struct skcipher_request *req, speck64_crypt_one_t crypt_one,
- speck64_xts_crypt_many_t crypt_many)
-{
- struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
- const struct speck64_xts_tfm_ctx *ctx = crypto_skcipher_ctx(tfm);
- struct skcipher_walk walk;
- __le64 tweak;
- int err;
-
- err = skcipher_walk_virt(&walk, req, true);
-
- crypto_speck64_encrypt(&ctx->tweak_key, (u8 *)&tweak, walk.iv);
-
- while (walk.nbytes > 0) {
- unsigned int nbytes = walk.nbytes;
- u8 *dst = walk.dst.virt.addr;
- const u8 *src = walk.src.virt.addr;
-
- if (nbytes >= SPECK_NEON_CHUNK_SIZE && may_use_simd()) {
- unsigned int count;
-
- count = round_down(nbytes, SPECK_NEON_CHUNK_SIZE);
- kernel_neon_begin();
- (*crypt_many)(ctx->main_key.round_keys,
- ctx->main_key.nrounds,
- dst, src, count, &tweak);
- kernel_neon_end();
- dst += count;
- src += count;
- nbytes -= count;
- }
-
- /* Handle any remainder with generic code */
- while (nbytes >= sizeof(tweak)) {
- *(__le64 *)dst = *(__le64 *)src ^ tweak;
- (*crypt_one)(&ctx->main_key, dst, dst);
- *(__le64 *)dst ^= tweak;
- tweak = cpu_to_le64((le64_to_cpu(tweak) << 1) ^
- ((tweak & cpu_to_le64(1ULL << 63)) ?
- 0x1B : 0));
- dst += sizeof(tweak);
- src += sizeof(tweak);
- nbytes -= sizeof(tweak);
- }
- err = skcipher_walk_done(&walk, nbytes);
- }
-
- return err;
-}
-
-static int speck64_xts_encrypt(struct skcipher_request *req)
-{
- return __speck64_xts_crypt(req, crypto_speck64_encrypt,
- speck64_xts_encrypt_neon);
-}
-
-static int speck64_xts_decrypt(struct skcipher_request *req)
-{
- return __speck64_xts_crypt(req, crypto_speck64_decrypt,
- speck64_xts_decrypt_neon);
-}
-
-static int speck64_xts_setkey(struct crypto_skcipher *tfm, const u8 *key,
- unsigned int keylen)
-{
- struct speck64_xts_tfm_ctx *ctx = crypto_skcipher_ctx(tfm);
- int err;
-
- err = xts_verify_key(tfm, key, keylen);
- if (err)
- return err;
-
- keylen /= 2;
-
- err = crypto_speck64_setkey(&ctx->main_key, key, keylen);
- if (err)
- return err;
-
- return crypto_speck64_setkey(&ctx->tweak_key, key + keylen, keylen);
-}
-
-static struct skcipher_alg speck_algs[] = {
- {
- .base.cra_name = "xts(speck128)",
- .base.cra_driver_name = "xts-speck128-neon",
- .base.cra_priority = 300,
- .base.cra_blocksize = SPECK128_BLOCK_SIZE,
- .base.cra_ctxsize = sizeof(struct speck128_xts_tfm_ctx),
- .base.cra_alignmask = 7,
- .base.cra_module = THIS_MODULE,
- .min_keysize = 2 * SPECK128_128_KEY_SIZE,
- .max_keysize = 2 * SPECK128_256_KEY_SIZE,
- .ivsize = SPECK128_BLOCK_SIZE,
- .walksize = SPECK_NEON_CHUNK_SIZE,
- .setkey = speck128_xts_setkey,
- .encrypt = speck128_xts_encrypt,
- .decrypt = speck128_xts_decrypt,
- }, {
- .base.cra_name = "xts(speck64)",
- .base.cra_driver_name = "xts-speck64-neon",
- .base.cra_priority = 300,
- .base.cra_blocksize = SPECK64_BLOCK_SIZE,
- .base.cra_ctxsize = sizeof(struct speck64_xts_tfm_ctx),
- .base.cra_alignmask = 7,
- .base.cra_module = THIS_MODULE,
- .min_keysize = 2 * SPECK64_96_KEY_SIZE,
- .max_keysize = 2 * SPECK64_128_KEY_SIZE,
- .ivsize = SPECK64_BLOCK_SIZE,
- .walksize = SPECK_NEON_CHUNK_SIZE,
- .setkey = speck64_xts_setkey,
- .encrypt = speck64_xts_encrypt,
- .decrypt = speck64_xts_decrypt,
- }
-};
-
-static int __init speck_neon_module_init(void)
-{
- if (!(elf_hwcap & HWCAP_NEON))
- return -ENODEV;
- return crypto_register_skciphers(speck_algs, ARRAY_SIZE(speck_algs));
-}
-
-static void __exit speck_neon_module_exit(void)
-{
- crypto_unregister_skciphers(speck_algs, ARRAY_SIZE(speck_algs));
-}
-
-module_init(speck_neon_module_init);
-module_exit(speck_neon_module_exit);
-
-MODULE_DESCRIPTION("Speck block cipher (NEON-accelerated)");
-MODULE_LICENSE("GPL");
-MODULE_AUTHOR("Eric Biggers <ebiggers@google.com>");
-MODULE_ALIAS_CRYPTO("xts(speck128)");
-MODULE_ALIAS_CRYPTO("xts-speck128-neon");
-MODULE_ALIAS_CRYPTO("xts(speck64)");
-MODULE_ALIAS_CRYPTO("xts-speck64-neon");
--- a/arch/arm64/crypto/Kconfig
+++ b/arch/arm64/crypto/Kconfig
@@ -119,10 +119,4 @@ config CRYPTO_AES_ARM64_BS
select CRYPTO_AES_ARM64
select CRYPTO_SIMD
-config CRYPTO_SPECK_NEON
- tristate "NEON accelerated Speck cipher algorithms"
- depends on KERNEL_MODE_NEON
- select CRYPTO_BLKCIPHER
- select CRYPTO_SPECK
-
endif
--- a/arch/arm64/crypto/Makefile
+++ b/arch/arm64/crypto/Makefile
@@ -56,9 +56,6 @@ sha512-arm64-y := sha512-glue.o sha512-c
obj-$(CONFIG_CRYPTO_CHACHA20_NEON) += chacha20-neon.o
chacha20-neon-y := chacha20-neon-core.o chacha20-neon-glue.o
-obj-$(CONFIG_CRYPTO_SPECK_NEON) += speck-neon.o
-speck-neon-y := speck-neon-core.o speck-neon-glue.o
-
obj-$(CONFIG_CRYPTO_AES_ARM64) += aes-arm64.o
aes-arm64-y := aes-cipher-core.o aes-cipher-glue.o
--- a/arch/arm64/crypto/speck-neon-core.S
+++ /dev/null
@@ -1,352 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0
-/*
- * ARM64 NEON-accelerated implementation of Speck128-XTS and Speck64-XTS
- *
- * Copyright (c) 2018 Google, Inc
- *
- * Author: Eric Biggers <ebiggers@google.com>
- */
-
-#include <linux/linkage.h>
-
- .text
-
- // arguments
- ROUND_KEYS .req x0 // const {u64,u32} *round_keys
- NROUNDS .req w1 // int nrounds
- NROUNDS_X .req x1
- DST .req x2 // void *dst
- SRC .req x3 // const void *src
- NBYTES .req w4 // unsigned int nbytes
- TWEAK .req x5 // void *tweak
-
- // registers which hold the data being encrypted/decrypted
- // (underscores avoid a naming collision with ARM64 registers x0-x3)
- X_0 .req v0
- Y_0 .req v1
- X_1 .req v2
- Y_1 .req v3
- X_2 .req v4
- Y_2 .req v5
- X_3 .req v6
- Y_3 .req v7
-
- // the round key, duplicated in all lanes
- ROUND_KEY .req v8
-
- // index vector for tbl-based 8-bit rotates
- ROTATE_TABLE .req v9
- ROTATE_TABLE_Q .req q9
-
- // temporary registers
- TMP0 .req v10
- TMP1 .req v11
- TMP2 .req v12
- TMP3 .req v13
-
- // multiplication table for updating XTS tweaks
- GFMUL_TABLE .req v14
- GFMUL_TABLE_Q .req q14
-
- // next XTS tweak value(s)
- TWEAKV_NEXT .req v15
-
- // XTS tweaks for the blocks currently being encrypted/decrypted
- TWEAKV0 .req v16
- TWEAKV1 .req v17
- TWEAKV2 .req v18
- TWEAKV3 .req v19
- TWEAKV4 .req v20
- TWEAKV5 .req v21
- TWEAKV6 .req v22
- TWEAKV7 .req v23
-
- .align 4
-.Lror64_8_table:
- .octa 0x080f0e0d0c0b0a090007060504030201
-.Lror32_8_table:
- .octa 0x0c0f0e0d080b0a090407060500030201
-.Lrol64_8_table:
- .octa 0x0e0d0c0b0a09080f0605040302010007
-.Lrol32_8_table:
- .octa 0x0e0d0c0f0a09080b0605040702010003
-.Lgf128mul_table:
- .octa 0x00000000000000870000000000000001
-.Lgf64mul_table:
- .octa 0x0000000000000000000000002d361b00
-
-/*
- * _speck_round_128bytes() - Speck encryption round on 128 bytes at a time
- *
- * Do one Speck encryption round on the 128 bytes (8 blocks for Speck128, 16 for
- * Speck64) stored in X0-X3 and Y0-Y3, using the round key stored in all lanes
- * of ROUND_KEY. 'n' is the lane size: 64 for Speck128, or 32 for Speck64.
- * 'lanes' is the lane specifier: "2d" for Speck128 or "4s" for Speck64.
- */
-.macro _speck_round_128bytes n, lanes
-
- // x = ror(x, 8)
- tbl X_0.16b, {X_0.16b}, ROTATE_TABLE.16b
- tbl X_1.16b, {X_1.16b}, ROTATE_TABLE.16b
- tbl X_2.16b, {X_2.16b}, ROTATE_TABLE.16b
- tbl X_3.16b, {X_3.16b}, ROTATE_TABLE.16b
-
- // x += y
- add X_0.\lanes, X_0.\lanes, Y_0.\lanes
- add X_1.\lanes, X_1.\lanes, Y_1.\lanes
- add X_2.\lanes, X_2.\lanes, Y_2.\lanes
- add X_3.\lanes, X_3.\lanes, Y_3.\lanes
-
- // x ^= k
- eor X_0.16b, X_0.16b, ROUND_KEY.16b
- eor X_1.16b, X_1.16b, ROUND_KEY.16b
- eor X_2.16b, X_2.16b, ROUND_KEY.16b
- eor X_3.16b, X_3.16b, ROUND_KEY.16b
-
- // y = rol(y, 3)
- shl TMP0.\lanes, Y_0.\lanes, #3
- shl TMP1.\lanes, Y_1.\lanes, #3
- shl TMP2.\lanes, Y_2.\lanes, #3
- shl TMP3.\lanes, Y_3.\lanes, #3
- sri TMP0.\lanes, Y_0.\lanes, #(\n - 3)
- sri TMP1.\lanes, Y_1.\lanes, #(\n - 3)
- sri TMP2.\lanes, Y_2.\lanes, #(\n - 3)
- sri TMP3.\lanes, Y_3.\lanes, #(\n - 3)
-
- // y ^= x
- eor Y_0.16b, TMP0.16b, X_0.16b
- eor Y_1.16b, TMP1.16b, X_1.16b
- eor Y_2.16b, TMP2.16b, X_2.16b
- eor Y_3.16b, TMP3.16b, X_3.16b
-.endm
-
-/*
- * _speck_unround_128bytes() - Speck decryption round on 128 bytes at a time
- *
- * This is the inverse of _speck_round_128bytes().
- */
-.macro _speck_unround_128bytes n, lanes
-
- // y ^= x
- eor TMP0.16b, Y_0.16b, X_0.16b
- eor TMP1.16b, Y_1.16b, X_1.16b
- eor TMP2.16b, Y_2.16b, X_2.16b
- eor TMP3.16b, Y_3.16b, X_3.16b
-
- // y = ror(y, 3)
- ushr Y_0.\lanes, TMP0.\lanes, #3
- ushr Y_1.\lanes, TMP1.\lanes, #3
- ushr Y_2.\lanes, TMP2.\lanes, #3
- ushr Y_3.\lanes, TMP3.\lanes, #3
- sli Y_0.\lanes, TMP0.\lanes, #(\n - 3)
- sli Y_1.\lanes, TMP1.\lanes, #(\n - 3)
- sli Y_2.\lanes, TMP2.\lanes, #(\n - 3)
- sli Y_3.\lanes, TMP3.\lanes, #(\n - 3)
-
- // x ^= k
- eor X_0.16b, X_0.16b, ROUND_KEY.16b
- eor X_1.16b, X_1.16b, ROUND_KEY.16b
- eor X_2.16b, X_2.16b, ROUND_KEY.16b
- eor X_3.16b, X_3.16b, ROUND_KEY.16b
-
- // x -= y
- sub X_0.\lanes, X_0.\lanes, Y_0.\lanes
- sub X_1.\lanes, X_1.\lanes, Y_1.\lanes
- sub X_2.\lanes, X_2.\lanes, Y_2.\lanes
- sub X_3.\lanes, X_3.\lanes, Y_3.\lanes
-
- // x = rol(x, 8)
- tbl X_0.16b, {X_0.16b}, ROTATE_TABLE.16b
- tbl X_1.16b, {X_1.16b}, ROTATE_TABLE.16b
- tbl X_2.16b, {X_2.16b}, ROTATE_TABLE.16b
- tbl X_3.16b, {X_3.16b}, ROTATE_TABLE.16b
-.endm
-
-.macro _next_xts_tweak next, cur, tmp, n
-.if \n == 64
- /*
- * Calculate the next tweak by multiplying the current one by x,
- * modulo p(x) = x^128 + x^7 + x^2 + x + 1.
- */
- sshr \tmp\().2d, \cur\().2d, #63
- and \tmp\().16b, \tmp\().16b, GFMUL_TABLE.16b
- shl \next\().2d, \cur\().2d, #1
- ext \tmp\().16b, \tmp\().16b, \tmp\().16b, #8
- eor \next\().16b, \next\().16b, \tmp\().16b
-.else
- /*
- * Calculate the next two tweaks by multiplying the current ones by x^2,
- * modulo p(x) = x^64 + x^4 + x^3 + x + 1.
- */
- ushr \tmp\().2d, \cur\().2d, #62
- shl \next\().2d, \cur\().2d, #2
- tbl \tmp\().16b, {GFMUL_TABLE.16b}, \tmp\().16b
- eor \next\().16b, \next\().16b, \tmp\().16b
-.endif
-.endm
-
-/*
- * _speck_xts_crypt() - Speck-XTS encryption/decryption
- *
- * Encrypt or decrypt NBYTES bytes of data from the SRC buffer to the DST buffer
- * using Speck-XTS, specifically the variant with a block size of '2n' and round
- * count given by NROUNDS. The expanded round keys are given in ROUND_KEYS, and
- * the current XTS tweak value is given in TWEAK. It's assumed that NBYTES is a
- * nonzero multiple of 128.
- */
-.macro _speck_xts_crypt n, lanes, decrypting
-
- /*
- * If decrypting, modify the ROUND_KEYS parameter to point to the last
- * round key rather than the first, since for decryption the round keys
- * are used in reverse order.
- */
-.if \decrypting
- mov NROUNDS, NROUNDS /* zero the high 32 bits */
-.if \n == 64
- add ROUND_KEYS, ROUND_KEYS, NROUNDS_X, lsl #3
- sub ROUND_KEYS, ROUND_KEYS, #8
-.else
- add ROUND_KEYS, ROUND_KEYS, NROUNDS_X, lsl #2
- sub ROUND_KEYS, ROUND_KEYS, #4
-.endif
-.endif
-
- // Load the index vector for tbl-based 8-bit rotates
-.if \decrypting
- ldr ROTATE_TABLE_Q, .Lrol\n\()_8_table
-.else
- ldr ROTATE_TABLE_Q, .Lror\n\()_8_table
-.endif
-
- // One-time XTS preparation
-.if \n == 64
- // Load first tweak
- ld1 {TWEAKV0.16b}, [TWEAK]
-
- // Load GF(2^128) multiplication table
- ldr GFMUL_TABLE_Q, .Lgf128mul_table
-.else
- // Load first tweak
- ld1 {TWEAKV0.8b}, [TWEAK]
-
- // Load GF(2^64) multiplication table
- ldr GFMUL_TABLE_Q, .Lgf64mul_table
-
- // Calculate second tweak, packing it together with the first
- ushr TMP0.2d, TWEAKV0.2d, #63
- shl TMP1.2d, TWEAKV0.2d, #1
- tbl TMP0.8b, {GFMUL_TABLE.16b}, TMP0.8b
- eor TMP0.8b, TMP0.8b, TMP1.8b
- mov TWEAKV0.d[1], TMP0.d[0]
-.endif
-
-.Lnext_128bytes_\@:
-
- // Calculate XTS tweaks for next 128 bytes
- _next_xts_tweak TWEAKV1, TWEAKV0, TMP0, \n
- _next_xts_tweak TWEAKV2, TWEAKV1, TMP0, \n
- _next_xts_tweak TWEAKV3, TWEAKV2, TMP0, \n
- _next_xts_tweak TWEAKV4, TWEAKV3, TMP0, \n
- _next_xts_tweak TWEAKV5, TWEAKV4, TMP0, \n
- _next_xts_tweak TWEAKV6, TWEAKV5, TMP0, \n
- _next_xts_tweak TWEAKV7, TWEAKV6, TMP0, \n
- _next_xts_tweak TWEAKV_NEXT, TWEAKV7, TMP0, \n
-
- // Load the next source blocks into {X,Y}[0-3]
- ld1 {X_0.16b-Y_1.16b}, [SRC], #64
- ld1 {X_2.16b-Y_3.16b}, [SRC], #64
-
- // XOR the source blocks with their XTS tweaks
- eor TMP0.16b, X_0.16b, TWEAKV0.16b
- eor Y_0.16b, Y_0.16b, TWEAKV1.16b
- eor TMP1.16b, X_1.16b, TWEAKV2.16b
- eor Y_1.16b, Y_1.16b, TWEAKV3.16b
- eor TMP2.16b, X_2.16b, TWEAKV4.16b
- eor Y_2.16b, Y_2.16b, TWEAKV5.16b
- eor TMP3.16b, X_3.16b, TWEAKV6.16b
- eor Y_3.16b, Y_3.16b, TWEAKV7.16b
-
- /*
- * De-interleave the 'x' and 'y' elements of each block, i.e. make it so
- * that the X[0-3] registers contain only the second halves of blocks,
- * and the Y[0-3] registers contain only the first halves of blocks.
- * (Speck uses the order (y, x) rather than the more intuitive (x, y).)
- */
- uzp2 X_0.\lanes, TMP0.\lanes, Y_0.\lanes
- uzp1 Y_0.\lanes, TMP0.\lanes, Y_0.\lanes
- uzp2 X_1.\lanes, TMP1.\lanes, Y_1.\lanes
- uzp1 Y_1.\lanes, TMP1.\lanes, Y_1.\lanes
- uzp2 X_2.\lanes, TMP2.\lanes, Y_2.\lanes
- uzp1 Y_2.\lanes, TMP2.\lanes, Y_2.\lanes
- uzp2 X_3.\lanes, TMP3.\lanes, Y_3.\lanes
- uzp1 Y_3.\lanes, TMP3.\lanes, Y_3.\lanes
-
- // Do the cipher rounds
- mov x6, ROUND_KEYS
- mov w7, NROUNDS
-.Lnext_round_\@:
-.if \decrypting
- ld1r {ROUND_KEY.\lanes}, [x6]
- sub x6, x6, #( \n / 8 )
- _speck_unround_128bytes \n, \lanes
-.else
- ld1r {ROUND_KEY.\lanes}, [x6], #( \n / 8 )
- _speck_round_128bytes \n, \lanes
-.endif
- subs w7, w7, #1
- bne .Lnext_round_\@
-
- // Re-interleave the 'x' and 'y' elements of each block
- zip1 TMP0.\lanes, Y_0.\lanes, X_0.\lanes
- zip2 Y_0.\lanes, Y_0.\lanes, X_0.\lanes
- zip1 TMP1.\lanes, Y_1.\lanes, X_1.\lanes
- zip2 Y_1.\lanes, Y_1.\lanes, X_1.\lanes
- zip1 TMP2.\lanes, Y_2.\lanes, X_2.\lanes
- zip2 Y_2.\lanes, Y_2.\lanes, X_2.\lanes
- zip1 TMP3.\lanes, Y_3.\lanes, X_3.\lanes
- zip2 Y_3.\lanes, Y_3.\lanes, X_3.\lanes
-
- // XOR the encrypted/decrypted blocks with the tweaks calculated earlier
- eor X_0.16b, TMP0.16b, TWEAKV0.16b
- eor Y_0.16b, Y_0.16b, TWEAKV1.16b
- eor X_1.16b, TMP1.16b, TWEAKV2.16b
- eor Y_1.16b, Y_1.16b, TWEAKV3.16b
- eor X_2.16b, TMP2.16b, TWEAKV4.16b
- eor Y_2.16b, Y_2.16b, TWEAKV5.16b
- eor X_3.16b, TMP3.16b, TWEAKV6.16b
- eor Y_3.16b, Y_3.16b, TWEAKV7.16b
- mov TWEAKV0.16b, TWEAKV_NEXT.16b
-
- // Store the ciphertext in the destination buffer
- st1 {X_0.16b-Y_1.16b}, [DST], #64
- st1 {X_2.16b-Y_3.16b}, [DST], #64
-
- // Continue if there are more 128-byte chunks remaining
- subs NBYTES, NBYTES, #128
- bne .Lnext_128bytes_\@
-
- // Store the next tweak and return
-.if \n == 64
- st1 {TWEAKV_NEXT.16b}, [TWEAK]
-.else
- st1 {TWEAKV_NEXT.8b}, [TWEAK]
-.endif
- ret
-.endm
-
-ENTRY(speck128_xts_encrypt_neon)
- _speck_xts_crypt n=64, lanes=2d, decrypting=0
-ENDPROC(speck128_xts_encrypt_neon)
-
-ENTRY(speck128_xts_decrypt_neon)
- _speck_xts_crypt n=64, lanes=2d, decrypting=1
-ENDPROC(speck128_xts_decrypt_neon)
-
-ENTRY(speck64_xts_encrypt_neon)
- _speck_xts_crypt n=32, lanes=4s, decrypting=0
-ENDPROC(speck64_xts_encrypt_neon)
-
-ENTRY(speck64_xts_decrypt_neon)
- _speck_xts_crypt n=32, lanes=4s, decrypting=1
-ENDPROC(speck64_xts_decrypt_neon)
--- a/arch/arm64/crypto/speck-neon-glue.c
+++ /dev/null
@@ -1,282 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0
-/*
- * NEON-accelerated implementation of Speck128-XTS and Speck64-XTS
- * (64-bit version; based on the 32-bit version)
- *
- * Copyright (c) 2018 Google, Inc
- */
-
-#include <asm/hwcap.h>
-#include <asm/neon.h>
-#include <asm/simd.h>
-#include <crypto/algapi.h>
-#include <crypto/gf128mul.h>
-#include <crypto/internal/skcipher.h>
-#include <crypto/speck.h>
-#include <crypto/xts.h>
-#include <linux/kernel.h>
-#include <linux/module.h>
-
-/* The assembly functions only handle multiples of 128 bytes */
-#define SPECK_NEON_CHUNK_SIZE 128
-
-/* Speck128 */
-
-struct speck128_xts_tfm_ctx {
- struct speck128_tfm_ctx main_key;
- struct speck128_tfm_ctx tweak_key;
-};
-
-asmlinkage void speck128_xts_encrypt_neon(const u64 *round_keys, int nrounds,
- void *dst, const void *src,
- unsigned int nbytes, void *tweak);
-
-asmlinkage void speck128_xts_decrypt_neon(const u64 *round_keys, int nrounds,
- void *dst, const void *src,
- unsigned int nbytes, void *tweak);
-
-typedef void (*speck128_crypt_one_t)(const struct speck128_tfm_ctx *,
- u8 *, const u8 *);
-typedef void (*speck128_xts_crypt_many_t)(const u64 *, int, void *,
- const void *, unsigned int, void *);
-
-static __always_inline int
-__speck128_xts_crypt(struct skcipher_request *req,
- speck128_crypt_one_t crypt_one,
- speck128_xts_crypt_many_t crypt_many)
-{
- struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
- const struct speck128_xts_tfm_ctx *ctx = crypto_skcipher_ctx(tfm);
- struct skcipher_walk walk;
- le128 tweak;
- int err;
-
- err = skcipher_walk_virt(&walk, req, true);
-
- crypto_speck128_encrypt(&ctx->tweak_key, (u8 *)&tweak, walk.iv);
-
- while (walk.nbytes > 0) {
- unsigned int nbytes = walk.nbytes;
- u8 *dst = walk.dst.virt.addr;
- const u8 *src = walk.src.virt.addr;
-
- if (nbytes >= SPECK_NEON_CHUNK_SIZE && may_use_simd()) {
- unsigned int count;
-
- count = round_down(nbytes, SPECK_NEON_CHUNK_SIZE);
- kernel_neon_begin();
- (*crypt_many)(ctx->main_key.round_keys,
- ctx->main_key.nrounds,
- dst, src, count, &tweak);
- kernel_neon_end();
- dst += count;
- src += count;
- nbytes -= count;
- }
-
- /* Handle any remainder with generic code */
- while (nbytes >= sizeof(tweak)) {
- le128_xor((le128 *)dst, (const le128 *)src, &tweak);
- (*crypt_one)(&ctx->main_key, dst, dst);
- le128_xor((le128 *)dst, (const le128 *)dst, &tweak);
- gf128mul_x_ble(&tweak, &tweak);
-
- dst += sizeof(tweak);
- src += sizeof(tweak);
- nbytes -= sizeof(tweak);
- }
- err = skcipher_walk_done(&walk, nbytes);
- }
-
- return err;
-}
-
-static int speck128_xts_encrypt(struct skcipher_request *req)
-{
- return __speck128_xts_crypt(req, crypto_speck128_encrypt,
- speck128_xts_encrypt_neon);
-}
-
-static int speck128_xts_decrypt(struct skcipher_request *req)
-{
- return __speck128_xts_crypt(req, crypto_speck128_decrypt,
- speck128_xts_decrypt_neon);
-}
-
-static int speck128_xts_setkey(struct crypto_skcipher *tfm, const u8 *key,
- unsigned int keylen)
-{
- struct speck128_xts_tfm_ctx *ctx = crypto_skcipher_ctx(tfm);
- int err;
-
- err = xts_verify_key(tfm, key, keylen);
- if (err)
- return err;
-
- keylen /= 2;
-
- err = crypto_speck128_setkey(&ctx->main_key, key, keylen);
- if (err)
- return err;
-
- return crypto_speck128_setkey(&ctx->tweak_key, key + keylen, keylen);
-}
-
-/* Speck64 */
-
-struct speck64_xts_tfm_ctx {
- struct speck64_tfm_ctx main_key;
- struct speck64_tfm_ctx tweak_key;
-};
-
-asmlinkage void speck64_xts_encrypt_neon(const u32 *round_keys, int nrounds,
- void *dst, const void *src,
- unsigned int nbytes, void *tweak);
-
-asmlinkage void speck64_xts_decrypt_neon(const u32 *round_keys, int nrounds,
- void *dst, const void *src,
- unsigned int nbytes, void *tweak);
-
-typedef void (*speck64_crypt_one_t)(const struct speck64_tfm_ctx *,
- u8 *, const u8 *);
-typedef void (*speck64_xts_crypt_many_t)(const u32 *, int, void *,
- const void *, unsigned int, void *);
-
-static __always_inline int
-__speck64_xts_crypt(struct skcipher_request *req, speck64_crypt_one_t crypt_one,
- speck64_xts_crypt_many_t crypt_many)
-{
- struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
- const struct speck64_xts_tfm_ctx *ctx = crypto_skcipher_ctx(tfm);
- struct skcipher_walk walk;
- __le64 tweak;
- int err;
-
- err = skcipher_walk_virt(&walk, req, true);
-
- crypto_speck64_encrypt(&ctx->tweak_key, (u8 *)&tweak, walk.iv);
-
- while (walk.nbytes > 0) {
- unsigned int nbytes = walk.nbytes;
- u8 *dst = walk.dst.virt.addr;
- const u8 *src = walk.src.virt.addr;
-
- if (nbytes >= SPECK_NEON_CHUNK_SIZE && may_use_simd()) {
- unsigned int count;
-
- count = round_down(nbytes, SPECK_NEON_CHUNK_SIZE);
- kernel_neon_begin();
- (*crypt_many)(ctx->main_key.round_keys,
- ctx->main_key.nrounds,
- dst, src, count, &tweak);
- kernel_neon_end();
- dst += count;
- src += count;
- nbytes -= count;
- }
-
- /* Handle any remainder with generic code */
- while (nbytes >= sizeof(tweak)) {
- *(__le64 *)dst = *(__le64 *)src ^ tweak;
- (*crypt_one)(&ctx->main_key, dst, dst);
- *(__le64 *)dst ^= tweak;
- tweak = cpu_to_le64((le64_to_cpu(tweak) << 1) ^
- ((tweak & cpu_to_le64(1ULL << 63)) ?
- 0x1B : 0));
- dst += sizeof(tweak);
- src += sizeof(tweak);
- nbytes -= sizeof(tweak);
- }
- err = skcipher_walk_done(&walk, nbytes);
- }
-
- return err;
-}
-
-static int speck64_xts_encrypt(struct skcipher_request *req)
-{
- return __speck64_xts_crypt(req, crypto_speck64_encrypt,
- speck64_xts_encrypt_neon);
-}
-
-static int speck64_xts_decrypt(struct skcipher_request *req)
-{
- return __speck64_xts_crypt(req, crypto_speck64_decrypt,
- speck64_xts_decrypt_neon);
-}
-
-static int speck64_xts_setkey(struct crypto_skcipher *tfm, const u8 *key,
- unsigned int keylen)
-{
- struct speck64_xts_tfm_ctx *ctx = crypto_skcipher_ctx(tfm);
- int err;
-
- err = xts_verify_key(tfm, key, keylen);
- if (err)
- return err;
-
- keylen /= 2;
-
- err = crypto_speck64_setkey(&ctx->main_key, key, keylen);
- if (err)
- return err;
-
- return crypto_speck64_setkey(&ctx->tweak_key, key + keylen, keylen);
-}
-
-static struct skcipher_alg speck_algs[] = {
- {
- .base.cra_name = "xts(speck128)",
- .base.cra_driver_name = "xts-speck128-neon",
- .base.cra_priority = 300,
- .base.cra_blocksize = SPECK128_BLOCK_SIZE,
- .base.cra_ctxsize = sizeof(struct speck128_xts_tfm_ctx),
- .base.cra_alignmask = 7,
- .base.cra_module = THIS_MODULE,
- .min_keysize = 2 * SPECK128_128_KEY_SIZE,
- .max_keysize = 2 * SPECK128_256_KEY_SIZE,
- .ivsize = SPECK128_BLOCK_SIZE,
- .walksize = SPECK_NEON_CHUNK_SIZE,
- .setkey = speck128_xts_setkey,
- .encrypt = speck128_xts_encrypt,
- .decrypt = speck128_xts_decrypt,
- }, {
- .base.cra_name = "xts(speck64)",
- .base.cra_driver_name = "xts-speck64-neon",
- .base.cra_priority = 300,
- .base.cra_blocksize = SPECK64_BLOCK_SIZE,
- .base.cra_ctxsize = sizeof(struct speck64_xts_tfm_ctx),
- .base.cra_alignmask = 7,
- .base.cra_module = THIS_MODULE,
- .min_keysize = 2 * SPECK64_96_KEY_SIZE,
- .max_keysize = 2 * SPECK64_128_KEY_SIZE,
- .ivsize = SPECK64_BLOCK_SIZE,
- .walksize = SPECK_NEON_CHUNK_SIZE,
- .setkey = speck64_xts_setkey,
- .encrypt = speck64_xts_encrypt,
- .decrypt = speck64_xts_decrypt,
- }
-};
-
-static int __init speck_neon_module_init(void)
-{
- if (!(elf_hwcap & HWCAP_ASIMD))
- return -ENODEV;
- return crypto_register_skciphers(speck_algs, ARRAY_SIZE(speck_algs));
-}
-
-static void __exit speck_neon_module_exit(void)
-{
- crypto_unregister_skciphers(speck_algs, ARRAY_SIZE(speck_algs));
-}
-
-module_init(speck_neon_module_init);
-module_exit(speck_neon_module_exit);
-
-MODULE_DESCRIPTION("Speck block cipher (NEON-accelerated)");
-MODULE_LICENSE("GPL");
-MODULE_AUTHOR("Eric Biggers <ebiggers@google.com>");
-MODULE_ALIAS_CRYPTO("xts(speck128)");
-MODULE_ALIAS_CRYPTO("xts-speck128-neon");
-MODULE_ALIAS_CRYPTO("xts(speck64)");
-MODULE_ALIAS_CRYPTO("xts-speck64-neon");
--- a/arch/m68k/configs/amiga_defconfig
+++ b/arch/m68k/configs/amiga_defconfig
@@ -657,7 +657,6 @@ CONFIG_CRYPTO_SALSA20=m
CONFIG_CRYPTO_SEED=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_SM4=m
-CONFIG_CRYPTO_SPECK=m
CONFIG_CRYPTO_TEA=m
CONFIG_CRYPTO_TWOFISH=m
CONFIG_CRYPTO_LZO=m
--- a/arch/m68k/configs/apollo_defconfig
+++ b/arch/m68k/configs/apollo_defconfig
@@ -614,7 +614,6 @@ CONFIG_CRYPTO_SALSA20=m
CONFIG_CRYPTO_SEED=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_SM4=m
-CONFIG_CRYPTO_SPECK=m
CONFIG_CRYPTO_TEA=m
CONFIG_CRYPTO_TWOFISH=m
CONFIG_CRYPTO_LZO=m
--- a/arch/m68k/configs/atari_defconfig
+++ b/arch/m68k/configs/atari_defconfig
@@ -635,7 +635,6 @@ CONFIG_CRYPTO_SALSA20=m
CONFIG_CRYPTO_SEED=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_SM4=m
-CONFIG_CRYPTO_SPECK=m
CONFIG_CRYPTO_TEA=m
CONFIG_CRYPTO_TWOFISH=m
CONFIG_CRYPTO_LZO=m
--- a/arch/m68k/configs/bvme6000_defconfig
+++ b/arch/m68k/configs/bvme6000_defconfig
@@ -606,7 +606,6 @@ CONFIG_CRYPTO_SALSA20=m
CONFIG_CRYPTO_SEED=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_SM4=m
-CONFIG_CRYPTO_SPECK=m
CONFIG_CRYPTO_TEA=m
CONFIG_CRYPTO_TWOFISH=m
CONFIG_CRYPTO_LZO=m
--- a/arch/m68k/configs/hp300_defconfig
+++ b/arch/m68k/configs/hp300_defconfig
@@ -616,7 +616,6 @@ CONFIG_CRYPTO_SALSA20=m
CONFIG_CRYPTO_SEED=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_SM4=m
-CONFIG_CRYPTO_SPECK=m
CONFIG_CRYPTO_TEA=m
CONFIG_CRYPTO_TWOFISH=m
CONFIG_CRYPTO_LZO=m
--- a/arch/m68k/configs/mac_defconfig
+++ b/arch/m68k/configs/mac_defconfig
@@ -638,7 +638,6 @@ CONFIG_CRYPTO_SALSA20=m
CONFIG_CRYPTO_SEED=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_SM4=m
-CONFIG_CRYPTO_SPECK=m
CONFIG_CRYPTO_TEA=m
CONFIG_CRYPTO_TWOFISH=m
CONFIG_CRYPTO_LZO=m
--- a/arch/m68k/configs/multi_defconfig
+++ b/arch/m68k/configs/multi_defconfig
@@ -720,7 +720,6 @@ CONFIG_CRYPTO_SALSA20=m
CONFIG_CRYPTO_SEED=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_SM4=m
-CONFIG_CRYPTO_SPECK=m
CONFIG_CRYPTO_TEA=m
CONFIG_CRYPTO_TWOFISH=m
CONFIG_CRYPTO_LZO=m
--- a/arch/m68k/configs/mvme147_defconfig
+++ b/arch/m68k/configs/mvme147_defconfig
@@ -606,7 +606,6 @@ CONFIG_CRYPTO_SALSA20=m
CONFIG_CRYPTO_SEED=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_SM4=m
-CONFIG_CRYPTO_SPECK=m
CONFIG_CRYPTO_TEA=m
CONFIG_CRYPTO_TWOFISH=m
CONFIG_CRYPTO_LZO=m
--- a/arch/m68k/configs/mvme16x_defconfig
+++ b/arch/m68k/configs/mvme16x_defconfig
@@ -606,7 +606,6 @@ CONFIG_CRYPTO_SALSA20=m
CONFIG_CRYPTO_SEED=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_SM4=m
-CONFIG_CRYPTO_SPECK=m
CONFIG_CRYPTO_TEA=m
CONFIG_CRYPTO_TWOFISH=m
CONFIG_CRYPTO_LZO=m
--- a/arch/m68k/configs/q40_defconfig
+++ b/arch/m68k/configs/q40_defconfig
@@ -629,7 +629,6 @@ CONFIG_CRYPTO_SALSA20=m
CONFIG_CRYPTO_SEED=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_SM4=m
-CONFIG_CRYPTO_SPECK=m
CONFIG_CRYPTO_TEA=m
CONFIG_CRYPTO_TWOFISH=m
CONFIG_CRYPTO_LZO=m
--- a/arch/m68k/configs/sun3_defconfig
+++ b/arch/m68k/configs/sun3_defconfig
@@ -607,7 +607,6 @@ CONFIG_CRYPTO_SALSA20=m
CONFIG_CRYPTO_SEED=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_SM4=m
-CONFIG_CRYPTO_SPECK=m
CONFIG_CRYPTO_TEA=m
CONFIG_CRYPTO_TWOFISH=m
CONFIG_CRYPTO_LZO=m
--- a/arch/m68k/configs/sun3x_defconfig
+++ b/arch/m68k/configs/sun3x_defconfig
@@ -608,7 +608,6 @@ CONFIG_CRYPTO_SALSA20=m
CONFIG_CRYPTO_SEED=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_SM4=m
-CONFIG_CRYPTO_SPECK=m
CONFIG_CRYPTO_TEA=m
CONFIG_CRYPTO_TWOFISH=m
CONFIG_CRYPTO_LZO=m
--- a/arch/s390/defconfig
+++ b/arch/s390/defconfig
@@ -221,7 +221,6 @@ CONFIG_CRYPTO_SALSA20=m
CONFIG_CRYPTO_SEED=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_SM4=m
-CONFIG_CRYPTO_SPECK=m
CONFIG_CRYPTO_TEA=m
CONFIG_CRYPTO_TWOFISH=m
CONFIG_CRYPTO_DEFLATE=m
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -1590,20 +1590,6 @@ config CRYPTO_SM4
If unsure, say N.
-config CRYPTO_SPECK
- tristate "Speck cipher algorithm"
- select CRYPTO_ALGAPI
- help
- Speck is a lightweight block cipher that is tuned for optimal
- performance in software (rather than hardware).
-
- Speck may not be as secure as AES, and should only be used on systems
- where AES is not fast enough.
-
- See also: <https://eprint.iacr.org/2013/404.pdf>
-
- If unsure, say N.
-
config CRYPTO_TEA
tristate "TEA, XTEA and XETA cipher algorithms"
select CRYPTO_ALGAPI
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -115,7 +115,6 @@ obj-$(CONFIG_CRYPTO_TEA) += tea.o
obj-$(CONFIG_CRYPTO_KHAZAD) += khazad.o
obj-$(CONFIG_CRYPTO_ANUBIS) += anubis.o
obj-$(CONFIG_CRYPTO_SEED) += seed.o
-obj-$(CONFIG_CRYPTO_SPECK) += speck.o
obj-$(CONFIG_CRYPTO_SALSA20) += salsa20_generic.o
obj-$(CONFIG_CRYPTO_CHACHA20) += chacha20_generic.o
obj-$(CONFIG_CRYPTO_POLY1305) += poly1305_generic.o
--- a/crypto/speck.c
+++ /dev/null
@@ -1,307 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0
-/*
- * Speck: a lightweight block cipher
- *
- * Copyright (c) 2018 Google, Inc
- *
- * Speck has 10 variants, including 5 block sizes. For now we only implement
- * the variants Speck128/128, Speck128/192, Speck128/256, Speck64/96, and
- * Speck64/128. Speck${B}/${K} denotes the variant with a block size of B bits
- * and a key size of K bits. The Speck128 variants are believed to be the most
- * secure variants, and they use the same block size and key sizes as AES. The
- * Speck64 variants are less secure, but on 32-bit processors are usually
- * faster. The remaining variants (Speck32, Speck48, and Speck96) are even less
- * secure and/or not as well suited for implementation on either 32-bit or
- * 64-bit processors, so are omitted.
- *
- * Reference: "The Simon and Speck Families of Lightweight Block Ciphers"
- * https://eprint.iacr.org/2013/404.pdf
- *
- * In a correspondence, the Speck designers have also clarified that the words
- * should be interpreted in little-endian format, and the words should be
- * ordered such that the first word of each block is 'y' rather than 'x', and
- * the first key word (rather than the last) becomes the first round key.
- */
-
-#include <asm/unaligned.h>
-#include <crypto/speck.h>
-#include <linux/bitops.h>
-#include <linux/crypto.h>
-#include <linux/init.h>
-#include <linux/module.h>
-
-/* Speck128 */
-
-static __always_inline void speck128_round(u64 *x, u64 *y, u64 k)
-{
- *x = ror64(*x, 8);
- *x += *y;
- *x ^= k;
- *y = rol64(*y, 3);
- *y ^= *x;
-}
-
-static __always_inline void speck128_unround(u64 *x, u64 *y, u64 k)
-{
- *y ^= *x;
- *y = ror64(*y, 3);
- *x ^= k;
- *x -= *y;
- *x = rol64(*x, 8);
-}
-
-void crypto_speck128_encrypt(const struct speck128_tfm_ctx *ctx,
- u8 *out, const u8 *in)
-{
- u64 y = get_unaligned_le64(in);
- u64 x = get_unaligned_le64(in + 8);
- int i;
-
- for (i = 0; i < ctx->nrounds; i++)
- speck128_round(&x, &y, ctx->round_keys[i]);
-
- put_unaligned_le64(y, out);
- put_unaligned_le64(x, out + 8);
-}
-EXPORT_SYMBOL_GPL(crypto_speck128_encrypt);
-
-static void speck128_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
-{
- crypto_speck128_encrypt(crypto_tfm_ctx(tfm), out, in);
-}
-
-void crypto_speck128_decrypt(const struct speck128_tfm_ctx *ctx,
- u8 *out, const u8 *in)
-{
- u64 y = get_unaligned_le64(in);
- u64 x = get_unaligned_le64(in + 8);
- int i;
-
- for (i = ctx->nrounds - 1; i >= 0; i--)
- speck128_unround(&x, &y, ctx->round_keys[i]);
-
- put_unaligned_le64(y, out);
- put_unaligned_le64(x, out + 8);
-}
-EXPORT_SYMBOL_GPL(crypto_speck128_decrypt);
-
-static void speck128_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
-{
- crypto_speck128_decrypt(crypto_tfm_ctx(tfm), out, in);
-}
-
-int crypto_speck128_setkey(struct speck128_tfm_ctx *ctx, const u8 *key,
- unsigned int keylen)
-{
- u64 l[3];
- u64 k;
- int i;
-
- switch (keylen) {
- case SPECK128_128_KEY_SIZE:
- k = get_unaligned_le64(key);
- l[0] = get_unaligned_le64(key + 8);
- ctx->nrounds = SPECK128_128_NROUNDS;
- for (i = 0; i < ctx->nrounds; i++) {
- ctx->round_keys[i] = k;
- speck128_round(&l[0], &k, i);
- }
- break;
- case SPECK128_192_KEY_SIZE:
- k = get_unaligned_le64(key);
- l[0] = get_unaligned_le64(key + 8);
- l[1] = get_unaligned_le64(key + 16);
- ctx->nrounds = SPECK128_192_NROUNDS;
- for (i = 0; i < ctx->nrounds; i++) {
- ctx->round_keys[i] = k;
- speck128_round(&l[i % 2], &k, i);
- }
- break;
- case SPECK128_256_KEY_SIZE:
- k = get_unaligned_le64(key);
- l[0] = get_unaligned_le64(key + 8);
- l[1] = get_unaligned_le64(key + 16);
- l[2] = get_unaligned_le64(key + 24);
- ctx->nrounds = SPECK128_256_NROUNDS;
- for (i = 0; i < ctx->nrounds; i++) {
- ctx->round_keys[i] = k;
- speck128_round(&l[i % 3], &k, i);
- }
- break;
- default:
- return -EINVAL;
- }
-
- return 0;
-}
-EXPORT_SYMBOL_GPL(crypto_speck128_setkey);
-
-static int speck128_setkey(struct crypto_tfm *tfm, const u8 *key,
- unsigned int keylen)
-{
- return crypto_speck128_setkey(crypto_tfm_ctx(tfm), key, keylen);
-}
-
-/* Speck64 */
-
-static __always_inline void speck64_round(u32 *x, u32 *y, u32 k)
-{
- *x = ror32(*x, 8);
- *x += *y;
- *x ^= k;
- *y = rol32(*y, 3);
- *y ^= *x;
-}
-
-static __always_inline void speck64_unround(u32 *x, u32 *y, u32 k)
-{
- *y ^= *x;
- *y = ror32(*y, 3);
- *x ^= k;
- *x -= *y;
- *x = rol32(*x, 8);
-}
-
-void crypto_speck64_encrypt(const struct speck64_tfm_ctx *ctx,
- u8 *out, const u8 *in)
-{
- u32 y = get_unaligned_le32(in);
- u32 x = get_unaligned_le32(in + 4);
- int i;
-
- for (i = 0; i < ctx->nrounds; i++)
- speck64_round(&x, &y, ctx->round_keys[i]);
-
- put_unaligned_le32(y, out);
- put_unaligned_le32(x, out + 4);
-}
-EXPORT_SYMBOL_GPL(crypto_speck64_encrypt);
-
-static void speck64_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
-{
- crypto_speck64_encrypt(crypto_tfm_ctx(tfm), out, in);
-}
-
-void crypto_speck64_decrypt(const struct speck64_tfm_ctx *ctx,
- u8 *out, const u8 *in)
-{
- u32 y = get_unaligned_le32(in);
- u32 x = get_unaligned_le32(in + 4);
- int i;
-
- for (i = ctx->nrounds - 1; i >= 0; i--)
- speck64_unround(&x, &y, ctx->round_keys[i]);
-
- put_unaligned_le32(y, out);
- put_unaligned_le32(x, out + 4);
-}
-EXPORT_SYMBOL_GPL(crypto_speck64_decrypt);
-
-static void speck64_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
-{
- crypto_speck64_decrypt(crypto_tfm_ctx(tfm), out, in);
-}
-
-int crypto_speck64_setkey(struct speck64_tfm_ctx *ctx, const u8 *key,
- unsigned int keylen)
-{
- u32 l[3];
- u32 k;
- int i;
-
- switch (keylen) {
- case SPECK64_96_KEY_SIZE:
- k = get_unaligned_le32(key);
- l[0] = get_unaligned_le32(key + 4);
- l[1] = get_unaligned_le32(key + 8);
- ctx->nrounds = SPECK64_96_NROUNDS;
- for (i = 0; i < ctx->nrounds; i++) {
- ctx->round_keys[i] = k;
- speck64_round(&l[i % 2], &k, i);
- }
- break;
- case SPECK64_128_KEY_SIZE:
- k = get_unaligned_le32(key);
- l[0] = get_unaligned_le32(key + 4);
- l[1] = get_unaligned_le32(key + 8);
- l[2] = get_unaligned_le32(key + 12);
- ctx->nrounds = SPECK64_128_NROUNDS;
- for (i = 0; i < ctx->nrounds; i++) {
- ctx->round_keys[i] = k;
- speck64_round(&l[i % 3], &k, i);
- }
- break;
- default:
- return -EINVAL;
- }
-
- return 0;
-}
-EXPORT_SYMBOL_GPL(crypto_speck64_setkey);
-
-static int speck64_setkey(struct crypto_tfm *tfm, const u8 *key,
- unsigned int keylen)
-{
- return crypto_speck64_setkey(crypto_tfm_ctx(tfm), key, keylen);
-}
-
-/* Algorithm definitions */
-
-static struct crypto_alg speck_algs[] = {
- {
- .cra_name = "speck128",
- .cra_driver_name = "speck128-generic",
- .cra_priority = 100,
- .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
- .cra_blocksize = SPECK128_BLOCK_SIZE,
- .cra_ctxsize = sizeof(struct speck128_tfm_ctx),
- .cra_module = THIS_MODULE,
- .cra_u = {
- .cipher = {
- .cia_min_keysize = SPECK128_128_KEY_SIZE,
- .cia_max_keysize = SPECK128_256_KEY_SIZE,
- .cia_setkey = speck128_setkey,
- .cia_encrypt = speck128_encrypt,
- .cia_decrypt = speck128_decrypt
- }
- }
- }, {
- .cra_name = "speck64",
- .cra_driver_name = "speck64-generic",
- .cra_priority = 100,
- .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
- .cra_blocksize = SPECK64_BLOCK_SIZE,
- .cra_ctxsize = sizeof(struct speck64_tfm_ctx),
- .cra_module = THIS_MODULE,
- .cra_u = {
- .cipher = {
- .cia_min_keysize = SPECK64_96_KEY_SIZE,
- .cia_max_keysize = SPECK64_128_KEY_SIZE,
- .cia_setkey = speck64_setkey,
- .cia_encrypt = speck64_encrypt,
- .cia_decrypt = speck64_decrypt
- }
- }
- }
-};
-
-static int __init speck_module_init(void)
-{
- return crypto_register_algs(speck_algs, ARRAY_SIZE(speck_algs));
-}
-
-static void __exit speck_module_exit(void)
-{
- crypto_unregister_algs(speck_algs, ARRAY_SIZE(speck_algs));
-}
-
-module_init(speck_module_init);
-module_exit(speck_module_exit);
-
-MODULE_DESCRIPTION("Speck block cipher (generic)");
-MODULE_LICENSE("GPL");
-MODULE_AUTHOR("Eric Biggers <ebiggers@google.com>");
-MODULE_ALIAS_CRYPTO("speck128");
-MODULE_ALIAS_CRYPTO("speck128-generic");
-MODULE_ALIAS_CRYPTO("speck64");
-MODULE_ALIAS_CRYPTO("speck64-generic");
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -3038,18 +3038,6 @@ static const struct alg_test_desc alg_te
.cipher = __VECS(sm4_tv_template)
}
}, {
- .alg = "ecb(speck128)",
- .test = alg_test_skcipher,
- .suite = {
- .cipher = __VECS(speck128_tv_template)
- }
- }, {
- .alg = "ecb(speck64)",
- .test = alg_test_skcipher,
- .suite = {
- .cipher = __VECS(speck64_tv_template)
- }
- }, {
.alg = "ecb(tea)",
.test = alg_test_skcipher,
.suite = {
@@ -3577,18 +3565,6 @@ static const struct alg_test_desc alg_te
.cipher = __VECS(serpent_xts_tv_template)
}
}, {
- .alg = "xts(speck128)",
- .test = alg_test_skcipher,
- .suite = {
- .cipher = __VECS(speck128_xts_tv_template)
- }
- }, {
- .alg = "xts(speck64)",
- .test = alg_test_skcipher,
- .suite = {
- .cipher = __VECS(speck64_xts_tv_template)
- }
- }, {
.alg = "xts(twofish)",
.test = alg_test_skcipher,
.suite = {
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -10198,744 +10198,6 @@ static const struct cipher_testvec sm4_t
}
};
-/*
- * Speck test vectors taken from the original paper:
- * "The Simon and Speck Families of Lightweight Block Ciphers"
- * https://eprint.iacr.org/2013/404.pdf
- *
- * Note that the paper does not make byte and word order clear. But it was
- * confirmed with the authors that the intended orders are little endian byte
- * order and (y, x) word order. Equivalently, the printed test vectors, when
- * looking at only the bytes (ignoring the whitespace that divides them into
- * words), are backwards: the left-most byte is actually the one with the
- * highest memory address, while the right-most byte is actually the one with
- * the lowest memory address.
