linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH 4.4 000/131] 4.4.178-stable review
@ 2019-04-01 17:01 Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 001/131] mmc: pxamci: fix enum type confusion Greg Kroah-Hartman
                   ` (135 more replies)
  0 siblings, 136 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, torvalds, akpm, linux, shuah, patches,
	ben.hutchings, lkft-triage, stable

This is the start of the stable review cycle for the 4.4.178 release.
There are 131 patches in this series, all will be posted as a response
to this one.  If anyone has any issues with these being applied, please
let me know.

Responses should be made by Wed Apr  3 16:59:39 UTC 2019.
Anything received after that time might be too late.

The whole patch series can be found in one patch at:
	https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.178-rc1.gz
or in the git tree and branch at:
	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y
and the diffstat can be found below.

thanks,

greg k-h

-------------
Pseudo-Shortlog of commits:

Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Linux 4.4.178-rc1

Geert Uytterhoeven <geert@linux-m68k.org>
    stm class: Hide STM-specific options if STM is disabled

Mathieu Poirier <mathieu.poirier@linaro.org>
    coresight: removing bind/unbind options from sysfs

Eric Biggers <ebiggers@google.com>
    arm64: support keyctl() system call in 32-bit mode

Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Revert "USB: core: only clean up what we allocated"

Mathias Nyman <mathias.nyman@linux.intel.com>
    xhci: Fix port resume done detection for SS ports with LPM enabled

Sean Christopherson <sean.j.christopherson@intel.com>
    KVM: Reject device ioctls from processes other than the VM's creator

Thomas Gleixner <tglx@linutronix.de>
    x86/smp: Enforce CONFIG_HOTPLUG_CPU when SMP=y

Adrian Hunter <adrian.hunter@intel.com>
    perf intel-pt: Fix TSC slip

Axel Lin <axel.lin@ingics.com>
    gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input

YueHaibing <yuehaibing@huawei.com>
    fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links

Wentao Wang <witallwang@gmail.com>
    Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc

Bjørn Mork <bjorn@mork.no>
    USB: serial: option: add Olicard 600

Mans Rullgard <mans@mansr.com>
    USB: serial: option: set driver_info for SIM5218 and compatibles

Lin Yi <teroincn@163.com>
    USB: serial: mos7720: fix mos_parport refcount imbalance on error path

George McCollister <george.mccollister@gmail.com>
    USB: serial: ftdi_sio: add additional NovaTech products

Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    USB: serial: cp210x: add new device id

Hoan Nguyen An <na-hoan@jinso.co.jp>
    serial: sh-sci: Fix setting SCSCR_TIE while transferring data

Aditya Pakki <pakki001@umn.edu>
    serial: max310x: Fix to avoid potential NULL pointer dereference

Malcolm Priestley <tvboxspy@gmail.com>
    staging: vt6655: Fix interrupt race condition on device start up.

Malcolm Priestley <tvboxspy@gmail.com>
    staging: vt6655: Remove vif check from vnt_interrupt

Kangjie Lu <kjlu@umn.edu>
    tty: atmel_serial: fix a potential NULL pointer dereference

Steffen Maier <maier@linux.ibm.com>
    scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices

Steffen Maier <maier@linux.ibm.com>
    scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host

Bart Van Assche <bvanassche@acm.org>
    scsi: sd: Fix a race between closing an sd device and sd I/O

Takashi Iwai <tiwai@suse.de>
    ALSA: pcm: Don't suspend stream in unrecoverable PCM state

Takashi Iwai <tiwai@suse.de>
    ALSA: pcm: Fix possible OOB access in PCM oss plugins

Gustavo A. R. Silva <gustavo@embeddedor.com>
    ALSA: seq: oss: Fix Spectre v1 vulnerability

Gustavo A. R. Silva <gustavo@embeddedor.com>
    ALSA: rawmidi: Fix potential Spectre v1 vulnerability

Ravindra Lokhande <rlokhande@nvidia.com>
    ALSA: compress: add support for 32bit calls in a 64bit kernel

Kohji Okuno <okuno.kohji@jp.panasonic.com>
    ARM: imx6q: cpuidle: fix bug that CPU might not wake up at expected time

Andrea Righi <andrea.righi@canonical.com>
    btrfs: raid56: properly unmap parity page in finish_parity_scrub()

Josef Bacik <josef@toxicpanda.com>
    btrfs: remove WARN_ON in log_dir_items

Finn Thain <fthain@telegraphics.com.au>
    mac8390: Fix mmio access size probe

Xin Long <lucien.xin@gmail.com>
    sctp: get sctphdr by offset in sctp_compute_cksum

Zhiqiang Liu <liuzhiqiang26@huawei.com>
    vxlan: Don't call gro_cells_destroy() before device is unregistered

Eric Dumazet <edumazet@google.com>
    tcp: do not use ipv6 header for ipv4 flow

Maxime Chevallier <maxime.chevallier@bootlin.com>
    packets: Always register packet sk in the same order

David S. Miller <davem@davemloft.net>
    Add hlist_add_tail_rcu() (Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net)

Eric Dumazet <edumazet@google.com>
    net: rose: fix a possible stack overflow

Christoph Paasch <cpaasch@apple.com>
    net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec

Bjorn Helgaas <bhelgaas@google.com>
    mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S

Eric Dumazet <edumazet@google.com>
    dccp: do not use ipv6 header for ipv4 flow

Bhadram Varka <vbhadram@nvidia.com>
    stmmac: copy unicast mac address to MAC registers

Johannes Berg <johannes.berg@intel.com>
    cfg80211: size various nl80211 messages correctly

Chaotian Jing <chaotian.jing@mediatek.com>
    mmc: mmc: fix switch timeout issue caused by jiffies precision

Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
    arm64: kconfig: drop CONFIG_RTC_LIB dependency

Christoffer Dall <christoffer.dall@linaro.org>
    video: fbdev: Set pixclock = 0 in goldfishfb

Lianwei Wang <lianwei.wang@gmail.com>
    cpu/hotplug: Handle unbalanced hotplug enable/disable

Xerox Lin <xerox_lin@htc.com>
    usb: gadget: rndis: free response queue during REMOTE_NDIS_RESET_MSG

Winter Wang <wente.wang@nxp.com>
    usb: gadget: configfs: add mutex lock before unregister gadget

Hannes Frederic Sowa <hannes@stressinduktion.org>
    ipv6: fix endianness error in icmpv6_err

Alexander Shishkin <alexander.shishkin@linux.intel.com>
    stm class: Fix stm device initialization order

Alexander Shishkin <alexander.shishkin@linux.intel.com>
    stm class: Do not leak the chrdev in error path

James Morse <james.morse@arm.com>
    PM / Hibernate: Call flush_icache_range() on pages restored in-place

James Morse <james.morse@arm.com>
    arm64: kernel: Include _AC definition in page.h

Alexander Shishkin <alexander.shishkin@linux.intel.com>
    perf/ring_buffer: Refuse to begin AUX transaction after rb->aux_mmap_count drops

Jeff Mahoney <jeffm@suse.com>
    mac80211: fix "warning: ‘target_metric’ may be used uninitialized"

Ard Biesheuvel <ard.biesheuvel@linaro.org>
    arm64/kernel: fix incorrect EL0 check in inv_entry macro

Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
    ARM: 8510/1: rework ARM_CPU_SUSPEND dependencies

Greg Hackmann <ghackmann@google.com>
    staging: goldfish: audio: fix compiliation on arm

Rajmal Menariya <rajmal.menariya@spreadtrum.com>
    staging: ion: Set minimum carveout heap allocation order to PAGE_SHIFT

Rom Lemarchand <romlem@android.com>
    staging: ashmem: Add missing include

Laura Abbott <lauraa@codeaurora.org>
    staging: ashmem: Avoid deadlock with mmap/shrink

Mark Rutland <mark.rutland@arm.com>
    asm-generic: Fix local variable shadow in __set_fixmap_offset

Eric Long <eric.long@linaro.org>
    coresight: etm4x: Check every parameter used by dma_xx_coherent.

Eric Long <eric.long@linaro.org>
    coresight: "DEVICE_ATTR_RO" should defined as static.

Alexander Shishkin <alexander.shishkin@linux.intel.com>
    stm class: Fix a race in unlinking

Alexander Shishkin <alexander.shishkin@linux.intel.com>
    stm class: Fix unbalanced module/device refcounting

Alexander Shishkin <alexander.shishkin@linux.intel.com>
    stm class: Guard output assignment against concurrency

Alexander Shishkin <alexander.shishkin@linux.intel.com>
    stm class: Fix unlocking braino in the error path

Alexander Shishkin <alexander.shishkin@linux.intel.com>
    stm class: Support devices with multiple instances

Alexander Shishkin <alexander.shishkin@linux.intel.com>
    stm class: Prevent user-controllable allocations

Alexander Shishkin <alexander.shishkin@linux.intel.com>
    stm class: Fix link list locking

Alexander Shishkin <alexander.shishkin@linux.intel.com>
    stm class: Fix locking in unbinding policy path

Mathieu Poirier <mathieu.poirier@linaro.org>
    coresight: remove csdev's link from topology

Mathieu Poirier <mathieu.poirier@linaro.org>
    coresight: release reference taken by 'bus_find_device()'

Mathieu Poirier <mathieu.poirier@linaro.org>
    coresight: coresight_unregister() function cleanup

Mathieu Poirier <mathieu.poirier@linaro.org>
    coresight: fixing lockdep error

Tahsin Erdogan <tahsin@google.com>
    writeback: initialize inode members that track writeback history

Ulf Hansson <ulf.hansson@linaro.org>
    Revert "mmc: block: don't use parameter prefix if built as module"

Eric Dumazet <edumazet@google.com>
    net: diag: support v4mapped sockets in inet_diag_find_one_icsk()

Alexander Shishkin <alexander.shishkin@linux.intel.com>
    perf: Synchronously free aux pages in case of allocation failure

Ard Biesheuvel <ard.biesheuvel@linaro.org>
    arm64: hide __efistub_ aliases from kallsyms

Nicolas Pitre <nicolas.pitre@linaro.org>
    hid-sensor-hub.c: fix wrong do_div() usage

Christoph Lameter <cl@linux.com>
    vmstat: make vmstat_updater deferrable again and shut down on idle

Dmitry Torokhov <dtor@chromium.org>
    android: unconditionally remove callbacks in sync_fence_free()

Jungseung Lee <js07.lee@samsung.com>
    ARM: 8494/1: mm: Enable PXN when running non-LPAE kernel on LPAE processor

Arnd Bergmann <arnd@arndb.de>
    ARM: 8458/1: bL_switcher: add GIC dependency

Ard Biesheuvel <ard.biesheuvel@linaro.org>
    efi: stub: define DISABLE_BRANCH_PROFILING for all architectures

Yury Norov <ynorov@caviumnetworks.com>
    arm64: fix COMPAT_SHMLBA definition for large pages

Colin Cross <ccross@android.com>
    mmc: block: Allow more than 8 partitions per card

Yuyang Du <yuyang.du@intel.com>
    sched/fair: Fix new task's load avg removed from source CPU in wake_up_new_task()

Marcel Holtmann <marcel@holtmann.org>
    Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer

Marcel Holtmann <marcel@holtmann.org>
    Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt

Arnd Bergmann <arnd@arndb.de>
    ath10k: avoid possible string overflow

Baolin Wang <baolin.wang@linaro.org>
    rtc: Fix overflow when converting time64_t to rtc_time

Andrey Konovalov <andreyknvl@google.com>
    USB: core: only clean up what we allocated

Peter Zijlstra <peterz@infradead.org>
    lib/int_sqrt: optimize small argument

Lanqing Liu <lanqing.liu@spreadtrum.com>
    serial: sprd: clear timeout interrupt only rather than all interrupts

Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
    usb: renesas_usbhs: gadget: fix unused-but-set-variable warning

Qiao Zhou <qiaozhou@asrmicro.com>
    arm64: traps: disable irq in die()

Al Viro <viro@ZenIV.linux.org.uk>
    Hang/soft lockup in d_invalidate with simultaneous calls

Wei Qiao <wei.qiao@spreadtrum.com>
    serial: sprd: adjust TIMEOUT to a big value

Eric Dumazet <edumazet@google.com>
    tcp/dccp: drop SYN packets if accept queue is full

Baolin Wang <baolin.wang@linaro.org>
    usb: gadget: Add the gserial port checking in gs_start_tx()

Peter Chen <peter.chen@nxp.com>
    usb: gadget: composite: fix dereference after null check coverify warning

Wolfram Sang <wsa@the-dreams.de>
    kbuild: setlocalversion: print error to STDERR

Roger Quadros <rogerq@ti.com>
    extcon: usb-gpio: Don't miss event during suspend/resume

Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
    mm/rmap: replace BUG_ON(anon_vma->degree) with VM_WARN_ON

Dong Aisheng <aisheng.dong@nxp.com>
    mmc: core: fix using wrong io voltage if mmc_select_hs200 fails

James Morse <james.morse@arm.com>
    arm64: mm: Add trace_irqflags annotations to do_debug_exception()

Roger Quadros <rogerq@ti.com>
    usb: dwc3: gadget: Fix suspend/resume during device mode

Russell King <rmk+kernel@arm.linux.org.uk>
    mmc: core: shut up "voltage-ranges unspecified" pr_info()

Wolfram Sang <wsa+renesas@sang-engineering.com>
    mmc: sanitize 'bus width' in debug output

Wolfram Sang <wsa+renesas@sang-engineering.com>
    mmc: make MAN_BKOPS_EN message a debug

Chuanxiao Dong <chuanxiao.dong@intel.com>
    mmc: debugfs: Add a restriction to mmc debugfs clock setting

Martin Fuzzey <mfuzzey@parkeon.com>
    mmc: pwrseq_simple: Make reset-gpios optional to match doc

Hui Wang <hui.wang@canonical.com>
    ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec

Takashi Iwai <tiwai@suse.de>
    ALSA: hda - Record the current power state before suspend/resume calls

Waiman Long <longman@redhat.com>
    locking/lockdep: Add debug_locks check in __lock_downgrade()

Hans Verkuil <hverkuil@xs4all.nl>
    media: v4l2-ctrls.c/uvc: zero v4l2_event

Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
    mmc: tmio_mmc_core: don't claim spurious interrupts

zhangyi (F) <yi.zhang@huawei.com>
    ext4: brelse all indirect buffer in ext4_ind_remove_space()

Lukas Czerner <lczerner@redhat.com>
    ext4: fix data corruption caused by unaligned direct AIO

Jiufei Xue <jiufei.xue@linux.alibaba.com>
    ext4: fix NULL pointer dereference while journal is aborted

Chen Jie <chenjie6@huawei.com>
    futex: Ensure that futex address is aligned in handle_futex_death()

Archer Yan <ayan@wavecomp.com>
    MIPS: Fix kernel crash for R6 in jump label branch function

Yifeng Li <tomli@tomli.me>
    mips: loongson64: lemote-2f: Add IRQF_NO_SUSPEND to "cascade" irqaction.

Jan Kara <jack@suse.cz>
    udf: Fix crash on IO error during truncate

Thomas Zimmermann <tzimmermann@suse.de>
    drm/vmwgfx: Don't double-free the mode stored in par->set_mode

Arnd Bergmann <arnd@arndb.de>
    mmc: pxamci: fix enum type confusion


-------------

Diffstat:

 Documentation/virtual/kvm/api.txt                  |  16 ++-
 Makefile                                           |   4 +-
 arch/arm/Kconfig                                   |   6 +-
 arch/arm/mach-imx/cpuidle-imx6q.c                  |  27 ++--
 arch/arm/mm/mmu.c                                  |   2 +-
 arch/arm64/Kconfig                                 |   5 +-
 arch/arm64/include/asm/page.h                      |   2 +
 arch/arm64/include/asm/shmparam.h                  |   2 +-
 arch/arm64/kernel/entry.S                          |   2 +-
 arch/arm64/kernel/image.h                          |  40 +++---
 arch/arm64/kernel/traps.c                          |   8 +-
 arch/arm64/mm/fault.c                              |  33 +++--
 arch/mips/include/asm/jump_label.h                 |   8 +-
 arch/mips/loongson64/lemote-2f/irq.c               |   2 +-
 arch/x86/Kconfig                                   |   8 +-
 drivers/extcon/extcon-usb-gpio.c                   |   3 +
 drivers/firmware/efi/libstub/Makefile              |   4 +-
 drivers/gpio/gpio-adnp.c                           |   6 +-
 drivers/gpu/drm/vmwgfx/vmwgfx_fb.c                 |  12 +-
 drivers/hid/hid-sensor-hub.c                       |   3 +-
 drivers/hwtracing/coresight/coresight-etb10.c      |  11 +-
 drivers/hwtracing/coresight/coresight-etm3x.c      |  13 +-
 drivers/hwtracing/coresight/coresight-etm4x.c      |  15 +--
 drivers/hwtracing/coresight/coresight-funnel.c     |  10 +-
 .../coresight/coresight-replicator-qcom.c          |  11 +-
 drivers/hwtracing/coresight/coresight-replicator.c |  16 +--
 drivers/hwtracing/coresight/coresight-tmc.c        |  19 +--
 drivers/hwtracing/coresight/coresight-tpiu.c       |  10 +-
 drivers/hwtracing/coresight/coresight.c            |  55 +++++++-
 drivers/hwtracing/coresight/of_coresight.c         |   2 +-
 drivers/hwtracing/stm/Kconfig                      |   4 +
 drivers/hwtracing/stm/core.c                       | 148 ++++++++++++++++-----
 drivers/hwtracing/stm/policy.c                     |  25 +++-
 drivers/hwtracing/stm/stm.h                        |   2 +
 drivers/isdn/hardware/mISDN/hfcmulti.c             |   3 +-
 drivers/media/usb/uvc/uvc_ctrl.c                   |   2 +-
 drivers/media/v4l2-core/v4l2-ctrls.c               |   2 +-
 drivers/mmc/card/block.c                           |  10 +-
 drivers/mmc/core/core.c                            |  10 +-
 drivers/mmc/core/debugfs.c                         |   2 +-
 drivers/mmc/core/mmc.c                             |  16 ++-
 drivers/mmc/core/mmc_ops.c                         |   2 +-
 drivers/mmc/core/pwrseq_simple.c                   |  22 +--
 drivers/mmc/host/pxamci.c                          |   2 +-
 drivers/mmc/host/tmio_mmc_pio.c                    |   8 +-
 drivers/net/ethernet/8390/mac8390.c                |  19 ++-
 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c  |  16 ++-
 drivers/net/vxlan.c                                |   4 +-
 drivers/net/wireless/ath/ath10k/wmi.c              |   2 +-
 drivers/rtc/rtc-lib.c                              |   6 +-
 drivers/s390/scsi/zfcp_erp.c                       |  17 +++
 drivers/s390/scsi/zfcp_ext.h                       |   2 +
 drivers/s390/scsi/zfcp_scsi.c                      |   4 +
 drivers/scsi/sd.c                                  |  19 ++-
 drivers/staging/android/ashmem.c                   |   4 +-
 drivers/staging/android/ion/ion_carveout_heap.c    |   2 +-
 drivers/staging/android/sync.c                     |   6 +-
 drivers/staging/android/uapi/ashmem.h              |   1 +
 drivers/staging/goldfish/goldfish_audio.c          |   1 +
 drivers/staging/vt6655/device_main.c               |  11 +-
 drivers/tty/serial/atmel_serial.c                  |   4 +
 drivers/tty/serial/kgdboc.c                        |   4 +-
 drivers/tty/serial/max310x.c                       |   2 +
 drivers/tty/serial/sh-sci.c                        |  12 +-
 drivers/tty/serial/sprd_serial.c                   |   6 +-
 drivers/usb/dwc3/gadget.c                          |   6 +
 drivers/usb/gadget/composite.c                     |   2 +
 drivers/usb/gadget/configfs.c                      |   2 +
 drivers/usb/gadget/function/rndis.c                |   6 +
 drivers/usb/gadget/function/u_serial.c             |   7 +-
 drivers/usb/host/xhci-ring.c                       |   9 +-
 drivers/usb/host/xhci.h                            |   1 +
 drivers/usb/renesas_usbhs/mod_gadget.c             |   5 +-
 drivers/usb/serial/cp210x.c                        |   1 +
 drivers/usb/serial/ftdi_sio.c                      |   2 +
 drivers/usb/serial/ftdi_sio_ids.h                  |   4 +-
 drivers/usb/serial/mos7720.c                       |   4 +-
 drivers/usb/serial/option.c                        |  13 +-
 drivers/video/fbdev/goldfishfb.c                   |   2 +-
 fs/btrfs/raid56.c                                  |   3 +-
 fs/btrfs/tree-log.c                                |  11 +-
 fs/dcache.c                                        |  10 +-
 fs/ext4/ext4_jbd2.h                                |   2 +-
 fs/ext4/file.c                                     |   2 +-
 fs/ext4/indirect.c                                 |  12 +-
 fs/inode.c                                         |   6 +
 fs/proc/proc_sysctl.c                              |   3 +-
 fs/udf/truncate.c                                  |   3 +
 include/asm-generic/fixmap.h                       |  12 +-
 include/linux/rculist.h                            |  36 +++++
 include/linux/vmstat.h                             |   2 +
 include/net/inet_connection_sock.h                 |   5 -
 include/net/sctp/checksum.h                        |   2 +-
 include/net/sock.h                                 |   6 +
 kernel/cpu.c                                       |  11 +-
 kernel/events/ring_buffer.c                        |  47 ++++---
 kernel/futex.c                                     |   4 +
 kernel/locking/lockdep.c                           |   3 +
 kernel/power/swap.c                                |  18 +++
 kernel/sched/fair.c                                |  38 ++++--
 kernel/sched/idle.c                                |   1 +
 lib/int_sqrt.c                                     |   3 +
 mm/rmap.c                                          |   2 +-
 mm/vmstat.c                                        |  69 ++++++----
 net/bluetooth/l2cap_core.c                         |  83 +++++++-----
 net/dccp/ipv4.c                                    |   8 +-
 net/dccp/ipv6.c                                    |   6 +-
 net/ipv4/inet_diag.c                               |  21 ++-
 net/ipv4/tcp_input.c                               |   8 +-
 net/ipv6/icmp.c                                    |   2 +-
 net/ipv6/tcp_ipv6.c                                |   8 +-
 net/mac80211/mesh_hwmp.c                           |   2 +-
 net/packet/af_packet.c                             |   4 +-
 net/rose/rose_subr.c                               |  21 +--
 net/wireless/nl80211.c                             |  16 +--
 scripts/setlocalversion                            |   2 +-
 sound/core/compress_offload.c                      |  13 ++
 sound/core/oss/pcm_oss.c                           |  43 +++---
 sound/core/pcm_native.c                            |   9 +-
 sound/core/rawmidi.c                               |   2 +
 sound/core/seq/oss/seq_oss_synth.c                 |   7 +-
 sound/pci/hda/hda_codec.c                          |  57 +++++++-
 .../perf/util/intel-pt-decoder/intel-pt-decoder.c  |  20 ++-
 virt/kvm/kvm_main.c                                |   3 +
 124 files changed, 935 insertions(+), 530 deletions(-)



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 001/131] mmc: pxamci: fix enum type confusion
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 002/131] drm/vmwgfx: Dont double-free the mode stored in par->set_mode Greg Kroah-Hartman
                   ` (134 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Nathan Chancellor,
	Robert Jarzmik, Ulf Hansson

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Arnd Bergmann <arnd@arndb.de>

commit e60a582bcde01158a64ff948fb799f21f5d31a11 upstream.

clang points out several instances of mismatched types in this drivers,
all coming from a single declaration:

drivers/mmc/host/pxamci.c:193:15: error: implicit conversion from enumeration type 'enum dma_transfer_direction' to
      different enumeration type 'enum dma_data_direction' [-Werror,-Wenum-conversion]
                direction = DMA_DEV_TO_MEM;
                          ~ ^~~~~~~~~~~~~~
drivers/mmc/host/pxamci.c:212:62: error: implicit conversion from enumeration type 'enum dma_data_direction' to
      different enumeration type 'enum dma_transfer_direction' [-Werror,-Wenum-conversion]
        tx = dmaengine_prep_slave_sg(chan, data->sg, host->dma_len, direction,

The behavior is correct, so this must be a simply typo from
dma_data_direction and dma_transfer_direction being similarly named
types with a similar purpose.

Fixes: 6464b7140951 ("mmc: pxamci: switch over to dmaengine use")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Nathan Chancellor <natechancellor@gmail.com>
Acked-by: Robert Jarzmik <robert.jarzmik@free.fr>
Cc: stable@vger.kernel.org
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/mmc/host/pxamci.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/mmc/host/pxamci.c
+++ b/drivers/mmc/host/pxamci.c
@@ -181,7 +181,7 @@ static void pxamci_dma_irq(void *param);
 static void pxamci_setup_data(struct pxamci_host *host, struct mmc_data *data)
 {
 	struct dma_async_tx_descriptor *tx;
-	enum dma_data_direction direction;
+	enum dma_transfer_direction direction;
 	struct dma_slave_config	config;
 	struct dma_chan *chan;
 	unsigned int nob = data->blocks;



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 002/131] drm/vmwgfx: Dont double-free the mode stored in par->set_mode
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 001/131] mmc: pxamci: fix enum type confusion Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 003/131] udf: Fix crash on IO error during truncate Greg Kroah-Hartman
                   ` (133 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Thomas Zimmermann, Deepak Rawat,
	Thomas Hellstrom

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Thomas Zimmermann <tzimmermann@suse.de>

commit c2d311553855395764e2e5bf401d987ba65c2056 upstream.

When calling vmw_fb_set_par(), the mode stored in par->set_mode gets free'd
twice. The first free is in vmw_fb_kms_detach(), the second is near the
end of vmw_fb_set_par() under the name of 'old_mode'. The mode-setting code
only works correctly if the mode doesn't actually change. Removing
'old_mode' in favor of using par->set_mode directly fixes the problem.

Cc: <stable@vger.kernel.org>
Fixes: a278724aa23c ("drm/vmwgfx: Implement fbdev on kms v2")
Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
Reviewed-by: Deepak Rawat <drawat@vmware.com>
Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/vmwgfx/vmwgfx_fb.c |   12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

--- a/drivers/gpu/drm/vmwgfx/vmwgfx_fb.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_fb.c
@@ -531,11 +531,9 @@ static int vmw_fb_set_par(struct fb_info
 		0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
 		DRM_MODE_FLAG_NHSYNC | DRM_MODE_FLAG_PVSYNC)
 	};
-	struct drm_display_mode *old_mode;
 	struct drm_display_mode *mode;
 	int ret;
 
-	old_mode = par->set_mode;
 	mode = drm_mode_duplicate(vmw_priv->dev, &new_mode);
 	if (!mode) {
 		DRM_ERROR("Could not create new fb mode.\n");
@@ -546,11 +544,7 @@ static int vmw_fb_set_par(struct fb_info
 	mode->vdisplay = var->yres;
 	vmw_guess_mode_timing(mode);
 
-	if (old_mode && drm_mode_equal(old_mode, mode)) {
-		drm_mode_destroy(vmw_priv->dev, mode);
-		mode = old_mode;
-		old_mode = NULL;
-	} else if (!vmw_kms_validate_mode_vram(vmw_priv,
+	if (!vmw_kms_validate_mode_vram(vmw_priv,
 					mode->hdisplay *
 					DIV_ROUND_UP(var->bits_per_pixel, 8),
 					mode->vdisplay)) {
@@ -613,8 +607,8 @@ static int vmw_fb_set_par(struct fb_info
 	schedule_delayed_work(&par->local_work, 0);
 
 out_unlock:
-	if (old_mode)
-		drm_mode_destroy(vmw_priv->dev, old_mode);
+	if (par->set_mode)
+		drm_mode_destroy(vmw_priv->dev, par->set_mode);
 	par->set_mode = mode;
 
 	drm_modeset_unlock_all(vmw_priv->dev);



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 003/131] udf: Fix crash on IO error during truncate
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 001/131] mmc: pxamci: fix enum type confusion Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 002/131] drm/vmwgfx: Dont double-free the mode stored in par->set_mode Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 004/131] mips: loongson64: lemote-2f: Add IRQF_NO_SUSPEND to "cascade" irqaction Greg Kroah-Hartman
                   ` (132 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, jean-luc malet, Jan Kara

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Jan Kara <jack@suse.cz>

commit d3ca4651d05c0ff7259d087d8c949bcf3e14fb46 upstream.

When truncate(2) hits IO error when reading indirect extent block the
code just bugs with:

kernel BUG at linux-4.15.0/fs/udf/truncate.c:249!
...

Fix the problem by bailing out cleanly in case of IO error.

CC: stable@vger.kernel.org
Reported-by: jean-luc malet <jeanluc.malet@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/udf/truncate.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/fs/udf/truncate.c
+++ b/fs/udf/truncate.c
@@ -260,6 +260,9 @@ void udf_truncate_extents(struct inode *
 			epos.block = eloc;
 			epos.bh = udf_tread(sb,
 					udf_get_lb_pblock(sb, &eloc, 0));
+			/* Error reading indirect block? */
+			if (!epos.bh)
+				return;
 			if (elen)
 				indirect_ext_len =
 					(elen + sb->s_blocksize - 1) >>



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 004/131] mips: loongson64: lemote-2f: Add IRQF_NO_SUSPEND to "cascade" irqaction.
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (2 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 003/131] udf: Fix crash on IO error during truncate Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 005/131] MIPS: Fix kernel crash for R6 in jump label branch function Greg Kroah-Hartman
                   ` (131 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Yifeng Li, Paul Burton, linux-mips,
	Jiaxun Yang, Huacai Chen, Ralf Baechle, James Hogan

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Yifeng Li <tomli@tomli.me>

commit 5f5f67da9781770df0403269bc57d7aae608fecd upstream.

Timekeeping IRQs from CS5536 MFGPT are routed to i8259, which then
triggers the "cascade" IRQ on MIPS CPU. Without IRQF_NO_SUSPEND in
cascade_irqaction, MFGPT interrupts will be masked in suspend mode,
and the machine would be unable to resume once suspended.

Previously, MIPS IRQs were not disabled properly, so the original
code appeared to work. Commit a3e6c1eff5 ("MIPS: IRQ: Fix disable_irq on
CPU IRQs") uncovers the bug. To fix it, add IRQF_NO_SUSPEND to
cascade_irqaction.

This commit is functionally identical to 0add9c2f1cff ("MIPS:
Loongson-3: Add IRQF_NO_SUSPEND to Cascade irqaction"), but it forgot
to apply the same fix to Loongson2.

Signed-off-by: Yifeng Li <tomli@tomli.me>
Signed-off-by: Paul Burton <paul.burton@mips.com>
Cc: linux-mips@vger.kernel.org
Cc: Jiaxun Yang <jiaxun.yang@flygoat.com>
Cc: Huacai Chen <chenhc@lemote.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: James Hogan <jhogan@kernel.org>
Cc: linux-kernel@vger.kernel.org
Cc: stable@vger.kernel.org # v3.19+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/mips/loongson64/lemote-2f/irq.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/mips/loongson64/lemote-2f/irq.c
+++ b/arch/mips/loongson64/lemote-2f/irq.c
@@ -102,7 +102,7 @@ static struct irqaction ip6_irqaction =
 static struct irqaction cascade_irqaction = {
 	.handler = no_action,
 	.name = "cascade",
-	.flags = IRQF_NO_THREAD,
+	.flags = IRQF_NO_THREAD | IRQF_NO_SUSPEND,
 };
 
 void __init mach_init_irq(void)



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 005/131] MIPS: Fix kernel crash for R6 in jump label branch function
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (3 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 004/131] mips: loongson64: lemote-2f: Add IRQF_NO_SUSPEND to "cascade" irqaction Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 006/131] futex: Ensure that futex address is aligned in handle_futex_death() Greg Kroah-Hartman
                   ` (130 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Archer Yan, Paul Burton, linux-mips

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Archer Yan <ayan@wavecomp.com>

commit 47c25036b60f27b86ab44b66a8861bcf81cde39b upstream.

Insert Branch instruction instead of NOP to make sure assembler don't
patch code in forbidden slot. In jump label function, it might
be possible to patch Control Transfer Instructions(CTIs) into
forbidden slot, which will generate Reserved Instruction exception
in MIPS release 6.

Signed-off-by: Archer Yan <ayan@wavecomp.com>
Reviewed-by: Paul Burton <paul.burton@mips.com>
[paul.burton@mips.com:
  - Add MIPS prefix to subject.
  - Mark for stable from v4.0, which introduced r6 support, onwards.]
Signed-off-by: Paul Burton <paul.burton@mips.com>
Cc: linux-mips@vger.kernel.org
Cc: stable@vger.kernel.org # v4.0+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/mips/include/asm/jump_label.h |    8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

--- a/arch/mips/include/asm/jump_label.h
+++ b/arch/mips/include/asm/jump_label.h
@@ -21,15 +21,15 @@
 #endif
 
 #ifdef CONFIG_CPU_MICROMIPS
-#define NOP_INSN "nop32"
+#define B_INSN "b32"
 #else
-#define NOP_INSN "nop"
+#define B_INSN "b"
 #endif
 
 static __always_inline bool arch_static_branch(struct static_key *key, bool branch)
 {
-	asm_volatile_goto("1:\t" NOP_INSN "\n\t"
-		"nop\n\t"
+	asm_volatile_goto("1:\t" B_INSN " 2f\n\t"
+		"2:\tnop\n\t"
 		".pushsection __jump_table,  \"aw\"\n\t"
 		WORD_INSN " 1b, %l[l_yes], %0\n\t"
 		".popsection\n\t"



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 006/131] futex: Ensure that futex address is aligned in handle_futex_death()
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (4 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 005/131] MIPS: Fix kernel crash for R6 in jump label branch function Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 007/131] ext4: fix NULL pointer dereference while journal is aborted Greg Kroah-Hartman
                   ` (129 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Chen Jie, Thomas Gleixner, dvhart,
	peterz, zengweilin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Chen Jie <chenjie6@huawei.com>

commit 5a07168d8d89b00fe1760120714378175b3ef992 upstream.

The futex code requires that the user space addresses of futexes are 32bit
aligned. sys_futex() checks this in futex_get_keys() but the robust list
code has no alignment check in place.

As a consequence the kernel crashes on architectures with strict alignment
requirements in handle_futex_death() when trying to cmpxchg() on an
unaligned futex address which was retrieved from the robust list.

[ tglx: Rewrote changelog, proper sizeof() based alignement check and add
  	comment ]

Fixes: 0771dfefc9e5 ("[PATCH] lightweight robust futexes: core")
Signed-off-by: Chen Jie <chenjie6@huawei.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: <dvhart@infradead.org>
Cc: <peterz@infradead.org>
Cc: <zengweilin@huawei.com>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/1552621478-119787-1-git-send-email-chenjie6@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 kernel/futex.c |    4 ++++
 1 file changed, 4 insertions(+)

--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -3067,6 +3067,10 @@ int handle_futex_death(u32 __user *uaddr
 {
 	u32 uval, uninitialized_var(nval), mval;
 
+	/* Futex address must be 32bit aligned */
+	if ((((unsigned long)uaddr) % sizeof(*uaddr)) != 0)
+		return -1;
+
 retry:
 	if (get_user(uval, uaddr))
 		return -1;



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 007/131] ext4: fix NULL pointer dereference while journal is aborted
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (5 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 006/131] futex: Ensure that futex address is aligned in handle_futex_death() Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 008/131] ext4: fix data corruption caused by unaligned direct AIO Greg Kroah-Hartman
                   ` (128 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jiufei Xue, Theodore Tso, Joseph Qi, stable

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Jiufei Xue <jiufei.xue@linux.alibaba.com>

commit fa30dde38aa8628c73a6dded7cb0bba38c27b576 upstream.

We see the following NULL pointer dereference while running xfstests
generic/475:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
PGD 8000000c84bad067 P4D 8000000c84bad067 PUD c84e62067 PMD 0
Oops: 0000 [#1] SMP PTI
CPU: 7 PID: 9886 Comm: fsstress Kdump: loaded Not tainted 5.0.0-rc8 #10
RIP: 0010:ext4_do_update_inode+0x4ec/0x760
...
Call Trace:
? jbd2_journal_get_write_access+0x42/0x50
? __ext4_journal_get_write_access+0x2c/0x70
? ext4_truncate+0x186/0x3f0
ext4_mark_iloc_dirty+0x61/0x80
ext4_mark_inode_dirty+0x62/0x1b0
ext4_truncate+0x186/0x3f0
? unmap_mapping_pages+0x56/0x100
ext4_setattr+0x817/0x8b0
notify_change+0x1df/0x430
do_truncate+0x5e/0x90
? generic_permission+0x12b/0x1a0

This is triggered because the NULL pointer handle->h_transaction was
dereferenced in function ext4_update_inode_fsync_trans().
I found that the h_transaction was set to NULL in jbd2__journal_restart
but failed to attached to a new transaction while the journal is aborted.

Fix this by checking the handle before updating the inode.

Fixes: b436b9bef84d ("ext4: Wait for proper transaction commit on fsync")
Signed-off-by: Jiufei Xue <jiufei.xue@linux.alibaba.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/ext4/ext4_jbd2.h |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/fs/ext4/ext4_jbd2.h
+++ b/fs/ext4/ext4_jbd2.h
@@ -372,7 +372,7 @@ static inline void ext4_update_inode_fsy
 {
 	struct ext4_inode_info *ei = EXT4_I(inode);
 
-	if (ext4_handle_valid(handle)) {
+	if (ext4_handle_valid(handle) && !is_handle_aborted(handle)) {
 		ei->i_sync_tid = handle->h_transaction->t_tid;
 		if (datasync)
 			ei->i_datasync_tid = handle->h_transaction->t_tid;



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 008/131] ext4: fix data corruption caused by unaligned direct AIO
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (6 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 007/131] ext4: fix NULL pointer dereference while journal is aborted Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 009/131] ext4: brelse all indirect buffer in ext4_ind_remove_space() Greg Kroah-Hartman
                   ` (127 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Frank Sorenson, Lukas Czerner, Theodore Tso

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Lukas Czerner <lczerner@redhat.com>

commit 372a03e01853f860560eade508794dd274e9b390 upstream.

Ext4 needs to serialize unaligned direct AIO because the zeroing of
partial blocks of two competing unaligned AIOs can result in data
corruption.

However it decides not to serialize if the potentially unaligned aio is
past i_size with the rationale that no pending writes are possible past
i_size. Unfortunately if the i_size is not block aligned and the second
unaligned write lands past i_size, but still into the same block, it has
the potential of corrupting the previous unaligned write to the same
block.

This is (very simplified) reproducer from Frank

    // 41472 = (10 * 4096) + 512
    // 37376 = 41472 - 4096

    ftruncate(fd, 41472);
    io_prep_pwrite(iocbs[0], fd, buf[0], 4096, 37376);
    io_prep_pwrite(iocbs[1], fd, buf[1], 4096, 41472);

    io_submit(io_ctx, 1, &iocbs[1]);
    io_submit(io_ctx, 1, &iocbs[2]);

    io_getevents(io_ctx, 2, 2, events, NULL);

Without this patch the 512B range from 40960 up to the start of the
second unaligned write (41472) is going to be zeroed overwriting the data
written by the first write. This is a data corruption.

00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
*
00009200  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30
*
0000a000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
*
0000a200  31 31 31 31 31 31 31 31  31 31 31 31 31 31 31 31

With this patch the data corruption is avoided because we will recognize
the unaligned_aio and wait for the unwritten extent conversion.

00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
*
00009200  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30
*
0000a200  31 31 31 31 31 31 31 31  31 31 31 31 31 31 31 31
*
0000b200

Reported-by: Frank Sorenson <fsorenso@redhat.com>
Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Fixes: e9e3bcecf44c ("ext4: serialize unaligned asynchronous DIO")
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/ext4/file.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/fs/ext4/file.c
+++ b/fs/ext4/file.c
@@ -79,7 +79,7 @@ ext4_unaligned_aio(struct inode *inode,
 	struct super_block *sb = inode->i_sb;
 	int blockmask = sb->s_blocksize - 1;
 
-	if (pos >= i_size_read(inode))
+	if (pos >= ALIGN(i_size_read(inode), sb->s_blocksize))
 		return 0;
 
 	if ((pos | iov_iter_alignment(from)) & blockmask)



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 009/131] ext4: brelse all indirect buffer in ext4_ind_remove_space()
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (7 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 008/131] ext4: fix data corruption caused by unaligned direct AIO Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 010/131] mmc: tmio_mmc_core: dont claim spurious interrupts Greg Kroah-Hartman
                   ` (126 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Hulk Robot, zhangyi (F),
	Theodore Tso, Jan Kara, stable

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: zhangyi (F) <yi.zhang@huawei.com>

commit 674a2b27234d1b7afcb0a9162e81b2e53aeef217 upstream.

All indirect buffers get by ext4_find_shared() should be released no
mater the branch should be freed or not. But now, we forget to release
the lower depth indirect buffers when removing space from the same
higher depth indirect block. It will lead to buffer leak and futher
more, it may lead to quota information corruption when using old quota,
consider the following case.

 - Create and mount an empty ext4 filesystem without extent and quota
   features,
 - quotacheck and enable the user & group quota,
 - Create some files and write some data to them, and then punch hole
   to some files of them, it may trigger the buffer leak problem
   mentioned above.
 - Disable quota and run quotacheck again, it will create two new
   aquota files and write the checked quota information to them, which
   probably may reuse the freed indirect block(the buffer and page
   cache was not freed) as data block.
 - Enable quota again, it will invoke
   vfs_load_quota_inode()->invalidate_bdev() to try to clean unused
   buffers and pagecache. Unfortunately, because of the buffer of quota
   data block is still referenced, quota code cannot read the up to date
   quota info from the device and lead to quota information corruption.

This problem can be reproduced by xfstests generic/231 on ext3 file
system or ext4 file system without extent and quota features.

This patch fix this problem by releasing the missing indirect buffers,
in ext4_ind_remove_space().

Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: zhangyi (F) <yi.zhang@huawei.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Jan Kara <jack@suse.cz>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/ext4/indirect.c |   12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

--- a/fs/ext4/indirect.c
+++ b/fs/ext4/indirect.c
@@ -1491,10 +1491,14 @@ end_range:
 					   partial->p + 1,
 					   partial2->p,
 					   (chain+n-1) - partial);
-			BUFFER_TRACE(partial->bh, "call brelse");
-			brelse(partial->bh);
-			BUFFER_TRACE(partial2->bh, "call brelse");
-			brelse(partial2->bh);
+			while (partial > chain) {
+				BUFFER_TRACE(partial->bh, "call brelse");
+				brelse(partial->bh);
+			}
+			while (partial2 > chain2) {
+				BUFFER_TRACE(partial2->bh, "call brelse");
+				brelse(partial2->bh);
+			}
 			return 0;
 		}
 



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 010/131] mmc: tmio_mmc_core: dont claim spurious interrupts
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (8 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 009/131] ext4: brelse all indirect buffer in ext4_ind_remove_space() Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 011/131] media: v4l2-ctrls.c/uvc: zero v4l2_event Greg Kroah-Hartman
                   ` (125 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Sergei Shtylyov, Wolfram Sang,
	Simon Horman, Ulf Hansson

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>

commit 5c27ff5db1491a947264d6d4e4cbe43ae6535bae upstream.