- */
-
-static const struct cipher_testvec speck128_tv_template[] = {
- { /* Speck128/128 */
- .key = "\x00\x01\x02\x03\x04\x05\x06\x07"
- "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
- .klen = 16,
- .ptext = "\x20\x6d\x61\x64\x65\x20\x69\x74"
- "\x20\x65\x71\x75\x69\x76\x61\x6c",
- .ctext = "\x18\x0d\x57\x5c\xdf\xfe\x60\x78"
- "\x65\x32\x78\x79\x51\x98\x5d\xa6",
- .len = 16,
- }, { /* Speck128/192 */
- .key = "\x00\x01\x02\x03\x04\x05\x06\x07"
- "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
- "\x10\x11\x12\x13\x14\x15\x16\x17",
- .klen = 24,
- .ptext = "\x65\x6e\x74\x20\x74\x6f\x20\x43"
- "\x68\x69\x65\x66\x20\x48\x61\x72",
- .ctext = "\x86\x18\x3c\xe0\x5d\x18\xbc\xf9"
- "\x66\x55\x13\x13\x3a\xcf\xe4\x1b",
- .len = 16,
- }, { /* Speck128/256 */
- .key = "\x00\x01\x02\x03\x04\x05\x06\x07"
- "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
- "\x10\x11\x12\x13\x14\x15\x16\x17"
- "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f",
- .klen = 32,
- .ptext = "\x70\x6f\x6f\x6e\x65\x72\x2e\x20"
- "\x49\x6e\x20\x74\x68\x6f\x73\x65",
- .ctext = "\x43\x8f\x18\x9c\x8d\xb4\xee\x4e"
- "\x3e\xf5\xc0\x05\x04\x01\x09\x41",
- .len = 16,
- },
-};
-
-/*
- * Speck128-XTS test vectors, taken from the AES-XTS test vectors with the
- * ciphertext recomputed with Speck128 as the cipher
- */
-static const struct cipher_testvec speck128_xts_tv_template[] = {
- {
- .key = "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00",
- .klen = 32,
- .iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00",
- .ptext = "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00",
- .ctext = "\xbe\xa0\xe7\x03\xd7\xfe\xab\x62"
- "\x3b\x99\x4a\x64\x74\x77\xac\xed"
- "\xd8\xf4\xa6\xcf\xae\xb9\x07\x42"
- "\x51\xd9\xb6\x1d\xe0\x5e\xbc\x54",
- .len = 32,
- }, {
- .key = "\x11\x11\x11\x11\x11\x11\x11\x11"
- "\x11\x11\x11\x11\x11\x11\x11\x11"
- "\x22\x22\x22\x22\x22\x22\x22\x22"
- "\x22\x22\x22\x22\x22\x22\x22\x22",
- .klen = 32,
- .iv = "\x33\x33\x33\x33\x33\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00",
- .ptext = "\x44\x44\x44\x44\x44\x44\x44\x44"
- "\x44\x44\x44\x44\x44\x44\x44\x44"
- "\x44\x44\x44\x44\x44\x44\x44\x44"
- "\x44\x44\x44\x44\x44\x44\x44\x44",
- .ctext = "\xfb\x53\x81\x75\x6f\x9f\x34\xad"
- "\x7e\x01\xed\x7b\xcc\xda\x4e\x4a"
- "\xd4\x84\xa4\x53\xd5\x88\x73\x1b"
- "\xfd\xcb\xae\x0d\xf3\x04\xee\xe6",
- .len = 32,
- }, {
- .key = "\xff\xfe\xfd\xfc\xfb\xfa\xf9\xf8"
- "\xf7\xf6\xf5\xf4\xf3\xf2\xf1\xf0"
- "\x22\x22\x22\x22\x22\x22\x22\x22"
- "\x22\x22\x22\x22\x22\x22\x22\x22",
- .klen = 32,
- .iv = "\x33\x33\x33\x33\x33\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00",
- .ptext = "\x44\x44\x44\x44\x44\x44\x44\x44"
- "\x44\x44\x44\x44\x44\x44\x44\x44"
- "\x44\x44\x44\x44\x44\x44\x44\x44"
- "\x44\x44\x44\x44\x44\x44\x44\x44",
- .ctext = "\x21\x52\x84\x15\xd1\xf7\x21\x55"
- "\xd9\x75\x4a\xd3\xc5\xdb\x9f\x7d"
- "\xda\x63\xb2\xf1\x82\xb0\x89\x59"
- "\x86\xd4\xaa\xaa\xdd\xff\x4f\x92",
- .len = 32,
- }, {
- .key = "\x27\x18\x28\x18\x28\x45\x90\x45"
- "\x23\x53\x60\x28\x74\x71\x35\x26"
- "\x31\x41\x59\x26\x53\x58\x97\x93"
- "\x23\x84\x62\x64\x33\x83\x27\x95",
- .klen = 32,
- .iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00",
- .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07"
- "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
- "\x10\x11\x12\x13\x14\x15\x16\x17"
- "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
- "\x20\x21\x22\x23\x24\x25\x26\x27"
- "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
- "\x30\x31\x32\x33\x34\x35\x36\x37"
- "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
- "\x40\x41\x42\x43\x44\x45\x46\x47"
- "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
- "\x50\x51\x52\x53\x54\x55\x56\x57"
- "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
- "\x60\x61\x62\x63\x64\x65\x66\x67"
- "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f"
- "\x70\x71\x72\x73\x74\x75\x76\x77"
- "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
- "\x80\x81\x82\x83\x84\x85\x86\x87"
- "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
- "\x90\x91\x92\x93\x94\x95\x96\x97"
- "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
- "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
- "\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
- "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
- "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
- "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
- "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
- "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
- "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
- "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
- "\xe8\xe9\xea\xeb\xec\xed\xee\xef"
- "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
- "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"
- "\x00\x01\x02\x03\x04\x05\x06\x07"
- "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
- "\x10\x11\x12\x13\x14\x15\x16\x17"
- "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
- "\x20\x21\x22\x23\x24\x25\x26\x27"
- "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
- "\x30\x31\x32\x33\x34\x35\x36\x37"
- "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
- "\x40\x41\x42\x43\x44\x45\x46\x47"
- "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
- "\x50\x51\x52\x53\x54\x55\x56\x57"
- "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
- "\x60\x61\x62\x63\x64\x65\x66\x67"
- "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f"
- "\x70\x71\x72\x73\x74\x75\x76\x77"
- "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
- "\x80\x81\x82\x83\x84\x85\x86\x87"
- "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
- "\x90\x91\x92\x93\x94\x95\x96\x97"
- "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
- "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
- "\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
- "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
- "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
- "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
- "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
- "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
- "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
- "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
- "\xe8\xe9\xea\xeb\xec\xed\xee\xef"
- "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
- "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff",
- .ctext = "\x57\xb5\xf8\x71\x6e\x6d\xdd\x82"
- "\x53\xd0\xed\x2d\x30\xc1\x20\xef"
- "\x70\x67\x5e\xff\x09\x70\xbb\xc1"
- "\x3a\x7b\x48\x26\xd9\x0b\xf4\x48"
- "\xbe\xce\xb1\xc7\xb2\x67\xc4\xa7"
- "\x76\xf8\x36\x30\xb7\xb4\x9a\xd9"
- "\xf5\x9d\xd0\x7b\xc1\x06\x96\x44"
- "\x19\xc5\x58\x84\x63\xb9\x12\x68"
- "\x68\xc7\xaa\x18\x98\xf2\x1f\x5c"
- "\x39\xa6\xd8\x32\x2b\xc3\x51\xfd"
- "\x74\x79\x2e\xb4\x44\xd7\x69\xc4"
- "\xfc\x29\xe6\xed\x26\x1e\xa6\x9d"
- "\x1c\xbe\x00\x0e\x7f\x3a\xca\xfb"
- "\x6d\x13\x65\xa0\xf9\x31\x12\xe2"
- "\x26\xd1\xec\x2b\x0a\x8b\x59\x99"
- "\xa7\x49\xa0\x0e\x09\x33\x85\x50"
- "\xc3\x23\xca\x7a\xdd\x13\x45\x5f"
- "\xde\x4c\xa7\xcb\x00\x8a\x66\x6f"
- "\xa2\xb6\xb1\x2e\xe1\xa0\x18\xf6"
- "\xad\xf3\xbd\xeb\xc7\xef\x55\x4f"
- "\x79\x91\x8d\x36\x13\x7b\xd0\x4a"
- "\x6c\x39\xfb\x53\xb8\x6f\x02\x51"
- "\xa5\x20\xac\x24\x1c\x73\x59\x73"
- "\x58\x61\x3a\x87\x58\xb3\x20\x56"
- "\x39\x06\x2b\x4d\xd3\x20\x2b\x89"
- "\x3f\xa2\xf0\x96\xeb\x7f\xa4\xcd"
- "\x11\xae\xbd\xcb\x3a\xb4\xd9\x91"
- "\x09\x35\x71\x50\x65\xac\x92\xe3"
- "\x7b\x32\xc0\x7a\xdd\xd4\xc3\x92"
- "\x6f\xeb\x79\xde\x6f\xd3\x25\xc9"
- "\xcd\x63\xf5\x1e\x7a\x3b\x26\x9d"
- "\x77\x04\x80\xa9\xbf\x38\xb5\xbd"
- "\xb8\x05\x07\xbd\xfd\xab\x7b\xf8"
- "\x2a\x26\xcc\x49\x14\x6d\x55\x01"
- "\x06\x94\xd8\xb2\x2d\x53\x83\x1b"
- "\x8f\xd4\xdd\x57\x12\x7e\x18\xba"
- "\x8e\xe2\x4d\x80\xef\x7e\x6b\x9d"
- "\x24\xa9\x60\xa4\x97\x85\x86\x2a"
- "\x01\x00\x09\xf1\xcb\x4a\x24\x1c"
- "\xd8\xf6\xe6\x5b\xe7\x5d\xf2\xc4"
- "\x97\x1c\x10\xc6\x4d\x66\x4f\x98"
- "\x87\x30\xac\xd5\xea\x73\x49\x10"
- "\x80\xea\xe5\x5f\x4d\x5f\x03\x33"
- "\x66\x02\x35\x3d\x60\x06\x36\x4f"
- "\x14\x1c\xd8\x07\x1f\x78\xd0\xf8"
- "\x4f\x6c\x62\x7c\x15\xa5\x7c\x28"
- "\x7c\xcc\xeb\x1f\xd1\x07\x90\x93"
- "\x7e\xc2\xa8\x3a\x80\xc0\xf5\x30"
- "\xcc\x75\xcf\x16\x26\xa9\x26\x3b"
- "\xe7\x68\x2f\x15\x21\x5b\xe4\x00"
- "\xbd\x48\x50\xcd\x75\x70\xc4\x62"
- "\xbb\x41\xfb\x89\x4a\x88\x3b\x3b"
- "\x51\x66\x02\x69\x04\x97\x36\xd4"
- "\x75\xae\x0b\xa3\x42\xf8\xca\x79"
- "\x8f\x93\xe9\xcc\x38\xbd\xd6\xd2"
- "\xf9\x70\x4e\xc3\x6a\x8e\x25\xbd"
- "\xea\x15\x5a\xa0\x85\x7e\x81\x0d"
- "\x03\xe7\x05\x39\xf5\x05\x26\xee"
- "\xec\xaa\x1f\x3d\xc9\x98\x76\x01"
- "\x2c\xf4\xfc\xa3\x88\x77\x38\xc4"
- "\x50\x65\x50\x6d\x04\x1f\xdf\x5a"
- "\xaa\xf2\x01\xa9\xc1\x8d\xee\xca"
- "\x47\x26\xef\x39\xb8\xb4\xf2\xd1"
- "\xd6\xbb\x1b\x2a\xc1\x34\x14\xcf",
- .len = 512,
- }, {
- .key = "\x27\x18\x28\x18\x28\x45\x90\x45"
- "\x23\x53\x60\x28\x74\x71\x35\x26"
- "\x62\x49\x77\x57\x24\x70\x93\x69"
- "\x99\x59\x57\x49\x66\x96\x76\x27"
- "\x31\x41\x59\x26\x53\x58\x97\x93"
- "\x23\x84\x62\x64\x33\x83\x27\x95"
- "\x02\x88\x41\x97\x16\x93\x99\x37"
- "\x51\x05\x82\x09\x74\x94\x45\x92",
- .klen = 64,
- .iv = "\xff\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00",
- .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07"
- "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
- "\x10\x11\x12\x13\x14\x15\x16\x17"
- "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
- "\x20\x21\x22\x23\x24\x25\x26\x27"
- "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
- "\x30\x31\x32\x33\x34\x35\x36\x37"
- "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
- "\x40\x41\x42\x43\x44\x45\x46\x47"
- "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
- "\x50\x51\x52\x53\x54\x55\x56\x57"
- "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
- "\x60\x61\x62\x63\x64\x65\x66\x67"
- "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f"
- "\x70\x71\x72\x73\x74\x75\x76\x77"
- "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
- "\x80\x81\x82\x83\x84\x85\x86\x87"
- "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
- "\x90\x91\x92\x93\x94\x95\x96\x97"
- "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
- "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
- "\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
- "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
- "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
- "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
- "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
- "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
- "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
- "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
- "\xe8\xe9\xea\xeb\xec\xed\xee\xef"
- "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
- "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"
- "\x00\x01\x02\x03\x04\x05\x06\x07"
- "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
- "\x10\x11\x12\x13\x14\x15\x16\x17"
- "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
- "\x20\x21\x22\x23\x24\x25\x26\x27"
- "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
- "\x30\x31\x32\x33\x34\x35\x36\x37"
- "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
- "\x40\x41\x42\x43\x44\x45\x46\x47"
- "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
- "\x50\x51\x52\x53\x54\x55\x56\x57"
- "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
- "\x60\x61\x62\x63\x64\x65\x66\x67"
- "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f"
- "\x70\x71\x72\x73\x74\x75\x76\x77"
- "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
- "\x80\x81\x82\x83\x84\x85\x86\x87"
- "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
- "\x90\x91\x92\x93\x94\x95\x96\x97"
- "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
- "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
- "\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
- "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
- "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
- "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
- "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
- "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
- "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
- "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
- "\xe8\xe9\xea\xeb\xec\xed\xee\xef"
- "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
- "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff",
- .ctext = "\xc5\x85\x2a\x4b\x73\xe4\xf6\xf1"
- "\x7e\xf9\xf6\xe9\xa3\x73\x36\xcb"
- "\xaa\xb6\x22\xb0\x24\x6e\x3d\x73"
- "\x92\x99\xde\xd3\x76\xed\xcd\x63"
- "\x64\x3a\x22\x57\xc1\x43\x49\xd4"
- "\x79\x36\x31\x19\x62\xae\x10\x7e"
- "\x7d\xcf\x7a\xe2\x6b\xce\x27\xfa"
- "\xdc\x3d\xd9\x83\xd3\x42\x4c\xe0"
- "\x1b\xd6\x1d\x1a\x6f\xd2\x03\x00"
- "\xfc\x81\x99\x8a\x14\x62\xf5\x7e"
- "\x0d\xe7\x12\xe8\x17\x9d\x0b\xec"
- "\xe2\xf7\xc9\xa7\x63\xd1\x79\xb6"
- "\x62\x62\x37\xfe\x0a\x4c\x4a\x37"
- "\x70\xc7\x5e\x96\x5f\xbc\x8e\x9e"
- "\x85\x3c\x4f\x26\x64\x85\xbc\x68"
- "\xb0\xe0\x86\x5e\x26\x41\xce\x11"
- "\x50\xda\x97\x14\xe9\x9e\xc7\x6d"
- "\x3b\xdc\x43\xde\x2b\x27\x69\x7d"
- "\xfc\xb0\x28\xbd\x8f\xb1\xc6\x31"
- "\x14\x4d\xf0\x74\x37\xfd\x07\x25"
- "\x96\x55\xe5\xfc\x9e\x27\x2a\x74"
- "\x1b\x83\x4d\x15\x83\xac\x57\xa0"
- "\xac\xa5\xd0\x38\xef\x19\x56\x53"
- "\x25\x4b\xfc\xce\x04\x23\xe5\x6b"
- "\xf6\xc6\x6c\x32\x0b\xb3\x12\xc5"
- "\xed\x22\x34\x1c\x5d\xed\x17\x06"
- "\x36\xa3\xe6\x77\xb9\x97\x46\xb8"
- "\xe9\x3f\x7e\xc7\xbc\x13\x5c\xdc"
- "\x6e\x3f\x04\x5e\xd1\x59\xa5\x82"
- "\x35\x91\x3d\x1b\xe4\x97\x9f\x92"
- "\x1c\x5e\x5f\x6f\x41\xd4\x62\xa1"
- "\x8d\x39\xfc\x42\xfb\x38\x80\xb9"
- "\x0a\xe3\xcc\x6a\x93\xd9\x7a\xb1"
- "\xe9\x69\xaf\x0a\x6b\x75\x38\xa7"
- "\xa1\xbf\xf7\xda\x95\x93\x4b\x78"
- "\x19\xf5\x94\xf9\xd2\x00\x33\x37"
- "\xcf\xf5\x9e\x9c\xf3\xcc\xa6\xee"
- "\x42\xb2\x9e\x2c\x5f\x48\x23\x26"
- "\x15\x25\x17\x03\x3d\xfe\x2c\xfc"
- "\xeb\xba\xda\xe0\x00\x05\xb6\xa6"
- "\x07\xb3\xe8\x36\x5b\xec\x5b\xbf"
- "\xd6\x5b\x00\x74\xc6\x97\xf1\x6a"
- "\x49\xa1\xc3\xfa\x10\x52\xb9\x14"
- "\xad\xb7\x73\xf8\x78\x12\xc8\x59"
- "\x17\x80\x4c\x57\x39\xf1\x6d\x80"
- "\x25\x77\x0f\x5e\x7d\xf0\xaf\x21"
- "\xec\xce\xb7\xc8\x02\x8a\xed\x53"
- "\x2c\x25\x68\x2e\x1f\x85\x5e\x67"
- "\xd1\x07\x7a\x3a\x89\x08\xe0\x34"
- "\xdc\xdb\x26\xb4\x6b\x77\xfc\x40"
- "\x31\x15\x72\xa0\xf0\x73\xd9\x3b"
- "\xd5\xdb\xfe\xfc\x8f\xa9\x44\xa2"
- "\x09\x9f\xc6\x33\xe5\xe2\x88\xe8"
- "\xf3\xf0\x1a\xf4\xce\x12\x0f\xd6"
- "\xf7\x36\xe6\xa4\xf4\x7a\x10\x58"
- "\xcc\x1f\x48\x49\x65\x47\x75\xe9"
- "\x28\xe1\x65\x7b\xf2\xc4\xb5\x07"
- "\xf2\xec\x76\xd8\x8f\x09\xf3\x16"
- "\xa1\x51\x89\x3b\xeb\x96\x42\xac"
- "\x65\xe0\x67\x63\x29\xdc\xb4\x7d"
- "\xf2\x41\x51\x6a\xcb\xde\x3c\xfb"
- "\x66\x8d\x13\xca\xe0\x59\x2a\x00"
- "\xc9\x53\x4c\xe6\x9e\xe2\x73\xd5"
- "\x67\x19\xb2\xbd\x9a\x63\xd7\x5c",
- .len = 512,
- .also_non_np = 1,
- .np = 3,
- .tap = { 512 - 20, 4, 16 },
- }
-};
-
-static const struct cipher_testvec speck64_tv_template[] = {
- { /* Speck64/96 */
- .key = "\x00\x01\x02\x03\x08\x09\x0a\x0b"
- "\x10\x11\x12\x13",
- .klen = 12,
- .ptext = "\x65\x61\x6e\x73\x20\x46\x61\x74",
- .ctext = "\x6c\x94\x75\x41\xec\x52\x79\x9f",
- .len = 8,
- }, { /* Speck64/128 */
- .key = "\x00\x01\x02\x03\x08\x09\x0a\x0b"
- "\x10\x11\x12\x13\x18\x19\x1a\x1b",
- .klen = 16,
- .ptext = "\x2d\x43\x75\x74\x74\x65\x72\x3b",
- .ctext = "\x8b\x02\x4e\x45\x48\xa5\x6f\x8c",
- .len = 8,
- },
-};
-
-/*
- * Speck64-XTS test vectors, taken from the AES-XTS test vectors with the
- * ciphertext recomputed with Speck64 as the cipher, and key lengths adjusted
- */
-static const struct cipher_testvec speck64_xts_tv_template[] = {
- {
- .key = "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00",
- .klen = 24,
- .iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00",
- .ptext = "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00",
- .ctext = "\x84\xaf\x54\x07\x19\xd4\x7c\xa6"
- "\xe4\xfe\xdf\xc4\x1f\x34\xc3\xc2"
- "\x80\xf5\x72\xe7\xcd\xf0\x99\x22"
- "\x35\xa7\x2f\x06\xef\xdc\x51\xaa",
- .len = 32,
- }, {
- .key = "\x11\x11\x11\x11\x11\x11\x11\x11"
- "\x11\x11\x11\x11\x11\x11\x11\x11"
- "\x22\x22\x22\x22\x22\x22\x22\x22",
- .klen = 24,
- .iv = "\x33\x33\x33\x33\x33\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00",
- .ptext = "\x44\x44\x44\x44\x44\x44\x44\x44"
- "\x44\x44\x44\x44\x44\x44\x44\x44"
- "\x44\x44\x44\x44\x44\x44\x44\x44"
- "\x44\x44\x44\x44\x44\x44\x44\x44",
- .ctext = "\x12\x56\x73\xcd\x15\x87\xa8\x59"
- "\xcf\x84\xae\xd9\x1c\x66\xd6\x9f"
- "\xb3\x12\x69\x7e\x36\xeb\x52\xff"
- "\x62\xdd\xba\x90\xb3\xe1\xee\x99",
- .len = 32,
- }, {
- .key = "\xff\xfe\xfd\xfc\xfb\xfa\xf9\xf8"
- "\xf7\xf6\xf5\xf4\xf3\xf2\xf1\xf0"
- "\x22\x22\x22\x22\x22\x22\x22\x22",
- .klen = 24,
- .iv = "\x33\x33\x33\x33\x33\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00",
- .ptext = "\x44\x44\x44\x44\x44\x44\x44\x44"
- "\x44\x44\x44\x44\x44\x44\x44\x44"
- "\x44\x44\x44\x44\x44\x44\x44\x44"
- "\x44\x44\x44\x44\x44\x44\x44\x44",
- .ctext = "\x15\x1b\xe4\x2c\xa2\x5a\x2d\x2c"
- "\x27\x36\xc0\xbf\x5d\xea\x36\x37"
- "\x2d\x1a\x88\xbc\x66\xb5\xd0\x0b"
- "\xa1\xbc\x19\xb2\x0f\x3b\x75\x34",
- .len = 32,
- }, {
- .key = "\x27\x18\x28\x18\x28\x45\x90\x45"
- "\x23\x53\x60\x28\x74\x71\x35\x26"
- "\x31\x41\x59\x26\x53\x58\x97\x93",
- .klen = 24,
- .iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00",
- .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07"
- "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
- "\x10\x11\x12\x13\x14\x15\x16\x17"
- "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
- "\x20\x21\x22\x23\x24\x25\x26\x27"
- "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
- "\x30\x31\x32\x33\x34\x35\x36\x37"
- "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
- "\x40\x41\x42\x43\x44\x45\x46\x47"
- "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
- "\x50\x51\x52\x53\x54\x55\x56\x57"
- "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
- "\x60\x61\x62\x63\x64\x65\x66\x67"
- "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f"
- "\x70\x71\x72\x73\x74\x75\x76\x77"
- "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
- "\x80\x81\x82\x83\x84\x85\x86\x87"
- "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
- "\x90\x91\x92\x93\x94\x95\x96\x97"
- "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
- "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
- "\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
- "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
- "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
- "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
- "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
- "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
- "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
- "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
- "\xe8\xe9\xea\xeb\xec\xed\xee\xef"
- "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
- "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"
- "\x00\x01\x02\x03\x04\x05\x06\x07"
- "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
- "\x10\x11\x12\x13\x14\x15\x16\x17"
- "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
- "\x20\x21\x22\x23\x24\x25\x26\x27"
- "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
- "\x30\x31\x32\x33\x34\x35\x36\x37"
- "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
- "\x40\x41\x42\x43\x44\x45\x46\x47"
- "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
- "\x50\x51\x52\x53\x54\x55\x56\x57"
- "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
- "\x60\x61\x62\x63\x64\x65\x66\x67"
- "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f"
- "\x70\x71\x72\x73\x74\x75\x76\x77"
- "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
- "\x80\x81\x82\x83\x84\x85\x86\x87"
- "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
- "\x90\x91\x92\x93\x94\x95\x96\x97"
- "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
- "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
- "\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
- "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
- "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
- "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
- "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
- "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
- "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
- "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
- "\xe8\xe9\xea\xeb\xec\xed\xee\xef"
- "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
- "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff",
- .ctext = "\xaf\xa1\x81\xa6\x32\xbb\x15\x8e"
- "\xf8\x95\x2e\xd3\xe6\xee\x7e\x09"
- "\x0c\x1a\xf5\x02\x97\x8b\xe3\xb3"
- "\x11\xc7\x39\x96\xd0\x95\xf4\x56"
- "\xf4\xdd\x03\x38\x01\x44\x2c\xcf"
- "\x88\xae\x8e\x3c\xcd\xe7\xaa\x66"
- "\xfe\x3d\xc6\xfb\x01\x23\x51\x43"
- "\xd5\xd2\x13\x86\x94\x34\xe9\x62"
- "\xf9\x89\xe3\xd1\x7b\xbe\xf8\xef"
- "\x76\x35\x04\x3f\xdb\x23\x9d\x0b"
- "\x85\x42\xb9\x02\xd6\xcc\xdb\x96"
- "\xa7\x6b\x27\xb6\xd4\x45\x8f\x7d"
- "\xae\xd2\x04\xd5\xda\xc1\x7e\x24"
- "\x8c\x73\xbe\x48\x7e\xcf\x65\x28"
- "\x29\xe5\xbe\x54\x30\xcb\x46\x95"
- "\x4f\x2e\x8a\x36\xc8\x27\xc5\xbe"
- "\xd0\x1a\xaf\xab\x26\xcd\x9e\x69"
- "\xa1\x09\x95\x71\x26\xe9\xc4\xdf"
- "\xe6\x31\xc3\x46\xda\xaf\x0b\x41"
- "\x1f\xab\xb1\x8e\xd6\xfc\x0b\xb3"
- "\x82\xc0\x37\x27\xfc\x91\xa7\x05"
- "\xfb\xc5\xdc\x2b\x74\x96\x48\x43"
- "\x5d\x9c\x19\x0f\x60\x63\x3a\x1f"
- "\x6f\xf0\x03\xbe\x4d\xfd\xc8\x4a"
- "\xc6\xa4\x81\x6d\xc3\x12\x2a\x5c"
- "\x07\xff\xf3\x72\x74\x48\xb5\x40"
- "\x50\xb5\xdd\x90\x43\x31\x18\x15"
- "\x7b\xf2\xa6\xdb\x83\xc8\x4b\x4a"
- "\x29\x93\x90\x8b\xda\x07\xf0\x35"
- "\x6d\x90\x88\x09\x4e\x83\xf5\x5b"
- "\x94\x12\xbb\x33\x27\x1d\x3f\x23"
- "\x51\xa8\x7c\x07\xa2\xae\x77\xa6"
- "\x50\xfd\xcc\xc0\x4f\x80\x7a\x9f"
- "\x66\xdd\xcd\x75\x24\x8b\x33\xf7"
- "\x20\xdb\x83\x9b\x4f\x11\x63\x6e"
- "\xcf\x37\xef\xc9\x11\x01\x5c\x45"
- "\x32\x99\x7c\x3c\x9e\x42\x89\xe3"
- "\x70\x6d\x15\x9f\xb1\xe6\xb6\x05"
- "\xfe\x0c\xb9\x49\x2d\x90\x6d\xcc"
- "\x5d\x3f\xc1\xfe\x89\x0a\x2e\x2d"
- "\xa0\xa8\x89\x3b\x73\x39\xa5\x94"
- "\x4c\xa4\xa6\xbb\xa7\x14\x46\x89"
- "\x10\xff\xaf\xef\xca\xdd\x4f\x80"
- "\xb3\xdf\x3b\xab\xd4\xe5\x5a\xc7"
- "\x33\xca\x00\x8b\x8b\x3f\xea\xec"
- "\x68\x8a\xc2\x6d\xfd\xd4\x67\x0f"
- "\x22\x31\xe1\x0e\xfe\x5a\x04\xd5"
- "\x64\xa3\xf1\x1a\x76\x28\xcc\x35"
- "\x36\xa7\x0a\x74\xf7\x1c\x44\x9b"
- "\xc7\x1b\x53\x17\x02\xea\xd1\xad"
- "\x13\x51\x73\xc0\xa0\xb2\x05\x32"
- "\xa8\xa2\x37\x2e\xe1\x7a\x3a\x19"
- "\x26\xb4\x6c\x62\x5d\xb3\x1a\x1d"
- "\x59\xda\xee\x1a\x22\x18\xda\x0d"
- "\x88\x0f\x55\x8b\x72\x62\xfd\xc1"
- "\x69\x13\xcd\x0d\x5f\xc1\x09\x52"
- "\xee\xd6\xe3\x84\x4d\xee\xf6\x88"
- "\xaf\x83\xdc\x76\xf4\xc0\x93\x3f"
- "\x4a\x75\x2f\xb0\x0b\x3e\xc4\x54"
- "\x7d\x69\x8d\x00\x62\x77\x0d\x14"
- "\xbe\x7c\xa6\x7d\xc5\x24\x4f\xf3"
- "\x50\xf7\x5f\xf4\xc2\xca\x41\x97"
- "\x37\xbe\x75\x74\xcd\xf0\x75\x6e"
- "\x25\x23\x94\xbd\xda\x8d\xb0\xd4",
- .len = 512,
- }, {
- .key = "\x27\x18\x28\x18\x28\x45\x90\x45"
- "\x23\x53\x60\x28\x74\x71\x35\x26"
- "\x62\x49\x77\x57\x24\x70\x93\x69"
- "\x99\x59\x57\x49\x66\x96\x76\x27",
- .klen = 32,
- .iv = "\xff\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00",
- .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07"
- "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
- "\x10\x11\x12\x13\x14\x15\x16\x17"
- "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
- "\x20\x21\x22\x23\x24\x25\x26\x27"
- "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
- "\x30\x31\x32\x33\x34\x35\x36\x37"
- "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
- "\x40\x41\x42\x43\x44\x45\x46\x47"
- "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
- "\x50\x51\x52\x53\x54\x55\x56\x57"
- "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
- "\x60\x61\x62\x63\x64\x65\x66\x67"
- "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f"
- "\x70\x71\x72\x73\x74\x75\x76\x77"
- "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
- "\x80\x81\x82\x83\x84\x85\x86\x87"
- "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
- "\x90\x91\x92\x93\x94\x95\x96\x97"
- "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
- "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
- "\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
- "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
- "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
- "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
- "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
- "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
- "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
- "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
- "\xe8\xe9\xea\xeb\xec\xed\xee\xef"
- "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
- "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"
- "\x00\x01\x02\x03\x04\x05\x06\x07"
- "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
- "\x10\x11\x12\x13\x14\x15\x16\x17"
- "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
- "\x20\x21\x22\x23\x24\x25\x26\x27"
- "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
- "\x30\x31\x32\x33\x34\x35\x36\x37"
- "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
- "\x40\x41\x42\x43\x44\x45\x46\x47"
- "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
- "\x50\x51\x52\x53\x54\x55\x56\x57"
- "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
- "\x60\x61\x62\x63\x64\x65\x66\x67"
- "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f"
- "\x70\x71\x72\x73\x74\x75\x76\x77"
- "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
- "\x80\x81\x82\x83\x84\x85\x86\x87"
- "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
- "\x90\x91\x92\x93\x94\x95\x96\x97"
- "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
- "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
- "\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
- "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
- "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
- "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
- "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
- "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
- "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
- "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
- "\xe8\xe9\xea\xeb\xec\xed\xee\xef"
- "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
- "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff",
- .ctext = "\x55\xed\x71\xd3\x02\x8e\x15\x3b"
- "\xc6\x71\x29\x2d\x3e\x89\x9f\x59"
- "\x68\x6a\xcc\x8a\x56\x97\xf3\x95"
- "\x4e\x51\x08\xda\x2a\xf8\x6f\x3c"
- "\x78\x16\xea\x80\xdb\x33\x75\x94"
- "\xf9\x29\xc4\x2b\x76\x75\x97\xc7"
- "\xf2\x98\x2c\xf9\xff\xc8\xd5\x2b"
- "\x18\xf1\xaf\xcf\x7c\xc5\x0b\xee"
- "\xad\x3c\x76\x7c\xe6\x27\xa2\x2a"
- "\xe4\x66\xe1\xab\xa2\x39\xfc\x7c"
- "\xf5\xec\x32\x74\xa3\xb8\x03\x88"
- "\x52\xfc\x2e\x56\x3f\xa1\xf0\x9f"
- "\x84\x5e\x46\xed\x20\x89\xb6\x44"
- "\x8d\xd0\xed\x54\x47\x16\xbe\x95"
- "\x8a\xb3\x6b\x72\xc4\x32\x52\x13"
- "\x1b\xb0\x82\xbe\xac\xf9\x70\xa6"
- "\x44\x18\xdd\x8c\x6e\xca\x6e\x45"
- "\x8f\x1e\x10\x07\x57\x25\x98\x7b"
- "\x17\x8c\x78\xdd\x80\xa7\xd9\xd8"
- "\x63\xaf\xb9\x67\x57\xfd\xbc\xdb"
- "\x44\xe9\xc5\x65\xd1\xc7\x3b\xff"
- "\x20\xa0\x80\x1a\xc3\x9a\xad\x5e"
- "\x5d\x3b\xd3\x07\xd9\xf5\xfd\x3d"
- "\x4a\x8b\xa8\xd2\x6e\x7a\x51\x65"
- "\x6c\x8e\x95\xe0\x45\xc9\x5f\x4a"
- "\x09\x3c\x3d\x71\x7f\x0c\x84\x2a"
- "\xc8\x48\x52\x1a\xc2\xd5\xd6\x78"
- "\x92\x1e\xa0\x90\x2e\xea\xf0\xf3"
- "\xdc\x0f\xb1\xaf\x0d\x9b\x06\x2e"
- "\x35\x10\x30\x82\x0d\xe7\xc5\x9b"
- "\xde\x44\x18\xbd\x9f\xd1\x45\xa9"
- "\x7b\x7a\x4a\xad\x35\x65\x27\xca"
- "\xb2\xc3\xd4\x9b\x71\x86\x70\xee"
- "\xf1\x89\x3b\x85\x4b\x5b\xaa\xaf"
- "\xfc\x42\xc8\x31\x59\xbe\x16\x60"
- "\x4f\xf9\xfa\x12\xea\xd0\xa7\x14"
- "\xf0\x7a\xf3\xd5\x8d\xbd\x81\xef"
- "\x52\x7f\x29\x51\x94\x20\x67\x3c"
- "\xd1\xaf\x77\x9f\x22\x5a\x4e\x63"
- "\xe7\xff\x73\x25\xd1\xdd\x96\x8a"
- "\x98\x52\x6d\xf3\xac\x3e\xf2\x18"
- "\x6d\xf6\x0a\x29\xa6\x34\x3d\xed"
- "\xe3\x27\x0d\x9d\x0a\x02\x44\x7e"
- "\x5a\x7e\x67\x0f\x0a\x9e\xd6\xad"
- "\x91\xe6\x4d\x81\x8c\x5c\x59\xaa"
- "\xfb\xeb\x56\x53\xd2\x7d\x4c\x81"
- "\x65\x53\x0f\x41\x11\xbd\x98\x99"
- "\xf9\xc6\xfa\x51\x2e\xa3\xdd\x8d"
- "\x84\x98\xf9\x34\xed\x33\x2a\x1f"
- "\x82\xed\xc1\x73\x98\xd3\x02\xdc"
- "\xe6\xc2\x33\x1d\xa2\xb4\xca\x76"
- "\x63\x51\x34\x9d\x96\x12\xae\xce"
- "\x83\xc9\x76\x5e\xa4\x1b\x53\x37"
- "\x17\xd5\xc0\x80\x1d\x62\xf8\x3d"
- "\x54\x27\x74\xbb\x10\x86\x57\x46"
- "\x68\xe1\xed\x14\xe7\x9d\xfc\x84"
- "\x47\xbc\xc2\xf8\x19\x4b\x99\xcf"
- "\x7a\xe9\xc4\xb8\x8c\x82\x72\x4d"
- "\x7b\x4f\x38\x55\x36\x71\x64\xc1"
- "\xfc\x5c\x75\x52\x33\x02\x18\xf8"
- "\x17\xe1\x2b\xc2\x43\x39\xbd\x76"
- "\x9b\x63\x76\x32\x2f\x19\x72\x10"
- "\x9f\x21\x0c\xf1\x66\x50\x7f\xa5"
- "\x0d\x1f\x46\xe0\xba\xd3\x2f\x3c",
- .len = 512,
- .also_non_np = 1,
- .np = 3,
- .tap = { 512 - 20, 4, 16 },
- }
-};
-
/* Cast6 test vectors from RFC 2612 */
static const struct cipher_testvec cast6_tv_template[] = {
{
--- a/fs/crypto/fscrypt_private.h
+++ b/fs/crypto/fscrypt_private.h
@@ -83,10 +83,6 @@ static inline bool fscrypt_valid_enc_mod
filenames_mode == FS_ENCRYPTION_MODE_AES_256_CTS)
return true;
- if (contents_mode == FS_ENCRYPTION_MODE_SPECK128_256_XTS &&
- filenames_mode == FS_ENCRYPTION_MODE_SPECK128_256_CTS)
- return true;
-
return false;
}
--- a/fs/crypto/keyinfo.c
+++ b/fs/crypto/keyinfo.c
@@ -174,16 +174,6 @@ static struct fscrypt_mode {
.cipher_str = "cts(cbc(aes))",
.keysize = 16,
},
- [FS_ENCRYPTION_MODE_SPECK128_256_XTS] = {
- .friendly_name = "Speck128/256-XTS",
- .cipher_str = "xts(speck128)",
- .keysize = 64,
- },
- [FS_ENCRYPTION_MODE_SPECK128_256_CTS] = {
- .friendly_name = "Speck128/256-CTS-CBC",
- .cipher_str = "cts(cbc(speck128))",
- .keysize = 32,
- },
};
static struct fscrypt_mode *
--- a/include/crypto/speck.h
+++ /dev/null
@@ -1,62 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0
-/*
- * Common values for the Speck algorithm
- */
-
-#ifndef _CRYPTO_SPECK_H
-#define _CRYPTO_SPECK_H
-
-#include <linux/types.h>
-
-/* Speck128 */
-
-#define SPECK128_BLOCK_SIZE 16
-
-#define SPECK128_128_KEY_SIZE 16
-#define SPECK128_128_NROUNDS 32
-
-#define SPECK128_192_KEY_SIZE 24
-#define SPECK128_192_NROUNDS 33
-
-#define SPECK128_256_KEY_SIZE 32
-#define SPECK128_256_NROUNDS 34
-
-struct speck128_tfm_ctx {
- u64 round_keys[SPECK128_256_NROUNDS];
- int nrounds;
-};
-
-void crypto_speck128_encrypt(const struct speck128_tfm_ctx *ctx,
- u8 *out, const u8 *in);
-
-void crypto_speck128_decrypt(const struct speck128_tfm_ctx *ctx,
- u8 *out, const u8 *in);
-
-int crypto_speck128_setkey(struct speck128_tfm_ctx *ctx, const u8 *key,
- unsigned int keysize);
-
-/* Speck64 */
-
-#define SPECK64_BLOCK_SIZE 8
-
-#define SPECK64_96_KEY_SIZE 12
-#define SPECK64_96_NROUNDS 26
-
-#define SPECK64_128_KEY_SIZE 16
-#define SPECK64_128_NROUNDS 27
-
-struct speck64_tfm_ctx {
- u32 round_keys[SPECK64_128_NROUNDS];
- int nrounds;
-};
-
-void crypto_speck64_encrypt(const struct speck64_tfm_ctx *ctx,
- u8 *out, const u8 *in);
-
-void crypto_speck64_decrypt(const struct speck64_tfm_ctx *ctx,
- u8 *out, const u8 *in);
-
-int crypto_speck64_setkey(struct speck64_tfm_ctx *ctx, const u8 *key,
- unsigned int keysize);
-
-#endif /* _CRYPTO_SPECK_H */
--- a/include/uapi/linux/fs.h
+++ b/include/uapi/linux/fs.h
@@ -279,8 +279,8 @@ struct fsxattr {
#define FS_ENCRYPTION_MODE_AES_256_CTS 4
#define FS_ENCRYPTION_MODE_AES_128_CBC 5
#define FS_ENCRYPTION_MODE_AES_128_CTS 6
-#define FS_ENCRYPTION_MODE_SPECK128_256_XTS 7
-#define FS_ENCRYPTION_MODE_SPECK128_256_CTS 8
+#define FS_ENCRYPTION_MODE_SPECK128_256_XTS 7 /* Removed, do not use. */
+#define FS_ENCRYPTION_MODE_SPECK128_256_CTS 8 /* Removed, do not use. */
struct fscrypt_policy {
__u8 version;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 248/361] mm: /proc/pid/smaps_rollup: fix NULL pointer deref in smaps_pte_range()
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (246 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 247/361] crypto: speck - remove Speck Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 249/361] userfaultfd: disable irqs when taking the waitqueue lock Greg Kroah-Hartman
` (115 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vlastimil Babka,
Leonardo Soares Müller, Daniel Colascione, Alexey Dobriyan,
Andrew Morton, Linus Torvalds
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vlastimil Babka <vbabka@suse.cz>
commit fa76da461bb0be13c8339d984dcf179151167c8f upstream.
Leonardo reports an apparent regression in 4.19-rc7:
BUG: unable to handle kernel NULL pointer dereference at 00000000000000f0
PGD 0 P4D 0
Oops: 0000 [#1] PREEMPT SMP PTI
CPU: 3 PID: 6032 Comm: python Not tainted 4.19.0-041900rc7-lowlatency #201810071631
Hardware name: LENOVO 80UG/Toronto 4A2, BIOS 0XCN45WW 08/09/2018
RIP: 0010:smaps_pte_range+0x32d/0x540
Code: 80 00 00 00 00 74 a9 48 89 de 41 f6 40 52 40 0f 85 04 02 00 00 49 2b 30 48 c1 ee 0c 49 03 b0 98 00 00 00 49 8b 80 a0 00 00 00 <48> 8b b8 f0 00 00 00 e8 b7 ef ec ff 48 85 c0 0f 84 71 ff ff ff a8
RSP: 0018:ffffb0cbc484fb88 EFLAGS: 00010202
RAX: 0000000000000000 RBX: 0000560ddb9e9000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000560ddb9e9 RDI: 0000000000000001
RBP: ffffb0cbc484fbc0 R08: ffff94a5a227a578 R09: ffff94a5a227a578
R10: 0000000000000000 R11: 0000560ddbbe7000 R12: ffffe903098ba728
R13: ffffb0cbc484fc78 R14: ffffb0cbc484fcf8 R15: ffff94a5a2e9cf48
FS: 00007f6dfb683740(0000) GS:ffff94a5aaf80000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000000000f0 CR3: 000000011c118001 CR4: 00000000003606e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
__walk_page_range+0x3c2/0x6f0
walk_page_vma+0x42/0x60
smap_gather_stats+0x79/0xe0
? gather_pte_stats+0x320/0x320
? gather_hugetlb_stats+0x70/0x70
show_smaps_rollup+0xcd/0x1c0
seq_read+0x157/0x400
__vfs_read+0x3a/0x180
? security_file_permission+0x93/0xc0
? security_file_permission+0x93/0xc0
vfs_read+0x8f/0x140
ksys_read+0x55/0xc0
__x64_sys_read+0x1a/0x20
do_syscall_64+0x5a/0x110
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Decoded code matched to local compilation+disassembly points to
smaps_pte_entry():
} else if (unlikely(IS_ENABLED(CONFIG_SHMEM) && mss->check_shmem_swap
&& pte_none(*pte))) {
page = find_get_entry(vma->vm_file->f_mapping,
linear_page_index(vma, addr));
Here, vma->vm_file is NULL. mss->check_shmem_swap should be false in that
case, however for smaps_rollup, smap_gather_stats() can set the flag true
for one vma and leave it true for subsequent vma's where it should be
false.
To fix, reset the check_shmem_swap flag to false. There's also related
bug which sets mss->swap to shmem_swapped, which in the context of
smaps_rollup overwrites any value accumulated from previous vma's. Fix
that as well.
Note that the report suggests a regression between 4.17.19 and 4.19-rc7,
which makes the 4.19 series ending with commit 258f669e7e88 ("mm:
/proc/pid/smaps_rollup: convert to single value seq_file") suspicious.
But the mss was reused for rollup since 493b0e9d945f ("mm: add
/proc/pid/smaps_rollup") so let's play it safe with the stable backport.
Link: http://lkml.kernel.org/r/555fbd1f-4ac9-0b58-dcd4-5dc4380ff7ca@suse.cz
Link: https://bugzilla.kernel.org/show_bug.cgi?id=201377
Fixes: 493b0e9d945f ("mm: add /proc/pid/smaps_rollup")
Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
Reported-by: Leonardo Soares Müller <leozinho29_eu@hotmail.com>
Tested-by: Leonardo Soares Müller <leozinho29_eu@hotmail.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Daniel Colascione <dancol@google.com>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/proc/task_mmu.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -713,6 +713,8 @@ static void smap_gather_stats(struct vm_
smaps_walk.private = mss;
#ifdef CONFIG_SHMEM
+ /* In case of smaps_rollup, reset the value from previous vma */
+ mss->check_shmem_swap = false;
if (vma->vm_file && shmem_mapping(vma->vm_file->f_mapping)) {
/*
* For shared or readonly shmem mappings we know that all
@@ -728,7 +730,7 @@ static void smap_gather_stats(struct vm_
if (!shmem_swapped || (vma->vm_flags & VM_SHARED) ||
!(vma->vm_flags & VM_WRITE)) {
- mss->swap = shmem_swapped;
+ mss->swap += shmem_swapped;
} else {
mss->check_shmem_swap = true;
smaps_walk.pte_hole = smaps_pte_hole;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 249/361] userfaultfd: disable irqs when taking the waitqueue lock
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (247 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 248/361] mm: /proc/pid/smaps_rollup: fix NULL pointer deref in smaps_pte_range() Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 250/361] ima: fix showing large violations or runtime_measurements_count Greg Kroah-Hartman
` (114 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christoph Hellwig, Andrea Arcangeli,
Andrew Morton, Linus Torvalds
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christoph Hellwig <hch@lst.de>
commit ae62c16e105a869524afcf8a07ee85c5ae5d0479 upstream.
userfaultfd contains howe-grown locking of the waitqueue lock, and does
not disable interrupts. This relies on the fact that no one else takes it
from interrupt context and violates an invariat of the normal waitqueue
locking scheme. With aio poll it is easy to trigger other locks that
disable interrupts (or are called from interrupt context).
Link: http://lkml.kernel.org/r/20181018154101.18750-1-hch@lst.de
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Andrea Arcangeli <aarcange@redhat.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: <stable@vger.kernel.org> [4.19.x]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/userfaultfd.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/fs/userfaultfd.c
+++ b/fs/userfaultfd.c
@@ -1026,7 +1026,7 @@ static ssize_t userfaultfd_ctx_read(stru
struct userfaultfd_ctx *fork_nctx = NULL;
/* always take the fd_wqh lock before the fault_pending_wqh lock */
- spin_lock(&ctx->fd_wqh.lock);
+ spin_lock_irq(&ctx->fd_wqh.lock);
__add_wait_queue(&ctx->fd_wqh, &wait);
for (;;) {
set_current_state(TASK_INTERRUPTIBLE);
@@ -1112,13 +1112,13 @@ static ssize_t userfaultfd_ctx_read(stru
ret = -EAGAIN;
break;
}
- spin_unlock(&ctx->fd_wqh.lock);
+ spin_unlock_irq(&ctx->fd_wqh.lock);
schedule();
- spin_lock(&ctx->fd_wqh.lock);
+ spin_lock_irq(&ctx->fd_wqh.lock);
}
__remove_wait_queue(&ctx->fd_wqh, &wait);
__set_current_state(TASK_RUNNING);
- spin_unlock(&ctx->fd_wqh.lock);
+ spin_unlock_irq(&ctx->fd_wqh.lock);
if (!ret && msg->event == UFFD_EVENT_FORK) {
ret = resolve_userfault_fork(ctx, fork_nctx, msg);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 250/361] ima: fix showing large violations or runtime_measurements_count
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (248 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 249/361] userfaultfd: disable irqs when taking the waitqueue lock Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 251/361] ima: open a new file instance if no read permissions Greg Kroah-Hartman
` (113 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Eric Biggers, Mimi Zohar
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Biggers <ebiggers@google.com>
commit 1e4c8dafbb6bf72fb5eca035b861e39c5896c2b7 upstream.
The 12 character temporary buffer is not necessarily long enough to hold
a 'long' value. Increase it.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
security/integrity/ima/ima_fs.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/security/integrity/ima/ima_fs.c
+++ b/security/integrity/ima/ima_fs.c
@@ -42,14 +42,14 @@ static int __init default_canonical_fmt_
__setup("ima_canonical_fmt", default_canonical_fmt_setup);
static int valid_policy = 1;
-#define TMPBUFLEN 12
+
static ssize_t ima_show_htable_value(char __user *buf, size_t count,
loff_t *ppos, atomic_long_t *val)
{
- char tmpbuf[TMPBUFLEN];
+ char tmpbuf[32]; /* greater than largest 'long' string value */
ssize_t len;
- len = scnprintf(tmpbuf, TMPBUFLEN, "%li\n", atomic_long_read(val));
+ len = scnprintf(tmpbuf, sizeof(tmpbuf), "%li\n", atomic_long_read(val));
return simple_read_from_buffer(buf, count, ppos, tmpbuf, len);
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 251/361] ima: open a new file instance if no read permissions
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (249 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 250/361] ima: fix showing large violations or runtime_measurements_count Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 252/361] hugetlbfs: dirty pages as they are added to pagecache Greg Kroah-Hartman
` (112 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Goldwyn Rodrigues, Mimi Zohar
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Goldwyn Rodrigues <rgoldwyn@suse.de>
commit a408e4a86b36bf98ad15b9ada531cf0e5118ac67 upstream.
Open a new file instance as opposed to changing file->f_mode when
the file is not readable. This is done to accomodate overlayfs
stacked file operations change. The real struct file is hidden
behind the overlays struct file. So, any file->f_mode manipulations are
not reflected on the real struct file. Open the file again in read mode
if original file cannot be read, read and calculate the hash.
Signed-off-by: Goldwyn Rodrigues <rgoldwyn@suse.com>
Cc: stable@vger.kernel.org (linux-4.19)
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
security/integrity/ima/ima_crypto.c | 54 ++++++++++++++++++++++--------------
1 file changed, 34 insertions(+), 20 deletions(-)
--- a/security/integrity/ima/ima_crypto.c
+++ b/security/integrity/ima/ima_crypto.c
@@ -210,7 +210,7 @@ static int ima_calc_file_hash_atfm(struc
{
loff_t i_size, offset;
char *rbuf[2] = { NULL, };
- int rc, read = 0, rbuf_len, active = 0, ahash_rc = 0;
+ int rc, rbuf_len, active = 0, ahash_rc = 0;
struct ahash_request *req;
struct scatterlist sg[1];
struct crypto_wait wait;
@@ -257,11 +257,6 @@ static int ima_calc_file_hash_atfm(struc
&rbuf_size[1], 0);
}
- if (!(file->f_mode & FMODE_READ)) {
- file->f_mode |= FMODE_READ;
- read = 1;
- }
-
for (offset = 0; offset < i_size; offset += rbuf_len) {
if (!rbuf[1] && offset) {
/* Not using two buffers, and it is not the first
@@ -300,8 +295,6 @@ static int ima_calc_file_hash_atfm(struc
/* wait for the last update request to complete */
rc = ahash_wait(ahash_rc, &wait);
out3:
- if (read)
- file->f_mode &= ~FMODE_READ;
ima_free_pages(rbuf[0], rbuf_size[0]);
ima_free_pages(rbuf[1], rbuf_size[1]);
out2:
@@ -336,7 +329,7 @@ static int ima_calc_file_hash_tfm(struct
{
loff_t i_size, offset = 0;
char *rbuf;
- int rc, read = 0;
+ int rc;
SHASH_DESC_ON_STACK(shash, tfm);
shash->tfm = tfm;
@@ -357,11 +350,6 @@ static int ima_calc_file_hash_tfm(struct
if (!rbuf)
return -ENOMEM;
- if (!(file->f_mode & FMODE_READ)) {
- file->f_mode |= FMODE_READ;
- read = 1;
- }
-
while (offset < i_size) {
int rbuf_len;
@@ -378,8 +366,6 @@ static int ima_calc_file_hash_tfm(struct
if (rc)
break;
}
- if (read)
- file->f_mode &= ~FMODE_READ;
kfree(rbuf);
out:
if (!rc)
@@ -420,6 +406,8 @@ int ima_calc_file_hash(struct file *file
{
loff_t i_size;
int rc;
+ struct file *f = file;
+ bool new_file_instance = false, modified_flags = false;
/*
* For consistency, fail file's opened with the O_DIRECT flag on
@@ -431,15 +419,41 @@ int ima_calc_file_hash(struct file *file
return -EINVAL;
}
- i_size = i_size_read(file_inode(file));
+ /* Open a new file instance in O_RDONLY if we cannot read */
+ if (!(file->f_mode & FMODE_READ)) {
+ int flags = file->f_flags & ~(O_WRONLY | O_APPEND |
+ O_TRUNC | O_CREAT | O_NOCTTY | O_EXCL);
+ flags |= O_RDONLY;
+ f = dentry_open(&file->f_path, flags, file->f_cred);
+ if (IS_ERR(f)) {
+ /*
+ * Cannot open the file again, lets modify f_flags
+ * of original and continue
+ */
+ pr_info_ratelimited("Unable to reopen file for reading.\n");
+ f = file;
+ f->f_flags |= FMODE_READ;
+ modified_flags = true;
+ } else {
+ new_file_instance = true;
+ }
+ }
+
+ i_size = i_size_read(file_inode(f));
if (ima_ahash_minsize && i_size >= ima_ahash_minsize) {
- rc = ima_calc_file_ahash(file, hash);
+ rc = ima_calc_file_ahash(f, hash);
if (!rc)
- return 0;
+ goto out;
}
- return ima_calc_file_shash(file, hash);
+ rc = ima_calc_file_shash(f, hash);
+out:
+ if (new_file_instance)
+ fput(f);
+ else if (modified_flags)
+ f->f_flags &= ~FMODE_READ;
+ return rc;
}
/*
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 252/361] hugetlbfs: dirty pages as they are added to pagecache
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (250 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 251/361] ima: open a new file instance if no read permissions Greg Kroah-Hartman
@ 2018-11-11 22:19 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 253/361] mm/rmap: map_pte() was not handling private ZONE_DEVICE page properly Greg Kroah-Hartman
` (111 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mike Kravetz, Mihcla Hocko,
Khalid Aziz, Hugh Dickins, Naoya Horiguchi, Aneesh Kumar K . V,
Andrea Arcangeli, Kirill A . Shutemov, Davidlohr Bueso,
Alexander Viro, Andrew Morton, Linus Torvalds
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mike Kravetz <mike.kravetz@oracle.com>
commit 22146c3ce98962436e401f7b7016a6f664c9ffb5 upstream.
Some test systems were experiencing negative huge page reserve counts and
incorrect file block counts. This was traced to /proc/sys/vm/drop_caches
removing clean pages from hugetlbfs file pagecaches. When non-hugetlbfs
explicit code removes the pages, the appropriate accounting is not
performed.
This can be recreated as follows:
fallocate -l 2M /dev/hugepages/foo
echo 1 > /proc/sys/vm/drop_caches
fallocate -l 2M /dev/hugepages/foo
grep -i huge /proc/meminfo
AnonHugePages: 0 kB
ShmemHugePages: 0 kB
HugePages_Total: 2048
HugePages_Free: 2047
HugePages_Rsvd: 18446744073709551615
HugePages_Surp: 0
Hugepagesize: 2048 kB
Hugetlb: 4194304 kB
ls -lsh /dev/hugepages/foo
4.0M -rw-r--r--. 1 root root 2.0M Oct 17 20:05 /dev/hugepages/foo
To address this issue, dirty pages as they are added to pagecache. This
can easily be reproduced with fallocate as shown above. Read faulted
pages will eventually end up being marked dirty. But there is a window
where they are clean and could be impacted by code such as drop_caches.
So, just dirty them all as they are added to the pagecache.
Link: http://lkml.kernel.org/r/b5be45b8-5afe-56cd-9482-28384699a049@oracle.com
Fixes: 6bda666a03f0 ("hugepages: fold find_or_alloc_pages into huge_no_page()")
Signed-off-by: Mike Kravetz <mike.kravetz@oracle.com>
Acked-by: Mihcla Hocko <mhocko@suse.com>
Reviewed-by: Khalid Aziz <khalid.aziz@oracle.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
Cc: "Aneesh Kumar K . V" <aneesh.kumar@linux.vnet.ibm.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: "Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>
Cc: Davidlohr Bueso <dave@stgolabs.net>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/hugetlb.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -3690,6 +3690,12 @@ int huge_add_to_page_cache(struct page *
return err;
ClearPagePrivate(page);
+ /*
+ * set page dirty so that it will not be removed from cache/file
+ * by non-hugetlbfs specific code paths.
+ */
+ set_page_dirty(page);
+
spin_lock(&inode->i_lock);
inode->i_blocks += blocks_per_huge_page(h);
spin_unlock(&inode->i_lock);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 253/361] mm/rmap: map_pte() was not handling private ZONE_DEVICE page properly
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (251 preceding siblings ...)
2018-11-11 22:19 ` [PATCH 4.19 252/361] hugetlbfs: dirty pages as they are added to pagecache Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 254/361] mm/hmm: fix race between hmm_mirror_unregister() and mmu_notifier callback Greg Kroah-Hartman
` (110 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ralph Campbell,
Jérôme Glisse, Balbir Singh, Andrew Morton,
Kirill A. Shutemov, Linus Torvalds
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ralph Campbell <rcampbell@nvidia.com>
commit aab8d0520e6e7c2a61f71195e6ce7007a4843afb upstream.
Private ZONE_DEVICE pages use a special pte entry and thus are not
present. Properly handle this case in map_pte(), it is already handled in
check_pte(), the map_pte() part was lost in some rebase most probably.
Without this patch the slow migration path can not migrate back to any
private ZONE_DEVICE memory to regular memory. This was found after stress
testing migration back to system memory. This ultimatly can lead to the
CPU constantly page fault looping on the special swap entry.
Link: http://lkml.kernel.org/r/20181019160442.18723-3-jglisse@redhat.com
Signed-off-by: Ralph Campbell <rcampbell@nvidia.com>
Signed-off-by: Jérôme Glisse <jglisse@redhat.com>
Reviewed-by: Balbir Singh <bsingharora@gmail.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/page_vma_mapped.c | 24 +++++++++++++++++++++++-
1 file changed, 23 insertions(+), 1 deletion(-)
--- a/mm/page_vma_mapped.c
+++ b/mm/page_vma_mapped.c
@@ -21,7 +21,29 @@ static bool map_pte(struct page_vma_mapp
if (!is_swap_pte(*pvmw->pte))
return false;
} else {
- if (!pte_present(*pvmw->pte))
+ /*
+ * We get here when we are trying to unmap a private
+ * device page from the process address space. Such
+ * page is not CPU accessible and thus is mapped as
+ * a special swap entry, nonetheless it still does
+ * count as a valid regular mapping for the page (and
+ * is accounted as such in page maps count).
+ *
+ * So handle this special case as if it was a normal
+ * page mapping ie lock CPU page table and returns
+ * true.
+ *
+ * For more details on device private memory see HMM
+ * (include/linux/hmm.h or mm/hmm.c).
+ */
+ if (is_swap_pte(*pvmw->pte)) {
+ swp_entry_t entry;
+
+ /* Handle un-addressable ZONE_DEVICE memory */
+ entry = pte_to_swp_entry(*pvmw->pte);
+ if (!is_device_private_entry(entry))
+ return false;
+ } else if (!pte_present(*pvmw->pte))
return false;
}
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 254/361] mm/hmm: fix race between hmm_mirror_unregister() and mmu_notifier callback
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (252 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 253/361] mm/rmap: map_pte() was not handling private ZONE_DEVICE page properly Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 255/361] KVM: arm/arm64: Ensure only THP is candidate for adjustment Greg Kroah-Hartman
` (109 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ralph Campbell,
Jérôme Glisse, John Hubbard, Balbir Singh,
Andrew Morton, Linus Torvalds
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ralph Campbell <rcampbell@nvidia.com>
commit 86a2d59841ab0b147ffc1b7b3041af87927cf312 upstream.
In hmm_mirror_unregister(), mm->hmm is set to NULL and then
mmu_notifier_unregister_no_release() is called. That creates a small
window where mmu_notifier can call mmu_notifier_ops with mm->hmm equal to
NULL. Fix this by first unregistering mmu notifier callbacks and then
setting mm->hmm to NULL.
Similarly in hmm_register(), set mm->hmm before registering mmu_notifier
callbacks so callback functions always see mm->hmm set.
Link: http://lkml.kernel.org/r/20181019160442.18723-4-jglisse@redhat.com
Signed-off-by: Ralph Campbell <rcampbell@nvidia.com>
Signed-off-by: Jérôme Glisse <jglisse@redhat.com>
Reviewed-by: John Hubbard <jhubbard@nvidia.com>
Reviewed-by: Jérôme Glisse <jglisse@redhat.com>
Reviewed-by: Balbir Singh <bsingharora@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/hmm.c | 36 +++++++++++++++++++++---------------
1 file changed, 21 insertions(+), 15 deletions(-)
--- a/mm/hmm.c
+++ b/mm/hmm.c
@@ -91,16 +91,6 @@ static struct hmm *hmm_register(struct m
spin_lock_init(&hmm->lock);
hmm->mm = mm;
- /*
- * We should only get here if hold the mmap_sem in write mode ie on
- * registration of first mirror through hmm_mirror_register()
- */
- hmm->mmu_notifier.ops = &hmm_mmu_notifier_ops;
- if (__mmu_notifier_register(&hmm->mmu_notifier, mm)) {
- kfree(hmm);
- return NULL;
- }
-
spin_lock(&mm->page_table_lock);
if (!mm->hmm)
mm->hmm = hmm;
@@ -108,12 +98,27 @@ static struct hmm *hmm_register(struct m
cleanup = true;
spin_unlock(&mm->page_table_lock);
- if (cleanup) {
- mmu_notifier_unregister(&hmm->mmu_notifier, mm);
- kfree(hmm);
- }
+ if (cleanup)
+ goto error;
+
+ /*
+ * We should only get here if hold the mmap_sem in write mode ie on
+ * registration of first mirror through hmm_mirror_register()
+ */
+ hmm->mmu_notifier.ops = &hmm_mmu_notifier_ops;
+ if (__mmu_notifier_register(&hmm->mmu_notifier, mm))
+ goto error_mm;
return mm->hmm;
+
+error_mm:
+ spin_lock(&mm->page_table_lock);
+ if (mm->hmm == hmm)
+ mm->hmm = NULL;
+ spin_unlock(&mm->page_table_lock);
+error:
+ kfree(hmm);
+ return NULL;
}
void hmm_mm_destroy(struct mm_struct *mm)
@@ -278,12 +283,13 @@ void hmm_mirror_unregister(struct hmm_mi
if (!should_unregister || mm == NULL)
return;
+ mmu_notifier_unregister_no_release(&hmm->mmu_notifier, mm);
+
spin_lock(&mm->page_table_lock);
if (mm->hmm == hmm)
mm->hmm = NULL;
spin_unlock(&mm->page_table_lock);
- mmu_notifier_unregister_no_release(&hmm->mmu_notifier, mm);
kfree(hmm);
}
EXPORT_SYMBOL(hmm_mirror_unregister);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 255/361] KVM: arm/arm64: Ensure only THP is candidate for adjustment
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (253 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 254/361] mm/hmm: fix race between hmm_mirror_unregister() and mmu_notifier callback Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 256/361] KVM: arm64: Fix caching of host MDCR_EL2 value Greg Kroah-Hartman
` (108 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Punit Agrawal, Suzuki Poulose,
Christoffer Dall, Marc Zyngier
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Punit Agrawal <punit.agrawal@arm.com>
commit fd2ef358282c849c193aa36dadbf4f07f7dcd29b upstream.
PageTransCompoundMap() returns true for hugetlbfs and THP
hugepages. This behaviour incorrectly leads to stage 2 faults for
unsupported hugepage sizes (e.g., 64K hugepage with 4K pages) to be
treated as THP faults.
Tighten the check to filter out hugetlbfs pages. This also leads to
consistently mapping all unsupported hugepage sizes as PTE level
entries at stage 2.
Signed-off-by: Punit Agrawal <punit.agrawal@arm.com>
Reviewed-by: Suzuki Poulose <suzuki.poulose@arm.com>
Cc: Christoffer Dall <christoffer.dall@arm.com>
Cc: Marc Zyngier <marc.zyngier@arm.com>
Cc: stable@vger.kernel.org # v4.13+
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
virt/kvm/arm/mmu.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
--- a/virt/kvm/arm/mmu.c
+++ b/virt/kvm/arm/mmu.c
@@ -1230,8 +1230,14 @@ static bool transparent_hugepage_adjust(
{
kvm_pfn_t pfn = *pfnp;
gfn_t gfn = *ipap >> PAGE_SHIFT;
+ struct page *page = pfn_to_page(pfn);
- if (PageTransCompoundMap(pfn_to_page(pfn))) {
+ /*
+ * PageTransCompoungMap() returns true for THP and
+ * hugetlbfs. Make sure the adjustment is done only for THP
+ * pages.
+ */
+ if (!PageHuge(page) && PageTransCompoundMap(page)) {
unsigned long mask;
/*
* The address we faulted on is backed by a transparent huge
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 256/361] KVM: arm64: Fix caching of host MDCR_EL2 value
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (254 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 255/361] KVM: arm/arm64: Ensure only THP is candidate for adjustment Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 257/361] kbuild: fix kernel/bounds.c W=1 warning Greg Kroah-Hartman
` (107 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christopher Dall, James Morse,
Will Deacon, Robin Murphy, Mark Rutland, Marc Zyngier
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mark Rutland <mark.rutland@arm.com>
commit da5a3ce66b8bb51b0ea8a89f42aac153903f90fb upstream.
At boot time, KVM stashes the host MDCR_EL2 value, but only does this
when the kernel is not running in hyp mode (i.e. is non-VHE). In these
cases, the stashed value of MDCR_EL2.HPMN happens to be zero, which can
lead to CONSTRAINED UNPREDICTABLE behaviour.
Since we use this value to derive the MDCR_EL2 value when switching
to/from a guest, after a guest have been run, the performance counters
do not behave as expected. This has been observed to result in accesses
via PMXEVTYPER_EL0 and PMXEVCNTR_EL0 not affecting the relevant
counters, resulting in events not being counted. In these cases, only
the fixed-purpose cycle counter appears to work as expected.
Fix this by always stashing the host MDCR_EL2 value, regardless of VHE.
Cc: Christopher Dall <christoffer.dall@arm.com>
Cc: James Morse <james.morse@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: stable@vger.kernel.org
Fixes: 1e947bad0b63b351 ("arm64: KVM: Skip HYP setup when already running in HYP")
Tested-by: Robin Murphy <robin.murphy@arm.com>
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
virt/kvm/arm/arm.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/virt/kvm/arm/arm.c
+++ b/virt/kvm/arm/arm.c
@@ -1295,8 +1295,6 @@ static void cpu_init_hyp_mode(void *dumm
__cpu_init_hyp_mode(pgd_ptr, hyp_stack_ptr, vector_ptr);
__cpu_init_stage2();
-
- kvm_arm_init_debug();
}
static void cpu_hyp_reset(void)
@@ -1320,6 +1318,8 @@ static void cpu_hyp_reinit(void)
cpu_init_hyp_mode(NULL);
}
+ kvm_arm_init_debug();
+
if (vgic_present)
kvm_vgic_init_cpu_hardware();
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 257/361] kbuild: fix kernel/bounds.c W=1 warning
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (255 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 256/361] KVM: arm64: Fix caching of host MDCR_EL2 value Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 258/361] iio: ad5064: Fix regulator handling Greg Kroah-Hartman
` (106 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Kieran Bingham,
David Laight, Masahiro Yamada, Andrew Morton, Linus Torvalds
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arnd Bergmann <arnd@arndb.de>
commit 6a32c2469c3fbfee8f25bcd20af647326650a6cf upstream.
Building any configuration with 'make W=1' produces a warning:
kernel/bounds.c:16:6: warning: no previous prototype for 'foo' [-Wmissing-prototypes]
When also passing -Werror, this prevents us from building any other files.
Nobody ever calls the function, but we can't make it 'static' either
since we want the compiler output.
Calling it 'main' instead however avoids the warning, because gcc
does not insist on having a declaration for main.
Link: http://lkml.kernel.org/r/20181005083313.2088252-1-arnd@arndb.de
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Reported-by: Kieran Bingham <kieran.bingham+renesas@ideasonboard.com>
Reviewed-by: Kieran Bingham <kieran.bingham+renesas@ideasonboard.com>
Cc: David Laight <David.Laight@ACULAB.COM>
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/bounds.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/kernel/bounds.c
+++ b/kernel/bounds.c
@@ -13,7 +13,7 @@
#include <linux/log2.h>
#include <linux/spinlock_types.h>
-void foo(void)
+int main(void)
{
/* The enum constants to put into include/generated/bounds.h */
DEFINE(NR_PAGEFLAGS, __NR_PAGEFLAGS);
@@ -23,4 +23,6 @@ void foo(void)
#endif
DEFINE(SPINLOCK_SIZE, sizeof(spinlock_t));
/* End of constants */
+
+ return 0;
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 258/361] iio: ad5064: Fix regulator handling
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (256 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 257/361] kbuild: fix kernel/bounds.c W=1 warning Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 259/361] iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs() Greg Kroah-Hartman
` (105 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lars-Peter Clausen, Stable, Jonathan Cameron
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lars-Peter Clausen <lars@metafoo.de>
commit 8911a43bc198877fad9f4b0246a866b26bb547ab upstream.
The correct way to handle errors returned by regualtor_get() and friends is
to propagate the error since that means that an regulator was specified,
but something went wrong when requesting it.
For handling optional regulators, e.g. when the device has an internal
vref, regulator_get_optional() should be used to avoid getting the dummy
regulator that the regulator core otherwise provides.
Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/dac/ad5064.c | 53 +++++++++++++++++++++++++++++++++--------------
1 file changed, 38 insertions(+), 15 deletions(-)
--- a/drivers/iio/dac/ad5064.c
+++ b/drivers/iio/dac/ad5064.c
@@ -808,6 +808,40 @@ static int ad5064_set_config(struct ad50
return ad5064_write(st, cmd, 0, val, 0);
}
+static int ad5064_request_vref(struct ad5064_state *st, struct device *dev)
+{
+ unsigned int i;
+ int ret;
+
+ for (i = 0; i < ad5064_num_vref(st); ++i)
+ st->vref_reg[i].supply = ad5064_vref_name(st, i);
+
+ if (!st->chip_info->internal_vref)
+ return devm_regulator_bulk_get(dev, ad5064_num_vref(st),
+ st->vref_reg);
+
+ /*
+ * This assumes that when the regulator has an internal VREF
+ * there is only one external VREF connection, which is
+ * currently the case for all supported devices.
+ */
+ st->vref_reg[0].consumer = devm_regulator_get_optional(dev, "vref");
+ if (!IS_ERR(st->vref_reg[0].consumer))
+ return 0;
+
+ ret = PTR_ERR(st->vref_reg[0].consumer);
+ if (ret != -ENODEV)
+ return ret;
+
+ /* If no external regulator was supplied use the internal VREF */
+ st->use_internal_vref = true;
+ ret = ad5064_set_config(st, AD5064_CONFIG_INT_VREF_ENABLE);
+ if (ret)
+ dev_err(dev, "Failed to enable internal vref: %d\n", ret);
+
+ return ret;
+}
+
static int ad5064_probe(struct device *dev, enum ad5064_type type,
const char *name, ad5064_write_func write)
{
@@ -828,22 +862,11 @@ static int ad5064_probe(struct device *d
st->dev = dev;
st->write = write;
- for (i = 0; i < ad5064_num_vref(st); ++i)
- st->vref_reg[i].supply = ad5064_vref_name(st, i);
+ ret = ad5064_request_vref(st, dev);
+ if (ret)
+ return ret;
- ret = devm_regulator_bulk_get(dev, ad5064_num_vref(st),
- st->vref_reg);
- if (ret) {
- if (!st->chip_info->internal_vref)
- return ret;
- st->use_internal_vref = true;
- ret = ad5064_set_config(st, AD5064_CONFIG_INT_VREF_ENABLE);
- if (ret) {
- dev_err(dev, "Failed to enable internal vref: %d\n",
- ret);
- return ret;
- }
- } else {
+ if (!st->use_internal_vref) {
ret = regulator_bulk_enable(ad5064_num_vref(st), st->vref_reg);
if (ret)
return ret;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 259/361] iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs()
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (257 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 258/361] iio: ad5064: Fix regulator handling Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 260/361] iio: adc: at91: fix acking DRDY irq on simple conversions Greg Kroah-Hartman
` (104 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexey Khoroshilov, Stable, Jonathan Cameron
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexey Khoroshilov <khoroshilov@ispras.ru>
commit d3fa21c73c391975488818b085b894c2980ea052 upstream.
Leaving for_each_child_of_node loop we should release child device node,
if it is not stored for future use.
Found by Linux Driver Verification project (linuxtesting.org).
JC: I'm not sending this as a quick fix as it's been wrong for years,
but good to pick up for stable after the merge window.
Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Fixes: 6df2e98c3ea56 ("iio: adc: Add imx25-gcq ADC driver")
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/adc/fsl-imx25-gcq.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/drivers/iio/adc/fsl-imx25-gcq.c
+++ b/drivers/iio/adc/fsl-imx25-gcq.c
@@ -209,12 +209,14 @@ static int mx25_gcq_setup_cfgs(struct pl
ret = of_property_read_u32(child, "reg", ®);
if (ret) {
dev_err(dev, "Failed to get reg property\n");
+ of_node_put(child);
return ret;
}
if (reg >= MX25_NUM_CFGS) {
dev_err(dev,
"reg value is greater than the number of available configuration registers\n");
+ of_node_put(child);
return -EINVAL;
}
@@ -228,6 +230,7 @@ static int mx25_gcq_setup_cfgs(struct pl
if (IS_ERR(priv->vref[refp])) {
dev_err(dev, "Error, trying to use external voltage reference without a vref-%s regulator.",
mx25_gcq_refp_names[refp]);
+ of_node_put(child);
return PTR_ERR(priv->vref[refp]);
}
priv->channel_vref_mv[reg] =
@@ -240,6 +243,7 @@ static int mx25_gcq_setup_cfgs(struct pl
break;
default:
dev_err(dev, "Invalid positive reference %d\n", refp);
+ of_node_put(child);
return -EINVAL;
}
@@ -254,10 +258,12 @@ static int mx25_gcq_setup_cfgs(struct pl
if ((refp & MX25_ADCQ_CFG_REFP_MASK) != refp) {
dev_err(dev, "Invalid fsl,adc-refp property value\n");
+ of_node_put(child);
return -EINVAL;
}
if ((refn & MX25_ADCQ_CFG_REFN_MASK) != refn) {
dev_err(dev, "Invalid fsl,adc-refn property value\n");
+ of_node_put(child);
return -EINVAL;
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 260/361] iio: adc: at91: fix acking DRDY irq on simple conversions
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (258 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 259/361] iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs() Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 261/361] iio: adc: at91: fix wrong channel number in triggered buffer mode Greg Kroah-Hartman
` (103 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maxime Ripard, Eugen Hristev,
Ludovic Desroches, Stable, Jonathan Cameron
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eugen Hristev <eugen.hristev@microchip.com>
commit bc1b45326223e7e890053cf6266357adfa61942d upstream.
When doing simple conversions, the driver did not acknowledge the DRDY irq.
If this irq status is not acked, it will be left pending, and as soon as a
trigger is enabled, the irq handler will be called, it doesn't know why
this status has occurred because no channel is pending, and then it will go
int a irq loop and board will hang.
To avoid this situation, read the LCDR after a raw conversion is done.
Fixes: 0e589d5fb ("ARM: AT91: IIO: Add AT91 ADC driver.")
Cc: Maxime Ripard <maxime.ripard@bootlin.com>
Signed-off-by: Eugen Hristev <eugen.hristev@microchip.com>
Acked-by: Ludovic Desroches <ludovic.desroches@microchip.com>
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/adc/at91_adc.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/iio/adc/at91_adc.c
+++ b/drivers/iio/adc/at91_adc.c
@@ -279,6 +279,8 @@ static void handle_adc_eoc_trigger(int i
iio_trigger_poll(idev->trig);
} else {
st->last_value = at91_adc_readl(st, AT91_ADC_CHAN(st, st->chnb));
+ /* Needed to ACK the DRDY interruption */
+ at91_adc_readl(st, AT91_ADC_LCDR);
st->done = true;
wake_up_interruptible(&st->wq_data_avail);
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 261/361] iio: adc: at91: fix wrong channel number in triggered buffer mode
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (259 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 260/361] iio: adc: at91: fix acking DRDY irq on simple conversions Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 262/361] w1: omap-hdq: fix missing bus unregister at removal Greg Kroah-Hartman
` (102 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maxime Ripard, Eugen Hristev,
Ludovic Desroches, Stable, Jonathan Cameron
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eugen Hristev <eugen.hristev@microchip.com>
commit aea835f2dc8a682942b859179c49ad1841a6c8b9 upstream.
When channels are registered, the hardware channel number is not the
actual iio channel number.
This is because the driver is probed with a certain number of accessible
channels. Some pins are routed and some not, depending on the description of
the board in the DT.
Because of that, channels 0,1,2,3 can correspond to hardware channels
2,3,4,5 for example.
In the buffered triggered case, we need to do the translation accordingly.
Fixed the channel number to stop reading the wrong channel.
Fixes: 0e589d5fb ("ARM: AT91: IIO: Add AT91 ADC driver.")
Cc: Maxime Ripard <maxime.ripard@bootlin.com>
Signed-off-by: Eugen Hristev <eugen.hristev@microchip.com>
Acked-by: Ludovic Desroches <ludovic.desroches@microchip.com>
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/adc/at91_adc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/iio/adc/at91_adc.c
+++ b/drivers/iio/adc/at91_adc.c
@@ -248,12 +248,14 @@ static irqreturn_t at91_adc_trigger_hand
struct iio_poll_func *pf = p;
struct iio_dev *idev = pf->indio_dev;
struct at91_adc_state *st = iio_priv(idev);
+ struct iio_chan_spec const *chan;
int i, j = 0;
for (i = 0; i < idev->masklength; i++) {
if (!test_bit(i, idev->active_scan_mask))
continue;
- st->buffer[j] = at91_adc_readl(st, AT91_ADC_CHAN(st, i));
+ chan = idev->channels + i;
+ st->buffer[j] = at91_adc_readl(st, AT91_ADC_CHAN(st, chan->channel));
j++;
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 262/361] w1: omap-hdq: fix missing bus unregister at removal
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (260 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 261/361] iio: adc: at91: fix wrong channel number in triggered buffer mode Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 263/361] smb3: allow stats which track session and share reconnects to be reset Greg Kroah-Hartman
` (101 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Andreas Kemnade
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andreas Kemnade <andreas@kemnade.info>
commit a007734618fee1bf35556c04fa498d41d42c7301 upstream.
The bus master was not removed after unloading the module
or unbinding the driver. That lead to oopses like this
[ 127.842987] Unable to handle kernel paging request at virtual address bf01d04c
[ 127.850646] pgd = 70e3cd9a
[ 127.853698] [bf01d04c] *pgd=8f908811, *pte=00000000, *ppte=00000000
[ 127.860412] Internal error: Oops: 80000007 [#1] PREEMPT SMP ARM
[ 127.866668] Modules linked in: bq27xxx_battery overlay [last unloaded: omap_hdq]
[ 127.874542] CPU: 0 PID: 1022 Comm: w1_bus_master1 Not tainted 4.19.0-rc4-00001-g2d51da718324 #12
[ 127.883819] Hardware name: Generic OMAP36xx (Flattened Device Tree)
[ 127.890441] PC is at 0xbf01d04c
[ 127.893798] LR is at w1_search_process_cb+0x4c/0xfc
[ 127.898956] pc : [<bf01d04c>] lr : [<c05f9580>] psr: a0070013
[ 127.905609] sp : cf885f48 ip : bf01d04c fp : ddf1e11c
[ 127.911132] r10: cf8fe040 r9 : c05f8d00 r8 : cf8fe040
[ 127.916656] r7 : 000000f0 r6 : cf8fe02c r5 : cf8fe000 r4 : cf8fe01c
[ 127.923553] r3 : c05f8d00 r2 : 000000f0 r1 : cf8fe000 r0 : dde1ef10
[ 127.930450] Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
[ 127.938018] Control: 10c5387d Table: 8f8f0019 DAC: 00000051
[ 127.944091] Process w1_bus_master1 (pid: 1022, stack limit = 0x9135699f)
[ 127.951171] Stack: (0xcf885f48 to 0xcf886000)
[ 127.955810] 5f40: cf8fe000 00000000 cf884000 cf8fe090 000003e8 c05f8d00
[ 127.964477] 5f60: dde5fc34 c05f9700 ddf1e100 ddf1e540 cf884000 cf8fe000 c05f9694 00000000
[ 127.973114] 5f80: dde5fc34 c01499a4 00000000 ddf1e540 c0149874 00000000 00000000 00000000
[ 127.981781] 5fa0: 00000000 00000000 00000000 c01010e8 00000000 00000000 00000000 00000000
[ 127.990447] 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 127.999114] 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000
[ 128.007781] [<c05f9580>] (w1_search_process_cb) from [<c05f9700>] (w1_process+0x6c/0x118)
[ 128.016479] [<c05f9700>] (w1_process) from [<c01499a4>] (kthread+0x130/0x148)
[ 128.024047] [<c01499a4>] (kthread) from [<c01010e8>] (ret_from_fork+0x14/0x2c)
[ 128.031677] Exception stack(0xcf885fb0 to 0xcf885ff8)
[ 128.037017] 5fa0: 00000000 00000000 00000000 00000000
[ 128.045684] 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 128.054351] 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000
[ 128.061340] Code: bad PC value
[ 128.064697] ---[ end trace af066e33c0e14119 ]---
Cc: <stable@vger.kernel.org>
Signed-off-by: Andreas Kemnade <andreas@kemnade.info>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/w1/masters/omap_hdq.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/w1/masters/omap_hdq.c
+++ b/drivers/w1/masters/omap_hdq.c
@@ -763,6 +763,8 @@ static int omap_hdq_remove(struct platfo
/* remove module dependency */
pm_runtime_disable(&pdev->dev);
+ w1_remove_master_device(&omap_w1_master);
+
return 0;
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 263/361] smb3: allow stats which track session and share reconnects to be reset
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (261 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 262/361] w1: omap-hdq: fix missing bus unregister at removal Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 264/361] smb3: do not attempt cifs operation in smb3 query info error path Greg Kroah-Hartman
` (100 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Steve French, Aurelien Aptel
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Steve French <stfrench@microsoft.com>
commit 2c887635cd6ab3af619dc2be94e5bf8f2e172b78 upstream.
Currently, "echo 0 > /proc/fs/cifs/Stats" resets all of the stats
except the session and share reconnect counts. Fix it to
reset those as well.
CC: Stable <stable@vger.kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/cifs_debug.c | 3 +++
1 file changed, 3 insertions(+)
--- a/fs/cifs/cifs_debug.c
+++ b/fs/cifs/cifs_debug.c
@@ -383,6 +383,9 @@ static ssize_t cifs_stats_proc_write(str
atomic_set(&totBufAllocCount, 0);
atomic_set(&totSmBufAllocCount, 0);
#endif /* CONFIG_CIFS_STATS2 */
+ atomic_set(&tcpSesReconnectCount, 0);
+ atomic_set(&tconInfoReconnectCount, 0);
+
spin_lock(&GlobalMid_Lock);
GlobalMaxActiveXid = 0;
GlobalCurrentXid = 0;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 264/361] smb3: do not attempt cifs operation in smb3 query info error path
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (262 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 263/361] smb3: allow stats which track session and share reconnects to be reset Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 265/361] smb3: on kerberos mount if server doesnt specify auth type use krb5 Greg Kroah-Hartman
` (99 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Steve French, Ronnie Sahlberg
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Steve French <stfrench@microsoft.com>
commit 1e77a8c204c9d1b655c61751b8ad0fde22421dbb upstream.
If backupuid mount option is sent, we can incorrectly retry
(on access denied on query info) with a cifs (FindFirst) operation
on an smb3 mount which causes the server to force the session close.
We set backup intent on open so no need for this fallback.