I have encountered an interrupt storm during the eMMC chip probing (and
the chip finally didn't get detected).  It turned out that U-Boot left
the DMAC interrupts enabled while the Linux driver  didn't use those.
The SDHI driver's interrupt handler somehow assumes that, even if an
SDIO interrupt didn't happen, it should return IRQ_HANDLED.  I think
that if none of the enabled interrupts happened and got handled, we
should return IRQ_NONE -- that way the kernel IRQ code recoginizes
a spurious interrupt and masks it off pretty quickly...

Fixes: 7729c7a232a9 ("mmc: tmio: Provide separate interrupt handlers")
Signed-off-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
Reviewed-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Tested-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Reviewed-by: Simon Horman <horms+renesas@verge.net.au>
Cc: stable@vger.kernel.org
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/mmc/host/tmio_mmc_pio.c |    8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

--- a/drivers/mmc/host/tmio_mmc_pio.c
+++ b/drivers/mmc/host/tmio_mmc_pio.c
@@ -716,7 +716,7 @@ irqreturn_t tmio_mmc_sdio_irq(int irq, v
 	unsigned int sdio_status;
 
 	if (!(pdata->flags & TMIO_MMC_SDIO_IRQ))
-		return IRQ_HANDLED;
+		return IRQ_NONE;
 
 	status = sd_ctrl_read16(host, CTL_SDIO_STATUS);
 	ireg = status & TMIO_SDIO_MASK_ALL & ~host->sdcard_irq_mask;
@@ -730,7 +730,7 @@ irqreturn_t tmio_mmc_sdio_irq(int irq, v
 	if (mmc->caps & MMC_CAP_SDIO_IRQ && ireg & TMIO_SDIO_STAT_IOIRQ)
 		mmc_signal_sdio_irq(mmc);
 
-	return IRQ_HANDLED;
+	return IRQ_RETVAL(ireg);
 }
 EXPORT_SYMBOL(tmio_mmc_sdio_irq);
 
@@ -747,9 +747,7 @@ irqreturn_t tmio_mmc_irq(int irq, void *
 	if (__tmio_mmc_sdcard_irq(host, ireg, status))
 		return IRQ_HANDLED;
 
-	tmio_mmc_sdio_irq(irq, devid);
-
-	return IRQ_HANDLED;
+	return tmio_mmc_sdio_irq(irq, devid);
 }
 EXPORT_SYMBOL(tmio_mmc_irq);
 



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 011/131] media: v4l2-ctrls.c/uvc: zero v4l2_event
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (9 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 010/131] mmc: tmio_mmc_core: dont claim spurious interrupts Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 012/131] locking/lockdep: Add debug_locks check in __lock_downgrade() Greg Kroah-Hartman
                   ` (124 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Hans Verkuil,
	syzbot+4f021cf3697781dbd9fb, Laurent Pinchart,
	Mauro Carvalho Chehab

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Hans Verkuil <hverkuil@xs4all.nl>

commit f45f3f753b0a3d739acda8e311b4f744d82dc52a upstream.

Control events can leak kernel memory since they do not fully zero the
event. The same code is present in both v4l2-ctrls.c and uvc_ctrl.c, so
fix both.

It appears that all other event code is properly zeroing the structure,
it's these two places.

Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Reported-by: syzbot+4f021cf3697781dbd9fb@syzkaller.appspotmail.com
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/media/usb/uvc/uvc_ctrl.c     |    2 +-
 drivers/media/v4l2-core/v4l2-ctrls.c |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

--- a/drivers/media/usb/uvc/uvc_ctrl.c
+++ b/drivers/media/usb/uvc/uvc_ctrl.c
@@ -1202,7 +1202,7 @@ static void uvc_ctrl_fill_event(struct u
 
 	__uvc_query_v4l2_ctrl(chain, ctrl, mapping, &v4l2_ctrl);
 
-	memset(ev->reserved, 0, sizeof(ev->reserved));
+	memset(ev, 0, sizeof(*ev));
 	ev->type = V4L2_EVENT_CTRL;
 	ev->id = v4l2_ctrl.id;
 	ev->u.ctrl.value = value;
--- a/drivers/media/v4l2-core/v4l2-ctrls.c
+++ b/drivers/media/v4l2-core/v4l2-ctrls.c
@@ -1212,7 +1212,7 @@ static u32 user_flags(const struct v4l2_
 
 static void fill_event(struct v4l2_event *ev, struct v4l2_ctrl *ctrl, u32 changes)
 {
-	memset(ev->reserved, 0, sizeof(ev->reserved));
+	memset(ev, 0, sizeof(*ev));
 	ev->type = V4L2_EVENT_CTRL;
 	ev->id = ctrl->id;
 	ev->u.ctrl.changes = changes;



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 012/131] locking/lockdep: Add debug_locks check in __lock_downgrade()
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (10 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 011/131] media: v4l2-ctrls.c/uvc: zero v4l2_event Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 013/131] ALSA: hda - Record the current power state before suspend/resume calls Greg Kroah-Hartman
                   ` (123 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Tetsuo Handa,
	syzbot+53383ae265fb161ef488, Waiman Long, Peter Zijlstra (Intel),
	Andrew Morton, Linus Torvalds, Paul E. McKenney, Thomas Gleixner,
	Will Deacon, Ingo Molnar

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Waiman Long <longman@redhat.com>

commit 71492580571467fb7177aade19c18ce7486267f5 upstream.

Tetsuo Handa had reported he saw an incorrect "downgrading a read lock"
warning right after a previous lockdep warning. It is likely that the
previous warning turned off lock debugging causing the lockdep to have
inconsistency states leading to the lock downgrade warning.

Fix that by add a check for debug_locks at the beginning of
__lock_downgrade().

Debugged-by: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Reported-by: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Reported-by: syzbot+53383ae265fb161ef488@syzkaller.appspotmail.com
Signed-off-by: Waiman Long <longman@redhat.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Will Deacon <will.deacon@arm.com>
Link: https://lkml.kernel.org/r/1547093005-26085-1-git-send-email-longman@redhat.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 kernel/locking/lockdep.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/kernel/locking/lockdep.c
+++ b/kernel/locking/lockdep.c
@@ -3314,6 +3314,9 @@ __lock_set_class(struct lockdep_map *loc
 	unsigned int depth;
 	int i;
 
+	if (unlikely(!debug_locks))
+		return 0;
+
 	depth = curr->lockdep_depth;
 	/*
 	 * This function is about (re)setting the class of a held lock,



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 013/131] ALSA: hda - Record the current power state before suspend/resume calls
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (11 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 012/131] locking/lockdep: Add debug_locks check in __lock_downgrade() Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 014/131] ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec Greg Kroah-Hartman
                   ` (122 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Takashi Iwai <tiwai@suse.de>

commit 98081ca62cbac31fb0f7efaf90b2e7384ce22257 upstream.

Currently we deal with single codec and suspend codec callbacks for
all S3, S4 and runtime PM handling.  But it turned out that we want
distinguish the call patterns sometimes, e.g. for applying some init
sequence only at probing and restoring from hibernate.

This patch slightly modifies the common PM callbacks for HD-audio
codec and stores the currently processed PM event in power_state of
the codec's device.power field, which is currently unused.  The codec
callback can take a look at this event value and judges which purpose
it's being called.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 sound/pci/hda/hda_codec.c |   43 +++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 41 insertions(+), 2 deletions(-)

--- a/sound/pci/hda/hda_codec.c
+++ b/sound/pci/hda/hda_codec.c
@@ -3004,6 +3004,7 @@ static void hda_call_codec_resume(struct
 		hda_jackpoll_work(&codec->jackpoll_work.work);
 	else
 		snd_hda_jack_report_sync(codec);
+	codec->core.dev.power.power_state = PMSG_ON;
 	atomic_dec(&codec->core.in_pm);
 }
 
@@ -3036,10 +3037,48 @@ static int hda_codec_runtime_resume(stru
 }
 #endif /* CONFIG_PM */
 
+#ifdef CONFIG_PM_SLEEP
+static int hda_codec_pm_suspend(struct device *dev)
+{
+	dev->power.power_state = PMSG_SUSPEND;
+	return pm_runtime_force_suspend(dev);
+}
+
+static int hda_codec_pm_resume(struct device *dev)
+{
+	dev->power.power_state = PMSG_RESUME;
+	return pm_runtime_force_resume(dev);
+}
+
+static int hda_codec_pm_freeze(struct device *dev)
+{
+	dev->power.power_state = PMSG_FREEZE;
+	return pm_runtime_force_suspend(dev);
+}
+
+static int hda_codec_pm_thaw(struct device *dev)
+{
+	dev->power.power_state = PMSG_THAW;
+	return pm_runtime_force_resume(dev);
+}
+
+static int hda_codec_pm_restore(struct device *dev)
+{
+	dev->power.power_state = PMSG_RESTORE;
+	return pm_runtime_force_resume(dev);
+}
+#endif /* CONFIG_PM_SLEEP */
+
 /* referred in hda_bind.c */
 const struct dev_pm_ops hda_codec_driver_pm = {
-	SET_SYSTEM_SLEEP_PM_OPS(pm_runtime_force_suspend,
-				pm_runtime_force_resume)
+#ifdef CONFIG_PM_SLEEP
+	.suspend = hda_codec_pm_suspend,
+	.resume = hda_codec_pm_resume,
+	.freeze = hda_codec_pm_freeze,
+	.thaw = hda_codec_pm_thaw,
+	.poweroff = hda_codec_pm_suspend,
+	.restore = hda_codec_pm_restore,
+#endif /* CONFIG_PM_SLEEP */
 	SET_RUNTIME_PM_OPS(hda_codec_runtime_suspend, hda_codec_runtime_resume,
 			   NULL)
 };



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 014/131] ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (12 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 013/131] ALSA: hda - Record the current power state before suspend/resume calls Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 015/131] mmc: pwrseq_simple: Make reset-gpios optional to match doc Greg Kroah-Hartman
                   ` (121 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Hui Wang, Takashi Iwai

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Hui Wang <hui.wang@canonical.com>

commit b5a236c175b0d984552a5f7c9d35141024c2b261 upstream.

Recently we found the audio jack detection stop working after suspend
on many machines with Realtek codec. Sometimes the audio selection
dialogue didn't show up after users plugged headhphone/headset into
the headset jack, sometimes after uses plugged headphone/headset, then
click the sound icon on the upper-right corner of gnome-desktop, it
also showed the speaker rather than the headphone.

The root cause is that before suspend, the codec already call the
runtime_suspend since this codec is not used by any apps, then in
resume, it will not call runtime_resume for this codec. But for some
realtek codec (so far, alc236, alc255 and alc891) with the specific
BIOS, if it doesn't run runtime_resume after suspend, all codec
functions including jack detection stop working anymore.

This problem existed for a long time, but it was not exposed, that is
because when problem happens, if users play sound or open
sound-setting to check audio device, this will trigger calling to
runtime_resume (via snd_hda_power_up), then the codec starts working
again before users notice this problem.

Since we don't know how many codec and BIOS combinations have this
problem, to fix it, let the driver call runtime_resume for all codecs
in pm_resume, maybe for some codecs, this is not needed, but it is
harmless. After a codec is runtime resumed, if it is not used by any
apps, it will be runtime suspended soon and furthermore we don't run
suspend frequently, this change will not add much power consumption.

Fixes: cc72da7d4d06 ("ALSA: hda - Use standard runtime PM for codec power-save control")
Signed-off-by: Hui Wang <hui.wang@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 sound/pci/hda/hda_codec.c |   20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

--- a/sound/pci/hda/hda_codec.c
+++ b/sound/pci/hda/hda_codec.c
@@ -3038,6 +3038,20 @@ static int hda_codec_runtime_resume(stru
 #endif /* CONFIG_PM */
 
 #ifdef CONFIG_PM_SLEEP
+static int hda_codec_force_resume(struct device *dev)
+{
+	int ret;
+
+	/* The get/put pair below enforces the runtime resume even if the
+	 * device hasn't been used at suspend time.  This trick is needed to
+	 * update the jack state change during the sleep.
+	 */
+	pm_runtime_get_noresume(dev);
+	ret = pm_runtime_force_resume(dev);
+	pm_runtime_put(dev);
+	return ret;
+}
+
 static int hda_codec_pm_suspend(struct device *dev)
 {
 	dev->power.power_state = PMSG_SUSPEND;
@@ -3047,7 +3061,7 @@ static int hda_codec_pm_suspend(struct d
 static int hda_codec_pm_resume(struct device *dev)
 {
 	dev->power.power_state = PMSG_RESUME;
-	return pm_runtime_force_resume(dev);
+	return hda_codec_force_resume(dev);
 }
 
 static int hda_codec_pm_freeze(struct device *dev)
@@ -3059,13 +3073,13 @@ static int hda_codec_pm_freeze(struct de
 static int hda_codec_pm_thaw(struct device *dev)
 {
 	dev->power.power_state = PMSG_THAW;
-	return pm_runtime_force_resume(dev);
+	return hda_codec_force_resume(dev);
 }
 
 static int hda_codec_pm_restore(struct device *dev)
 {
 	dev->power.power_state = PMSG_RESTORE;
-	return pm_runtime_force_resume(dev);
+	return hda_codec_force_resume(dev);
 }
 #endif /* CONFIG_PM_SLEEP */
 



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 015/131] mmc: pwrseq_simple: Make reset-gpios optional to match doc
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (13 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 014/131] ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 016/131] mmc: debugfs: Add a restriction to mmc debugfs clock setting Greg Kroah-Hartman
                   ` (120 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Tony Lindgren, Martin Fuzzey,
	Ulf Hansson, Arnd Bergmann

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Martin Fuzzey <mfuzzey@parkeon.com>

commit 64a67d4762ce3ce4c9466eadd152d825fbf84967 upstream.

The DT binding doc says reset-gpios is an optional property but the code
currently bails out if it is omitted.

This is a regression since it breaks previously working device trees.
Fix it by restoring the original documented behaviour.

Fixes: ce037275861e ("mmc: pwrseq_simple: use GPIO descriptors array API")
Tested-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Martin Fuzzey <mfuzzey@parkeon.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/mmc/core/pwrseq_simple.c |   22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

--- a/drivers/mmc/core/pwrseq_simple.c
+++ b/drivers/mmc/core/pwrseq_simple.c
@@ -29,15 +29,18 @@ struct mmc_pwrseq_simple {
 static void mmc_pwrseq_simple_set_gpios_value(struct mmc_pwrseq_simple *pwrseq,
 					      int value)
 {
-	int i;
 	struct gpio_descs *reset_gpios = pwrseq->reset_gpios;
-	int values[reset_gpios->ndescs];
 
-	for (i = 0; i < reset_gpios->ndescs; i++)
-		values[i] = value;
+	if (!IS_ERR(reset_gpios)) {
+		int i;
+		int values[reset_gpios->ndescs];
 
-	gpiod_set_array_value_cansleep(reset_gpios->ndescs, reset_gpios->desc,
-				       values);
+		for (i = 0; i < reset_gpios->ndescs; i++)
+			values[i] = value;
+
+		gpiod_set_array_value_cansleep(
+			reset_gpios->ndescs, reset_gpios->desc, values);
+	}
 }
 
 static void mmc_pwrseq_simple_pre_power_on(struct mmc_host *host)
@@ -79,7 +82,8 @@ static void mmc_pwrseq_simple_free(struc
 	struct mmc_pwrseq_simple *pwrseq = container_of(host->pwrseq,
 					struct mmc_pwrseq_simple, pwrseq);
 
-	gpiod_put_array(pwrseq->reset_gpios);
+	if (!IS_ERR(pwrseq->reset_gpios))
+		gpiod_put_array(pwrseq->reset_gpios);
 
 	if (!IS_ERR(pwrseq->ext_clk))
 		clk_put(pwrseq->ext_clk);
@@ -112,7 +116,9 @@ struct mmc_pwrseq *mmc_pwrseq_simple_all
 	}
 
 	pwrseq->reset_gpios = gpiod_get_array(dev, "reset", GPIOD_OUT_HIGH);
-	if (IS_ERR(pwrseq->reset_gpios)) {
+	if (IS_ERR(pwrseq->reset_gpios) &&
+	    PTR_ERR(pwrseq->reset_gpios) != -ENOENT &&
+	    PTR_ERR(pwrseq->reset_gpios) != -ENOSYS) {
 		ret = PTR_ERR(pwrseq->reset_gpios);
 		goto clk_put;
 	}



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 016/131] mmc: debugfs: Add a restriction to mmc debugfs clock setting
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (14 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 015/131] mmc: pwrseq_simple: Make reset-gpios optional to match doc Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 017/131] mmc: make MAN_BKOPS_EN message a debug Greg Kroah-Hartman
                   ` (119 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Yuan Juntao, Pawel Wodkowski,
	Ulf Hansson, Arnd Bergmann

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Chuanxiao Dong <chuanxiao.dong@intel.com>

commit e5905ff1281f0a0f5c9863c430ac1ed5faaf5707 upstream.

Clock frequency values written to an mmc host should not be less than
the minimum clock frequency which the mmc host supports.

Signed-off-by: Yuan Juntao <juntaox.yuan@intel.com>
Signed-off-by: Pawel Wodkowski <pawelx.wodkowski@intel.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/mmc/core/debugfs.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/mmc/core/debugfs.c
+++ b/drivers/mmc/core/debugfs.c
@@ -220,7 +220,7 @@ static int mmc_clock_opt_set(void *data,
 	struct mmc_host *host = data;
 
 	/* We need this check due to input value is u64 */
-	if (val > host->f_max)
+	if (val != 0 && (val > host->f_max || val < host->f_min))
 		return -EINVAL;
 
 	mmc_claim_host(host);



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 017/131] mmc: make MAN_BKOPS_EN message a debug
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (15 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 016/131] mmc: debugfs: Add a restriction to mmc debugfs clock setting Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 018/131] mmc: sanitize bus width in debug output Greg Kroah-Hartman
                   ` (118 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Wolfram Sang, Ulf Hansson, Arnd Bergmann

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Wolfram Sang <wsa+renesas@sang-engineering.com>

commit 4ec96b4cbde8d5714a4477b5a2562c3dd40bc5fa upstream.

IMO this info is only useful for developers. Most users won't need this
information, since there is not much they can do about it.

Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/mmc/core/mmc.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/mmc/core/mmc.c
+++ b/drivers/mmc/core/mmc.c
@@ -508,7 +508,7 @@ static int mmc_decode_ext_csd(struct mmc
 			card->ext_csd.raw_bkops_status =
 				ext_csd[EXT_CSD_BKOPS_STATUS];
 			if (!card->ext_csd.man_bkops_en)
-				pr_info("%s: MAN_BKOPS_EN bit is not set\n",
+				pr_debug("%s: MAN_BKOPS_EN bit is not set\n",
 					mmc_hostname(card->host));
 		}
 



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 018/131] mmc: sanitize bus width in debug output
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (16 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 017/131] mmc: make MAN_BKOPS_EN message a debug Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 019/131] mmc: core: shut up "voltage-ranges unspecified" pr_info() Greg Kroah-Hartman
                   ` (117 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Wolfram Sang, Ulf Hansson, Arnd Bergmann

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Wolfram Sang <wsa+renesas@sang-engineering.com>

commit ed9feec72fc1fa194ebfdb79e14561b35decce63 upstream.

The bus width is sometimes the actual bus width, and sometimes indices
to different arrays encoding the bus width. In my debugging case "2"
could mean 8-bit as well as 4-bit, which was extremly confusing. Let's
use the human-readable actual bus width in all places.

Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/mmc/core/core.c |    2 +-
 drivers/mmc/core/mmc.c  |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

--- a/drivers/mmc/core/core.c
+++ b/drivers/mmc/core/core.c
@@ -1039,7 +1039,7 @@ static inline void mmc_set_ios(struct mm
 		"width %u timing %u\n",
 		 mmc_hostname(host), ios->clock, ios->bus_mode,
 		 ios->power_mode, ios->chip_select, ios->vdd,
-		 ios->bus_width, ios->timing);
+		 1 << ios->bus_width, ios->timing);
 
 	host->ops->set_ios(host, ios);
 }
--- a/drivers/mmc/core/mmc.c
+++ b/drivers/mmc/core/mmc.c
@@ -952,7 +952,7 @@ static int mmc_select_bus_width(struct m
 			break;
 		} else {
 			pr_warn("%s: switch to bus width %d failed\n",
-				mmc_hostname(host), ext_csd_bits[idx]);
+				mmc_hostname(host), 1 << bus_width);
 		}
 	}
 



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 019/131] mmc: core: shut up "voltage-ranges unspecified" pr_info()
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (17 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 018/131] mmc: sanitize bus width in debug output Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 020/131] usb: dwc3: gadget: Fix suspend/resume during device mode Greg Kroah-Hartman
                   ` (116 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Russell King, Ulf Hansson, Arnd Bergmann

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Russell King <rmk+kernel@arm.linux.org.uk>

commit 10a16a01d8f72e80f4780e40cf3122f4caffa411 upstream.

Each time a driver such as sdhci-esdhc-imx is probed, we get a info
printk complaining that the DT voltage-ranges property has not been
specified.

However, the DT binding specifically says that the voltage-ranges
property is optional.  That means we should not be complaining that
DT hasn't specified this property: by indicating that it's optional,
it is valid not to have the property in DT.

Silence the warning if the property is missing.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/mmc/core/core.c |    8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

--- a/drivers/mmc/core/core.c
+++ b/drivers/mmc/core/core.c
@@ -1220,8 +1220,12 @@ int mmc_of_parse_voltage(struct device_n
 
 	voltage_ranges = of_get_property(np, "voltage-ranges", &num_ranges);
 	num_ranges = num_ranges / sizeof(*voltage_ranges) / 2;
-	if (!voltage_ranges || !num_ranges) {
-		pr_info("%s: voltage-ranges unspecified\n", np->full_name);
+	if (!voltage_ranges) {
+		pr_debug("%s: voltage-ranges unspecified\n", np->full_name);
+		return -EINVAL;
+	}
+	if (!num_ranges) {
+		pr_err("%s: voltage-ranges empty\n", np->full_name);
 		return -EINVAL;
 	}
 



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 020/131] usb: dwc3: gadget: Fix suspend/resume during device mode
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (18 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 019/131] mmc: core: shut up "voltage-ranges unspecified" pr_info() Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 021/131] arm64: mm: Add trace_irqflags annotations to do_debug_exception() Greg Kroah-Hartman
                   ` (115 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Roger Quadros, Felipe Balbi, Arnd Bergmann

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Roger Quadros <rogerq@ti.com>

commit 9772b47a4c2916d645c551228b6085ea24acbe5d upstream.

Gadget controller might not be always active during system
suspend/resume as gadget driver might not have yet been loaded or
might have been unloaded prior to system suspend.

Check if we're active and only then perform
necessary actions during suspend/resume.

Signed-off-by: Roger Quadros <rogerq@ti.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/usb/dwc3/gadget.c |    6 ++++++
 1 file changed, 6 insertions(+)

--- a/drivers/usb/dwc3/gadget.c
+++ b/drivers/usb/dwc3/gadget.c
@@ -2894,6 +2894,9 @@ void dwc3_gadget_exit(struct dwc3 *dwc)
 
 int dwc3_gadget_suspend(struct dwc3 *dwc)
 {
+	if (!dwc->gadget_driver)
+		return 0;
+
 	if (dwc->pullups_connected) {
 		dwc3_gadget_disable_irq(dwc);
 		dwc3_gadget_run_stop(dwc, true, true);
@@ -2912,6 +2915,9 @@ int dwc3_gadget_resume(struct dwc3 *dwc)
 	struct dwc3_ep		*dep;
 	int			ret;
 
+	if (!dwc->gadget_driver)
+		return 0;
+
 	/* Start with SuperSpeed Default */
 	dwc3_gadget_ep0_desc.wMaxPacketSize = cpu_to_le16(512);
 



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 021/131] arm64: mm: Add trace_irqflags annotations to do_debug_exception()
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (19 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 020/131] usb: dwc3: gadget: Fix suspend/resume during device mode Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 022/131] mmc: core: fix using wrong io voltage if mmc_select_hs200 fails Greg Kroah-Hartman
                   ` (114 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, James Morse, Will Deacon, Arnd Bergmann

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: James Morse <james.morse@arm.com>

commit 6afedcd23cfd7ac56c011069e4a8db37b46e4623 upstream.

With CONFIG_PROVE_LOCKING, CONFIG_DEBUG_LOCKDEP and CONFIG_TRACE_IRQFLAGS
enabled, lockdep will compare current->hardirqs_enabled with the flags from
local_irq_save().

When a debug exception occurs, interrupts are disabled in entry.S, but
lockdep isn't told, resulting in:
DEBUG_LOCKS_WARN_ON(current->hardirqs_enabled)
------------[ cut here ]------------
WARNING: at ../kernel/locking/lockdep.c:3523
Modules linked in:
CPU: 3 PID: 1752 Comm: perf Not tainted 4.5.0-rc4+ #2204
Hardware name: ARM Juno development board (r1) (DT)
task: ffffffc974868000 ti: ffffffc975f40000 task.ti: ffffffc975f40000
PC is at check_flags.part.35+0x17c/0x184
LR is at check_flags.part.35+0x17c/0x184
pc : [<ffffff80080fc93c>] lr : [<ffffff80080fc93c>] pstate: 600003c5
[...]
---[ end trace 74631f9305ef5020 ]---
Call trace:
[<ffffff80080fc93c>] check_flags.part.35+0x17c/0x184
[<ffffff80080ffe30>] lock_acquire+0xa8/0xc4
[<ffffff8008093038>] breakpoint_handler+0x118/0x288
[<ffffff8008082434>] do_debug_exception+0x3c/0xa8
[<ffffff80080854b4>] el1_dbg+0x18/0x6c
[<ffffff80081e82f4>] do_filp_open+0x64/0xdc
[<ffffff80081d6e60>] do_sys_open+0x140/0x204
[<ffffff80081d6f58>] SyS_openat+0x10/0x18
[<ffffff8008085d30>] el0_svc_naked+0x24/0x28
possible reason: unannotated irqs-off.
irq event stamp: 65857
hardirqs last  enabled at (65857): [<ffffff80081fb1c0>] lookup_mnt+0xf4/0x1b4
hardirqs last disabled at (65856): [<ffffff80081fb188>] lookup_mnt+0xbc/0x1b4
softirqs last  enabled at (65790): [<ffffff80080bdca4>] __do_softirq+0x1f8/0x290
softirqs last disabled at (65757): [<ffffff80080be038>] irq_exit+0x9c/0xd0

This patch adds the annotations to do_debug_exception(), while trying not
to call trace_hardirqs_off() if el1_dbg() interrupted a task that already
had irqs disabled.

Signed-off-by: James Morse <james.morse@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm64/mm/fault.c |   33 +++++++++++++++++++++++----------
 1 file changed, 23 insertions(+), 10 deletions(-)

--- a/arch/arm64/mm/fault.c
+++ b/arch/arm64/mm/fault.c
@@ -595,20 +595,33 @@ asmlinkage int __exception do_debug_exce
 {
 	const struct fault_info *inf = debug_fault_info + DBG_ESR_EVT(esr);
 	struct siginfo info;
+	int rv;
 
-	if (!inf->fn(addr, esr, regs))
-		return 1;
+	/*
+	 * Tell lockdep we disabled irqs in entry.S. Do nothing if they were
+	 * already disabled to preserve the last enabled/disabled addresses.
+	 */
+	if (interrupts_enabled(regs))
+		trace_hardirqs_off();
 
-	pr_alert("Unhandled debug exception: %s (0x%08x) at 0x%016lx\n",
-		 inf->name, esr, addr);
+	if (!inf->fn(addr, esr, regs)) {
+		rv = 1;
+	} else {
+		pr_alert("Unhandled debug exception: %s (0x%08x) at 0x%016lx\n",
+			 inf->name, esr, addr);
 
-	info.si_signo = inf->sig;
-	info.si_errno = 0;
-	info.si_code  = inf->code;
-	info.si_addr  = (void __user *)addr;
-	arm64_notify_die("", regs, &info, 0);
+		info.si_signo = inf->sig;
+		info.si_errno = 0;
+		info.si_code  = inf->code;
+		info.si_addr  = (void __user *)addr;
+		arm64_notify_die("", regs, &info, 0);
+		rv = 0;
+	}
 
-	return 0;
+	if (interrupts_enabled(regs))
+		trace_hardirqs_on();
+
+	return rv;
 }
 
 #ifdef CONFIG_ARM64_PAN



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 022/131] mmc: core: fix using wrong io voltage if mmc_select_hs200 fails
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (20 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 021/131] arm64: mm: Add trace_irqflags annotations to do_debug_exception() Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 023/131] mm/rmap: replace BUG_ON(anon_vma->degree) with VM_WARN_ON Greg Kroah-Hartman
                   ` (113 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Dong Aisheng, Ulf Hansson, Arnd Bergmann

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Dong Aisheng <aisheng.dong@nxp.com>

commit e51534c806609c806d81bfb034f02737461f855c upstream.

Currently MMC core will keep going if HS200/HS timing switch failed
with -EBADMSG error by the assumption that the old timing is still valid.

However, for mmc_select_hs200 case, the signal voltage may have already
been switched. If the timing switch failed, we should fall back to
the old voltage in case the card is continue run with legacy timing.

If fall back signal voltage failed, we explicitly report an EIO error
to force retry during the next power cycle.

Signed-off-by: Dong Aisheng <aisheng.dong@nxp.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/mmc/core/mmc.c |   12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

--- a/drivers/mmc/core/mmc.c
+++ b/drivers/mmc/core/mmc.c
@@ -1251,10 +1251,11 @@ static int mmc_select_hs200(struct mmc_c
 {
 	struct mmc_host *host = card->host;
 	bool send_status = true;
-	unsigned int old_timing;
+	unsigned int old_timing, old_signal_voltage;
 	int err = -EINVAL;
 	u8 val;
 
+	old_signal_voltage = host->ios.signal_voltage;
 	if (card->mmc_avail_type & EXT_CSD_CARD_TYPE_HS200_1_2V)
 		err = __mmc_set_signal_voltage(host, MMC_SIGNAL_VOLTAGE_120);
 
@@ -1263,7 +1264,7 @@ static int mmc_select_hs200(struct mmc_c
 
 	/* If fails try again during next card power cycle */
 	if (err)
-		goto err;
+		return err;
 
 	mmc_select_driver_type(card);
 
@@ -1297,9 +1298,14 @@ static int mmc_select_hs200(struct mmc_c
 		}
 	}
 err:
-	if (err)
+	if (err) {
+		/* fall back to the old signal voltage, if fails report error */
+		if (__mmc_set_signal_voltage(host, old_signal_voltage))
+			err = -EIO;
+
 		pr_err("%s: %s failed, error %d\n", mmc_hostname(card->host),
 		       __func__, err);
+	}
 	return err;
 }
 



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 023/131] mm/rmap: replace BUG_ON(anon_vma->degree) with VM_WARN_ON
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (21 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 022/131] mmc: core: fix using wrong io voltage if mmc_select_hs200 fails Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 024/131] extcon: usb-gpio: Dont miss event during suspend/resume Greg Kroah-Hartman
                   ` (112 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Konstantin Khlebnikov, Vasily Averin,
	Vlastimil Babka, Andrew Morton, Linus Torvalds, Arnd Bergmann

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>

commit e4c5800a3991f0c6a766983535dfc10d51802cf6 upstream.

This check effectively catches anon vma hierarchy inconsistence and some
vma corruptions.  It was effective for catching corner cases in anon vma
reusing logic.  For now this code seems stable so check could be hidden
under CONFIG_DEBUG_VM and replaced with WARN because it's not so fatal.

Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Suggested-by: Vasily Averin <vvs@virtuozzo.com>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 mm/rmap.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/mm/rmap.c
+++ b/mm/rmap.c
@@ -408,7 +408,7 @@ void unlink_anon_vmas(struct vm_area_str
 	list_for_each_entry_safe(avc, next, &vma->anon_vma_chain, same_vma) {
 		struct anon_vma *anon_vma = avc->anon_vma;
 
-		BUG_ON(anon_vma->degree);
+		VM_WARN_ON(anon_vma->degree);
 		put_anon_vma(anon_vma);
 
 		list_del(&avc->same_vma);



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 024/131] extcon: usb-gpio: Dont miss event during suspend/resume
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (22 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 023/131] mm/rmap: replace BUG_ON(anon_vma->degree) with VM_WARN_ON Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 025/131] kbuild: setlocalversion: print error to STDERR Greg Kroah-Hartman
                   ` (111 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Roger Quadros, Chanwoo Choi, Arnd Bergmann

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Roger Quadros <rogerq@ti.com>

commit 04c080080855ce84dcd490a2e04805608a21085d upstream.

Pin state might have changed during suspend/resume while
our interrupts were disabled and if device doesn't support wakeup.

Scan for change during resume for such case.

Signed-off-by: Roger Quadros <rogerq@ti.com>
Signed-off-by: Chanwoo Choi <cw00.choi@samsung.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/extcon/extcon-usb-gpio.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/drivers/extcon/extcon-usb-gpio.c
+++ b/drivers/extcon/extcon-usb-gpio.c
@@ -192,6 +192,9 @@ static int usb_extcon_resume(struct devi
 	}
 
 	enable_irq(info->id_irq);
+	if (!device_may_wakeup(dev))
+		queue_delayed_work(system_power_efficient_wq,
+				   &info->wq_detcable, 0);
 
 	return ret;
 }



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 025/131] kbuild: setlocalversion: print error to STDERR
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (23 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 024/131] extcon: usb-gpio: Dont miss event during suspend/resume Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 026/131] usb: gadget: composite: fix dereference after null check coverify warning Greg Kroah-Hartman
                   ` (110 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Wolfram Sang, Michal Marek, Arnd Bergmann

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Wolfram Sang <wsa@the-dreams.de>

commit 78283edf2c01c38eb840a3de5ffd18fe2992ab64 upstream.

I tried to use 'make O=...' from an unclean source tree. This triggered
the error path of setlocalversion. But by printing to STDOUT, it created
a broken localversion which then caused another (unrelated) error:

"4.7.0-rc2Error: kernelrelease not valid - run make prepare to update it" exceeds 64 characters

After printing to STDERR, the true build error gets displayed later:

  /home/wsa/Kernel/linux is not clean, please run 'make mrproper'
  in the '/home/wsa/Kernel/linux' directory.

Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Signed-off-by: Michal Marek <mmarek@suse.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 scripts/setlocalversion |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/scripts/setlocalversion
+++ b/scripts/setlocalversion
@@ -143,7 +143,7 @@ fi
 if test -e include/config/auto.conf; then
 	. include/config/auto.conf
 else
-	echo "Error: kernelrelease not valid - run 'make prepare' to update it"
+	echo "Error: kernelrelease not valid - run 'make prepare' to update it" >&2
 	exit 1
 fi
 



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 026/131] usb: gadget: composite: fix dereference after null check coverify warning
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (24 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 025/131] kbuild: setlocalversion: print error to STDERR Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 027/131] usb: gadget: Add the gserial port checking in gs_start_tx() Greg Kroah-Hartman
                   ` (109 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Peter Chen, Felipe Balbi, Arnd Bergmann

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Peter Chen <peter.chen@nxp.com>

commit c526c62d565ea5a5bba9433f28756079734f430d upstream.

cdev->config is checked for null pointer at above code, so cdev->config
might be null, fix it by adding null pointer check.

Signed-off-by: Peter Chen <peter.chen@nxp.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/usb/gadget/composite.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/drivers/usb/gadget/composite.c
+++ b/drivers/usb/gadget/composite.c
@@ -1819,6 +1819,8 @@ unknown:
 			break;
 
 		case USB_RECIP_ENDPOINT:
+			if (!cdev->config)
+				break;
 			endp = ((w_index & 0x80) >> 3) | (w_index & 0x0f);
 			list_for_each_entry(f, &cdev->config->functions, list) {
 				if (test_bit(endp, f->endpoints))



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 027/131] usb: gadget: Add the gserial port checking in gs_start_tx()
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (25 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 026/131] usb: gadget: composite: fix dereference after null check coverify warning Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 028/131] tcp/dccp: drop SYN packets if accept queue is full Greg Kroah-Hartman
                   ` (108 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Baolin Wang, Felipe Balbi, Arnd Bergmann

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Baolin Wang <baolin.wang@linaro.org>

commit 511a36d2f357724312bb3776d2f6eed3890928b2 upstream.

When usb gadget is set gadget serial function, it will be crash in below
situation.

It will clean the 'port->port_usb' pointer in gserial_disconnect() function
when usb link is inactive, but it will release lock for disabling the endpoints
in this function. Druing the lock release period, it maybe complete one request
to issue gs_write_complete()--->gs_start_tx() function, but the 'port->port_usb'
pointer had been set NULL, thus it will be crash in gs_start_tx() function.

This patch adds the 'port->port_usb' pointer checking in gs_start_tx() function
to avoid this situation.

Signed-off-by: Baolin Wang <baolin.wang@linaro.org>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/usb/gadget/function/u_serial.c |    7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

--- a/drivers/usb/gadget/function/u_serial.c
+++ b/drivers/usb/gadget/function/u_serial.c
@@ -361,10 +361,15 @@ __acquires(&port->port_lock)
 */
 {
 	struct list_head	*pool = &port->write_pool;
-	struct usb_ep		*in = port->port_usb->in;
+	struct usb_ep		*in;
 	int			status = 0;
 	bool			do_tty_wake = false;
 
+	if (!port->port_usb)
+		return status;
+
+	in = port->port_usb->in;
+
 	while (!port->write_busy && !list_empty(pool)) {
 		struct usb_request	*req;
 		int			len;



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 028/131] tcp/dccp: drop SYN packets if accept queue is full
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (26 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 027/131] usb: gadget: Add the gserial port checking in gs_start_tx() Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 029/131] serial: sprd: adjust TIMEOUT to a big value Greg Kroah-Hartman
                   ` (107 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Eric Dumazet, Neal Cardwell,
	Yuchung Cheng, David S. Miller, Arnd Bergmann

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Eric Dumazet <edumazet@google.com>

commit 5ea8ea2cb7f1d0db15762c9b0bb9e7330425a071 upstream.

Per listen(fd, backlog) rules, there is really no point accepting a SYN,
sending a SYNACK, and dropping the following ACK packet if accept queue
is full, because application is not draining accept queue fast enough.

This behavior is fooling TCP clients that believe they established a
flow, while there is nothing at server side. They might then send about
10 MSS (if using IW10) that will be dropped anyway while server is under
stress.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Neal Cardwell <ncardwell@google.com>
Acked-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>


---
 include/net/inet_connection_sock.h |    5 -----
 net/dccp/ipv4.c                    |    8 +-------
 net/dccp/ipv6.c                    |    2 +-
 net/ipv4/tcp_input.c               |    8 +-------
 4 files changed, 3 insertions(+), 20 deletions(-)

--- a/include/net/inet_connection_sock.h
+++ b/include/net/inet_connection_sock.h
@@ -289,11 +289,6 @@ static inline int inet_csk_reqsk_queue_l
 	return reqsk_queue_len(&inet_csk(sk)->icsk_accept_queue);
 }
 
-static inline int inet_csk_reqsk_queue_young(const struct sock *sk)
-{
-	return reqsk_queue_len_young(&inet_csk(sk)->icsk_accept_queue);
-}
-
 static inline int inet_csk_reqsk_queue_is_full(const struct sock *sk)
 {
 	return inet_csk_reqsk_queue_len(sk) >= sk->sk_max_ack_backlog;
--- a/net/dccp/ipv4.c
+++ b/net/dccp/ipv4.c
@@ -592,13 +592,7 @@ int dccp_v4_conn_request(struct sock *sk
 	if (inet_csk_reqsk_queue_is_full(sk))
 		goto drop;
 
-	/*
-	 * Accept backlog is full. If we have already queued enough
-	 * of warm entries in syn queue, drop request. It is better than
-	 * clogging syn queue with openreqs with exponentially increasing
-	 * timeout.
-	 */
-	if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
+	if (sk_acceptq_is_full(sk))
 		goto drop;
 
 	req = inet_reqsk_alloc(&dccp_request_sock_ops, sk, true);
--- a/net/dccp/ipv6.c
+++ b/net/dccp/ipv6.c
@@ -324,7 +324,7 @@ static int dccp_v6_conn_request(struct s
 	if (inet_csk_reqsk_queue_is_full(sk))
 		goto drop;
 
-	if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
+	if (sk_acceptq_is_full(sk))
 		goto drop;
 
 	req = inet_reqsk_alloc(&dccp6_request_sock_ops, sk, true);
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -6305,13 +6305,7 @@ int tcp_conn_request(struct request_sock
 			goto drop;
 	}
 
-
-	/* Accept backlog is full. If we have already queued enough
-	 * of warm entries in syn queue, drop request. It is better than
-	 * clogging syn queue with openreqs with exponentially increasing
-	 * timeout.
-	 */
-	if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1) {
+	if (sk_acceptq_is_full(sk)) {
 		NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
 		goto drop;
 	}



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 029/131] serial: sprd: adjust TIMEOUT to a big value
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (27 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 028/131] tcp/dccp: drop SYN packets if accept queue is full Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 030/131] Hang/soft lockup in d_invalidate with simultaneous calls Greg Kroah-Hartman
                   ` (106 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Wei Qiao, Chunyan Zhang, Arnd Bergmann

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Wei Qiao <wei.qiao@spreadtrum.com>

commit e1dc9b08051a2c2e694edf48d1e704f07c7c143c upstream.

SPRD_TIMEOUT was 256, which is too small to wait until the status
switched to workable in a while loop, so that the earlycon could
not work correctly.

Signed-off-by: Wei Qiao <wei.qiao@spreadtrum.com>
Signed-off-by: Chunyan Zhang <chunyan.zhang@spreadtrum.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/tty/serial/sprd_serial.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/tty/serial/sprd_serial.c
+++ b/drivers/tty/serial/sprd_serial.c
@@ -36,7 +36,7 @@
 #define SPRD_FIFO_SIZE		128
 #define SPRD_DEF_RATE		26000000
 #define SPRD_BAUD_IO_LIMIT	3000000
-#define SPRD_TIMEOUT		256
+#define SPRD_TIMEOUT		256000
 
 /* the offset of serial registers and BITs for them */
 /* data registers */



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 030/131] Hang/soft lockup in d_invalidate with simultaneous calls
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (28 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 029/131] serial: sprd: adjust TIMEOUT to a big value Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 031/131] arm64: traps: disable irq in die() Greg Kroah-Hartman
                   ` (105 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Al Viro, Arnd Bergmann

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Al Viro <viro@ZenIV.linux.org.uk>

commit 81be24d263dbeddaba35827036d6f6787a59c2c3 upstream.

It's not hard to trigger a bunch of d_invalidate() on the same
dentry in parallel.  They end up fighting each other - any
dentry picked for removal by one will be skipped by the rest
and we'll go for the next iteration through the entire
subtree, even if everything is being skipped.  Morevoer, we
immediately go back to scanning the subtree.  The only thing
we really need is to dissolve all mounts in the subtree and
as soon as we've nothing left to do, we can just unhash the
dentry and bugger off.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/dcache.c |   10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -1510,7 +1510,7 @@ static void check_and_drop(void *_data)
 {
 	struct detach_data *data = _data;
 
-	if (!data->mountpoint && !data->select.found)
+	if (!data->mountpoint && list_empty(&data->select.dispose))
 		__d_drop(data->select.start);
 }
 
@@ -1552,17 +1552,15 @@ void d_invalidate(struct dentry *dentry)
 
 		d_walk(dentry, &data, detach_and_collect, check_and_drop);
 
-		if (data.select.found)
+		if (!list_empty(&data.select.dispose))
 			shrink_dentry_list(&data.select.dispose);
+		else if (!data.mountpoint)
+			return;
 
 		if (data.mountpoint) {
 			detach_mounts(data.mountpoint);
 			dput(data.mountpoint);
 		}
-
-		if (!data.mountpoint && !data.select.found)
-			break;
-
 		cond_resched();
 	}
 }



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 031/131] arm64: traps: disable irq in die()
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (29 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 030/131] Hang/soft lockup in d_invalidate with simultaneous calls Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 032/131] usb: renesas_usbhs: gadget: fix unused-but-set-variable warning Greg Kroah-Hartman
                   ` (104 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Qiao Zhou, Will Deacon, Arnd Bergmann

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Qiao Zhou <qiaozhou@asrmicro.com>

commit 6f44a0bacb79a03972c83759711832b382b1b8ac upstream.