See kernel bugzilla 201435
Signed-off-by: Steve French <stfrench@microsoft.com>
CC: Stable <stable@vger.kernel.org>
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/inode.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
--- a/fs/cifs/inode.c
+++ b/fs/cifs/inode.c
@@ -777,7 +777,15 @@ cifs_get_inode_info(struct inode **inode
} else if (rc == -EREMOTE) {
cifs_create_dfs_fattr(&fattr, sb);
rc = 0;
- } else if (rc == -EACCES && backup_cred(cifs_sb)) {
+ } else if ((rc == -EACCES) && backup_cred(cifs_sb) &&
+ (strcmp(server->vals->version_string, SMB1_VERSION_STRING)
+ == 0)) {
+ /*
+ * For SMB2 and later the backup intent flag is already
+ * sent if needed on open and there is no path based
+ * FindFirst operation to use to retry with
+ */
+
srchinf = kzalloc(sizeof(struct cifs_search_info),
GFP_KERNEL);
if (srchinf == NULL) {
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 265/361] smb3: on kerberos mount if server doesnt specify auth type use krb5
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (263 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 264/361] smb3: do not attempt cifs operation in smb3 query info error path Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 266/361] printk: Fix panic caused by passing log_buf_len to command line Greg Kroah-Hartman
` (98 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Steve French, Ronnie Sahlberg
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Steve French <stfrench@microsoft.com>
commit 926674de6705f0f1dbf29a62fd758d0977f535d6 upstream.
Some servers (e.g. Azure) do not include a spnego blob in the SMB3
negotiate protocol response, so on kerberos mounts ("sec=krb5")
we can fail, as we expected the server to list its supported
auth types (OIDs in the spnego blob in the negprot response).
Change this so that on krb5 mounts we default to trying krb5 if the
server doesn't list its supported protocol mechanisms.
Signed-off-by: Steve French <stfrench@microsoft.com>
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
CC: Stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/cifs_spnego.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/fs/cifs/cifs_spnego.c
+++ b/fs/cifs/cifs_spnego.c
@@ -147,8 +147,10 @@ cifs_get_spnego_key(struct cifs_ses *ses
sprintf(dp, ";sec=krb5");
else if (server->sec_mskerberos)
sprintf(dp, ";sec=mskrb5");
- else
- goto out;
+ else {
+ cifs_dbg(VFS, "unknown or missing server auth type, use krb5\n");
+ sprintf(dp, ";sec=krb5");
+ }
dp = description + strlen(description);
sprintf(dp, ";uid=0x%x",
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 266/361] printk: Fix panic caused by passing log_buf_len to command line
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (264 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 265/361] smb3: on kerberos mount if server doesnt specify auth type use krb5 Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 267/361] genirq: Fix race on spurious interrupt detection Greg Kroah-Hartman
` (97 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, rostedt, He Zhe, Sergey Senozhatsky,
Petr Mladek
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: He Zhe <zhe.he@windriver.com>
commit 277fcdb2cfee38ccdbe07e705dbd4896ba0c9930 upstream.
log_buf_len_setup does not check input argument before passing it to
simple_strtoull. The argument would be a NULL pointer if "log_buf_len",
without its value, is set in command line and thus causes the following
panic.
PANIC: early exception 0xe3 IP 10:ffffffffaaeacd0d error 0 cr2 0x0
[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 4.19.0-rc4-yocto-standard+ #1
[ 0.000000] RIP: 0010:_parse_integer_fixup_radix+0xd/0x70
...
[ 0.000000] Call Trace:
[ 0.000000] simple_strtoull+0x29/0x70
[ 0.000000] memparse+0x26/0x90
[ 0.000000] log_buf_len_setup+0x17/0x22
[ 0.000000] do_early_param+0x57/0x8e
[ 0.000000] parse_args+0x208/0x320
[ 0.000000] ? rdinit_setup+0x30/0x30
[ 0.000000] parse_early_options+0x29/0x2d
[ 0.000000] ? rdinit_setup+0x30/0x30
[ 0.000000] parse_early_param+0x36/0x4d
[ 0.000000] setup_arch+0x336/0x99e
[ 0.000000] start_kernel+0x6f/0x4ee
[ 0.000000] x86_64_start_reservations+0x24/0x26
[ 0.000000] x86_64_start_kernel+0x6f/0x72
[ 0.000000] secondary_startup_64+0xa4/0xb0
This patch adds a check to prevent the panic.
Link: http://lkml.kernel.org/r/1538239553-81805-1-git-send-email-zhe.he@windriver.com
Cc: stable@vger.kernel.org
Cc: rostedt@goodmis.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: He Zhe <zhe.he@windriver.com>
Reviewed-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Signed-off-by: Petr Mladek <pmladek@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/printk/printk.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- a/kernel/printk/printk.c
+++ b/kernel/printk/printk.c
@@ -1048,7 +1048,12 @@ static void __init log_buf_len_update(un
/* save requested log_buf_len since it's too early to process it */
static int __init log_buf_len_setup(char *str)
{
- unsigned size = memparse(str, &str);
+ unsigned int size;
+
+ if (!str)
+ return -EINVAL;
+
+ size = memparse(str, &str);
log_buf_len_update(size);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 267/361] genirq: Fix race on spurious interrupt detection
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (265 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 266/361] printk: Fix panic caused by passing log_buf_len to command line Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 268/361] tpm: fix response size validation in tpm_get_random() Greg Kroah-Hartman
` (96 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lukas Wunner, Thomas Gleixner,
Mathias Duckeck, Akshay Bhat, Casey Fitzpatrick
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lukas Wunner <lukas@wunner.de>
commit 746a923b863a1065ef77324e1e43f19b1a3eab5c upstream.
Commit 1e77d0a1ed74 ("genirq: Sanitize spurious interrupt detection of
threaded irqs") made detection of spurious interrupts work for threaded
handlers by:
a) incrementing a counter every time the thread returns IRQ_HANDLED, and
b) checking whether that counter has increased every time the thread is
woken.
However for oneshot interrupts, the commit unmasks the interrupt before
incrementing the counter. If another interrupt occurs right after
unmasking but before the counter is incremented, that interrupt is
incorrectly considered spurious:
time
| irq_thread()
| irq_thread_fn()
| action->thread_fn()
| irq_finalize_oneshot()
| unmask_threaded_irq() /* interrupt is unmasked */
|
| /* interrupt fires, incorrectly deemed spurious */
|
| atomic_inc(&desc->threads_handled); /* counter is incremented */
v
This is observed with a hi3110 CAN controller receiving data at high volume
(from a separate machine sending with "cangen -g 0 -i -x"): The controller
signals a huge number of interrupts (hundreds of millions per day) and
every second there are about a dozen which are deemed spurious.
In theory with high CPU load and the presence of higher priority tasks, the
number of incorrectly detected spurious interrupts might increase beyond
the 99,900 threshold and cause disablement of the interrupt.
In practice it just increments the spurious interrupt count. But that can
cause people to waste time investigating it over and over.
Fix it by moving the accounting before the invocation of
irq_finalize_oneshot().
[ tglx: Folded change log update ]
Fixes: 1e77d0a1ed74 ("genirq: Sanitize spurious interrupt detection of threaded irqs")
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Mathias Duckeck <m.duckeck@kunbus.de>
Cc: Akshay Bhat <akshay.bhat@timesys.com>
Cc: Casey Fitzpatrick <casey.fitzpatrick@timesys.com>
Cc: stable@vger.kernel.org # v3.16+
Link: https://lkml.kernel.org/r/1dfd8bbd16163940648045495e3e9698e63b50ad.1539867047.git.lukas@wunner.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/irq/manage.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/kernel/irq/manage.c
+++ b/kernel/irq/manage.c
@@ -927,6 +927,9 @@ irq_forced_thread_fn(struct irq_desc *de
local_bh_disable();
ret = action->thread_fn(action->irq, action->dev_id);
+ if (ret == IRQ_HANDLED)
+ atomic_inc(&desc->threads_handled);
+
irq_finalize_oneshot(desc, action);
local_bh_enable();
return ret;
@@ -943,6 +946,9 @@ static irqreturn_t irq_thread_fn(struct
irqreturn_t ret;
ret = action->thread_fn(action->irq, action->dev_id);
+ if (ret == IRQ_HANDLED)
+ atomic_inc(&desc->threads_handled);
+
irq_finalize_oneshot(desc, action);
return ret;
}
@@ -1020,8 +1026,6 @@ static int irq_thread(void *data)
irq_thread_check_affinity(desc, action);
action_ret = handler_fn(desc, action);
- if (action_ret == IRQ_HANDLED)
- atomic_inc(&desc->threads_handled);
if (action_ret == IRQ_WAKE_THREAD)
irq_wake_secondary(desc, action);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 268/361] tpm: fix response size validation in tpm_get_random()
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (266 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 267/361] genirq: Fix race on spurious interrupt detection Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 269/361] NFC: nfcmrvl_uart: fix OF child-node lookup Greg Kroah-Hartman
` (95 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jarkko Sakkinen
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
commit 84b59f6487d82d3ab4247a099aba66d4d17e8b08 upstream.
When checking whether the response is large enough to be able to contain
the received random bytes in tpm_get_random() and tpm2_get_random(),
they fail to take account the header size, which should be added to the
minimum size. This commit fixes this issue.
Cc: stable@vger.kernel.org
Fixes: c659af78eb7b ("tpm: Check size of response before accessing data")
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/char/tpm/tpm-interface.c | 3 ++-
drivers/char/tpm/tpm2-cmd.c | 4 +++-
2 files changed, 5 insertions(+), 2 deletions(-)
--- a/drivers/char/tpm/tpm-interface.c
+++ b/drivers/char/tpm/tpm-interface.c
@@ -1322,7 +1322,8 @@ int tpm_get_random(struct tpm_chip *chip
}
rlength = be32_to_cpu(tpm_cmd.header.out.length);
- if (rlength < offsetof(struct tpm_getrandom_out, rng_data) +
+ if (rlength < TPM_HEADER_SIZE +
+ offsetof(struct tpm_getrandom_out, rng_data) +
recd) {
total = -EFAULT;
break;
--- a/drivers/char/tpm/tpm2-cmd.c
+++ b/drivers/char/tpm/tpm2-cmd.c
@@ -329,7 +329,9 @@ int tpm2_get_random(struct tpm_chip *chi
&buf.data[TPM_HEADER_SIZE];
recd = min_t(u32, be16_to_cpu(out->size), num_bytes);
if (tpm_buf_length(&buf) <
- offsetof(struct tpm2_get_random_out, buffer) + recd) {
+ TPM_HEADER_SIZE +
+ offsetof(struct tpm2_get_random_out, buffer) +
+ recd) {
err = -EFAULT;
goto out;
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 269/361] NFC: nfcmrvl_uart: fix OF child-node lookup
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (267 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 268/361] tpm: fix response size validation in tpm_get_random() Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 270/361] NFSv4.1: Fix the r/wsize checking Greg Kroah-Hartman
` (94 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vincent Cuissard, Samuel Ortiz,
Johan Hovold, Rob Herring
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johan Hovold <johan@kernel.org>
commit 5bf59773aaf36dd62117dc83d50e1bbf9ef432da upstream.
Use the new of_get_compatible_child() helper to lookup the nfc child
node instead of using of_find_compatible_node(), which searches the
entire tree from a given start node and thus can return an unrelated
(i.e. non-child) node.
This also addresses a potential use-after-free (e.g. after probe
deferral) as the tree-wide helper drops a reference to its first
argument (i.e. the parent node).
Fixes: e097dc624f78 ("NFC: nfcmrvl: add UART driver")
Fixes: d8e018c0b321 ("NFC: nfcmrvl: update device tree bindings for Marvell NFC")
Cc: stable <stable@vger.kernel.org> # 4.2
Cc: Vincent Cuissard <cuissard@marvell.com>
Cc: Samuel Ortiz <sameo@linux.intel.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/nfc/nfcmrvl/uart.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
--- a/drivers/nfc/nfcmrvl/uart.c
+++ b/drivers/nfc/nfcmrvl/uart.c
@@ -73,10 +73,9 @@ static int nfcmrvl_uart_parse_dt(struct
struct device_node *matched_node;
int ret;
- matched_node = of_find_compatible_node(node, NULL, "marvell,nfc-uart");
+ matched_node = of_get_compatible_child(node, "marvell,nfc-uart");
if (!matched_node) {
- matched_node = of_find_compatible_node(node, NULL,
- "mrvl,nfc-uart");
+ matched_node = of_get_compatible_child(node, "mrvl,nfc-uart");
if (!matched_node)
return -ENODEV;
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 270/361] NFSv4.1: Fix the r/wsize checking
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (268 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 269/361] NFC: nfcmrvl_uart: fix OF child-node lookup Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 271/361] nfs: Fix a missed page unlock after pg_doio() Greg Kroah-Hartman
` (93 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Trond Myklebust
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Trond Myklebust <trond.myklebust@hammerspace.com>
commit 943cff67b842839f4f35364ba2db5c2d3f025d94 upstream.
The intention of nfs4_session_set_rwsize() was to cap the r/wsize to the
buffer sizes negotiated by the CREATE_SESSION. The initial code had a
bug whereby we would not check the values negotiated by nfs_probe_fsinfo()
(the assumption being that CREATE_SESSION will always negotiate buffer values
that are sane w.r.t. the server's preferred r/wsizes) but would only check
values set by the user in the 'mount' command.
The code was changed in 4.11 to _always_ set the r/wsize, meaning that we
now never use the server preferred r/wsizes. This is the regression that
this patch fixes.
Also rename the function to nfs4_session_limit_rwsize() in order to avoid
future confusion.
Fixes: 033853325fe3 (NFSv4.1 respect server's max size in CREATE_SESSION")
Cc: stable@vger.kernel.org # v4.11+
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfs/nfs4client.c | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
--- a/fs/nfs/nfs4client.c
+++ b/fs/nfs/nfs4client.c
@@ -950,10 +950,10 @@ EXPORT_SYMBOL_GPL(nfs4_set_ds_client);
/*
* Session has been established, and the client marked ready.
- * Set the mount rsize and wsize with negotiated fore channel
- * attributes which will be bound checked in nfs_server_set_fsinfo.
+ * Limit the mount rsize, wsize and dtsize using negotiated fore
+ * channel attributes.
*/
-static void nfs4_session_set_rwsize(struct nfs_server *server)
+static void nfs4_session_limit_rwsize(struct nfs_server *server)
{
#ifdef CONFIG_NFS_V4_1
struct nfs4_session *sess;
@@ -966,9 +966,11 @@ static void nfs4_session_set_rwsize(stru
server_resp_sz = sess->fc_attrs.max_resp_sz - nfs41_maxread_overhead;
server_rqst_sz = sess->fc_attrs.max_rqst_sz - nfs41_maxwrite_overhead;
- if (!server->rsize || server->rsize > server_resp_sz)
+ if (server->dtsize > server_resp_sz)
+ server->dtsize = server_resp_sz;
+ if (server->rsize > server_resp_sz)
server->rsize = server_resp_sz;
- if (!server->wsize || server->wsize > server_rqst_sz)
+ if (server->wsize > server_rqst_sz)
server->wsize = server_rqst_sz;
#endif /* CONFIG_NFS_V4_1 */
}
@@ -1015,12 +1017,12 @@ static int nfs4_server_common_setup(stru
(unsigned long long) server->fsid.minor);
nfs_display_fhandle(mntfh, "Pseudo-fs root FH");
- nfs4_session_set_rwsize(server);
-
error = nfs_probe_fsinfo(server, mntfh, fattr);
if (error < 0)
goto out;
+ nfs4_session_limit_rwsize(server);
+
if (server->namelen == 0 || server->namelen > NFS4_MAXNAMLEN)
server->namelen = NFS4_MAXNAMLEN;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 271/361] nfs: Fix a missed page unlock after pg_doio()
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (269 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 270/361] NFSv4.1: Fix the r/wsize checking Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 272/361] nfsd: correctly decrement odstate refcount in error path Greg Kroah-Hartman
` (92 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Benjamin Coddington, Trond Myklebust
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Benjamin Coddington <bcodding@redhat.com>
commit fdbd1a2e4a71adcb1ae219fcfd964930d77a7f84 upstream.
We must check pg_error and call error_cleanup after any call to pg_doio.
Currently, we are skipping the unlock of a page if we encounter an error in
nfs_pageio_complete() before handing off the work to the RPC layer.
Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfs/pagelist.c | 40 +++++++++++++++++++++-------------------
1 file changed, 21 insertions(+), 19 deletions(-)
--- a/fs/nfs/pagelist.c
+++ b/fs/nfs/pagelist.c
@@ -1111,6 +1111,20 @@ static int nfs_pageio_add_request_mirror
return ret;
}
+static void nfs_pageio_error_cleanup(struct nfs_pageio_descriptor *desc)
+{
+ u32 midx;
+ struct nfs_pgio_mirror *mirror;
+
+ if (!desc->pg_error)
+ return;
+
+ for (midx = 0; midx < desc->pg_mirror_count; midx++) {
+ mirror = &desc->pg_mirrors[midx];
+ desc->pg_completion_ops->error_cleanup(&mirror->pg_list);
+ }
+}
+
int nfs_pageio_add_request(struct nfs_pageio_descriptor *desc,
struct nfs_page *req)
{
@@ -1161,25 +1175,11 @@ int nfs_pageio_add_request(struct nfs_pa
return 1;
out_failed:
- /*
- * We might have failed before sending any reqs over wire.
- * Clean up rest of the reqs in mirror pg_list.
- */
- if (desc->pg_error) {
- struct nfs_pgio_mirror *mirror;
- void (*func)(struct list_head *);
-
- /* remember fatal errors */
- if (nfs_error_is_fatal(desc->pg_error))
- nfs_context_set_write_error(req->wb_context,
- desc->pg_error);
-
- func = desc->pg_completion_ops->error_cleanup;
- for (midx = 0; midx < desc->pg_mirror_count; midx++) {
- mirror = &desc->pg_mirrors[midx];
- func(&mirror->pg_list);
- }
- }
+ /* remember fatal errors */
+ if (nfs_error_is_fatal(desc->pg_error))
+ nfs_context_set_write_error(req->wb_context,
+ desc->pg_error);
+ nfs_pageio_error_cleanup(desc);
return 0;
}
@@ -1251,6 +1251,8 @@ void nfs_pageio_complete(struct nfs_page
for (midx = 0; midx < desc->pg_mirror_count; midx++)
nfs_pageio_complete_mirror(desc, midx);
+ if (desc->pg_error < 0)
+ nfs_pageio_error_cleanup(desc);
if (desc->pg_ops->pg_cleanup)
desc->pg_ops->pg_cleanup(desc);
nfs_pageio_cleanup_mirroring(desc);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 272/361] nfsd: correctly decrement odstate refcount in error path
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (270 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 271/361] nfs: Fix a missed page unlock after pg_doio() Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 273/361] nfsd: Fix an Oops in free_session() Greg Kroah-Hartman
` (91 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andrew Elble, Jeff Layton, J. Bruce Fields
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andrew Elble <aweits@rit.edu>
commit bd8d725078867cda250fe94b9c5a067b4a64ca74 upstream.
alloc_init_deleg() both allocates an nfs4_delegation, and
bumps the refcount on odstate. So after this point, we need to
put_clnt_odstate() and nfs4_put_stid() to not leave the odstate
refcount inappropriately bumped.
Signed-off-by: Andrew Elble <aweits@rit.edu>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfsd/nfs4state.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -4364,7 +4364,7 @@ nfs4_set_delegation(struct nfs4_client *
fl = nfs4_alloc_init_lease(dp, NFS4_OPEN_DELEGATE_READ);
if (!fl)
- goto out_stid;
+ goto out_clnt_odstate;
status = vfs_setlease(fp->fi_deleg_file, fl->fl_type, &fl, NULL);
if (fl)
@@ -4389,7 +4389,6 @@ out_unlock:
vfs_setlease(fp->fi_deleg_file, F_UNLCK, NULL, (void **)&dp);
out_clnt_odstate:
put_clnt_odstate(dp->dl_clnt_odstate);
-out_stid:
nfs4_put_stid(&dp->dl_stid);
out_delegees:
put_deleg_file(fp);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 273/361] nfsd: Fix an Oops in free_session()
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (271 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 272/361] nfsd: correctly decrement odstate refcount in error path Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 274/361] lockd: fix access beyond unterminated strings in prints Greg Kroah-Hartman
` (90 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Trond Myklebust, J. Bruce Fields
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Trond Myklebust <trondmy@gmail.com>
commit bb6ad5572c0022e17e846b382d7413cdcf8055be upstream.
In call_xpt_users(), we delete the entry from the list, but we
do not reinitialise it. This triggers the list poisoning when
we later call unregister_xpt_user() in nfsd4_del_conns().
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Cc: stable@vger.kernel.org
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sunrpc/svc_xprt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/sunrpc/svc_xprt.c
+++ b/net/sunrpc/svc_xprt.c
@@ -989,7 +989,7 @@ static void call_xpt_users(struct svc_xp
spin_lock(&xprt->xpt_lock);
while (!list_empty(&xprt->xpt_users)) {
u = list_first_entry(&xprt->xpt_users, struct svc_xpt_user, list);
- list_del(&u->list);
+ list_del_init(&u->list);
u->callback(u);
}
spin_unlock(&xprt->xpt_lock);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 274/361] lockd: fix access beyond unterminated strings in prints
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (272 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 273/361] nfsd: Fix an Oops in free_session() Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 275/361] dm ioctl: harden copy_params()s copy_from_user() from malicious users Greg Kroah-Hartman
` (89 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Amir Goldstein, J. Bruce Fields
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Amir Goldstein <amir73il@gmail.com>
commit 93f38b6fae0ea8987e22d9e6c38f8dfdccd867ee upstream.
printk format used %*s instead of %.*s, so hostname_len does not limit
the number of bytes accessed from hostname.
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/lockd/host.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/lockd/host.c
+++ b/fs/lockd/host.c
@@ -341,7 +341,7 @@ struct nlm_host *nlmsvc_lookup_host(cons
};
struct lockd_net *ln = net_generic(net, lockd_net_id);
- dprintk("lockd: %s(host='%*s', vers=%u, proto=%s)\n", __func__,
+ dprintk("lockd: %s(host='%.*s', vers=%u, proto=%s)\n", __func__,
(int)hostname_len, hostname, rqstp->rq_vers,
(rqstp->rq_prot == IPPROTO_UDP ? "udp" : "tcp"));
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 275/361] dm ioctl: harden copy_params()s copy_from_user() from malicious users
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (273 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 274/361] lockd: fix access beyond unterminated strings in prints Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 276/361] dm zoned: fix metadata block ref counting Greg Kroah-Hartman
` (88 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Wenwen Wang, Mike Snitzer
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Wenwen Wang <wang6495@umn.edu>
commit 800a7340ab7dd667edf95e74d8e4f23a17e87076 upstream.
In copy_params(), the struct 'dm_ioctl' is first copied from the user
space buffer 'user' to 'param_kernel' and the field 'data_size' is
checked against 'minimum_data_size' (size of 'struct dm_ioctl' payload
up to its 'data' member). If the check fails, an error code EINVAL will be
returned. Otherwise, param_kernel->data_size is used to do a second copy,
which copies from the same user-space buffer to 'dmi'. After the second
copy, only 'dmi->data_size' is checked against 'param_kernel->data_size'.
Given that the buffer 'user' resides in the user space, a malicious
user-space process can race to change the content in the buffer between
the two copies. This way, the attacker can inject inconsistent data
into 'dmi' (versus previously validated 'param_kernel').
Fix redundant copying of 'minimum_data_size' from user-space buffer by
using the first copy stored in 'param_kernel'. Also remove the
'data_size' check after the second copy because it is now unnecessary.
Cc: stable@vger.kernel.org
Signed-off-by: Wenwen Wang <wang6495@umn.edu>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/dm-ioctl.c | 18 ++++++------------
1 file changed, 6 insertions(+), 12 deletions(-)
--- a/drivers/md/dm-ioctl.c
+++ b/drivers/md/dm-ioctl.c
@@ -1720,8 +1720,7 @@ static void free_params(struct dm_ioctl
}
static int copy_params(struct dm_ioctl __user *user, struct dm_ioctl *param_kernel,
- int ioctl_flags,
- struct dm_ioctl **param, int *param_flags)
+ int ioctl_flags, struct dm_ioctl **param, int *param_flags)
{
struct dm_ioctl *dmi;
int secure_data;
@@ -1762,18 +1761,13 @@ static int copy_params(struct dm_ioctl _
*param_flags |= DM_PARAMS_MALLOC;
- if (copy_from_user(dmi, user, param_kernel->data_size))
- goto bad;
+ /* Copy from param_kernel (which was already copied from user) */
+ memcpy(dmi, param_kernel, minimum_data_size);
-data_copied:
- /*
- * Abort if something changed the ioctl data while it was being copied.
- */
- if (dmi->data_size != param_kernel->data_size) {
- DMERR("rejecting ioctl: data size modified while processing parameters");
+ if (copy_from_user(&dmi->data, (char __user *)user + minimum_data_size,
+ param_kernel->data_size - minimum_data_size))
goto bad;
- }
-
+data_copied:
/* Wipe the user buffer so we do not return it to userspace */
if (secure_data && clear_user(user, param_kernel->data_size))
goto bad;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 276/361] dm zoned: fix metadata block ref counting
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (274 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 275/361] dm ioctl: harden copy_params()s copy_from_user() from malicious users Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 277/361] dm zoned: fix various dmz_get_mblock() issues Greg Kroah-Hartman
` (87 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Damien Le Moal, Mike Snitzer
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Damien Le Moal <damien.lemoal@wdc.com>
commit 33c2865f8d011a2ca9f67124ddab9dc89382e9f1 upstream.
Since the ref field of struct dmz_mblock is always used with the
spinlock of struct dmz_metadata locked, there is no need to use an
atomic_t type. Change the type of the ref field to an unsigne
integer.
Fixes: 3b1a94c88b79 ("dm zoned: drive-managed zoned block device target")
Cc: stable@vger.kernel.org
Signed-off-by: Damien Le Moal <damien.lemoal@wdc.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/dm-zoned-metadata.c | 20 +++++++++++---------
1 file changed, 11 insertions(+), 9 deletions(-)
--- a/drivers/md/dm-zoned-metadata.c
+++ b/drivers/md/dm-zoned-metadata.c
@@ -99,7 +99,7 @@ struct dmz_mblock {
struct rb_node node;
struct list_head link;
sector_t no;
- atomic_t ref;
+ unsigned int ref;
unsigned long state;
struct page *page;
void *data;
@@ -296,7 +296,7 @@ static struct dmz_mblock *dmz_alloc_mblo
RB_CLEAR_NODE(&mblk->node);
INIT_LIST_HEAD(&mblk->link);
- atomic_set(&mblk->ref, 0);
+ mblk->ref = 0;
mblk->state = 0;
mblk->no = mblk_no;
mblk->data = page_address(mblk->page);
@@ -397,7 +397,7 @@ static struct dmz_mblock *dmz_fetch_mblo
return NULL;
spin_lock(&zmd->mblk_lock);
- atomic_inc(&mblk->ref);
+ mblk->ref++;
set_bit(DMZ_META_READING, &mblk->state);
dmz_insert_mblock(zmd, mblk);
spin_unlock(&zmd->mblk_lock);
@@ -484,7 +484,8 @@ static void dmz_release_mblock(struct dm
spin_lock(&zmd->mblk_lock);
- if (atomic_dec_and_test(&mblk->ref)) {
+ mblk->ref--;
+ if (mblk->ref == 0) {
if (test_bit(DMZ_META_ERROR, &mblk->state)) {
rb_erase(&mblk->node, &zmd->mblk_rbtree);
dmz_free_mblock(zmd, mblk);
@@ -511,7 +512,8 @@ static struct dmz_mblock *dmz_get_mblock
mblk = dmz_lookup_mblock(zmd, mblk_no);
if (mblk) {
/* Cache hit: remove block from LRU list */
- if (atomic_inc_return(&mblk->ref) == 1 &&
+ mblk->ref++;
+ if (mblk->ref == 1 &&
!test_bit(DMZ_META_DIRTY, &mblk->state))
list_del_init(&mblk->link);
}
@@ -753,7 +755,7 @@ int dmz_flush_metadata(struct dmz_metada
spin_lock(&zmd->mblk_lock);
clear_bit(DMZ_META_DIRTY, &mblk->state);
- if (atomic_read(&mblk->ref) == 0)
+ if (mblk->ref == 0)
list_add_tail(&mblk->link, &zmd->mblk_lru_list);
spin_unlock(&zmd->mblk_lock);
}
@@ -2308,7 +2310,7 @@ static void dmz_cleanup_metadata(struct
mblk = list_first_entry(&zmd->mblk_dirty_list,
struct dmz_mblock, link);
dmz_dev_warn(zmd->dev, "mblock %llu still in dirty list (ref %u)",
- (u64)mblk->no, atomic_read(&mblk->ref));
+ (u64)mblk->no, mblk->ref);
list_del_init(&mblk->link);
rb_erase(&mblk->node, &zmd->mblk_rbtree);
dmz_free_mblock(zmd, mblk);
@@ -2326,8 +2328,8 @@ static void dmz_cleanup_metadata(struct
root = &zmd->mblk_rbtree;
rbtree_postorder_for_each_entry_safe(mblk, next, root, node) {
dmz_dev_warn(zmd->dev, "mblock %llu ref %u still in rbtree",
- (u64)mblk->no, atomic_read(&mblk->ref));
- atomic_set(&mblk->ref, 0);
+ (u64)mblk->no, mblk->ref);
+ mblk->ref = 0;
dmz_free_mblock(zmd, mblk);
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 277/361] dm zoned: fix various dmz_get_mblock() issues
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (275 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 276/361] dm zoned: fix metadata block ref counting Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 278/361] media: ov7670: make "xclk" clock optional Greg Kroah-Hartman
` (86 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Damien Le Moal, Mike Snitzer
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Damien Le Moal <damien.lemoal@wdc.com>
commit 3d4e738311327bc4ba1d55fbe2f1da3de4a475f9 upstream.
dmz_fetch_mblock() called from dmz_get_mblock() has a race since the
allocation of the new metadata block descriptor and its insertion in
the cache rbtree with the READING state is not atomic. Two different
contexts requesting the same block may end up each adding two different
descriptors of the same block to the cache.
Another problem for this function is that the BIO for processing the
block read is allocated after the metadata block descriptor is inserted
in the cache rbtree. If the BIO allocation fails, the metadata block
descriptor is freed without first being removed from the rbtree.
Fix the first problem by checking again if the requested block is not in
the cache right before inserting the newly allocated descriptor,
atomically under the mblk_lock spinlock. The second problem is fixed by
simply allocating the BIO before inserting the new block in the cache.
Finally, since dmz_fetch_mblock() also increments a block reference
counter, rename the function to dmz_get_mblock_slow(). To be symmetric
and clear, also rename dmz_lookup_mblock() to dmz_get_mblock_fast() and
increment the block reference counter directly in that function rather
than in dmz_get_mblock().
Fixes: 3b1a94c88b79 ("dm zoned: drive-managed zoned block device target")
Cc: stable@vger.kernel.org
Signed-off-by: Damien Le Moal <damien.lemoal@wdc.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/dm-zoned-metadata.c | 66 ++++++++++++++++++++++++++---------------
1 file changed, 42 insertions(+), 24 deletions(-)
--- a/drivers/md/dm-zoned-metadata.c
+++ b/drivers/md/dm-zoned-metadata.c
@@ -339,10 +339,11 @@ static void dmz_insert_mblock(struct dmz
}
/*
- * Lookup a metadata block in the rbtree.
+ * Lookup a metadata block in the rbtree. If the block is found, increment
+ * its reference count.
*/
-static struct dmz_mblock *dmz_lookup_mblock(struct dmz_metadata *zmd,
- sector_t mblk_no)
+static struct dmz_mblock *dmz_get_mblock_fast(struct dmz_metadata *zmd,
+ sector_t mblk_no)
{
struct rb_root *root = &zmd->mblk_rbtree;
struct rb_node *node = root->rb_node;
@@ -350,8 +351,17 @@ static struct dmz_mblock *dmz_lookup_mbl
while (node) {
mblk = container_of(node, struct dmz_mblock, node);
- if (mblk->no == mblk_no)
+ if (mblk->no == mblk_no) {
+ /*
+ * If this is the first reference to the block,
+ * remove it from the LRU list.
+ */
+ mblk->ref++;
+ if (mblk->ref == 1 &&
+ !test_bit(DMZ_META_DIRTY, &mblk->state))
+ list_del_init(&mblk->link);
return mblk;
+ }
node = (mblk->no < mblk_no) ? node->rb_left : node->rb_right;
}
@@ -382,32 +392,47 @@ static void dmz_mblock_bio_end_io(struct
}
/*
- * Read a metadata block from disk.
+ * Read an uncached metadata block from disk and add it to the cache.
*/
-static struct dmz_mblock *dmz_fetch_mblock(struct dmz_metadata *zmd,
- sector_t mblk_no)
+static struct dmz_mblock *dmz_get_mblock_slow(struct dmz_metadata *zmd,
+ sector_t mblk_no)
{
- struct dmz_mblock *mblk;
+ struct dmz_mblock *mblk, *m;
sector_t block = zmd->sb[zmd->mblk_primary].block + mblk_no;
struct bio *bio;
- /* Get block and insert it */
+ /* Get a new block and a BIO to read it */
mblk = dmz_alloc_mblock(zmd, mblk_no);
if (!mblk)
return NULL;
- spin_lock(&zmd->mblk_lock);
- mblk->ref++;
- set_bit(DMZ_META_READING, &mblk->state);
- dmz_insert_mblock(zmd, mblk);
- spin_unlock(&zmd->mblk_lock);
-
bio = bio_alloc(GFP_NOIO, 1);
if (!bio) {
dmz_free_mblock(zmd, mblk);
return NULL;
}
+ spin_lock(&zmd->mblk_lock);
+
+ /*
+ * Make sure that another context did not start reading
+ * the block already.
+ */
+ m = dmz_get_mblock_fast(zmd, mblk_no);
+ if (m) {
+ spin_unlock(&zmd->mblk_lock);
+ dmz_free_mblock(zmd, mblk);
+ bio_put(bio);
+ return m;
+ }
+
+ mblk->ref++;
+ set_bit(DMZ_META_READING, &mblk->state);
+ dmz_insert_mblock(zmd, mblk);
+
+ spin_unlock(&zmd->mblk_lock);
+
+ /* Submit read BIO */
bio->bi_iter.bi_sector = dmz_blk2sect(block);
bio_set_dev(bio, zmd->dev->bdev);
bio->bi_private = mblk;
@@ -509,19 +534,12 @@ static struct dmz_mblock *dmz_get_mblock
/* Check rbtree */
spin_lock(&zmd->mblk_lock);
- mblk = dmz_lookup_mblock(zmd, mblk_no);
- if (mblk) {
- /* Cache hit: remove block from LRU list */
- mblk->ref++;
- if (mblk->ref == 1 &&
- !test_bit(DMZ_META_DIRTY, &mblk->state))
- list_del_init(&mblk->link);
- }
+ mblk = dmz_get_mblock_fast(zmd, mblk_no);
spin_unlock(&zmd->mblk_lock);
if (!mblk) {
/* Cache miss: read the block from disk */
- mblk = dmz_fetch_mblock(zmd, mblk_no);
+ mblk = dmz_get_mblock_slow(zmd, mblk_no);
if (!mblk)
return ERR_PTR(-ENOMEM);
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 278/361] media: ov7670: make "xclk" clock optional
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (276 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 277/361] dm zoned: fix various dmz_get_mblock() issues Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 279/361] fsnotify: Fix busy inodes during unmount Greg Kroah-Hartman
` (85 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lubomir Rintel, Sakari Ailus,
Mauro Carvalho Chehab
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lubomir Rintel <lkundrak@v3.sk>
commit 786fa584eda86d6598db3b87c61dc81f68808d11 upstream.
When the "xclk" clock was added, it was made mandatory. This broke the
driver on an OLPC plaform which doesn't know such clock. Make it
optional.
Tested on a OLPC XO-1 laptop.
Fixes: 0a024d634cee ("[media] ov7670: get xclk")
Cc: stable@vger.kernel.org # 4.11+
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/i2c/ov7670.c | 27 +++++++++++++++++----------
1 file changed, 17 insertions(+), 10 deletions(-)
--- a/drivers/media/i2c/ov7670.c
+++ b/drivers/media/i2c/ov7670.c
@@ -1808,17 +1808,24 @@ static int ov7670_probe(struct i2c_clien
info->pclk_hb_disable = true;
}
- info->clk = devm_clk_get(&client->dev, "xclk");
- if (IS_ERR(info->clk))
- return PTR_ERR(info->clk);
- ret = clk_prepare_enable(info->clk);
- if (ret)
- return ret;
+ info->clk = devm_clk_get(&client->dev, "xclk"); /* optional */
+ if (IS_ERR(info->clk)) {
+ ret = PTR_ERR(info->clk);
+ if (ret == -ENOENT)
+ info->clk = NULL;
+ else
+ return ret;
+ }
+ if (info->clk) {
+ ret = clk_prepare_enable(info->clk);
+ if (ret)
+ return ret;
- info->clock_speed = clk_get_rate(info->clk) / 1000000;
- if (info->clock_speed < 10 || info->clock_speed > 48) {
- ret = -EINVAL;
- goto clk_disable;
+ info->clock_speed = clk_get_rate(info->clk) / 1000000;
+ if (info->clock_speed < 10 || info->clock_speed > 48) {
+ ret = -EINVAL;
+ goto clk_disable;
+ }
}
ret = ov7670_init_gpio(client, info);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 279/361] fsnotify: Fix busy inodes during unmount
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (277 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 278/361] media: ov7670: make "xclk" clock optional Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 280/361] powerpc64/module elfv1: Set opd addresses after module relocation Greg Kroah-Hartman
` (84 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jan Kara
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jan Kara <jack@suse.cz>
commit 721fb6fbfd2132164c2e8777cc837f9b2c1794dc upstream.
Detaching of mark connector from fsnotify_put_mark() can race with
unmounting of the filesystem like:
CPU1 CPU2
fsnotify_put_mark()
spin_lock(&conn->lock);
...
inode = fsnotify_detach_connector_from_object(conn)
spin_unlock(&conn->lock);
generic_shutdown_super()
fsnotify_unmount_inodes()
sees connector detached for inode
-> nothing to do
evict_inode()
barfs on pending inode reference
iput(inode);
Resulting in "Busy inodes after unmount" message and possible kernel
oops. Make fsnotify_unmount_inodes() properly wait for outstanding inode
references from detached connectors.
Note that the accounting of outstanding inode references in the
superblock can cause some cacheline contention on the counter. OTOH it
happens only during deletion of the last notification mark from an inode
(or during unlinking of watched inode) and that is not too bad. I have
measured time to create & delete inotify watch 100000 times from 64
processes in parallel (each process having its own inotify group and its
own file on a shared superblock) on a 64 CPU machine. Average and
standard deviation of 15 runs look like:
Avg Stddev
Vanilla 9.817400 0.276165
Fixed 9.710467 0.228294
So there's no statistically significant difference.
Fixes: 6b3f05d24d35 ("fsnotify: Detach mark from object list when last reference is dropped")
CC: stable@vger.kernel.org
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/notify/fsnotify.c | 3 +++
fs/notify/mark.c | 39 +++++++++++++++++++++++++++++++--------
include/linux/fs.h | 3 +++
3 files changed, 37 insertions(+), 8 deletions(-)
--- a/fs/notify/fsnotify.c
+++ b/fs/notify/fsnotify.c
@@ -96,6 +96,9 @@ void fsnotify_unmount_inodes(struct supe
if (iput_inode)
iput(iput_inode);
+ /* Wait for outstanding inode references from connectors */
+ wait_var_event(&sb->s_fsnotify_inode_refs,
+ !atomic_long_read(&sb->s_fsnotify_inode_refs));
}
/*
--- a/fs/notify/mark.c
+++ b/fs/notify/mark.c
@@ -179,17 +179,20 @@ static void fsnotify_connector_destroy_w
}
}
-static struct inode *fsnotify_detach_connector_from_object(
- struct fsnotify_mark_connector *conn)
+static void *fsnotify_detach_connector_from_object(
+ struct fsnotify_mark_connector *conn,
+ unsigned int *type)
{
struct inode *inode = NULL;
+ *type = conn->type;
if (conn->type == FSNOTIFY_OBJ_TYPE_DETACHED)
return NULL;
if (conn->type == FSNOTIFY_OBJ_TYPE_INODE) {
inode = fsnotify_conn_inode(conn);
inode->i_fsnotify_mask = 0;
+ atomic_long_inc(&inode->i_sb->s_fsnotify_inode_refs);
} else if (conn->type == FSNOTIFY_OBJ_TYPE_VFSMOUNT) {
fsnotify_conn_mount(conn)->mnt_fsnotify_mask = 0;
}
@@ -211,10 +214,29 @@ static void fsnotify_final_mark_destroy(
fsnotify_put_group(group);
}
+/* Drop object reference originally held by a connector */
+static void fsnotify_drop_object(unsigned int type, void *objp)
+{
+ struct inode *inode;
+ struct super_block *sb;
+
+ if (!objp)
+ return;
+ /* Currently only inode references are passed to be dropped */
+ if (WARN_ON_ONCE(type != FSNOTIFY_OBJ_TYPE_INODE))
+ return;
+ inode = objp;
+ sb = inode->i_sb;
+ iput(inode);
+ if (atomic_long_dec_and_test(&sb->s_fsnotify_inode_refs))
+ wake_up_var(&sb->s_fsnotify_inode_refs);
+}
+
void fsnotify_put_mark(struct fsnotify_mark *mark)
{
struct fsnotify_mark_connector *conn;
- struct inode *inode = NULL;
+ void *objp = NULL;
+ unsigned int type = FSNOTIFY_OBJ_TYPE_DETACHED;
bool free_conn = false;
/* Catch marks that were actually never attached to object */
@@ -234,7 +256,7 @@ void fsnotify_put_mark(struct fsnotify_m
conn = mark->connector;
hlist_del_init_rcu(&mark->obj_list);
if (hlist_empty(&conn->list)) {
- inode = fsnotify_detach_connector_from_object(conn);
+ objp = fsnotify_detach_connector_from_object(conn, &type);
free_conn = true;
} else {
__fsnotify_recalc_mask(conn);
@@ -242,7 +264,7 @@ void fsnotify_put_mark(struct fsnotify_m
mark->connector = NULL;
spin_unlock(&conn->lock);
- iput(inode);
+ fsnotify_drop_object(type, objp);
if (free_conn) {
spin_lock(&destroy_lock);
@@ -709,7 +731,8 @@ void fsnotify_destroy_marks(fsnotify_con
{
struct fsnotify_mark_connector *conn;
struct fsnotify_mark *mark, *old_mark = NULL;
- struct inode *inode;
+ void *objp;
+ unsigned int type;
conn = fsnotify_grab_connector(connp);
if (!conn)
@@ -735,11 +758,11 @@ void fsnotify_destroy_marks(fsnotify_con
* mark references get dropped. It would lead to strange results such
* as delaying inode deletion or blocking unmount.
*/
- inode = fsnotify_detach_connector_from_object(conn);
+ objp = fsnotify_detach_connector_from_object(conn, &type);
spin_unlock(&conn->lock);
if (old_mark)
fsnotify_put_mark(old_mark);
- iput(inode);
+ fsnotify_drop_object(type, objp);
}
/*
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -1428,6 +1428,9 @@ struct super_block {
/* Number of inodes with nlink == 0 but still referenced */
atomic_long_t s_remove_count;
+ /* Pending fsnotify inode refs */
+ atomic_long_t s_fsnotify_inode_refs;
+
/* Being remounted read-only */
int s_readonly_remount;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 280/361] powerpc64/module elfv1: Set opd addresses after module relocation
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (278 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 279/361] fsnotify: Fix busy inodes during unmount Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 281/361] powerpc/msi: Fix compile error on mpc83xx Greg Kroah-Hartman
` (83 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Naveen N. Rao, Michael Ellerman
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
commit 59fe7eaf3598a89cbcd72e645b1d08afd76f7b29 upstream.
module_frob_arch_sections() is called before the module is moved to its
final location. The function descriptor section addresses we are setting
here are thus invalid. Fix this by processing opd section during
module_finalize()
Fixes: 5633e85b2c313 ("powerpc64: Add .opd based function descriptor dereference")
Cc: stable@vger.kernel.org # v4.16
Signed-off-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/kernel/module.c | 8 ++++++++
arch/powerpc/kernel/module_64.c | 5 -----
2 files changed, 8 insertions(+), 5 deletions(-)
--- a/arch/powerpc/kernel/module.c
+++ b/arch/powerpc/kernel/module.c
@@ -74,6 +74,14 @@ int module_finalize(const Elf_Ehdr *hdr,
(void *)sect->sh_addr + sect->sh_size);
#endif /* CONFIG_PPC64 */
+#ifdef PPC64_ELF_ABI_v1
+ sect = find_section(hdr, sechdrs, ".opd");
+ if (sect != NULL) {
+ me->arch.start_opd = sect->sh_addr;
+ me->arch.end_opd = sect->sh_addr + sect->sh_size;
+ }
+#endif /* PPC64_ELF_ABI_v1 */
+
#ifdef CONFIG_PPC_BARRIER_NOSPEC
sect = find_section(hdr, sechdrs, "__spec_barrier_fixup");
if (sect != NULL)
--- a/arch/powerpc/kernel/module_64.c
+++ b/arch/powerpc/kernel/module_64.c
@@ -360,11 +360,6 @@ int module_frob_arch_sections(Elf64_Ehdr
else if (strcmp(secstrings+sechdrs[i].sh_name,"__versions")==0)
dedotify_versions((void *)hdr + sechdrs[i].sh_offset,
sechdrs[i].sh_size);
- else if (!strcmp(secstrings + sechdrs[i].sh_name, ".opd")) {
- me->arch.start_opd = sechdrs[i].sh_addr;
- me->arch.end_opd = sechdrs[i].sh_addr +
- sechdrs[i].sh_size;
- }
/* We don't handle .init for the moment: rename to _init */
while ((p = strstr(secstrings + sechdrs[i].sh_name, ".init")))
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 281/361] powerpc/msi: Fix compile error on mpc83xx
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (279 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 280/361] powerpc64/module elfv1: Set opd addresses after module relocation Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 282/361] powerpc/tm: Fix HFSCR bit for no suspend case Greg Kroah-Hartman
` (82 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jia Hongtao, Scott Wood, Radu Rendec,
Christophe Leroy, Michael Ellerman
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christophe Leroy <christophe.leroy@c-s.fr>
commit 0f99153def98134403c9149128e59d3e1786cf04 upstream.
mpic_get_primary_version() is not defined when not using MPIC.
The compile error log like:
arch/powerpc/sysdev/built-in.o: In function `fsl_of_msi_probe':
fsl_msi.c:(.text+0x150c): undefined reference to `fsl_mpic_primary_get_version'
Signed-off-by: Jia Hongtao <hongtao.jia@freescale.com>
Signed-off-by: Scott Wood <scottwood@freescale.com>
Reported-by: Radu Rendec <radu.rendec@gmail.com>
Fixes: 807d38b73b6 ("powerpc/mpic: Add get_version API both for internal and external use")
Cc: stable@vger.kernel.org
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/include/asm/mpic.h | 7 +++++++
1 file changed, 7 insertions(+)
--- a/arch/powerpc/include/asm/mpic.h
+++ b/arch/powerpc/include/asm/mpic.h
@@ -393,7 +393,14 @@ extern struct bus_type mpic_subsys;
#define MPIC_REGSET_TSI108 MPIC_REGSET(1) /* Tsi108/109 PIC */
/* Get the version of primary MPIC */
+#ifdef CONFIG_MPIC
extern u32 fsl_mpic_primary_get_version(void);
+#else
+static inline u32 fsl_mpic_primary_get_version(void)
+{
+ return 0;
+}
+#endif
/* Allocate the controller structure and setup the linux irq descs
* for the range if interrupts passed in. No HW initialization is
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 282/361] powerpc/tm: Fix HFSCR bit for no suspend case
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (280 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 281/361] powerpc/msi: Fix compile error on mpc83xx Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 283/361] powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs before POWER9 Greg Kroah-Hartman
` (81 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Michael Neuling, Paul Mackerras
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Neuling <mikey@neuling.org>
commit dd9a8c5a87395b6f05552c3b44e42fdc95760552 upstream.
Currently on P9N DD2.1 we end up taking infinite TM facility
unavailable exceptions on the first TM usage by userspace.
In the special case of TM no suspend (P9N DD2.1), Linux is told TM is
off via CPU dt-ftrs but told to (partially) use it via
OPAL_REINIT_CPUS_TM_SUSPEND_DISABLED. So HFSCR[TM] will be off from
dt-ftrs but we need to turn it on for the no suspend case.
This patch fixes this by enabling HFSCR TM in this case.
Cc: stable@vger.kernel.org # 4.15+
Signed-off-by: Michael Neuling <mikey@neuling.org>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/kernel/setup_64.c | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)
--- a/arch/powerpc/kernel/setup_64.c
+++ b/arch/powerpc/kernel/setup_64.c
@@ -243,13 +243,19 @@ static void cpu_ready_for_interrupts(voi
}
/*
- * Fixup HFSCR:TM based on CPU features. The bit is set by our
- * early asm init because at that point we haven't updated our
- * CPU features from firmware and device-tree. Here we have,
- * so let's do it.
+ * Set HFSCR:TM based on CPU features:
+ * In the special case of TM no suspend (P9N DD2.1), Linux is
+ * told TM is off via the dt-ftrs but told to (partially) use
+ * it via OPAL_REINIT_CPUS_TM_SUSPEND_DISABLED. So HFSCR[TM]
+ * will be off from dt-ftrs but we need to turn it on for the
+ * no suspend case.
*/
- if (cpu_has_feature(CPU_FTR_HVMODE) && !cpu_has_feature(CPU_FTR_TM_COMP))
- mtspr(SPRN_HFSCR, mfspr(SPRN_HFSCR) & ~HFSCR_TM);
+ if (cpu_has_feature(CPU_FTR_HVMODE)) {
+ if (cpu_has_feature(CPU_FTR_TM_COMP))
+ mtspr(SPRN_HFSCR, mfspr(SPRN_HFSCR) | HFSCR_TM);
+ else
+ mtspr(SPRN_HFSCR, mfspr(SPRN_HFSCR) & ~HFSCR_TM);
+ }
/* Set IR and DR in PACA MSR */
get_paca()->kernel_msr = MSR_KERNEL;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 283/361] powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs before POWER9
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (281 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 282/361] powerpc/tm: Fix HFSCR bit for no suspend case Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 284/361] MIPS: OCTEON: fix out of bounds array access on CN68XX Greg Kroah-Hartman
` (80 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicholas Piggin, Michael Ellerman
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nicholas Piggin <npiggin@gmail.com>
commit bc276ecba132caccb1fda5863a652c15def2b8c6 upstream.
PPC_INVALIDATE_ERAT is slbia IH=7 which is a new variant introduced
with POWER9, and the result is undefined on earlier CPUs.
Commits 7b9f71f974 ("powerpc/64s: POWER9 machine check handler") and
d4748276ae ("powerpc/64s: Improve local TLB flush for boot and MCE on
POWER9") caused POWER7/8 code to use this instruction. Remove it. An
ERAT flush can be made by invalidatig the SLB, but before POWER9 that
requires a flush and rebolt.
Fixes: 7b9f71f974 ("powerpc/64s: POWER9 machine check handler")
Fixes: d4748276ae ("powerpc/64s: Improve local TLB flush for boot and MCE on POWER9")
Cc: stable@vger.kernel.org # v4.11+
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/kernel/mce_power.c | 7 +++++++
arch/powerpc/mm/hash_native_64.c | 4 ++--
2 files changed, 9 insertions(+), 2 deletions(-)
--- a/arch/powerpc/kernel/mce_power.c
+++ b/arch/powerpc/kernel/mce_power.c
@@ -89,6 +89,13 @@ static void flush_and_reload_slb(void)
static void flush_erat(void)
{
+#ifdef CONFIG_PPC_BOOK3S_64
+ if (!early_cpu_has_feature(CPU_FTR_ARCH_300)) {
+ flush_and_reload_slb();
+ return;
+ }
+#endif
+ /* PPC_INVALIDATE_ERAT can only be used on ISA v3 and newer */
asm volatile(PPC_INVALIDATE_ERAT : : :"memory");
}
--- a/arch/powerpc/mm/hash_native_64.c
+++ b/arch/powerpc/mm/hash_native_64.c
@@ -115,6 +115,8 @@ static void tlbiel_all_isa300(unsigned i
tlbiel_hash_set_isa300(0, is, 0, 2, 1);
asm volatile("ptesync": : :"memory");
+
+ asm volatile(PPC_INVALIDATE_ERAT "; isync" : : :"memory");
}
void hash__tlbiel_all(unsigned int action)
@@ -140,8 +142,6 @@ void hash__tlbiel_all(unsigned int actio
tlbiel_all_isa206(POWER7_TLB_SETS, is);
else
WARN(1, "%s called on pre-POWER7 CPU\n", __func__);
-
- asm volatile(PPC_INVALIDATE_ERAT "; isync" : : :"memory");
}
static inline unsigned long ___tlbie(unsigned long vpn, int psize,
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 284/361] MIPS: OCTEON: fix out of bounds array access on CN68XX
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (282 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 283/361] powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs before POWER9 Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 285/361] rtc: ds1307: fix ds1339 wakealarm support Greg Kroah-Hartman
` (79 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Aaro Koskinen, Paul Burton,
Ralf Baechle, linux-mips
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Aaro Koskinen <aaro.koskinen@iki.fi>
commit c0fae7e2452b90c31edd2d25eb3baf0c76b400ca upstream.
The maximum number of interfaces is returned by
cvmx_helper_get_number_of_interfaces(), and the value is used to access
interface_port_count[]. When CN68XX support was added, we forgot
to increase the array size. Fix that.
Fixes: 2c8c3f0201333 ("MIPS: Octeon: Support additional interfaces on CN68XX")
Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Signed-off-by: Paul Burton <paul.burton@mips.com>
Patchwork: https://patchwork.linux-mips.org/patch/20949/
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: linux-mips@linux-mips.org
Cc: linux-kernel@vger.kernel.org
Cc: stable@vger.kernel.org # v4.3+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/cavium-octeon/executive/cvmx-helper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/mips/cavium-octeon/executive/cvmx-helper.c
+++ b/arch/mips/cavium-octeon/executive/cvmx-helper.c
@@ -67,7 +67,7 @@ void (*cvmx_override_pko_queue_priority)
void (*cvmx_override_ipd_port_setup) (int ipd_port);
/* Port count per interface */
-static int interface_port_count[5];
+static int interface_port_count[9];
/**
* Return the number of interfaces the chip has. Each interface
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 285/361] rtc: ds1307: fix ds1339 wakealarm support
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (283 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 284/361] MIPS: OCTEON: fix out of bounds array access on CN68XX Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 286/361] rtc: cmos: Fix non-ACPI undefined reference to `hpet_rtc_interrupt Greg Kroah-Hartman
` (78 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Soeren Moch, Alexandre Belloni
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Soeren Moch <smoch@web.de>
commit 7dceef78f310f5351735060d78a1777c69606016 upstream.
Commit 51ed73eb998a1c79a2b0e9bed68f75a8a2c93b9b ("rtc: ds1340: Add support
for trickle charger.") breaks ds1339 wakealarm support by limiting
accessible registers. Fix this.
Fixes: 51ed73eb998a ("rtc: ds1340: Add support for trickle charger.")
Cc: stable@vger.kernel.org
Signed-off-by: Soeren Moch <smoch@web.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/rtc/rtc-ds1307.c | 1 -
1 file changed, 1 deletion(-)
--- a/drivers/rtc/rtc-ds1307.c
+++ b/drivers/rtc/rtc-ds1307.c
@@ -1384,7 +1384,6 @@ static void ds1307_clks_register(struct
static const struct regmap_config regmap_config = {
.reg_bits = 8,
.val_bits = 8,
- .max_register = 0x9,
};
static int ds1307_probe(struct i2c_client *client,
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 286/361] rtc: cmos: Fix non-ACPI undefined reference to `hpet_rtc_interrupt
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (284 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 285/361] rtc: ds1307: fix ds1339 wakealarm support Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 287/361] rtc: cmos: Remove the `use_acpi_alarm module parameter for !ACPI Greg Kroah-Hartman
` (77 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maciej W. Rozycki, Alexandre Belloni
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Maciej W. Rozycki <macro@linux-mips.org>
commit d197a253855d2d8e507a003880aab35c4e2473db upstream.
Fix a commit 311ee9c151ad ("rtc: cmos: allow using ACPI for RTC alarm
instead of HPET") `rtc-cmos' regression causing a link error:
drivers/rtc/rtc-cmos.o: In function `cmos_platform_probe':
rtc-cmos.c:(.init.text+0x33c): undefined reference to `hpet_rtc_interrupt'
rtc-cmos.c:(.init.text+0x3f4): undefined reference to `hpet_rtc_interrupt'
with non-ACPI platforms using this driver. The cause is the change of
the condition guarding the use of `hpet_rtc_interrupt'.
Previously it was a call to `is_hpet_enabled'. That function is static
inline and has a hardcoded 0 result for non-ACPI platforms, which imply
!HPET_EMULATE_RTC. Consequently the compiler optimized the whole block
away including the reference to `hpet_rtc_interrupt', which never made
it to the link stage.
Now the guarding condition is a call to `use_hpet_alarm', which is not
static inline and therefore the compiler may not be able to prove that
it actually always returns 0 for non-ACPI platforms. Consequently the
build breaks with an unsatisfied reference, because `hpet_rtc_interrupt'
is nowhere defined at link time.
Fix the problem by marking `use_hpet_alarm' inline. As the `inline'
keyword serves as an optimization hint rather than a requirement the
compiler is still free to choose whether inlining will be beneficial or
not for ACPI platforms.
Signed-off-by: Maciej W. Rozycki <macro@linux-mips.org>
Fixes: 311ee9c151ad ("rtc: cmos: allow using ACPI for RTC alarm instead of HPET")
Cc: stable@vger.kernel.org # 4.18+
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/rtc/rtc-cmos.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/rtc/rtc-cmos.c
+++ b/drivers/rtc/rtc-cmos.c
@@ -167,7 +167,7 @@ static inline int hpet_unregister_irq_ha
#endif
/* Don't use HPET for RTC Alarm event if ACPI Fixed event is used */
-static int use_hpet_alarm(void)
+static inline int use_hpet_alarm(void)
{
return is_hpet_enabled() && !use_acpi_alarm;
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 287/361] rtc: cmos: Remove the `use_acpi_alarm module parameter for !ACPI
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (285 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 286/361] rtc: cmos: Fix non-ACPI undefined reference to `hpet_rtc_interrupt Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 288/361] power: supply: twl4030-charger: fix OF sibling-node lookup Greg Kroah-Hartman
` (76 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maciej W. Rozycki, Alexandre Belloni
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Maciej W. Rozycki <macro@linux-mips.org>
commit bc51098cdd9573bfdecfd02fc8ed474419d73ea0 upstream.
Fix a problem with commit 311ee9c151ad ("rtc: cmos: allow using ACPI for
RTC alarm instead of HPET") defining `use_acpi_alarm' module parameter
even for non-ACPI platforms, which ignore it. Wrap the definition into
#ifdef CONFIG_ACPI and use a static inline wrapper function, hardcoded
to return 0 and consequently optimized away for !ACPI, following the
existing pattern with HPET handling functions.
Signed-off-by: Maciej W. Rozycki <macro@linux-mips.org>
Fixes: 311ee9c151ad ("rtc: cmos: allow using ACPI for RTC alarm instead of HPET")
Cc: stable@vger.kernel.org # 4.18+
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/rtc/rtc-cmos.c | 27 ++++++++++++++++++++-------
1 file changed, 20 insertions(+), 7 deletions(-)
--- a/drivers/rtc/rtc-cmos.c
+++ b/drivers/rtc/rtc-cmos.c
@@ -50,6 +50,7 @@
/* this is for "generic access to PC-style RTC" using CMOS_READ/CMOS_WRITE */
#include <linux/mc146818rtc.h>
+#ifdef CONFIG_ACPI
/*
* Use ACPI SCI to replace HPET interrupt for RTC Alarm event
*
@@ -61,6 +62,18 @@
static bool use_acpi_alarm;
module_param(use_acpi_alarm, bool, 0444);
+static inline int cmos_use_acpi_alarm(void)
+{
+ return use_acpi_alarm;
+}
+#else /* !CONFIG_ACPI */
+
+static inline int cmos_use_acpi_alarm(void)
+{
+ return 0;
+}
+#endif
+
struct cmos_rtc {
struct rtc_device *rtc;
struct device *dev;
@@ -169,7 +182,7 @@ static inline int hpet_unregister_irq_ha
/* Don't use HPET for RTC Alarm event if ACPI Fixed event is used */
static inline int use_hpet_alarm(void)
{
- return is_hpet_enabled() && !use_acpi_alarm;
+ return is_hpet_enabled() && !cmos_use_acpi_alarm();
}
/*----------------------------------------------------------------*/
@@ -340,7 +353,7 @@ static void cmos_irq_enable(struct cmos_
if (use_hpet_alarm())
hpet_set_rtc_irq_bit(mask);
- if ((mask & RTC_AIE) && use_acpi_alarm) {
+ if ((mask & RTC_AIE) && cmos_use_acpi_alarm()) {
if (cmos->wake_on)
cmos->wake_on(cmos->dev);
}
@@ -358,7 +371,7 @@ static void cmos_irq_disable(struct cmos
if (use_hpet_alarm())
hpet_mask_rtc_irq_bit(mask);
- if ((mask & RTC_AIE) && use_acpi_alarm) {
+ if ((mask & RTC_AIE) && cmos_use_acpi_alarm()) {
if (cmos->wake_off)
cmos->wake_off(cmos->dev);
}
@@ -980,7 +993,7 @@ static int cmos_suspend(struct device *d
}
spin_unlock_irq(&rtc_lock);
- if ((tmp & RTC_AIE) && !use_acpi_alarm) {
+ if ((tmp & RTC_AIE) && !cmos_use_acpi_alarm()) {
cmos->enabled_wake = 1;
if (cmos->wake_on)
cmos->wake_on(dev);
@@ -1031,7 +1044,7 @@ static void cmos_check_wkalrm(struct dev
* ACPI RTC wake event is cleared after resume from STR,
* ACK the rtc irq here
*/
- if (t_now >= cmos->alarm_expires && use_acpi_alarm) {
+ if (t_now >= cmos->alarm_expires && cmos_use_acpi_alarm()) {
cmos_interrupt(0, (void *)cmos->rtc);
return;
}
@@ -1053,7 +1066,7 @@ static int __maybe_unused cmos_resume(st
struct cmos_rtc *cmos = dev_get_drvdata(dev);
unsigned char tmp;
- if (cmos->enabled_wake && !use_acpi_alarm) {
+ if (cmos->enabled_wake && !cmos_use_acpi_alarm()) {
if (cmos->wake_off)
cmos->wake_off(dev);
else
@@ -1132,7 +1145,7 @@ static u32 rtc_handler(void *context)
* Or else, ACPI SCI is enabled during suspend/resume only,
* update rtc irq in that case.
*/
- if (use_acpi_alarm)
+ if (cmos_use_acpi_alarm())
cmos_interrupt(0, (void *)cmos->rtc);
else {
/* Fix me: can we use cmos_interrupt() here as well? */
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 288/361] power: supply: twl4030-charger: fix OF sibling-node lookup
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (286 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 287/361] rtc: cmos: Remove the `use_acpi_alarm module parameter for !ACPI Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 289/361] ocxl: Fix access to the AFU Descriptor Data Greg Kroah-Hartman
` (75 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, NeilBrown, Felipe Balbi,
Sebastian Reichel, Johan Hovold, Rob Herring
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johan Hovold <johan@kernel.org>
commit 9844fb2e351311210e6660a9a1c62d17424a6145 upstream.
Use the new of_get_compatible_child() helper to lookup the usb sibling
node instead of using of_find_compatible_node(), which searches the
entire tree from a given start node and thus can return an unrelated
(non-sibling) node.
This also addresses a potential use-after-free (e.g. after probe
deferral) as the tree-wide helper drops a reference to its first
argument (i.e. the parent device node).
While at it, also fix the related phy-node reference leak.
Fixes: f5e4edb8c888 ("power: twl4030_charger: find associated phy by more reliable means.")
Cc: stable <stable@vger.kernel.org> # 4.2
Cc: NeilBrown <neilb@suse.de>
Cc: Felipe Balbi <felipe.balbi@linux.intel.com>
Cc: Sebastian Reichel <sre@kernel.org>
Reviewed-by: Sebastian Reichel <sre@kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/power/supply/twl4030_charger.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/drivers/power/supply/twl4030_charger.c
+++ b/drivers/power/supply/twl4030_charger.c
@@ -996,12 +996,13 @@ static int twl4030_bci_probe(struct plat
if (bci->dev->of_node) {
struct device_node *phynode;
- phynode = of_find_compatible_node(bci->dev->of_node->parent,
- NULL, "ti,twl4030-usb");
+ phynode = of_get_compatible_child(bci->dev->of_node->parent,
+ "ti,twl4030-usb");
if (phynode) {
bci->usb_nb.notifier_call = twl4030_bci_usb_ncb;
bci->transceiver = devm_usb_get_phy_by_node(
bci->dev, phynode, &bci->usb_nb);
+ of_node_put(phynode);
if (IS_ERR(bci->transceiver)) {
ret = PTR_ERR(bci->transceiver);
if (ret == -EPROBE_DEFER)
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 289/361] ocxl: Fix access to the AFU Descriptor Data
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (287 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 288/361] power: supply: twl4030-charger: fix OF sibling-node lookup Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 290/361] iommu/arm-smmu: Ensure that page-table updates are visible before TLBI Greg Kroah-Hartman
` (74 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe Lombard, Frederic Barrat,
Andrew Donnellan, Michael Ellerman
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christophe Lombard <clombard@linux.vnet.ibm.com>
commit 6f8e45f7eb1bee5efdbe4a9cfe4a45627403c5fb upstream.
The AFU Information DVSEC capability is a means to extract common,
general information about all of the AFUs associated with a Function
independent of the specific functionality that each AFU provides.
Write in the AFU Index field allows to access to the descriptor data
for each AFU.
With the current code, we are not able to access to these specific data
when the index >= 1 because we are writing to the wrong location.
All requests to the data of each AFU are pointing to those of the AFU 0,
which could have impacts when using a card with more than one AFU per
function.
This patch fixes the access to the AFU Descriptor Data indexed by the
AFU Info Index field.
Fixes: 5ef3166e8a32 ("ocxl: Driver code for 'generic' opencapi devices")
Cc: stable <stable@vger.kernel.org> # 4.16
Signed-off-by: Christophe Lombard <clombard@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Acked-by: Frederic Barrat <fbarrat@linux.vnet.ibm.com>
Acked-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
---
drivers/misc/ocxl/config.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/misc/ocxl/config.c
+++ b/drivers/misc/ocxl/config.c
@@ -280,7 +280,9 @@ int ocxl_config_check_afu_index(struct p
u32 val;
int rc, templ_major, templ_minor, len;
- pci_write_config_word(dev, fn->dvsec_afu_info_pos, afu_idx);
+ pci_write_config_byte(dev,
+ fn->dvsec_afu_info_pos + OCXL_DVSEC_AFU_INFO_AFU_IDX,
+ afu_idx);
rc = read_afu_info(dev, fn, OCXL_DVSEC_TEMPL_VERSION, &val);
if (rc)
return rc;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 290/361] iommu/arm-smmu: Ensure that page-table updates are visible before TLBI
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (288 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 289/361] ocxl: Fix access to the AFU Descriptor Data Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 291/361] TC: Set DMA masks for devices Greg Kroah-Hartman
` (73 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Robin Murphy, Will Deacon
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Will Deacon <will.deacon@arm.com>
commit 7d321bd3542500caf125249f44dc37cb4e738013 upstream.
The IO-pgtable code relies on the driver TLB invalidation callbacks to
ensure that all page-table updates are visible to the IOMMU page-table
walker.
In the case that the page-table walker is cache-coherent, we cannot rely
on an implicit DSB from the DMA-mapping code, so we must ensure that we
execute a DSB in our tlb_add_flush() callback prior to triggering the
invalidation.
Cc: <stable@vger.kernel.org>
Cc: Robin Murphy <robin.murphy@arm.com>
Fixes: 2df7a25ce4a7 ("iommu/arm-smmu: Clean up DMA API usage")
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iommu/arm-smmu.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/drivers/iommu/arm-smmu.c
+++ b/drivers/iommu/arm-smmu.c
@@ -469,6 +469,9 @@ static void arm_smmu_tlb_inv_range_nosyn
bool stage1 = cfg->cbar != CBAR_TYPE_S2_TRANS;
void __iomem *reg = ARM_SMMU_CB(smmu_domain->smmu, cfg->cbndx);
+ if (smmu_domain->smmu->features & ARM_SMMU_FEAT_COHERENT_WALK)
+ wmb();
+
if (stage1) {
reg += leaf ? ARM_SMMU_CB_S1_TLBIVAL : ARM_SMMU_CB_S1_TLBIVA;
@@ -510,6 +513,9 @@ static void arm_smmu_tlb_inv_vmid_nosync
struct arm_smmu_domain *smmu_domain = cookie;
void __iomem *base = ARM_SMMU_GR0(smmu_domain->smmu);
+ if (smmu_domain->smmu->features & ARM_SMMU_FEAT_COHERENT_WALK)
+ wmb();
+
writel_relaxed(smmu_domain->cfg.vmid, base + ARM_SMMU_GR0_TLBIVMID);
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 291/361] TC: Set DMA masks for devices
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (289 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 290/361] iommu/arm-smmu: Ensure that page-table updates are visible before TLBI Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 292/361] net: bcmgenet: fix OF child-node lookup Greg Kroah-Hartman
` (72 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maciej W. Rozycki, Paul Burton, Ralf Baechle
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Maciej W. Rozycki <macro@linux-mips.org>
commit 3f2aa244ee1a0d17ed5b6c86564d2c1b24d1c96b upstream.
Fix a TURBOchannel support regression with commit 205e1b7f51e4
("dma-mapping: warn when there is no coherent_dma_mask") that caused
coherent DMA allocations to produce a warning such as:
defxx: v1.11 2014/07/01 Lawrence V. Stefani and others
tc1: DEFTA at MMIO addr = 0x1e900000, IRQ = 20, Hardware addr = 08-00-2b-a3-a3-29
------------[ cut here ]------------
WARNING: CPU: 0 PID: 1 at ./include/linux/dma-mapping.h:516 dfx_dev_register+0x670/0x678
Modules linked in:
CPU: 0 PID: 1 Comm: swapper Not tainted 4.19.0-rc6 #2
Stack : ffffffff8009ffc0 fffffffffffffec0 0000000000000000 ffffffff80647650
0000000000000000 0000000000000000 ffffffff806f5f80 ffffffffffffffff
0000000000000000 0000000000000000 0000000000000001 ffffffff8065d4e8
98000000031b6300 ffffffff80563478 ffffffff805685b0 ffffffffffffffff
0000000000000000 ffffffff805d6720 0000000000000204 ffffffff80388df8
0000000000000000 0000000000000009 ffffffff8053efd0 ffffffff806657d0
0000000000000000 ffffffff803177f8 0000000000000000 ffffffff806d0000
9800000003078000 980000000307b9e0 000000001e900000 ffffffff80067940
0000000000000000 ffffffff805d6720 0000000000000204 ffffffff80388df8
ffffffff805176c0 ffffffff8004dc78 0000000000000000 ffffffff80067940
...
Call Trace:
[<ffffffff8004dc78>] show_stack+0xa0/0x130
[<ffffffff80067940>] __warn+0x128/0x170
---[ end trace b1d1e094f67f3bb2 ]---
This is because the TURBOchannel bus driver fails to set the coherent
DMA mask for devices enumerated.
Set the regular and coherent DMA masks for TURBOchannel devices then,
observing that the bus protocol supports a 34-bit (16GiB) DMA address
space, by interpreting the value presented in the address cycle across
the 32 `ad' lines as a 32-bit word rather than byte address[1]. The
architectural size of the TURBOchannel DMA address space exceeds the
maximum amount of RAM any actual TURBOchannel system in existence may
have, hence both masks are the same.
This removes the warning shown above.
References:
[1] "TURBOchannel Hardware Specification", EK-369AA-OD-007B, Digital
Equipment Corporation, January 1993, Section "DMA", pp. 1-15 -- 1-17
Signed-off-by: Maciej W. Rozycki <macro@linux-mips.org>
Signed-off-by: Paul Burton <paul.burton@mips.com>
Patchwork: https://patchwork.linux-mips.org/patch/20835/
Fixes: 205e1b7f51e4 ("dma-mapping: warn when there is no coherent_dma_mask")
Cc: stable@vger.kernel.org # 4.16+
Cc: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tc/tc.c | 8 +++++++-
include/linux/tc.h | 1 +
2 files changed, 8 insertions(+), 1 deletion(-)
--- a/drivers/tc/tc.c
+++ b/drivers/tc/tc.c
@@ -2,7 +2,7 @@
* TURBOchannel bus services.
*
* Copyright (c) Harald Koerfgen, 1998
- * Copyright (c) 2001, 2003, 2005, 2006 Maciej W. Rozycki
+ * Copyright (c) 2001, 2003, 2005, 2006, 2018 Maciej W. Rozycki
* Copyright (c) 2005 James Simmons
*
* This file is subject to the terms and conditions of the GNU
@@ -10,6 +10,7 @@
* directory of this archive for more details.
*/
#include <linux/compiler.h>
+#include <linux/dma-mapping.h>
#include <linux/errno.h>
#include <linux/init.h>
#include <linux/ioport.h>
@@ -92,6 +93,11 @@ static void __init tc_bus_add_devices(st
tdev->dev.bus = &tc_bus_type;
tdev->slot = slot;
+ /* TURBOchannel has 34-bit DMA addressing (16GiB space). */
+ tdev->dma_mask = DMA_BIT_MASK(34);
+ tdev->dev.dma_mask = &tdev->dma_mask;
+ tdev->dev.coherent_dma_mask = DMA_BIT_MASK(34);
+
for (i = 0; i < 8; i++) {
tdev->firmware[i] =
readb(module + offset + TC_FIRM_VER + 4 * i);
--- a/include/linux/tc.h
+++ b/include/linux/tc.h
@@ -84,6 +84,7 @@ struct tc_dev {
device. */
struct device dev; /* Generic device interface. */
struct resource resource; /* Address space of this device. */
+ u64 dma_mask; /* DMA addressable range. */
char vendor[9];
char name[9];
char firmware[9];
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 292/361] net: bcmgenet: fix OF child-node lookup
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (290 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 291/361] TC: Set DMA masks for devices Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 293/361] media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD Greg Kroah-Hartman
` (71 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David S. Miller, Florian Fainelli,
Johan Hovold, Rob Herring
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johan Hovold <johan@kernel.org>
commit d397dbe606120a1ea1b11b0020c3f7a3852da5ac upstream.
Use the new of_get_compatible_child() helper to lookup the mdio child
node instead of using of_find_compatible_node(), which searches the
entire tree from a given start node and thus can return an unrelated
(i.e. non-child) node.
This also addresses a potential use-after-free (e.g. after probe
deferral) as the tree-wide helper drops a reference to its first
argument (i.e. the node of the device being probed).
Fixes: aa09677cba42 ("net: bcmgenet: add MDIO routines")
Cc: stable <stable@vger.kernel.org> # 3.15
Cc: David S. Miller <davem@davemloft.net>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/broadcom/genet/bcmmii.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/ethernet/broadcom/genet/bcmmii.c
+++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c
@@ -342,7 +342,7 @@ static struct device_node *bcmgenet_mii_
if (!compat)
return NULL;
- priv->mdio_dn = of_find_compatible_node(dn, NULL, compat);
+ priv->mdio_dn = of_get_compatible_child(dn, compat);
kfree(compat);
if (!priv->mdio_dn) {
dev_err(kdev, "unable to find MDIO bus node\n");
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 293/361] media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (291 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 292/361] net: bcmgenet: fix OF child-node lookup Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 294/361] Revert "media: dvbsky: use just one mutex for serializing device R/W ops" Greg Kroah-Hartman
` (70 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans Verkuil, Mauro Carvalho Chehab
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans Verkuil <hverkuil@xs4all.nl>
commit 250854eed5d45a73d81e4137dfd85180af6f2ec3 upstream.
When the OSD is on (i.e. vivid displays text on top of the test pattern), and
you enable hflip, then the driver crashes.
The cause turned out to be a division of a negative number by an unsigned value.
You expect that -8 / 2U would be -4, but in reality it is 2147483644 :-(
Fixes: 3e14e7a82c1ef ("vivid-tpg: add hor/vert downsampling support to tpg_gen_text")
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Reported-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Cc: <stable@vger.kernel.org> # for v4.1 and up
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/common/v4l2-tpg/v4l2-tpg-core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/media/common/v4l2-tpg/v4l2-tpg-core.c
+++ b/drivers/media/common/v4l2-tpg/v4l2-tpg-core.c
@@ -1770,7 +1770,7 @@ typedef struct { u16 __; u8 _; } __packe
pos[7] = (chr & (0x01 << 0) ? fg : bg); \
} \
\
- pos += (tpg->hflip ? -8 : 8) / hdiv; \
+ pos += (tpg->hflip ? -8 : 8) / (int)hdiv; \
} \
} \
} while (0)
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 294/361] Revert "media: dvbsky: use just one mutex for serializing device R/W ops"
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (292 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 293/361] media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 295/361] kgdboc: Passing ekgdboc to command line causes panic Greg Kroah-Hartman
` (69 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mauro Carvalho Chehab
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
commit 9afc82194de9a1ce298f0d77d7d779d585bf962c upstream.
As pointed at:
https://bugzilla.kernel.org/show_bug.cgi?id=199323
This patch causes a bad effect on RPi. I suspect that the root
cause is at the USB out of tree RPi driver, with uses high priority
interrupts instead of normal ones. Anyway, as this patch
is mostly a cleanup, better to revert it.
This reverts commit 7d95fb746c4eece67308f1642a666ea1ebdbd2cc.
Cc: stable@vger.kernel.org # For Kernel 4.18
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/usb/dvb-usb-v2/dvbsky.c | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
--- a/drivers/media/usb/dvb-usb-v2/dvbsky.c
+++ b/drivers/media/usb/dvb-usb-v2/dvbsky.c
@@ -31,6 +31,7 @@ MODULE_PARM_DESC(disable_rc, "Disable in
DVB_DEFINE_MOD_OPT_ADAPTER_NR(adapter_nr);
struct dvbsky_state {
+ struct mutex stream_mutex;
u8 ibuf[DVBSKY_BUF_LEN];
u8 obuf[DVBSKY_BUF_LEN];
u8 last_lock;
@@ -67,17 +68,18 @@ static int dvbsky_usb_generic_rw(struct
static int dvbsky_stream_ctrl(struct dvb_usb_device *d, u8 onoff)
{
+ struct dvbsky_state *state = d_to_priv(d);
int ret;
- static u8 obuf_pre[3] = { 0x37, 0, 0 };
- static u8 obuf_post[3] = { 0x36, 3, 0 };
+ u8 obuf_pre[3] = { 0x37, 0, 0 };
+ u8 obuf_post[3] = { 0x36, 3, 0 };
- mutex_lock(&d->usb_mutex);
- ret = dvb_usbv2_generic_rw_locked(d, obuf_pre, 3, NULL, 0);
+ mutex_lock(&state->stream_mutex);
+ ret = dvbsky_usb_generic_rw(d, obuf_pre, 3, NULL, 0);
if (!ret && onoff) {
msleep(20);
- ret = dvb_usbv2_generic_rw_locked(d, obuf_post, 3, NULL, 0);
+ ret = dvbsky_usb_generic_rw(d, obuf_post, 3, NULL, 0);
}
- mutex_unlock(&d->usb_mutex);
+ mutex_unlock(&state->stream_mutex);
return ret;
}
@@ -606,6 +608,8 @@ static int dvbsky_init(struct dvb_usb_de
if (ret)
return ret;
*/
+ mutex_init(&state->stream_mutex);
+
state->last_lock = 0;
return 0;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 295/361] kgdboc: Passing ekgdboc to command line causes panic
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (293 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 294/361] Revert "media: dvbsky: use just one mutex for serializing device R/W ops" Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 296/361] remoteproc: qcom: q6v5: Propagate EPROBE_DEFER Greg Kroah-Hartman
` (68 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, jason.wessel, jslaby, He Zhe,
Daniel Thompson
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: He Zhe <zhe.he@windriver.com>
commit 1bd54d851f50dea6af30c3e6ff4f3e9aab5558f9 upstream.
kgdboc_option_setup does not check input argument before passing it
to strlen. The argument would be a NULL pointer if "ekgdboc", without
its value, is set in command line and thus cause the following panic.
PANIC: early exception 0xe3 IP 10:ffffffff8fbbb620 error 0 cr2 0x0
[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 4.18-rc8+ #1
[ 0.000000] RIP: 0010:strlen+0x0/0x20
...
[ 0.000000] Call Trace
[ 0.000000] ? kgdboc_option_setup+0x9/0xa0
[ 0.000000] ? kgdboc_early_init+0x6/0x1b
[ 0.000000] ? do_early_param+0x4d/0x82
[ 0.000000] ? parse_args+0x212/0x330
[ 0.000000] ? rdinit_setup+0x26/0x26
[ 0.000000] ? parse_early_options+0x20/0x23
[ 0.000000] ? rdinit_setup+0x26/0x26
[ 0.000000] ? parse_early_param+0x2d/0x39
[ 0.000000] ? setup_arch+0x2f7/0xbf4
[ 0.000000] ? start_kernel+0x5e/0x4c2
[ 0.000000] ? load_ucode_bsp+0x113/0x12f
[ 0.000000] ? secondary_startup_64+0xa5/0xb0
This patch adds a check to prevent the panic.
Cc: stable@vger.kernel.org
Cc: jason.wessel@windriver.com
Cc: gregkh@linuxfoundation.org
Cc: jslaby@suse.com
Signed-off-by: He Zhe <zhe.he@windriver.com>
Reviewed-by: Daniel Thompson <daniel.thompson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/kgdboc.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/tty/serial/kgdboc.c
+++ b/drivers/tty/serial/kgdboc.c
@@ -130,6 +130,11 @@ static void kgdboc_unregister_kbd(void)
static int kgdboc_option_setup(char *opt)
{
+ if (!opt) {
+ pr_err("kgdboc: config string not provided\n");
+ return -EINVAL;
+ }
+
if (strlen(opt) >= MAX_CONFIG_LEN) {
printk(KERN_ERR "kgdboc: config string too long\n");
return -ENOSPC;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 296/361] remoteproc: qcom: q6v5: Propagate EPROBE_DEFER
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (294 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 295/361] kgdboc: Passing ekgdboc to command line causes panic Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 297/361] media: cec: make cec_get_edid_spa_location() an inline function Greg Kroah-Hartman
` (67 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Sibi Sankar, Bjorn Andersson
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bjorn Andersson <bjorn.andersson@linaro.org>
commit d5269c4553a64b6882f2c019ae21b783a0984a83 upstream.
In the case that the interrupts fail to result because of the
interrupt-controller not yet being registered the
platform_get_irq_byname() call will fail with -EPROBE_DEFER, but passing
this into devm_request_threaded_irq() will result in -EINVAL being
returned, the driver is therefor not reprobed later.
Fixes: 3b415c8fb263 ("remoteproc: q6v5: Extract common resource handling")
Cc: stable@vger.kernel.org
Reviewed-by: Sibi Sankar <sibis@codeaurora.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/remoteproc/qcom_q6v5.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
--- a/drivers/remoteproc/qcom_q6v5.c
+++ b/drivers/remoteproc/qcom_q6v5.c
@@ -198,6 +198,9 @@ int qcom_q6v5_init(struct qcom_q6v5 *q6v
}
q6v5->fatal_irq = platform_get_irq_byname(pdev, "fatal");
+ if (q6v5->fatal_irq == -EPROBE_DEFER)
+ return -EPROBE_DEFER;
+
ret = devm_request_threaded_irq(&pdev->dev, q6v5->fatal_irq,
NULL, q6v5_fatal_interrupt,
IRQF_TRIGGER_RISING | IRQF_ONESHOT,
@@ -208,6 +211,9 @@ int qcom_q6v5_init(struct qcom_q6v5 *q6v
}
q6v5->ready_irq = platform_get_irq_byname(pdev, "ready");
+ if (q6v5->ready_irq == -EPROBE_DEFER)
+ return -EPROBE_DEFER;
+
ret = devm_request_threaded_irq(&pdev->dev, q6v5->ready_irq,
NULL, q6v5_ready_interrupt,
IRQF_TRIGGER_RISING | IRQF_ONESHOT,
@@ -218,6 +224,9 @@ int qcom_q6v5_init(struct qcom_q6v5 *q6v
}
q6v5->handover_irq = platform_get_irq_byname(pdev, "handover");
+ if (q6v5->handover_irq == -EPROBE_DEFER)
+ return -EPROBE_DEFER;
+
ret = devm_request_threaded_irq(&pdev->dev, q6v5->handover_irq,
NULL, q6v5_handover_interrupt,
IRQF_TRIGGER_RISING | IRQF_ONESHOT,
@@ -229,6 +238,9 @@ int qcom_q6v5_init(struct qcom_q6v5 *q6v
disable_irq(q6v5->handover_irq);
q6v5->stop_irq = platform_get_irq_byname(pdev, "stop-ack");
+ if (q6v5->stop_irq == -EPROBE_DEFER)
+ return -EPROBE_DEFER;
+
ret = devm_request_threaded_irq(&pdev->dev, q6v5->stop_irq,
NULL, q6v5_stop_interrupt,
IRQF_TRIGGER_RISING | IRQF_ONESHOT,
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 297/361] media: cec: make cec_get_edid_spa_location() an inline function
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (295 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 296/361] remoteproc: qcom: q6v5: Propagate EPROBE_DEFER Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 298/361] media: cec: integrate cec_validate_phys_addr() in cec-api.c Greg Kroah-Hartman
` (66 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans Verkuil, Mauro Carvalho Chehab
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans Verkuil <hans.verkuil@cisco.com>
commit b915bf575d5b7774d0f22d57d6c143e07dcaade2 upstream.
This function is needed by both V4L2 and CEC, so move this to
cec.h as a static inline since there are no obvious shared
modules between the two subsystems.
This patch, together with the following ones, fixes a
dependency bug: if CEC_CORE is disabled, then building adv7604
(and other HDMI receivers) will fail because an essential
function is now stubbed out.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Cc: <stable@vger.kernel.org> # for v4.17 and up
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/cec/cec-edid.c | 60 ------------------------------------
include/media/cec.h | 70 +++++++++++++++++++++++++++++++++++++++++++
2 files changed, 70 insertions(+), 60 deletions(-)
--- a/drivers/media/cec/cec-edid.c
+++ b/drivers/media/cec/cec-edid.c
@@ -10,66 +10,6 @@
#include <linux/types.h>
#include <media/cec.h>
-/*
- * This EDID is expected to be a CEA-861 compliant, which means that there are
- * at least two blocks and one or more of the extensions blocks are CEA-861
- * blocks.
- *
- * The returned location is guaranteed to be < size - 1.
- */
-static unsigned int cec_get_edid_spa_location(const u8 *edid, unsigned int size)
-{
- unsigned int blocks = size / 128;
- unsigned int block;
- u8 d;
-
- /* Sanity check: at least 2 blocks and a multiple of the block size */
- if (blocks < 2 || size % 128)
- return 0;
-
- /*
- * If there are fewer extension blocks than the size, then update
- * 'blocks'. It is allowed to have more extension blocks than the size,
- * since some hardware can only read e.g. 256 bytes of the EDID, even
- * though more blocks are present. The first CEA-861 extension block
- * should normally be in block 1 anyway.
- */
- if (edid[0x7e] + 1 < blocks)
- blocks = edid[0x7e] + 1;
-
- for (block = 1; block < blocks; block++) {
- unsigned int offset = block * 128;
-
- /* Skip any non-CEA-861 extension blocks */
- if (edid[offset] != 0x02 || edid[offset + 1] != 0x03)
- continue;
-
- /* search Vendor Specific Data Block (tag 3) */
- d = edid[offset + 2] & 0x7f;
- /* Check if there are Data Blocks */
- if (d <= 4)
- continue;
- if (d > 4) {
- unsigned int i = offset + 4;
- unsigned int end = offset + d;
-
- /* Note: 'end' is always < 'size' */
- do {
- u8 tag = edid[i] >> 5;
- u8 len = edid[i] & 0x1f;
-
- if (tag == 3 && len >= 5 && i + len <= end &&
- edid[i + 1] == 0x03 &&
- edid[i + 2] == 0x0c &&
- edid[i + 3] == 0x00)
- return i + 4;
- i += len + 1;
- } while (i < end);
- }
- }
- return 0;
-}
-
u16 cec_get_edid_phys_addr(const u8 *edid, unsigned int size,
unsigned int *offset)
{
--- a/include/media/cec.h
+++ b/include/media/cec.h
@@ -461,4 +461,74 @@ static inline void cec_phys_addr_invalid
cec_s_phys_addr(adap, CEC_PHYS_ADDR_INVALID, false);
}
+/**
+ * cec_get_edid_spa_location() - find location of the Source Physical Address
+ *
+ * @edid: the EDID
+ * @size: the size of the EDID
+ *
+ * This EDID is expected to be a CEA-861 compliant, which means that there are
+ * at least two blocks and one or more of the extensions blocks are CEA-861
+ * blocks.
+ *
+ * The returned location is guaranteed to be <= size-2.
+ *
+ * This is an inline function since it is used by both CEC and V4L2.
+ * Ideally this would go in a module shared by both, but it is overkill to do
+ * that for just a single function.
+ */
+static inline unsigned int cec_get_edid_spa_location(const u8 *edid,
+ unsigned int size)
+{
+ unsigned int blocks = size / 128;
+ unsigned int block;
+ u8 d;
+
+ /* Sanity check: at least 2 blocks and a multiple of the block size */
+ if (blocks < 2 || size % 128)
+ return 0;
+
+ /*
+ * If there are fewer extension blocks than the size, then update
+ * 'blocks'. It is allowed to have more extension blocks than the size,
+ * since some hardware can only read e.g. 256 bytes of the EDID, even
+ * though more blocks are present. The first CEA-861 extension block
+ * should normally be in block 1 anyway.
+ */
+ if (edid[0x7e] + 1 < blocks)
+ blocks = edid[0x7e] + 1;
+
+ for (block = 1; block < blocks; block++) {
+ unsigned int offset = block * 128;
+
+ /* Skip any non-CEA-861 extension blocks */
+ if (edid[offset] != 0x02 || edid[offset + 1] != 0x03)
+ continue;
+
+ /* search Vendor Specific Data Block (tag 3) */
+ d = edid[offset + 2] & 0x7f;
+ /* Check if there are Data Blocks */
+ if (d <= 4)
+ continue;
+ if (d > 4) {
+ unsigned int i = offset + 4;
+ unsigned int end = offset + d;
+
+ /* Note: 'end' is always < 'size' */
+ do {
+ u8 tag = edid[i] >> 5;
+ u8 len = edid[i] & 0x1f;
+
+ if (tag == 3 && len >= 5 && i + len <= end &&
+ edid[i + 1] == 0x03 &&
+ edid[i + 2] == 0x0c &&
+ edid[i + 3] == 0x00)
+ return i + 4;
+ i += len + 1;
+ } while (i < end);
+ }
+ }
+ return 0;
+}
+
#endif /* _MEDIA_CEC_H */
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 298/361] media: cec: integrate cec_validate_phys_addr() in cec-api.c
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (296 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 297/361] media: cec: make cec_get_edid_spa_location() an inline function Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 299/361] xen: fix xen_qlock_wait() Greg Kroah-Hartman
` (65 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans Verkuil, Mauro Carvalho Chehab
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans Verkuil <hans.verkuil@cisco.com>
commit e81bff39489a06384822bb38ce7a59f9e365bbe9 upstream.
The cec_phys_addr_validate() function will be moved to V4L2,
so use a simplified variant of that function in cec-api.c.
cec now no longer calls cec_phys_addr_validate() and it can
be safely moved to V4L2.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Cc: <stable@vger.kernel.org> # for v4.17 and up
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/cec/cec-api.c | 19 ++++++++++++++++++-
1 file changed, 18 insertions(+), 1 deletion(-)
--- a/drivers/media/cec/cec-api.c
+++ b/drivers/media/cec/cec-api.c
@@ -101,6 +101,23 @@ static long cec_adap_g_phys_addr(struct
return 0;
}
+static int cec_validate_phys_addr(u16 phys_addr)
+{
+ int i;
+
+ if (phys_addr == CEC_PHYS_ADDR_INVALID)
+ return 0;
+ for (i = 0; i < 16; i += 4)
+ if (phys_addr & (0xf << i))
+ break;
+ if (i == 16)
+ return 0;
+ for (i += 4; i < 16; i += 4)
+ if ((phys_addr & (0xf << i)) == 0)
+ return -EINVAL;
+ return 0;
+}
+
static long cec_adap_s_phys_addr(struct cec_adapter *adap, struct cec_fh *fh,
bool block, __u16 __user *parg)
{
@@ -112,7 +129,7 @@ static long cec_adap_s_phys_addr(struct
if (copy_from_user(&phys_addr, parg, sizeof(phys_addr)))
return -EFAULT;
- err = cec_phys_addr_validate(phys_addr, NULL, NULL);
+ err = cec_validate_phys_addr(phys_addr);
if (err)
return err;
mutex_lock(&adap->lock);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 299/361] xen: fix xen_qlock_wait()
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (297 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 298/361] media: cec: integrate cec_validate_phys_addr() in cec-api.c Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 300/361] xen: remove size limit of privcmd-buf mapping interface Greg Kroah-Hartman
` (64 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sander Eikelenboom, Juergen Gross,
Boris Ostrovsky
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Juergen Gross <jgross@suse.com>
commit d3132b3860f6cf35ff7609a76bbcdbb814bd027c upstream.
Commit a856531951dc80 ("xen: make xen_qlock_wait() nestable")
introduced a regression for Xen guests running fully virtualized
(HVM or PVH mode). The Xen hypervisor wouldn't return from the poll
hypercall with interrupts disabled in case of an interrupt (for PV
guests it does).
So instead of disabling interrupts in xen_qlock_wait() use a nesting
counter to avoid calling xen_clear_irq_pending() in case
xen_qlock_wait() is nested.
Fixes: a856531951dc80 ("xen: make xen_qlock_wait() nestable")
Cc: stable@vger.kernel.org
Reported-by: Sander Eikelenboom <linux@eikelenboom.it>
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Tested-by: Sander Eikelenboom <linux@eikelenboom.it>
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/xen/spinlock.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
--- a/arch/x86/xen/spinlock.c
+++ b/arch/x86/xen/spinlock.c
@@ -9,6 +9,7 @@
#include <linux/log2.h>
#include <linux/gfp.h>
#include <linux/slab.h>
+#include <linux/atomic.h>
#include <asm/paravirt.h>
#include <asm/qspinlock.h>
@@ -21,6 +22,7 @@
static DEFINE_PER_CPU(int, lock_kicker_irq) = -1;
static DEFINE_PER_CPU(char *, irq_name);
+static DEFINE_PER_CPU(atomic_t, xen_qlock_wait_nest);
static bool xen_pvspin = true;
static void xen_qlock_kick(int cpu)
@@ -39,25 +41,25 @@ static void xen_qlock_kick(int cpu)
*/
static void xen_qlock_wait(u8 *byte, u8 val)
{
- unsigned long flags;
int irq = __this_cpu_read(lock_kicker_irq);
+ atomic_t *nest_cnt = this_cpu_ptr(&xen_qlock_wait_nest);
/* If kicker interrupts not initialized yet, just spin */
if (irq == -1 || in_nmi())
return;
- /* Guard against reentry. */
- local_irq_save(flags);
+ /* Detect reentry. */
+ atomic_inc(nest_cnt);
- /* If irq pending already clear it. */
- if (xen_test_irq_pending(irq)) {
+ /* If irq pending already and no nested call clear it. */
+ if (atomic_read(nest_cnt) == 1 && xen_test_irq_pending(irq)) {
xen_clear_irq_pending(irq);
} else if (READ_ONCE(*byte) == val) {
/* Block until irq becomes pending (or a spurious wakeup) */
xen_poll_irq(irq);
}
- local_irq_restore(flags);
+ atomic_dec(nest_cnt);
}
static irqreturn_t dummy_handler(int irq, void *dev_id)
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 300/361] xen: remove size limit of privcmd-buf mapping interface
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (298 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 299/361] xen: fix xen_qlock_wait() Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 301/361] xen-blkfront: fix kernel panic with negotiate_mq error path Greg Kroah-Hartman
` (63 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Juergen Gross, Boris Ostrovsky
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Juergen Gross <jgross@suse.com>
commit 3941552aec1e04d63999988a057ae09a1c56ebeb upstream.
Currently the size of hypercall buffers allocated via
/dev/xen/hypercall is limited to a default of 64 memory pages. For live
migration of guests this might be too small as the page dirty bitmask
needs to be sized according to the size of the guest. This means
migrating a 8GB sized guest is already exhausting the default buffer
size for the dirty bitmap.
There is no sensible way to set a sane limit, so just remove it
completely. The device node's usage is limited to root anyway, so there
is no additional DOS scenario added by allowing unlimited buffers.
While at it make the error path for the -ENOMEM case a little bit
cleaner by setting n_pages to the number of successfully allocated
pages instead of the target size.
Fixes: c51b3c639e01f2 ("xen: add new hypercall buffer mapping device")
Cc: <stable@vger.kernel.org> #4.18
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/xen/privcmd-buf.c | 22 ++++------------------
1 file changed, 4 insertions(+), 18 deletions(-)
--- a/drivers/xen/privcmd-buf.c
+++ b/drivers/xen/privcmd-buf.c
@@ -21,15 +21,9 @@
MODULE_LICENSE("GPL");
-static unsigned int limit = 64;
-module_param(limit, uint, 0644);
-MODULE_PARM_DESC(limit, "Maximum number of pages that may be allocated by "
- "the privcmd-buf device per open file");
-
struct privcmd_buf_private {
struct mutex lock;
struct list_head list;
- unsigned int allocated;
};
struct privcmd_buf_vma_private {
@@ -60,13 +54,10 @@ static void privcmd_buf_vmapriv_free(str
{
unsigned int i;
- vma_priv->file_priv->allocated -= vma_priv->n_pages;
-
list_del(&vma_priv->list);
for (i = 0; i < vma_priv->n_pages; i++)
- if (vma_priv->pages[i])
- __free_page(vma_priv->pages[i]);
+ __free_page(vma_priv->pages[i]);
kfree(vma_priv);
}
@@ -146,8 +137,7 @@ static int privcmd_buf_mmap(struct file
unsigned int i;
int ret = 0;
- if (!(vma->vm_flags & VM_SHARED) || count > limit ||
- file_priv->allocated + count > limit)
+ if (!(vma->vm_flags & VM_SHARED))
return -EINVAL;
vma_priv = kzalloc(sizeof(*vma_priv) + count * sizeof(void *),
@@ -155,19 +145,15 @@ static int privcmd_buf_mmap(struct file
if (!vma_priv)
return -ENOMEM;
- vma_priv->n_pages = count;
- count = 0;
- for (i = 0; i < vma_priv->n_pages; i++) {
+ for (i = 0; i < count; i++) {
vma_priv->pages[i] = alloc_page(GFP_KERNEL | __GFP_ZERO);
if (!vma_priv->pages[i])
break;
- count++;
+ vma_priv->n_pages++;
}
mutex_lock(&file_priv->lock);
- file_priv->allocated += count;
-
vma_priv->file_priv = file_priv;
vma_priv->users = 1;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 301/361] xen-blkfront: fix kernel panic with negotiate_mq error path
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (299 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 300/361] xen: remove size limit of privcmd-buf mapping interface Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 302/361] media: cec: add new tx/rx status bits to detect aborts/timeouts Greg Kroah-Hartman
` (62 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Manjunath Patil, Roger Pau Monné,
Juergen Gross
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Manjunath Patil <manjunath.b.patil@oracle.com>
commit 6cc4a0863c9709c512280c64e698d68443ac8053 upstream.
info->nr_rings isn't adjusted in case of ENOMEM error from
negotiate_mq(). This leads to kernel panic in error path.
Typical call stack involving panic -
#8 page_fault at ffffffff8175936f
[exception RIP: blkif_free_ring+33]
RIP: ffffffffa0149491 RSP: ffff8804f7673c08 RFLAGS: 00010292
...
#9 blkif_free at ffffffffa0149aaa [xen_blkfront]
#10 talk_to_blkback at ffffffffa014c8cd [xen_blkfront]
#11 blkback_changed at ffffffffa014ea8b [xen_blkfront]
#12 xenbus_otherend_changed at ffffffff81424670
#13 backend_changed at ffffffff81426dc3
#14 xenwatch_thread at ffffffff81422f29
#15 kthread at ffffffff810abe6a
#16 ret_from_fork at ffffffff81754078
Cc: stable@vger.kernel.org
Fixes: 7ed8ce1c5fc7 ("xen-blkfront: move negotiate_mq to cover all cases of new VBDs")
Signed-off-by: Manjunath Patil <manjunath.b.patil@oracle.com>
Acked-by: Roger Pau Monné <roger.pau@citrix.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/block/xen-blkfront.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/block/xen-blkfront.c
+++ b/drivers/block/xen-blkfront.c
@@ -1919,6 +1919,7 @@ static int negotiate_mq(struct blkfront_
GFP_KERNEL);
if (!info->rinfo) {
xenbus_dev_fatal(info->xbdev, -ENOMEM, "allocating ring_info structure");
+ info->nr_rings = 0;
return -ENOMEM;
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 302/361] media: cec: add new tx/rx status bits to detect aborts/timeouts
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (300 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 301/361] xen-blkfront: fix kernel panic with negotiate_mq error path Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 303/361] media: cec: fix the Signal Free Time calculation Greg Kroah-Hartman
` (61 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans Verkuil, Mauro Carvalho Chehab
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans Verkuil <hans.verkuil@cisco.com>
commit 7ec2b3b941a666a942859684281b5f6460a0c234 upstream.
If the HDMI cable is disconnected or the CEC adapter is manually
unconfigured, then all pending transmits and wait-for-replies are
aborted. Signal this with new status bits (CEC_RX/TX_STATUS_ABORTED).
If due to (usually) a driver bug a transmit never ends (i.e. the
transmit_done was never called by the driver), then when this times
out the message is marked with CEC_TX_STATUS_TIMEOUT.
This should not happen and is an indication of a driver bug.
Without a separate status bit for this it was impossible to detect
this from userspace.
The 'transmit timed out' kernel message is now a warning, so this
should be more prominent in the kernel log as well.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Cc: <stable@vger.kernel.org> # for v4.18 and up
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Documentation/media/uapi/cec/cec-ioc-receive.rst | 25 +++++++-
drivers/media/cec/cec-adap.c | 68 ++++++-----------------
include/uapi/linux/cec.h | 3 +
3 files changed, 45 insertions(+), 51 deletions(-)
--- a/Documentation/media/uapi/cec/cec-ioc-receive.rst
+++ b/Documentation/media/uapi/cec/cec-ioc-receive.rst
@@ -16,10 +16,10 @@ CEC_RECEIVE, CEC_TRANSMIT - Receive or t
Synopsis
========
-.. c:function:: int ioctl( int fd, CEC_RECEIVE, struct cec_msg *argp )
+.. c:function:: int ioctl( int fd, CEC_RECEIVE, struct cec_msg \*argp )
:name: CEC_RECEIVE
-.. c:function:: int ioctl( int fd, CEC_TRANSMIT, struct cec_msg *argp )
+.. c:function:: int ioctl( int fd, CEC_TRANSMIT, struct cec_msg \*argp )
:name: CEC_TRANSMIT
Arguments
@@ -272,6 +272,19 @@ View On' messages from initiator 0xf ('U
- The transmit failed after one or more retries. This status bit is
mutually exclusive with :ref:`CEC_TX_STATUS_OK <CEC-TX-STATUS-OK>`.
Other bits can still be set to explain which failures were seen.
+ * .. _`CEC-TX-STATUS-ABORTED`:
+
+ - ``CEC_TX_STATUS_ABORTED``
+ - 0x40
+ - The transmit was aborted due to an HDMI disconnect, or the adapter
+ was unconfigured, or a transmit was interrupted, or the driver
+ returned an error when attempting to start a transmit.
+ * .. _`CEC-TX-STATUS-TIMEOUT`:
+
+ - ``CEC_TX_STATUS_TIMEOUT``
+ - 0x80
+ - The transmit timed out. This should not normally happen and this
+ indicates a driver problem.
.. tabularcolumns:: |p{5.6cm}|p{0.9cm}|p{11.0cm}|
@@ -300,6 +313,14 @@ View On' messages from initiator 0xf ('U
- The message was received successfully but the reply was
``CEC_MSG_FEATURE_ABORT``. This status is only set if this message
was the reply to an earlier transmitted message.
+ * .. _`CEC-RX-STATUS-ABORTED`:
+
+ - ``CEC_RX_STATUS_ABORTED``
+ - 0x08
+ - The wait for a reply to an earlier transmitted message was aborted
+ because the HDMI cable was disconnected, the adapter was unconfigured
+ or the :ref:`CEC_TRANSMIT <CEC_RECEIVE>` that waited for a
+ reply was interrupted.
--- a/drivers/media/cec/cec-adap.c
+++ b/drivers/media/cec/cec-adap.c
@@ -341,7 +341,7 @@ static void cec_data_completed(struct ce
*
* This function is called with adap->lock held.
*/
-static void cec_data_cancel(struct cec_data *data)
+static void cec_data_cancel(struct cec_data *data, u8 tx_status)
{
/*
* It's either the current transmit, or it is a pending
@@ -356,13 +356,11 @@ static void cec_data_cancel(struct cec_d
}
if (data->msg.tx_status & CEC_TX_STATUS_OK) {
- /* Mark the canceled RX as a timeout */
data->msg.rx_ts = ktime_get_ns();
- data->msg.rx_status = CEC_RX_STATUS_TIMEOUT;
+ data->msg.rx_status = CEC_RX_STATUS_ABORTED;
} else {
- /* Mark the canceled TX as an error */
data->msg.tx_ts = ktime_get_ns();
- data->msg.tx_status |= CEC_TX_STATUS_ERROR |
+ data->msg.tx_status |= tx_status |
CEC_TX_STATUS_MAX_RETRIES;
data->msg.tx_error_cnt++;
data->attempts = 0;
@@ -390,15 +388,15 @@ static void cec_flush(struct cec_adapter
while (!list_empty(&adap->transmit_queue)) {
data = list_first_entry(&adap->transmit_queue,
struct cec_data, list);
- cec_data_cancel(data);
+ cec_data_cancel(data, CEC_TX_STATUS_ABORTED);
}
if (adap->transmitting)
- cec_data_cancel(adap->transmitting);
+ cec_data_cancel(adap->transmitting, CEC_TX_STATUS_ABORTED);
/* Cancel the pending timeout work. */
list_for_each_entry_safe(data, n, &adap->wait_queue, list) {
if (cancel_delayed_work(&data->work))
- cec_data_cancel(data);
+ cec_data_cancel(data, CEC_TX_STATUS_OK);
/*
* If cancel_delayed_work returned false, then
* the cec_wait_timeout function is running,
@@ -474,12 +472,13 @@ int cec_thread_func(void *_adap)
* so much traffic on the bus that the adapter was
* unable to transmit for CEC_XFER_TIMEOUT_MS (2.1s).
*/
- dprintk(1, "%s: message %*ph timed out\n", __func__,
+ pr_warn("cec-%s: message %*ph timed out\n", adap->name,
adap->transmitting->msg.len,
adap->transmitting->msg.msg);
adap->tx_timeouts++;
/* Just give up on this. */
- cec_data_cancel(adap->transmitting);
+ cec_data_cancel(adap->transmitting,
+ CEC_TX_STATUS_TIMEOUT);
goto unlock;
}
@@ -530,7 +529,7 @@ int cec_thread_func(void *_adap)
/* Tell the adapter to transmit, cancel on error */
if (adap->ops->adap_transmit(adap, data->attempts,
signal_free_time, &data->msg))
- cec_data_cancel(data);
+ cec_data_cancel(data, CEC_TX_STATUS_ABORTED);
unlock:
mutex_unlock(&adap->lock);
@@ -702,8 +701,6 @@ int cec_transmit_msg_fh(struct cec_adapt
{
struct cec_data *data;
u8 last_initiator = 0xff;
- unsigned int timeout;
- int res = 0;
msg->rx_ts = 0;
msg->tx_ts = 0;
@@ -846,47 +843,20 @@ int cec_transmit_msg_fh(struct cec_adapt
return 0;
/*
- * If we don't get a completion before this time something is really
- * wrong and we time out.
- */
- timeout = CEC_XFER_TIMEOUT_MS;
- /* Add the requested timeout if we have to wait for a reply as well */
- if (msg->timeout)
- timeout += msg->timeout;
-
- /*
* Release the lock and wait, retake the lock afterwards.
*/
mutex_unlock(&adap->lock);
- res = wait_for_completion_killable_timeout(&data->c,
- msecs_to_jiffies(timeout));
+ wait_for_completion_killable(&data->c);
mutex_lock(&adap->lock);
- if (data->completed) {
- /* The transmit completed (possibly with an error) */
- *msg = data->msg;
- kfree(data);
- return 0;
- }
- /*
- * The wait for completion timed out or was interrupted, so mark this
- * as non-blocking and disconnect from the filehandle since it is
- * still 'in flight'. When it finally completes it will just drop the
- * result silently.
- */
- data->blocking = false;
- if (data->fh)
- list_del(&data->xfer_list);
- data->fh = NULL;
-
- if (res == 0) { /* timed out */
- /* Check if the reply or the transmit failed */
- if (msg->timeout && (msg->tx_status & CEC_TX_STATUS_OK))
- msg->rx_status = CEC_RX_STATUS_TIMEOUT;
- else
- msg->tx_status = CEC_TX_STATUS_MAX_RETRIES;
- }
- return res > 0 ? 0 : res;
+ /* Cancel the transmit if it was interrupted */
+ if (!data->completed)
+ cec_data_cancel(data, CEC_TX_STATUS_ABORTED);
+
+ /* The transmit completed (possibly with an error) */
+ *msg = data->msg;
+ kfree(data);
+ return 0;
}
/* Helper function to be used by drivers and this framework. */
--- a/include/uapi/linux/cec.h
+++ b/include/uapi/linux/cec.h
@@ -152,10 +152,13 @@ static inline void cec_msg_set_reply_to(
#define CEC_TX_STATUS_LOW_DRIVE (1 << 3)
#define CEC_TX_STATUS_ERROR (1 << 4)
#define CEC_TX_STATUS_MAX_RETRIES (1 << 5)
+#define CEC_TX_STATUS_ABORTED (1 << 6)
+#define CEC_TX_STATUS_TIMEOUT (1 << 7)
#define CEC_RX_STATUS_OK (1 << 0)
#define CEC_RX_STATUS_TIMEOUT (1 << 1)
#define CEC_RX_STATUS_FEATURE_ABORT (1 << 2)
+#define CEC_RX_STATUS_ABORTED (1 << 3)
static inline int cec_msg_status_is_ok(const struct cec_msg *msg)
{
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 303/361] media: cec: fix the Signal Free Time calculation
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (301 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 302/361] media: cec: add new tx/rx status bits to detect aborts/timeouts Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 304/361] media: cec: forgot to cancel delayed work Greg Kroah-Hartman
` (60 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans Verkuil, Mauro Carvalho Chehab
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans Verkuil <hans.verkuil@cisco.com>
commit 7d867a1b765e2b70815fec4964d7822a976ed349 upstream.
The calculation of the Signal Free Time in the framework was not
correct. If a message was received, then the next transmit should be
considered a New Initiator and use a shorter SFT value.
This was not done with the result that if both sides where continually
sending messages, they both could use the same SFT value and one side
could deny the other side access to the bus.
Note that this fix does not take the corner case into account where
a receive is in progress when you call adap_transmit.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Cc: <stable@vger.kernel.org> # for v4.18 and up
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/cec/cec-adap.c | 26 +++++++-------------------
include/media/cec.h | 2 +-
2 files changed, 8 insertions(+), 20 deletions(-)
--- a/drivers/media/cec/cec-adap.c
+++ b/drivers/media/cec/cec-adap.c
@@ -513,9 +513,11 @@ int cec_thread_func(void *_adap)
if (data->attempts) {
/* should be >= 3 data bit periods for a retry */
signal_free_time = CEC_SIGNAL_FREE_TIME_RETRY;
- } else if (data->new_initiator) {
+ } else if (adap->last_initiator !=
+ cec_msg_initiator(&data->msg)) {
/* should be >= 5 data bit periods for new initiator */
signal_free_time = CEC_SIGNAL_FREE_TIME_NEW_INITIATOR;
+ adap->last_initiator = cec_msg_initiator(&data->msg);
} else {
/*
* should be >= 7 data bit periods for sending another
@@ -700,7 +702,6 @@ int cec_transmit_msg_fh(struct cec_adapt
struct cec_fh *fh, bool block)
{
struct cec_data *data;
- u8 last_initiator = 0xff;
msg->rx_ts = 0;
msg->tx_ts = 0;
@@ -810,23 +811,6 @@ int cec_transmit_msg_fh(struct cec_adapt
data->adap = adap;
data->blocking = block;
- /*
- * Determine if this message follows a message from the same
- * initiator. Needed to determine the free signal time later on.
- */
- if (msg->len > 1) {
- if (!(list_empty(&adap->transmit_queue))) {
- const struct cec_data *last;
-
- last = list_last_entry(&adap->transmit_queue,
- const struct cec_data, list);
- last_initiator = cec_msg_initiator(&last->msg);
- } else if (adap->transmitting) {
- last_initiator =
- cec_msg_initiator(&adap->transmitting->msg);
- }
- }
- data->new_initiator = last_initiator != cec_msg_initiator(msg);
init_completion(&data->c);
INIT_DELAYED_WORK(&data->work, cec_wait_timeout);
@@ -1014,6 +998,8 @@ void cec_received_msg_ts(struct cec_adap
mutex_lock(&adap->lock);
dprintk(2, "%s: %*ph\n", __func__, msg->len, msg->msg);
+ adap->last_initiator = 0xff;
+
/* Check if this message was for us (directed or broadcast). */
if (!cec_msg_is_broadcast(msg))
valid_la = cec_has_log_addr(adap, msg_dest);
@@ -1476,6 +1462,8 @@ void __cec_s_phys_addr(struct cec_adapte
}
mutex_lock(&adap->devnode.lock);
+ adap->last_initiator = 0xff;
+
if ((adap->needs_hpd || list_empty(&adap->devnode.fhs)) &&
adap->ops->adap_enable(adap, true)) {
mutex_unlock(&adap->devnode.lock);
--- a/include/media/cec.h
+++ b/include/media/cec.h
@@ -63,7 +63,6 @@ struct cec_data {
struct delayed_work work;
struct completion c;
u8 attempts;
- bool new_initiator;
bool blocking;
bool completed;
};
@@ -174,6 +173,7 @@ struct cec_adapter {
bool is_configuring;
bool is_configured;
bool cec_pin_is_high;
+ u8 last_initiator;
u32 monitor_all_cnt;
u32 monitor_pin_cnt;
u32 follower_cnt;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 304/361] media: cec: forgot to cancel delayed work
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (302 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 303/361] media: cec: fix the Signal Free Time calculation Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 305/361] media: em28xx: use a default format if TRY_FMT fails Greg Kroah-Hartman
` (59 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans Verkuil, Mauro Carvalho Chehab
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans Verkuil <hverkuil@xs4all.nl>
commit 490d84f6d73c12f4204241cff8651eed60aae914 upstream.
If the wait for completion was interrupted, then make sure to cancel
any delayed work.
This can only happen if a transmit is waiting for a reply, and you press
Ctrl-C or reboot/poweroff or something like that which interrupts the
thread waiting for the reply and then proceeds to delete the CEC message.
Since the delayed work wasn't canceled, once it would trigger it referred
to stale data and resulted in a kernel oops.
Fixes: 7ec2b3b941a6 ("cec: add new tx/rx status bits to detect aborts/timeouts")
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Cc: <stable@vger.kernel.org> # for v4.18 and up
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/cec/cec-adap.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/media/cec/cec-adap.c
+++ b/drivers/media/cec/cec-adap.c
@@ -831,6 +831,8 @@ int cec_transmit_msg_fh(struct cec_adapt
*/
mutex_unlock(&adap->lock);
wait_for_completion_killable(&data->c);
+ if (!data->completed)
+ cancel_delayed_work_sync(&data->work);
mutex_lock(&adap->lock);
/* Cancel the transmit if it was interrupted */
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 305/361] media: em28xx: use a default format if TRY_FMT fails
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (303 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 304/361] media: cec: forgot to cancel delayed work Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 306/361] media: tvp5150: avoid going past array on v4l2_querymenu() Greg Kroah-Hartman
` (58 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mauro Carvalho Chehab
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
commit f823ce2a1202d47110a7ef86b65839f0be8adc38 upstream.
Follow the V4L2 spec, as warned by v4l2-compliance:
warn: v4l2-test-formats.cpp(732): TRY_FMT cannot handle an invalid pixelformat.
warn: v4l2-test-formats.cpp(733): This may or may not be a problem. For more information see:
warn: v4l2-test-formats.cpp(734): http://www.mail-archive.com/linux-media@vger.kernel.org/msg56550.html
Cc: stable@vger.kernel.org
Fixes: bddcf63313c6 ("V4L/DVB (9927): em28xx: use a more standard way to specify video formats")
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/usb/em28xx/em28xx-video.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/media/usb/em28xx/em28xx-video.c
+++ b/drivers/media/usb/em28xx/em28xx-video.c
@@ -1471,9 +1471,9 @@ static int vidioc_try_fmt_vid_cap(struct
fmt = format_by_fourcc(f->fmt.pix.pixelformat);
if (!fmt) {
- em28xx_videodbg("Fourcc format (%08x) invalid.\n",
- f->fmt.pix.pixelformat);
- return -EINVAL;
+ fmt = &format[0];
+ em28xx_videodbg("Fourcc format (%08x) invalid. Using default (%08x).\n",
+ f->fmt.pix.pixelformat, fmt->fourcc);
}
if (dev->board.is_em2800) {
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 306/361] media: tvp5150: avoid going past array on v4l2_querymenu()
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (304 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 305/361] media: em28xx: use a default format if TRY_FMT fails Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 307/361] media: em28xx: fix input name for Terratec AV 350 Greg Kroah-Hartman
` (57 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mauro Carvalho Chehab
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
commit 5c4c4505b716cb782ad7263091edc466c4d1fbd4 upstream.
The parameters of v4l2_ctrl_new_std_menu_items() are tricky: instead of
the number of possible values, it requires the number of the maximum
value. In other words, the ARRAY_SIZE() value should be decremented,
otherwise it will go past the array bounds, as warned by KASAN:
[ 279.839688] BUG: KASAN: global-out-of-bounds in v4l2_querymenu+0x10d/0x180 [videodev]
[ 279.839709] Read of size 8 at addr ffffffffc10a4cb0 by task v4l2-compliance/16676
[ 279.839736] CPU: 1 PID: 16676 Comm: v4l2-compliance Not tainted 4.18.0-rc2+ #120
[ 279.839741] Hardware name: /NUC5i7RYB, BIOS RYBDWi35.86A.0364.2017.0511.0949 05/11/2017
[ 279.839743] Call Trace:
[ 279.839758] dump_stack+0x71/0xab
[ 279.839807] ? v4l2_querymenu+0x10d/0x180 [videodev]
[ 279.839817] print_address_description+0x1c9/0x270
[ 279.839863] ? v4l2_querymenu+0x10d/0x180 [videodev]
[ 279.839871] kasan_report+0x237/0x360
[ 279.839918] v4l2_querymenu+0x10d/0x180 [videodev]
[ 279.839964] __video_do_ioctl+0x2c8/0x590 [videodev]
[ 279.840011] ? copy_overflow+0x20/0x20 [videodev]
[ 279.840020] ? avc_ss_reset+0xa0/0xa0
[ 279.840028] ? check_stack_object+0x21/0x60
[ 279.840036] ? __check_object_size+0xe7/0x240
[ 279.840080] video_usercopy+0xed/0x730 [videodev]
[ 279.840123] ? copy_overflow+0x20/0x20 [videodev]
[ 279.840167] ? v4l_enumstd+0x40/0x40 [videodev]
[ 279.840177] ? __handle_mm_fault+0x9f9/0x1ba0
[ 279.840186] ? __pmd_alloc+0x2c0/0x2c0
[ 279.840193] ? __vfs_write+0xb6/0x350
[ 279.840200] ? kernel_read+0xa0/0xa0
[ 279.840244] ? video_usercopy+0x730/0x730 [videodev]
[ 279.840284] v4l2_ioctl+0xa1/0xb0 [videodev]
[ 279.840295] do_vfs_ioctl+0x117/0x8a0
[ 279.840303] ? selinux_file_ioctl+0x211/0x2f0
[ 279.840313] ? ioctl_preallocate+0x120/0x120
[ 279.840319] ? selinux_capable+0x20/0x20
[ 279.840332] ksys_ioctl+0x70/0x80
[ 279.840342] __x64_sys_ioctl+0x3d/0x50
[ 279.840351] do_syscall_64+0x6d/0x1c0
[ 279.840361] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 279.840367] RIP: 0033:0x7fdfb46275d7
[ 279.840369] Code: b3 66 90 48 8b 05 b1 48 2d 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 81 48 2d 00 f7 d8 64 89 01 48
[ 279.840474] RSP: 002b:00007ffee1179038 EFLAGS: 00000202 ORIG_RAX: 0000000000000010
[ 279.840483] RAX: ffffffffffffffda RBX: 00007ffee1179180 RCX: 00007fdfb46275d7
[ 279.840488] RDX: 00007ffee11790c0 RSI: 00000000c02c5625 RDI: 0000000000000003
[ 279.840493] RBP: 0000000000000002 R08: 0000000000000020 R09: 00000000009f0902
[ 279.840497] R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffee117a5a0
[ 279.840501] R13: 00007ffee11790c0 R14: 0000000000000002 R15: 0000000000000000
[ 279.840515] The buggy address belongs to the variable:
[ 279.840535] tvp5150_test_patterns+0x10/0xffffffffffffe360 [tvp5150]
Fixes: c43875f66140 ("[media] tvp5150: replace MEDIA_ENT_F_CONN_TEST by a control")
Cc: stable@vger.kernel.org
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/i2c/tvp5150.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/media/i2c/tvp5150.c
+++ b/drivers/media/i2c/tvp5150.c
@@ -1534,7 +1534,7 @@ static int tvp5150_probe(struct i2c_clie
27000000, 1, 27000000);
v4l2_ctrl_new_std_menu_items(&core->hdl, &tvp5150_ctrl_ops,
V4L2_CID_TEST_PATTERN,
- ARRAY_SIZE(tvp5150_test_patterns),
+ ARRAY_SIZE(tvp5150_test_patterns) - 1,
0, 0, tvp5150_test_patterns);
sd->ctrl_handler = &core->hdl;
if (core->hdl.error) {
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 307/361] media: em28xx: fix input name for Terratec AV 350
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (305 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 306/361] media: tvp5150: avoid going past array on v4l2_querymenu() Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 308/361] media: em28xx: make v4l2-compliance happier by starting sequence on zero Greg Kroah-Hartman
` (56 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mauro Carvalho Chehab
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
commit 15644bfa195bd166d0a5ed76ae2d587f719c3dac upstream.
Instead of using a register value, use an AMUX name, as otherwise
VIDIOC_G_AUDIO would fail.
Cc: stable@vger.kernel.org
Fixes: 766ed64de554 ("V4L/DVB (11827): Add support for Terratec Grabster AV350")
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/usb/em28xx/em28xx-cards.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/media/usb/em28xx/em28xx-cards.c
+++ b/drivers/media/usb/em28xx/em28xx-cards.c
@@ -2141,13 +2141,13 @@ const struct em28xx_board em28xx_boards[
.input = { {
.type = EM28XX_VMUX_COMPOSITE,
.vmux = TVP5150_COMPOSITE1,
- .amux = EM28XX_AUDIO_SRC_LINE,
+ .amux = EM28XX_AMUX_LINE_IN,
.gpio = terratec_av350_unmute_gpio,
}, {
.type = EM28XX_VMUX_SVIDEO,
.vmux = TVP5150_SVIDEO,
- .amux = EM28XX_AUDIO_SRC_LINE,
+ .amux = EM28XX_AMUX_LINE_IN,
.gpio = terratec_av350_unmute_gpio,
} },
},
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 308/361] media: em28xx: make v4l2-compliance happier by starting sequence on zero
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (306 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 307/361] media: em28xx: fix input name for Terratec AV 350 Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 309/361] media: em28xx: fix handler for vidioc_s_input() Greg Kroah-Hartman
` (55 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mauro Carvalho Chehab
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
commit afeaade90db4c5dab93f326d9582be1d5954a198 upstream.
The v4l2-compliance tool complains if a video doesn't start
with a zero sequence number.
While this shouldn't cause any real problem for apps, let's
make it happier, in order to better check the v4l2-compliance
differences before and after patchsets.
This is actually an old issue. It is there since at least its
videobuf2 conversion, e. g. changeset 3829fadc461 ("[media]
em28xx: convert to videobuf2"), if VB1 wouldn't suffer from
the same issue.
Cc: stable@vger.kernel.org
Fixes: d3829fadc461 ("[media] em28xx: convert to videobuf2")
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/usb/em28xx/em28xx-video.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/media/usb/em28xx/em28xx-video.c
+++ b/drivers/media/usb/em28xx/em28xx-video.c
@@ -1093,6 +1093,8 @@ int em28xx_start_analog_streaming(struct
em28xx_videodbg("%s\n", __func__);
+ dev->v4l2->field_count = 0;
+
/*
* Make sure streaming is not already in progress for this type
* of filehandle (e.g. video, vbi)
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 309/361] media: em28xx: fix handler for vidioc_s_input()
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (307 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 308/361] media: em28xx: make v4l2-compliance happier by starting sequence on zero Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 310/361] media: adv7604: when the EDID is cleared, unconfigure CEC as well Greg Kroah-Hartman
` (54 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mauro Carvalho Chehab
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
commit 258c430456ba5f0005043762e14fc3be35983aaf upstream.
The a->index is not the name of the internal amux entry,
but, instead a value from zero to the maximum number
of audio inputs.
As the actual available inputs depend on each board, build
it dynamically.
This is broken for a really long time. On a quick check,
since at least commit 195a4ef627e1 ("V4L/DVB (6585): Convert
em28xx to video_ioctl2") this was not implemented right.
Fixes: 195a4ef627e1 ("V4L/DVB (6585): Convert em28xx to video_ioctl2")
Cc: stable@vger.kernel.org
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/usb/em28xx/em28xx-cards.c | 29 ++++++++++
drivers/media/usb/em28xx/em28xx-video.c | 86 ++++++++++++++++++++++++++++----
drivers/media/usb/em28xx/em28xx.h | 8 ++
3 files changed, 113 insertions(+), 10 deletions(-)
--- a/drivers/media/usb/em28xx/em28xx-cards.c
+++ b/drivers/media/usb/em28xx/em28xx-cards.c
@@ -3039,6 +3039,9 @@ static int em28xx_hint_board(struct em28
static void em28xx_card_setup(struct em28xx *dev)
{
+ int i, j, idx;
+ bool duplicate_entry;
+
/*
* If the device can be a webcam, seek for a sensor.
* If sensor is not found, then it isn't a webcam.
@@ -3195,6 +3198,32 @@ static void em28xx_card_setup(struct em2
/* Allow override tuner type by a module parameter */
if (tuner >= 0)
dev->tuner_type = tuner;
+
+ /*
+ * Dynamically generate a list of valid audio inputs for this
+ * specific board, mapping them via enum em28xx_amux.
+ */
+
+ idx = 0;
+ for (i = 0; i < MAX_EM28XX_INPUT; i++) {
+ if (!INPUT(i)->type)
+ continue;
+
+ /* Skip already mapped audio inputs */
+ duplicate_entry = false;
+ for (j = 0; j < idx; j++) {
+ if (INPUT(i)->amux == dev->amux_map[j]) {
+ duplicate_entry = true;
+ break;
+ }
+ }
+ if (duplicate_entry)
+ continue;
+
+ dev->amux_map[idx++] = INPUT(i)->amux;
+ }
+ for (; idx < MAX_EM28XX_INPUT; idx++)
+ dev->amux_map[idx] = EM28XX_AMUX_UNUSED;
}
void em28xx_setup_xc3028(struct em28xx *dev, struct xc2028_ctrl *ctl)
--- a/drivers/media/usb/em28xx/em28xx-video.c
+++ b/drivers/media/usb/em28xx/em28xx-video.c
@@ -1668,6 +1668,7 @@ static int vidioc_enum_input(struct file
{
struct em28xx *dev = video_drvdata(file);
unsigned int n;
+ int j;
n = i->index;
if (n >= MAX_EM28XX_INPUT)
@@ -1687,6 +1688,12 @@ static int vidioc_enum_input(struct file
if (dev->is_webcam)
i->capabilities = 0;
+ /* Dynamically generates an audioset bitmask */
+ i->audioset = 0;
+ for (j = 0; j < MAX_EM28XX_INPUT; j++)
+ if (dev->amux_map[j] != EM28XX_AMUX_UNUSED)
+ i->audioset |= 1 << j;
+
return 0;
}
@@ -1712,11 +1719,24 @@ static int vidioc_s_input(struct file *f
return 0;
}
-static int vidioc_g_audio(struct file *file, void *priv, struct v4l2_audio *a)
-{
- struct em28xx *dev = video_drvdata(file);
+static int em28xx_fill_audio_input(struct em28xx *dev,
+ const char *s,
+ struct v4l2_audio *a,
+ unsigned int index)
+{
+ unsigned int idx = dev->amux_map[index];
+
+ /*
+ * With msp3400, almost all mappings use the default (amux = 0).
+ * The only one may use a different value is WinTV USB2, where it
+ * can also be SCART1 input.
+ * As it is very doubtful that we would see new boards with msp3400,
+ * let's just reuse the existing switch.
+ */
+ if (dev->has_msp34xx && idx != EM28XX_AMUX_UNUSED)
+ idx = EM28XX_AMUX_LINE_IN;
- switch (a->index) {
+ switch (idx) {
case EM28XX_AMUX_VIDEO:
strcpy(a->name, "Television");
break;
@@ -1741,32 +1761,79 @@ static int vidioc_g_audio(struct file *f
case EM28XX_AMUX_PCM_OUT:
strcpy(a->name, "PCM");
break;
+ case EM28XX_AMUX_UNUSED:
default:
return -EINVAL;
}
-
- a->index = dev->ctl_ainput;
+ a->index = index;
a->capability = V4L2_AUDCAP_STEREO;
+ em28xx_videodbg("%s: audio input index %d is '%s'\n",
+ s, a->index, a->name);
+
return 0;
}
+static int vidioc_enumaudio(struct file *file, void *fh, struct v4l2_audio *a)
+{
+ struct em28xx *dev = video_drvdata(file);
+
+ if (a->index >= MAX_EM28XX_INPUT)
+ return -EINVAL;
+
+ return em28xx_fill_audio_input(dev, __func__, a, a->index);
+}
+
+static int vidioc_g_audio(struct file *file, void *priv, struct v4l2_audio *a)
+{
+ struct em28xx *dev = video_drvdata(file);
+ int i;
+
+ for (i = 0; i < MAX_EM28XX_INPUT; i++)
+ if (dev->ctl_ainput == dev->amux_map[i])
+ return em28xx_fill_audio_input(dev, __func__, a, i);
+
+ /* Should never happen! */
+ return -EINVAL;
+}
+
static int vidioc_s_audio(struct file *file, void *priv,
const struct v4l2_audio *a)
{
struct em28xx *dev = video_drvdata(file);
+ int idx, i;
if (a->index >= MAX_EM28XX_INPUT)
return -EINVAL;
- if (!INPUT(a->index)->type)
+
+ idx = dev->amux_map[a->index];
+
+ if (idx == EM28XX_AMUX_UNUSED)
+ return -EINVAL;
+
+ dev->ctl_ainput = idx;
+
+ /*
+ * FIXME: This is wrong, as different inputs at em28xx_cards
+ * may have different audio outputs. So, the right thing
+ * to do is to implement VIDIOC_G_AUDOUT/VIDIOC_S_AUDOUT.
+ * With the current board definitions, this would work fine,
+ * as, currently, all boards fit.
+ */
+ for (i = 0; i < MAX_EM28XX_INPUT; i++)
+ if (idx == dev->amux_map[i])
+ break;
+ if (i == MAX_EM28XX_INPUT)
return -EINVAL;
- dev->ctl_ainput = INPUT(a->index)->amux;
- dev->ctl_aoutput = INPUT(a->index)->aout;
+ dev->ctl_aoutput = INPUT(i)->aout;
if (!dev->ctl_aoutput)
dev->ctl_aoutput = EM28XX_AOUT_MASTER;
+ em28xx_videodbg("%s: set audio input to %d\n", __func__,
+ dev->ctl_ainput);
+
return 0;
}
@@ -2304,6 +2371,7 @@ static const struct v4l2_ioctl_ops video
.vidioc_try_fmt_vbi_cap = vidioc_g_fmt_vbi_cap,
.vidioc_s_fmt_vbi_cap = vidioc_g_fmt_vbi_cap,
.vidioc_enum_framesizes = vidioc_enum_framesizes,
+ .vidioc_enumaudio = vidioc_enumaudio,
.vidioc_g_audio = vidioc_g_audio,
.vidioc_s_audio = vidioc_s_audio,
--- a/drivers/media/usb/em28xx/em28xx.h
+++ b/drivers/media/usb/em28xx/em28xx.h
@@ -335,6 +335,9 @@ enum em28xx_usb_audio_type {
/**
* em28xx_amux - describes the type of audio input used by em28xx
*
+ * @EM28XX_AMUX_UNUSED:
+ * Used only on em28xx dev->map field, in order to mark an entry
+ * as unused.
* @EM28XX_AMUX_VIDEO:
* On devices without AC97, this is the only value that it is currently
* allowed.
@@ -369,7 +372,8 @@ enum em28xx_usb_audio_type {
* same time, via the alsa mux.
*/
enum em28xx_amux {
- EM28XX_AMUX_VIDEO,
+ EM28XX_AMUX_UNUSED = -1,
+ EM28XX_AMUX_VIDEO = 0,
EM28XX_AMUX_LINE_IN,
/* Some less-common mixer setups */
@@ -692,6 +696,8 @@ struct em28xx {
unsigned int ctl_input; // selected input
unsigned int ctl_ainput;// selected audio input
unsigned int ctl_aoutput;// selected audio output
+ enum em28xx_amux amux_map[MAX_EM28XX_INPUT];
+
int mute;
int volume;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 310/361] media: adv7604: when the EDID is cleared, unconfigure CEC as well
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (308 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 309/361] media: em28xx: fix handler for vidioc_s_input() Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 311/361] media: adv7842: " Greg Kroah-Hartman
` (53 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans Verkuil, Mauro Carvalho Chehab
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans Verkuil <hans.verkuil@cisco.com>
commit e7da89926f6dc6cf855f5ffdf79ef99a1b115ca7 upstream.
When there is no EDID the CEC adapter should be unconfigured as
well. So call cec_phys_addr_invalidate() when this happens.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Cc: <stable@vger.kernel.org> # for v4.18 and up
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/i2c/adv7604.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/media/i2c/adv7604.c
+++ b/drivers/media/i2c/adv7604.c
@@ -2284,8 +2284,10 @@ static int adv76xx_set_edid(struct v4l2_
state->aspect_ratio.numerator = 16;
state->aspect_ratio.denominator = 9;
- if (!state->edid.present)
+ if (!state->edid.present) {
state->edid.blocks = 0;
+ cec_phys_addr_invalidate(state->cec_adap);
+ }
v4l2_dbg(2, debug, sd, "%s: clear EDID pad %d, edid.present = 0x%x\n",
__func__, edid->pad, state->edid.present);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 311/361] media: adv7842: when the EDID is cleared, unconfigure CEC as well
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (309 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 310/361] media: adv7604: when the EDID is cleared, unconfigure CEC as well Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 312/361] drm/mediatek: fix OF sibling-node lookup Greg Kroah-Hartman
` (52 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans Verkuil, Mauro Carvalho Chehab
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans Verkuil <hans.verkuil@cisco.com>
commit ab83203e181015b099720aff43ffabc1812e0fb3 upstream.
When there is no EDID the CEC adapter should be unconfigured as
well. So call cec_phys_addr_invalidate() when this happens.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Cc: <stable@vger.kernel.org> # for v4.18 and up
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/i2c/adv7842.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/media/i2c/adv7842.c
+++ b/drivers/media/i2c/adv7842.c
@@ -786,8 +786,10 @@ static int edid_write_hdmi_segment(struc
/* Disable I2C access to internal EDID ram from HDMI DDC ports */
rep_write_and_or(sd, 0x77, 0xf3, 0x00);
- if (!state->hdmi_edid.present)
+ if (!state->hdmi_edid.present) {
+ cec_phys_addr_invalidate(state->cec_adap);
return 0;
+ }
pa = cec_get_edid_phys_addr(edid, 256, &spa_loc);
err = cec_phys_addr_validate(pa, &pa, NULL);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 312/361] drm/mediatek: fix OF sibling-node lookup
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (310 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 311/361] media: adv7842: " Greg Kroah-Hartman
@ 2018-11-11 22:20 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 313/361] media: media colorspaces*.rst: rename AdobeRGB to opRGB Greg Kroah-Hartman
` (51 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Junzhi Zhao, Philipp Zabel, CK Hu,
David Airlie, Johan Hovold, Rob Herring
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johan Hovold <johan@kernel.org>
commit ceff2f4dcd44abf35864d9a99f85ac619e89a01d upstream.
Use the new of_get_compatible_child() helper to lookup the sibling
instead of using of_find_compatible_node(), which searches the entire
tree from a given start node and thus can return an unrelated (i.e.
non-sibling) node.
This also addresses a potential use-after-free (e.g. after probe
deferral) as the tree-wide helper drops a reference to its first
argument (i.e. the parent device node).
While at it, also fix the related cec-node reference leak.