In current die(), the irq is disabled for __die() handle, not
including the possible panic() handling. Since the log in __die()
can take several hundreds ms, new irq might come and interrupt
current die().

If the process calling die() holds some critical resource, and some
other process scheduled later also needs it, then it would deadlock.
The first panic will not be executed.

So here disable irq for the whole flow of die().

Signed-off-by: Qiao Zhou <qiaozhou@asrmicro.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm64/kernel/traps.c |    8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

--- a/arch/arm64/kernel/traps.c
+++ b/arch/arm64/kernel/traps.c
@@ -239,10 +239,12 @@ void die(const char *str, struct pt_regs
 {
 	struct thread_info *thread = current_thread_info();
 	int ret;
+	unsigned long flags;
+
+	raw_spin_lock_irqsave(&die_lock, flags);
 
 	oops_enter();
 
-	raw_spin_lock_irq(&die_lock);
 	console_verbose();
 	bust_spinlocks(1);
 	ret = __die(str, err, thread, regs);
@@ -252,13 +254,15 @@ void die(const char *str, struct pt_regs
 
 	bust_spinlocks(0);
 	add_taint(TAINT_DIE, LOCKDEP_NOW_UNRELIABLE);
-	raw_spin_unlock_irq(&die_lock);
 	oops_exit();
 
 	if (in_interrupt())
 		panic("Fatal exception in interrupt");
 	if (panic_on_oops)
 		panic("Fatal exception");
+
+	raw_spin_unlock_irqrestore(&die_lock, flags);
+
 	if (ret != NOTIFY_STOP)
 		do_exit(SIGSEGV);
 }



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 032/131] usb: renesas_usbhs: gadget: fix unused-but-set-variable warning
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (30 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 031/131] arm64: traps: disable irq in die() Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 033/131] serial: sprd: clear timeout interrupt only rather than all interrupts Greg Kroah-Hartman
                   ` (103 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Yoshihiro Shimoda, Felipe Balbi

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>

commit b7d44c36a6f6d956e1539e0dd42f98b26e5a4684 upstream.

The commit b8b9c974afee ("usb: renesas_usbhs: gadget: disable all eps
when the driver stops") causes the unused-but-set-variable warning.
But, if the usbhsg_ep_disable() will return non-zero value, udc/core.c
doesn't clear the ep->enabled flag. So, this driver should not return
non-zero value, if the pipe is zero because this means the pipe is
already disabled. Otherwise, the ep->enabled flag is never cleared
when the usbhsg_ep_disable() is called by the renesas_usbhs driver first.

Fixes: b8b9c974afee ("usb: renesas_usbhs: gadget: disable all eps when the driver stops")
Fixes: 11432050f070 ("usb: renesas_usbhs: gadget: fix NULL pointer dereference in ep_disable()")
Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/usb/renesas_usbhs/mod_gadget.c |    5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

--- a/drivers/usb/renesas_usbhs/mod_gadget.c
+++ b/drivers/usb/renesas_usbhs/mod_gadget.c
@@ -641,14 +641,11 @@ static int usbhsg_ep_disable(struct usb_
 	struct usbhsg_uep *uep = usbhsg_ep_to_uep(ep);
 	struct usbhs_pipe *pipe;
 	unsigned long flags;
-	int ret = 0;
 
 	spin_lock_irqsave(&uep->lock, flags);
 	pipe = usbhsg_uep_to_pipe(uep);
-	if (!pipe) {
-		ret = -EINVAL;
+	if (!pipe)
 		goto out;
-	}
 
 	usbhsg_pipe_disable(uep);
 	usbhs_pipe_free(pipe);



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 033/131] serial: sprd: clear timeout interrupt only rather than all interrupts
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (31 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 032/131] usb: renesas_usbhs: gadget: fix unused-but-set-variable warning Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 034/131] lib/int_sqrt: optimize small argument Greg Kroah-Hartman
                   ` (102 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Lanqing Liu, Chunyan Zhang, Arnd Bergmann

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Lanqing Liu <lanqing.liu@spreadtrum.com>

commit 4350782570b919f254c1e083261a21c19fcaee90 upstream.

On Spreadtrum's serial device, nearly all of interrupts would be cleared
by hardware except timeout interrupt.  This patch removed the operation
of clearing all interrupt in irq handler, instead added an if statement
to check if the timeout interrupt is supposed to be cleared.

Wrongly clearing timeout interrupt would lead to uart data stay in rx
fifo, that means the driver cannot read them out anymore.

Signed-off-by: Lanqing Liu <lanqing.liu@spreadtrum.com>
Signed-off-by: Chunyan Zhang <chunyan.zhang@spreadtrum.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/tty/serial/sprd_serial.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

--- a/drivers/tty/serial/sprd_serial.c
+++ b/drivers/tty/serial/sprd_serial.c
@@ -63,6 +63,7 @@
 
 /* interrupt clear register */
 #define SPRD_ICLR		0x0014
+#define SPRD_ICLR_TIMEOUT	BIT(13)
 
 /* line control register */
 #define SPRD_LCR		0x0018
@@ -298,7 +299,8 @@ static irqreturn_t sprd_handle_irq(int i
 		return IRQ_NONE;
 	}
 
-	serial_out(port, SPRD_ICLR, ~0);
+	if (ims & SPRD_IMSR_TIMEOUT)
+		serial_out(port, SPRD_ICLR, SPRD_ICLR_TIMEOUT);
 
 	if (ims & (SPRD_IMSR_RX_FIFO_FULL |
 		SPRD_IMSR_BREAK_DETECT | SPRD_IMSR_TIMEOUT))



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 034/131] lib/int_sqrt: optimize small argument
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (32 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 033/131] serial: sprd: clear timeout interrupt only rather than all interrupts Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:42   ` Joe Perches
  2019-04-01 17:01 ` [PATCH 4.4 035/131] USB: core: only clean up what we allocated Greg Kroah-Hartman
                   ` (101 subsequent siblings)
  135 siblings, 1 reply; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Peter Zijlstra (Intel),
	Anshul Garg, Linus Torvalds, Davidlohr Bueso, Thomas Gleixner,
	Ingo Molnar, Will Deacon, Joe Perches, David Miller,
	Matthew Wilcox, Kees Cook, Michael Davidson, Andrew Morton,
	Arnd Bergmann

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Peter Zijlstra <peterz@infradead.org>

commit 3f3295709edea6268ff1609855f498035286af73 upstream.

The current int_sqrt() computation is sub-optimal for the case of small
@x.  Which is the interesting case when we're going to do cumulative
distribution functions on idle times, which we assume to be a random
variable, where the target residency of the deepest idle state gives an
upper bound on the variable (5e6ns on recent Intel chips).

In the case of small @x, the compute loop:

	while (m != 0) {
		b = y + m;
		y >>= 1;

		if (x >= b) {
			x -= b;
			y += m;
		}
		m >>= 2;
	}

can be reduced to:

	while (m > x)
		m >>= 2;

Because y==0, b==m and until x>=m y will remain 0.

And while this is computationally equivalent, it runs much faster
because there's less code, in particular less branches.

      cycles:                 branches:              branch-misses:

OLD:

hot:   45.109444 +- 0.044117  44.333392 +- 0.002254  0.018723 +- 0.000593
cold: 187.737379 +- 0.156678  44.333407 +- 0.002254  6.272844 +- 0.004305

PRE:

hot:   67.937492 +- 0.064124  66.999535 +- 0.000488  0.066720 +- 0.001113
cold: 232.004379 +- 0.332811  66.999527 +- 0.000488  6.914634 +- 0.006568

POST:

hot:   43.633557 +- 0.034373  45.333132 +- 0.002277  0.023529 +- 0.000681
cold: 207.438411 +- 0.125840  45.333132 +- 0.002277  6.976486 +- 0.004219

Averages computed over all values <128k using a LFSR to generate order.
Cold numbers have a LFSR based branch trace buffer 'confuser' ran between
each int_sqrt() invocation.

Link: http://lkml.kernel.org/r/20171020164644.876503355@infradead.org
Fixes: 30493cc9dddb ("lib/int_sqrt.c: optimize square root algorithm")
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Suggested-by: Anshul Garg <aksgarg1989@gmail.com>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Davidlohr Bueso <dave@stgolabs.net>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Will Deacon <will.deacon@arm.com>
Cc: Joe Perches <joe@perches.com>
Cc: David Miller <davem@davemloft.net>
Cc: Matthew Wilcox <mawilcox@microsoft.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Michael Davidson <md@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 lib/int_sqrt.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/lib/int_sqrt.c
+++ b/lib/int_sqrt.c
@@ -22,6 +22,9 @@ unsigned long int_sqrt(unsigned long x)
 		return x;
 
 	m = 1UL << (BITS_PER_LONG - 2);
+	while (m > x)
+		m >>= 2;
+
 	while (m != 0) {
 		b = y + m;
 		y >>= 1;



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 035/131] USB: core: only clean up what we allocated
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (33 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 034/131] lib/int_sqrt: optimize small argument Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 036/131] rtc: Fix overflow when converting time64_t to rtc_time Greg Kroah-Hartman
                   ` (100 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Andrey Konovalov, Arnd Bergmann

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Andrey Konovalov <andreyknvl@google.com>

commit 32fd87b3bbf5f7a045546401dfe2894dbbf4d8c3 upstream.

When cleaning up the configurations, make sure we only free the number
of configurations and interfaces that we could have allocated.

Reported-by: Andrey Konovalov <andreyknvl@google.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/usb/core/config.c |    9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

--- a/drivers/usb/core/config.c
+++ b/drivers/usb/core/config.c
@@ -734,18 +734,21 @@ void usb_destroy_configuration(struct us
 		return;
 
 	if (dev->rawdescriptors) {
-		for (i = 0; i < dev->descriptor.bNumConfigurations; i++)
+		for (i = 0; i < dev->descriptor.bNumConfigurations &&
+				i < USB_MAXCONFIG; i++)
 			kfree(dev->rawdescriptors[i]);
 
 		kfree(dev->rawdescriptors);
 		dev->rawdescriptors = NULL;
 	}
 
-	for (c = 0; c < dev->descriptor.bNumConfigurations; c++) {
+	for (c = 0; c < dev->descriptor.bNumConfigurations &&
+			c < USB_MAXCONFIG; c++) {
 		struct usb_host_config *cf = &dev->config[c];
 
 		kfree(cf->string);
-		for (i = 0; i < cf->desc.bNumInterfaces; i++) {
+		for (i = 0; i < cf->desc.bNumInterfaces &&
+				i < USB_MAXINTERFACES; i++) {
 			if (cf->intf_cache[i])
 				kref_put(&cf->intf_cache[i]->ref,
 					  usb_release_interface_cache);



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 036/131] rtc: Fix overflow when converting time64_t to rtc_time
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (34 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 035/131] USB: core: only clean up what we allocated Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 037/131] ath10k: avoid possible string overflow Greg Kroah-Hartman
                   ` (99 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Baolin Wang, Arnd Bergmann,
	Alexandre Belloni

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Baolin Wang <baolin.wang@linaro.org>

commit 36d46cdb43efea74043e29e2a62b13e9aca31452 upstream.

If we convert one large time values to rtc_time, in the original formula
'days * 86400' can be overflowed in 'unsigned int' type to make the formula
get one incorrect remain seconds value. Thus we can use div_s64_rem()
function to avoid this situation.

Signed-off-by: Baolin Wang <baolin.wang@linaro.org>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/rtc/rtc-lib.c |    6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

--- a/drivers/rtc/rtc-lib.c
+++ b/drivers/rtc/rtc-lib.c
@@ -52,13 +52,11 @@ EXPORT_SYMBOL(rtc_year_days);
  */
 void rtc_time64_to_tm(time64_t time, struct rtc_time *tm)
 {
-	unsigned int month, year;
-	unsigned long secs;
+	unsigned int month, year, secs;
 	int days;
 
 	/* time must be positive */
-	days = div_s64(time, 86400);
-	secs = time - (unsigned int) days * 86400;
+	days = div_s64_rem(time, 86400, &secs);
 
 	/* day of the week, 1970-01-01 was a Thursday */
 	tm->tm_wday = (days + 4) % 7;



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 037/131] ath10k: avoid possible string overflow
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (35 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 036/131] rtc: Fix overflow when converting time64_t to rtc_time Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 038/131] Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt Greg Kroah-Hartman
                   ` (98 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Kalle Valo

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Arnd Bergmann <arnd@arndb.de>

commit 6707ba0105a2d350710bc0a537a98f49eb4b895d upstream.

The way that 'strncat' is used here raised a warning in gcc-8:

drivers/net/wireless/ath/ath10k/wmi.c: In function 'ath10k_wmi_tpc_stats_final_disp_tables':
drivers/net/wireless/ath/ath10k/wmi.c:4649:4: error: 'strncat' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation]

Effectively, this is simply a strcat() but the use of strncat() suggests
some form of overflow check. Regardless of whether this might actually
overflow, using strlcat() instead of strncat() avoids the warning and
makes the code more robust.

Fixes: bc64d05220f3 ("ath10k: debugfs support to get final TPC stats for 10.4 variants")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/net/wireless/ath/ath10k/wmi.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/net/wireless/ath/ath10k/wmi.c
+++ b/drivers/net/wireless/ath/ath10k/wmi.c
@@ -4065,7 +4065,7 @@ static void ath10k_tpc_config_disp_table
 							    rate_code[i],
 							    type);
 			snprintf(buff, sizeof(buff), "%8d ", tpc[j]);
-			strncat(tpc_value, buff, strlen(buff));
+			strlcat(tpc_value, buff, sizeof(tpc_value));
 		}
 		tpc_stats->tpc_table[type].pream_idx[i] = pream_idx;
 		tpc_stats->tpc_table[type].rate_code[i] = rate_code[i];



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 038/131] Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (36 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 037/131] ath10k: avoid possible string overflow Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 039/131] Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer Greg Kroah-Hartman
                   ` (97 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Marcel Holtmann, Johan Hedberg

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Marcel Holtmann <marcel@holtmann.org>

commit af3d5d1c87664a4f150fcf3534c6567cb19909b0 upstream.

When doing option parsing for standard type values of 1, 2 or 4 octets,
the value is converted directly into a variable instead of a pointer. To
avoid being tricked into being a pointer, check that for these option
types that sizes actually match. In L2CAP every option is fixed size and
thus it is prudent anyway to ensure that the remote side sends us the
right option size along with option paramters.

If the option size is not matching the option type, then that option is
silently ignored. It is a protocol violation and instead of trying to
give the remote attacker any further hints just pretend that option is
not present and proceed with the default values. Implementation
following the specification and its qualification procedures will always
use the correct size and thus not being impacted here.

To keep the code readable and consistent accross all options, a few
cosmetic changes were also required.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 net/bluetooth/l2cap_core.c |   77 ++++++++++++++++++++++++++-------------------
 1 file changed, 46 insertions(+), 31 deletions(-)

--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -3321,10 +3321,14 @@ static int l2cap_parse_conf_req(struct l
 
 		switch (type) {
 		case L2CAP_CONF_MTU:
+			if (olen != 2)
+				break;
 			mtu = val;
 			break;
 
 		case L2CAP_CONF_FLUSH_TO:
+			if (olen != 2)
+				break;
 			chan->flush_to = val;
 			break;
 
@@ -3332,26 +3336,30 @@ static int l2cap_parse_conf_req(struct l
 			break;
 
 		case L2CAP_CONF_RFC:
-			if (olen == sizeof(rfc))
-				memcpy(&rfc, (void *) val, olen);
+			if (olen != sizeof(rfc))
+				break;
+			memcpy(&rfc, (void *) val, olen);
 			break;
 
 		case L2CAP_CONF_FCS:
+			if (olen != 1)
+				break;
 			if (val == L2CAP_FCS_NONE)
 				set_bit(CONF_RECV_NO_FCS, &chan->conf_state);
 			break;
 
 		case L2CAP_CONF_EFS:
-			if (olen == sizeof(efs)) {
-				remote_efs = 1;
-				memcpy(&efs, (void *) val, olen);
-			}
+			if (olen != sizeof(efs))
+				break;
+			remote_efs = 1;
+			memcpy(&efs, (void *) val, olen);
 			break;
 
 		case L2CAP_CONF_EWS:
+			if (olen != 2)
+				break;
 			if (!(chan->conn->local_fixed_chan & L2CAP_FC_A2MP))
 				return -ECONNREFUSED;
-
 			set_bit(FLAG_EXT_CTRL, &chan->flags);
 			set_bit(CONF_EWS_RECV, &chan->conf_state);
 			chan->tx_win_max = L2CAP_DEFAULT_EXT_WINDOW;
@@ -3361,7 +3369,6 @@ static int l2cap_parse_conf_req(struct l
 		default:
 			if (hint)
 				break;
-
 			result = L2CAP_CONF_UNKNOWN;
 			*((u8 *) ptr++) = type;
 			break;
@@ -3529,55 +3536,60 @@ static int l2cap_parse_conf_rsp(struct l
 
 		switch (type) {
 		case L2CAP_CONF_MTU:
+			if (olen != 2)
+				break;
 			if (val < L2CAP_DEFAULT_MIN_MTU) {
 				*result = L2CAP_CONF_UNACCEPT;
 				chan->imtu = L2CAP_DEFAULT_MIN_MTU;
 			} else
 				chan->imtu = val;
-			l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu, endptr - ptr);
+			l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu,
+					   endptr - ptr);
 			break;
 
 		case L2CAP_CONF_FLUSH_TO:
+			if (olen != 2)
+				break;
 			chan->flush_to = val;
-			l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO,
-					   2, chan->flush_to, endptr - ptr);
+			l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 2,
+					   chan->flush_to, endptr - ptr);
 			break;
 
 		case L2CAP_CONF_RFC:
-			if (olen == sizeof(rfc))
-				memcpy(&rfc, (void *)val, olen);
-
+			if (olen != sizeof(rfc))
+				break;
+			memcpy(&rfc, (void *)val, olen);
 			if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) &&
 			    rfc.mode != chan->mode)
 				return -ECONNREFUSED;
-
 			chan->fcs = 0;
-
-			l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
-					   sizeof(rfc), (unsigned long) &rfc, endptr - ptr);
+			l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
+					   (unsigned long) &rfc, endptr - ptr);
 			break;
 
 		case L2CAP_CONF_EWS:
+			if (olen != 2)
+				break;
 			chan->ack_win = min_t(u16, val, chan->ack_win);
 			l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS, 2,
 					   chan->tx_win, endptr - ptr);
 			break;
 
 		case L2CAP_CONF_EFS:
-			if (olen == sizeof(efs)) {
-				memcpy(&efs, (void *)val, olen);
-
-				if (chan->local_stype != L2CAP_SERV_NOTRAFIC &&
-				    efs.stype != L2CAP_SERV_NOTRAFIC &&
-				    efs.stype != chan->local_stype)
-					return -ECONNREFUSED;
-
-				l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, sizeof(efs),
-						   (unsigned long) &efs, endptr - ptr);
-			}
+			if (olen != sizeof(efs))
+				break;
+			memcpy(&efs, (void *)val, olen);
+			if (chan->local_stype != L2CAP_SERV_NOTRAFIC &&
+			    efs.stype != L2CAP_SERV_NOTRAFIC &&
+			    efs.stype != chan->local_stype)
+				return -ECONNREFUSED;
+			l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, sizeof(efs),
+					   (unsigned long) &efs, endptr - ptr);
 			break;
 
 		case L2CAP_CONF_FCS:
+			if (olen != 1)
+				break;
 			if (*result == L2CAP_CONF_PENDING)
 				if (val == L2CAP_FCS_NONE)
 					set_bit(CONF_RECV_NO_FCS,
@@ -3709,10 +3721,13 @@ static void l2cap_conf_rfc_get(struct l2
 
 		switch (type) {
 		case L2CAP_CONF_RFC:
-			if (olen == sizeof(rfc))
-				memcpy(&rfc, (void *)val, olen);
+			if (olen != sizeof(rfc))
+				break;
+			memcpy(&rfc, (void *)val, olen);
 			break;
 		case L2CAP_CONF_EWS:
+			if (olen != 2)
+				break;
 			txwin_ext = val;
 			break;
 		}



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 039/131] Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (37 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 038/131] Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 040/131] sched/fair: Fix new tasks load avg removed from source CPU in wake_up_new_task() Greg Kroah-Hartman
                   ` (96 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Marcel Holtmann, Johan Hedberg

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Marcel Holtmann <marcel@holtmann.org>

commit 7c9cbd0b5e38a1672fcd137894ace3b042dfbf69 upstream.

The function l2cap_get_conf_opt will return L2CAP_CONF_OPT_SIZE + opt->len
as length value. The opt->len however is in control over the remote user
and can be used by an attacker to gain access beyond the bounds of the
actual packet.

To prevent any potential leak of heap memory, it is enough to check that
the resulting len calculation after calling l2cap_get_conf_opt is not
below zero. A well formed packet will always return >= 0 here and will
end with the length value being zero after the last option has been
parsed. In case of malformed packets messing with the opt->len field the
length value will become negative. If that is the case, then just abort
and ignore the option.