Fixes: 8f83f26891e1 ("drm/mediatek: Add HDMI support")
Cc: stable <stable@vger.kernel.org> # 4.8
Cc: Junzhi Zhao <junzhi.zhao@mediatek.com>
Cc: Philipp Zabel <p.zabel@pengutronix.de>
Cc: CK Hu <ck.hu@mediatek.com>
Cc: David Airlie <airlied@linux.ie>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/mediatek/mtk_hdmi.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/drivers/gpu/drm/mediatek/mtk_hdmi.c
+++ b/drivers/gpu/drm/mediatek/mtk_hdmi.c
@@ -1446,8 +1446,7 @@ static int mtk_hdmi_dt_parse_pdata(struc
}
/* The CEC module handles HDMI hotplug detection */
- cec_np = of_find_compatible_node(np->parent, NULL,
- "mediatek,mt8173-cec");
+ cec_np = of_get_compatible_child(np->parent, "mediatek,mt8173-cec");
if (!cec_np) {
dev_err(dev, "Failed to find CEC node\n");
return -EINVAL;
@@ -1457,8 +1456,10 @@ static int mtk_hdmi_dt_parse_pdata(struc
if (!cec_pdev) {
dev_err(hdmi->dev, "Waiting for CEC device %pOF\n",
cec_np);
+ of_node_put(cec_np);
return -EPROBE_DEFER;
}
+ of_node_put(cec_np);
hdmi->cec_dev = &cec_pdev->dev;
/*
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 313/361] media: media colorspaces*.rst: rename AdobeRGB to opRGB
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (311 preceding siblings ...)
2018-11-11 22:20 ` [PATCH 4.19 312/361] drm/mediatek: fix OF sibling-node lookup Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 314/361] media: replace ADOBERGB by OPRGB Greg Kroah-Hartman
` (50 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans Verkuil, Daniel Vetter,
Mauro Carvalho Chehab
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans Verkuil <hansverk@cisco.com>
commit a58c37978cf02f6d35d05ee4e9288cb8455f1401 upstream.
Drop all Adobe references and use the official opRGB standard
instead.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Cc: stable@vger.kernel.org
Acked-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Documentation/media/uapi/v4l/biblio.rst | 10 ----------
Documentation/media/uapi/v4l/colorspaces-defs.rst | 8 ++++----
Documentation/media/uapi/v4l/colorspaces-details.rst | 13 ++++++-------
3 files changed, 10 insertions(+), 21 deletions(-)
--- a/Documentation/media/uapi/v4l/biblio.rst
+++ b/Documentation/media/uapi/v4l/biblio.rst
@@ -226,16 +226,6 @@ xvYCC
:author: International Electrotechnical Commission (http://www.iec.ch)
-.. _adobergb:
-
-AdobeRGB
-========
-
-
-:title: Adobe© RGB (1998) Color Image Encoding Version 2005-05
-
-:author: Adobe Systems Incorporated (http://www.adobe.com)
-
.. _oprgb:
opRGB
--- a/Documentation/media/uapi/v4l/colorspaces-defs.rst
+++ b/Documentation/media/uapi/v4l/colorspaces-defs.rst
@@ -51,8 +51,8 @@ whole range, 0-255, dividing the angular
- See :ref:`col-rec709`.
* - ``V4L2_COLORSPACE_SRGB``
- See :ref:`col-srgb`.
- * - ``V4L2_COLORSPACE_ADOBERGB``
- - See :ref:`col-adobergb`.
+ * - ``V4L2_COLORSPACE_OPRGB``
+ - See :ref:`col-oprgb`.
* - ``V4L2_COLORSPACE_BT2020``
- See :ref:`col-bt2020`.
* - ``V4L2_COLORSPACE_DCI_P3``
@@ -90,8 +90,8 @@ whole range, 0-255, dividing the angular
- Use the Rec. 709 transfer function.
* - ``V4L2_XFER_FUNC_SRGB``
- Use the sRGB transfer function.
- * - ``V4L2_XFER_FUNC_ADOBERGB``
- - Use the AdobeRGB transfer function.
+ * - ``V4L2_XFER_FUNC_OPRGB``
+ - Use the opRGB transfer function.
* - ``V4L2_XFER_FUNC_SMPTE240M``
- Use the SMPTE 240M transfer function.
* - ``V4L2_XFER_FUNC_NONE``
--- a/Documentation/media/uapi/v4l/colorspaces-details.rst
+++ b/Documentation/media/uapi/v4l/colorspaces-details.rst
@@ -290,15 +290,14 @@ Y' is clamped to the range [0…1] and C
170M/BT.601. The Y'CbCr quantization is limited range.
-.. _col-adobergb:
+.. _col-oprgb:
-Colorspace Adobe RGB (V4L2_COLORSPACE_ADOBERGB)
+Colorspace opRGB (V4L2_COLORSPACE_OPRGB)
===============================================
-The :ref:`adobergb` standard defines the colorspace used by computer
-graphics that use the AdobeRGB colorspace. This is also known as the
-:ref:`oprgb` standard. The default transfer function is
-``V4L2_XFER_FUNC_ADOBERGB``. The default Y'CbCr encoding is
+The :ref:`oprgb` standard defines the colorspace used by computer
+graphics that use the opRGB colorspace. The default transfer function is
+``V4L2_XFER_FUNC_OPRGB``. The default Y'CbCr encoding is
``V4L2_YCBCR_ENC_601``. The default Y'CbCr quantization is limited
range.
@@ -312,7 +311,7 @@ The chromaticities of the primary colors
.. tabularcolumns:: |p{4.4cm}|p{4.4cm}|p{8.7cm}|
-.. flat-table:: Adobe RGB Chromaticities
+.. flat-table:: opRGB Chromaticities
:header-rows: 1
:stub-columns: 0
:widths: 1 1 2
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 314/361] media: replace ADOBERGB by OPRGB
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (312 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 313/361] media: media colorspaces*.rst: rename AdobeRGB to opRGB Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 315/361] media: hdmi.h: rename ADOBE_RGB to OPRGB and ADOBE_YCC to OPYCC Greg Kroah-Hartman
` (49 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans Verkuil, Daniel Vetter,
Mauro Carvalho Chehab
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans Verkuil <hverkuil@xs4all.nl>
commit db0340182444612bcadb98bdec22f651aa42266c upstream.
The CTA-861 standards have been updated to refer to opRGB instead
of AdobeRGB. The official standard is in fact named opRGB, so
switch to that.
The two old defines referring to ADOBERGB in the public API are
put under #ifndef __KERNEL__ and a comment mentions that they are
deprecated.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Cc: stable@vger.kernel.org
Acked-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Documentation/media/videodev2.h.rst.exceptions | 6
drivers/media/common/v4l2-tpg/v4l2-tpg-colors.c | 262 ++++++++++++------------
drivers/media/i2c/adv7511.c | 2
drivers/media/i2c/adv7604.c | 2
drivers/media/i2c/tc358743.c | 4
drivers/media/platform/vivid/vivid-core.h | 2
drivers/media/platform/vivid/vivid-ctrls.c | 6
drivers/media/platform/vivid/vivid-vid-out.c | 2
drivers/media/v4l2-core/v4l2-dv-timings.c | 8
include/uapi/linux/videodev2.h | 23 +-
10 files changed, 165 insertions(+), 152 deletions(-)
--- a/Documentation/media/videodev2.h.rst.exceptions
+++ b/Documentation/media/videodev2.h.rst.exceptions
@@ -56,7 +56,8 @@ replace symbol V4L2_MEMORY_USERPTR :c:ty
# Documented enum v4l2_colorspace
replace symbol V4L2_COLORSPACE_470_SYSTEM_BG :c:type:`v4l2_colorspace`
replace symbol V4L2_COLORSPACE_470_SYSTEM_M :c:type:`v4l2_colorspace`
-replace symbol V4L2_COLORSPACE_ADOBERGB :c:type:`v4l2_colorspace`
+replace symbol V4L2_COLORSPACE_OPRGB :c:type:`v4l2_colorspace`
+replace define V4L2_COLORSPACE_ADOBERGB :c:type:`v4l2_colorspace`
replace symbol V4L2_COLORSPACE_BT2020 :c:type:`v4l2_colorspace`
replace symbol V4L2_COLORSPACE_DCI_P3 :c:type:`v4l2_colorspace`
replace symbol V4L2_COLORSPACE_DEFAULT :c:type:`v4l2_colorspace`
@@ -69,7 +70,8 @@ replace symbol V4L2_COLORSPACE_SRGB :c:t
# Documented enum v4l2_xfer_func
replace symbol V4L2_XFER_FUNC_709 :c:type:`v4l2_xfer_func`
-replace symbol V4L2_XFER_FUNC_ADOBERGB :c:type:`v4l2_xfer_func`
+replace symbol V4L2_XFER_FUNC_OPRGB :c:type:`v4l2_xfer_func`
+replace define V4L2_XFER_FUNC_ADOBERGB :c:type:`v4l2_xfer_func`
replace symbol V4L2_XFER_FUNC_DCI_P3 :c:type:`v4l2_xfer_func`
replace symbol V4L2_XFER_FUNC_DEFAULT :c:type:`v4l2_xfer_func`
replace symbol V4L2_XFER_FUNC_NONE :c:type:`v4l2_xfer_func`
--- a/drivers/media/common/v4l2-tpg/v4l2-tpg-colors.c
+++ b/drivers/media/common/v4l2-tpg/v4l2-tpg-colors.c
@@ -602,14 +602,14 @@ const struct tpg_rbg_color16 tpg_csc_col
[V4L2_COLORSPACE_SMPTE170M][V4L2_XFER_FUNC_SRGB][5] = { 3138, 657, 810 },
[V4L2_COLORSPACE_SMPTE170M][V4L2_XFER_FUNC_SRGB][6] = { 731, 680, 3048 },
[V4L2_COLORSPACE_SMPTE170M][V4L2_XFER_FUNC_SRGB][7] = { 800, 799, 800 },
- [V4L2_COLORSPACE_SMPTE170M][V4L2_XFER_FUNC_ADOBERGB][0] = { 3033, 3033, 3033 },
- [V4L2_COLORSPACE_SMPTE170M][V4L2_XFER_FUNC_ADOBERGB][1] = { 3046, 3054, 886 },
- [V4L2_COLORSPACE_SMPTE170M][V4L2_XFER_FUNC_ADOBERGB][2] = { 0, 3058, 3031 },
- [V4L2_COLORSPACE_SMPTE170M][V4L2_XFER_FUNC_ADOBERGB][3] = { 360, 3079, 877 },
- [V4L2_COLORSPACE_SMPTE170M][V4L2_XFER_FUNC_ADOBERGB][4] = { 3103, 587, 3027 },
- [V4L2_COLORSPACE_SMPTE170M][V4L2_XFER_FUNC_ADOBERGB][5] = { 3116, 723, 861 },
- [V4L2_COLORSPACE_SMPTE170M][V4L2_XFER_FUNC_ADOBERGB][6] = { 789, 744, 3025 },
- [V4L2_COLORSPACE_SMPTE170M][V4L2_XFER_FUNC_ADOBERGB][7] = { 851, 851, 851 },
+ [V4L2_COLORSPACE_SMPTE170M][V4L2_XFER_FUNC_OPRGB][0] = { 3033, 3033, 3033 },
+ [V4L2_COLORSPACE_SMPTE170M][V4L2_XFER_FUNC_OPRGB][1] = { 3046, 3054, 886 },
+ [V4L2_COLORSPACE_SMPTE170M][V4L2_XFER_FUNC_OPRGB][2] = { 0, 3058, 3031 },
+ [V4L2_COLORSPACE_SMPTE170M][V4L2_XFER_FUNC_OPRGB][3] = { 360, 3079, 877 },
+ [V4L2_COLORSPACE_SMPTE170M][V4L2_XFER_FUNC_OPRGB][4] = { 3103, 587, 3027 },
+ [V4L2_COLORSPACE_SMPTE170M][V4L2_XFER_FUNC_OPRGB][5] = { 3116, 723, 861 },
+ [V4L2_COLORSPACE_SMPTE170M][V4L2_XFER_FUNC_OPRGB][6] = { 789, 744, 3025 },
+ [V4L2_COLORSPACE_SMPTE170M][V4L2_XFER_FUNC_OPRGB][7] = { 851, 851, 851 },
[V4L2_COLORSPACE_SMPTE170M][V4L2_XFER_FUNC_SMPTE240M][0] = { 2926, 2926, 2926 },
[V4L2_COLORSPACE_SMPTE170M][V4L2_XFER_FUNC_SMPTE240M][1] = { 2941, 2950, 546 },
[V4L2_COLORSPACE_SMPTE170M][V4L2_XFER_FUNC_SMPTE240M][2] = { 0, 2954, 2924 },
@@ -658,14 +658,14 @@ const struct tpg_rbg_color16 tpg_csc_col
[V4L2_COLORSPACE_SMPTE240M][V4L2_XFER_FUNC_SRGB][5] = { 3138, 657, 810 },
[V4L2_COLORSPACE_SMPTE240M][V4L2_XFER_FUNC_SRGB][6] = { 731, 680, 3048 },
[V4L2_COLORSPACE_SMPTE240M][V4L2_XFER_FUNC_SRGB][7] = { 800, 799, 800 },
- [V4L2_COLORSPACE_SMPTE240M][V4L2_XFER_FUNC_ADOBERGB][0] = { 3033, 3033, 3033 },
- [V4L2_COLORSPACE_SMPTE240M][V4L2_XFER_FUNC_ADOBERGB][1] = { 3046, 3054, 886 },
- [V4L2_COLORSPACE_SMPTE240M][V4L2_XFER_FUNC_ADOBERGB][2] = { 0, 3058, 3031 },
- [V4L2_COLORSPACE_SMPTE240M][V4L2_XFER_FUNC_ADOBERGB][3] = { 360, 3079, 877 },
- [V4L2_COLORSPACE_SMPTE240M][V4L2_XFER_FUNC_ADOBERGB][4] = { 3103, 587, 3027 },
- [V4L2_COLORSPACE_SMPTE240M][V4L2_XFER_FUNC_ADOBERGB][5] = { 3116, 723, 861 },
- [V4L2_COLORSPACE_SMPTE240M][V4L2_XFER_FUNC_ADOBERGB][6] = { 789, 744, 3025 },
- [V4L2_COLORSPACE_SMPTE240M][V4L2_XFER_FUNC_ADOBERGB][7] = { 851, 851, 851 },
+ [V4L2_COLORSPACE_SMPTE240M][V4L2_XFER_FUNC_OPRGB][0] = { 3033, 3033, 3033 },
+ [V4L2_COLORSPACE_SMPTE240M][V4L2_XFER_FUNC_OPRGB][1] = { 3046, 3054, 886 },
+ [V4L2_COLORSPACE_SMPTE240M][V4L2_XFER_FUNC_OPRGB][2] = { 0, 3058, 3031 },
+ [V4L2_COLORSPACE_SMPTE240M][V4L2_XFER_FUNC_OPRGB][3] = { 360, 3079, 877 },
+ [V4L2_COLORSPACE_SMPTE240M][V4L2_XFER_FUNC_OPRGB][4] = { 3103, 587, 3027 },
+ [V4L2_COLORSPACE_SMPTE240M][V4L2_XFER_FUNC_OPRGB][5] = { 3116, 723, 861 },
+ [V4L2_COLORSPACE_SMPTE240M][V4L2_XFER_FUNC_OPRGB][6] = { 789, 744, 3025 },
+ [V4L2_COLORSPACE_SMPTE240M][V4L2_XFER_FUNC_OPRGB][7] = { 851, 851, 851 },
[V4L2_COLORSPACE_SMPTE240M][V4L2_XFER_FUNC_SMPTE240M][0] = { 2926, 2926, 2926 },
[V4L2_COLORSPACE_SMPTE240M][V4L2_XFER_FUNC_SMPTE240M][1] = { 2941, 2950, 546 },
[V4L2_COLORSPACE_SMPTE240M][V4L2_XFER_FUNC_SMPTE240M][2] = { 0, 2954, 2924 },
@@ -714,14 +714,14 @@ const struct tpg_rbg_color16 tpg_csc_col
[V4L2_COLORSPACE_REC709][V4L2_XFER_FUNC_SRGB][5] = { 3056, 800, 800 },
[V4L2_COLORSPACE_REC709][V4L2_XFER_FUNC_SRGB][6] = { 800, 800, 3056 },
[V4L2_COLORSPACE_REC709][V4L2_XFER_FUNC_SRGB][7] = { 800, 800, 800 },
- [V4L2_COLORSPACE_REC709][V4L2_XFER_FUNC_ADOBERGB][0] = { 3033, 3033, 3033 },
- [V4L2_COLORSPACE_REC709][V4L2_XFER_FUNC_ADOBERGB][1] = { 3033, 3033, 851 },
- [V4L2_COLORSPACE_REC709][V4L2_XFER_FUNC_ADOBERGB][2] = { 851, 3033, 3033 },
- [V4L2_COLORSPACE_REC709][V4L2_XFER_FUNC_ADOBERGB][3] = { 851, 3033, 851 },
- [V4L2_COLORSPACE_REC709][V4L2_XFER_FUNC_ADOBERGB][4] = { 3033, 851, 3033 },
- [V4L2_COLORSPACE_REC709][V4L2_XFER_FUNC_ADOBERGB][5] = { 3033, 851, 851 },
- [V4L2_COLORSPACE_REC709][V4L2_XFER_FUNC_ADOBERGB][6] = { 851, 851, 3033 },
- [V4L2_COLORSPACE_REC709][V4L2_XFER_FUNC_ADOBERGB][7] = { 851, 851, 851 },
+ [V4L2_COLORSPACE_REC709][V4L2_XFER_FUNC_OPRGB][0] = { 3033, 3033, 3033 },
+ [V4L2_COLORSPACE_REC709][V4L2_XFER_FUNC_OPRGB][1] = { 3033, 3033, 851 },
+ [V4L2_COLORSPACE_REC709][V4L2_XFER_FUNC_OPRGB][2] = { 851, 3033, 3033 },
+ [V4L2_COLORSPACE_REC709][V4L2_XFER_FUNC_OPRGB][3] = { 851, 3033, 851 },
+ [V4L2_COLORSPACE_REC709][V4L2_XFER_FUNC_OPRGB][4] = { 3033, 851, 3033 },
+ [V4L2_COLORSPACE_REC709][V4L2_XFER_FUNC_OPRGB][5] = { 3033, 851, 851 },
+ [V4L2_COLORSPACE_REC709][V4L2_XFER_FUNC_OPRGB][6] = { 851, 851, 3033 },
+ [V4L2_COLORSPACE_REC709][V4L2_XFER_FUNC_OPRGB][7] = { 851, 851, 851 },
[V4L2_COLORSPACE_REC709][V4L2_XFER_FUNC_SMPTE240M][0] = { 2926, 2926, 2926 },
[V4L2_COLORSPACE_REC709][V4L2_XFER_FUNC_SMPTE240M][1] = { 2926, 2926, 507 },
[V4L2_COLORSPACE_REC709][V4L2_XFER_FUNC_SMPTE240M][2] = { 507, 2926, 2926 },
@@ -770,14 +770,14 @@ const struct tpg_rbg_color16 tpg_csc_col
[V4L2_COLORSPACE_470_SYSTEM_M][V4L2_XFER_FUNC_SRGB][5] = { 2599, 901, 909 },
[V4L2_COLORSPACE_470_SYSTEM_M][V4L2_XFER_FUNC_SRGB][6] = { 991, 0, 2966 },
[V4L2_COLORSPACE_470_SYSTEM_M][V4L2_XFER_FUNC_SRGB][7] = { 800, 799, 800 },
- [V4L2_COLORSPACE_470_SYSTEM_M][V4L2_XFER_FUNC_ADOBERGB][0] = { 3033, 3033, 3033 },
- [V4L2_COLORSPACE_470_SYSTEM_M][V4L2_XFER_FUNC_ADOBERGB][1] = { 2989, 3120, 1180 },
- [V4L2_COLORSPACE_470_SYSTEM_M][V4L2_XFER_FUNC_ADOBERGB][2] = { 1913, 3011, 3009 },
- [V4L2_COLORSPACE_470_SYSTEM_M][V4L2_XFER_FUNC_ADOBERGB][3] = { 1836, 3099, 1105 },
- [V4L2_COLORSPACE_470_SYSTEM_M][V4L2_XFER_FUNC_ADOBERGB][4] = { 2627, 413, 2966 },
- [V4L2_COLORSPACE_470_SYSTEM_M][V4L2_XFER_FUNC_ADOBERGB][5] = { 2576, 943, 951 },
- [V4L2_COLORSPACE_470_SYSTEM_M][V4L2_XFER_FUNC_ADOBERGB][6] = { 1026, 0, 2942 },
- [V4L2_COLORSPACE_470_SYSTEM_M][V4L2_XFER_FUNC_ADOBERGB][7] = { 851, 851, 851 },
+ [V4L2_COLORSPACE_470_SYSTEM_M][V4L2_XFER_FUNC_OPRGB][0] = { 3033, 3033, 3033 },
+ [V4L2_COLORSPACE_470_SYSTEM_M][V4L2_XFER_FUNC_OPRGB][1] = { 2989, 3120, 1180 },
+ [V4L2_COLORSPACE_470_SYSTEM_M][V4L2_XFER_FUNC_OPRGB][2] = { 1913, 3011, 3009 },
+ [V4L2_COLORSPACE_470_SYSTEM_M][V4L2_XFER_FUNC_OPRGB][3] = { 1836, 3099, 1105 },
+ [V4L2_COLORSPACE_470_SYSTEM_M][V4L2_XFER_FUNC_OPRGB][4] = { 2627, 413, 2966 },
+ [V4L2_COLORSPACE_470_SYSTEM_M][V4L2_XFER_FUNC_OPRGB][5] = { 2576, 943, 951 },
+ [V4L2_COLORSPACE_470_SYSTEM_M][V4L2_XFER_FUNC_OPRGB][6] = { 1026, 0, 2942 },
+ [V4L2_COLORSPACE_470_SYSTEM_M][V4L2_XFER_FUNC_OPRGB][7] = { 851, 851, 851 },
[V4L2_COLORSPACE_470_SYSTEM_M][V4L2_XFER_FUNC_SMPTE240M][0] = { 2926, 2926, 2926 },
[V4L2_COLORSPACE_470_SYSTEM_M][V4L2_XFER_FUNC_SMPTE240M][1] = { 2879, 3022, 874 },
[V4L2_COLORSPACE_470_SYSTEM_M][V4L2_XFER_FUNC_SMPTE240M][2] = { 1688, 2903, 2901 },
@@ -826,14 +826,14 @@ const struct tpg_rbg_color16 tpg_csc_col
[V4L2_COLORSPACE_470_SYSTEM_BG][V4L2_XFER_FUNC_SRGB][5] = { 3001, 800, 799 },
[V4L2_COLORSPACE_470_SYSTEM_BG][V4L2_XFER_FUNC_SRGB][6] = { 800, 800, 3071 },
[V4L2_COLORSPACE_470_SYSTEM_BG][V4L2_XFER_FUNC_SRGB][7] = { 800, 800, 799 },
- [V4L2_COLORSPACE_470_SYSTEM_BG][V4L2_XFER_FUNC_ADOBERGB][0] = { 3033, 3033, 3033 },
- [V4L2_COLORSPACE_470_SYSTEM_BG][V4L2_XFER_FUNC_ADOBERGB][1] = { 3033, 3033, 776 },
- [V4L2_COLORSPACE_470_SYSTEM_BG][V4L2_XFER_FUNC_ADOBERGB][2] = { 1068, 3033, 3033 },
- [V4L2_COLORSPACE_470_SYSTEM_BG][V4L2_XFER_FUNC_ADOBERGB][3] = { 1068, 3033, 776 },
- [V4L2_COLORSPACE_470_SYSTEM_BG][V4L2_XFER_FUNC_ADOBERGB][4] = { 2977, 851, 3048 },
- [V4L2_COLORSPACE_470_SYSTEM_BG][V4L2_XFER_FUNC_ADOBERGB][5] = { 2977, 851, 851 },
- [V4L2_COLORSPACE_470_SYSTEM_BG][V4L2_XFER_FUNC_ADOBERGB][6] = { 851, 851, 3048 },
- [V4L2_COLORSPACE_470_SYSTEM_BG][V4L2_XFER_FUNC_ADOBERGB][7] = { 851, 851, 851 },
+ [V4L2_COLORSPACE_470_SYSTEM_BG][V4L2_XFER_FUNC_OPRGB][0] = { 3033, 3033, 3033 },
+ [V4L2_COLORSPACE_470_SYSTEM_BG][V4L2_XFER_FUNC_OPRGB][1] = { 3033, 3033, 776 },
+ [V4L2_COLORSPACE_470_SYSTEM_BG][V4L2_XFER_FUNC_OPRGB][2] = { 1068, 3033, 3033 },
+ [V4L2_COLORSPACE_470_SYSTEM_BG][V4L2_XFER_FUNC_OPRGB][3] = { 1068, 3033, 776 },
+ [V4L2_COLORSPACE_470_SYSTEM_BG][V4L2_XFER_FUNC_OPRGB][4] = { 2977, 851, 3048 },
+ [V4L2_COLORSPACE_470_SYSTEM_BG][V4L2_XFER_FUNC_OPRGB][5] = { 2977, 851, 851 },
+ [V4L2_COLORSPACE_470_SYSTEM_BG][V4L2_XFER_FUNC_OPRGB][6] = { 851, 851, 3048 },
+ [V4L2_COLORSPACE_470_SYSTEM_BG][V4L2_XFER_FUNC_OPRGB][7] = { 851, 851, 851 },
[V4L2_COLORSPACE_470_SYSTEM_BG][V4L2_XFER_FUNC_SMPTE240M][0] = { 2926, 2926, 2926 },
[V4L2_COLORSPACE_470_SYSTEM_BG][V4L2_XFER_FUNC_SMPTE240M][1] = { 2926, 2926, 423 },
[V4L2_COLORSPACE_470_SYSTEM_BG][V4L2_XFER_FUNC_SMPTE240M][2] = { 749, 2926, 2926 },
@@ -882,14 +882,14 @@ const struct tpg_rbg_color16 tpg_csc_col
[V4L2_COLORSPACE_SRGB][V4L2_XFER_FUNC_SRGB][5] = { 3056, 800, 800 },
[V4L2_COLORSPACE_SRGB][V4L2_XFER_FUNC_SRGB][6] = { 800, 800, 3056 },
[V4L2_COLORSPACE_SRGB][V4L2_XFER_FUNC_SRGB][7] = { 800, 800, 800 },
- [V4L2_COLORSPACE_SRGB][V4L2_XFER_FUNC_ADOBERGB][0] = { 3033, 3033, 3033 },
- [V4L2_COLORSPACE_SRGB][V4L2_XFER_FUNC_ADOBERGB][1] = { 3033, 3033, 851 },
- [V4L2_COLORSPACE_SRGB][V4L2_XFER_FUNC_ADOBERGB][2] = { 851, 3033, 3033 },
- [V4L2_COLORSPACE_SRGB][V4L2_XFER_FUNC_ADOBERGB][3] = { 851, 3033, 851 },
- [V4L2_COLORSPACE_SRGB][V4L2_XFER_FUNC_ADOBERGB][4] = { 3033, 851, 3033 },
- [V4L2_COLORSPACE_SRGB][V4L2_XFER_FUNC_ADOBERGB][5] = { 3033, 851, 851 },
- [V4L2_COLORSPACE_SRGB][V4L2_XFER_FUNC_ADOBERGB][6] = { 851, 851, 3033 },
- [V4L2_COLORSPACE_SRGB][V4L2_XFER_FUNC_ADOBERGB][7] = { 851, 851, 851 },
+ [V4L2_COLORSPACE_SRGB][V4L2_XFER_FUNC_OPRGB][0] = { 3033, 3033, 3033 },
+ [V4L2_COLORSPACE_SRGB][V4L2_XFER_FUNC_OPRGB][1] = { 3033, 3033, 851 },
+ [V4L2_COLORSPACE_SRGB][V4L2_XFER_FUNC_OPRGB][2] = { 851, 3033, 3033 },
+ [V4L2_COLORSPACE_SRGB][V4L2_XFER_FUNC_OPRGB][3] = { 851, 3033, 851 },
+ [V4L2_COLORSPACE_SRGB][V4L2_XFER_FUNC_OPRGB][4] = { 3033, 851, 3033 },
+ [V4L2_COLORSPACE_SRGB][V4L2_XFER_FUNC_OPRGB][5] = { 3033, 851, 851 },
+ [V4L2_COLORSPACE_SRGB][V4L2_XFER_FUNC_OPRGB][6] = { 851, 851, 3033 },
+ [V4L2_COLORSPACE_SRGB][V4L2_XFER_FUNC_OPRGB][7] = { 851, 851, 851 },
[V4L2_COLORSPACE_SRGB][V4L2_XFER_FUNC_SMPTE240M][0] = { 2926, 2926, 2926 },
[V4L2_COLORSPACE_SRGB][V4L2_XFER_FUNC_SMPTE240M][1] = { 2926, 2926, 507 },
[V4L2_COLORSPACE_SRGB][V4L2_XFER_FUNC_SMPTE240M][2] = { 507, 2926, 2926 },
@@ -922,62 +922,62 @@ const struct tpg_rbg_color16 tpg_csc_col
[V4L2_COLORSPACE_SRGB][V4L2_XFER_FUNC_SMPTE2084][5] = { 1812, 886, 886 },
[V4L2_COLORSPACE_SRGB][V4L2_XFER_FUNC_SMPTE2084][6] = { 886, 886, 1812 },
[V4L2_COLORSPACE_SRGB][V4L2_XFER_FUNC_SMPTE2084][7] = { 886, 886, 886 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_709][0] = { 2939, 2939, 2939 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_709][1] = { 2939, 2939, 781 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_709][2] = { 1622, 2939, 2939 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_709][3] = { 1622, 2939, 781 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_709][4] = { 2502, 547, 2881 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_709][5] = { 2502, 547, 547 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_709][6] = { 547, 547, 2881 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_709][7] = { 547, 547, 547 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_SRGB][0] = { 3056, 3056, 3056 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_SRGB][1] = { 3056, 3056, 1031 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_SRGB][2] = { 1838, 3056, 3056 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_SRGB][3] = { 1838, 3056, 1031 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_SRGB][4] = { 2657, 800, 3002 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_SRGB][5] = { 2657, 800, 800 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_SRGB][6] = { 800, 800, 3002 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_SRGB][7] = { 800, 800, 800 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_ADOBERGB][0] = { 3033, 3033, 3033 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_ADOBERGB][1] = { 3033, 3033, 1063 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_ADOBERGB][2] = { 1828, 3033, 3033 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_ADOBERGB][3] = { 1828, 3033, 1063 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_ADOBERGB][4] = { 2633, 851, 2979 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_ADOBERGB][5] = { 2633, 851, 851 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_ADOBERGB][6] = { 851, 851, 2979 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_ADOBERGB][7] = { 851, 851, 851 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_SMPTE240M][0] = { 2926, 2926, 2926 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_SMPTE240M][1] = { 2926, 2926, 744 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_SMPTE240M][2] = { 1594, 2926, 2926 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_SMPTE240M][3] = { 1594, 2926, 744 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_SMPTE240M][4] = { 2484, 507, 2867 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_SMPTE240M][5] = { 2484, 507, 507 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_SMPTE240M][6] = { 507, 507, 2867 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_SMPTE240M][7] = { 507, 507, 507 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_NONE][0] = { 2125, 2125, 2125 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_NONE][1] = { 2125, 2125, 212 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_NONE][2] = { 698, 2125, 2125 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_NONE][3] = { 698, 2125, 212 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_NONE][4] = { 1557, 130, 2043 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_NONE][5] = { 1557, 130, 130 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_NONE][6] = { 130, 130, 2043 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_NONE][7] = { 130, 130, 130 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_DCI_P3][0] = { 3175, 3175, 3175 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_DCI_P3][1] = { 3175, 3175, 1308 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_DCI_P3][2] = { 2069, 3175, 3175 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_DCI_P3][3] = { 2069, 3175, 1308 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_DCI_P3][4] = { 2816, 1084, 3127 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_DCI_P3][5] = { 2816, 1084, 1084 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_DCI_P3][6] = { 1084, 1084, 3127 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_DCI_P3][7] = { 1084, 1084, 1084 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_SMPTE2084][0] = { 1812, 1812, 1812 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_SMPTE2084][1] = { 1812, 1812, 1022 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_SMPTE2084][2] = { 1402, 1812, 1812 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_SMPTE2084][3] = { 1402, 1812, 1022 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_SMPTE2084][4] = { 1692, 886, 1797 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_SMPTE2084][5] = { 1692, 886, 886 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_SMPTE2084][6] = { 886, 886, 1797 },
- [V4L2_COLORSPACE_ADOBERGB][V4L2_XFER_FUNC_SMPTE2084][7] = { 886, 886, 886 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_709][0] = { 2939, 2939, 2939 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_709][1] = { 2939, 2939, 781 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_709][2] = { 1622, 2939, 2939 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_709][3] = { 1622, 2939, 781 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_709][4] = { 2502, 547, 2881 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_709][5] = { 2502, 547, 547 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_709][6] = { 547, 547, 2881 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_709][7] = { 547, 547, 547 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_SRGB][0] = { 3056, 3056, 3056 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_SRGB][1] = { 3056, 3056, 1031 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_SRGB][2] = { 1838, 3056, 3056 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_SRGB][3] = { 1838, 3056, 1031 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_SRGB][4] = { 2657, 800, 3002 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_SRGB][5] = { 2657, 800, 800 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_SRGB][6] = { 800, 800, 3002 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_SRGB][7] = { 800, 800, 800 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_OPRGB][0] = { 3033, 3033, 3033 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_OPRGB][1] = { 3033, 3033, 1063 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_OPRGB][2] = { 1828, 3033, 3033 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_OPRGB][3] = { 1828, 3033, 1063 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_OPRGB][4] = { 2633, 851, 2979 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_OPRGB][5] = { 2633, 851, 851 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_OPRGB][6] = { 851, 851, 2979 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_OPRGB][7] = { 851, 851, 851 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_SMPTE240M][0] = { 2926, 2926, 2926 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_SMPTE240M][1] = { 2926, 2926, 744 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_SMPTE240M][2] = { 1594, 2926, 2926 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_SMPTE240M][3] = { 1594, 2926, 744 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_SMPTE240M][4] = { 2484, 507, 2867 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_SMPTE240M][5] = { 2484, 507, 507 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_SMPTE240M][6] = { 507, 507, 2867 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_SMPTE240M][7] = { 507, 507, 507 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_NONE][0] = { 2125, 2125, 2125 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_NONE][1] = { 2125, 2125, 212 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_NONE][2] = { 698, 2125, 2125 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_NONE][3] = { 698, 2125, 212 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_NONE][4] = { 1557, 130, 2043 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_NONE][5] = { 1557, 130, 130 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_NONE][6] = { 130, 130, 2043 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_NONE][7] = { 130, 130, 130 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_DCI_P3][0] = { 3175, 3175, 3175 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_DCI_P3][1] = { 3175, 3175, 1308 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_DCI_P3][2] = { 2069, 3175, 3175 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_DCI_P3][3] = { 2069, 3175, 1308 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_DCI_P3][4] = { 2816, 1084, 3127 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_DCI_P3][5] = { 2816, 1084, 1084 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_DCI_P3][6] = { 1084, 1084, 3127 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_DCI_P3][7] = { 1084, 1084, 1084 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_SMPTE2084][0] = { 1812, 1812, 1812 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_SMPTE2084][1] = { 1812, 1812, 1022 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_SMPTE2084][2] = { 1402, 1812, 1812 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_SMPTE2084][3] = { 1402, 1812, 1022 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_SMPTE2084][4] = { 1692, 886, 1797 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_SMPTE2084][5] = { 1692, 886, 886 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_SMPTE2084][6] = { 886, 886, 1797 },
+ [V4L2_COLORSPACE_OPRGB][V4L2_XFER_FUNC_SMPTE2084][7] = { 886, 886, 886 },
[V4L2_COLORSPACE_BT2020][V4L2_XFER_FUNC_709][0] = { 2939, 2939, 2939 },
[V4L2_COLORSPACE_BT2020][V4L2_XFER_FUNC_709][1] = { 2877, 2923, 1058 },
[V4L2_COLORSPACE_BT2020][V4L2_XFER_FUNC_709][2] = { 1837, 2840, 2916 },
@@ -994,14 +994,14 @@ const struct tpg_rbg_color16 tpg_csc_col
[V4L2_COLORSPACE_BT2020][V4L2_XFER_FUNC_SRGB][5] = { 2517, 1159, 900 },
[V4L2_COLORSPACE_BT2020][V4L2_XFER_FUNC_SRGB][6] = { 1042, 870, 2917 },
[V4L2_COLORSPACE_BT2020][V4L2_XFER_FUNC_SRGB][7] = { 800, 800, 800 },
- [V4L2_COLORSPACE_BT2020][V4L2_XFER_FUNC_ADOBERGB][0] = { 3033, 3033, 3033 },
- [V4L2_COLORSPACE_BT2020][V4L2_XFER_FUNC_ADOBERGB][1] = { 2976, 3018, 1315 },
- [V4L2_COLORSPACE_BT2020][V4L2_XFER_FUNC_ADOBERGB][2] = { 2024, 2942, 3011 },
- [V4L2_COLORSPACE_BT2020][V4L2_XFER_FUNC_ADOBERGB][3] = { 1930, 2926, 1256 },
- [V4L2_COLORSPACE_BT2020][V4L2_XFER_FUNC_ADOBERGB][4] = { 2563, 1227, 2916 },
- [V4L2_COLORSPACE_BT2020][V4L2_XFER_FUNC_ADOBERGB][5] = { 2494, 1183, 943 },
- [V4L2_COLORSPACE_BT2020][V4L2_XFER_FUNC_ADOBERGB][6] = { 1073, 916, 2894 },
- [V4L2_COLORSPACE_BT2020][V4L2_XFER_FUNC_ADOBERGB][7] = { 851, 851, 851 },
+ [V4L2_COLORSPACE_BT2020][V4L2_XFER_FUNC_OPRGB][0] = { 3033, 3033, 3033 },
+ [V4L2_COLORSPACE_BT2020][V4L2_XFER_FUNC_OPRGB][1] = { 2976, 3018, 1315 },
+ [V4L2_COLORSPACE_BT2020][V4L2_XFER_FUNC_OPRGB][2] = { 2024, 2942, 3011 },
+ [V4L2_COLORSPACE_BT2020][V4L2_XFER_FUNC_OPRGB][3] = { 1930, 2926, 1256 },
+ [V4L2_COLORSPACE_BT2020][V4L2_XFER_FUNC_OPRGB][4] = { 2563, 1227, 2916 },
+ [V4L2_COLORSPACE_BT2020][V4L2_XFER_FUNC_OPRGB][5] = { 2494, 1183, 943 },
+ [V4L2_COLORSPACE_BT2020][V4L2_XFER_FUNC_OPRGB][6] = { 1073, 916, 2894 },
+ [V4L2_COLORSPACE_BT2020][V4L2_XFER_FUNC_OPRGB][7] = { 851, 851, 851 },
[V4L2_COLORSPACE_BT2020][V4L2_XFER_FUNC_SMPTE240M][0] = { 2926, 2926, 2926 },
[V4L2_COLORSPACE_BT2020][V4L2_XFER_FUNC_SMPTE240M][1] = { 2864, 2910, 1024 },
[V4L2_COLORSPACE_BT2020][V4L2_XFER_FUNC_SMPTE240M][2] = { 1811, 2826, 2903 },
@@ -1050,14 +1050,14 @@ const struct tpg_rbg_color16 tpg_csc_col
[V4L2_COLORSPACE_DCI_P3][V4L2_XFER_FUNC_SRGB][5] = { 2880, 998, 902 },
[V4L2_COLORSPACE_DCI_P3][V4L2_XFER_FUNC_SRGB][6] = { 816, 823, 2940 },
[V4L2_COLORSPACE_DCI_P3][V4L2_XFER_FUNC_SRGB][7] = { 800, 800, 799 },
- [V4L2_COLORSPACE_DCI_P3][V4L2_XFER_FUNC_ADOBERGB][0] = { 3033, 3033, 3033 },
- [V4L2_COLORSPACE_DCI_P3][V4L2_XFER_FUNC_ADOBERGB][1] = { 3029, 3028, 1255 },
- [V4L2_COLORSPACE_DCI_P3][V4L2_XFER_FUNC_ADOBERGB][2] = { 1406, 2988, 3011 },
- [V4L2_COLORSPACE_DCI_P3][V4L2_XFER_FUNC_ADOBERGB][3] = { 1398, 2983, 1190 },
- [V4L2_COLORSPACE_DCI_P3][V4L2_XFER_FUNC_ADOBERGB][4] = { 2860, 1050, 2939 },
- [V4L2_COLORSPACE_DCI_P3][V4L2_XFER_FUNC_ADOBERGB][5] = { 2857, 1033, 945 },
- [V4L2_COLORSPACE_DCI_P3][V4L2_XFER_FUNC_ADOBERGB][6] = { 866, 873, 2916 },
- [V4L2_COLORSPACE_DCI_P3][V4L2_XFER_FUNC_ADOBERGB][7] = { 851, 851, 851 },
+ [V4L2_COLORSPACE_DCI_P3][V4L2_XFER_FUNC_OPRGB][0] = { 3033, 3033, 3033 },
+ [V4L2_COLORSPACE_DCI_P3][V4L2_XFER_FUNC_OPRGB][1] = { 3029, 3028, 1255 },
+ [V4L2_COLORSPACE_DCI_P3][V4L2_XFER_FUNC_OPRGB][2] = { 1406, 2988, 3011 },
+ [V4L2_COLORSPACE_DCI_P3][V4L2_XFER_FUNC_OPRGB][3] = { 1398, 2983, 1190 },
+ [V4L2_COLORSPACE_DCI_P3][V4L2_XFER_FUNC_OPRGB][4] = { 2860, 1050, 2939 },
+ [V4L2_COLORSPACE_DCI_P3][V4L2_XFER_FUNC_OPRGB][5] = { 2857, 1033, 945 },
+ [V4L2_COLORSPACE_DCI_P3][V4L2_XFER_FUNC_OPRGB][6] = { 866, 873, 2916 },
+ [V4L2_COLORSPACE_DCI_P3][V4L2_XFER_FUNC_OPRGB][7] = { 851, 851, 851 },
[V4L2_COLORSPACE_DCI_P3][V4L2_XFER_FUNC_SMPTE240M][0] = { 2926, 2926, 2926 },
[V4L2_COLORSPACE_DCI_P3][V4L2_XFER_FUNC_SMPTE240M][1] = { 2923, 2921, 957 },
[V4L2_COLORSPACE_DCI_P3][V4L2_XFER_FUNC_SMPTE240M][2] = { 1125, 2877, 2902 },
@@ -1128,7 +1128,7 @@ static const double rec709_to_240m[3][3]
{ 0.0016327, 0.0044133, 0.9939540 },
};
-static const double rec709_to_adobergb[3][3] = {
+static const double rec709_to_oprgb[3][3] = {
{ 0.7151627, 0.2848373, -0.0000000 },
{ 0.0000000, 1.0000000, 0.0000000 },
{ -0.0000000, 0.0411705, 0.9588295 },
@@ -1195,7 +1195,7 @@ static double transfer_rec709_to_rgb(dou
return (v < 0.081) ? v / 4.5 : pow((v + 0.099) / 1.099, 1.0 / 0.45);
}
-static double transfer_rgb_to_adobergb(double v)
+static double transfer_rgb_to_oprgb(double v)
{
return pow(v, 1.0 / 2.19921875);
}
@@ -1251,8 +1251,8 @@ static void csc(enum v4l2_colorspace col
case V4L2_COLORSPACE_470_SYSTEM_M:
mult_matrix(r, g, b, rec709_to_ntsc1953);
break;
- case V4L2_COLORSPACE_ADOBERGB:
- mult_matrix(r, g, b, rec709_to_adobergb);
+ case V4L2_COLORSPACE_OPRGB:
+ mult_matrix(r, g, b, rec709_to_oprgb);
break;
case V4L2_COLORSPACE_BT2020:
mult_matrix(r, g, b, rec709_to_bt2020);
@@ -1284,10 +1284,10 @@ static void csc(enum v4l2_colorspace col
*g = transfer_rgb_to_srgb(*g);
*b = transfer_rgb_to_srgb(*b);
break;
- case V4L2_XFER_FUNC_ADOBERGB:
- *r = transfer_rgb_to_adobergb(*r);
- *g = transfer_rgb_to_adobergb(*g);
- *b = transfer_rgb_to_adobergb(*b);
+ case V4L2_XFER_FUNC_OPRGB:
+ *r = transfer_rgb_to_oprgb(*r);
+ *g = transfer_rgb_to_oprgb(*g);
+ *b = transfer_rgb_to_oprgb(*b);
break;
case V4L2_XFER_FUNC_DCI_P3:
*r = transfer_rgb_to_dcip3(*r);
@@ -1321,7 +1321,7 @@ int main(int argc, char **argv)
V4L2_COLORSPACE_470_SYSTEM_BG,
0,
V4L2_COLORSPACE_SRGB,
- V4L2_COLORSPACE_ADOBERGB,
+ V4L2_COLORSPACE_OPRGB,
V4L2_COLORSPACE_BT2020,
0,
V4L2_COLORSPACE_DCI_P3,
@@ -1336,7 +1336,7 @@ int main(int argc, char **argv)
"V4L2_COLORSPACE_470_SYSTEM_BG",
"",
"V4L2_COLORSPACE_SRGB",
- "V4L2_COLORSPACE_ADOBERGB",
+ "V4L2_COLORSPACE_OPRGB",
"V4L2_COLORSPACE_BT2020",
"",
"V4L2_COLORSPACE_DCI_P3",
@@ -1345,7 +1345,7 @@ int main(int argc, char **argv)
"",
"V4L2_XFER_FUNC_709",
"V4L2_XFER_FUNC_SRGB",
- "V4L2_XFER_FUNC_ADOBERGB",
+ "V4L2_XFER_FUNC_OPRGB",
"V4L2_XFER_FUNC_SMPTE240M",
"V4L2_XFER_FUNC_NONE",
"V4L2_XFER_FUNC_DCI_P3",
--- a/drivers/media/i2c/adv7511.c
+++ b/drivers/media/i2c/adv7511.c
@@ -1355,7 +1355,7 @@ static int adv7511_set_fmt(struct v4l2_s
state->xfer_func = format->format.xfer_func;
switch (format->format.colorspace) {
- case V4L2_COLORSPACE_ADOBERGB:
+ case V4L2_COLORSPACE_OPRGB:
c = HDMI_COLORIMETRY_EXTENDED;
ec = y ? HDMI_EXTENDED_COLORIMETRY_ADOBE_YCC_601 :
HDMI_EXTENDED_COLORIMETRY_ADOBE_RGB;
--- a/drivers/media/i2c/adv7604.c
+++ b/drivers/media/i2c/adv7604.c
@@ -2476,7 +2476,7 @@ static int adv76xx_log_status(struct v4l
"YCbCr Bt.601 (16-235)", "YCbCr Bt.709 (16-235)",
"xvYCC Bt.601", "xvYCC Bt.709",
"YCbCr Bt.601 (0-255)", "YCbCr Bt.709 (0-255)",
- "sYCC", "Adobe YCC 601", "AdobeRGB", "invalid", "invalid",
+ "sYCC", "opYCC 601", "opRGB", "invalid", "invalid",
"invalid", "invalid", "invalid"
};
static const char * const rgb_quantization_range_txt[] = {
--- a/drivers/media/i2c/tc358743.c
+++ b/drivers/media/i2c/tc358743.c
@@ -1243,9 +1243,9 @@ static int tc358743_log_status(struct v4
u8 vi_status3 = i2c_rd8(sd, VI_STATUS3);
const int deep_color_mode[4] = { 8, 10, 12, 16 };
static const char * const input_color_space[] = {
- "RGB", "YCbCr 601", "Adobe RGB", "YCbCr 709", "NA (4)",
+ "RGB", "YCbCr 601", "opRGB", "YCbCr 709", "NA (4)",
"xvYCC 601", "NA(6)", "xvYCC 709", "NA(8)", "sYCC601",
- "NA(10)", "NA(11)", "NA(12)", "Adobe YCC 601"};
+ "NA(10)", "NA(11)", "NA(12)", "opYCC 601"};
v4l2_info(sd, "-----Chip status-----\n");
v4l2_info(sd, "Chip ID: 0x%02x\n",
--- a/drivers/media/platform/vivid/vivid-core.h
+++ b/drivers/media/platform/vivid/vivid-core.h
@@ -111,7 +111,7 @@ enum vivid_colorspace {
VIVID_CS_170M,
VIVID_CS_709,
VIVID_CS_SRGB,
- VIVID_CS_ADOBERGB,
+ VIVID_CS_OPRGB,
VIVID_CS_2020,
VIVID_CS_DCI_P3,
VIVID_CS_240M,
--- a/drivers/media/platform/vivid/vivid-ctrls.c
+++ b/drivers/media/platform/vivid/vivid-ctrls.c
@@ -348,7 +348,7 @@ static int vivid_vid_cap_s_ctrl(struct v
V4L2_COLORSPACE_SMPTE170M,
V4L2_COLORSPACE_REC709,
V4L2_COLORSPACE_SRGB,
- V4L2_COLORSPACE_ADOBERGB,
+ V4L2_COLORSPACE_OPRGB,
V4L2_COLORSPACE_BT2020,
V4L2_COLORSPACE_DCI_P3,
V4L2_COLORSPACE_SMPTE240M,
@@ -729,7 +729,7 @@ static const char * const vivid_ctrl_col
"SMPTE 170M",
"Rec. 709",
"sRGB",
- "AdobeRGB",
+ "opRGB",
"BT.2020",
"DCI-P3",
"SMPTE 240M",
@@ -752,7 +752,7 @@ static const char * const vivid_ctrl_xfe
"Default",
"Rec. 709",
"sRGB",
- "AdobeRGB",
+ "opRGB",
"SMPTE 240M",
"None",
"DCI-P3",
--- a/drivers/media/platform/vivid/vivid-vid-out.c
+++ b/drivers/media/platform/vivid/vivid-vid-out.c
@@ -413,7 +413,7 @@ int vivid_try_fmt_vid_out(struct file *f
mp->colorspace = V4L2_COLORSPACE_SMPTE170M;
} else if (mp->colorspace != V4L2_COLORSPACE_SMPTE170M &&
mp->colorspace != V4L2_COLORSPACE_REC709 &&
- mp->colorspace != V4L2_COLORSPACE_ADOBERGB &&
+ mp->colorspace != V4L2_COLORSPACE_OPRGB &&
mp->colorspace != V4L2_COLORSPACE_BT2020 &&
mp->colorspace != V4L2_COLORSPACE_SRGB) {
mp->colorspace = V4L2_COLORSPACE_REC709;
--- a/drivers/media/v4l2-core/v4l2-dv-timings.c
+++ b/drivers/media/v4l2-core/v4l2-dv-timings.c
@@ -838,8 +838,8 @@ v4l2_hdmi_rx_colorimetry(const struct hd
case HDMI_COLORIMETRY_EXTENDED:
switch (avi->extended_colorimetry) {
case HDMI_EXTENDED_COLORIMETRY_ADOBE_RGB:
- c.colorspace = V4L2_COLORSPACE_ADOBERGB;
- c.xfer_func = V4L2_XFER_FUNC_ADOBERGB;
+ c.colorspace = V4L2_COLORSPACE_OPRGB;
+ c.xfer_func = V4L2_XFER_FUNC_OPRGB;
break;
case HDMI_EXTENDED_COLORIMETRY_BT2020:
c.colorspace = V4L2_COLORSPACE_BT2020;
@@ -909,9 +909,9 @@ v4l2_hdmi_rx_colorimetry(const struct hd
c.xfer_func = V4L2_XFER_FUNC_SRGB;
break;
case HDMI_EXTENDED_COLORIMETRY_ADOBE_YCC_601:
- c.colorspace = V4L2_COLORSPACE_ADOBERGB;
+ c.colorspace = V4L2_COLORSPACE_OPRGB;
c.ycbcr_enc = V4L2_YCBCR_ENC_601;
- c.xfer_func = V4L2_XFER_FUNC_ADOBERGB;
+ c.xfer_func = V4L2_XFER_FUNC_OPRGB;
break;
case HDMI_EXTENDED_COLORIMETRY_BT2020:
c.colorspace = V4L2_COLORSPACE_BT2020;
--- a/include/uapi/linux/videodev2.h
+++ b/include/uapi/linux/videodev2.h
@@ -225,8 +225,8 @@ enum v4l2_colorspace {
/* For RGB colorspaces such as produces by most webcams. */
V4L2_COLORSPACE_SRGB = 8,
- /* AdobeRGB colorspace */
- V4L2_COLORSPACE_ADOBERGB = 9,
+ /* opRGB colorspace */
+ V4L2_COLORSPACE_OPRGB = 9,
/* BT.2020 colorspace, used for UHDTV. */
V4L2_COLORSPACE_BT2020 = 10,
@@ -258,7 +258,7 @@ enum v4l2_xfer_func {
*
* V4L2_COLORSPACE_SRGB, V4L2_COLORSPACE_JPEG: V4L2_XFER_FUNC_SRGB
*
- * V4L2_COLORSPACE_ADOBERGB: V4L2_XFER_FUNC_ADOBERGB
+ * V4L2_COLORSPACE_OPRGB: V4L2_XFER_FUNC_OPRGB
*
* V4L2_COLORSPACE_SMPTE240M: V4L2_XFER_FUNC_SMPTE240M
*
@@ -269,7 +269,7 @@ enum v4l2_xfer_func {
V4L2_XFER_FUNC_DEFAULT = 0,
V4L2_XFER_FUNC_709 = 1,
V4L2_XFER_FUNC_SRGB = 2,
- V4L2_XFER_FUNC_ADOBERGB = 3,
+ V4L2_XFER_FUNC_OPRGB = 3,
V4L2_XFER_FUNC_SMPTE240M = 4,
V4L2_XFER_FUNC_NONE = 5,
V4L2_XFER_FUNC_DCI_P3 = 6,
@@ -281,7 +281,7 @@ enum v4l2_xfer_func {
* This depends on the colorspace.
*/
#define V4L2_MAP_XFER_FUNC_DEFAULT(colsp) \
- ((colsp) == V4L2_COLORSPACE_ADOBERGB ? V4L2_XFER_FUNC_ADOBERGB : \
+ ((colsp) == V4L2_COLORSPACE_OPRGB ? V4L2_XFER_FUNC_OPRGB : \
((colsp) == V4L2_COLORSPACE_SMPTE240M ? V4L2_XFER_FUNC_SMPTE240M : \
((colsp) == V4L2_COLORSPACE_DCI_P3 ? V4L2_XFER_FUNC_DCI_P3 : \
((colsp) == V4L2_COLORSPACE_RAW ? V4L2_XFER_FUNC_NONE : \
@@ -295,7 +295,7 @@ enum v4l2_ycbcr_encoding {
*
* V4L2_COLORSPACE_SMPTE170M, V4L2_COLORSPACE_470_SYSTEM_M,
* V4L2_COLORSPACE_470_SYSTEM_BG, V4L2_COLORSPACE_SRGB,
- * V4L2_COLORSPACE_ADOBERGB and V4L2_COLORSPACE_JPEG: V4L2_YCBCR_ENC_601
+ * V4L2_COLORSPACE_OPRGB and V4L2_COLORSPACE_JPEG: V4L2_YCBCR_ENC_601
*
* V4L2_COLORSPACE_REC709 and V4L2_COLORSPACE_DCI_P3: V4L2_YCBCR_ENC_709
*
@@ -382,6 +382,17 @@ enum v4l2_quantization {
(((is_rgb_or_hsv) || (colsp) == V4L2_COLORSPACE_JPEG) ? \
V4L2_QUANTIZATION_FULL_RANGE : V4L2_QUANTIZATION_LIM_RANGE))
+/*
+ * Deprecated names for opRGB colorspace (IEC 61966-2-5)
+ *
+ * WARNING: Please don't use these deprecated defines in your code, as
+ * there is a chance we have to remove them in the future.
+ */
+#ifndef __KERNEL__
+#define V4L2_COLORSPACE_ADOBERGB V4L2_COLORSPACE_OPRGB
+#define V4L2_XFER_FUNC_ADOBERGB V4L2_XFER_FUNC_OPRGB
+#endif
+
enum v4l2_priority {
V4L2_PRIORITY_UNSET = 0, /* not initialized */
V4L2_PRIORITY_BACKGROUND = 1,
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 315/361] media: hdmi.h: rename ADOBE_RGB to OPRGB and ADOBE_YCC to OPYCC
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (313 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 314/361] media: replace ADOBERGB by OPRGB Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 316/361] arm64: lse: remove -fcall-used-x0 flag Greg Kroah-Hartman
` (48 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans Verkuil, Daniel Vetter,
Mauro Carvalho Chehab
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans Verkuil <hansverk@cisco.com>
commit 463659a08d7999d5461fa45b35b17686189a70ca upstream.
These names have been renamed in the CTA-861 standard due to trademark
issues. Replace them here as well so they are in sync with the standard.
Signed-off-by: Hans Verkuil <hansverk@cisco.com>
Cc: stable@vger.kernel.org
Acked-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/i2c/adv7511.c | 4 ++--
drivers/media/v4l2-core/v4l2-dv-timings.c | 4 ++--
drivers/video/hdmi.c | 8 ++++----
include/linux/hdmi.h | 4 ++--
4 files changed, 10 insertions(+), 10 deletions(-)
--- a/drivers/media/i2c/adv7511.c
+++ b/drivers/media/i2c/adv7511.c
@@ -1357,8 +1357,8 @@ static int adv7511_set_fmt(struct v4l2_s
switch (format->format.colorspace) {
case V4L2_COLORSPACE_OPRGB:
c = HDMI_COLORIMETRY_EXTENDED;
- ec = y ? HDMI_EXTENDED_COLORIMETRY_ADOBE_YCC_601 :
- HDMI_EXTENDED_COLORIMETRY_ADOBE_RGB;
+ ec = y ? HDMI_EXTENDED_COLORIMETRY_OPYCC_601 :
+ HDMI_EXTENDED_COLORIMETRY_OPRGB;
break;
case V4L2_COLORSPACE_SMPTE170M:
c = y ? HDMI_COLORIMETRY_ITU_601 : HDMI_COLORIMETRY_NONE;
--- a/drivers/media/v4l2-core/v4l2-dv-timings.c
+++ b/drivers/media/v4l2-core/v4l2-dv-timings.c
@@ -837,7 +837,7 @@ v4l2_hdmi_rx_colorimetry(const struct hd
switch (avi->colorimetry) {
case HDMI_COLORIMETRY_EXTENDED:
switch (avi->extended_colorimetry) {
- case HDMI_EXTENDED_COLORIMETRY_ADOBE_RGB:
+ case HDMI_EXTENDED_COLORIMETRY_OPRGB:
c.colorspace = V4L2_COLORSPACE_OPRGB;
c.xfer_func = V4L2_XFER_FUNC_OPRGB;
break;
@@ -908,7 +908,7 @@ v4l2_hdmi_rx_colorimetry(const struct hd
c.ycbcr_enc = V4L2_YCBCR_ENC_601;
c.xfer_func = V4L2_XFER_FUNC_SRGB;
break;
- case HDMI_EXTENDED_COLORIMETRY_ADOBE_YCC_601:
+ case HDMI_EXTENDED_COLORIMETRY_OPYCC_601:
c.colorspace = V4L2_COLORSPACE_OPRGB;
c.ycbcr_enc = V4L2_YCBCR_ENC_601;
c.xfer_func = V4L2_XFER_FUNC_OPRGB;
--- a/drivers/video/hdmi.c
+++ b/drivers/video/hdmi.c
@@ -592,10 +592,10 @@ hdmi_extended_colorimetry_get_name(enum
return "xvYCC 709";
case HDMI_EXTENDED_COLORIMETRY_S_YCC_601:
return "sYCC 601";
- case HDMI_EXTENDED_COLORIMETRY_ADOBE_YCC_601:
- return "Adobe YCC 601";
- case HDMI_EXTENDED_COLORIMETRY_ADOBE_RGB:
- return "Adobe RGB";
+ case HDMI_EXTENDED_COLORIMETRY_OPYCC_601:
+ return "opYCC 601";
+ case HDMI_EXTENDED_COLORIMETRY_OPRGB:
+ return "opRGB";
case HDMI_EXTENDED_COLORIMETRY_BT2020_CONST_LUM:
return "BT.2020 Constant Luminance";
case HDMI_EXTENDED_COLORIMETRY_BT2020:
--- a/include/linux/hdmi.h
+++ b/include/linux/hdmi.h
@@ -101,8 +101,8 @@ enum hdmi_extended_colorimetry {
HDMI_EXTENDED_COLORIMETRY_XV_YCC_601,
HDMI_EXTENDED_COLORIMETRY_XV_YCC_709,
HDMI_EXTENDED_COLORIMETRY_S_YCC_601,
- HDMI_EXTENDED_COLORIMETRY_ADOBE_YCC_601,
- HDMI_EXTENDED_COLORIMETRY_ADOBE_RGB,
+ HDMI_EXTENDED_COLORIMETRY_OPYCC_601,
+ HDMI_EXTENDED_COLORIMETRY_OPRGB,
/* The following EC values are only defined in CEA-861-F. */
HDMI_EXTENDED_COLORIMETRY_BT2020_CONST_LUM,
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 316/361] arm64: lse: remove -fcall-used-x0 flag
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (314 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 315/361] media: hdmi.h: rename ADOBE_RGB to OPRGB and ADOBE_YCC to OPYCC Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 317/361] rpmsg: smd: fix memory leak on channel create Greg Kroah-Hartman
` (47 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nick Desaulniers, Will Deacon,
Tri Vo, Catalin Marinas
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tri Vo <trong@android.com>
commit 2a6c7c367de82951c98a290a21156770f6f82c84 upstream.
x0 is not callee-saved in the PCS. So there is no need to specify
-fcall-used-x0.
Clang doesn't currently support -fcall-used flags. This patch will help
building the kernel with clang.
Tested-by: Nick Desaulniers <ndesaulniers@google.com>
Acked-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Tri Vo <trong@android.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/lib/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm64/lib/Makefile
+++ b/arch/arm64/lib/Makefile
@@ -12,7 +12,7 @@ lib-y := clear_user.o delay.o copy_from
# when supported by the CPU. Result and argument registers are handled
# correctly, based on the function prototype.
lib-$(CONFIG_ARM64_LSE_ATOMICS) += atomic_ll_sc.o
-CFLAGS_atomic_ll_sc.o := -fcall-used-x0 -ffixed-x1 -ffixed-x2 \
+CFLAGS_atomic_ll_sc.o := -ffixed-x1 -ffixed-x2 \
-ffixed-x3 -ffixed-x4 -ffixed-x5 -ffixed-x6 \
-ffixed-x7 -fcall-saved-x8 -fcall-saved-x9 \
-fcall-saved-x10 -fcall-saved-x11 -fcall-saved-x12 \
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 317/361] rpmsg: smd: fix memory leak on channel create
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (315 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 316/361] arm64: lse: remove -fcall-used-x0 flag Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 318/361] Cramfs: fix abad comparison when wrap-arounds occur Greg Kroah-Hartman
` (46 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Colin Ian King, Bjorn Andersson
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Colin Ian King <colin.king@canonical.com>
commit 940c620d6af8fca7d115de40f19870fba415efac upstream.
Currently a failed allocation of channel->name leads to an
immediate return without freeing channel. Fix this by setting
ret to -ENOMEM and jumping to an exit path that kfree's channel.
Detected by CoverityScan, CID#1473692 ("Resource Leak")
Fixes: 53e2822e56c7 ("rpmsg: Introduce Qualcomm SMD backend")
Cc: stable@vger.kernel.org
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/rpmsg/qcom_smd.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--- a/drivers/rpmsg/qcom_smd.c
+++ b/drivers/rpmsg/qcom_smd.c
@@ -1122,8 +1122,10 @@ static struct qcom_smd_channel *qcom_smd
channel->edge = edge;
channel->name = kstrdup(name, GFP_KERNEL);
- if (!channel->name)
- return ERR_PTR(-ENOMEM);
+ if (!channel->name) {
+ ret = -ENOMEM;
+ goto free_channel;
+ }
spin_lock_init(&channel->tx_lock);
spin_lock_init(&channel->recv_lock);
@@ -1173,6 +1175,7 @@ static struct qcom_smd_channel *qcom_smd
free_name_and_channel:
kfree(channel->name);
+free_channel:
kfree(channel);
return ERR_PTR(ret);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 318/361] Cramfs: fix abad comparison when wrap-arounds occur
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (316 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 317/361] rpmsg: smd: fix memory leak on channel create Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 319/361] ARM: dts: socfpga: Fix SDRAM node address for Arria10 Greg Kroah-Hartman
` (45 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Anatoly Trosinenko, Nicolas Pitre
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nicolas Pitre <nicolas.pitre@linaro.org>
commit 672ca9dd13f1aca0c17516f76fc5b0e8344b3e46 upstream.
It is possible for corrupted filesystem images to produce very large
block offsets that may wrap when a length is added, and wrongly pass
the buffer size test.
Reported-by: Anatoly Trosinenko <anatoly.trosinenko@gmail.com>
Signed-off-by: Nicolas Pitre <nico@linaro.org>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cramfs/inode.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/fs/cramfs/inode.c
+++ b/fs/cramfs/inode.c
@@ -202,7 +202,8 @@ static void *cramfs_blkdev_read(struct s
continue;
blk_offset = (blocknr - buffer_blocknr[i]) << PAGE_SHIFT;
blk_offset += offset;
- if (blk_offset + len > BUFFER_SIZE)
+ if (blk_offset > BUFFER_SIZE ||
+ blk_offset + len > BUFFER_SIZE)
continue;
return read_buffers[i] + blk_offset;
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 319/361] ARM: dts: socfpga: Fix SDRAM node address for Arria10
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (317 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 318/361] Cramfs: fix abad comparison when wrap-arounds occur Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 320/361] arm64: dts: stratix10: Correct System Manager register size Greg Kroah-Hartman
` (44 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Thor Thayer, Dinh Nguyen
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thor Thayer <thor.thayer@linux.intel.com>
commit ce3bf934f919a7d675c5b7fa4cc233ded9c6256e upstream.
The address in the SDRAM node was incorrect. Fix this to agree with the
correct address and to match the reg definition block.
Cc: stable@vger.kernel.org
Fixes: 54b4a8f57848b("arm: socfpga: dts: Add Arria10 SDRAM EDAC DTS support")
Signed-off-by: Thor Thayer <thor.thayer@linux.intel.com>
Signed-off-by: Dinh Nguyen <dinguyen@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/boot/dts/socfpga_arria10.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm/boot/dts/socfpga_arria10.dtsi
+++ b/arch/arm/boot/dts/socfpga_arria10.dtsi
@@ -613,7 +613,7 @@
status = "disabled";
};
- sdr: sdr@ffc25000 {
+ sdr: sdr@ffcfb100 {
compatible = "altr,sdr-ctl", "syscon";
reg = <0xffcfb100 0x80>;
};
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 320/361] arm64: dts: stratix10: Correct System Manager register size
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (318 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 319/361] ARM: dts: socfpga: Fix SDRAM node address for Arria10 Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 321/361] soc: qcom: rmtfs-mem: Validate that scm is available Greg Kroah-Hartman
` (43 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Thor Thayer, Dinh Nguyen
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thor Thayer <thor.thayer@linux.intel.com>
commit 74121b9aa3cd571ddfff014a9f47db36cae3cda9 upstream.
Correct the register size of the System Manager node.
Cc: stable@vger.kernel.org
Fixes: 78cd6a9d8e154 ("arm64: dts: Add base stratix 10 dtsi")
Signed-off-by: Thor Thayer <thor.thayer@linux.intel.com>
Signed-off-by: Dinh Nguyen <dinguyen@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi
+++ b/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi
@@ -335,7 +335,7 @@
sysmgr: sysmgr@ffd12000 {
compatible = "altr,sys-mgr", "syscon";
- reg = <0xffd12000 0x1000>;
+ reg = <0xffd12000 0x228>;
};
/* Local timer */
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 321/361] soc: qcom: rmtfs-mem: Validate that scm is available
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (319 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 320/361] arm64: dts: stratix10: Correct System Manager register size Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 322/361] soc/tegra: pmc: Fix child-node lookup Greg Kroah-Hartman
` (42 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Bjorn Andersson, Andy Gross
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bjorn Andersson <bjorn.andersson@linaro.org>
commit 137dc5843faeacabf48fc22a8dc58c4e0b4f0927 upstream.
The scm device must be present in order for the rmtfs driver to
configure memory permissions for the rmtfs memory region, so check that
it is probed before continuing.
Cc: stable@vger.kernel.org
Fixes: fa65f8045137 ("soc: qcom: rmtfs-mem: Add support for assigning memory to remote")
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Andy Gross <andy.gross@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/soc/qcom/rmtfs_mem.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/soc/qcom/rmtfs_mem.c
+++ b/drivers/soc/qcom/rmtfs_mem.c
@@ -212,6 +212,11 @@ static int qcom_rmtfs_mem_probe(struct p
dev_err(&pdev->dev, "failed to parse qcom,vmid\n");
goto remove_cdev;
} else if (!ret) {
+ if (!qcom_scm_is_available()) {
+ ret = -EPROBE_DEFER;
+ goto remove_cdev;
+ }
+
perms[0].vmid = QCOM_SCM_VMID_HLOS;
perms[0].perm = QCOM_SCM_PERM_RW;
perms[1].vmid = vmid;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 322/361] soc/tegra: pmc: Fix child-node lookup
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (320 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 321/361] soc: qcom: rmtfs-mem: Validate that scm is available Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 323/361] selftests/ftrace: Fix synthetic event test to delete event correctly Greg Kroah-Hartman
` (41 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mikko Perttunen, Johan Hovold,
Thierry Reding
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johan Hovold <johan@kernel.org>
commit 1dc6bd5e39a29453bdcc17348dd2a89f1aa4004e upstream.