In case an attacker uses a too short opt->len value, then garbage will
be parsed, but that is protected by the unknown option handling and also
the option parameter size checks.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 net/bluetooth/l2cap_core.c |    6 ++++++
 1 file changed, 6 insertions(+)

--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -3315,6 +3315,8 @@ static int l2cap_parse_conf_req(struct l
 
 	while (len >= L2CAP_CONF_OPT_SIZE) {
 		len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
+		if (len < 0)
+			break;
 
 		hint  = type & L2CAP_CONF_HINT;
 		type &= L2CAP_CONF_MASK;
@@ -3533,6 +3535,8 @@ static int l2cap_parse_conf_rsp(struct l
 
 	while (len >= L2CAP_CONF_OPT_SIZE) {
 		len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
+		if (len < 0)
+			break;
 
 		switch (type) {
 		case L2CAP_CONF_MTU:
@@ -3718,6 +3722,8 @@ static void l2cap_conf_rfc_get(struct l2
 
 	while (len >= L2CAP_CONF_OPT_SIZE) {
 		len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
+		if (len < 0)
+			break;
 
 		switch (type) {
 		case L2CAP_CONF_RFC:



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 040/131] sched/fair: Fix new tasks load avg removed from source CPU in wake_up_new_task()
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (38 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 039/131] Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 041/131] mmc: block: Allow more than 8 partitions per card Greg Kroah-Hartman
                   ` (95 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Steve Muckle, Yuyang Du,
	Peter Zijlstra (Intel),
	Dietmar Eggemann, Juri Lelli, Linus Torvalds, Mike Galbraith,
	Morten Rasmussen, Patrick Bellasi, Thomas Gleixner,
	Vincent Guittot, Ingo Molnar, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit 0905f04eb21fc1c2e690bed5d0418a061d56c225 ]

If a newly created task is selected to go to a different CPU in fork
balance when it wakes up the first time, its load averages should
not be removed from the source CPU since they are never added to
it before. The same is also applicable to a never used group entity.

Fix it in remove_entity_load_avg(): when entity's last_update_time
is 0, simply return. This should precisely identify the case in
question, because in other migrations, the last_update_time is set
to 0 after remove_entity_load_avg().

Reported-by: Steve Muckle <steve.muckle@linaro.org>
Signed-off-by: Yuyang Du <yuyang.du@intel.com>
[peterz: cfs_rq_last_update_time]
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Dietmar Eggemann <dietmar.eggemann@arm.com>
Cc: Juri Lelli <Juri.Lelli@arm.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Mike Galbraith <efault@gmx.de>
Cc: Morten Rasmussen <morten.rasmussen@arm.com>
Cc: Patrick Bellasi <patrick.bellasi@arm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Vincent Guittot <vincent.guittot@linaro.org>
Link: http://lkml.kernel.org/r/20151216233427.GJ28098@intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 kernel/sched/fair.c | 38 ++++++++++++++++++++++++++++----------
 1 file changed, 28 insertions(+), 10 deletions(-)

diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
index c2af250547bb..6051007918ad 100644
--- a/kernel/sched/fair.c
+++ b/kernel/sched/fair.c
@@ -2841,27 +2841,45 @@ dequeue_entity_load_avg(struct cfs_rq *cfs_rq, struct sched_entity *se)
 		max_t(s64,  cfs_rq->runnable_load_sum - se->avg.load_sum, 0);
 }
 
-/*
- * Task first catches up with cfs_rq, and then subtract
- * itself from the cfs_rq (task must be off the queue now).
- */
-void remove_entity_load_avg(struct sched_entity *se)
-{
-	struct cfs_rq *cfs_rq = cfs_rq_of(se);
-	u64 last_update_time;
-
 #ifndef CONFIG_64BIT
+static inline u64 cfs_rq_last_update_time(struct cfs_rq *cfs_rq)
+{
 	u64 last_update_time_copy;
+	u64 last_update_time;
 
 	do {
 		last_update_time_copy = cfs_rq->load_last_update_time_copy;
 		smp_rmb();
 		last_update_time = cfs_rq->avg.last_update_time;
 	} while (last_update_time != last_update_time_copy);
+
+	return last_update_time;
+}
 #else
-	last_update_time = cfs_rq->avg.last_update_time;
+static inline u64 cfs_rq_last_update_time(struct cfs_rq *cfs_rq)
+{
+	return cfs_rq->avg.last_update_time;
+}
 #endif
 
+/*
+ * Task first catches up with cfs_rq, and then subtract
+ * itself from the cfs_rq (task must be off the queue now).
+ */
+void remove_entity_load_avg(struct sched_entity *se)
+{
+	struct cfs_rq *cfs_rq = cfs_rq_of(se);
+	u64 last_update_time;
+
+	/*
+	 * Newly created task or never used group entity should not be removed
+	 * from its (source) cfs_rq
+	 */
+	if (se->avg.last_update_time == 0)
+		return;
+
+	last_update_time = cfs_rq_last_update_time(cfs_rq);
+
 	__update_load_avg(last_update_time, cpu_of(rq_of(cfs_rq)), &se->avg, 0, 0, NULL);
 	atomic_long_add(se->avg.load_avg, &cfs_rq->removed_load_avg);
 	atomic_long_add(se->avg.util_avg, &cfs_rq->removed_util_avg);
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 041/131] mmc: block: Allow more than 8 partitions per card
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (39 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 040/131] sched/fair: Fix new tasks load avg removed from source CPU in wake_up_new_task() Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 042/131] arm64: fix COMPAT_SHMLBA definition for large pages Greg Kroah-Hartman
                   ` (94 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Ulf Hansson, Adrian Hunter,
	Ben Hutchings, Chuanxiao Dong, Shawn Lin, Austin S Hemmelgarn,
	Arnd Bergmann, Android Kernel Team, linux-mmc, Colin Cross,
	John Stultz, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit 382c55f88ffeb218c446bf0c46d0fc25d2795fe2 ]

It is quite common for Android devices to utilize more
then 8 partitions on internal eMMC storage.

The vanilla kernel can support this via
CONFIG_MMC_BLOCK_MINORS, however that solution caps the
system to 256 minors total, which limits the number of
mmc cards the system can support.

This patch, which has been carried for quite awhile in
the AOSP common tree, provides an alternative solution
that doesn't seem to limit the total card count. So I
wanted to submit it for consideration upstream.

This patch sets the GENHD_FL_EXT_DEVT flag, which will
allocate minor number in major 259 for partitions past
disk->minors.

It also removes the use of disk_devt to determine devidx
from md->disk. md->disk->first_minor is always initialized
from devidx and can always be used to recover it.

Cc: Ulf Hansson <ulf.hansson@linaro.org>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Ben Hutchings <ben@decadent.org.uk>
Cc: Chuanxiao Dong <chuanxiao.dong@intel.com>
Cc: Shawn Lin <shawn.lin@rock-chips.com>
Cc: Austin S Hemmelgarn <ahferroin7@gmail.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Android Kernel Team <kernel-team@android.com>
Cc: linux-mmc@vger.kernel.org
Signed-off-by: Colin Cross <ccross@android.com>
[jstultz: Added context to commit message]
Signed-off-by: John Stultz <john.stultz@linaro.org>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/mmc/card/block.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c
index f2b733275a0a..c15b879c3070 100644
--- a/drivers/mmc/card/block.c
+++ b/drivers/mmc/card/block.c
@@ -171,11 +171,7 @@ static struct mmc_blk_data *mmc_blk_get(struct gendisk *disk)
 
 static inline int mmc_get_devidx(struct gendisk *disk)
 {
-	int devmaj = MAJOR(disk_devt(disk));
-	int devidx = MINOR(disk_devt(disk)) / perdev_minors;
-
-	if (!devmaj)
-		devidx = disk->first_minor / perdev_minors;
+	int devidx = disk->first_minor / perdev_minors;
 	return devidx;
 }
 
@@ -2252,6 +2248,7 @@ static struct mmc_blk_data *mmc_blk_alloc_req(struct mmc_card *card,
 	md->disk->queue = md->queue.queue;
 	md->disk->driverfs_dev = parent;
 	set_disk_ro(md->disk, md->read_only || default_ro);
+	md->disk->flags = GENHD_FL_EXT_DEVT;
 	if (area_type & (MMC_BLK_DATA_AREA_RPMB | MMC_BLK_DATA_AREA_BOOT))
 		md->disk->flags |= GENHD_FL_NO_PART_SCAN;
 
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 042/131] arm64: fix COMPAT_SHMLBA definition for large pages
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (40 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 041/131] mmc: block: Allow more than 8 partitions per card Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 043/131] efi: stub: define DISABLE_BRANCH_PROFILING for all architectures Greg Kroah-Hartman
                   ` (93 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Yury Norov,
	Will Deacon, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit b9b7aebb42d1b1392f3111de61136bb6cf3aae3f ]

ARM glibc uses (4 * __getpagesize()) for SHMLBA, which is correct for
4KB pages and works fine for 64KB pages, but the kernel uses a hardcoded
16KB that is too small for 64KB page based kernels. This changes the
definition to what user space sees when using 64KB pages.

Acked-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Yury Norov <ynorov@caviumnetworks.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm64/include/asm/shmparam.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/arm64/include/asm/shmparam.h b/arch/arm64/include/asm/shmparam.h
index 4df608a8459e..e368a55ebd22 100644
--- a/arch/arm64/include/asm/shmparam.h
+++ b/arch/arm64/include/asm/shmparam.h
@@ -21,7 +21,7 @@
  * alignment value. Since we don't have aliasing D-caches, the rest of
  * the time we can safely use PAGE_SIZE.
  */
-#define COMPAT_SHMLBA	0x4000
+#define COMPAT_SHMLBA	(4 * PAGE_SIZE)
 
 #include <asm-generic/shmparam.h>
 
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 043/131] efi: stub: define DISABLE_BRANCH_PROFILING for all architectures
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (41 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 042/131] arm64: fix COMPAT_SHMLBA definition for large pages Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 044/131] ARM: 8458/1: bL_switcher: add GIC dependency Greg Kroah-Hartman
                   ` (92 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Matt Fleming, Will Deacon,
	Ard Biesheuvel, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit b523e185bba36164ca48a190f5468c140d815414 ]

This moves the DISABLE_BRANCH_PROFILING define from the x86 specific
to the general CFLAGS definition for the stub. This fixes build errors
when building for arm64 with CONFIG_PROFILE_ALL_BRANCHES_ENABLED.

Reviewed-by: Matt Fleming <matt@codeblueprint.co.uk>
Reported-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/firmware/efi/libstub/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
index 88bd6829a358..edb45f72b34c 100644
--- a/drivers/firmware/efi/libstub/Makefile
+++ b/drivers/firmware/efi/libstub/Makefile
@@ -8,7 +8,7 @@ cflags-$(CONFIG_X86_32)		:= -march=i386
 cflags-$(CONFIG_X86_64)		:= -mcmodel=small
 cflags-$(CONFIG_X86)		+= -m$(BITS) -D__KERNEL__ $(LINUX_INCLUDE) -O2 \
 				   -fPIC -fno-strict-aliasing -mno-red-zone \
-				   -mno-mmx -mno-sse -DDISABLE_BRANCH_PROFILING
+				   -mno-mmx -mno-sse
 
 cflags-$(CONFIG_ARM64)		:= $(subst -pg,,$(KBUILD_CFLAGS)) -fpie
 cflags-$(CONFIG_ARM)		:= $(subst -pg,,$(KBUILD_CFLAGS)) \
@@ -16,7 +16,7 @@ cflags-$(CONFIG_ARM)		:= $(subst -pg,,$(KBUILD_CFLAGS)) \
 
 cflags-$(CONFIG_EFI_ARMSTUB)	+= -I$(srctree)/scripts/dtc/libfdt
 
-KBUILD_CFLAGS			:= $(cflags-y) \
+KBUILD_CFLAGS			:= $(cflags-y) -DDISABLE_BRANCH_PROFILING \
 				   $(call cc-option,-ffreestanding) \
 				   $(call cc-option,-fno-stack-protector)
 
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 044/131] ARM: 8458/1: bL_switcher: add GIC dependency
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (42 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 043/131] efi: stub: define DISABLE_BRANCH_PROFILING for all architectures Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 045/131] ARM: 8494/1: mm: Enable PXN when running non-LPAE kernel on LPAE processor Greg Kroah-Hartman
                   ` (91 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Nicolas Pitre,
	Russell King, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit 6c044fecdf78be3fda159a5036bb33700cdd5e59 ]

It is not possible to build the bL_switcher code if the GIC
driver is disabled, because it relies on calling into some
gic specific interfaces, and that would result in this build
error:

arch/arm/common/built-in.o: In function `bL_switch_to':
:(.text+0x1230): undefined reference to `gic_get_sgir_physaddr'
:(.text+0x1244): undefined reference to `gic_send_sgi'
:(.text+0x1268): undefined reference to `gic_migrate_target'
arch/arm/common/built-in.o: In function `bL_switcher_enable.part.4':
:(.text.unlikely+0x2f8): undefined reference to `gic_get_cpu_id'

This adds a Kconfig dependency to ensure we only build the big-little
switcher if the GIC driver is present as well.

Almost all ARMv7 platforms come with a GIC anyway, but it is possible
to build a kernel that disables all platforms.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Nicolas Pitre <nico@linaro.org>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm/Kconfig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index 3a0277c6c060..4cc908ee107f 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -1422,7 +1422,7 @@ config BIG_LITTLE
 
 config BL_SWITCHER
 	bool "big.LITTLE switcher support"
-	depends on BIG_LITTLE && MCPM && HOTPLUG_CPU
+	depends on BIG_LITTLE && MCPM && HOTPLUG_CPU && ARM_GIC
 	select ARM_CPU_SUSPEND
 	select CPU_PM
 	help
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 045/131] ARM: 8494/1: mm: Enable PXN when running non-LPAE kernel on LPAE processor
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (43 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 044/131] ARM: 8458/1: bL_switcher: add GIC dependency Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 046/131] android: unconditionally remove callbacks in sync_fence_free() Greg Kroah-Hartman
                   ` (90 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jungseung Lee, Catalin Marinas,
	Ben Hutchings, Russell King, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit ad84f56bf6d620fe6ed4d57ce6ec9945684d7f35 ]

The VMSA field of MMFR0 (bottom 4 bits) is incremented for each
added feature.  PXN is supported if the value is >= 4 and LPAE
is supported if it is >= 5.

In case a kernel with CONFIG_ARM_LPAE disabled is used on a
processor that supports LPAE, we can still use PXN in short
descriptors.  So check for >= 4 not == 4.

Signed-off-by: Jungseung Lee <js07.lee@samsung.com>
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm/mm/mmu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/arm/mm/mmu.c b/arch/arm/mm/mmu.c
index e47cffd25c6c..aead23f15213 100644
--- a/arch/arm/mm/mmu.c
+++ b/arch/arm/mm/mmu.c
@@ -572,7 +572,7 @@ static void __init build_mem_type_table(void)
 	 * in the Short-descriptor translation table format descriptors.
 	 */
 	if (cpu_arch == CPU_ARCH_ARMv7 &&
-		(read_cpuid_ext(CPUID_EXT_MMFR0) & 0xF) == 4) {
+		(read_cpuid_ext(CPUID_EXT_MMFR0) & 0xF) >= 4) {
 		user_pmd_table |= PMD_PXNTABLE;
 	}
 #endif
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 046/131] android: unconditionally remove callbacks in sync_fence_free()
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (44 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 045/131] ARM: 8494/1: mm: Enable PXN when running non-LPAE kernel on LPAE processor Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 047/131] vmstat: make vmstat_updater deferrable again and shut down on idle Greg Kroah-Hartman
                   ` (89 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Andrew Bresticker, Dmitry Torokhov,
	Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit 699f685569434510d944e419f4048c4e3ba8d631 ]

Using fence->status to determine whether or not there are callbacks
remaining on the sync_fence is racy since fence->status may have been
decremented to 0 on another CPU before fence_check_cb_func() has
completed.  By unconditionally calling fence_remove_callback() for each
fence in the sync_fence, we guarantee that each callback has either
completed (since fence_remove_callback() grabs the fence lock) or been
removed.

Signed-off-by: Andrew Bresticker <abrestic@chromium.org>
Signed-off-by: Dmitry Torokhov <dtor@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/staging/android/sync.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/drivers/staging/android/sync.c b/drivers/staging/android/sync.c
index f83e00c78051..50a9945da27e 100644
--- a/drivers/staging/android/sync.c
+++ b/drivers/staging/android/sync.c
@@ -519,12 +519,10 @@ static const struct fence_ops android_fence_ops = {
 static void sync_fence_free(struct kref *kref)
 {
 	struct sync_fence *fence = container_of(kref, struct sync_fence, kref);
-	int i, status = atomic_read(&fence->status);
+	int i;
 
 	for (i = 0; i < fence->num_fences; ++i) {
-		if (status)
-			fence_remove_callback(fence->cbs[i].sync_pt,
-					      &fence->cbs[i].cb);
+		fence_remove_callback(fence->cbs[i].sync_pt, &fence->cbs[i].cb);
 		fence_put(fence->cbs[i].sync_pt);
 	}
 
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 047/131] vmstat: make vmstat_updater deferrable again and shut down on idle
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (45 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 046/131] android: unconditionally remove callbacks in sync_fence_free() Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 048/131] hid-sensor-hub.c: fix wrong do_div() usage Greg Kroah-Hartman
                   ` (88 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Christoph Lameter, Michal Hocko,
	Johannes Weiner, Tetsuo Handa, Andrew Morton, Linus Torvalds,
	Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit 0eb77e9880321915322d42913c3b53241739c8aa ]

Currently the vmstat updater is not deferrable as a result of commit
ba4877b9ca51 ("vmstat: do not use deferrable delayed work for
vmstat_update").  This in turn can cause multiple interruptions of the
applications because the vmstat updater may run at

Make vmstate_update deferrable again and provide a function that folds
the differentials when the processor is going to idle mode thus
addressing the issue of the above commit in a clean way.

Note that the shepherd thread will continue scanning the differentials
from another processor and will reenable the vmstat workers if it
detects any changes.

Fixes: ba4877b9ca51 ("vmstat: do not use deferrable delayed work for vmstat_update")
Signed-off-by: Christoph Lameter <cl@linux.com>
Cc: Michal Hocko <mhocko@suse.cz>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 include/linux/vmstat.h |  2 ++
 kernel/sched/idle.c    |  1 +
 mm/vmstat.c            | 69 +++++++++++++++++++++++++++---------------
 3 files changed, 47 insertions(+), 25 deletions(-)

diff --git a/include/linux/vmstat.h b/include/linux/vmstat.h
index 3e5d9075960f..73fae8c4a5fb 100644
--- a/include/linux/vmstat.h
+++ b/include/linux/vmstat.h
@@ -189,6 +189,7 @@ extern void __inc_zone_state(struct zone *, enum zone_stat_item);
 extern void dec_zone_state(struct zone *, enum zone_stat_item);
 extern void __dec_zone_state(struct zone *, enum zone_stat_item);
 
+void quiet_vmstat(void);
 void cpu_vm_stats_fold(int cpu);
 void refresh_zone_stat_thresholds(void);
 
@@ -249,6 +250,7 @@ static inline void __dec_zone_page_state(struct page *page,
 
 static inline void refresh_zone_stat_thresholds(void) { }
 static inline void cpu_vm_stats_fold(int cpu) { }
+static inline void quiet_vmstat(void) { }
 
 static inline void drain_zonestat(struct zone *zone,
 			struct per_cpu_pageset *pset) { }
diff --git a/kernel/sched/idle.c b/kernel/sched/idle.c
index bfd573122e0d..306a859b36f0 100644
--- a/kernel/sched/idle.c
+++ b/kernel/sched/idle.c
@@ -219,6 +219,7 @@ static void cpu_idle_loop(void)
 		 */
 
 		__current_set_polling();
+		quiet_vmstat();
 		tick_nohz_idle_enter();
 
 		while (!need_resched()) {
diff --git a/mm/vmstat.c b/mm/vmstat.c
index a2d70ef74db7..6af9bbad94c7 100644
--- a/mm/vmstat.c
+++ b/mm/vmstat.c
@@ -460,7 +460,7 @@ static int fold_diff(int *diff)
  *
  * The function returns the number of global counters updated.
  */
-static int refresh_cpu_vm_stats(void)
+static int refresh_cpu_vm_stats(bool do_pagesets)
 {
 	struct zone *zone;
 	int i;
@@ -484,33 +484,35 @@ static int refresh_cpu_vm_stats(void)
 #endif
 			}
 		}
-		cond_resched();
 #ifdef CONFIG_NUMA
-		/*
-		 * Deal with draining the remote pageset of this
-		 * processor
-		 *
-		 * Check if there are pages remaining in this pageset
-		 * if not then there is nothing to expire.
-		 */
-		if (!__this_cpu_read(p->expire) ||
+		if (do_pagesets) {
+			cond_resched();
+			/*
+			 * Deal with draining the remote pageset of this
+			 * processor
+			 *
+			 * Check if there are pages remaining in this pageset
+			 * if not then there is nothing to expire.
+			 */
+			if (!__this_cpu_read(p->expire) ||
 			       !__this_cpu_read(p->pcp.count))
-			continue;
+				continue;
 
-		/*
-		 * We never drain zones local to this processor.
-		 */
-		if (zone_to_nid(zone) == numa_node_id()) {
-			__this_cpu_write(p->expire, 0);
-			continue;
-		}
+			/*
+			 * We never drain zones local to this processor.
+			 */
+			if (zone_to_nid(zone) == numa_node_id()) {
+				__this_cpu_write(p->expire, 0);
+				continue;
+			}
 
-		if (__this_cpu_dec_return(p->expire))
-			continue;
+			if (__this_cpu_dec_return(p->expire))
+				continue;
 
-		if (__this_cpu_read(p->pcp.count)) {
-			drain_zone_pages(zone, this_cpu_ptr(&p->pcp));
-			changes++;
+			if (__this_cpu_read(p->pcp.count)) {
+				drain_zone_pages(zone, this_cpu_ptr(&p->pcp));
+				changes++;
+			}
 		}
 #endif
 	}
@@ -1393,7 +1395,7 @@ static cpumask_var_t cpu_stat_off;
 
 static void vmstat_update(struct work_struct *w)
 {
-	if (refresh_cpu_vm_stats()) {
+	if (refresh_cpu_vm_stats(true)) {
 		/*
 		 * Counters were updated so we expect more updates
 		 * to occur in the future. Keep on running the
@@ -1424,6 +1426,23 @@ static void vmstat_update(struct work_struct *w)
 	}
 }
 
+/*
+ * Switch off vmstat processing and then fold all the remaining differentials
+ * until the diffs stay at zero. The function is used by NOHZ and can only be
+ * invoked when tick processing is not active.
+ */
+void quiet_vmstat(void)
+{
+	if (system_state != SYSTEM_RUNNING)
+		return;
+
+	do {
+		if (!cpumask_test_and_set_cpu(smp_processor_id(), cpu_stat_off))
+			cancel_delayed_work(this_cpu_ptr(&vmstat_work));
+
+	} while (refresh_cpu_vm_stats(false));
+}
+
 /*
  * Check if the diffs for a certain cpu indicate that
  * an update is needed.
@@ -1456,7 +1475,7 @@ static bool need_update(int cpu)
  */
 static void vmstat_shepherd(struct work_struct *w);
 
-static DECLARE_DELAYED_WORK(shepherd, vmstat_shepherd);
+static DECLARE_DEFERRABLE_WORK(shepherd, vmstat_shepherd);
 
 static void vmstat_shepherd(struct work_struct *w)
 {
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 048/131] hid-sensor-hub.c: fix wrong do_div() usage
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (46 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 047/131] vmstat: make vmstat_updater deferrable again and shut down on idle Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:01 ` [PATCH 4.4 049/131] arm64: hide __efistub_ aliases from kallsyms Greg Kroah-Hartman
                   ` (87 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Nicolas Pitre, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit 8d43b49e7e0070f96ac46d30659a336c0224fa0b ]

do_div() must only be used with a u64 dividend.