Fix child-node lookup during probe, which ended up searching the whole
device tree depth-first starting at the parent rather than just matching
on its children.
To make things worse, the parent pmc node could end up being prematurely
freed as of_find_node_by_name() drops a reference to its first argument.
Fixes: 3568df3d31d6 ("soc: tegra: Add thermal reset (thermtrip) support to PMC")
Cc: stable <stable@vger.kernel.org> # 4.0
Cc: Mikko Perttunen <mperttunen@nvidia.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Reviewed-by: Mikko Perttunen <mperttunen@nvidia.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/soc/tegra/pmc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/soc/tegra/pmc.c
+++ b/drivers/soc/tegra/pmc.c
@@ -1288,7 +1288,7 @@ static void tegra_pmc_init_tsense_reset(
if (!pmc->soc->has_tsense_reset)
return;
- np = of_find_node_by_name(pmc->dev->of_node, "i2c-thermtrip");
+ np = of_get_child_by_name(pmc->dev->of_node, "i2c-thermtrip");
if (!np) {
dev_warn(dev, "i2c-thermtrip node not found, %s.\n", disabled);
return;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 323/361] selftests/ftrace: Fix synthetic event test to delete event correctly
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (321 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 322/361] soc/tegra: pmc: Fix child-node lookup Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 324/361] selftests/powerpc: Fix ptrace tm failure Greg Kroah-Hartman
` (40 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Shuah Khan, Tom Zanussi, Tom Zanussi,
Tom Zanussi, Rajvi Jingar, Masami Hiramatsu,
Steven Rostedt (VMware)
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Masami Hiramatsu <mhiramat@kernel.org>
commit 0d0352d8b3d6d7ca9a710b40e194cbbaeb841c88 upstream.
Fix the synthetic event test case to remove event correctly.
If redirecting command to synthetic_event file without append
mode, it cleans up all existing events and execute (parse) the
command. This means "delete event" always fails to find the
target event.
Since previous synthetic event has a bug which doesn't return
-ENOENT even if it fails to find the deleting event, this test
passed. But fixing that bug, this test fails because this test
itself has a bug.
This fixes that bug by trying to delete event right after
adding an event, and use append mode redirection ('>>') instead
of normal redirection ('>').
Link: http://lkml.kernel.org/r/154013452832.25576.2305459545429386517.stgit@devbox
Acked-by: Shuah Khan <shuah@kernel.org>
Acked-by: Tom Zanussi <zanussi@linux.intel.com>
Tested-by: Tom Zanussi <zanussi@linux.intel.com>
Cc: Tom Zanussi <zanussi@kernel.org>
Cc: Tom Zanussi <tom.zanussi@linux.intel.com>
Cc: Rajvi Jingar <rajvi.jingar@intel.com>
Cc: Shuah Khan <shuah@kernel.org>
Cc: stable@vger.kernel.org
Fixes: f06eec4d0f2c ('selftests: ftrace: Add inter-event hist triggers testcases')
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/testing/selftests/ftrace/test.d/trigger/inter-event/trigger-synthetic-event-createremove.tc | 12 +++++-----
1 file changed, 6 insertions(+), 6 deletions(-)
--- a/tools/testing/selftests/ftrace/test.d/trigger/inter-event/trigger-synthetic-event-createremove.tc
+++ b/tools/testing/selftests/ftrace/test.d/trigger/inter-event/trigger-synthetic-event-createremove.tc
@@ -35,18 +35,18 @@ fi
reset_trigger
-echo "Test create synthetic event with an error"
-echo 'wakeup_latency u64 lat pid_t pid char' > synthetic_events > /dev/null
+echo "Test remove synthetic event"
+echo '!wakeup_latency u64 lat pid_t pid char comm[16]' >> synthetic_events
if [ -d events/synthetic/wakeup_latency ]; then
- fail "Created wakeup_latency synthetic event with an invalid format"
+ fail "Failed to delete wakeup_latency synthetic event"
fi
reset_trigger
-echo "Test remove synthetic event"
-echo '!wakeup_latency u64 lat pid_t pid char comm[16]' > synthetic_events
+echo "Test create synthetic event with an error"
+echo 'wakeup_latency u64 lat pid_t pid char' > synthetic_events > /dev/null
if [ -d events/synthetic/wakeup_latency ]; then
- fail "Failed to delete wakeup_latency synthetic event"
+ fail "Created wakeup_latency synthetic event with an invalid format"
fi
do_reset
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 324/361] selftests/powerpc: Fix ptrace tm failure
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (322 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 323/361] selftests/ftrace: Fix synthetic event test to delete event correctly Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 325/361] tracing: Return -ENOENT if there is no target synthetic event Greg Kroah-Hartman
` (39 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Breno Leitao, Segher Boessenkool,
Michael Ellerman
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Breno Leitao <leitao@debian.org>
commit 48dc0ef19044bfb69193302fbe3a834e3331b7ae upstream.
Test ptrace-tm-spd-gpr fails on current kernel (4.19) due to a segmentation
fault that happens on the child process prior to setting cptr[2] = 1. This
causes the parent process to wait forever at 'while (!pptr[2])' and the test to
be killed by the test harness framework by timeout, thus, failing.
The segmentation fault happens because of a inline assembly being
generated as:
0x10000355c <tm_spd_gpr+492> lfs f0, 0(0)
This is reading memory position 0x0 and causing the segmentation fault.
This code is being generated by ASM_LOAD_FPR_SINGLE_PRECISION(flt_4), where
flt_4 is passed to the inline assembly block as:
[flt_4] "r" (&d)
Since the inline assembly 'r' constraint means any GPR, gpr0 is being
chosen, thus causing this issue when issuing a Load Floating-Point Single
instruction.
This patch simply changes the constraint to 'b', which specify that this
register will be used as base, and r0 is not allowed to be used, avoiding
this issue.
Other than that, removing flt_2 register from the input operands, since it
is not used by the inline assembly code at all.
Cc: stable@vger.kernel.org
Signed-off-by: Breno Leitao <leitao@debian.org>
Acked-by: Segher Boessenkool <segher@kernel.crashing.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/testing/selftests/powerpc/ptrace/ptrace-tm-spd-gpr.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/tools/testing/selftests/powerpc/ptrace/ptrace-tm-spd-gpr.c
+++ b/tools/testing/selftests/powerpc/ptrace/ptrace-tm-spd-gpr.c
@@ -67,8 +67,8 @@ trans:
"3: ;"
: [res] "=r" (result), [texasr] "=r" (texasr)
: [gpr_1]"i"(GPR_1), [gpr_2]"i"(GPR_2), [gpr_4]"i"(GPR_4),
- [sprn_texasr] "i" (SPRN_TEXASR), [flt_1] "r" (&a),
- [flt_2] "r" (&b), [flt_4] "r" (&d)
+ [sprn_texasr] "i" (SPRN_TEXASR), [flt_1] "b" (&a),
+ [flt_4] "b" (&d)
: "memory", "r5", "r6", "r7",
"r8", "r9", "r10", "r11", "r12", "r13", "r14", "r15",
"r16", "r17", "r18", "r19", "r20", "r21", "r22", "r23",
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 325/361] tracing: Return -ENOENT if there is no target synthetic event
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (323 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 324/361] selftests/powerpc: Fix ptrace tm failure Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 326/361] btrfs: qgroup: Avoid calling qgroup functions if qgroup is not enabled Greg Kroah-Hartman
` (38 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tom Zanussi, Shuah Khan,
Rajvi Jingar, Masami Hiramatsu, Steven Rostedt (VMware)
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Masami Hiramatsu <mhiramat@kernel.org>
commit 18858511fd8a877303cc34c06efa461b26a0e070 upstream.
Return -ENOENT error if there is no target synthetic event.
This notices an operation failure to user as below;
# echo 'wakeup_latency u64 lat; pid_t pid;' > synthetic_events
# echo '!wakeup' >> synthetic_events
sh: write error: No such file or directory
Link: http://lkml.kernel.org/r/154013449986.25576.9487131386597290172.stgit@devbox
Acked-by: Tom Zanussi <zanussi@linux.intel.com>
Tested-by: Tom Zanussi <zanussi@linux.intel.com>
Cc: Shuah Khan <shuah@kernel.org>
Cc: Rajvi Jingar <rajvi.jingar@intel.com>
Cc: stable@vger.kernel.org
Fixes: 4b147936fa50 ('tracing: Add support for 'synthetic' events')
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/trace_events_hist.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/kernel/trace/trace_events_hist.c
+++ b/kernel/trace/trace_events_hist.c
@@ -1063,8 +1063,10 @@ static int create_synth_event(int argc,
event = NULL;
ret = -EEXIST;
goto out;
- } else if (delete_event)
+ } else if (delete_event) {
+ ret = -ENOENT;
goto out;
+ }
if (argc < 2) {
ret = -EINVAL;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 326/361] btrfs: qgroup: Avoid calling qgroup functions if qgroup is not enabled
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (324 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 325/361] tracing: Return -ENOENT if there is no target synthetic event Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 327/361] btrfs: Handle owner mismatch gracefully when walking up tree Greg Kroah-Hartman
` (37 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chris Murphy, Qu Wenruo, David Sterba
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Qu Wenruo <wqu@suse.com>
commit 3628b4ca64f24a4ec55055597d0cb1c814729f8b upstream.
Some qgroup trace events like btrfs_qgroup_release_data() and
btrfs_qgroup_free_delayed_ref() can still be triggered even if qgroup is
not enabled.
This is caused by the lack of qgroup status check before calling some
qgroup functions. Thankfully the functions can handle quota disabled
case well and just do nothing for qgroup disabled case.
This patch will do earlier check before triggering related trace events.
And for enabled <-> disabled race case:
1) For enabled->disabled case
Disable will wipe out all qgroups data including reservation and
excl/rfer. Even if we leak some reservation or numbers, it will
still be cleared, so nothing will go wrong.
2) For disabled -> enabled case
Current btrfs_qgroup_release_data() will use extent_io tree to ensure
we won't underflow reservation. And for delayed_ref we use
head->qgroup_reserved to record the reserved space, so in that case
head->qgroup_reserved should be 0 and we won't underflow.
CC: stable@vger.kernel.org # 4.14+
Reported-by: Chris Murphy <lists@colorremedies.com>
Link: https://lore.kernel.org/linux-btrfs/CAJCQCtQau7DtuUUeycCkZ36qjbKuxNzsgqJ7+sJ6W0dK_NLE3w@mail.gmail.com/
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/qgroup.c | 4 ++++
fs/btrfs/qgroup.h | 2 ++
2 files changed, 6 insertions(+)
--- a/fs/btrfs/qgroup.c
+++ b/fs/btrfs/qgroup.c
@@ -3106,6 +3106,10 @@ static int __btrfs_qgroup_release_data(s
int trace_op = QGROUP_RELEASE;
int ret;
+ if (!test_bit(BTRFS_FS_QUOTA_ENABLED,
+ &BTRFS_I(inode)->root->fs_info->flags))
+ return 0;
+
/* In release case, we shouldn't have @reserved */
WARN_ON(!free && reserved);
if (free && reserved)
--- a/fs/btrfs/qgroup.h
+++ b/fs/btrfs/qgroup.h
@@ -249,6 +249,8 @@ void btrfs_qgroup_free_refroot(struct bt
static inline void btrfs_qgroup_free_delayed_ref(struct btrfs_fs_info *fs_info,
u64 ref_root, u64 num_bytes)
{
+ if (!test_bit(BTRFS_FS_QUOTA_ENABLED, &fs_info->flags))
+ return;
trace_btrfs_qgroup_free_delayed_ref(fs_info, ref_root, num_bytes);
btrfs_qgroup_free_refroot(fs_info, ref_root, num_bytes,
BTRFS_QGROUP_RSV_DATA);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 327/361] btrfs: Handle owner mismatch gracefully when walking up tree
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (325 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 326/361] btrfs: qgroup: Avoid calling qgroup functions if qgroup is not enabled Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 328/361] btrfs: locking: Add extra check in btrfs_init_new_buffer() to avoid deadlock Greg Kroah-Hartman
` (36 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Xu Wen, Qu Wenruo, David Sterba
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Qu Wenruo <wqu@suse.com>
commit 65c6e82becec33731f48786e5a30f98662c86b16 upstream.
[BUG]
When mounting certain crafted image, btrfs will trigger kernel BUG_ON()
when trying to recover balance:
kernel BUG at fs/btrfs/extent-tree.c:8956!
invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
CPU: 1 PID: 662 Comm: mount Not tainted 4.18.0-rc1-custom+ #10
RIP: 0010:walk_up_proc+0x336/0x480 [btrfs]
RSP: 0018:ffffb53540c9b890 EFLAGS: 00010202
Call Trace:
walk_up_tree+0x172/0x1f0 [btrfs]
btrfs_drop_snapshot+0x3a4/0x830 [btrfs]
merge_reloc_roots+0xe1/0x1d0 [btrfs]
btrfs_recover_relocation+0x3ea/0x420 [btrfs]
open_ctree+0x1af3/0x1dd0 [btrfs]
btrfs_mount_root+0x66b/0x740 [btrfs]
mount_fs+0x3b/0x16a
vfs_kern_mount.part.9+0x54/0x140
btrfs_mount+0x16d/0x890 [btrfs]
mount_fs+0x3b/0x16a
vfs_kern_mount.part.9+0x54/0x140
do_mount+0x1fd/0xda0
ksys_mount+0xba/0xd0
__x64_sys_mount+0x21/0x30
do_syscall_64+0x60/0x210
entry_SYSCALL_64_after_hwframe+0x49/0xbe
[CAUSE]
Extent tree corruption. In this particular case, reloc tree root's
owner is DATA_RELOC_TREE (should be TREE_RELOC), thus its backref is
corrupted and we failed the owner check in walk_up_tree().
[FIX]
It's pretty hard to take care of every extent tree corruption, but at
least we can remove such BUG_ON() and exit more gracefully.
And since in this particular image, DATA_RELOC_TREE and TREE_RELOC share
the same root (which is obviously invalid), we needs to make
__del_reloc_root() more robust to detect such invalid sharing to avoid
possible NULL dereference as root->node can be NULL in this case.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=200411
Reported-by: Xu Wen <wen.xu@gatech.edu>
CC: stable@vger.kernel.org # 4.4+
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/extent-tree.c | 18 ++++++++++++------
fs/btrfs/relocation.c | 2 +-
2 files changed, 13 insertions(+), 7 deletions(-)
--- a/fs/btrfs/extent-tree.c
+++ b/fs/btrfs/extent-tree.c
@@ -8763,15 +8763,14 @@ static noinline int walk_up_proc(struct
if (eb == root->node) {
if (wc->flags[level] & BTRFS_BLOCK_FLAG_FULL_BACKREF)
parent = eb->start;
- else
- BUG_ON(root->root_key.objectid !=
- btrfs_header_owner(eb));
+ else if (root->root_key.objectid != btrfs_header_owner(eb))
+ goto owner_mismatch;
} else {
if (wc->flags[level + 1] & BTRFS_BLOCK_FLAG_FULL_BACKREF)
parent = path->nodes[level + 1]->start;
- else
- BUG_ON(root->root_key.objectid !=
- btrfs_header_owner(path->nodes[level + 1]));
+ else if (root->root_key.objectid !=
+ btrfs_header_owner(path->nodes[level + 1]))
+ goto owner_mismatch;
}
btrfs_free_tree_block(trans, root, eb, parent, wc->refs[level] == 1);
@@ -8779,6 +8778,11 @@ out:
wc->refs[level] = 0;
wc->flags[level] = 0;
return 0;
+
+owner_mismatch:
+ btrfs_err_rl(fs_info, "unexpected tree owner, have %llu expect %llu",
+ btrfs_header_owner(eb), root->root_key.objectid);
+ return -EUCLEAN;
}
static noinline int walk_down_tree(struct btrfs_trans_handle *trans,
@@ -8832,6 +8836,8 @@ static noinline int walk_up_tree(struct
ret = walk_up_proc(trans, root, path, wc);
if (ret > 0)
return 0;
+ if (ret < 0)
+ return ret;
if (path->locks[level]) {
btrfs_tree_unlock_rw(path->nodes[level],
--- a/fs/btrfs/relocation.c
+++ b/fs/btrfs/relocation.c
@@ -1281,7 +1281,7 @@ static void __del_reloc_root(struct btrf
struct mapping_node *node = NULL;
struct reloc_control *rc = fs_info->reloc_ctl;
- if (rc) {
+ if (rc && root->node) {
spin_lock(&rc->reloc_root_tree.lock);
rb_node = tree_search(&rc->reloc_root_tree.rb_root,
root->node->start);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 328/361] btrfs: locking: Add extra check in btrfs_init_new_buffer() to avoid deadlock
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (326 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 327/361] btrfs: Handle owner mismatch gracefully when walking up tree Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 329/361] btrfs: fix error handling in free_log_tree Greg Kroah-Hartman
` (35 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Xu Wen, Qu Wenruo, David Sterba
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Qu Wenruo <wqu@suse.com>
commit b72c3aba09a53fc7c1824250d71180ca154517a7 upstream.
[BUG]
For certain crafted image, whose csum root leaf has missing backref, if
we try to trigger write with data csum, it could cause deadlock with the
following kernel WARN_ON():
WARNING: CPU: 1 PID: 41 at fs/btrfs/locking.c:230 btrfs_tree_lock+0x3e2/0x400
CPU: 1 PID: 41 Comm: kworker/u4:1 Not tainted 4.18.0-rc1+ #8
Workqueue: btrfs-endio-write btrfs_endio_write_helper
RIP: 0010:btrfs_tree_lock+0x3e2/0x400
Call Trace:
btrfs_alloc_tree_block+0x39f/0x770
__btrfs_cow_block+0x285/0x9e0
btrfs_cow_block+0x191/0x2e0
btrfs_search_slot+0x492/0x1160
btrfs_lookup_csum+0xec/0x280
btrfs_csum_file_blocks+0x2be/0xa60
add_pending_csums+0xaf/0xf0
btrfs_finish_ordered_io+0x74b/0xc90
finish_ordered_fn+0x15/0x20
normal_work_helper+0xf6/0x500
btrfs_endio_write_helper+0x12/0x20
process_one_work+0x302/0x770
worker_thread+0x81/0x6d0
kthread+0x180/0x1d0
ret_from_fork+0x35/0x40
[CAUSE]
That crafted image has missing backref for csum tree root leaf. And
when we try to allocate new tree block, since there is no
EXTENT/METADATA_ITEM for csum tree root, btrfs consider it's free slot
and use it.
The extent tree of the image looks like:
Normal image | This fuzzed image
----------------------------------+--------------------------------
BG 29360128 | BG 29360128
One empty slot | One empty slot
29364224: backref to UUID tree | 29364224: backref to UUID tree
Two empty slots | Two empty slots
29376512: backref to CSUM tree | One empty slot (bad type) <<<
29380608: backref to D_RELOC tree | 29380608: backref to D_RELOC tree
... | ...
Since bytenr 29376512 has no METADATA/EXTENT_ITEM, when btrfs try to
alloc tree block, it's an valid slot for btrfs.
And for finish_ordered_write, when we need to insert csum, we try to CoW
csum tree root.
By accident, empty slots at bytenr BG_OFFSET, BG_OFFSET + 8K,
BG_OFFSET + 12K is already used by tree block COW for other trees, the
next empty slot is BG_OFFSET + 16K, which should be the backref for CSUM
tree.
But due to the bad type, btrfs can recognize it and still consider it as
an empty slot, and will try to use it for csum tree CoW.
Then in the following call trace, we will try to lock the new tree
block, which turns out to be the old csum tree root which is already
locked:
btrfs_search_slot() called on csum tree root, which is at 29376512
|- btrfs_cow_block()
|- btrfs_set_lock_block()
| |- Now locks tree block 29376512 (old csum tree root)
|- __btrfs_cow_block()
|- btrfs_alloc_tree_block()
|- btrfs_reserve_extent()
| Now it returns tree block 29376512, which extent tree
| shows its empty slot, but it's already hold by csum tree
|- btrfs_init_new_buffer()
|- btrfs_tree_lock()
| Triggers WARN_ON(eb->lock_owner == current->pid)
|- wait_event()
Wait lock owner to release the lock, but it's
locked by ourself, so it will deadlock
[FIX]
This patch will do the lock_owner and current->pid check at
btrfs_init_new_buffer().
So above deadlock can be avoided.
Since such problem can only happen in crafted image, we will still
trigger kernel warning for later aborted transaction, but with a little
more meaningful warning message.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=200405
Reported-by: Xu Wen <wen.xu@gatech.edu>
CC: stable@vger.kernel.org # 4.4+
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/extent-tree.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
--- a/fs/btrfs/extent-tree.c
+++ b/fs/btrfs/extent-tree.c
@@ -8119,6 +8119,19 @@ btrfs_init_new_buffer(struct btrfs_trans
if (IS_ERR(buf))
return buf;
+ /*
+ * Extra safety check in case the extent tree is corrupted and extent
+ * allocator chooses to use a tree block which is already used and
+ * locked.
+ */
+ if (buf->lock_owner == current->pid) {
+ btrfs_err_rl(fs_info,
+"tree block %llu owner %llu already locked by pid=%d, extent tree corruption detected",
+ buf->start, btrfs_header_owner(buf), current->pid);
+ free_extent_buffer(buf);
+ return ERR_PTR(-EUCLEAN);
+ }
+
btrfs_set_buffer_lockdep_class(root->root_key.objectid, buf, level);
btrfs_tree_lock(buf);
clean_tree_block(fs_info, buf);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 329/361] btrfs: fix error handling in free_log_tree
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (327 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 328/361] btrfs: locking: Add extra check in btrfs_init_new_buffer() to avoid deadlock Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 330/361] btrfs: fix error handling in btrfs_dev_replace_start Greg Kroah-Hartman
` (34 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jeff Mahoney, David Sterba
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jeff Mahoney <jeffm@suse.com>
commit 374b0e2d6ba5da7fd1cadb3247731ff27d011f6f upstream.
When we hit an I/O error in free_log_tree->walk_log_tree during file system
shutdown we can crash due to there not being a valid transaction handle.
Use btrfs_handle_fs_error when there's no transaction handle to use.
BUG: unable to handle kernel NULL pointer dereference at 0000000000000060
IP: free_log_tree+0xd2/0x140 [btrfs]
PGD 0 P4D 0
Oops: 0000 [#1] SMP DEBUG_PAGEALLOC PTI
Modules linked in: <modules>
CPU: 2 PID: 23544 Comm: umount Tainted: G W 4.12.14-kvmsmall #9 SLE15 (unreleased)
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.0.0-prebuilt.qemu-project.org 04/01/2014
task: ffff96bfd3478880 task.stack: ffffa7cf40d78000
RIP: 0010:free_log_tree+0xd2/0x140 [btrfs]
RSP: 0018:ffffa7cf40d7bd10 EFLAGS: 00010282
RAX: 00000000fffffffb RBX: 00000000fffffffb RCX: 0000000000000002
RDX: 0000000000000000 RSI: ffff96c02f07d4c8 RDI: 0000000000000282
RBP: ffff96c013cf1000 R08: ffff96c02f07d4c8 R09: ffff96c02f07d4d0
R10: 0000000000000000 R11: 0000000000000002 R12: 0000000000000000
R13: ffff96c005e800c0 R14: ffffa7cf40d7bdb8 R15: 0000000000000000
FS: 00007f17856bcfc0(0000) GS:ffff96c03f600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000060 CR3: 0000000045ed6002 CR4: 00000000003606e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
? wait_for_writer+0xb0/0xb0 [btrfs]
btrfs_free_log+0x17/0x30 [btrfs]
btrfs_drop_and_free_fs_root+0x9a/0xe0 [btrfs]
btrfs_free_fs_roots+0xc0/0x130 [btrfs]
? wait_for_completion+0xf2/0x100
close_ctree+0xea/0x2e0 [btrfs]
? kthread_stop+0x161/0x260
generic_shutdown_super+0x6c/0x120
kill_anon_super+0xe/0x20
btrfs_kill_super+0x13/0x100 [btrfs]
deactivate_locked_super+0x3f/0x70
cleanup_mnt+0x3b/0x70
task_work_run+0x78/0x90
exit_to_usermode_loop+0x77/0xa6
do_syscall_64+0x1c5/0x1e0
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x7f1784f90827
RSP: 002b:00007ffdeeb03118 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000556a60c62970 RCX: 00007f1784f90827
RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000556a60c62b50
RBP: 0000000000000000 R08: 0000000000000005 R09: 00000000ffffffff
R10: 0000556a60c63900 R11: 0000000000000246 R12: 0000556a60c62b50
R13: 00007f17854a81c4 R14: 0000000000000000 R15: 0000000000000000
RIP: free_log_tree+0xd2/0x140 [btrfs] RSP: ffffa7cf40d7bd10
CR2: 0000000000000060
Fixes: 681ae50917df9 ("Btrfs: cleanup reserved space when freeing tree log on error")
CC: <stable@vger.kernel.org> # v3.13
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/tree-log.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
--- a/fs/btrfs/tree-log.c
+++ b/fs/btrfs/tree-log.c
@@ -3196,9 +3196,12 @@ static void free_log_tree(struct btrfs_t
};
ret = walk_log_tree(trans, log, &wc);
- /* I don't think this can happen but just in case */
- if (ret)
- btrfs_abort_transaction(trans, ret);
+ if (ret) {
+ if (trans)
+ btrfs_abort_transaction(trans, ret);
+ else
+ btrfs_handle_fs_error(log->fs_info, ret, NULL);
+ }
while (1) {
ret = find_first_extent_bit(&log->dirty_log_pages,
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 330/361] btrfs: fix error handling in btrfs_dev_replace_start
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (328 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 329/361] btrfs: fix error handling in free_log_tree Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 331/361] btrfs: Enhance btrfs_trim_fs function to handle error better Greg Kroah-Hartman
` (33 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jeff Mahoney, David Sterba
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jeff Mahoney <jeffm@suse.com>
commit 5c06147128fbbdf7a84232c5f0d808f53153defe upstream.
When we fail to start a transaction in btrfs_dev_replace_start, we leave
dev_replace->replace_start set to STARTED but clear ->srcdev and
->tgtdev. Later, that can result in an Oops in
btrfs_dev_replace_progress when having state set to STARTED or SUSPENDED
implies that ->srcdev is valid.
Also fix error handling when the state is already STARTED or SUSPENDED
while starting. That, too, will clear ->srcdev and ->tgtdev even though
it doesn't own them. This should be an impossible case to hit since we
should be protected by the BTRFS_FS_EXCL_OP bit being set. Let's add an
ASSERT there while we're at it.
Fixes: e93c89c1aaaaa (Btrfs: add new sources for device replace code)
CC: stable@vger.kernel.org # 4.4+
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/dev-replace.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--- a/fs/btrfs/dev-replace.c
+++ b/fs/btrfs/dev-replace.c
@@ -440,6 +440,7 @@ int btrfs_dev_replace_start(struct btrfs
break;
case BTRFS_IOCTL_DEV_REPLACE_STATE_STARTED:
case BTRFS_IOCTL_DEV_REPLACE_STATE_SUSPENDED:
+ ASSERT(0);
ret = BTRFS_IOCTL_DEV_REPLACE_RESULT_ALREADY_STARTED;
goto leave;
}
@@ -482,6 +483,10 @@ int btrfs_dev_replace_start(struct btrfs
if (IS_ERR(trans)) {
ret = PTR_ERR(trans);
btrfs_dev_replace_write_lock(dev_replace);
+ dev_replace->replace_state =
+ BTRFS_IOCTL_DEV_REPLACE_STATE_NEVER_STARTED;
+ dev_replace->srcdev = NULL;
+ dev_replace->tgtdev = NULL;
goto leave;
}
@@ -503,8 +508,6 @@ int btrfs_dev_replace_start(struct btrfs
return ret;
leave:
- dev_replace->srcdev = NULL;
- dev_replace->tgtdev = NULL;
btrfs_dev_replace_write_unlock(dev_replace);
btrfs_destroy_dev_replace_tgtdev(tgt_device);
return ret;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 331/361] btrfs: Enhance btrfs_trim_fs function to handle error better
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (329 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 330/361] btrfs: fix error handling in btrfs_dev_replace_start Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 332/361] btrfs: Ensure btrfs_trim_fs can trim the whole filesystem Greg Kroah-Hartman
` (32 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chris Murphy, Qu Wenruo, David Sterba
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Qu Wenruo <wqu@suse.com>
commit 93bba24d4b5ad1e5cd8b43f64e66ff9d6355dd20 upstream.
Function btrfs_trim_fs() doesn't handle errors in a consistent way. If
error happens when trimming existing block groups, it will skip the
remaining blocks and continue to trim unallocated space for each device.
The return value will only reflect the final error from device trimming.
This patch will fix such behavior by:
1) Recording the last error from block group or device trimming
The return value will also reflect the last error during trimming.
Make developer more aware of the problem.
2) Continuing trimming if possible
If we failed to trim one block group or device, we could still try
the next block group or device.
3) Report number of failures during block group and device trimming
It would be less noisy, but still gives user a brief summary of
what's going wrong.
Such behavior can avoid confusion for cases like failure to trim the
first block group and then only unallocated space is trimmed.
Reported-by: Chris Murphy <lists@colorremedies.com>
CC: stable@vger.kernel.org # 4.4+
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
[ add bg_ret and dev_ret to the messages ]
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/extent-tree.c | 49 ++++++++++++++++++++++++++++++++++++++-----------
1 file changed, 38 insertions(+), 11 deletions(-)
--- a/fs/btrfs/extent-tree.c
+++ b/fs/btrfs/extent-tree.c
@@ -10850,6 +10850,15 @@ static int btrfs_trim_free_extents(struc
return ret;
}
+/*
+ * Trim the whole filesystem by:
+ * 1) trimming the free space in each block group
+ * 2) trimming the unallocated space on each device
+ *
+ * This will also continue trimming even if a block group or device encounters
+ * an error. The return value will be the last error, or 0 if nothing bad
+ * happens.
+ */
int btrfs_trim_fs(struct btrfs_fs_info *fs_info, struct fstrim_range *range)
{
struct btrfs_block_group_cache *cache = NULL;
@@ -10860,6 +10869,10 @@ int btrfs_trim_fs(struct btrfs_fs_info *
u64 end;
u64 trimmed = 0;
u64 total_bytes = btrfs_super_total_bytes(fs_info->super_copy);
+ u64 bg_failed = 0;
+ u64 dev_failed = 0;
+ int bg_ret = 0;
+ int dev_ret = 0;
int ret = 0;
/*
@@ -10870,7 +10883,7 @@ int btrfs_trim_fs(struct btrfs_fs_info *
else
cache = btrfs_lookup_block_group(fs_info, range->start);
- while (cache) {
+ for (; cache; cache = next_block_group(fs_info, cache)) {
if (cache->key.objectid >= (range->start + range->len)) {
btrfs_put_block_group(cache);
break;
@@ -10884,13 +10897,15 @@ int btrfs_trim_fs(struct btrfs_fs_info *
if (!block_group_cache_done(cache)) {
ret = cache_block_group(cache, 0);
if (ret) {
- btrfs_put_block_group(cache);
- break;
+ bg_failed++;
+ bg_ret = ret;
+ continue;
}
ret = wait_block_group_cache_done(cache);
if (ret) {
- btrfs_put_block_group(cache);
- break;
+ bg_failed++;
+ bg_ret = ret;
+ continue;
}
}
ret = btrfs_trim_block_group(cache,
@@ -10901,28 +10916,40 @@ int btrfs_trim_fs(struct btrfs_fs_info *
trimmed += group_trimmed;
if (ret) {
- btrfs_put_block_group(cache);
- break;
+ bg_failed++;
+ bg_ret = ret;
+ continue;
}
}
-
- cache = next_block_group(fs_info, cache);
}
+ if (bg_failed)
+ btrfs_warn(fs_info,
+ "failed to trim %llu block group(s), last error %d",
+ bg_failed, bg_ret);
mutex_lock(&fs_info->fs_devices->device_list_mutex);
devices = &fs_info->fs_devices->alloc_list;
list_for_each_entry(device, devices, dev_alloc_list) {
ret = btrfs_trim_free_extents(device, range->minlen,
&group_trimmed);
- if (ret)
+ if (ret) {
+ dev_failed++;
+ dev_ret = ret;
break;
+ }
trimmed += group_trimmed;
}
mutex_unlock(&fs_info->fs_devices->device_list_mutex);
+ if (dev_failed)
+ btrfs_warn(fs_info,
+ "failed to trim %llu device(s), last error %d",
+ dev_failed, dev_ret);
range->len = trimmed;
- return ret;
+ if (bg_ret)
+ return bg_ret;
+ return dev_ret;
}
/*
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 332/361] btrfs: Ensure btrfs_trim_fs can trim the whole filesystem
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (330 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 331/361] btrfs: Enhance btrfs_trim_fs function to handle error better Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 333/361] btrfs: iterate all devices during trim, instead of fs_devices::alloc_list Greg Kroah-Hartman
` (31 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chris Murphy, Qu Wenruo,
Nikolay Borisov, David Sterba
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Qu Wenruo <wqu@suse.com>
commit 6ba9fc8e628becf0e3ec94083450d089b0dec5f5 upstream.
[BUG]
fstrim on some btrfs only trims the unallocated space, not trimming any
space in existing block groups.
[CAUSE]
Before fstrim_range passed to btrfs_trim_fs(), it gets truncated to
range [0, super->total_bytes). So later btrfs_trim_fs() will only be
able to trim block groups in range [0, super->total_bytes).
While for btrfs, any bytenr aligned to sectorsize is valid, since btrfs
uses its logical address space, there is nothing limiting the location
where we put block groups.
For filesystem with frequent balance, it's quite easy to relocate all
block groups and bytenr of block groups will start beyond
super->total_bytes.
In that case, btrfs will not trim existing block groups.
[FIX]
Just remove the truncation in btrfs_ioctl_fitrim(), so btrfs_trim_fs()
can get the unmodified range, which is normally set to [0, U64_MAX].
Reported-by: Chris Murphy <lists@colorremedies.com>
Fixes: f4c697e6406d ("btrfs: return EINVAL if start > total_bytes in fitrim ioctl")
CC: <stable@vger.kernel.org> # v4.4+
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/extent-tree.c | 10 +---------
fs/btrfs/ioctl.c | 11 +++++++----
2 files changed, 8 insertions(+), 13 deletions(-)
--- a/fs/btrfs/extent-tree.c
+++ b/fs/btrfs/extent-tree.c
@@ -10868,21 +10868,13 @@ int btrfs_trim_fs(struct btrfs_fs_info *
u64 start;
u64 end;
u64 trimmed = 0;
- u64 total_bytes = btrfs_super_total_bytes(fs_info->super_copy);
u64 bg_failed = 0;
u64 dev_failed = 0;
int bg_ret = 0;
int dev_ret = 0;
int ret = 0;
- /*
- * try to trim all FS space, our block group may start from non-zero.
- */
- if (range->len == total_bytes)
- cache = btrfs_lookup_first_block_group(fs_info, range->start);
- else
- cache = btrfs_lookup_block_group(fs_info, range->start);
-
+ cache = btrfs_lookup_first_block_group(fs_info, range->start);
for (; cache; cache = next_block_group(fs_info, cache)) {
if (cache->key.objectid >= (range->start + range->len)) {
btrfs_put_block_group(cache);
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -491,7 +491,6 @@ static noinline int btrfs_ioctl_fitrim(s
struct fstrim_range range;
u64 minlen = ULLONG_MAX;
u64 num_devices = 0;
- u64 total_bytes = btrfs_super_total_bytes(fs_info->super_copy);
int ret;
if (!capable(CAP_SYS_ADMIN))
@@ -515,11 +514,15 @@ static noinline int btrfs_ioctl_fitrim(s
return -EOPNOTSUPP;
if (copy_from_user(&range, arg, sizeof(range)))
return -EFAULT;
- if (range.start > total_bytes ||
- range.len < fs_info->sb->s_blocksize)
+
+ /*
+ * NOTE: Don't truncate the range using super->total_bytes. Bytenr of
+ * block group is in the logical address space, which can be any
+ * sectorsize aligned bytenr in the range [0, U64_MAX].
+ */
+ if (range.len < fs_info->sb->s_blocksize)
return -EINVAL;
- range.len = min(range.len, total_bytes - range.start);
range.minlen = max(range.minlen, minlen);
ret = btrfs_trim_fs(fs_info, &range);
if (ret < 0)
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 333/361] btrfs: iterate all devices during trim, instead of fs_devices::alloc_list
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (331 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 332/361] btrfs: Ensure btrfs_trim_fs can trim the whole filesystem Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 334/361] btrfs: dont attempt to trim devices that dont support it Greg Kroah-Hartman
` (30 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jeff Mahoney, David Sterba
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jeff Mahoney <jeffm@suse.com>
commit d4e329de5e5e21594df2e0dd59da9acee71f133b upstream.
btrfs_trim_fs iterates over the fs_devices->alloc_list while holding the
device_list_mutex. The problem is that ->alloc_list is protected by the
chunk mutex. We don't want to hold the chunk mutex over the trim of the
entire file system. Fortunately, the ->dev_list list is protected by
the dev_list mutex and while it will give us all devices, including
read-only devices, we already just skip the read-only devices. Then we
can continue to take and release the chunk mutex while scanning each
device.
Fixes: 499f377f49f ("btrfs: iterate over unused chunk space in FITRIM")
CC: stable@vger.kernel.org # 4.4+
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/extent-tree.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/fs/btrfs/extent-tree.c
+++ b/fs/btrfs/extent-tree.c
@@ -10920,8 +10920,8 @@ int btrfs_trim_fs(struct btrfs_fs_info *
"failed to trim %llu block group(s), last error %d",
bg_failed, bg_ret);
mutex_lock(&fs_info->fs_devices->device_list_mutex);
- devices = &fs_info->fs_devices->alloc_list;
- list_for_each_entry(device, devices, dev_alloc_list) {
+ devices = &fs_info->fs_devices->devices;
+ list_for_each_entry(device, devices, dev_list) {
ret = btrfs_trim_free_extents(device, range->minlen,
&group_trimmed);
if (ret) {
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 334/361] btrfs: dont attempt to trim devices that dont support it
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (332 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 333/361] btrfs: iterate all devices during trim, instead of fs_devices::alloc_list Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 335/361] btrfs: keep trim from interfering with transaction commits Greg Kroah-Hartman
` (29 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jeff Mahoney, David Sterba
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jeff Mahoney <jeffm@suse.com>
commit 0be88e367fd8fbdb45257615d691f4675dda062f upstream.
We check whether any device the file system is using supports discard in
the ioctl call, but then we attempt to trim free extents on every device
regardless of whether discard is supported. Due to the way we mask off
EOPNOTSUPP, we can end up issuing the trim operations on each free range
on devices that don't support it, just wasting time.
Fixes: 499f377f49f08 ("btrfs: iterate over unused chunk space in FITRIM")
CC: stable@vger.kernel.org # 4.4+
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/extent-tree.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/fs/btrfs/extent-tree.c
+++ b/fs/btrfs/extent-tree.c
@@ -10789,6 +10789,10 @@ static int btrfs_trim_free_extents(struc
*trimmed = 0;
+ /* Discard not supported = nothing to do. */
+ if (!blk_queue_discard(bdev_get_queue(device->bdev)))
+ return 0;
+
/* Not writeable = nothing to do. */
if (!test_bit(BTRFS_DEV_STATE_WRITEABLE, &device->dev_state))
return 0;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 335/361] btrfs: keep trim from interfering with transaction commits
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (333 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 334/361] btrfs: dont attempt to trim devices that dont support it Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 336/361] btrfs: wait on caching when putting the bg cache Greg Kroah-Hartman
` (28 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jeff Mahoney, David Sterba
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jeff Mahoney <jeffm@suse.com>
commit fee7acc361314df6561208c2d3c0882d663dd537 upstream.
Commit 499f377f49f08 (btrfs: iterate over unused chunk space in FITRIM)
fixed free space trimming, but introduced latency when it was running.
This is due to it pinning the transaction using both a incremented
refcount and holding the commit root sem for the duration of a single
trim operation.
This was to ensure safety but it's unnecessary. We already hold the the
chunk mutex so we know that the chunk we're using can't be allocated
while we're trimming it.
In order to check against chunks allocated already in this transaction,
we need to check the pending chunks list. To to that safely without
joining the transaction (or attaching than then having to commit it) we
need to ensure that the dev root's commit root doesn't change underneath
us and the pending chunk lists stays around until we're done with it.
We can ensure the former by holding the commit root sem and the latter
by pinning the transaction. We do this now, but the critical section
covers the trim operation itself and we don't need to do that.
This patch moves the pinning and unpinning logic into helpers and unpins
the transaction after performing the search and check for pending
chunks.
Limiting the critical section of the transaction pinning improves the
latency substantially on slower storage (e.g. image files over NFS).
Fixes: 499f377f49f08 ("btrfs: iterate over unused chunk space in FITRIM")
CC: stable@vger.kernel.org # 4.4+
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/extent-tree.c | 25 +++++++++++++++++--------
1 file changed, 17 insertions(+), 8 deletions(-)
--- a/fs/btrfs/extent-tree.c
+++ b/fs/btrfs/extent-tree.c
@@ -10772,14 +10772,16 @@ int btrfs_error_unpin_extent_range(struc
* We don't want a transaction for this since the discard may take a
* substantial amount of time. We don't require that a transaction be
* running, but we do need to take a running transaction into account
- * to ensure that we're not discarding chunks that were released in
- * the current transaction.
+ * to ensure that we're not discarding chunks that were released or
+ * allocated in the current transaction.
*
* Holding the chunks lock will prevent other threads from allocating
* or releasing chunks, but it won't prevent a running transaction
* from committing and releasing the memory that the pending chunks
* list head uses. For that, we need to take a reference to the
- * transaction.
+ * transaction and hold the commit root sem. We only need to hold
+ * it while performing the free space search since we have already
+ * held back allocations.
*/
static int btrfs_trim_free_extents(struct btrfs_device *device,
u64 minlen, u64 *trimmed)
@@ -10810,9 +10812,13 @@ static int btrfs_trim_free_extents(struc
ret = mutex_lock_interruptible(&fs_info->chunk_mutex);
if (ret)
- return ret;
+ break;
- down_read(&fs_info->commit_root_sem);
+ ret = down_read_killable(&fs_info->commit_root_sem);
+ if (ret) {
+ mutex_unlock(&fs_info->chunk_mutex);
+ break;
+ }
spin_lock(&fs_info->trans_lock);
trans = fs_info->running_transaction;
@@ -10820,13 +10826,17 @@ static int btrfs_trim_free_extents(struc
refcount_inc(&trans->use_count);
spin_unlock(&fs_info->trans_lock);
+ if (!trans)
+ up_read(&fs_info->commit_root_sem);
+
ret = find_free_dev_extent_start(trans, device, minlen, start,
&start, &len);
- if (trans)
+ if (trans) {
+ up_read(&fs_info->commit_root_sem);
btrfs_put_transaction(trans);
+ }
if (ret) {
- up_read(&fs_info->commit_root_sem);
mutex_unlock(&fs_info->chunk_mutex);
if (ret == -ENOSPC)
ret = 0;
@@ -10834,7 +10844,6 @@ static int btrfs_trim_free_extents(struc
}
ret = btrfs_issue_discard(device->bdev, start, len, &bytes);
- up_read(&fs_info->commit_root_sem);
mutex_unlock(&fs_info->chunk_mutex);
if (ret)
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 336/361] btrfs: wait on caching when putting the bg cache
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (334 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 335/361] btrfs: keep trim from interfering with transaction commits Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 337/361] Btrfs: dont clean dirty pages during buffered writes Greg Kroah-Hartman
` (27 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Josef Bacik, Omar Sandoval, David Sterba
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Josef Bacik <josef@toxicpanda.com>
commit 3aa7c7a31c26321696b92841d5103461c6f3f517 upstream.
While testing my backport I noticed there was a panic if I ran
generic/416 generic/417 generic/418 all in a row. This just happened to
uncover a race where we had outstanding IO after we destroy all of our
workqueues, and then we'd go to queue the endio work on those free'd
workqueues.
This is because we aren't waiting for the caching threads to be done
before freeing everything up, so to fix this make sure we wait on any
outstanding caching that's being done before we free up the block group,
so we're sure to be done with all IO by the time we get to
btrfs_stop_all_workers(). This fixes the panic I was seeing
consistently in testing.
------------[ cut here ]------------
kernel BUG at fs/btrfs/volumes.c:6112!
SMP PTI
Modules linked in:
CPU: 1 PID: 27165 Comm: kworker/u4:7 Not tainted 4.16.0-02155-g3553e54a578d-dirty #875
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014
Workqueue: btrfs-cache btrfs_cache_helper
RIP: 0010:btrfs_map_bio+0x346/0x370
RSP: 0000:ffffc900061e79d0 EFLAGS: 00010202
RAX: 0000000000000000 RBX: ffff880071542e00 RCX: 0000000000533000
RDX: ffff88006bb74380 RSI: 0000000000000008 RDI: ffff880078160000
RBP: 0000000000000001 R08: ffff8800781cd200 R09: 0000000000503000
R10: ffff88006cd21200 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: ffff8800781cd200 R15: ffff880071542e00
FS: 0000000000000000(0000) GS:ffff88007fd00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000817ffc4 CR3: 0000000078314000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
btree_submit_bio_hook+0x8a/0xd0
submit_one_bio+0x5d/0x80
read_extent_buffer_pages+0x18a/0x320
btree_read_extent_buffer_pages+0xbc/0x200
? alloc_extent_buffer+0x359/0x3e0
read_tree_block+0x3d/0x60
read_block_for_search.isra.30+0x1a5/0x360
btrfs_search_slot+0x41b/0xa10
btrfs_next_old_leaf+0x212/0x470
caching_thread+0x323/0x490
normal_work_helper+0xc5/0x310
process_one_work+0x141/0x340
worker_thread+0x44/0x3c0
kthread+0xf8/0x130
? process_one_work+0x340/0x340
? kthread_bind+0x10/0x10
ret_from_fork+0x35/0x40
RIP: btrfs_map_bio+0x346/0x370 RSP: ffffc900061e79d0
---[ end trace 827eb13e50846033 ]---
Kernel panic - not syncing: Fatal exception
Kernel Offset: disabled
---[ end Kernel panic - not syncing: Fatal exception
CC: stable@vger.kernel.org # 4.4+
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: Omar Sandoval <osandov@fb.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/extent-tree.c | 1 +
1 file changed, 1 insertion(+)
--- a/fs/btrfs/extent-tree.c
+++ b/fs/btrfs/extent-tree.c
@@ -9632,6 +9632,7 @@ void btrfs_put_block_group_cache(struct
block_group = btrfs_lookup_first_block_group(info, last);
while (block_group) {
+ wait_block_group_cache_done(block_group);
spin_lock(&block_group->lock);
if (block_group->iref)
break;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 337/361] Btrfs: dont clean dirty pages during buffered writes
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (335 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 336/361] btrfs: wait on caching when putting the bg cache Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 338/361] btrfs: release metadata before running delayed refs Greg Kroah-Hartman
` (26 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Chris Mason, David Sterba
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chris Mason <clm@fb.com>
commit 7703bdd8d23e6ef057af3253958a793ec6066b28 upstream.
During buffered writes, we follow this basic series of steps:
again:
lock all the pages
wait for writeback on all the pages
Take the extent range lock
wait for ordered extents on the whole range
clean all the pages
if (copy_from_user_in_atomic() hits a fault) {
drop our locks
goto again;
}
dirty all the pages
release all the locks
The extra waiting, cleaning and locking are there to make sure we don't
modify pages in flight to the drive, after they've been crc'd.
If some of the pages in the range were already dirty when the write
began, and we need to goto again, we create a window where a dirty page
has been cleaned and unlocked. It may be reclaimed before we're able to
lock it again, which means we'll read the old contents off the drive and
lose any modifications that had been pending writeback.
We don't actually need to clean the pages. All of the other locking in
place makes sure we don't start IO on the pages, so we can just leave
them dirty for the duration of the write.
Fixes: 73d59314e6ed (the original btrfs merge)
CC: stable@vger.kernel.org # v4.4+
Signed-off-by: Chris Mason <clm@fb.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/file.c | 29 +++++++++++++++++++++++------
1 file changed, 23 insertions(+), 6 deletions(-)
--- a/fs/btrfs/file.c
+++ b/fs/btrfs/file.c
@@ -531,6 +531,14 @@ int btrfs_dirty_pages(struct inode *inod
end_of_last_block = start_pos + num_bytes - 1;
+ /*
+ * The pages may have already been dirty, clear out old accounting so
+ * we can set things up properly
+ */
+ clear_extent_bit(&BTRFS_I(inode)->io_tree, start_pos, end_of_last_block,
+ EXTENT_DIRTY | EXTENT_DELALLOC |
+ EXTENT_DO_ACCOUNTING | EXTENT_DEFRAG, 0, 0, cached);
+
if (!btrfs_is_free_space_inode(BTRFS_I(inode))) {
if (start_pos >= isize &&
!(BTRFS_I(inode)->flags & BTRFS_INODE_PREALLOC)) {
@@ -1500,18 +1508,27 @@ lock_and_cleanup_extent_if_need(struct b
}
if (ordered)
btrfs_put_ordered_extent(ordered);
- clear_extent_bit(&inode->io_tree, start_pos, last_pos,
- EXTENT_DIRTY | EXTENT_DELALLOC |
- EXTENT_DO_ACCOUNTING | EXTENT_DEFRAG,
- 0, 0, cached_state);
+
*lockstart = start_pos;
*lockend = last_pos;
ret = 1;
}
+ /*
+ * It's possible the pages are dirty right now, but we don't want
+ * to clean them yet because copy_from_user may catch a page fault
+ * and we might have to fall back to one page at a time. If that
+ * happens, we'll unlock these pages and we'd have a window where
+ * reclaim could sneak in and drop the once-dirty page on the floor
+ * without writing it.
+ *
+ * We have the pages locked and the extent range locked, so there's
+ * no way someone can start IO on any dirty pages in this range.
+ *
+ * We'll call btrfs_dirty_pages() later on, and that will flip around
+ * delalloc bits and dirty the pages as required.
+ */
for (i = 0; i < num_pages; i++) {
- if (clear_page_dirty_for_io(pages[i]))
- account_page_redirty(pages[i]);
set_page_extent_mapped(pages[i]);
WARN_ON(!PageLocked(pages[i]));
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 338/361] btrfs: release metadata before running delayed refs
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (336 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 337/361] Btrfs: dont clean dirty pages during buffered writes Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 339/361] btrfs: protect space cache inode alloc with GFP_NOFS Greg Kroah-Hartman
` (25 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Omar Sandoval, Liu Bo,
Nikolay Borisov, Josef Bacik, David Sterba
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Josef Bacik <josef@toxicpanda.com>
commit f45c752b65af46bf42963295c332865d95f97fff upstream.
We want to release the unused reservation we have since it refills the
delayed refs reserve, which will make everything go smoother when
running the delayed refs if we're short on our reservation.
CC: stable@vger.kernel.org # 4.4+
Reviewed-by: Omar Sandoval <osandov@fb.com>
Reviewed-by: Liu Bo <bo.liu@linux.alibaba.com>
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/transaction.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/fs/btrfs/transaction.c
+++ b/fs/btrfs/transaction.c
@@ -1929,6 +1929,9 @@ int btrfs_commit_transaction(struct btrf
return ret;
}
+ btrfs_trans_release_metadata(trans);
+ trans->block_rsv = NULL;
+
/* make a pass through all the delayed refs we have so far
* any runnings procs may add more while we are here
*/
@@ -1938,9 +1941,6 @@ int btrfs_commit_transaction(struct btrf
return ret;
}
- btrfs_trans_release_metadata(trans);
- trans->block_rsv = NULL;
-
cur_trans = trans->transaction;
/*
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 339/361] btrfs: protect space cache inode alloc with GFP_NOFS
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (337 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 338/361] btrfs: release metadata before running delayed refs Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 340/361] btrfs: reset max_extent_size on clear in a bitmap Greg Kroah-Hartman
` (24 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Omar Sandoval, Josef Bacik, David Sterba
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Josef Bacik <josef@toxicpanda.com>
commit 84de76a2fb217dc1b6bc2965cc397d1648aa1404 upstream.
If we're allocating a new space cache inode it's likely going to be
under a transaction handle, so we need to use memalloc_nofs_save() in
order to avoid deadlocks, and more importantly lockdep messages that
make xfstests fail.
CC: stable@vger.kernel.org # 4.4+
Reviewed-by: Omar Sandoval <osandov@fb.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/free-space-cache.c | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/fs/btrfs/free-space-cache.c
+++ b/fs/btrfs/free-space-cache.c
@@ -10,6 +10,7 @@
#include <linux/math64.h>
#include <linux/ratelimit.h>
#include <linux/error-injection.h>
+#include <linux/sched/mm.h>
#include "ctree.h"
#include "free-space-cache.h"
#include "transaction.h"
@@ -47,6 +48,7 @@ static struct inode *__lookup_free_space
struct btrfs_free_space_header *header;
struct extent_buffer *leaf;
struct inode *inode = NULL;
+ unsigned nofs_flag;
int ret;
key.objectid = BTRFS_FREE_SPACE_OBJECTID;
@@ -68,7 +70,13 @@ static struct inode *__lookup_free_space
btrfs_disk_key_to_cpu(&location, &disk_key);
btrfs_release_path(path);
+ /*
+ * We are often under a trans handle at this point, so we need to make
+ * sure NOFS is set to keep us from deadlocking.
+ */
+ nofs_flag = memalloc_nofs_save();
inode = btrfs_iget(fs_info->sb, &location, root, NULL);
+ memalloc_nofs_restore(nofs_flag);
if (IS_ERR(inode))
return inode;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 340/361] btrfs: reset max_extent_size on clear in a bitmap
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (338 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 339/361] btrfs: protect space cache inode alloc with GFP_NOFS Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 341/361] btrfs: make sure we create all new block groups Greg Kroah-Hartman
` (23 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liu Bo, Josef Bacik, David Sterba
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Josef Bacik <jbacik@fb.com>
commit 553cceb49681d60975d00892877d4c871bf220f9 upstream.
We need to clear the max_extent_size when we clear bits from a bitmap
since it could have been from the range that contains the
max_extent_size.
CC: stable@vger.kernel.org # 4.4+
Reviewed-by: Liu Bo <bo.liu@linux.alibaba.com>
Signed-off-by: Josef Bacik <jbacik@fb.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/free-space-cache.c | 2 ++
1 file changed, 2 insertions(+)
--- a/fs/btrfs/free-space-cache.c
+++ b/fs/btrfs/free-space-cache.c
@@ -1687,6 +1687,8 @@ static inline void __bitmap_clear_bits(s
bitmap_clear(info->bitmap, start, count);
info->bytes -= bytes;
+ if (info->max_extent_size > ctl->unit)
+ info->max_extent_size = 0;
}
static void bitmap_clear_bits(struct btrfs_free_space_ctl *ctl,
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 341/361] btrfs: make sure we create all new block groups
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (339 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 340/361] btrfs: reset max_extent_size on clear in a bitmap Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 342/361] Btrfs: fix warning when replaying log after fsync of a tmpfile Greg Kroah-Hartman
` (22 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Omar Sandoval, Liu Bo, Josef Bacik,
David Sterba
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Josef Bacik <josef@toxicpanda.com>
commit 545e3366db823dc3342ca9d7fea803f829c9062f upstream.
Allocating new chunks modifies both the extent and chunk tree, which can
trigger new chunk allocations. So instead of doing list_for_each_safe,
just do while (!list_empty()) so we make sure we don't exit with other
pending bg's still on our list.
CC: stable@vger.kernel.org # 4.4+
Reviewed-by: Omar Sandoval <osandov@fb.com>
Reviewed-by: Liu Bo <bo.liu@linux.alibaba.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/extent-tree.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--- a/fs/btrfs/extent-tree.c
+++ b/fs/btrfs/extent-tree.c
@@ -10094,7 +10094,7 @@ error:
void btrfs_create_pending_block_groups(struct btrfs_trans_handle *trans)
{
struct btrfs_fs_info *fs_info = trans->fs_info;
- struct btrfs_block_group_cache *block_group, *tmp;
+ struct btrfs_block_group_cache *block_group;
struct btrfs_root *extent_root = fs_info->extent_root;
struct btrfs_block_group_item item;
struct btrfs_key key;
@@ -10102,7 +10102,10 @@ void btrfs_create_pending_block_groups(s
bool can_flush_pending_bgs = trans->can_flush_pending_bgs;
trans->can_flush_pending_bgs = false;
- list_for_each_entry_safe(block_group, tmp, &trans->new_bgs, bg_list) {
+ while (!list_empty(&trans->new_bgs)) {
+ block_group = list_first_entry(&trans->new_bgs,
+ struct btrfs_block_group_cache,
+ bg_list);
if (ret)
goto next;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 342/361] Btrfs: fix warning when replaying log after fsync of a tmpfile
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (340 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 341/361] btrfs: make sure we create all new block groups Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 343/361] Btrfs: fix wrong dentries after fsync of file that got its parent replaced Greg Kroah-Hartman
` (21 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Martin Steigerwald, Filipe Manana,
David Sterba
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Filipe Manana <fdmanana@suse.com>
commit f2d72f42d5fa3bf33761d9e47201745f624fcff5 upstream.
When replaying a log which contains a tmpfile (which necessarily has a
link count of 0) we end up calling inc_nlink(), at
fs/btrfs/tree-log.c:replay_one_buffer(), which produces a warning like
the following:
[195191.943673] WARNING: CPU: 0 PID: 6924 at fs/inode.c:342 inc_nlink+0x33/0x40
[195191.943723] CPU: 0 PID: 6924 Comm: mount Not tainted 4.19.0-rc6-btrfs-next-38 #1
[195191.943724] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.11.2-0-gf9626ccb91-prebuilt.qemu-project.org 04/01/2014
[195191.943726] RIP: 0010:inc_nlink+0x33/0x40
[195191.943728] RSP: 0018:ffffb96e425e3870 EFLAGS: 00010246
[195191.943730] RAX: 0000000000000000 RBX: ffff8c0d1e6af4f0 RCX: 0000000000000006
[195191.943731] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8c0d1e6af4f0
[195191.943731] RBP: 0000000000000097 R08: 0000000000000001 R09: 0000000000000000
[195191.943732] R10: 0000000000000000 R11: 0000000000000000 R12: ffffb96e425e3a60
[195191.943733] R13: ffff8c0d10cff0c8 R14: ffff8c0d0d515348 R15: ffff8c0d78a1b3f8
[195191.943735] FS: 00007f570ee24480(0000) GS:ffff8c0dfb200000(0000) knlGS:0000000000000000
[195191.943736] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[195191.943737] CR2: 00005593286277c8 CR3: 00000000bb8f2006 CR4: 00000000003606f0
[195191.943739] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[195191.943740] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[195191.943741] Call Trace:
[195191.943778] replay_one_buffer+0x797/0x7d0 [btrfs]
[195191.943802] walk_up_log_tree+0x1c1/0x250 [btrfs]
[195191.943809] ? rcu_read_lock_sched_held+0x3f/0x70
[195191.943825] walk_log_tree+0xae/0x1d0 [btrfs]
[195191.943840] btrfs_recover_log_trees+0x1d7/0x4d0 [btrfs]
[195191.943856] ? replay_dir_deletes+0x280/0x280 [btrfs]
[195191.943870] open_ctree+0x1c3b/0x22a0 [btrfs]
[195191.943887] btrfs_mount_root+0x6b4/0x800 [btrfs]
[195191.943894] ? rcu_read_lock_sched_held+0x3f/0x70
[195191.943899] ? pcpu_alloc+0x55b/0x7c0
[195191.943906] ? mount_fs+0x3b/0x140
[195191.943908] mount_fs+0x3b/0x140
[195191.943912] ? __init_waitqueue_head+0x36/0x50
[195191.943916] vfs_kern_mount+0x62/0x160
[195191.943927] btrfs_mount+0x134/0x890 [btrfs]
[195191.943936] ? rcu_read_lock_sched_held+0x3f/0x70
[195191.943938] ? pcpu_alloc+0x55b/0x7c0
[195191.943943] ? mount_fs+0x3b/0x140
[195191.943952] ? btrfs_remount+0x570/0x570 [btrfs]
[195191.943954] mount_fs+0x3b/0x140
[195191.943956] ? __init_waitqueue_head+0x36/0x50
[195191.943960] vfs_kern_mount+0x62/0x160
[195191.943963] do_mount+0x1f9/0xd40
[195191.943967] ? memdup_user+0x4b/0x70
[195191.943971] ksys_mount+0x7e/0xd0
[195191.943974] __x64_sys_mount+0x21/0x30
[195191.943977] do_syscall_64+0x60/0x1b0
[195191.943980] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[195191.943983] RIP: 0033:0x7f570e4e524a
[195191.943986] RSP: 002b:00007ffd83589478 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[195191.943989] RAX: ffffffffffffffda RBX: 0000563f335b2060 RCX: 00007f570e4e524a
[195191.943990] RDX: 0000563f335b2240 RSI: 0000563f335b2280 RDI: 0000563f335b2260
[195191.943992] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000020
[195191.943993] R10: 00000000c0ed0000 R11: 0000000000000206 R12: 0000563f335b2260
[195191.943994] R13: 0000563f335b2240 R14: 0000000000000000 R15: 00000000ffffffff
[195191.944002] irq event stamp: 8688
[195191.944010] hardirqs last enabled at (8687): [<ffffffff9cb004c3>] console_unlock+0x503/0x640
[195191.944012] hardirqs last disabled at (8688): [<ffffffff9ca037dd>] trace_hardirqs_off_thunk+0x1a/0x1c
[195191.944018] softirqs last enabled at (8638): [<ffffffff9cc0a5d1>] __set_page_dirty_nobuffers+0x101/0x150
[195191.944020] softirqs last disabled at (8634): [<ffffffff9cc26bbe>] wb_wakeup_delayed+0x2e/0x60
[195191.944022] ---[ end trace 5d6e873a9a0b811a ]---
This happens because the inode does not have the flag I_LINKABLE set,
which is a runtime only flag, not meant to be persisted, set when the
inode is created through open(2) if the flag O_EXCL is not passed to it.
Except for the warning, there are no other consequences (like corruptions
or metadata inconsistencies).
Since it's pointless to replay a tmpfile as it would be deleted in a
later phase of the log replay procedure (it has a link count of 0), fix
this by not logging tmpfiles and if a tmpfile is found in a log (created
by a kernel without this change), skip the replay of the inode.
A test case for fstests follows soon.
Fixes: 471d557afed1 ("Btrfs: fix loss of prealloc extents past i_size after fsync log replay")
CC: stable@vger.kernel.org # 4.18+
Reported-by: Martin Steigerwald <martin@lichtvoll.de>
Link: https://lore.kernel.org/linux-btrfs/3666619.NTnn27ZJZE@merkaba/
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/tree-log.c | 42 ++++++++++++++++++++++++++++++++----------
1 file changed, 32 insertions(+), 10 deletions(-)
--- a/fs/btrfs/tree-log.c
+++ b/fs/btrfs/tree-log.c
@@ -258,6 +258,13 @@ struct walk_control {
/* what stage of the replay code we're currently in */
int stage;
+ /*
+ * Ignore any items from the inode currently being processed. Needs
+ * to be set every time we find a BTRFS_INODE_ITEM_KEY and we are in
+ * the LOG_WALK_REPLAY_INODES stage.
+ */
+ bool ignore_cur_inode;
+
/* the root we are currently replaying */
struct btrfs_root *replay_dest;
@@ -2487,6 +2494,20 @@ static int replay_one_buffer(struct btrf
inode_item = btrfs_item_ptr(eb, i,
struct btrfs_inode_item);
+ /*
+ * If we have a tmpfile (O_TMPFILE) that got fsync'ed
+ * and never got linked before the fsync, skip it, as
+ * replaying it is pointless since it would be deleted
+ * later. We skip logging tmpfiles, but it's always
+ * possible we are replaying a log created with a kernel
+ * that used to log tmpfiles.
+ */
+ if (btrfs_inode_nlink(eb, inode_item) == 0) {
+ wc->ignore_cur_inode = true;
+ continue;
+ } else {
+ wc->ignore_cur_inode = false;
+ }
ret = replay_xattr_deletes(wc->trans, root, log,
path, key.objectid);
if (ret)
@@ -2524,16 +2545,8 @@ static int replay_one_buffer(struct btrf
root->fs_info->sectorsize);
ret = btrfs_drop_extents(wc->trans, root, inode,
from, (u64)-1, 1);
- /*
- * If the nlink count is zero here, the iput
- * will free the inode. We bump it to make
- * sure it doesn't get freed until the link
- * count fixup is done.
- */
if (!ret) {
- if (inode->i_nlink == 0)
- inc_nlink(inode);
- /* Update link count and nbytes. */
+ /* Update the inode's nbytes. */
ret = btrfs_update_inode(wc->trans,
root, inode);
}
@@ -2548,6 +2561,9 @@ static int replay_one_buffer(struct btrf
break;
}
+ if (wc->ignore_cur_inode)
+ continue;
+
if (key.type == BTRFS_DIR_INDEX_KEY &&
wc->stage == LOG_WALK_REPLAY_DIR_INDEX) {
ret = replay_one_dir_item(wc->trans, root, path,
@@ -5643,7 +5659,13 @@ static int btrfs_log_inode_parent(struct
if (ret)
goto end_no_trans;
- if (btrfs_inode_in_log(inode, trans->transid)) {
+ /*
+ * Skip already logged inodes or inodes corresponding to tmpfiles
+ * (since logging them is pointless, a link count of 0 means they
+ * will never be accessible).
+ */
+ if (btrfs_inode_in_log(inode, trans->transid) ||
+ inode->vfs_inode.i_nlink == 0) {
ret = BTRFS_NO_LOG_SYNC;
goto end_no_trans;
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 343/361] Btrfs: fix wrong dentries after fsync of file that got its parent replaced
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (341 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 342/361] Btrfs: fix warning when replaying log after fsync of a tmpfile Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 344/361] btrfs: qgroup: Dirty all qgroups before rescan Greg Kroah-Hartman
` (20 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Filipe Manana, David Sterba
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Filipe Manana <fdmanana@suse.com>
commit 0f375eed92b5a407657532637ed9652611a682f5 upstream.
In a scenario like the following:
mkdir /mnt/A # inode 258
mkdir /mnt/B # inode 259
touch /mnt/B/bar # inode 260
sync
mv /mnt/B/bar /mnt/A/bar
mv -T /mnt/A /mnt/B
fsync /mnt/B/bar
<power fail>
After replaying the log we end up with file bar having 2 hard links, both
with the name 'bar' and one in the directory with inode number 258 and the
other in the directory with inode number 259. Also, we end up with the
directory inode 259 still existing and with the directory inode 258 still
named as 'A', instead of 'B'. In this scenario, file 'bar' should only
have one hard link, located at directory inode 258, the directory inode
259 should not exist anymore and the name for directory inode 258 should
be 'B'.
This incorrect behaviour happens because when attempting to log the old
parents of an inode, we skip any parents that no longer exist. Fix this
by forcing a full commit if an old parent no longer exists.
A test case for fstests follows soon.
CC: stable@vger.kernel.org # 4.4+
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/tree-log.c | 30 +++++++++++++++++++++++++++---
1 file changed, 27 insertions(+), 3 deletions(-)
--- a/fs/btrfs/tree-log.c
+++ b/fs/btrfs/tree-log.c
@@ -5583,9 +5583,33 @@ static int btrfs_log_all_parents(struct
dir_inode = btrfs_iget(fs_info->sb, &inode_key,
root, NULL);
- /* If parent inode was deleted, skip it. */
- if (IS_ERR(dir_inode))
- continue;
+ /*
+ * If the parent inode was deleted, return an error to
+ * fallback to a transaction commit. This is to prevent
+ * getting an inode that was moved from one parent A to
+ * a parent B, got its former parent A deleted and then
+ * it got fsync'ed, from existing at both parents after
+ * a log replay (and the old parent still existing).
+ * Example:
+ *
+ * mkdir /mnt/A
+ * mkdir /mnt/B
+ * touch /mnt/B/bar
+ * sync
+ * mv /mnt/B/bar /mnt/A/bar
+ * mv -T /mnt/A /mnt/B
+ * fsync /mnt/B/bar
+ * <power fail>
+ *
+ * If we ignore the old parent B which got deleted,
+ * after a log replay we would have file bar linked
+ * at both parents and the old parent B would still
+ * exist.
+ */
+ if (IS_ERR(dir_inode)) {
+ ret = PTR_ERR(dir_inode);
+ goto out;
+ }
if (ctx)
ctx->log_new_dentries = false;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 344/361] btrfs: qgroup: Dirty all qgroups before rescan
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (342 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 343/361] Btrfs: fix wrong dentries after fsync of file that got its parent replaced Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 345/361] Btrfs: fix null pointer dereference on compressed write path error Greg Kroah-Hartman
` (19 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Misono Tomohiro, Qu Wenruo, David Sterba
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Qu Wenruo <wqu@suse.com>
commit 9c7b0c2e8dbfbcd80a71e2cbfe02704f26c185c6 upstream.
[BUG]
In the following case, rescan won't zero out the number of qgroup 1/0:
$ mkfs.btrfs -fq $DEV
$ mount $DEV /mnt
$ btrfs quota enable /mnt
$ btrfs qgroup create 1/0 /mnt
$ btrfs sub create /mnt/sub
$ btrfs qgroup assign 0/257 1/0 /mnt
$ dd if=/dev/urandom of=/mnt/sub/file bs=1k count=1000
$ btrfs sub snap /mnt/sub /mnt/snap
$ btrfs quota rescan -w /mnt
$ btrfs qgroup show -pcre /mnt
qgroupid rfer excl max_rfer max_excl parent child
-------- ---- ---- -------- -------- ------ -----
0/5 16.00KiB 16.00KiB none none --- ---
0/257 1016.00KiB 16.00KiB none none 1/0 ---
0/258 1016.00KiB 16.00KiB none none --- ---
1/0 1016.00KiB 16.00KiB none none --- 0/257
So far so good, but:
$ btrfs qgroup remove 0/257 1/0 /mnt
WARNING: quotas may be inconsistent, rescan needed
$ btrfs quota rescan -w /mnt
$ btrfs qgroup show -pcre /mnt
qgoupid rfer excl max_rfer max_excl parent child
-------- ---- ---- -------- -------- ------ -----
0/5 16.00KiB 16.00KiB none none --- ---
0/257 1016.00KiB 16.00KiB none none --- ---
0/258 1016.00KiB 16.00KiB none none --- ---
1/0 1016.00KiB 16.00KiB none none --- ---
^^^^^^^^^^ ^^^^^^^^ not cleared
[CAUSE]
Before rescan we call qgroup_rescan_zero_tracking() to zero out all
qgroups' accounting numbers.
However we don't mark all qgroups dirty, but rely on rescan to do so.
If we have any high level qgroup without children, it won't be marked
dirty during rescan, since we cannot reach that qgroup.
This will cause QGROUP_INFO items of childless qgroups never get updated
in the quota tree, thus their numbers will stay the same in "btrfs
qgroup show" output.
[FIX]
Just mark all qgroups dirty in qgroup_rescan_zero_tracking(), so even if
we have childless qgroups, their QGROUP_INFO items will still get
updated during rescan.
Reported-by: Misono Tomohiro <misono.tomohiro@jp.fujitsu.com>
CC: stable@vger.kernel.org # 4.4+
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: Misono Tomohiro <misono.tomohiro@jp.fujitsu.com>
Tested-by: Misono Tomohiro <misono.tomohiro@jp.fujitsu.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/qgroup.c | 1 +
1 file changed, 1 insertion(+)
--- a/fs/btrfs/qgroup.c
+++ b/fs/btrfs/qgroup.c
@@ -2897,6 +2897,7 @@ qgroup_rescan_zero_tracking(struct btrfs
qgroup->rfer_cmpr = 0;
qgroup->excl = 0;
qgroup->excl_cmpr = 0;
+ qgroup_dirty(fs_info, qgroup);
}
spin_unlock(&fs_info->qgroup_lock);
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 345/361] Btrfs: fix null pointer dereference on compressed write path error
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (343 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 344/361] btrfs: qgroup: Dirty all qgroups before rescan Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 346/361] Btrfs: fix assertion on fsync of regular file when using no-holes feature Greg Kroah-Hartman
` (18 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liu Bo, Filipe Manana, David Sterba
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Filipe Manana <fdmanana@suse.com>
commit 3527a018c00e5dbada2f9d7ed5576437b6dd5cfb upstream.
At inode.c:compress_file_range(), under the "free_pages_out" label, we can
end up dereferencing the "pages" pointer when it has a NULL value. This
case happens when "start" has a value of 0 and we fail to allocate memory
for the "pages" pointer. When that happens we jump to the "cont" label and
then enter the "if (start == 0)" branch where we immediately call the
cow_file_range_inline() function. If that function returns 0 (success
creating an inline extent) or an error (like -ENOMEM for example) we jump
to the "free_pages_out" label and then access "pages[i]" leading to a NULL
pointer dereference, since "nr_pages" has a value greater than zero at
that point.
Fix this by setting "nr_pages" to 0 when we fail to allocate memory for
the "pages" pointer.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=201119
Fixes: 771ed689d2cd ("Btrfs: Optimize compressed writeback and reads")
CC: stable@vger.kernel.org # 4.4+
Reviewed-by: Liu Bo <bo.liu@linux.alibaba.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/inode.c | 1 +
1 file changed, 1 insertion(+)
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -503,6 +503,7 @@ again:
pages = kcalloc(nr_pages, sizeof(struct page *), GFP_NOFS);
if (!pages) {
/* just bail out to the uncompressed code */
+ nr_pages = 0;
goto cont;
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 346/361] Btrfs: fix assertion on fsync of regular file when using no-holes feature
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (344 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 345/361] Btrfs: fix null pointer dereference on compressed write path error Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 347/361] Btrfs: fix deadlock when writing out free space caches Greg Kroah-Hartman
` (17 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Anatoly Trosinenko, Filipe Manana,
David Sterba
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Filipe Manana <fdmanana@suse.com>
commit 7ed586d0a8241e81d58c656c5b315f781fa6fc97 upstream.
When using the NO_HOLES feature and logging a regular file, we were
expecting that if we find an inline extent, that either its size in RAM
(uncompressed and unenconded) matches the size of the file or if it does
not, that it matches the sector size and it represents compressed data.
This assertion does not cover a case where the length of the inline extent
is smaller than the sector size and also smaller the file's size, such
case is possible through fallocate. Example:
$ mkfs.btrfs -f -O no-holes /dev/sdb
$ mount /dev/sdb /mnt
$ xfs_io -f -c "pwrite -S 0xb60 0 21" /mnt/foobar
$ xfs_io -c "falloc 40 40" /mnt/foobar
$ xfs_io -c "fsync" /mnt/foobar
In the above example we trigger the assertion because the inline extent's
length is 21 bytes while the file size is 80 bytes. The fallocate() call
merely updated the file's size and did not touch the existing inline
extent, as expected.
So fix this by adjusting the assertion so that an inline extent length
smaller than the file size is valid if the file size is smaller than the
filesystem's sector size.
A test case for fstests follows soon.
Reported-by: Anatoly Trosinenko <anatoly.trosinenko@gmail.com>
Fixes: a89ca6f24ffe ("Btrfs: fix fsync after truncate when no_holes feature is enabled")
CC: stable@vger.kernel.org # 4.14+
Link: https://lore.kernel.org/linux-btrfs/CAE5jQCfRSBC7n4pUTFJcmHh109=gwyT9mFkCOL+NKfzswmR=_Q@mail.gmail.com/
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/tree-log.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/fs/btrfs/tree-log.c
+++ b/fs/btrfs/tree-log.c
@@ -4655,7 +4655,8 @@ static int btrfs_log_trailing_hole(struc
ASSERT(len == i_size ||
(len == fs_info->sectorsize &&
btrfs_file_extent_compression(leaf, extent) !=
- BTRFS_COMPRESS_NONE));
+ BTRFS_COMPRESS_NONE) ||
+ (len < i_size && i_size < fs_info->sectorsize));
return 0;
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 347/361] Btrfs: fix deadlock when writing out free space caches
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (345 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 346/361] Btrfs: fix assertion on fsync of regular file when using no-holes feature Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 348/361] btrfs: reset max_extent_size properly Greg Kroah-Hartman
` (16 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, E V, Josef Bacik, Filipe Manana,
David Sterba
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Filipe Manana <fdmanana@suse.com>
commit 5ce555578e0919237fa4bda92b4670e2dd176f85 upstream.
When writing out a block group free space cache we can end deadlocking
with ourselves on an extent buffer lock resulting in a warning like the
following:
[245043.379979] WARNING: CPU: 4 PID: 2608 at fs/btrfs/locking.c:251 btrfs_tree_lock+0x1be/0x1d0 [btrfs]
[245043.392792] CPU: 4 PID: 2608 Comm: btrfs-transacti Tainted: G
W I 4.16.8 #1
[245043.395489] RIP: 0010:btrfs_tree_lock+0x1be/0x1d0 [btrfs]
[245043.396791] RSP: 0018:ffffc9000424b840 EFLAGS: 00010246
[245043.398093] RAX: 0000000000000a30 RBX: ffff8807e20a3d20 RCX: 0000000000000001
[245043.399414] RDX: 0000000000000001 RSI: 0000000000000002 RDI: ffff8807e20a3d20
[245043.400732] RBP: 0000000000000001 R08: ffff88041f39a700 R09: ffff880000000000
[245043.402021] R10: 0000000000000040 R11: ffff8807e20a3d20 R12: ffff8807cb220630
[245043.403296] R13: 0000000000000001 R14: ffff8807cb220628 R15: ffff88041fbdf000
[245043.404780] FS: 0000000000000000(0000) GS:ffff88082fc80000(0000) knlGS:0000000000000000
[245043.406050] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[245043.407321] CR2: 00007fffdbdb9f10 CR3: 0000000001c09005 CR4: 00000000000206e0
[245043.408670] Call Trace:
[245043.409977] btrfs_search_slot+0x761/0xa60 [btrfs]
[245043.411278] btrfs_insert_empty_items+0x62/0xb0 [btrfs]
[245043.412572] btrfs_insert_item+0x5b/0xc0 [btrfs]
[245043.413922] btrfs_create_pending_block_groups+0xfb/0x1e0 [btrfs]
[245043.415216] do_chunk_alloc+0x1e5/0x2a0 [btrfs]
[245043.416487] find_free_extent+0xcd0/0xf60 [btrfs]
[245043.417813] btrfs_reserve_extent+0x96/0x1e0 [btrfs]
[245043.419105] btrfs_alloc_tree_block+0xfb/0x4a0 [btrfs]
[245043.420378] __btrfs_cow_block+0x127/0x550 [btrfs]
[245043.421652] btrfs_cow_block+0xee/0x190 [btrfs]
[245043.422979] btrfs_search_slot+0x227/0xa60 [btrfs]
[245043.424279] ? btrfs_update_inode_item+0x59/0x100 [btrfs]
[245043.425538] ? iput+0x72/0x1e0
[245043.426798] write_one_cache_group.isra.49+0x20/0x90 [btrfs]
[245043.428131] btrfs_start_dirty_block_groups+0x102/0x420 [btrfs]
[245043.429419] btrfs_commit_transaction+0x11b/0x880 [btrfs]
[245043.430712] ? start_transaction+0x8e/0x410 [btrfs]
[245043.432006] transaction_kthread+0x184/0x1a0 [btrfs]
[245043.433341] kthread+0xf0/0x130
[245043.434628] ? btrfs_cleanup_transaction+0x4e0/0x4e0 [btrfs]
[245043.435928] ? kthread_create_worker_on_cpu+0x40/0x40
[245043.437236] ret_from_fork+0x1f/0x30
[245043.441054] ---[ end trace 15abaa2aaf36827f ]---
This is because at write_one_cache_group() when we are COWing a leaf from
the extent tree we end up allocating a new block group (chunk) and,
because we have hit a threshold on the number of bytes reserved for system
chunks, we attempt to finalize the creation of new block groups from the
current transaction, by calling btrfs_create_pending_block_groups().
However here we also need to modify the extent tree in order to insert
a block group item, and if the location for this new block group item
happens to be in the same leaf that we were COWing earlier, we deadlock
since btrfs_search_slot() tries to write lock the extent buffer that we
locked before at write_one_cache_group().
We have already hit similar cases in the past and commit d9a0540a79f8
("Btrfs: fix deadlock when finalizing block group creation") fixed some
of those cases by delaying the creation of pending block groups at the
known specific spots that could lead to a deadlock. This change reworks
that commit to be more generic so that we don't have to add similar logic
to every possible path that can lead to a deadlock. This is done by
making __btrfs_cow_block() disallowing the creation of new block groups
(setting the transaction's can_flush_pending_bgs to false) before it
attempts to allocate a new extent buffer for either the extent, chunk or
device trees, since those are the trees that pending block creation
modifies. Once the new extent buffer is allocated, it allows creation of
pending block groups to happen again.
This change depends on a recent patch from Josef which is not yet in
Linus' tree, named "btrfs: make sure we create all new block groups" in
order to avoid occasional warnings at btrfs_trans_release_chunk_metadata().
Fixes: d9a0540a79f8 ("Btrfs: fix deadlock when finalizing block group creation")
CC: stable@vger.kernel.org # 4.4+
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199753
Link: https://lore.kernel.org/linux-btrfs/CAJtFHUTHna09ST-_EEiyWmDH6gAqS6wa=zMNMBsifj8ABu99cw@mail.gmail.com/
Reported-by: E V <eliventer@gmail.com>
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/ctree.c | 17 +++++++++++++++++
fs/btrfs/extent-tree.c | 16 ++++++----------
2 files changed, 23 insertions(+), 10 deletions(-)
--- a/fs/btrfs/ctree.c
+++ b/fs/btrfs/ctree.c
@@ -1050,9 +1050,26 @@ static noinline int __btrfs_cow_block(st
if ((root->root_key.objectid == BTRFS_TREE_RELOC_OBJECTID) && parent)
parent_start = parent->start;
+ /*
+ * If we are COWing a node/leaf from the extent, chunk or device trees,
+ * make sure that we do not finish block group creation of pending block
+ * groups. We do this to avoid a deadlock.
+ * COWing can result in allocation of a new chunk, and flushing pending
+ * block groups (btrfs_create_pending_block_groups()) can be triggered
+ * when finishing allocation of a new chunk. Creation of a pending block
+ * group modifies the extent, chunk and device trees, therefore we could
+ * deadlock with ourselves since we are holding a lock on an extent
+ * buffer that btrfs_create_pending_block_groups() may try to COW later.
+ */
+ if (root == fs_info->extent_root ||
+ root == fs_info->chunk_root ||
+ root == fs_info->dev_root)
+ trans->can_flush_pending_bgs = false;
+
cow = btrfs_alloc_tree_block(trans, root, parent_start,
root->root_key.objectid, &disk_key, level,
search_start, empty_size);
+ trans->can_flush_pending_bgs = true;
if (IS_ERR(cow))
return PTR_ERR(cow);
--- a/fs/btrfs/extent-tree.c
+++ b/fs/btrfs/extent-tree.c
@@ -2911,7 +2911,6 @@ int btrfs_run_delayed_refs(struct btrfs_
struct btrfs_delayed_ref_head *head;
int ret;
int run_all = count == (unsigned long)-1;
- bool can_flush_pending_bgs = trans->can_flush_pending_bgs;
/* We'll clean this up in btrfs_cleanup_transaction */
if (trans->aborted)
@@ -2928,7 +2927,6 @@ again:
#ifdef SCRAMBLE_DELAYED_REFS
delayed_refs->run_delayed_start = find_middle(&delayed_refs->root);
#endif
- trans->can_flush_pending_bgs = false;
ret = __btrfs_run_delayed_refs(trans, count);
if (ret < 0) {
btrfs_abort_transaction(trans, ret);
@@ -2959,7 +2957,6 @@ again:
goto again;
}
out:
- trans->can_flush_pending_bgs = can_flush_pending_bgs;
return 0;
}
@@ -4554,11 +4551,9 @@ out:
* the block groups that were made dirty during the lifetime of the
* transaction.
*/
- if (trans->can_flush_pending_bgs &&
- trans->chunk_bytes_reserved >= (u64)SZ_2M) {
+ if (trans->chunk_bytes_reserved >= (u64)SZ_2M)
btrfs_create_pending_block_groups(trans);
- btrfs_trans_release_chunk_metadata(trans);
- }
+
return ret;
}
@@ -10099,9 +10094,10 @@ void btrfs_create_pending_block_groups(s
struct btrfs_block_group_item item;
struct btrfs_key key;
int ret = 0;
- bool can_flush_pending_bgs = trans->can_flush_pending_bgs;
- trans->can_flush_pending_bgs = false;
+ if (!trans->can_flush_pending_bgs)
+ return;
+
while (!list_empty(&trans->new_bgs)) {
block_group = list_first_entry(&trans->new_bgs,
struct btrfs_block_group_cache,
@@ -10126,7 +10122,7 @@ void btrfs_create_pending_block_groups(s
next:
list_del_init(&block_group->bg_list);
}
- trans->can_flush_pending_bgs = can_flush_pending_bgs;
+ btrfs_trans_release_chunk_metadata(trans);
}
int btrfs_make_block_group(struct btrfs_trans_handle *trans, u64 bytes_used,
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 348/361] btrfs: reset max_extent_size properly
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (346 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 347/361] Btrfs: fix deadlock when writing out free space caches Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 349/361] btrfs: set " Greg Kroah-Hartman
` (15 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Filipe Manana, Josef Bacik, David Sterba
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Josef Bacik <josef@toxicpanda.com>
commit 21a94f7acf0f748599ea552af5d9ee7d7e41c72f upstream.
If we use up our block group before allocating a new one we'll easily
get a max_extent_size that's set really really low, which will result in
a lot of fragmentation. We need to make sure we're resetting the
max_extent_size when we add a new chunk or add new space.
CC: stable@vger.kernel.org # 4.4+
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/extent-tree.c | 2 ++
1 file changed, 2 insertions(+)
--- a/fs/btrfs/extent-tree.c
+++ b/fs/btrfs/extent-tree.c
@@ -4530,6 +4530,7 @@ static int do_chunk_alloc(struct btrfs_t
goto out;
} else {
ret = 1;
+ space_info->max_extent_size = 0;
}
space_info->force_alloc = CHUNK_ALLOC_NO_FORCE;
@@ -6431,6 +6432,7 @@ static int btrfs_free_reserved_bytes(str
space_info->bytes_readonly += num_bytes;
cache->reserved -= num_bytes;
space_info->bytes_reserved -= num_bytes;
+ space_info->max_extent_size = 0;
if (delalloc)
cache->delalloc_bytes -= num_bytes;
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 349/361] btrfs: set max_extent_size properly
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (347 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 348/361] btrfs: reset max_extent_size properly Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 350/361] btrfs: dont use ctl->free_space for max_extent_size Greg Kroah-Hartman
` (14 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Josef Bacik, David Sterba
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Josef Bacik <jbacik@fb.com>
commit ad22cf6ea47fa20fbe11ac324a0a15c0a9a4a2a9 upstream.
We can't use entry->bytes if our entry is a bitmap entry, we need to use
entry->max_extent_size in that case. Fix up all the logic to make this
consistent.
CC: stable@vger.kernel.org # 4.4+
Signed-off-by: Josef Bacik <jbacik@fb.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/free-space-cache.c | 30 ++++++++++++++++++++----------
1 file changed, 20 insertions(+), 10 deletions(-)
--- a/fs/btrfs/free-space-cache.c
+++ b/fs/btrfs/free-space-cache.c
@@ -1772,6 +1772,13 @@ static int search_bitmap(struct btrfs_fr
return -1;
}
+static inline u64 get_max_extent_size(struct btrfs_free_space *entry)
+{
+ if (entry->bitmap)
+ return entry->max_extent_size;
+ return entry->bytes;
+}
+
/* Cache the size of the max extent in bytes */
static struct btrfs_free_space *
find_free_space(struct btrfs_free_space_ctl *ctl, u64 *offset, u64 *bytes,
@@ -1793,8 +1800,8 @@ find_free_space(struct btrfs_free_space_
for (node = &entry->offset_index; node; node = rb_next(node)) {
entry = rb_entry(node, struct btrfs_free_space, offset_index);
if (entry->bytes < *bytes) {
- if (entry->bytes > *max_extent_size)
- *max_extent_size = entry->bytes;
+ *max_extent_size = max(get_max_extent_size(entry),
+ *max_extent_size);
continue;
}
@@ -1812,8 +1819,8 @@ find_free_space(struct btrfs_free_space_
}
if (entry->bytes < *bytes + align_off) {
- if (entry->bytes > *max_extent_size)
- *max_extent_size = entry->bytes;
+ *max_extent_size = max(get_max_extent_size(entry),
+ *max_extent_size);
continue;
}
@@ -1825,8 +1832,10 @@ find_free_space(struct btrfs_free_space_
*offset = tmp;
*bytes = size;
return entry;
- } else if (size > *max_extent_size) {
- *max_extent_size = size;
+ } else {
+ *max_extent_size =
+ max(get_max_extent_size(entry),
+ *max_extent_size);
}
continue;
}
@@ -2686,8 +2695,8 @@ static u64 btrfs_alloc_from_bitmap(struc
err = search_bitmap(ctl, entry, &search_start, &search_bytes, true);
if (err) {
- if (search_bytes > *max_extent_size)
- *max_extent_size = search_bytes;
+ *max_extent_size = max(get_max_extent_size(entry),
+ *max_extent_size);
return 0;
}
@@ -2724,8 +2733,9 @@ u64 btrfs_alloc_from_cluster(struct btrf
entry = rb_entry(node, struct btrfs_free_space, offset_index);
while (1) {
- if (entry->bytes < bytes && entry->bytes > *max_extent_size)
- *max_extent_size = entry->bytes;
+ if (entry->bytes < bytes)
+ *max_extent_size = max(get_max_extent_size(entry),
+ *max_extent_size);
if (entry->bytes < bytes ||
(!entry->bitmap && entry->offset < min_start)) {
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 350/361] btrfs: dont use ctl->free_space for max_extent_size
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (348 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 349/361] btrfs: set " Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 351/361] btrfs: only free reserved extent if we didnt insert it Greg Kroah-Hartman
` (13 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Filipe Manana, Josef Bacik, David Sterba
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Josef Bacik <jbacik@fb.com>
commit fb5c39d7a887108087de6ff93d3f326b01b4ef41 upstream.
max_extent_size is supposed to be the largest contiguous range for the
space info, and ctl->free_space is the total free space in the block
group. We need to keep track of these separately and _only_ use the
max_free_space if we don't have a max_extent_size, as that means our
original request was too large to search any of the block groups for and
therefore wouldn't have a max_extent_size set.
CC: stable@vger.kernel.org # 4.14+
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Josef Bacik <jbacik@fb.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/extent-tree.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--- a/fs/btrfs/extent-tree.c
+++ b/fs/btrfs/extent-tree.c
@@ -7230,6 +7230,7 @@ static noinline int find_free_extent(str
struct btrfs_block_group_cache *block_group = NULL;
u64 search_start = 0;
u64 max_extent_size = 0;
+ u64 max_free_space = 0;
u64 empty_cluster = 0;
struct btrfs_space_info *space_info;
int loop = 0;
@@ -7525,8 +7526,8 @@ unclustered_alloc:
spin_lock(&ctl->tree_lock);
if (ctl->free_space <
num_bytes + empty_cluster + empty_size) {
- if (ctl->free_space > max_extent_size)
- max_extent_size = ctl->free_space;
+ max_free_space = max(max_free_space,
+ ctl->free_space);
spin_unlock(&ctl->tree_lock);
goto loop;
}
@@ -7693,6 +7694,8 @@ loop:
}
out:
if (ret == -ENOSPC) {
+ if (!max_extent_size)
+ max_extent_size = max_free_space;
spin_lock(&space_info->lock);
space_info->max_extent_size = max_extent_size;
spin_unlock(&space_info->lock);
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 351/361] btrfs: only free reserved extent if we didnt insert it
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (349 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 350/361] btrfs: dont use ctl->free_space for max_extent_size Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 352/361] btrfs: fix insert_reserved error handling Greg Kroah-Hartman
` (12 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Omar Sandoval, Filipe Manana,
Josef Bacik, David Sterba
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Josef Bacik <josef@toxicpanda.com>
commit 49940bdd57779c78462da7aa5a8650b2fea8c2ff upstream.
When we insert the file extent once the ordered extent completes we free
the reserved extent reservation as it'll have been migrated to the
bytes_used counter. However if we error out after this step we'll still
clear the reserved extent reservation, resulting in a negative
accounting of the reserved bytes for the block group and space info.
Fix this by only doing the free if we didn't successfully insert a file
extent for this extent.
CC: stable@vger.kernel.org # 4.14+
Reviewed-by: Omar Sandoval <osandov@fb.com>
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/inode.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -2945,6 +2945,7 @@ static int btrfs_finish_ordered_io(struc
bool truncated = false;
bool range_locked = false;
bool clear_new_delalloc_bytes = false;
+ bool clear_reserved_extent = true;
if (!test_bit(BTRFS_ORDERED_NOCOW, &ordered_extent->flags) &&
!test_bit(BTRFS_ORDERED_PREALLOC, &ordered_extent->flags) &&
@@ -3048,10 +3049,12 @@ static int btrfs_finish_ordered_io(struc
logical_len, logical_len,
compress_type, 0, 0,
BTRFS_FILE_EXTENT_REG);
- if (!ret)
+ if (!ret) {
+ clear_reserved_extent = false;
btrfs_release_delalloc_bytes(fs_info,
ordered_extent->start,
ordered_extent->disk_len);
+ }
}
unpin_extent_cache(&BTRFS_I(inode)->extent_tree,
ordered_extent->file_offset, ordered_extent->len,
@@ -3112,8 +3115,13 @@ out:
* wrong we need to return the space for this ordered extent
* back to the allocator. We only free the extent in the
* truncated case if we didn't write out the extent at all.
+ *
+ * If we made it past insert_reserved_file_extent before we
+ * errored out then we don't need to do this as the accounting
+ * has already been done.
*/
if ((ret || !logical_len) &&
+ clear_reserved_extent &&
!test_bit(BTRFS_ORDERED_NOCOW, &ordered_extent->flags) &&
!test_bit(BTRFS_ORDERED_PREALLOC, &ordered_extent->flags))
btrfs_free_reserved_extent(fs_info,
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 352/361] btrfs: fix insert_reserved error handling
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (350 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 351/361] btrfs: only free reserved extent if we didnt insert it Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 353/361] btrfs: dont run delayed_iputs in commit Greg Kroah-Hartman
` (11 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nikolay Borisov, Josef Bacik, David Sterba
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Josef Bacik <josef@toxicpanda.com>
commit 80ee54bfe8a3850015585ebc84e8d207fcae6831 upstream.
We were not handling the reserved byte accounting properly for data
references. Metadata was fine, if it errored out the error paths would
free the bytes_reserved count and pin the extent, but it even missed one
of the error cases. So instead move this handling up into
run_one_delayed_ref so we are sure that both cases are properly cleaned
up in case of a transaction abort.
CC: stable@vger.kernel.org # 4.18+
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/extent-tree.c | 12 ++++--------
1 file changed, 4 insertions(+), 8 deletions(-)
--- a/fs/btrfs/extent-tree.c
+++ b/fs/btrfs/extent-tree.c
@@ -2366,6 +2366,9 @@ static int run_one_delayed_ref(struct bt
insert_reserved);
else
BUG();
+ if (ret && insert_reserved)
+ btrfs_pin_extent(trans->fs_info, node->bytenr,
+ node->num_bytes, 1);
return ret;
}
@@ -7977,21 +7980,14 @@ static int alloc_reserved_tree_block(str
}
path = btrfs_alloc_path();
- if (!path) {
- btrfs_free_and_pin_reserved_extent(fs_info,
- extent_key.objectid,
- fs_info->nodesize);
+ if (!path)
return -ENOMEM;
- }
path->leave_spinning = 1;
ret = btrfs_insert_empty_item(trans, fs_info->extent_root, path,
&extent_key, size);
if (ret) {
btrfs_free_path(path);
- btrfs_free_and_pin_reserved_extent(fs_info,
- extent_key.objectid,
- fs_info->nodesize);
return ret;
}
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 353/361] btrfs: dont run delayed_iputs in commit
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (351 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 352/361] btrfs: fix insert_reserved error handling Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 354/361] btrfs: move the dio_sem higher up the callchain Greg Kroah-Hartman
` (10 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Filipe Manana, Josef Bacik, David Sterba
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Josef Bacik <josef@toxicpanda.com>
commit 30928e9baac238a7330085a1c5747f0b5df444b4 upstream.
This could result in a really bad case where we do something like
evict
evict_refill_and_join
btrfs_commit_transaction
btrfs_run_delayed_iputs
evict
evict_refill_and_join
btrfs_commit_transaction
... forever
We have plenty of other places where we run delayed iputs that are much
safer, let those do the work.
CC: stable@vger.kernel.org # 4.4+
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/transaction.c | 9 ---------
1 file changed, 9 deletions(-)
--- a/fs/btrfs/transaction.c
+++ b/fs/btrfs/transaction.c
@@ -2280,15 +2280,6 @@ int btrfs_commit_transaction(struct btrf
kmem_cache_free(btrfs_trans_handle_cachep, trans);
- /*
- * If fs has been frozen, we can not handle delayed iputs, otherwise
- * it'll result in deadlock about SB_FREEZE_FS.
- */
- if (current != fs_info->transaction_kthread &&
- current != fs_info->cleaner_kthread &&
- !test_bit(BTRFS_FS_FROZEN, &fs_info->flags))
- btrfs_run_delayed_iputs(fs_info);
-
return ret;
scrub_continue:
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 354/361] btrfs: move the dio_sem higher up the callchain
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (352 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 353/361] btrfs: dont run delayed_iputs in commit Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 355/361] Btrfs: fix use-after-free during inode eviction Greg Kroah-Hartman
` (9 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Filipe Manana, Josef Bacik, David Sterba
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Josef Bacik <josef@toxicpanda.com>
commit c495144bc6962186feae31d687596d2472000e45 upstream.
We're getting a lockdep splat because we take the dio_sem under the
log_mutex. What we really need is to protect fsync() from logging an
extent map for an extent we never waited on higher up, so just guard the
whole thing with dio_sem.
======================================================
WARNING: possible circular locking dependency detected
4.18.0-rc4-xfstests-00025-g5de5edbaf1d4 #411 Not tainted
------------------------------------------------------
aio-dio-invalid/30928 is trying to acquire lock:
0000000092621cfd (&mm->mmap_sem){++++}, at: get_user_pages_unlocked+0x5a/0x1e0
but task is already holding lock:
00000000cefe6b35 (&ei->dio_sem){++++}, at: btrfs_direct_IO+0x3be/0x400
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #5 (&ei->dio_sem){++++}:
lock_acquire+0xbd/0x220
down_write+0x51/0xb0
btrfs_log_changed_extents+0x80/0xa40
btrfs_log_inode+0xbaf/0x1000
btrfs_log_inode_parent+0x26f/0xa80
btrfs_log_dentry_safe+0x50/0x70
btrfs_sync_file+0x357/0x540
do_fsync+0x38/0x60
__ia32_sys_fdatasync+0x12/0x20
do_fast_syscall_32+0x9a/0x2f0
entry_SYSENTER_compat+0x84/0x96
-> #4 (&ei->log_mutex){+.+.}:
lock_acquire+0xbd/0x220
__mutex_lock+0x86/0xa10
btrfs_record_unlink_dir+0x2a/0xa0
btrfs_unlink+0x5a/0xc0
vfs_unlink+0xb1/0x1a0
do_unlinkat+0x264/0x2b0
do_fast_syscall_32+0x9a/0x2f0
entry_SYSENTER_compat+0x84/0x96
-> #3 (sb_internal#2){.+.+}:
lock_acquire+0xbd/0x220
__sb_start_write+0x14d/0x230
start_transaction+0x3e6/0x590
btrfs_evict_inode+0x475/0x640
evict+0xbf/0x1b0
btrfs_run_delayed_iputs+0x6c/0x90
cleaner_kthread+0x124/0x1a0
kthread+0x106/0x140
ret_from_fork+0x3a/0x50
-> #2 (&fs_info->cleaner_delayed_iput_mutex){+.+.}:
lock_acquire+0xbd/0x220
__mutex_lock+0x86/0xa10
btrfs_alloc_data_chunk_ondemand+0x197/0x530
btrfs_check_data_free_space+0x4c/0x90
btrfs_delalloc_reserve_space+0x20/0x60
btrfs_page_mkwrite+0x87/0x520
do_page_mkwrite+0x31/0xa0
__handle_mm_fault+0x799/0xb00
handle_mm_fault+0x7c/0xe0
__do_page_fault+0x1d3/0x4a0
async_page_fault+0x1e/0x30
-> #1 (sb_pagefaults){.+.+}:
lock_acquire+0xbd/0x220
__sb_start_write+0x14d/0x230
btrfs_page_mkwrite+0x6a/0x520
do_page_mkwrite+0x31/0xa0
__handle_mm_fault+0x799/0xb00
handle_mm_fault+0x7c/0xe0
__do_page_fault+0x1d3/0x4a0
async_page_fault+0x1e/0x30
-> #0 (&mm->mmap_sem){++++}:
__lock_acquire+0x42e/0x7a0
lock_acquire+0xbd/0x220
down_read+0x48/0xb0
get_user_pages_unlocked+0x5a/0x1e0
get_user_pages_fast+0xa4/0x150
iov_iter_get_pages+0xc3/0x340
do_direct_IO+0xf93/0x1d70
__blockdev_direct_IO+0x32d/0x1c20
btrfs_direct_IO+0x227/0x400
generic_file_direct_write+0xcf/0x180
btrfs_file_write_iter+0x308/0x58c
aio_write+0xf8/0x1d0
io_submit_one+0x3a9/0x620
__ia32_compat_sys_io_submit+0xb2/0x270
do_int80_syscall_32+0x5b/0x1a0
entry_INT80_compat+0x88/0xa0
other info that might help us debug this:
Chain exists of:
&mm->mmap_sem --> &ei->log_mutex --> &ei->dio_sem
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&ei->dio_sem);
lock(&ei->log_mutex);
lock(&ei->dio_sem);
lock(&mm->mmap_sem);
*** DEADLOCK ***
1 lock held by aio-dio-invalid/30928:
#0: 00000000cefe6b35 (&ei->dio_sem){++++}, at: btrfs_direct_IO+0x3be/0x400
stack backtrace:
CPU: 0 PID: 30928 Comm: aio-dio-invalid Not tainted 4.18.0-rc4-xfstests-00025-g5de5edbaf1d4 #411
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014
Call Trace:
dump_stack+0x7c/0xbb
print_circular_bug.isra.37+0x297/0x2a4
check_prev_add.constprop.45+0x781/0x7a0
? __lock_acquire+0x42e/0x7a0
validate_chain.isra.41+0x7f0/0xb00
__lock_acquire+0x42e/0x7a0
lock_acquire+0xbd/0x220
? get_user_pages_unlocked+0x5a/0x1e0
down_read+0x48/0xb0
? get_user_pages_unlocked+0x5a/0x1e0
get_user_pages_unlocked+0x5a/0x1e0
get_user_pages_fast+0xa4/0x150
iov_iter_get_pages+0xc3/0x340
do_direct_IO+0xf93/0x1d70
? __alloc_workqueue_key+0x358/0x490
? __blockdev_direct_IO+0x14b/0x1c20
__blockdev_direct_IO+0x32d/0x1c20
? btrfs_run_delalloc_work+0x40/0x40
? can_nocow_extent+0x490/0x490
? kvm_clock_read+0x1f/0x30
? can_nocow_extent+0x490/0x490
? btrfs_run_delalloc_work+0x40/0x40
btrfs_direct_IO+0x227/0x400
? btrfs_run_delalloc_work+0x40/0x40
generic_file_direct_write+0xcf/0x180
btrfs_file_write_iter+0x308/0x58c
aio_write+0xf8/0x1d0
? kvm_clock_read+0x1f/0x30
? __might_fault+0x3e/0x90
io_submit_one+0x3a9/0x620
? io_submit_one+0xe5/0x620
__ia32_compat_sys_io_submit+0xb2/0x270
do_int80_syscall_32+0x5b/0x1a0
entry_INT80_compat+0x88/0xa0
CC: stable@vger.kernel.org # 4.14+
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/file.c | 12 ++++++++++++
fs/btrfs/tree-log.c | 2 --
2 files changed, 12 insertions(+), 2 deletions(-)
--- a/fs/btrfs/file.c
+++ b/fs/btrfs/file.c
@@ -2078,6 +2078,14 @@ int btrfs_sync_file(struct file *file, l
goto out;
inode_lock(inode);
+
+ /*
+ * We take the dio_sem here because the tree log stuff can race with
+ * lockless dio writes and get an extent map logged for an extent we
+ * never waited on. We need it this high up for lockdep reasons.
+ */
+ down_write(&BTRFS_I(inode)->dio_sem);
+
atomic_inc(&root->log_batch);
/*
@@ -2086,6 +2094,7 @@ int btrfs_sync_file(struct file *file, l
*/
ret = btrfs_wait_ordered_range(inode, start, len);
if (ret) {
+ up_write(&BTRFS_I(inode)->dio_sem);
inode_unlock(inode);
goto out;
}
@@ -2109,6 +2118,7 @@ int btrfs_sync_file(struct file *file, l
* checked called fsync.
*/
ret = filemap_check_wb_err(inode->i_mapping, file->f_wb_err);
+ up_write(&BTRFS_I(inode)->dio_sem);
inode_unlock(inode);
goto out;
}
@@ -2127,6 +2137,7 @@ int btrfs_sync_file(struct file *file, l
trans = btrfs_start_transaction(root, 0);
if (IS_ERR(trans)) {
ret = PTR_ERR(trans);
+ up_write(&BTRFS_I(inode)->dio_sem);
inode_unlock(inode);
goto out;
}
@@ -2148,6 +2159,7 @@ int btrfs_sync_file(struct file *file, l
* file again, but that will end up using the synchronization
* inside btrfs_sync_log to keep things safe.
*/
+ up_write(&BTRFS_I(inode)->dio_sem);
inode_unlock(inode);
/*
--- a/fs/btrfs/tree-log.c
+++ b/fs/btrfs/tree-log.c
@@ -4393,7 +4393,6 @@ static int btrfs_log_changed_extents(str
INIT_LIST_HEAD(&extents);
- down_write(&inode->dio_sem);
write_lock(&tree->lock);
test_gen = root->fs_info->last_trans_committed;
logged_start = start;
@@ -4459,7 +4458,6 @@ process:
}
WARN_ON(!list_empty(&extents));
write_unlock(&tree->lock);
- up_write(&inode->dio_sem);
btrfs_release_path(path);
if (!ret)
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 355/361] Btrfs: fix use-after-free during inode eviction
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (353 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 354/361] btrfs: move the dio_sem higher up the callchain Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 356/361] Btrfs: fix use-after-free when dumping free space Greg Kroah-Hartman
` (8 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Qu Wenruo, Filipe Manana, David Sterba
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Filipe Manana <fdmanana@suse.com>
commit 421f0922a2cfb0c75acd9746454aaa576c711a65 upstream.
At inode.c:evict_inode_truncate_pages(), when we iterate over the
inode's extent states, we access an extent state record's "state" field
after we unlocked the inode's io tree lock. This can lead to a
use-after-free issue because after we unlock the io tree that extent
state record might have been freed due to being merged into another
adjacent extent state record (a previous inflight bio for a read
operation finished in the meanwhile which unlocked a range in the io
tree and cause a merge of extent state records, as explained in the
comment before the while loop added in commit 6ca0709756710 ("Btrfs: fix
hang during inode eviction due to concurrent readahead")).
Fix this by keeping a copy of the extent state's flags in a local
variable and using it after unlocking the io tree.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=201189
Fixes: b9d0b38928e2 ("btrfs: Add handler for invalidate page")
CC: stable@vger.kernel.org # 4.4+
Reviewed-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/inode.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -5283,11 +5283,13 @@ static void evict_inode_truncate_pages(s
struct extent_state *cached_state = NULL;
u64 start;
u64 end;
+ unsigned state_flags;
node = rb_first(&io_tree->state);
state = rb_entry(node, struct extent_state, rb_node);
start = state->start;
end = state->end;
+ state_flags = state->state;
spin_unlock(&io_tree->lock);
lock_extent_bits(io_tree, start, end, &cached_state);
@@ -5300,7 +5302,7 @@ static void evict_inode_truncate_pages(s
*
* Note, end is the bytenr of last byte, so we need + 1 here.
*/
- if (state->state & EXTENT_DELALLOC)
+ if (state_flags & EXTENT_DELALLOC)
btrfs_qgroup_free_data(inode, NULL, start, end - start + 1);
clear_extent_bit(io_tree, start, end,
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 356/361] Btrfs: fix use-after-free when dumping free space
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (354 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 355/361] Btrfs: fix use-after-free during inode eviction Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 357/361] net: sched: Remove TCA_OPTIONS from policy Greg Kroah-Hartman
` (7 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nikolay Borisov, Josef Bacik,
Filipe Manana, David Sterba
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Filipe Manana <fdmanana@suse.com>
commit 9084cb6a24bf5838a665af92ded1af8363f9e563 upstream.
We were iterating a block group's free space cache rbtree without locking
first the lock that protects it (the free_space_ctl->free_space_offset
rbtree is protected by the free_space_ctl->tree_lock spinlock).
KASAN reported an use-after-free problem when iterating such a rbtree due
to a concurrent rbtree delete:
[ 9520.359168] ==================================================================
[ 9520.359656] BUG: KASAN: use-after-free in rb_next+0x13/0x90
[ 9520.359949] Read of size 8 at addr ffff8800b7ada500 by task btrfs-transacti/1721
[ 9520.360357]
[ 9520.360530] CPU: 4 PID: 1721 Comm: btrfs-transacti Tainted: G L 4.19.0-rc8-nbor #555
[ 9520.360990] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
[ 9520.362682] Call Trace:
[ 9520.362887] dump_stack+0xa4/0xf5
[ 9520.363146] print_address_description+0x78/0x280
[ 9520.363412] kasan_report+0x263/0x390
[ 9520.363650] ? rb_next+0x13/0x90
[ 9520.363873] __asan_load8+0x54/0x90
[ 9520.364102] rb_next+0x13/0x90
[ 9520.364380] btrfs_dump_free_space+0x146/0x160 [btrfs]
[ 9520.364697] dump_space_info+0x2cd/0x310 [btrfs]
[ 9520.364997] btrfs_reserve_extent+0x1ee/0x1f0 [btrfs]
[ 9520.365310] __btrfs_prealloc_file_range+0x1cc/0x620 [btrfs]
[ 9520.365646] ? btrfs_update_time+0x180/0x180 [btrfs]
[ 9520.365923] ? _raw_spin_unlock+0x27/0x40
[ 9520.366204] ? btrfs_alloc_data_chunk_ondemand+0x2c0/0x5c0 [btrfs]
[ 9520.366549] btrfs_prealloc_file_range_trans+0x23/0x30 [btrfs]
[ 9520.366880] cache_save_setup+0x42e/0x580 [btrfs]
[ 9520.367220] ? btrfs_check_data_free_space+0xd0/0xd0 [btrfs]
[ 9520.367518] ? lock_downgrade+0x2f0/0x2f0
[ 9520.367799] ? btrfs_write_dirty_block_groups+0x11f/0x6e0 [btrfs]
[ 9520.368104] ? kasan_check_read+0x11/0x20
[ 9520.368349] ? do_raw_spin_unlock+0xa8/0x140
[ 9520.368638] btrfs_write_dirty_block_groups+0x2af/0x6e0 [btrfs]
[ 9520.368978] ? btrfs_start_dirty_block_groups+0x870/0x870 [btrfs]
[ 9520.369282] ? do_raw_spin_unlock+0xa8/0x140
[ 9520.369534] ? _raw_spin_unlock+0x27/0x40
[ 9520.369811] ? btrfs_run_delayed_refs+0x1b8/0x230 [btrfs]
[ 9520.370137] commit_cowonly_roots+0x4b9/0x610 [btrfs]
[ 9520.370560] ? commit_fs_roots+0x350/0x350 [btrfs]
[ 9520.370926] ? btrfs_run_delayed_refs+0x1b8/0x230 [btrfs]
[ 9520.371285] btrfs_commit_transaction+0x5e5/0x10e0 [btrfs]
[ 9520.371612] ? btrfs_apply_pending_changes+0x90/0x90 [btrfs]
[ 9520.371943] ? start_transaction+0x168/0x6c0 [btrfs]
[ 9520.372257] transaction_kthread+0x21c/0x240 [btrfs]
[ 9520.372537] kthread+0x1d2/0x1f0
[ 9520.372793] ? btrfs_cleanup_transaction+0xb50/0xb50 [btrfs]
[ 9520.373090] ? kthread_park+0xb0/0xb0
[ 9520.373329] ret_from_fork+0x3a/0x50
[ 9520.373567]
[ 9520.373738] Allocated by task 1804:
[ 9520.373974] kasan_kmalloc+0xff/0x180
[ 9520.374208] kasan_slab_alloc+0x11/0x20
[ 9520.374447] kmem_cache_alloc+0xfc/0x2d0
[ 9520.374731] __btrfs_add_free_space+0x40/0x580 [btrfs]
[ 9520.375044] unpin_extent_range+0x4f7/0x7a0 [btrfs]
[ 9520.375383] btrfs_finish_extent_commit+0x15f/0x4d0 [btrfs]
[ 9520.375707] btrfs_commit_transaction+0xb06/0x10e0 [btrfs]
[ 9520.376027] btrfs_alloc_data_chunk_ondemand+0x237/0x5c0 [btrfs]
[ 9520.376365] btrfs_check_data_free_space+0x81/0xd0 [btrfs]
[ 9520.376689] btrfs_delalloc_reserve_space+0x25/0x80 [btrfs]
[ 9520.377018] btrfs_direct_IO+0x42e/0x6d0 [btrfs]
[ 9520.377284] generic_file_direct_write+0x11e/0x220
[ 9520.377587] btrfs_file_write_iter+0x472/0xac0 [btrfs]
[ 9520.377875] aio_write+0x25c/0x360
[ 9520.378106] io_submit_one+0xaa0/0xdc0
[ 9520.378343] __se_sys_io_submit+0xfa/0x2f0
[ 9520.378589] __x64_sys_io_submit+0x43/0x50
[ 9520.378840] do_syscall_64+0x7d/0x240
[ 9520.379081] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 9520.379387]
[ 9520.379557] Freed by task 1802:
[ 9520.379782] __kasan_slab_free+0x173/0x260
[ 9520.380028] kasan_slab_free+0xe/0x10
[ 9520.380262] kmem_cache_free+0xc1/0x2c0
[ 9520.380544] btrfs_find_space_for_alloc+0x4cd/0x4e0 [btrfs]
[ 9520.380866] find_free_extent+0xa99/0x17e0 [btrfs]
[ 9520.381166] btrfs_reserve_extent+0xd5/0x1f0 [btrfs]
[ 9520.381474] btrfs_get_blocks_direct+0x60b/0xbd0 [btrfs]
[ 9520.381761] __blockdev_direct_IO+0x10ee/0x58a1
[ 9520.382059] btrfs_direct_IO+0x25a/0x6d0 [btrfs]
[ 9520.382321] generic_file_direct_write+0x11e/0x220
[ 9520.382623] btrfs_file_write_iter+0x472/0xac0 [btrfs]
[ 9520.382904] aio_write+0x25c/0x360
[ 9520.383172] io_submit_one+0xaa0/0xdc0
[ 9520.383416] __se_sys_io_submit+0xfa/0x2f0
[ 9520.383678] __x64_sys_io_submit+0x43/0x50
[ 9520.383927] do_syscall_64+0x7d/0x240
[ 9520.384165] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 9520.384439]
[ 9520.384610] The buggy address belongs to the object at ffff8800b7ada500
which belongs to the cache btrfs_free_space of size 72
[ 9520.385175] The buggy address is located 0 bytes inside of
72-byte region [ffff8800b7ada500, ffff8800b7ada548)
[ 9520.385691] The buggy address belongs to the page:
[ 9520.385957] page:ffffea0002deb680 count:1 mapcount:0 mapping:ffff880108a1d700 index:0x0 compound_mapcount: 0
[ 9520.388030] flags: 0x8100(slab|head)
[ 9520.388281] raw: 0000000000008100 ffffea0002deb608 ffffea0002728808 ffff880108a1d700
[ 9520.388722] raw: 0000000000000000 0000000000130013 00000001ffffffff 0000000000000000
[ 9520.389169] page dumped because: kasan: bad access detected
[ 9520.389473]
[ 9520.389658] Memory state around the buggy address:
[ 9520.389943] ffff8800b7ada400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 9520.390368] ffff8800b7ada480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 9520.390796] >ffff8800b7ada500: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc
[ 9520.391223] ^
[ 9520.391461] ffff8800b7ada580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 9520.391885] ffff8800b7ada600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 9520.392313] ==================================================================
[ 9520.392772] BTRFS critical (device vdc): entry offset 2258497536, bytes 131072, bitmap no
[ 9520.393247] BUG: unable to handle kernel NULL pointer dereference at 0000000000000011
[ 9520.393705] PGD 800000010dbab067 P4D 800000010dbab067 PUD 107551067 PMD 0
[ 9520.394059] Oops: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN PTI
[ 9520.394378] CPU: 4 PID: 1721 Comm: btrfs-transacti Tainted: G B L 4.19.0-rc8-nbor #555
[ 9520.394858] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
[ 9520.395350] RIP: 0010:rb_next+0x3c/0x90
[ 9520.396461] RSP: 0018:ffff8801074ff780 EFLAGS: 00010292
[ 9520.396762] RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff81b5ac4c
[ 9520.397115] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000011
[ 9520.397468] RBP: ffff8801074ff7a0 R08: ffffed0021d64ccc R09: ffffed0021d64ccc
[ 9520.397821] R10: 0000000000000001 R11: ffffed0021d64ccb R12: ffff8800b91e0000
[ 9520.398188] R13: ffff8800a3ceba48 R14: ffff8800b627bf80 R15: 0000000000020000
[ 9520.398555] FS: 0000000000000000(0000) GS:ffff88010eb00000(0000) knlGS:0000000000000000
[ 9520.399007] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 9520.399335] CR2: 0000000000000011 CR3: 0000000106b52000 CR4: 00000000000006a0
[ 9520.399679] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 9520.400023] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 9520.400400] Call Trace:
[ 9520.400648] btrfs_dump_free_space+0x146/0x160 [btrfs]
[ 9520.400974] dump_space_info+0x2cd/0x310 [btrfs]
[ 9520.401287] btrfs_reserve_extent+0x1ee/0x1f0 [btrfs]
[ 9520.401609] __btrfs_prealloc_file_range+0x1cc/0x620 [btrfs]
[ 9520.401952] ? btrfs_update_time+0x180/0x180 [btrfs]
[ 9520.402232] ? _raw_spin_unlock+0x27/0x40
[ 9520.402522] ? btrfs_alloc_data_chunk_ondemand+0x2c0/0x5c0 [btrfs]
[ 9520.402882] btrfs_prealloc_file_range_trans+0x23/0x30 [btrfs]
[ 9520.403261] cache_save_setup+0x42e/0x580 [btrfs]
[ 9520.403570] ? btrfs_check_data_free_space+0xd0/0xd0 [btrfs]
[ 9520.403871] ? lock_downgrade+0x2f0/0x2f0
[ 9520.404161] ? btrfs_write_dirty_block_groups+0x11f/0x6e0 [btrfs]
[ 9520.404481] ? kasan_check_read+0x11/0x20
[ 9520.404732] ? do_raw_spin_unlock+0xa8/0x140
[ 9520.405026] btrfs_write_dirty_block_groups+0x2af/0x6e0 [btrfs]
[ 9520.405375] ? btrfs_start_dirty_block_groups+0x870/0x870 [btrfs]
[ 9520.405694] ? do_raw_spin_unlock+0xa8/0x140
[ 9520.405958] ? _raw_spin_unlock+0x27/0x40
[ 9520.406243] ? btrfs_run_delayed_refs+0x1b8/0x230 [btrfs]
[ 9520.406574] commit_cowonly_roots+0x4b9/0x610 [btrfs]
[ 9520.406899] ? commit_fs_roots+0x350/0x350 [btrfs]
[ 9520.407253] ? btrfs_run_delayed_refs+0x1b8/0x230 [btrfs]
[ 9520.407589] btrfs_commit_transaction+0x5e5/0x10e0 [btrfs]
[ 9520.407925] ? btrfs_apply_pending_changes+0x90/0x90 [btrfs]
[ 9520.408262] ? start_transaction+0x168/0x6c0 [btrfs]
[ 9520.408582] transaction_kthread+0x21c/0x240 [btrfs]
[ 9520.408870] kthread+0x1d2/0x1f0
[ 9520.409138] ? btrfs_cleanup_transaction+0xb50/0xb50 [btrfs]
[ 9520.409440] ? kthread_park+0xb0/0xb0
[ 9520.409682] ret_from_fork+0x3a/0x50
[ 9520.410508] Dumping ftrace buffer:
[ 9520.410764] (ftrace buffer empty)
[ 9520.411007] CR2: 0000000000000011
[ 9520.411297] ---[ end trace 01a0863445cf360a ]---
[ 9520.411568] RIP: 0010:rb_next+0x3c/0x90
[ 9520.412644] RSP: 0018:ffff8801074ff780 EFLAGS: 00010292
[ 9520.412932] RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff81b5ac4c
[ 9520.413274] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000011
[ 9520.413616] RBP: ffff8801074ff7a0 R08: ffffed0021d64ccc R09: ffffed0021d64ccc
[ 9520.414007] R10: 0000000000000001 R11: ffffed0021d64ccb R12: ffff8800b91e0000
[ 9520.414349] R13: ffff8800a3ceba48 R14: ffff8800b627bf80 R15: 0000000000020000
[ 9520.416074] FS: 0000000000000000(0000) GS:ffff88010eb00000(0000) knlGS:0000000000000000
[ 9520.416536] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 9520.416848] CR2: 0000000000000011 CR3: 0000000106b52000 CR4: 00000000000006a0
[ 9520.418477] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 9520.418846] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 9520.419204] Kernel panic - not syncing: Fatal exception
[ 9520.419666] Dumping ftrace buffer:
[ 9520.419930] (ftrace buffer empty)
[ 9520.420168] Kernel Offset: disabled
[ 9520.420406] ---[ end Kernel panic - not syncing: Fatal exception ]---
Fix this by acquiring the respective lock before iterating the rbtree.
Reported-by: Nikolay Borisov <nborisov@suse.com>
CC: stable@vger.kernel.org # 4.4+
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/free-space-cache.c | 2 ++
1 file changed, 2 insertions(+)
--- a/fs/btrfs/free-space-cache.c
+++ b/fs/btrfs/free-space-cache.c
@@ -2459,6 +2459,7 @@ void btrfs_dump_free_space(struct btrfs_
struct rb_node *n;
int count = 0;
+ spin_lock(&ctl->tree_lock);
for (n = rb_first(&ctl->free_space_offset); n; n = rb_next(n)) {
info = rb_entry(n, struct btrfs_free_space, offset_index);
if (info->bytes >= bytes && !block_group->ro)
@@ -2467,6 +2468,7 @@ void btrfs_dump_free_space(struct btrfs_
info->offset, info->bytes,
(info->bitmap) ? "yes" : "no");
}
+ spin_unlock(&ctl->tree_lock);
btrfs_info(fs_info, "block group has cluster?: %s",
list_empty(&block_group->cluster_list) ? "no" : "yes");
btrfs_info(fs_info,
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 357/361] net: sched: Remove TCA_OPTIONS from policy
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (355 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 356/361] Btrfs: fix use-after-free when dumping free space Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 358/361] vt: fix broken display when running aptitude Greg Kroah-Hartman
` (6 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marco Berizzi, David Ahern, David S. Miller
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Ahern <dsahern@gmail.com>
commit e72bde6b66299602087c8c2350d36a525e75d06e upstream.
Marco reported an error with hfsc:
root@Calimero:~# tc qdisc add dev eth0 root handle 1:0 hfsc default 1
Error: Attribute failed policy validation.
Apparently a few implementations pass TCA_OPTIONS as a binary instead
of nested attribute, so drop TCA_OPTIONS from the policy.
Fixes: 8b4c3cdd9dd8 ("net: sched: Add policy validation for tc attributes")
Reported-by: Marco Berizzi <pupilla@libero.it>
Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sched/sch_api.c | 1 -
1 file changed, 1 deletion(-)
--- a/net/sched/sch_api.c
+++ b/net/sched/sch_api.c
@@ -1309,7 +1309,6 @@ check_loop_fn(struct Qdisc *q, unsigned
const struct nla_policy rtm_tca_policy[TCA_MAX + 1] = {
[TCA_KIND] = { .type = NLA_STRING },
- [TCA_OPTIONS] = { .type = NLA_NESTED },
[TCA_RATE] = { .type = NLA_BINARY,
.len = sizeof(struct tc_estimator) },
[TCA_STAB] = { .type = NLA_NESTED },
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 358/361] vt: fix broken display when running aptitude
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (356 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 357/361] net: sched: Remove TCA_OPTIONS from policy Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 359/361] userns: also map extents in the reverse map to kernel IDs Greg Kroah-Hartman
` (5 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mikulas Patocka, Nicolas Pitre
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mikulas Patocka <mpatocka@redhat.com>
commit 943210ba807ec50aafa2fa7b13bd6d36a478969b upstream.
If you run aptitude on framebuffer console, the display is corrupted. The
corruption is caused by the commit d8ae7242. The patch adds "offset" to
"start" when calling scr_memsetw, but it forgets to do the same addition
on a subsequent call to do_update_region.
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Fixes: d8ae72427187 ("vt: preserve unicode values corresponding to screen characters")
Reviewed-by: Nicolas Pitre <nico@linaro.org>
Cc: stable@vger.kernel.org # 4.19
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/vt/vt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/tty/vt/vt.c
+++ b/drivers/tty/vt/vt.c
@@ -1551,7 +1551,7 @@ static void csi_K(struct vc_data *vc, in
scr_memsetw(start + offset, vc->vc_video_erase_char, 2 * count);
vc->vc_need_wrap = 0;
if (con_should_update(vc))
- do_update_region(vc, (unsigned long) start, count);
+ do_update_region(vc, (unsigned long)(start + offset), count);
}
static void csi_X(struct vc_data *vc, int vpar) /* erase the following vpar positions */
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 359/361] userns: also map extents in the reverse map to kernel IDs
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (357 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 358/361] vt: fix broken display when running aptitude Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 360/361] bpf: wait for running BPF programs when updating map-in-map Greg Kroah-Hartman
` (4 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jann Horn, Eric W. Biederman
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jann Horn <jannh@google.com>
commit d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd upstream.
The current logic first clones the extent array and sorts both copies, then
maps the lower IDs of the forward mapping into the lower namespace, but
doesn't map the lower IDs of the reverse mapping.
This means that code in a nested user namespace with >5 extents will see
incorrect IDs. It also breaks some access checks, like
inode_owner_or_capable() and privileged_wrt_inode_uidgid(), so a process
can incorrectly appear to be capable relative to an inode.
To fix it, we have to make sure that the "lower_first" members of extents
in both arrays are translated; and we have to make sure that the reverse
map is sorted *after* the translation (since otherwise the translation can
break the sorting).
This is CVE-2018-18955.
Fixes: 6397fac4915a ("userns: bump idmap limits to 340")
Cc: stable@vger.kernel.org
Signed-off-by: Jann Horn <jannh@google.com>
Tested-by: Eric W. Biederman <ebiederm@xmission.com>
Reviewed-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/user_namespace.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -974,10 +974,6 @@ static ssize_t map_write(struct file *fi
if (!new_idmap_permitted(file, ns, cap_setid, &new_map))
goto out;
- ret = sort_idmaps(&new_map);
- if (ret < 0)
- goto out;
-
ret = -EPERM;
/* Map the lower ids from the parent user namespace to the
* kernel global id space.
@@ -1004,6 +1000,14 @@ static ssize_t map_write(struct file *fi
e->lower_first = lower_first;
}
+ /*
+ * If we want to use binary search for lookup, this clones the extent
+ * array and sorts both copies.
+ */
+ ret = sort_idmaps(&new_map);
+ if (ret < 0)
+ goto out;
+
/* Install the map */
if (new_map.nr_extents <= UID_GID_MAP_MAX_BASE_EXTENTS) {
memcpy(map->extent, new_map.extent,
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 360/361] bpf: wait for running BPF programs when updating map-in-map
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (358 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 359/361] userns: also map extents in the reverse map to kernel IDs Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 361/361] vga_switcheroo: Fix missing gpu_bound call at audio client registration Greg Kroah-Hartman
` (3 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Daniel Colascione,
Joel Fernandes (Google),
Alexei Starovoitov, Chenbo Feng
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Daniel Colascione <dancol@google.com>
commit 1ae80cf31938c8f77c37a29bbe29e7f1cd492be8 upstream.
The map-in-map frequently serves as a mechanism for atomic
snapshotting of state that a BPF program might record. The current
implementation is dangerous to use in this way, however, since
userspace has no way of knowing when all programs that might have
retrieved the "old" value of the map may have completed.
This change ensures that map update operations on map-in-map map types
always wait for all references to the old map to drop before returning
to userspace.
Signed-off-by: Daniel Colascione <dancol@google.com>
Reviewed-by: Joel Fernandes (Google) <joel@joelfernandes.org>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Chenbo Feng <fengc@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/bpf/syscall.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -741,6 +741,17 @@ err_put:
return err;
}
+static void maybe_wait_bpf_programs(struct bpf_map *map)
+{
+ /* Wait for any running BPF programs to complete so that
+ * userspace, when we return to it, knows that all programs
+ * that could be running use the new map value.
+ */
+ if (map->map_type == BPF_MAP_TYPE_HASH_OF_MAPS ||
+ map->map_type == BPF_MAP_TYPE_ARRAY_OF_MAPS)
+ synchronize_rcu();
+}
+
#define BPF_MAP_UPDATE_ELEM_LAST_FIELD flags
static int map_update_elem(union bpf_attr *attr)
@@ -831,6 +842,7 @@ static int map_update_elem(union bpf_att
}
__this_cpu_dec(bpf_prog_active);
preempt_enable();
+ maybe_wait_bpf_programs(map);
out:
free_value:
kfree(value);
@@ -883,6 +895,7 @@ static int map_delete_elem(union bpf_att
rcu_read_unlock();
__this_cpu_dec(bpf_prog_active);
preempt_enable();
+ maybe_wait_bpf_programs(map);
out:
kfree(key);
err_put:
^ permalink raw reply [flat|nested] 384+ messages in thread
* [PATCH 4.19 361/361] vga_switcheroo: Fix missing gpu_bound call at audio client registration
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (359 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 360/361] bpf: wait for running BPF programs when updating map-in-map Greg Kroah-Hartman
@ 2018-11-11 22:21 ` Greg Kroah-Hartman
2018-11-12 4:10 ` [PATCH 4.19 000/361] 4.19.2-stable review kernelci.org bot
` (2 subsequent siblings)
363 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-11 22:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Lukas Wunner, Takashi Iwai
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Iwai <tiwai@suse.de>
commit fc09ab7a767394f9ecdad84ea6e85d68b83c8e21 upstream.
The commit 37a3a98ef601 ("ALSA: hda - Enable runtime PM only for
discrete GPU") added a new ops gpu_bound to be called when GPU gets
bound. The patch overlooked, however, that vga_switcheroo_enable() is
called only once at GPU is bound. When an audio client is registered
after that point, it would miss the gpu_bound call. This leads to the
unexpected lack of runtime PM in HD-audio side.
For addressing that regression, just call gpu_bound callback manually
at vga_switcheroo_register_audio_client() when the GPU was already
bound.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=201615
Fixes: 37a3a98ef601 ("ALSA: hda - Enable runtime PM only for discrete GPU")
Cc: <stable@vger.kernel.org>
Reviewed-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/vga/vga_switcheroo.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/gpu/vga/vga_switcheroo.c
+++ b/drivers/gpu/vga/vga_switcheroo.c
@@ -380,6 +380,9 @@ int vga_switcheroo_register_audio_client
mutex_unlock(&vgasr_mutex);
return -EINVAL;
}
+ /* notify if GPU has been already bound */
+ if (ops->gpu_bound)
+ ops->gpu_bound(pdev, id);
}
mutex_unlock(&vgasr_mutex);
^ permalink raw reply [flat|nested] 384+ messages in thread
* Re: [PATCH 4.19 078/361] nvmet-rdma: use a private workqueue for delete
2018-11-11 22:17 ` [PATCH 4.19 078/361] nvmet-rdma: use a private workqueue for delete Greg Kroah-Hartman
@ 2018-11-12 1:27 ` Bart Van Assche
2018-11-12 2:32 ` Greg Kroah-Hartman
0 siblings, 1 reply; 384+ messages in thread
From: Bart Van Assche @ 2018-11-12 1:27 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: stable, Sagi Grimberg, Christoph Hellwig, Sasha Levin
On 11/11/18 2:17 PM, Greg Kroah-Hartman wrote:
> 4.19-stable review patch. If anyone has any objections, please let me know.
>
> ------------------
>
> From: Sagi Grimberg <sagi@grimberg.me>
>
> [ Upstream commit 2acf70ade79d26b97611a8df52eb22aa33814cd4 ]
>
> Queue deletion is done asynchronous when the last reference on the queue
> is dropped. Thus, in order to make sure we don't over allocate under a
> connect/disconnect storm, we let queue deletion complete before making
> forward progress.
>
> However, given that we flush the system_wq from rdma_cm context which
> runs from a workqueue context, we can have a circular locking complaint
> [1]. Fix that by using a private workqueue for queue deletion.
Hi Greg,
You may want to drop this patch. A bug was discovered in this patch a
few days ago. I think not backporting this patch is better than
backporting it. See also the discussion at
http://lists.infradead.org/pipermail/linux-nvme/2018-November/020766.html.
A quote from that e-mail thread: "I think we need to revert 2acf70a
("nvmet-rdma: use a private workqueue for delete") altogether because it
never made any difference..".
Bart.
^ permalink raw reply [flat|nested] 384+ messages in thread
* Re: [PATCH 4.19 078/361] nvmet-rdma: use a private workqueue for delete
2018-11-12 1:27 ` Bart Van Assche
@ 2018-11-12 2:32 ` Greg Kroah-Hartman
0 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-12 2:32 UTC (permalink / raw)
To: Bart Van Assche
Cc: linux-kernel, stable, Sagi Grimberg, Christoph Hellwig, Sasha Levin
On Sun, Nov 11, 2018 at 05:27:05PM -0800, Bart Van Assche wrote:
> On 11/11/18 2:17 PM, Greg Kroah-Hartman wrote:
> > 4.19-stable review patch. If anyone has any objections, please let me know.
> >
> > ------------------
> >
> > From: Sagi Grimberg <sagi@grimberg.me>
> >
> > [ Upstream commit 2acf70ade79d26b97611a8df52eb22aa33814cd4 ]
> >
> > Queue deletion is done asynchronous when the last reference on the queue
> > is dropped. Thus, in order to make sure we don't over allocate under a
> > connect/disconnect storm, we let queue deletion complete before making
> > forward progress.
> >
> > However, given that we flush the system_wq from rdma_cm context which
> > runs from a workqueue context, we can have a circular locking complaint
> > [1]. Fix that by using a private workqueue for queue deletion.
>
> Hi Greg,
>
> You may want to drop this patch. A bug was discovered in this patch a few
> days ago. I think not backporting this patch is better than backporting it.
> See also the discussion at
> http://lists.infradead.org/pipermail/linux-nvme/2018-November/020766.html. A
> quote from that e-mail thread: "I think we need to revert 2acf70a
> ("nvmet-rdma: use a private workqueue for delete") altogether because it
> never made any difference..".
Now dropped from the 4.18 and 4.19 queues, thanks.
greg k-h
^ permalink raw reply [flat|nested] 384+ messages in thread
* Re: [PATCH 4.19 000/361] 4.19.2-stable review
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (360 preceding siblings ...)
2018-11-11 22:21 ` [PATCH 4.19 361/361] vga_switcheroo: Fix missing gpu_bound call at audio client registration Greg Kroah-Hartman
@ 2018-11-12 4:10 ` kernelci.org bot
2018-11-12 14:00 ` Naresh Kamboju
2018-11-13 0:58 ` Guenter Roeck
363 siblings, 0 replies; 384+ messages in thread
From: kernelci.org bot @ 2018-11-12 4:10 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: Greg Kroah-Hartman, torvalds, akpm, linux, shuah, patches,
ben.hutchings, lkft-triage, stable
stable-rc/linux-4.19.y boot: 98 boots: 9 failed, 65 passed with 16 offline, 8 conflicts (v4.19.1-362-gc881caaeb264)
Full Boot Summary: https://kernelci.org/boot/all/job/stable-rc/branch/linux-4.19.y/kernel/v4.19.1-362-gc881caaeb264/
Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-4.19.y/kernel/v4.19.1-362-gc881caaeb264/
Tree: stable-rc
Branch: linux-4.19.y
Git Describe: v4.19.1-362-gc881caaeb264
Git Commit: c881caaeb264eb22581247c54c007a0bd9e6cd19
Git URL: http://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
Tested: 56 unique boards, 21 SoC families, 15 builds out of 186
Boot Regressions Detected:
arm:
bcm2835_defconfig:
bcm2837-rpi-3-b:
lab-baylibre: new failure (last pass: v4.19.1)
multi_v7_defconfig:
imx6q-sabrelite:
lab-baylibre: new failure (last pass: v4.19.1)
meson8b-odroidc1:
lab-baylibre: new failure (last pass: v4.19.1)
qemu:
lab-baylibre: new failure (last pass: v4.19.1)
sun8i-h2-plus-libretech-all-h3-cc:
lab-baylibre: new failure (last pass: v4.19.1)
sun8i-h3-libretech-all-h3-cc:
lab-baylibre: new failure (last pass: v4.19.1)
sunxi_defconfig:
sun8i-h2-plus-libretech-all-h3-cc:
lab-baylibre: new failure (last pass: v4.19.1)
sun8i-h3-libretech-all-h3-cc:
lab-baylibre: new failure (last pass: v4.19.1)
vexpress_defconfig:
qemu:
lab-baylibre: new failure (last pass: v4.19.1)
arm64:
defconfig:
bcm2837-rpi-3-b:
lab-baylibre: new failure (last pass: v4.19.1)
meson-gxbb-p200:
lab-baylibre: new failure (last pass: v4.19.1)
meson-gxl-s905x-khadas-vim:
lab-baylibre: new failure (last pass: v4.19.1)
meson-gxl-s905x-libretech-cc:
lab-baylibre: new failure (last pass: v4.19.1)
qemu:
lab-baylibre: new failure (last pass: v4.19.1)
sun50i-h5-libretech-all-h3-cc:
lab-baylibre: new failure (last pass: v4.19.1)
x86:
x86_64_defconfig:
qemu:
lab-baylibre: new failure (last pass: v4.19.1)
Boot Failures Detected:
arm:
bcm2835_defconfig
bcm2837-rpi-3-b: 1 failed lab
sunxi_defconfig
sun8i-h2-plus-libretech-all-h3-cc: 1 failed lab
sun8i-h3-libretech-all-h3-cc: 1 failed lab
multi_v7_defconfig
imx6q-sabrelite: 1 failed lab
sun8i-h2-plus-libretech-all-h3-cc: 1 failed lab
sun8i-h3-libretech-all-h3-cc: 1 failed lab
arm64:
defconfig
meson-gxbb-nanopi-k2: 1 failed lab
meson-gxl-s905x-libretech-cc: 1 failed lab
sun50i-h5-libretech-all-h3-cc: 1 failed lab
Offline Platforms:
arm:
omap2plus_defconfig:
am335x-boneblack: 1 offline lab
sunxi_defconfig:
sun5i-r8-chip: 1 offline lab
tegra_defconfig:
tegra124-jetson-tk1: 1 offline lab
bcm2835_defconfig:
bcm2835-rpi-b: 1 offline lab
sama5_defconfig:
at91-sama5d4_xplained: 1 offline lab
multi_v7_defconfig:
alpine-db: 1 offline lab
am335x-boneblack: 1 offline lab
at91-sama5d4_xplained: 1 offline lab
socfpga_cyclone5_de0_sockit: 1 offline lab
sun5i-r8-chip: 1 offline lab
tegra124-jetson-tk1: 1 offline lab
arm64:
defconfig:
apq8016-sbc: 1 offline lab
juno-r2: 1 offline lab
meson-gxl-s905d-p230: 1 offline lab
meson-gxl-s905x-p212: 1 offline lab
mt7622-rfb1: 1 offline lab
Conflicting Boot Failures Detected: (These likely are not failures as other labs are reporting PASS. Needs review.)
arm:
multi_v7_defconfig:
qemu:
lab-baylibre: FAIL
lab-mhart: PASS
meson8b-odroidc1:
lab-baylibre: FAIL
lab-baylibre-seattle: PASS
vexpress_defconfig:
qemu:
lab-baylibre: FAIL
lab-mhart: PASS
arm64:
defconfig:
meson-gxl-s905x-khadas-vim:
lab-baylibre: FAIL
lab-baylibre-seattle: PASS
qemu:
lab-baylibre: FAIL
lab-mhart: PASS
bcm2837-rpi-3-b:
lab-baylibre: FAIL
lab-mhart: PASS
lab-baylibre-seattle: PASS
meson-gxbb-p200:
lab-baylibre: FAIL
lab-baylibre-seattle: PASS
x86:
x86_64_defconfig:
qemu:
lab-baylibre: FAIL
lab-mhart: PASS
---
For more info write to <info@kernelci.org>
^ permalink raw reply [flat|nested] 384+ messages in thread
* Re: [PATCH 4.19 087/361] signal: Introduce COMPAT_SIGMINSTKSZ for use in compat_sys_sigaltstack
2018-11-11 22:17 ` [PATCH 4.19 087/361] signal: Introduce COMPAT_SIGMINSTKSZ for use in compat_sys_sigaltstack Greg Kroah-Hartman
@ 2018-11-12 11:49 ` Steve McIntyre
2018-11-19 15:15 ` Greg Kroah-Hartman
0 siblings, 1 reply; 384+ messages in thread
From: Steve McIntyre @ 2018-11-12 11:49 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, Arnd Bergmann, Dominik Brodowski,
Eric W. Biederman, Andrew Morton, Al Viro, Oleg Nesterov,
Will Deacon, Catalin Marinas, Sasha Levin
On Sun, Nov 11, 2018 at 02:17:14PM -0800, Greg Kroah-Hartman wrote:
>4.19-stable review patch. If anyone has any objections, please let me know.
>
>------------------
>
>From: Will Deacon <will.deacon@arm.com>
>
>[ Upstream commit 22839869f21ab3850fbbac9b425ccc4c0023926f ]
>
>The sigaltstack(2) system call fails with -ENOMEM if the new alternative
>signal stack is found to be smaller than SIGMINSTKSZ. On architectures
>such as arm64, where the native value for SIGMINSTKSZ is larger than
>the compat value, this can result in an unexpected error being reported
>to a compat task. See, for example:
>
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904385
...
Thanks Greg! If it's not too much effort, could you also take this for
4.9-stable as well please? That would get it into our next Debian
stable update too. :-)
Thanks,
Steve
--
Steve McIntyre, Cambridge, UK. steve@einval.com
"I suspect most samba developers are already technically insane... Of
course, since many of them are Australians, you can't tell." -- Linus Torvalds
^ permalink raw reply [flat|nested] 384+ messages in thread
* Re: [PATCH 4.19 000/361] 4.19.2-stable review
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (361 preceding siblings ...)
2018-11-12 4:10 ` [PATCH 4.19 000/361] 4.19.2-stable review kernelci.org bot
@ 2018-11-12 14:00 ` Naresh Kamboju
2018-11-12 20:11 ` Greg Kroah-Hartman
2018-11-13 0:58 ` Guenter Roeck
363 siblings, 1 reply; 384+ messages in thread
From: Naresh Kamboju @ 2018-11-12 14:00 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: open list, Linus Torvalds, Andrew Morton, Guenter Roeck,
Shuah Khan, patches, Ben Hutchings, lkft-triage, linux- stable
On Mon, 12 Nov 2018 at 03:57, Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> This is the start of the stable review cycle for the 4.19.2 release.
> There are 361 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Tue Nov 13 22:14:55 UTC 2018.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.2-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Results from Linaro’s test farm.
No regressions on arm64, arm, x86_64, and i386.
Summary
------------------------------------------------------------------------
kernel: 4.19.2-rc1
git repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
git branch: linux-4.19.y
git commit: 9ac3c2d4889c84e1fa030dc61ca5aeb6951f8776
git describe: v4.19.1-362-g9ac3c2d4889c
Test details: https://qa-reports.linaro.org/lkft/linux-stable-rc-4.19-oe/build/v4.19.1-362-g9ac3c2d4889c
No regressions (compared to build v4.19.1)
Ran 19028 total tests in the following environments and test suites.
Environments
--------------
- dragonboard-410c - arm64
- hi6220-hikey - arm64
- i386
- juno-r2 - arm64
- qemu_arm
- qemu_arm64
- qemu_i386
- qemu_x86_64
- x15 - arm
- x86_64
Test Suites
-----------
* boot
* kselftest
* libhugetlbfs
* ltp-cap_bounds-tests
* ltp-containers-tests
* ltp-cve-tests
* ltp-fcntl-locktests-tests
* ltp-filecaps-tests
* ltp-fs_bind-tests
* ltp-fs_perms_simple-tests
* ltp-fsx-tests
* ltp-hugetlb-tests
* ltp-io-tests
* ltp-ipc-tests
* ltp-math-tests
* ltp-securebits-tests
* ltp-fs-tests
* ltp-nptl-tests
* ltp-open-posix-tests
* ltp-pty-tests
* ltp-sched-tests
* ltp-syscalls-tests
* ltp-timers-tests
* kselftest-vsyscall-mode-native
* kselftest-vsyscall-mode-none
--
Linaro LKFT
https://lkft.linaro.org
^ permalink raw reply [flat|nested] 384+ messages in thread
* Re: [PATCH 4.19 025/361] ACPICA: AML interpreter: add region addresses in global list during initialization
2018-11-11 22:16 ` [PATCH 4.19 025/361] ACPICA: AML interpreter: add region addresses in global list during initialization Greg Kroah-Hartman
@ 2018-11-12 18:30 ` Holger Hoffstätte
2018-11-12 19:01 ` Schmauss, Erik
2018-11-12 19:25 ` Greg Kroah-Hartman
0 siblings, 2 replies; 384+ messages in thread
From: Holger Hoffstätte @ 2018-11-12 18:30 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: stable, Jean-Marc Lenoir, Erik Schmauss, Rafael J. Wysocki
On 11/11/18 11:16 PM, Greg Kroah-Hartman wrote:
> 4.19-stable review patch. If anyone has any objections, please let me know.
As probably expected this patch causes problems. In my case one server
can no longer load the nct6775 hwmon module, which means the fan cannot be
monitored, and therefore my monitoring system promptly starts spamming me with
alerts that my fan has failed - which is of course not true.
--snip--
Nov 12 18:08:56 tux kernel: nct6775: Found NCT6776D/F or compatible chip at 0x2e:0x290
Nov 12 18:08:56 tux kernel: ACPI Warning: SystemIO range 0x0000000000000295-0x0000000000000296 conflicts with OpRegion 0x0000000000000290-0x
Nov 12 18:08:56 tux kernel: ACPI: If an ACPI driver is available for this device, you should use it instead of the native driver
--snip--
This is certainly caused by my old BIOS and its broken ACPI implementation,
however since it's working perfectly fine otherwise I see no reason to replace
it. That being said, I must be able to monitor my fan, so for now reverting
the patch immediately "fixed" the problem for me - the fan entries appeared
in sysfs again after successfully loading the module.
Idea, workarounds or patches welcome.
> ------------------
>
> From: Erik Schmauss <erik.schmauss@intel.com>
>
> commit 4abb951b73ff0a8a979113ef185651aa3c8da19b upstream.
>
> The table load process omitted adding the operation region address
> range to the global list. This omission is problematic because the OS
> queries the global list to check for address range conflicts before
> deciding which drivers to load. This commit may result in warning
> messages that look like the following:
>
> [ 7.871761] ACPI Warning: system_IO range 0x00000428-0x0000042F conflicts with op_region 0x00000400-0x0000047F (\PMIO) (20180531/utaddress-213)
> [ 7.871769] ACPI: If an ACPI driver is available for this device, you should use it instead of the native driver
>
> However, these messages do not signify regressions. It is a result of
> properly adding address ranges within the global address list.
>
> Link: https://bugzilla.kernel.org/show_bug.cgi?id=200011
> Tested-by: Jean-Marc Lenoir <archlinux@jihemel.com>
> Signed-off-by: Erik Schmauss <erik.schmauss@intel.com>
> Cc: All applicable <stable@vger.kernel.org>
> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
>
> ---
> drivers/acpi/acpica/dsopcode.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> --- a/drivers/acpi/acpica/dsopcode.c
> +++ b/drivers/acpi/acpica/dsopcode.c
> @@ -417,6 +417,10 @@ acpi_ds_eval_region_operands(struct acpi
> ACPI_FORMAT_UINT64(obj_desc->region.address),
> obj_desc->region.length));
>
> + status = acpi_ut_add_address_range(obj_desc->region.space_id,
> + obj_desc->region.address,
> + obj_desc->region.length, node);
> +
> /* Now the address and length are valid for this opregion */
>
> obj_desc->region.flags |= AOPOBJ_DATA_VALID;
>
>
>
^ permalink raw reply [flat|nested] 384+ messages in thread
* RE: [PATCH 4.19 025/361] ACPICA: AML interpreter: add region addresses in global list during initialization
2018-11-12 18:30 ` Holger Hoffstätte
@ 2018-11-12 19:01 ` Schmauss, Erik
2018-11-12 19:41 ` Holger Hoffstätte
2018-11-12 19:25 ` Greg Kroah-Hartman
1 sibling, 1 reply; 384+ messages in thread
From: Schmauss, Erik @ 2018-11-12 19:01 UTC (permalink / raw)
To: Holger Hoffstätte, Greg Kroah-Hartman, linux-kernel
Cc: stable, Jean-Marc Lenoir, Wysocki, Rafael J
> -----Original Message-----
> From: Holger Hoffstätte [mailto:holger@applied-asynchrony.com]
> Sent: Monday, November 12, 2018 10:31 AM
> To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>; linux-
> kernel@vger.kernel.org
> Cc: stable@vger.kernel.org; Jean-Marc Lenoir <archlinux@jihemel.com>;
> Schmauss, Erik <erik.schmauss@intel.com>; Wysocki, Rafael J
> <rafael.j.wysocki@intel.com>
> Subject: Re: [PATCH 4.19 025/361] ACPICA: AML interpreter: add region
> addresses in global list during initialization
>
> On 11/11/18 11:16 PM, Greg Kroah-Hartman wrote:
> > 4.19-stable review patch. If anyone has any objections, please let me
> know.
>
Hi,
> As probably expected this patch causes problems. In my case one server can
> no longer load the nct6775 hwmon module, which means the fan cannot be
> monitored, and therefore my monitoring system promptly starts spamming
> me with alerts that my fan has failed - which is of course not true.
>
> --snip--
> Nov 12 18:08:56 tux kernel: nct6775: Found NCT6776D/F or compatible chip at
> 0x2e:0x290 Nov 12 18:08:56 tux kernel: ACPI Warning: SystemIO range
> 0x0000000000000295-0x0000000000000296 conflicts with OpRegion
> 0x0000000000000290-0x Nov 12 18:08:56 tux kernel: ACPI: If an ACPI driver is
> available for this device, you should use it instead of the native driver
> --snip--
>
> This is certainly caused by my old BIOS and its broken ACPI implementation,
> however since it's working perfectly fine otherwise I see no reason to
> replace it. That being said, I must be able to monitor my fan, so for now
> reverting the patch immediately "fixed" the problem for me - the fan entries
> appeared in sysfs again after successfully loading the module.
>
> Idea, workarounds or patches welcome.
Is there a firmware update available for this machine? If so, you may want to do
a firmware update.
Also, what is the behavior in kernels 4.16 or older?
Erik
>
> > ------------------
> >
> > From: Erik Schmauss <erik.schmauss@intel.com>
> >
> > commit 4abb951b73ff0a8a979113ef185651aa3c8da19b upstream.
> >
> > The table load process omitted adding the operation region address
> > range to the global list. This omission is problematic because the OS
> > queries the global list to check for address range conflicts before
> > deciding which drivers to load. This commit may result in warning
> > messages that look like the following:
> >
> > [ 7.871761] ACPI Warning: system_IO range 0x00000428-0x0000042F
> conflicts with op_region 0x00000400-0x0000047F (\PMIO)
> (20180531/utaddress-213)
> > [ 7.871769] ACPI: If an ACPI driver is available for this device, you should
> use it instead of the native driver
> >
> > However, these messages do not signify regressions. It is a result of
> > properly adding address ranges within the global address list.
> >
> > Link: https://bugzilla.kernel.org/show_bug.cgi?id=200011
> > Tested-by: Jean-Marc Lenoir <archlinux@jihemel.com>
> > Signed-off-by: Erik Schmauss <erik.schmauss@intel.com>
> > Cc: All applicable <stable@vger.kernel.org>
> > Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
> > Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> >
> > ---
> > drivers/acpi/acpica/dsopcode.c | 4 ++++
> > 1 file changed, 4 insertions(+)
> >
> > --- a/drivers/acpi/acpica/dsopcode.c
> > +++ b/drivers/acpi/acpica/dsopcode.c
> > @@ -417,6 +417,10 @@ acpi_ds_eval_region_operands(struct acpi
> > ACPI_FORMAT_UINT64(obj_desc->region.address),
> > obj_desc->region.length));
> >
> > + status = acpi_ut_add_address_range(obj_desc->region.space_id,
> > + obj_desc->region.address,
> > + obj_desc->region.length, node);
> > +
> > /* Now the address and length are valid for this opregion */
> >
> > obj_desc->region.flags |= AOPOBJ_DATA_VALID;
> >
> >
> >
^ permalink raw reply [flat|nested] 384+ messages in thread
* Re: [PATCH 4.19 025/361] ACPICA: AML interpreter: add region addresses in global list during initialization
2018-11-12 18:30 ` Holger Hoffstätte
2018-11-12 19:01 ` Schmauss, Erik
@ 2018-11-12 19:25 ` Greg Kroah-Hartman
2018-11-12 20:03 ` Holger Hoffstätte
1 sibling, 1 reply; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-12 19:25 UTC (permalink / raw)
To: Holger Hoffstätte
Cc: linux-kernel, stable, Jean-Marc Lenoir, Erik Schmauss, Rafael J. Wysocki
On Mon, Nov 12, 2018 at 07:30:57PM +0100, Holger Hoffstätte wrote:
> On 11/11/18 11:16 PM, Greg Kroah-Hartman wrote:
> > 4.19-stable review patch. If anyone has any objections, please let me know.
>
> As probably expected this patch causes problems. In my case one server
> can no longer load the nct6775 hwmon module, which means the fan cannot be
> monitored, and therefore my monitoring system promptly starts spamming me with
> alerts that my fan has failed - which is of course not true.
>
> --snip--
> Nov 12 18:08:56 tux kernel: nct6775: Found NCT6776D/F or compatible chip at 0x2e:0x290
> Nov 12 18:08:56 tux kernel: ACPI Warning: SystemIO range 0x0000000000000295-0x0000000000000296 conflicts with OpRegion 0x0000000000000290-0x
> Nov 12 18:08:56 tux kernel: ACPI: If an ACPI driver is available for this device, you should use it instead of the native driver
> --snip--
>
> This is certainly caused by my old BIOS and its broken ACPI implementation,
> however since it's working perfectly fine otherwise I see no reason to replace
> it. That being said, I must be able to monitor my fan, so for now reverting
> the patch immediately "fixed" the problem for me - the fan entries appeared
> in sysfs again after successfully loading the module.
>
> Idea, workarounds or patches welcome.
So Linus's tree is also "broken" for your hardware?
thanks,
greg k-h
^ permalink raw reply [flat|nested] 384+ messages in thread
* Re: [PATCH 4.19 025/361] ACPICA: AML interpreter: add region addresses in global list during initialization
2018-11-12 19:01 ` Schmauss, Erik
@ 2018-11-12 19:41 ` Holger Hoffstätte
2018-11-12 20:12 ` Schmauss, Erik
0 siblings, 1 reply; 384+ messages in thread
From: Holger Hoffstätte @ 2018-11-12 19:41 UTC (permalink / raw)
To: Schmauss, Erik, Greg Kroah-Hartman, linux-kernel
Cc: stable, Jean-Marc Lenoir, Wysocki, Rafael J
Hello Erik,
thanks for responding.
On 11/12/18 8:01 PM, Schmauss, Erik wrote:
>> As probably expected this patch causes problems. In my case one server can
>> no longer load the nct6775 hwmon module, which means the fan cannot be
>> monitored, and therefore my monitoring system promptly starts spamming
>> me with alerts that my fan has failed - which is of course not true.
>>
>> --snip--
>> Nov 12 18:08:56 tux kernel: nct6775: Found NCT6776D/F or compatible chip at
>> 0x2e:0x290 Nov 12 18:08:56 tux kernel: ACPI Warning: SystemIO range
>> 0x0000000000000295-0x0000000000000296 conflicts with OpRegion
>> 0x0000000000000290-0x Nov 12 18:08:56 tux kernel: ACPI: If an ACPI driver is
>> available for this device, you should use it instead of the native driver
>> --snip--
>>
>> This is certainly caused by my old BIOS and its broken ACPI implementation,
>> however since it's working perfectly fine otherwise I see no reason to
>> replace it. That being said, I must be able to monitor my fan, so for now
>> reverting the patch immediately "fixed" the problem for me - the fan entries
>> appeared in sysfs again after successfully loading the module.
>>
>> Idea, workarounds or patches welcome.
>
> Is there a firmware update available for this machine? If so, you may want to do
> a firmware update.
The motherboard is from 2011 and I already installed the last available
BIOS from 2013 a few years ago. That fixed exactly nothing. :)
This was my last motherboard from Asus ever, but alas, it's still here
and otherwise working, so..
> Also, what is the behavior in kernels 4.16 or older?
Everything just worked - yes, with ACPI spew, but.. ¯\(ツ)/¯
I understand that the patch might well be "technically correct" and OK
for mainline/current hardware and will try playing with acpi=.. kernel
flags.
thanks,
Holger
^ permalink raw reply [flat|nested] 384+ messages in thread
* Re: [PATCH 4.19 025/361] ACPICA: AML interpreter: add region addresses in global list during initialization
2018-11-12 19:25 ` Greg Kroah-Hartman
@ 2018-11-12 20:03 ` Holger Hoffstätte
0 siblings, 0 replies; 384+ messages in thread
From: Holger Hoffstätte @ 2018-11-12 20:03 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, Jean-Marc Lenoir, Erik Schmauss, Rafael J. Wysocki
On 11/12/18 8:25 PM, Greg Kroah-Hartman wrote:
> On Mon, Nov 12, 2018 at 07:30:57PM +0100, Holger Hoffstätte wrote:
>> On 11/11/18 11:16 PM, Greg Kroah-Hartman wrote:
>>> 4.19-stable review patch. If anyone has any objections, please let me know.
>>
>> As probably expected this patch causes problems. In my case one server
>> can no longer load the nct6775 hwmon module, which means the fan cannot be
>> monitored, and therefore my monitoring system promptly starts spamming me with
>> alerts that my fan has failed - which is of course not true.
>>
>> --snip--
>> Nov 12 18:08:56 tux kernel: nct6775: Found NCT6776D/F or compatible chip at 0x2e:0x290
>> Nov 12 18:08:56 tux kernel: ACPI Warning: SystemIO range 0x0000000000000295-0x0000000000000296 conflicts with OpRegion 0x0000000000000290-0x
>> Nov 12 18:08:56 tux kernel: ACPI: If an ACPI driver is available for this device, you should use it instead of the native driver
>> --snip--
>>
>> This is certainly caused by my old BIOS and its broken ACPI implementation,
>> however since it's working perfectly fine otherwise I see no reason to replace
>> it. That being said, I must be able to monitor my fan, so for now reverting
>> the patch immediately "fixed" the problem for me - the fan entries appeared
>> in sysfs again after successfully loading the module.
>>
>> Idea, workarounds or patches welcome.
>
> So Linus's tree is also "broken" for your hardware?
Not tested yet (should I?) but I assume it will be, since it seems to be my
old BIOS' ACPI implemnetation's fault. As I wrote to Erik, I just added
acpi_enforce_resources=lax to the boot flags, and as expected it gives a
warning for the hwmon module, but still lets it pass and work, as before
or with the patch reverted. So I'm good for now.
thanks,
Holger
^ permalink raw reply [flat|nested] 384+ messages in thread
* Re: [PATCH 4.19 000/361] 4.19.2-stable review
2018-11-12 14:00 ` Naresh Kamboju
@ 2018-11-12 20:11 ` Greg Kroah-Hartman
0 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-12 20:11 UTC (permalink / raw)
To: Naresh Kamboju
Cc: open list, Linus Torvalds, Andrew Morton, Guenter Roeck,
Shuah Khan, patches, Ben Hutchings, lkft-triage, linux- stable
On Mon, Nov 12, 2018 at 07:30:59PM +0530, Naresh Kamboju wrote:
> On Mon, 12 Nov 2018 at 03:57, Greg Kroah-Hartman
> <gregkh@linuxfoundation.org> wrote:
> >
> > This is the start of the stable review cycle for the 4.19.2 release.
> > There are 361 patches in this series, all will be posted as a response
> > to this one. If anyone has any issues with these being applied, please
> > let me know.
> >
> > Responses should be made by Tue Nov 13 22:14:55 UTC 2018.
> > Anything received after that time might be too late.
> >
> > The whole patch series can be found in one patch at:
> > https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.2-rc1.gz
> > or in the git tree and branch at:
> > git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
> > and the diffstat can be found below.
> >
> > thanks,
> >
> > greg k-h
>
> Results from Linaro’s test farm.
> No regressions on arm64, arm, x86_64, and i386.
Thanks for testing 3 of these and letting me know.
greg k-h
^ permalink raw reply [flat|nested] 384+ messages in thread
* RE: [PATCH 4.19 025/361] ACPICA: AML interpreter: add region addresses in global list during initialization
2018-11-12 19:41 ` Holger Hoffstätte
@ 2018-11-12 20:12 ` Schmauss, Erik
0 siblings, 0 replies; 384+ messages in thread
From: Schmauss, Erik @ 2018-11-12 20:12 UTC (permalink / raw)
To: Holger Hoffstätte, Greg Kroah-Hartman, linux-kernel
Cc: stable, Jean-Marc Lenoir, Wysocki, Rafael J
> -----Original Message-----
> From: Holger Hoffstätte [mailto:holger@applied-asynchrony.com]
> Sent: Monday, November 12, 2018 11:42 AM
> To: Schmauss, Erik <erik.schmauss@intel.com>; Greg Kroah-Hartman
> <gregkh@linuxfoundation.org>; linux-kernel@vger.kernel.org
> Cc: stable@vger.kernel.org; Jean-Marc Lenoir <archlinux@jihemel.com>;
> Wysocki, Rafael J <rafael.j.wysocki@intel.com>
> Subject: Re: [PATCH 4.19 025/361] ACPICA: AML interpreter: add region
> addresses in global list during initialization
>
> Hello Erik,
>
> thanks for responding.
>
> On 11/12/18 8:01 PM, Schmauss, Erik wrote:
> >> As probably expected this patch causes problems. In my case one
> >> server can no longer load the nct6775 hwmon module, which means the
> >> fan cannot be monitored, and therefore my monitoring system promptly
> >> starts spamming me with alerts that my fan has failed - which is of course
> not true.
> >>
> >> --snip--
> >> Nov 12 18:08:56 tux kernel: nct6775: Found NCT6776D/F or compatible
> >> chip at
> >> 0x2e:0x290 Nov 12 18:08:56 tux kernel: ACPI Warning: SystemIO range
> >> 0x0000000000000295-0x0000000000000296 conflicts with OpRegion
> >> 0x0000000000000290-0x Nov 12 18:08:56 tux kernel: ACPI: If an ACPI
> >> driver is available for this device, you should use it instead of the
> >> native driver
> >> --snip--
> >>
> >> This is certainly caused by my old BIOS and its broken ACPI
> >> implementation, however since it's working perfectly fine otherwise I
> >> see no reason to replace it. That being said, I must be able to
> >> monitor my fan, so for now reverting the patch immediately "fixed"
> >> the problem for me - the fan entries appeared in sysfs again after
> successfully loading the module.
> >>
> >> Idea, workarounds or patches welcome.
> >
> > Is there a firmware update available for this machine? If so, you may
> > want to do a firmware update.
>
> The motherboard is from 2011 and I already installed the last available BIOS
> from 2013 a few years ago. That fixed exactly nothing. :) This was my last
> motherboard from Asus ever, but alas, it's still here and otherwise working,
> so..
>
> > Also, what is the behavior in kernels 4.16 or older?
>
Hi,
> Everything just worked - yes, with ACPI spew, but.. ¯\(ツ)/¯
> I understand that the patch might well be "technically correct" and OK for
> mainline/current hardware and will try playing with acpi=.. kernel flags.
It's strange how the driver would load in 4.16 and fail to load with this patch.
I would like to make sure that the driver load behavior is not being changed
from 4.16 or earlier.
Could you send a working dmesg from 4.16 (or earlier) and a failing dmesg with
this stable branch using the same kernel command line parameters for both?
I don't need too much of the spew if it looks the same. I'm more interested in
the initializations and the warning message.
Erik
>
> thanks,
> Holger
^ permalink raw reply [flat|nested] 384+ messages in thread
* Re: [PATCH 4.19 000/361] 4.19.2-stable review
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
` (362 preceding siblings ...)
2018-11-12 14:00 ` Naresh Kamboju
@ 2018-11-13 0:58 ` Guenter Roeck
2018-11-13 5:06 ` Greg Kroah-Hartman
363 siblings, 1 reply; 384+ messages in thread
From: Guenter Roeck @ 2018-11-13 0:58 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, torvalds, akpm, shuah, patches, ben.hutchings,
lkft-triage, stable
On Sun, Nov 11, 2018 at 02:15:47PM -0800, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.19.2 release.
> There are 361 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Tue Nov 13 22:14:55 UTC 2018.
> Anything received after that time might be too late.
>
Build results:
total: 135 pass: 135 fail: 0
Qemu test results:
total: 291 pass: 291 fail: 0
Details are available at https://kerneltests.org/builders/.
Guenter
^ permalink raw reply [flat|nested] 384+ messages in thread
* Re: [PATCH 4.19 000/361] 4.19.2-stable review
2018-11-13 0:58 ` Guenter Roeck
@ 2018-11-13 5:06 ` Greg Kroah-Hartman
0 siblings, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-13 5:06 UTC (permalink / raw)
To: Guenter Roeck
Cc: linux-kernel, torvalds, akpm, shuah, patches, ben.hutchings,
lkft-triage, stable
On Mon, Nov 12, 2018 at 04:58:28PM -0800, Guenter Roeck wrote:
> On Sun, Nov 11, 2018 at 02:15:47PM -0800, Greg Kroah-Hartman wrote:
> > This is the start of the stable review cycle for the 4.19.2 release.
> > There are 361 patches in this series, all will be posted as a response
> > to this one. If anyone has any issues with these being applied, please
> > let me know.
> >
> > Responses should be made by Tue Nov 13 22:14:55 UTC 2018.
> > Anything received after that time might be too late.
> >
>
> Build results:
> total: 135 pass: 135 fail: 0
> Qemu test results:
> total: 291 pass: 291 fail: 0
>
> Details are available at https://kerneltests.org/builders/.
Thanks for testing all of these and letting me know.
greg k-h
^ permalink raw reply [flat|nested] 384+ messages in thread
* Re: [PATCH 4.19 087/361] signal: Introduce COMPAT_SIGMINSTKSZ for use in compat_sys_sigaltstack
2018-11-12 11:49 ` Steve McIntyre
@ 2018-11-19 15:15 ` Greg Kroah-Hartman
2018-12-17 17:52 ` Steve McIntyre
0 siblings, 1 reply; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-19 15:15 UTC (permalink / raw)
To: Steve McIntyre
Cc: linux-kernel, stable, Arnd Bergmann, Dominik Brodowski,
Eric W. Biederman, Andrew Morton, Al Viro, Oleg Nesterov,
Will Deacon, Catalin Marinas, Sasha Levin
On Mon, Nov 12, 2018 at 11:49:05AM +0000, Steve McIntyre wrote:
> On Sun, Nov 11, 2018 at 02:17:14PM -0800, Greg Kroah-Hartman wrote:
> >4.19-stable review patch. If anyone has any objections, please let me know.
> >
> >------------------
> >
> >From: Will Deacon <will.deacon@arm.com>
> >
> >[ Upstream commit 22839869f21ab3850fbbac9b425ccc4c0023926f ]
> >
> >The sigaltstack(2) system call fails with -ENOMEM if the new alternative
> >signal stack is found to be smaller than SIGMINSTKSZ. On architectures
> >such as arm64, where the native value for SIGMINSTKSZ is larger than
> >the compat value, this can result in an unexpected error being reported
> >to a compat task. See, for example:
> >
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904385
>
> ...
>
> Thanks Greg! If it's not too much effort, could you also take this for
> 4.9-stable as well please? That would get it into our next Debian
> stable update too. :-)
Does not apply to 4.9.y, can you provide a working backport?
thanks,
greg k-h
^ permalink raw reply [flat|nested] 384+ messages in thread
* Re: [PATCH 4.19 041/361] x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
2018-11-11 22:16 ` [PATCH 4.19 041/361] x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation Greg Kroah-Hartman
@ 2018-11-21 13:21 ` Jiri Kosina
2018-11-21 13:56 ` Greg Kroah-Hartman
0 siblings, 1 reply; 384+ messages in thread
From: Jiri Kosina @ 2018-11-21 13:21 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, Thomas Gleixner, Peter Zijlstra,
Josh Poimboeuf, Andrea Arcangeli, WoodhouseDavid, Andi Kleen,
Tim Chen, SchauflerCasey
On Sun, 11 Nov 2018, Greg Kroah-Hartman wrote:
> 4.19-stable review patch. If anyone has any objections, please let me know.
Greg, please drop this patch from all -stable for now. Version that
wouldn't have such performance impact is being worked on.
--
Jiri Kosina
SUSE Labs
^ permalink raw reply [flat|nested] 384+ messages in thread
* Re: [PATCH 4.19 041/361] x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
2018-11-21 13:21 ` Jiri Kosina
@ 2018-11-21 13:56 ` Greg Kroah-Hartman
2018-11-21 17:47 ` Tim Chen
0 siblings, 1 reply; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-21 13:56 UTC (permalink / raw)
To: Jiri Kosina
Cc: linux-kernel, stable, Thomas Gleixner, Peter Zijlstra,
Josh Poimboeuf, Andrea Arcangeli, WoodhouseDavid, Andi Kleen,
Tim Chen, SchauflerCasey
On Wed, Nov 21, 2018 at 02:21:15PM +0100, Jiri Kosina wrote:
> On Sun, 11 Nov 2018, Greg Kroah-Hartman wrote:
>
> > 4.19-stable review patch. If anyone has any objections, please let me know.
>
> Greg, please drop this patch from all -stable for now. Version that
> wouldn't have such performance impact is being worked on.
Is it reverted in Linus's tree? If not, then anything that comes "later
on" will not apply here, right?
I see the thread asking about this, but I got really conflicting
messages here, and now it's in all of the latest releases, and no
testing seems to have uncovered issues. Is it just a "slow down"
problem?
thanks,
greg k-h
^ permalink raw reply [flat|nested] 384+ messages in thread
* Re: [PATCH 4.19 041/361] x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
2018-11-21 13:56 ` Greg Kroah-Hartman
@ 2018-11-21 17:47 ` Tim Chen
2018-11-21 18:15 ` Greg Kroah-Hartman
2018-11-21 18:21 ` Jiri Kosina
0 siblings, 2 replies; 384+ messages in thread
From: Tim Chen @ 2018-11-21 17:47 UTC (permalink / raw)
To: Greg Kroah-Hartman, Jiri Kosina
Cc: linux-kernel, stable, Thomas Gleixner, Peter Zijlstra,
Josh Poimboeuf, Andrea Arcangeli, WoodhouseDavid, Andi Kleen,
SchauflerCasey, Dave Stewart
On 11/21/2018 05:56 AM, Greg Kroah-Hartman wrote:
> On Wed, Nov 21, 2018 at 02:21:15PM +0100, Jiri Kosina wrote:
>> On Sun, 11 Nov 2018, Greg Kroah-Hartman wrote:
>>
>>> 4.19-stable review patch. If anyone has any objections, please let me know.
>>
>> Greg, please drop this patch from all -stable for now. Version that
>> wouldn't have such performance impact is being worked on.
>
> Is it reverted in Linus's tree? If not, then anything that comes "later
> on" will not apply here, right?
>
> I see the thread asking about this, but I got really conflicting
> messages here, and now it's in all of the latest releases, and no
> testing seems to have uncovered issues. Is it just a "slow down"
> problem?
Greg,
It could be a big slow down in excess of 20% for some applications.
And cross sibling Spectre v2 attack is quite hard to pull off.
So till we have the accompanying patchset that only apply STIBP on processes
that really need it instead of universally, it should be withheld from
stable.
Tim
^ permalink raw reply [flat|nested] 384+ messages in thread
* Re: [PATCH 4.19 041/361] x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
2018-11-21 17:47 ` Tim Chen
@ 2018-11-21 18:15 ` Greg Kroah-Hartman
2018-11-21 18:21 ` Jiri Kosina
1 sibling, 0 replies; 384+ messages in thread
From: Greg Kroah-Hartman @ 2018-11-21 18:15 UTC (permalink / raw)
To: Tim Chen
Cc: Jiri Kosina, linux-kernel, stable, Thomas Gleixner,
Peter Zijlstra, Josh Poimboeuf, Andrea Arcangeli, WoodhouseDavid,
Andi Kleen, SchauflerCasey, Dave Stewart
On Wed, Nov 21, 2018 at 09:47:48AM -0800, Tim Chen wrote:
> On 11/21/2018 05:56 AM, Greg Kroah-Hartman wrote:
> > On Wed, Nov 21, 2018 at 02:21:15PM +0100, Jiri Kosina wrote:
> >> On Sun, 11 Nov 2018, Greg Kroah-Hartman wrote:
> >>
> >>> 4.19-stable review patch. If anyone has any objections, please let me know.
> >>
> >> Greg, please drop this patch from all -stable for now. Version that
> >> wouldn't have such performance impact is being worked on.
> >
> > Is it reverted in Linus's tree? If not, then anything that comes "later
> > on" will not apply here, right?
> >
> > I see the thread asking about this, but I got really conflicting
> > messages here, and now it's in all of the latest releases, and no
> > testing seems to have uncovered issues. Is it just a "slow down"
> > problem?
>
> Greg,
>
> It could be a big slow down in excess of 20% for some applications.
> And cross sibling Spectre v2 attack is quite hard to pull off.
>
> So till we have the accompanying patchset that only apply STIBP on processes
> that really need it instead of universally, it should be withheld from
> stable.
Ok, now reverted, thanks.
greg k-h
^ permalink raw reply [flat|nested] 384+ messages in thread
* Re: [PATCH 4.19 041/361] x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
2018-11-21 17:47 ` Tim Chen
2018-11-21 18:15 ` Greg Kroah-Hartman
@ 2018-11-21 18:21 ` Jiri Kosina
2018-11-21 18:59 ` Tim Chen
1 sibling, 1 reply; 384+ messages in thread
From: Jiri Kosina @ 2018-11-21 18:21 UTC (permalink / raw)
To: Tim Chen
Cc: Greg Kroah-Hartman, linux-kernel, stable, Thomas Gleixner,
Peter Zijlstra, Josh Poimboeuf, Andrea Arcangeli, WoodhouseDavid,
Andi Kleen, SchauflerCasey, Dave Stewart
On Wed, 21 Nov 2018, Tim Chen wrote:
> > Is it reverted in Linus's tree? If not, then anything that comes "later
> > on" will not apply here, right?
> >
> > I see the thread asking about this, but I got really conflicting
> > messages here, and now it's in all of the latest releases, and no
> > testing seems to have uncovered issues. Is it just a "slow down"
> > problem?
>
> Greg,
>
> It could be a big slow down in excess of 20% for some applications.
> And cross sibling Spectre v2 attack is quite hard to pull off.
>
> So till we have the accompanying patchset that only apply STIBP on processes
> that really need it instead of universally, it should be withheld from
> stable.
Agreed; it will be trivially reintroduced with the rest, once it's ready.
It's being built on top of that patch.
Thanks,
--
Jiri Kosina
SUSE Labs
^ permalink raw reply [flat|nested] 384+ messages in thread
* Re: [PATCH 4.19 041/361] x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
2018-11-21 18:21 ` Jiri Kosina
@ 2018-11-21 18:59 ` Tim Chen
0 siblings, 0 replies; 384+ messages in thread
From: Tim Chen @ 2018-11-21 18:59 UTC (permalink / raw)
To: Jiri Kosina
Cc: Greg Kroah-Hartman, linux-kernel, stable, Thomas Gleixner,
Peter Zijlstra, Josh Poimboeuf, Andrea Arcangeli, WoodhouseDavid,
Andi Kleen, SchauflerCasey, Dave Stewart
On 11/21/2018 10:21 AM, Jiri Kosina wrote:
> On Wed, 21 Nov 2018, Tim Chen wrote:
>
>>> Is it reverted in Linus's tree? If not, then anything that comes "later
>>> on" will not apply here, right?
>>>
>>> I see the thread asking about this, but I got really conflicting
>>> messages here, and now it's in all of the latest releases, and no
>>> testing seems to have uncovered issues. Is it just a "slow down"
>>> problem?
>>
>> Greg,
>>
>> It could be a big slow down in excess of 20% for some applications.
>> And cross sibling Spectre v2 attack is quite hard to pull off.
>>
>> So till we have the accompanying patchset that only apply STIBP on processes
>> that really need it instead of universally, it should be withheld from
>> stable.
>
> Agreed; it will be trivially reintroduced with the rest, once it's ready.
> It's being built on top of that patch.
>
Thanks. Appreciate it.
Tim
^ permalink raw reply [flat|nested] 384+ messages in thread
* Re: [PATCH 4.19 087/361] signal: Introduce COMPAT_SIGMINSTKSZ for use in compat_sys_sigaltstack
2018-11-19 15:15 ` Greg Kroah-Hartman
@ 2018-12-17 17:52 ` Steve McIntyre
0 siblings, 0 replies; 384+ messages in thread
From: Steve McIntyre @ 2018-12-17 17:52 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, Arnd Bergmann, Dominik Brodowski,
Eric W. Biederman, Andrew Morton, Al Viro, Oleg Nesterov,
Will Deacon, Catalin Marinas, Sasha Levin
On Mon, Nov 19, 2018 at 04:15:51PM +0100, Greg Kroah-Hartman wrote:
>On Mon, Nov 12, 2018 at 11:49:05AM +0000, Steve McIntyre wrote:
...
>> Thanks Greg! If it's not too much effort, could you also take this for
>> 4.9-stable as well please? That would get it into our next Debian
>> stable update too. :-)
>
>Does not apply to 4.9.y, can you provide a working backport?
No problem. It's a bit belated (sorry!) but the fixup is fairly
obvious. On its way in separate mail shortly.
--
Steve McIntyre, Cambridge, UK. steve@einval.com
"We're the technical experts. We were hired so that management could
ignore our recommendations and tell us how to do our jobs." -- Mike Andrews
^ permalink raw reply [flat|nested] 384+ messages in thread
end of thread, other threads:[~2018-12-17 17:53 UTC | newest]
Thread overview: 384+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-11-11 22:15 [PATCH 4.19 000/361] 4.19.2-stable review Greg Kroah-Hartman
2018-11-11 22:15 ` [PATCH 4.19 001/361] bpf: fix partial copy of map_ptr when dst is scalar Greg Kroah-Hartman
2018-11-11 22:15 ` [PATCH 4.19 002/361] MIPS: VDSO: Reduce VDSO_RANDOMIZE_SIZE to 64MB for 64bit Greg Kroah-Hartman
2018-11-11 22:15 ` [PATCH 4.19 003/361] gpio: mxs: Get rid of external API call Greg Kroah-Hartman
2018-11-11 22:15 ` [PATCH 4.19 004/361] mtd: rawnand: marvell: fix the IRQ handler complete() condition Greg Kroah-Hartman
2018-11-11 22:15 ` [PATCH 4.19 005/361] mtd: maps: gpio-addr-flash: Fix ioremapped size Greg Kroah-Hartman
2018-11-11 22:15 ` [PATCH 4.19 006/361] mtd: spi-nor: fsl-quadspi: fix read error for flash size larger than 16MB Greg Kroah-Hartman
2018-11-11 22:15 ` [PATCH 4.19 007/361] mtd: spi-nor: intel-spi: Add support for Intel Ice Lake SPI serial flash Greg Kroah-Hartman
2018-11-11 22:15 ` [PATCH 4.19 008/361] mtd: spi-nor: fsl-quadspi: Dont let -EINVAL on the bus Greg Kroah-Hartman
2018-11-11 22:15 ` [PATCH 4.19 009/361] spi: spi-mem: Adjust op len based on message/transfer size limitations Greg Kroah-Hartman
2018-11-11 22:15 ` [PATCH 4.19 010/361] spi: bcm-qspi: switch back to reading flash using smaller chunks Greg Kroah-Hartman
2018-11-11 22:15 ` [PATCH 4.19 011/361] spi: bcm-qspi: fix calculation of address length Greg Kroah-Hartman
2018-11-11 22:15 ` [PATCH 4.19 012/361] bcache: trace missed reading by cache_missed Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 013/361] bcache: fix ioctl in flash device Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 014/361] bcache: correct dirty data statistics Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 015/361] bcache: fix miss key refill->end in writeback Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 016/361] hwmon: (pmbus) Fix page count auto-detection Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 017/361] jffs2: free jffs2_sb_info through jffs2_kill_sb() Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 018/361] block: setup bounce bio_sets properly Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 019/361] block: make sure discard bio is aligned with logical block size Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 020/361] block: make sure writesame " Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 021/361] cpufreq: conservative: Take limits changes into account properly Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 022/361] dma-mapping: fix panic caused by passing empty cma command line argument Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 023/361] pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 024/361] ACPI / OSL: Use jiffies as the time bassis for acpi_os_get_timer() Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 025/361] ACPICA: AML interpreter: add region addresses in global list during initialization Greg Kroah-Hartman
2018-11-12 18:30 ` Holger Hoffstätte
2018-11-12 19:01 ` Schmauss, Erik
2018-11-12 19:41 ` Holger Hoffstätte
2018-11-12 20:12 ` Schmauss, Erik
2018-11-12 19:25 ` Greg Kroah-Hartman
2018-11-12 20:03 ` Holger Hoffstätte
2018-11-11 22:16 ` [PATCH 4.19 026/361] ACPICA: AML Parser: fix parse loop to correctly skip erroneous extended opcodes Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 027/361] acpi, nfit: Fix Address Range Scrub completion tracking Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 028/361] kprobes/x86: Use preempt_enable() in optimized_callback() Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 029/361] ipmi: Fix timer race with module unload Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 030/361] mailbox: PCC: handle parse error Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 031/361] parisc: Fix address in HPMC IVA Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 032/361] parisc: Fix map_pages() to not overwrite existing pte entries Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 033/361] parisc: Fix exported address of os_hpmc handler Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 034/361] ALSA: hda - Add quirk for ASUS G751 laptop Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 035/361] ALSA: hda - Fix headphone pin config for ASUS G751 Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 036/361] ALSA: hda/realtek - Fix the problem of the front MIC on the Lenovo M715 Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 037/361] ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905) Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 038/361] ALSA: hda: Add 2 more models to the power_save blacklist Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 039/361] ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 040/361] ALSA: hda - Fix incorrect clearance of thinkpad_acpi hooks Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 041/361] x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation Greg Kroah-Hartman
2018-11-21 13:21 ` Jiri Kosina
2018-11-21 13:56 ` Greg Kroah-Hartman
2018-11-21 17:47 ` Tim Chen
2018-11-21 18:15 ` Greg Kroah-Hartman
2018-11-21 18:21 ` Jiri Kosina
2018-11-21 18:59 ` Tim Chen
2018-11-11 22:16 ` [PATCH 4.19 042/361] x86/xen: Fix boot loader version reported for PVH guests Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 043/361] x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 044/361] x86/kvm/nVMX: allow bare VMXON state migration Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 045/361] x86/mm/pat: Disable preemption around __flush_tlb_all() Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 046/361] x86/numa_emulation: Fix uniform-split numa emulation Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 047/361] ARM: dts: exynos: Disable pull control for MAX8997 interrupts on Origen Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 048/361] net: socionext: Reset tx queue in ndo_stop Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 049/361] net: loopback: clear skb->tstamp before netif_rx() Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 050/361] locking/lockdep: Fix debug_locks off performance problem Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 051/361] netfilter: xt_nat: fix DNAT target for shifted portmap ranges Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 052/361] ataflop: fix error handling during setup Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 053/361] swim: fix cleanup on setup error Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 054/361] arm64: cpufeature: ctr: Fix cpu capability check for late CPUs Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 055/361] hv_netvsc: fix vf serial matching with pci slot info Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 056/361] nfp: devlink port split support for 1x100G CXP NIC Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 057/361] tun: Consistently configure generic netdev params via rtnetlink Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 058/361] s390/sthyi: Fix machine name validity indication Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 059/361] hwmon: (pwm-fan) Set fan speed to 0 on suspend Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 060/361] lightnvm: pblk: fix race on sysfs line state Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 061/361] lightnvm: pblk: fix two sleep-in-atomic-context bugs Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 062/361] lightnvm: pblk: fix race condition on metadata I/O Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 063/361] spi: spi-ep93xx: Use dma_data_direction for ep93xx_spi_dma_{finish,prepare} Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 064/361] perf tools: Free temporary sys string in read_event_files() Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 065/361] perf tools: Cleanup trace-event-info tdata leak Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 066/361] perf tools: Free printk string in parse_ftrace_printk() Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 067/361] perf strbuf: Match va_{add,copy} with va_end Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 068/361] cpupower: Fix coredump on VMWare Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 069/361] bcache: Populate writeback_rate_minimum attribute Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 070/361] mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 071/361] sdhci: acpi: add free_slot callback Greg Kroah-Hartman
2018-11-11 22:16 ` [PATCH 4.19 072/361] mtd: rawnand: denali: set SPARE_AREA_SKIP_BYTES register to 8 if unset Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 073/361] iwlwifi: pcie: avoid empty free RB queue Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 074/361] iwlwifi: mvm: clear HW_RESTART_REQUESTED when stopping the interface Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 075/361] iwlwifi: mvm: check for n_profiles validity in EWRD ACPI Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 076/361] x86/olpc: Indicate that legacy PC XO-1 platform should not register RTC Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 077/361] wlcore: Fix BUG with clear completion on timeout Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 078/361] nvmet-rdma: use a private workqueue for delete Greg Kroah-Hartman
2018-11-12 1:27 ` Bart Van Assche
2018-11-12 2:32 ` Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 079/361] ACPI/PPTT: Handle architecturally unknown cache types Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 080/361] ACPI / PM: LPIT: Register sysfs attributes based on FADT Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 081/361] ACPI / processor: Fix the return value of acpi_processor_ids_walk() Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 082/361] cpufreq: dt: Try freeing static OPPs only if we have added them Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 083/361] x86/intel_rdt: Show missing resctrl mount options Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 084/361] mtd: rawnand: atmel: Fix potential NULL pointer dereference Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 085/361] nvme: call nvme_complete_rq when nvmf_check_ready fails for mpath I/O Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 086/361] ath10k: fix tx status flag setting for management frames Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 087/361] signal: Introduce COMPAT_SIGMINSTKSZ for use in compat_sys_sigaltstack Greg Kroah-Hartman
2018-11-12 11:49 ` Steve McIntyre
2018-11-19 15:15 ` Greg Kroah-Hartman
2018-12-17 17:52 ` Steve McIntyre
2018-11-11 22:17 ` [PATCH 4.19 088/361] ice: fix changing of ring descriptor size (ethtool -G) Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 089/361] ice: update fw version check logic Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 090/361] net: hns3: Fix for packet buffer setting bug Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 091/361] Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 092/361] Bluetooth: hci_qca: Remove hdev dereference in qca_close() Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 093/361] efi/x86: Call efi_parse_options() from efi_main() Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 094/361] x86: boot: Fix EFI stub alignment Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 095/361] net: hns3: Add nic state check before calling netif_tx_wake_queue Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 096/361] net: hns3: Fix ets validate issue Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 097/361] pinctrl: sunxi: fix pctrl->functions allocation in sunxi_pinctrl_build_state Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 098/361] pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 099/361] brcmfmac: fix for proper support of 160MHz bandwidth Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 100/361] net: hns3: Check hdev state when getting link status Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 101/361] net: hns3: Set STATE_DOWN bit of hdev state when stopping net Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 102/361] net: phy: phylink: ensure the carrier is off when starting phylink Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 103/361] block, bfq: correctly charge and reset entity service in all cases Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 104/361] arm64: entry: Allow handling of undefined instructions from EL1 Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 105/361] kprobes: Return error if we fail to reuse kprobe instead of BUG_ON() Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 106/361] spi: gpio: No MISO does not imply no RX Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 107/361] ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 108/361] pinctrl: qcom: spmi-mpp: Fix drive strength setting Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 109/361] bpf/verifier: fix verifier instability Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 110/361] failover: Add missing check to validate slave_dev in net_failover_slave_unregister Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 111/361] perf tests: Fix record+probe_libc_inet_pton.sh without pings debuginfo Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 112/361] pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 113/361] pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() " Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 114/361] net: hns3: Preserve vlan 0 in hardware table Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 115/361] net: hns3: Fix ping exited problem when doing lp selftest Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 116/361] net: hns3: Fix for vf vlan delete failed problem Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 117/361] net: dsa: mv88e6xxx: Fix writing to a PHY page Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 118/361] mt76x2u: run device cleanup routine if resume fails Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 119/361] rsi: fix memory alignment issue in ARM32 platforms Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 120/361] libertas_tf: prevent underflow in process_cmdrequest() Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 121/361] iwlwifi: mvm: fix BAR seq ctrl reporting Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 122/361] gpio: brcmstb: allow 0 width GPIO banks Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 123/361] ixgbe: disallow IPsec Tx offload when in SR-IOV mode Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 124/361] ixgbevf: VF2VF TCP RSS Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 125/361] wil6210: fix RX buffers release and unmap Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 126/361] ath10k: schedule hardware restart if WMI command times out Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 127/361] libata: Apply NOLPM quirk for SAMSUNG MZ7TD256HAFV-000L9 Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 128/361] thermal: rcar_thermal: Prevent doing work after unbind Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 129/361] thermal: da9062/61: Prevent hardware access during system suspend Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 130/361] cifs: fix a credits leak for compund commands Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 131/361] cgroup, netclassid: add a preemption point to write_classid Greg Kroah-Hartman
2018-11-11 22:17 ` [PATCH 4.19 132/361] net: stmmac: dwmac-sun8i: fix OF child-node lookup Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 133/361] f2fs: fix to account IO correctly for cgroup writeback Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 134/361] MD: Memory leak when flush bio size is zero Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 135/361] md: fix memleak for mempool Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 136/361] of: Add missing exports of node name compare functions Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 137/361] scsi: esp_scsi: Track residual for PIO transfers Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 138/361] scsi: ufs: Schedule clk gating work on correct queue Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 139/361] UAPI: ndctl: Fix g++-unsupported initialisation in headers Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 140/361] KVM: nVMX: Clear reserved bits of #DB exit qualification Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 141/361] scsi: megaraid_sas: fix a missing-check bug Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 142/361] RDMA/core: Do not expose unsupported counters Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 143/361] RDMA/cm: Respect returned status of cm_init_av_by_path Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 144/361] IB/ipoib: Clear IPCB before icmp_send Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 145/361] RDMA/bnxt_re: Avoid accessing nq->bar_reg_iomem in failure case Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 146/361] RDMA/bnxt_re: Fix recursive lock warning in debug kernel Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 147/361] usb: host: ohci-at91: fix request of irq for optional gpio Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 148/361] PCI: mediatek: Fix mtk_pcie_find_port() endpoint/port matching logic Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 149/361] PCI: cadence: Use AXI region 0 to signal interrupts from EP Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 150/361] usb: typec: tcpm: Report back negotiated PPS voltage and current Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 151/361] tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 152/361] f2fs: clear PageError on the read path Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 153/361] Drivers: hv: vmbus: Use cpumask_var_t for on-stack cpu mask Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 154/361] VMCI: Resource wildcard match fixed Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 155/361] PCI / ACPI: Enable wake automatically for power managed bridges Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 156/361] xprtrdma: Reset credit grant properly after a disconnect Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 157/361] irqchip/pdc: Setup all edge interrupts as rising edge at GIC Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 158/361] usb: dwc2: fix call to vbus supply exit routine, call it unlocked Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 159/361] usb: dwc2: fix a race with external vbus supply Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 160/361] usb: gadget: udc: atmel: handle at91sam9rl PMC Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 161/361] ext4: fix argument checking in EXT4_IOC_MOVE_EXT Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 162/361] MD: fix invalid stored role for a disk Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 163/361] PCI: cadence: Correct probe behaviour when failing to get PHY Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 164/361] nvmem: check the return value of nvmem_add_cells() Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 165/361] xhci: Avoid USB autosuspend when resuming USB2 ports Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 166/361] scsi: qla2xxx: Fix recursive mailbox timeout Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 167/361] f2fs: fix to recover inodes crtime during POR Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 168/361] f2fs: fix to recover inodes i_flags " Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 169/361] PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 170/361] coresight: etb10: Fix handling of perf mode Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 171/361] PCI: dwc: pci-dra7xx: Enable errata i870 for both EP and RC mode Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 172/361] crypto: caam - fix implicit casts in endianness helpers Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 173/361] usb: chipidea: Prevent unbalanced IRQ disable Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 174/361] Smack: ptrace capability use fixes Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 175/361] driver/dma/ioat: Call del_timer_sync() without holding prep_lock Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 176/361] ASoC: AMD: Fix capture unstable in beginning for some runs Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 177/361] firmware: coreboot: Unmap ioregion after device population Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 178/361] IB/ipoib: Use dev_port to expose network interface port numbers Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 179/361] IB/mlx5: Allow transition of DCI QP to reset Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 180/361] uio: ensure class is registered before devices Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 181/361] scsi: lpfc: Correct soft lockup when running mds diagnostics Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 182/361] scsi: lpfc: Correct race with abort on completion path Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 183/361] f2fs: avoid sleeping under spin_lock Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 184/361] f2fs: report error if quota off error during umount Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 185/361] signal: Always deliver the kernels SIGKILL and SIGSTOP to a pid namespace init Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 186/361] f2fs: fix to flush all dirty inodes recovered in readonly fs Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 187/361] mfd: menelaus: Fix possible race condition and leak Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 188/361] dmaengine: dma-jz4780: Return error if not probed from DT Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 189/361] IB/rxe: fix for duplicate request processing and ack psns Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 190/361] ALSA: hda: Check the non-cached stream buffers more explicitly Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 191/361] cpupower: Fix AMD Family 0x17 msr_pstate size Greg Kroah-Hartman
2018-11-11 22:18 ` [PATCH 4.19 192/361] Revert "f2fs: fix to clear PG_checked flag in set_page_dirty()" Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 193/361] f2fs: fix missing up_read Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 194/361] f2fs: fix to recover cold bit of inode block during POR Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 195/361] f2fs: fix to account IO correctly Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 196/361] OPP: Free OPP table properly on performance state irregularities Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 197/361] ARM: dts: exynos: Convert exynos5250.dtsi to opp-v2 bindings Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 198/361] ARM: dts: exynos: Mark 1 GHz CPU OPP as suspend OPP on Exynos5250 Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 199/361] xen-swiotlb: use actually allocated size on check physical continuous Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 200/361] tpm: Restore functionality to xen vtpm driver Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 201/361] xen/blkfront: avoid NULL blkfront_info dereference on device removal Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 202/361] xen/balloon: Support xend-based toolstack Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 203/361] xen: fix race in xen_qlock_wait() Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 204/361] xen: make xen_qlock_wait() nestable Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 205/361] xen/pvh: increase early stack size Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 206/361] xen/pvh: dont try to unplug emulated devices Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 207/361] libertas: dont set URB_ZERO_PACKET on IN USB transfer Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 208/361] usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 209/361] usb: typec: tcpm: Fix APDO PPS order checking to be based on voltage Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 210/361] usb: gadget: udc: renesas_usb3: Fix b-device mode for "workaround" Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 211/361] mt76: mt76x2: fix multi-interface beacon configuration Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 212/361] iwlwifi: mvm: check return value of rs_rate_from_ucode_rate() Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 213/361] net/ipv4: defensive cipso option parsing Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 214/361] dmaengine: ppc4xx: fix off-by-one build failure Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 215/361] scsi: sched/wait: Add wait_event_lock_irq_timeout for TASK_UNINTERRUPTIBLE usage Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 216/361] scsi: target: Fix target_wait_for_sess_cmds breakage with active signals Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 217/361] libnvdimm: Hold reference on parent while scheduling async init Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 218/361] libnvdimm, region: Fail badblocks listing for inactive regions Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 219/361] libnvdimm, pmem: Fix badblocks population for raw namespaces Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 220/361] ASoC: intel: skylake: Add missing break in skl_tplg_get_token() Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 221/361] ASoC: sta32x: set ->component pointer in private struct Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 222/361] IB/mlx5: Fix MR cache initialization Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 223/361] IB/rxe: Revise the ib_wr_opcode enum Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 224/361] jbd2: fix use after free in jbd2_log_do_checkpoint() Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 225/361] gfs2_meta: ->mount() can get NULL dev_name Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 226/361] ext4: fix EXT4_IOC_SWAP_BOOT Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 227/361] ext4: initialize retries variable in ext4_da_write_inline_data_begin() Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 228/361] ext4: fix setattr project check in fssetxattr ioctl Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 229/361] ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 230/361] ext4: fix use-after-free race in ext4_remount()s error path Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 231/361] selinux: fix mounting of cgroup2 under older policies Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 232/361] HID: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452 Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 233/361] HID: hiddev: fix potential Spectre v1 Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 234/361] EDAC, amd64: Add Family 17h, models 10h-2fh support Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 235/361] EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 236/361] EDAC, skx_edac: Fix logical channel intermediate decoding Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 237/361] ARM: dts: dra7: Fix up unaligned access setting for PCIe EP Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 238/361] PCI/ASPM: Fix link_state teardown on device removal Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 239/361] PCI: Add Device IDs for Intel GPU "spurious interrupt" quirk Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 240/361] signal/GenWQE: Fix sending of SIGKILL Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 241/361] signal: Guard against negative signal numbers in copy_siginfo_from_user32 Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 242/361] crypto: lrw - Fix out-of bounds access on counter overflow Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 243/361] crypto: tcrypt - fix ghash-generic speed test Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 244/361] crypto: aesni - dont use GFP_ATOMIC allocation if the request doesnt cross a page in gcm Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 245/361] crypto: morus/generic - fix for big endian systems Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 246/361] crypto: aegis/generic " Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 247/361] crypto: speck - remove Speck Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 248/361] mm: /proc/pid/smaps_rollup: fix NULL pointer deref in smaps_pte_range() Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 249/361] userfaultfd: disable irqs when taking the waitqueue lock Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 250/361] ima: fix showing large violations or runtime_measurements_count Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 251/361] ima: open a new file instance if no read permissions Greg Kroah-Hartman
2018-11-11 22:19 ` [PATCH 4.19 252/361] hugetlbfs: dirty pages as they are added to pagecache Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 253/361] mm/rmap: map_pte() was not handling private ZONE_DEVICE page properly Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 254/361] mm/hmm: fix race between hmm_mirror_unregister() and mmu_notifier callback Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 255/361] KVM: arm/arm64: Ensure only THP is candidate for adjustment Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 256/361] KVM: arm64: Fix caching of host MDCR_EL2 value Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 257/361] kbuild: fix kernel/bounds.c W=1 warning Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 258/361] iio: ad5064: Fix regulator handling Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 259/361] iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs() Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 260/361] iio: adc: at91: fix acking DRDY irq on simple conversions Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 261/361] iio: adc: at91: fix wrong channel number in triggered buffer mode Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 262/361] w1: omap-hdq: fix missing bus unregister at removal Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 263/361] smb3: allow stats which track session and share reconnects to be reset Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 264/361] smb3: do not attempt cifs operation in smb3 query info error path Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 265/361] smb3: on kerberos mount if server doesnt specify auth type use krb5 Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 266/361] printk: Fix panic caused by passing log_buf_len to command line Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 267/361] genirq: Fix race on spurious interrupt detection Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 268/361] tpm: fix response size validation in tpm_get_random() Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 269/361] NFC: nfcmrvl_uart: fix OF child-node lookup Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 270/361] NFSv4.1: Fix the r/wsize checking Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 271/361] nfs: Fix a missed page unlock after pg_doio() Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 272/361] nfsd: correctly decrement odstate refcount in error path Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 273/361] nfsd: Fix an Oops in free_session() Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 274/361] lockd: fix access beyond unterminated strings in prints Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 275/361] dm ioctl: harden copy_params()s copy_from_user() from malicious users Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 276/361] dm zoned: fix metadata block ref counting Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 277/361] dm zoned: fix various dmz_get_mblock() issues Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 278/361] media: ov7670: make "xclk" clock optional Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 279/361] fsnotify: Fix busy inodes during unmount Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 280/361] powerpc64/module elfv1: Set opd addresses after module relocation Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 281/361] powerpc/msi: Fix compile error on mpc83xx Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 282/361] powerpc/tm: Fix HFSCR bit for no suspend case Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 283/361] powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs before POWER9 Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 284/361] MIPS: OCTEON: fix out of bounds array access on CN68XX Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 285/361] rtc: ds1307: fix ds1339 wakealarm support Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 286/361] rtc: cmos: Fix non-ACPI undefined reference to `hpet_rtc_interrupt Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 287/361] rtc: cmos: Remove the `use_acpi_alarm module parameter for !ACPI Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 288/361] power: supply: twl4030-charger: fix OF sibling-node lookup Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 289/361] ocxl: Fix access to the AFU Descriptor Data Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 290/361] iommu/arm-smmu: Ensure that page-table updates are visible before TLBI Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 291/361] TC: Set DMA masks for devices Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 292/361] net: bcmgenet: fix OF child-node lookup Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 293/361] media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 294/361] Revert "media: dvbsky: use just one mutex for serializing device R/W ops" Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 295/361] kgdboc: Passing ekgdboc to command line causes panic Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 296/361] remoteproc: qcom: q6v5: Propagate EPROBE_DEFER Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 297/361] media: cec: make cec_get_edid_spa_location() an inline function Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 298/361] media: cec: integrate cec_validate_phys_addr() in cec-api.c Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 299/361] xen: fix xen_qlock_wait() Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 300/361] xen: remove size limit of privcmd-buf mapping interface Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 301/361] xen-blkfront: fix kernel panic with negotiate_mq error path Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 302/361] media: cec: add new tx/rx status bits to detect aborts/timeouts Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 303/361] media: cec: fix the Signal Free Time calculation Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 304/361] media: cec: forgot to cancel delayed work Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 305/361] media: em28xx: use a default format if TRY_FMT fails Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 306/361] media: tvp5150: avoid going past array on v4l2_querymenu() Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 307/361] media: em28xx: fix input name for Terratec AV 350 Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 308/361] media: em28xx: make v4l2-compliance happier by starting sequence on zero Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 309/361] media: em28xx: fix handler for vidioc_s_input() Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 310/361] media: adv7604: when the EDID is cleared, unconfigure CEC as well Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 311/361] media: adv7842: " Greg Kroah-Hartman
2018-11-11 22:20 ` [PATCH 4.19 312/361] drm/mediatek: fix OF sibling-node lookup Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 313/361] media: media colorspaces*.rst: rename AdobeRGB to opRGB Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 314/361] media: replace ADOBERGB by OPRGB Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 315/361] media: hdmi.h: rename ADOBE_RGB to OPRGB and ADOBE_YCC to OPYCC Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 316/361] arm64: lse: remove -fcall-used-x0 flag Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 317/361] rpmsg: smd: fix memory leak on channel create Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 318/361] Cramfs: fix abad comparison when wrap-arounds occur Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 319/361] ARM: dts: socfpga: Fix SDRAM node address for Arria10 Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 320/361] arm64: dts: stratix10: Correct System Manager register size Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 321/361] soc: qcom: rmtfs-mem: Validate that scm is available Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 322/361] soc/tegra: pmc: Fix child-node lookup Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 323/361] selftests/ftrace: Fix synthetic event test to delete event correctly Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 324/361] selftests/powerpc: Fix ptrace tm failure Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 325/361] tracing: Return -ENOENT if there is no target synthetic event Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 326/361] btrfs: qgroup: Avoid calling qgroup functions if qgroup is not enabled Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 327/361] btrfs: Handle owner mismatch gracefully when walking up tree Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 328/361] btrfs: locking: Add extra check in btrfs_init_new_buffer() to avoid deadlock Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 329/361] btrfs: fix error handling in free_log_tree Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 330/361] btrfs: fix error handling in btrfs_dev_replace_start Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 331/361] btrfs: Enhance btrfs_trim_fs function to handle error better Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 332/361] btrfs: Ensure btrfs_trim_fs can trim the whole filesystem Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 333/361] btrfs: iterate all devices during trim, instead of fs_devices::alloc_list Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 334/361] btrfs: dont attempt to trim devices that dont support it Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 335/361] btrfs: keep trim from interfering with transaction commits Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 336/361] btrfs: wait on caching when putting the bg cache Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 337/361] Btrfs: dont clean dirty pages during buffered writes Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 338/361] btrfs: release metadata before running delayed refs Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 339/361] btrfs: protect space cache inode alloc with GFP_NOFS Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 340/361] btrfs: reset max_extent_size on clear in a bitmap Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 341/361] btrfs: make sure we create all new block groups Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 342/361] Btrfs: fix warning when replaying log after fsync of a tmpfile Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 343/361] Btrfs: fix wrong dentries after fsync of file that got its parent replaced Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 344/361] btrfs: qgroup: Dirty all qgroups before rescan Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 345/361] Btrfs: fix null pointer dereference on compressed write path error Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 346/361] Btrfs: fix assertion on fsync of regular file when using no-holes feature Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 347/361] Btrfs: fix deadlock when writing out free space caches Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 348/361] btrfs: reset max_extent_size properly Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 349/361] btrfs: set " Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 350/361] btrfs: dont use ctl->free_space for max_extent_size Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 351/361] btrfs: only free reserved extent if we didnt insert it Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 352/361] btrfs: fix insert_reserved error handling Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 353/361] btrfs: dont run delayed_iputs in commit Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 354/361] btrfs: move the dio_sem higher up the callchain Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 355/361] Btrfs: fix use-after-free during inode eviction Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 356/361] Btrfs: fix use-after-free when dumping free space Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 357/361] net: sched: Remove TCA_OPTIONS from policy Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 358/361] vt: fix broken display when running aptitude Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 359/361] userns: also map extents in the reverse map to kernel IDs Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 360/361] bpf: wait for running BPF programs when updating map-in-map Greg Kroah-Hartman
2018-11-11 22:21 ` [PATCH 4.19 361/361] vga_switcheroo: Fix missing gpu_bound call at audio client registration Greg Kroah-Hartman
2018-11-12 4:10 ` [PATCH 4.19 000/361] 4.19.2-stable review kernelci.org bot
2018-11-12 14:00 ` Naresh Kamboju
2018-11-12 20:11 ` Greg Kroah-Hartman
2018-11-13 0:58 ` Guenter Roeck
2018-11-13 5:06 ` Greg Kroah-Hartman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).