Signed-off-by: Nicolas Pitre <nico@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/hid/hid-sensor-hub.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/hid/hid-sensor-hub.c b/drivers/hid/hid-sensor-hub.c
index 92870cdb52d9..8efaa88329aa 100644
--- a/drivers/hid/hid-sensor-hub.c
+++ b/drivers/hid/hid-sensor-hub.c
@@ -218,7 +218,8 @@ int sensor_hub_set_feature(struct hid_sensor_hub_device *hsdev, u32 report_id,
 		goto done_proc;
 	}
 
-	remaining_bytes = do_div(buffer_size, sizeof(__s32));
+	remaining_bytes = buffer_size % sizeof(__s32);
+	buffer_size = buffer_size / sizeof(__s32);
 	if (buffer_size) {
 		for (i = 0; i < buffer_size; ++i) {
 			hid_set_field(report->field[field_index], i,
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 049/131] arm64: hide __efistub_ aliases from kallsyms
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (47 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 048/131] hid-sensor-hub.c: fix wrong do_div() usage Greg Kroah-Hartman
@ 2019-04-01 17:01 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 050/131] perf: Synchronously free aux pages in case of allocation failure Greg Kroah-Hartman
                   ` (86 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Ard Biesheuvel, Will Deacon, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit 75feee3d9d51775072d3a04f47d4a439a4c4590e ]

Commit e8f3010f7326 ("arm64/efi: isolate EFI stub from the kernel
proper") isolated the EFI stub code from the kernel proper by prefixing
all of its symbols with __efistub_, and selectively allowing access to
core kernel symbols from the stub by emitting __efistub_ aliases for
functions and variables that the stub can access legally.

As an unintended side effect, these aliases are emitted into the
kallsyms symbol table, which means they may turn up in backtraces,
e.g.,

  ...
  PC is at __efistub_memset+0x108/0x200
  LR is at fixup_init+0x3c/0x48
  ...
  [<ffffff8008328608>] __efistub_memset+0x108/0x200
  [<ffffff8008094dcc>] free_initmem+0x2c/0x40
  [<ffffff8008645198>] kernel_init+0x20/0xe0
  [<ffffff8008085cd0>] ret_from_fork+0x10/0x40

The backtrace in question has nothing to do with the EFI stub, but
simply returns one of the several aliases of memset() that have been
recorded in the kallsyms table. This is undesirable, since it may
suggest to people who are not aware of this that the issue they are
seeing is somehow EFI related.

So hide the __efistub_ aliases from kallsyms, by emitting them as
absolute linker symbols explicitly. The distinction between those
and section relative symbols is completely irrelevant to these
definitions, and to the final link we are performing when these
definitions are being taken into account (the distinction is only
relevant to symbols defined inside a section definition when performing
a partial link), and so the resulting values are identical to the
original ones. Since absolute symbols are ignored by kallsyms, this
will result in these values to be omitted from its symbol table.

After this patch, the backtrace generated from the same address looks
like this:
  ...
  PC is at __memset+0x108/0x200
  LR is at fixup_init+0x3c/0x48
  ...
  [<ffffff8008328608>] __memset+0x108/0x200
  [<ffffff8008094dcc>] free_initmem+0x2c/0x40
  [<ffffff8008645198>] kernel_init+0x20/0xe0
  [<ffffff8008085cd0>] ret_from_fork+0x10/0x40

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm64/kernel/image.h | 40 ++++++++++++++++++++++++---------------
 1 file changed, 25 insertions(+), 15 deletions(-)

diff --git a/arch/arm64/kernel/image.h b/arch/arm64/kernel/image.h
index bc2abb8b1599..999633bd7294 100644
--- a/arch/arm64/kernel/image.h
+++ b/arch/arm64/kernel/image.h
@@ -64,6 +64,16 @@
 
 #ifdef CONFIG_EFI
 
+/*
+ * Prevent the symbol aliases below from being emitted into the kallsyms
+ * table, by forcing them to be absolute symbols (which are conveniently
+ * ignored by scripts/kallsyms) rather than section relative symbols.
+ * The distinction is only relevant for partial linking, and only for symbols
+ * that are defined within a section declaration (which is not the case for
+ * the definitions below) so the resulting values will be identical.
+ */
+#define KALLSYMS_HIDE(sym)	ABSOLUTE(sym)
+
 /*
  * The EFI stub has its own symbol namespace prefixed by __efistub_, to
  * isolate it from the kernel proper. The following symbols are legally
@@ -73,25 +83,25 @@
  * linked at. The routines below are all implemented in assembler in a
  * position independent manner
  */
-__efistub_memcmp		= __pi_memcmp;
-__efistub_memchr		= __pi_memchr;
-__efistub_memcpy		= __pi_memcpy;
-__efistub_memmove		= __pi_memmove;
-__efistub_memset		= __pi_memset;
-__efistub_strlen		= __pi_strlen;
-__efistub_strcmp		= __pi_strcmp;
-__efistub_strncmp		= __pi_strncmp;
-__efistub___flush_dcache_area	= __pi___flush_dcache_area;
+__efistub_memcmp		= KALLSYMS_HIDE(__pi_memcmp);
+__efistub_memchr		= KALLSYMS_HIDE(__pi_memchr);
+__efistub_memcpy		= KALLSYMS_HIDE(__pi_memcpy);
+__efistub_memmove		= KALLSYMS_HIDE(__pi_memmove);
+__efistub_memset		= KALLSYMS_HIDE(__pi_memset);
+__efistub_strlen		= KALLSYMS_HIDE(__pi_strlen);
+__efistub_strcmp		= KALLSYMS_HIDE(__pi_strcmp);
+__efistub_strncmp		= KALLSYMS_HIDE(__pi_strncmp);
+__efistub___flush_dcache_area	= KALLSYMS_HIDE(__pi___flush_dcache_area);
 
 #ifdef CONFIG_KASAN
-__efistub___memcpy		= __pi_memcpy;
-__efistub___memmove		= __pi_memmove;
-__efistub___memset		= __pi_memset;
+__efistub___memcpy		= KALLSYMS_HIDE(__pi_memcpy);
+__efistub___memmove		= KALLSYMS_HIDE(__pi_memmove);
+__efistub___memset		= KALLSYMS_HIDE(__pi_memset);
 #endif
 
-__efistub__text			= _text;
-__efistub__end			= _end;
-__efistub__edata		= _edata;
+__efistub__text			= KALLSYMS_HIDE(_text);
+__efistub__end			= KALLSYMS_HIDE(_end);
+__efistub__edata		= KALLSYMS_HIDE(_edata);
 
 #endif
 
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 050/131] perf: Synchronously free aux pages in case of allocation failure
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (48 preceding siblings ...)
  2019-04-01 17:01 ` [PATCH 4.4 049/131] arm64: hide __efistub_ aliases from kallsyms Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 051/131] net: diag: support v4mapped sockets in inet_diag_find_one_icsk() Greg Kroah-Hartman
                   ` (85 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Markus Metzger, Alexander Shishkin,
	Peter Zijlstra (Intel),
	Arnaldo Carvalho de Melo, Arnaldo Carvalho de Melo, David Ahern,
	Jiri Olsa, Linus Torvalds, Namhyung Kim, Stephane Eranian,
	Thomas Gleixner, Vince Weaver, vince, Ingo Molnar, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit 45c815f06b80031659c63d7b93e580015d6024dd ]

We are currently using asynchronous deallocation in the error path in
AUX mmap code, which is unnecessary and also presents a problem for users
that wish to probe for the biggest possible buffer size they can get:
they'll get -EINVAL on all subsequent attemts to allocate a smaller
buffer before the asynchronous deallocation callback frees up the pages
from the previous unsuccessful attempt.

Currently, gdb does that for allocating AUX buffers for Intel PT traces.
More specifically, overwrite mode of AUX pmus that don't support hardware
sg (some implementations of Intel PT, for instance) is limited to only
one contiguous high order allocation for its buffer and there is no way
of knowing its size without trying.

This patch changes error path freeing to be synchronous as there won't
be any contenders for the AUX pages at that point.

Reported-by: Markus Metzger <markus.t.metzger@intel.com>
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Arnaldo Carvalho de Melo <acme@infradead.org>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephane Eranian <eranian@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Vince Weaver <vincent.weaver@maine.edu>
Cc: vince@deater.net
Link: http://lkml.kernel.org/r/1453216469-9509-1-git-send-email-alexander.shishkin@linux.intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 kernel/events/ring_buffer.c | 40 ++++++++++++++++++-------------------
 1 file changed, 20 insertions(+), 20 deletions(-)

diff --git a/kernel/events/ring_buffer.c b/kernel/events/ring_buffer.c
index 358bb53c1e74..94dc6b0763ab 100644
--- a/kernel/events/ring_buffer.c
+++ b/kernel/events/ring_buffer.c
@@ -468,6 +468,25 @@ static void rb_free_aux_page(struct ring_buffer *rb, int idx)
 	__free_page(page);
 }
 
+static void __rb_free_aux(struct ring_buffer *rb)
+{
+	int pg;
+
+	if (rb->aux_priv) {
+		rb->free_aux(rb->aux_priv);
+		rb->free_aux = NULL;
+		rb->aux_priv = NULL;
+	}
+
+	if (rb->aux_nr_pages) {
+		for (pg = 0; pg < rb->aux_nr_pages; pg++)
+			rb_free_aux_page(rb, pg);
+
+		kfree(rb->aux_pages);
+		rb->aux_nr_pages = 0;
+	}
+}
+
 int rb_alloc_aux(struct ring_buffer *rb, struct perf_event *event,
 		 pgoff_t pgoff, int nr_pages, long watermark, int flags)
 {
@@ -556,30 +575,11 @@ int rb_alloc_aux(struct ring_buffer *rb, struct perf_event *event,
 	if (!ret)
 		rb->aux_pgoff = pgoff;
 	else
-		rb_free_aux(rb);
+		__rb_free_aux(rb);
 
 	return ret;
 }
 
-static void __rb_free_aux(struct ring_buffer *rb)
-{
-	int pg;
-
-	if (rb->aux_priv) {
-		rb->free_aux(rb->aux_priv);
-		rb->free_aux = NULL;
-		rb->aux_priv = NULL;
-	}
-
-	if (rb->aux_nr_pages) {
-		for (pg = 0; pg < rb->aux_nr_pages; pg++)
-			rb_free_aux_page(rb, pg);
-
-		kfree(rb->aux_pages);
-		rb->aux_nr_pages = 0;
-	}
-}
-
 void rb_free_aux(struct ring_buffer *rb)
 {
 	if (atomic_dec_and_test(&rb->aux_refcount))
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 051/131] net: diag: support v4mapped sockets in inet_diag_find_one_icsk()
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (49 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 050/131] perf: Synchronously free aux pages in case of allocation failure Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 052/131] Revert "mmc: block: dont use parameter prefix if built as module" Greg Kroah-Hartman
                   ` (84 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Lorenzo Colitti, Eric Dumazet,
	David S. Miller, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit 7c1306723ee916ea9f1fa7d9e4c7a6d029ca7aaf ]

Lorenzo reported that we could not properly find v4mapped sockets
in inet_diag_find_one_icsk(). This patch fixes the issue.

Reported-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/ipv4/inet_diag.c | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c
index ab9f8a66615d..386443e780da 100644
--- a/net/ipv4/inet_diag.c
+++ b/net/ipv4/inet_diag.c
@@ -366,13 +366,20 @@ int inet_diag_dump_one_icsk(struct inet_hashinfo *hashinfo,
 				 req->id.idiag_dport, req->id.idiag_src[0],
 				 req->id.idiag_sport, req->id.idiag_if);
 #if IS_ENABLED(CONFIG_IPV6)
-	else if (req->sdiag_family == AF_INET6)
-		sk = inet6_lookup(net, hashinfo,
-				  (struct in6_addr *)req->id.idiag_dst,
-				  req->id.idiag_dport,
-				  (struct in6_addr *)req->id.idiag_src,
-				  req->id.idiag_sport,
-				  req->id.idiag_if);
+	else if (req->sdiag_family == AF_INET6) {
+		if (ipv6_addr_v4mapped((struct in6_addr *)req->id.idiag_dst) &&
+		    ipv6_addr_v4mapped((struct in6_addr *)req->id.idiag_src))
+			sk = inet_lookup(net, hashinfo, req->id.idiag_dst[3],
+					 req->id.idiag_dport, req->id.idiag_src[3],
+					 req->id.idiag_sport, req->id.idiag_if);
+		else
+			sk = inet6_lookup(net, hashinfo,
+					  (struct in6_addr *)req->id.idiag_dst,
+					  req->id.idiag_dport,
+					  (struct in6_addr *)req->id.idiag_src,
+					  req->id.idiag_sport,
+					  req->id.idiag_if);
+	}
 #endif
 	else
 		goto out_nosk;
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 052/131] Revert "mmc: block: dont use parameter prefix if built as module"
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (50 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 051/131] net: diag: support v4mapped sockets in inet_diag_find_one_icsk() Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 053/131] writeback: initialize inode members that track writeback history Greg Kroah-Hartman
                   ` (83 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, John Stultz, Andy Shevchenko,
	Ulf Hansson, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit a5ebb87db84392edfd3142c3a6a78431d820a789 ]

This reverts commit 829b6962f7e3cfc06f7c5c26269fd47ad48cf503.

Revert this change as it causes a sysfs path to change and therefore
introduces and ABI regression. More precisely Android's vold is not being
able to access /sys/module/mmcblk/parameters/perdev_minors any more, since
the path becomes changed to: "/sys/module/mmc_block/..."

Fixes: 829b6962f7e3 ("mmc: block: don't use parameter prefix if built as
module")
Reported-by: John Stultz <john.stultz@linaro.org>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/mmc/card/block.c | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c
index c15b879c3070..f600bdcaf5b4 100644
--- a/drivers/mmc/card/block.c
+++ b/drivers/mmc/card/block.c
@@ -47,13 +47,10 @@
 #include "queue.h"
 
 MODULE_ALIAS("mmc:block");
-
-#ifdef KERNEL
 #ifdef MODULE_PARAM_PREFIX
 #undef MODULE_PARAM_PREFIX
 #endif
 #define MODULE_PARAM_PREFIX "mmcblk."
-#endif
 
 #define INAND_CMD38_ARG_EXT_CSD  113
 #define INAND_CMD38_ARG_ERASE    0x00
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 053/131] writeback: initialize inode members that track writeback history
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (51 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 052/131] Revert "mmc: block: dont use parameter prefix if built as module" Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 054/131] coresight: fixing lockdep error Greg Kroah-Hartman
                   ` (82 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Tahsin Erdogan, Tejun Heo,
	Jens Axboe, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit 3d65ae4634ed8350aee98a4e6f4e41fe40c7d282 ]

inode struct members that track cgroup writeback information
should be reinitialized when inode gets allocated from
kmem_cache. Otherwise, their values remain and get used by the
new inode.

Signed-off-by: Tahsin Erdogan <tahsin@google.com>
Acked-by: Tejun Heo <tj@kernel.org>
Fixes: d10c80955265 ("writeback: implement foreign cgroup inode bdi_writeback switching")
Signed-off-by: Jens Axboe <axboe@fb.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/inode.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/fs/inode.c b/fs/inode.c
index a39c2724d8a0..b5c3a6473aaa 100644
--- a/fs/inode.c
+++ b/fs/inode.c
@@ -154,6 +154,12 @@ int inode_init_always(struct super_block *sb, struct inode *inode)
 	inode->i_rdev = 0;
 	inode->dirtied_when = 0;
 
+#ifdef CONFIG_CGROUP_WRITEBACK
+	inode->i_wb_frn_winner = 0;
+	inode->i_wb_frn_avg_time = 0;
+	inode->i_wb_frn_history = 0;
+#endif
+
 	if (security_inode_alloc(inode))
 		goto out;
 	spin_lock_init(&inode->i_lock);
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 054/131] coresight: fixing lockdep error
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (52 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 053/131] writeback: initialize inode members that track writeback history Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 055/131] coresight: coresight_unregister() function cleanup Greg Kroah-Hartman
                   ` (81 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Rabin Vincent, Mathieu Poirier, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit a9ddc71f5840c2711e530f2e055b278f79948b29 ]

On some platform the following lockdep error occurs when doing simple
manipulations:

    [   23.197021]
    [   23.198608] ======================================================
    [   23.205078] [ INFO: possible circular locking dependency detected ]
    [   23.211639] 4.4.0-rc8-00025-gbbf360b #172 Not tainted
    [   23.216918] -------------------------------------------------------
    [   23.223480] sh/858 is trying to acquire lock:
    [   23.228057]  (coresight_mutex){+.+.+.}, at: [<c0415d40>] coresight_enable+0x1c/0x1b4
    [   23.236206]
    [   23.236206] but task is already holding lock:
    [   23.242309]  (s_active#52){++++.+}, at: [<c01d4b40>] kernfs_fop_write+0x5c/0x1c0
    [   23.250122]
    [   23.250122] which lock already depends on the new lock.
    [   23.250122]
    [   23.258697]
    [   23.258697] the existing dependency chain (in reverse order) is:
    [   23.266510]
    -> #1 (s_active#52){++++.+}:
    [   23.270843]        [<c01d30ec>] __kernfs_remove+0x294/0x35c
    [   23.276672]        [<c01d3e44>] kernfs_remove_by_name_ns+0x44/0x8c
    [   23.283172]        [<c01d6318>] remove_files+0x3c/0x84
    [   23.288543]        [<c01d66b4>] sysfs_remove_group+0x48/0x9c
    [   23.294494]        [<c01d6734>] sysfs_remove_groups+0x2c/0x3c
    [   23.300506]        [<c030b658>] device_remove_attrs+0x5c/0x74
    [   23.306549]        [<c030c290>] device_del+0x110/0x218
    [   23.311950]        [<c030c3c4>] device_unregister+0x2c/0x6c
    [   23.317779]        [<c04156d8>] coresight_unregister+0x30/0x40
    [   23.323883]        [<c041a290>] etm_probe+0x228/0x2e8
    [   23.329193]        [<c02bc760>] amba_probe+0xe4/0x160
    [   23.334503]        [<c0310540>] driver_probe_device+0x23c/0x480
    [   23.340728]        [<c0310820>] __driver_attach+0x9c/0xa0
    [   23.346374]        [<c030e400>] bus_for_each_dev+0x70/0xa4
    [   23.352142]        [<c030fcf4>] driver_attach+0x24/0x28
    [   23.357604]        [<c030f86c>] bus_add_driver+0x1e0/0x278
    [   23.363372]        [<c0310d48>] driver_register+0x80/0x100
    [   23.369110]        [<c02bc508>] amba_driver_register+0x58/0x5c
    [   23.375244]        [<c0749514>] etm_driver_init+0x18/0x1c
    [   23.380889]        [<c0009918>] do_one_initcall+0xc4/0x20c
    [   23.386657]        [<c0715e7c>] kernel_init_freeable+0x160/0x208
    [   23.392974]        [<c052d7fc>] kernel_init+0x18/0xf0
    [   23.398254]        [<c0010850>] ret_from_fork+0x14/0x24
    [   23.403747]
    -> #0 (coresight_mutex){+.+.+.}:
    [   23.408447]        [<c008ed60>] lock_acquire+0xe4/0x210
    [   23.413909]        [<c0530a30>] mutex_lock_nested+0x74/0x450
    [   23.419860]        [<c0415d40>] coresight_enable+0x1c/0x1b4
    [   23.425689]        [<c0416030>] enable_source_store+0x58/0x68
    [   23.431732]        [<c030b358>] dev_attr_store+0x20/0x2c
    [   23.437286]        [<c01d55e8>] sysfs_kf_write+0x50/0x54
    [   23.442871]        [<c01d4ba8>] kernfs_fop_write+0xc4/0x1c0
    [   23.448699]        [<c015b60c>] __vfs_write+0x34/0xe4
    [   23.454040]        [<c015bf38>] vfs_write+0x98/0x174
    [   23.459228]        [<c015c7a8>] SyS_write+0x4c/0xa8
    [   23.464355]        [<c00107c0>] ret_fast_syscall+0x0/0x1c
    [   23.470031]
    [   23.470031] other info that might help us debug this:
    [   23.470031]
    [   23.478393]  Possible unsafe locking scenario:
    [   23.478393]
    [   23.484619]        CPU0                    CPU1
    [   23.489349]        ----                    ----
    [   23.494079]   lock(s_active#52);
    [   23.497497]                                lock(coresight_mutex);
    [   23.503906]                                lock(s_active#52);
    [   23.509918]   lock(coresight_mutex);
    [   23.513702]
    [   23.513702]  *** DEADLOCK ***
    [   23.513702]
    [   23.519897] 3 locks held by sh/858:
    [   23.523529]  #0:  (sb_writers#7){.+.+.+}, at: [<c015ec38>] __sb_start_write+0xa8/0xd4
    [   23.531799]  #1:  (&of->mutex){+.+...}, at: [<c01d4b38>] kernfs_fop_write+0x54/0x1c0
    [   23.539916]  #2:  (s_active#52){++++.+}, at: [<c01d4b40>] kernfs_fop_write+0x5c/0x1c0
    [   23.548156]
    [   23.548156] stack backtrace:
    [   23.552734] CPU: 0 PID: 858 Comm: sh Not tainted 4.4.0-rc8-00025-gbbf360b #172
    [   23.560302] Hardware name: Generic OMAP4 (Flattened Device Tree)
    [   23.566589] Backtrace:
    [   23.569152] [<c00154d4>] (dump_backtrace) from [<c00156d0>] (show_stack+0x18/0x1c)
    [   23.577087]  r7:ed4b8570 r6:c0936400 r5:c07ae71c r4:00000000
    [   23.583038] [<c00156b8>] (show_stack) from [<c027e69c>] (dump_stack+0x98/0xc0)
    [   23.590606] [<c027e604>] (dump_stack) from [<c008a750>] (print_circular_bug+0x21c/0x33c)
    [   23.599090]  r5:c0939d60 r4:c0936400
    [   23.602874] [<c008a534>] (print_circular_bug) from [<c008e370>] (__lock_acquire+0x1c98/0x1d88)
    [   23.611877]  r10:00000003 r9:c0fd7a5c r8:ed4b8550 r7:ed4b8570 r6:ed4b8000 r5:c0ff69e4
    [   23.620117]  r4:c0936400 r3:ed4b8550
    [   23.623901] [<c008c6d8>] (__lock_acquire) from [<c008ed60>] (lock_acquire+0xe4/0x210)
    [   23.632080]  r10:00000000 r9:00000000 r8:60000013 r7:c07cb7b4 r6:00000001 r5:00000000
    [   23.640350]  r4:00000000
    [   23.643005] [<c008ec7c>] (lock_acquire) from [<c0530a30>] (mutex_lock_nested+0x74/0x450)
    [   23.651458]  r10:ecc0bf80 r9:edbe7dcc r8:ed4b8000 r7:c0fd7a5c r6:c0415d40 r5:00000000
    [   23.659729]  r4:c07cb780
    [   23.662384] [<c05309bc>] (mutex_lock_nested) from [<c0415d40>] (coresight_enable+0x1c/0x1b4)
    [   23.671234]  r10:ecc0bf80 r9:edbe7dcc r8:ed733c00 r7:00000000 r6:ed733c00 r5:00000002
    [   23.679473]  r4:ed762140
    [   23.682128] [<c0415d24>] (coresight_enable) from [<c0416030>] (enable_source_store+0x58/0x68)
    [   23.691070]  r7:00000000 r6:ed733c00 r5:00000002 r4:ed762160
    [   23.697052] [<c0415fd8>] (enable_source_store) from [<c030b358>] (dev_attr_store+0x20/0x2c)
    [   23.705780]  r5:edbe7dc0 r4:c0415fd8
    [   23.709533] [<c030b338>] (dev_attr_store) from [<c01d55e8>] (sysfs_kf_write+0x50/0x54)
    [   23.717834]  r5:edbe7dc0 r4:c030b338
    [   23.721618] [<c01d5598>] (sysfs_kf_write) from [<c01d4ba8>] (kernfs_fop_write+0xc4/0x1c0)
    [   23.730163]  r7:00000000 r6:00000000 r5:00000002 r4:edbe7dc0
    [   23.736145] [<c01d4ae4>] (kernfs_fop_write) from [<c015b60c>] (__vfs_write+0x34/0xe4)
    [   23.744323]  r10:00000000 r9:ecc0a000 r8:c0010964 r7:ecc0bf80 r6:00000002 r5:c01d4ae4
    [   23.752593]  r4:ee385a40
    [   23.755249] [<c015b5d8>] (__vfs_write) from [<c015bf38>] (vfs_write+0x98/0x174)
    [   23.762908]  r9:ecc0a000 r8:c0010964 r7:ecc0bf80 r6:000ab0d8 r5:00000002 r4:ee385a40
    [   23.771057] [<c015bea0>] (vfs_write) from [<c015c7a8>] (SyS_write+0x4c/0xa8)
    [   23.778442]  r8:c0010964 r7:00000002 r6:000ab0d8 r5:ee385a40 r4:ee385a40
    [   23.785522] [<c015c75c>] (SyS_write) from [<c00107c0>] (ret_fast_syscall+0x0/0x1c)
    [   23.793457]  r7:00000004 r6:00000001 r5:000ab0d8 r4:00000002
    [   23.799652] coresight-etb10 54162000.etb: ETB enabled
    [   23.805084] coresight-funnel 54164000.funnel: FUNNEL inport 0 enabled
    [   23.811859] coresight-replicator 44000000.ocp:replicator: REPLICATOR enabled
    [   23.819335] coresight-funnel 54158000.funnel: FUNNEL inport 0 enabled
    [   23.826110] coresight-etm3x 5414c000.ptm: ETM tracing enabled

The locking in coresight_unregister() is not required as the only customers of
the function are drivers themselves when an initialisation failure has been
encoutered.

Reported-by: Rabin Vincent <rabin@rab.in>
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/hwtracing/coresight/coresight.c | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/drivers/hwtracing/coresight/coresight.c b/drivers/hwtracing/coresight/coresight.c
index 902ee6efd09c..84fc60318f79 100644
--- a/drivers/hwtracing/coresight/coresight.c
+++ b/drivers/hwtracing/coresight/coresight.c
@@ -716,12 +716,8 @@ EXPORT_SYMBOL_GPL(coresight_register);
 
 void coresight_unregister(struct coresight_device *csdev)
 {
-	mutex_lock(&coresight_mutex);
-
 	kfree(csdev->conns);
 	device_unregister(&csdev->dev);
-
-	mutex_unlock(&coresight_mutex);
 }
 EXPORT_SYMBOL_GPL(coresight_unregister);
 
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 055/131] coresight: coresight_unregister() function cleanup
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (53 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 054/131] coresight: fixing lockdep error Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 056/131] coresight: release reference taken by bus_find_device() Greg Kroah-Hartman
                   ` (80 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Rabin Vincent, Mathieu Poirier, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit fae54158792aec705620bdc3938d342879204f0c ]

In its current form the code never frees csdev->refcnt allocated
in coresight_register().  There is also a problem with csdev->conns
that is freed before device_unregister() rather than in the device
release function.

This patch addresses both issues by moving kfree(csdev->conns) to
coresight_device_release() and freeing csdev->refcnt, also in
the same function.

Reported-by: Rabin Vincent <rabin@rab.in>
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/hwtracing/coresight/coresight.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/hwtracing/coresight/coresight.c b/drivers/hwtracing/coresight/coresight.c
index 84fc60318f79..a7d1edbf3340 100644
--- a/drivers/hwtracing/coresight/coresight.c
+++ b/drivers/hwtracing/coresight/coresight.c
@@ -484,6 +484,8 @@ static void coresight_device_release(struct device *dev)
 {
 	struct coresight_device *csdev = to_coresight_device(dev);
 
+	kfree(csdev->conns);
+	kfree(csdev->refcnt);
 	kfree(csdev);
 }
 
@@ -716,7 +718,6 @@ EXPORT_SYMBOL_GPL(coresight_register);
 
 void coresight_unregister(struct coresight_device *csdev)
 {
-	kfree(csdev->conns);
 	device_unregister(&csdev->dev);
 }
 EXPORT_SYMBOL_GPL(coresight_unregister);
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 056/131] coresight: release reference taken by bus_find_device()
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (54 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 055/131] coresight: coresight_unregister() function cleanup Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 057/131] coresight: remove csdevs link from topology Greg Kroah-Hartman
                   ` (79 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Rabin Vincent, Mathieu Poirier, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit f2dfab3568fc32afeac8b698481e80e7ab2dc658 ]

The reference count taken by function bus_find_device() needs
to be released if a child device is found, something this patch
is adding.

Reported-by: Rabin Vincent <rabin@rab.in>
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/hwtracing/coresight/coresight.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/hwtracing/coresight/coresight.c b/drivers/hwtracing/coresight/coresight.c
index a7d1edbf3340..5e2a2a5ad601 100644
--- a/drivers/hwtracing/coresight/coresight.c
+++ b/drivers/hwtracing/coresight/coresight.c
@@ -573,6 +573,8 @@ static void coresight_fixup_device_conns(struct coresight_device *csdev)
 
 		if (dev) {
 			conn->child_dev = to_coresight_device(dev);
+			/* and put reference from 'bus_find_device()' */
+			put_device(dev);
 		} else {
 			csdev->orphan = true;
 			conn->child_dev = NULL;
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 057/131] coresight: remove csdevs link from topology
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (55 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 056/131] coresight: release reference taken by bus_find_device() Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 058/131] stm class: Fix locking in unbinding policy path Greg Kroah-Hartman
                   ` (78 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mathieu Poirier, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit ad725aee070caf8fa93d84d6fb78321f9642db18 ]

In function 'coresight_unregister()', all references to the csdev that
is being taken away need to be removed from the topology.  Otherwise
building the next coresight path from source to sink may use memory
that has been released.

Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/hwtracing/coresight/coresight.c | 46 +++++++++++++++++++++++++
 1 file changed, 46 insertions(+)

diff --git a/drivers/hwtracing/coresight/coresight.c b/drivers/hwtracing/coresight/coresight.c
index 5e2a2a5ad601..c6aea4795d0b 100644
--- a/drivers/hwtracing/coresight/coresight.c
+++ b/drivers/hwtracing/coresight/coresight.c
@@ -582,6 +582,50 @@ static void coresight_fixup_device_conns(struct coresight_device *csdev)
 	}
 }
 
+static int coresight_remove_match(struct device *dev, void *data)
+{
+	int i;
+	struct coresight_device *csdev, *iterator;
+	struct coresight_connection *conn;
+
+	csdev = data;
+	iterator = to_coresight_device(dev);
+
+	/* No need to check oneself */
+	if (csdev == iterator)
+		return 0;
+
+	/*
+	 * Circle throuch all the connection of that component.  If we find
+	 * a connection whose name matches @csdev, remove it.
+	 */
+	for (i = 0; i < iterator->nr_outport; i++) {
+		conn = &iterator->conns[i];
+
+		if (conn->child_dev == NULL)
+			continue;
+
+		if (!strcmp(dev_name(&csdev->dev), conn->child_name)) {
+			iterator->orphan = true;
+			conn->child_dev = NULL;
+			/* No need to continue */
+			break;
+		}
+	}
+
+	/*
+	 * Returning '0' ensures that all known component on the
+	 * bus will be checked.
+	 */
+	return 0;
+}
+
+static void coresight_remove_conns(struct coresight_device *csdev)
+{
+	bus_for_each_dev(&coresight_bustype, NULL,
+			 csdev, coresight_remove_match);
+}
+
 /**
  * coresight_timeout - loop until a bit has changed to a specific state.
  * @addr: base address of the area of interest.
@@ -720,6 +764,8 @@ EXPORT_SYMBOL_GPL(coresight_register);
 
 void coresight_unregister(struct coresight_device *csdev)
 {
+	/* Remove references of that device in the topology */
+	coresight_remove_conns(csdev);
 	device_unregister(&csdev->dev);
 }
 EXPORT_SYMBOL_GPL(coresight_unregister);
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 058/131] stm class: Fix locking in unbinding policy path
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (56 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 057/131] coresight: remove csdevs link from topology Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 059/131] stm class: Fix link list locking Greg Kroah-Hartman
                   ` (77 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alexander Shishkin, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit 4c127fd16e6b33ecb7badc091480c84ea9aebeb6 ]

Right now, if stm device removal has to unbind from a policy (that is,
an stm device that has STP policy, gets removed), it will trigger a
nested lock on the stm device's policy mutex.

This patch fixes the problem by moving the locking from the policy
unbinding to policy removal (configfs path), where it's actually needed;
the other caller of the policy unbinding function already takes the
mutex around the call.

Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/hwtracing/stm/policy.c | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/drivers/hwtracing/stm/policy.c b/drivers/hwtracing/stm/policy.c
index 11ab6d01adf6..94d3abfb737a 100644
--- a/drivers/hwtracing/stm/policy.c
+++ b/drivers/hwtracing/stm/policy.c
@@ -272,13 +272,17 @@ void stp_policy_unbind(struct stp_policy *policy)
 {
 	struct stm_device *stm = policy->stm;
 
+	/*
+	 * stp_policy_release() will not call here if the policy is already
+	 * unbound; other users should not either, as no link exists between
+	 * this policy and anything else in that case
+	 */
 	if (WARN_ON_ONCE(!policy->stm))
 		return;
 
-	mutex_lock(&stm->policy_mutex);
-	stm->policy = NULL;
-	mutex_unlock(&stm->policy_mutex);
+	lockdep_assert_held(&stm->policy_mutex);
 
+	stm->policy = NULL;
 	policy->stm = NULL;
 
 	stm_put_device(stm);
@@ -287,8 +291,16 @@ void stp_policy_unbind(struct stp_policy *policy)
 static void stp_policy_release(struct config_item *item)
 {
 	struct stp_policy *policy = to_stp_policy(item);
+	struct stm_device *stm = policy->stm;
 
+	/* a policy *can* be unbound and still exist in configfs tree */
+	if (!stm)
+		return;
+
+	mutex_lock(&stm->policy_mutex);
 	stp_policy_unbind(policy);
+	mutex_unlock(&stm->policy_mutex);
+
 	kfree(policy);
 }
 
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 059/131] stm class: Fix link list locking
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (57 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 058/131] stm class: Fix locking in unbinding policy path Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 060/131] stm class: Prevent user-controllable allocations Greg Kroah-Hartman
                   ` (76 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alexander Shishkin, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit c74f7e8281add80bdfa0ad2998b8df287b13df73 ]

Currently, the list of stm_sources linked to an stm device is protected by
a spinlock, which also means that sources' .unlink() method is called under
this spinlock. However, this method may (and does) sleep, which means
trouble.

This patch slightly reworks locking around stm::link_list so that bits that
might_sleep() are called with a mutex held instead. Modification of this
list requires both mutex and spinlock to be held, while looking at the list
can be done under either mutex or spinlock.

Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/hwtracing/stm/core.c | 38 +++++++++++++++++++++++++++---------
 drivers/hwtracing/stm/stm.h  |  1 +
 2 files changed, 30 insertions(+), 9 deletions(-)

diff --git a/drivers/hwtracing/stm/core.c b/drivers/hwtracing/stm/core.c
index 92ab51aa8a74..f286de2e86af 100644
--- a/drivers/hwtracing/stm/core.c
+++ b/drivers/hwtracing/stm/core.c
@@ -647,6 +647,7 @@ int stm_register_device(struct device *parent, struct stm_data *stm_data,
 	if (err)
 		goto err_device;
 
+	mutex_init(&stm->link_mutex);
 	spin_lock_init(&stm->link_lock);
 	INIT_LIST_HEAD(&stm->link_list);
 
@@ -677,11 +678,11 @@ void stm_unregister_device(struct stm_data *stm_data)
 	struct stm_source_device *src, *iter;
 	int i;
 
-	spin_lock(&stm->link_lock);
+	mutex_lock(&stm->link_mutex);
 	list_for_each_entry_safe(src, iter, &stm->link_list, link_entry) {
 		__stm_source_link_drop(src, stm);
 	}
-	spin_unlock(&stm->link_lock);
+	mutex_unlock(&stm->link_mutex);
 
 	synchronize_srcu(&stm_source_srcu);
 
@@ -700,6 +701,17 @@ void stm_unregister_device(struct stm_data *stm_data)
 }
 EXPORT_SYMBOL_GPL(stm_unregister_device);
 
+/*
+ * stm::link_list access serialization uses a spinlock and a mutex; holding
+ * either of them guarantees that the list is stable; modification requires
+ * holding both of them.
+ *
+ * Lock ordering is as follows:
+ *   stm::link_mutex
+ *     stm::link_lock
+ *       src::link_lock
+ */
+
 /**
  * stm_source_link_add() - connect an stm_source device to an stm device
  * @src:	stm_source device
@@ -716,6 +728,7 @@ static int stm_source_link_add(struct stm_source_device *src,
 	char *id;
 	int err;
 
+	mutex_lock(&stm->link_mutex);
 	spin_lock(&stm->link_lock);
 	spin_lock(&src->link_lock);
 
@@ -725,6 +738,7 @@ static int stm_source_link_add(struct stm_source_device *src,
 
 	spin_unlock(&src->link_lock);
 	spin_unlock(&stm->link_lock);
+	mutex_unlock(&stm->link_mutex);
 
 	id = kstrdup(src->data->name, GFP_KERNEL);
 	if (id) {
@@ -762,6 +776,7 @@ static int stm_source_link_add(struct stm_source_device *src,
 	stm_put_device(stm);
 
 fail_detach:
+	mutex_lock(&stm->link_mutex);
 	spin_lock(&stm->link_lock);
 	spin_lock(&src->link_lock);
 
@@ -770,6 +785,7 @@ static int stm_source_link_add(struct stm_source_device *src,
 
 	spin_unlock(&src->link_lock);
 	spin_unlock(&stm->link_lock);
+	mutex_unlock(&stm->link_mutex);
 
 	return err;
 }
@@ -782,13 +798,20 @@ static int stm_source_link_add(struct stm_source_device *src,
  * If @stm is @src::link, disconnect them from one another and put the
  * reference on the @stm device.
  *
- * Caller must hold stm::link_lock.
+ * Caller must hold stm::link_mutex.
  */
 static void __stm_source_link_drop(struct stm_source_device *src,
 				   struct stm_device *stm)
 {
 	struct stm_device *link;
 
+	lockdep_assert_held(&stm->link_mutex);
+
+	if (src->data->unlink)
+		src->data->unlink(src->data);
+
+	/* for stm::link_list modification, we hold both mutex and spinlock */
+	spin_lock(&stm->link_lock);
 	spin_lock(&src->link_lock);
 	link = srcu_dereference_check(src->link, &stm_source_srcu, 1);
 	if (WARN_ON_ONCE(link != stm)) {
@@ -797,13 +820,13 @@ static void __stm_source_link_drop(struct stm_source_device *src,
 	}
 
 	stm_output_free(link, &src->output);
-	/* caller must hold stm::link_lock */
 	list_del_init(&src->link_entry);
 	/* matches stm_find_device() from stm_source_link_store() */
 	stm_put_device(link);
 	rcu_assign_pointer(src->link, NULL);
 
 	spin_unlock(&src->link_lock);
+	spin_unlock(&stm->link_lock);
 }
 
 /**
@@ -825,12 +848,9 @@ static void stm_source_link_drop(struct stm_source_device *src)
 	stm = srcu_dereference(src->link, &stm_source_srcu);
 
 	if (stm) {
-		if (src->data->unlink)
-			src->data->unlink(src->data);
-
-		spin_lock(&stm->link_lock);
+		mutex_lock(&stm->link_mutex);
 		__stm_source_link_drop(src, stm);
-		spin_unlock(&stm->link_lock);
+		mutex_unlock(&stm->link_mutex);
 	}
 
 	srcu_read_unlock(&stm_source_srcu, idx);
diff --git a/drivers/hwtracing/stm/stm.h b/drivers/hwtracing/stm/stm.h
index 95ece0292c99..97ee02241440 100644
--- a/drivers/hwtracing/stm/stm.h
+++ b/drivers/hwtracing/stm/stm.h
@@ -45,6 +45,7 @@ struct stm_device {
 	int			major;
 	unsigned int		sw_nmasters;
 	struct stm_data		*data;
+	struct mutex		link_mutex;
 	spinlock_t		link_lock;
 	struct list_head	link_list;
 	/* master allocation */
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 060/131] stm class: Prevent user-controllable allocations
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (58 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 059/131] stm class: Fix link list locking Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 061/131] stm class: Support devices with multiple instances Greg Kroah-Hartman
                   ` (75 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Sasha Levin, Alexander Shishkin, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit f08b18266c7116e2ec6885dd53a928f580060a71 ]

Currently, the character device write method allocates a temporary buffer
for user's data, but the user's data size is not sanitized and can cause
arbitrarily large allocations via kzalloc() or an integer overflow that
will then result in overwriting kernel memory.

This patch trims the input buffer size to avoid these issues.

Reported-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/hwtracing/stm/core.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/hwtracing/stm/core.c b/drivers/hwtracing/stm/core.c
index f286de2e86af..e4fa583b57a6 100644
--- a/drivers/hwtracing/stm/core.c
+++ b/drivers/hwtracing/stm/core.c
@@ -410,6 +410,9 @@ static ssize_t stm_char_write(struct file *file, const char __user *buf,
 	char *kbuf;
 	int err;
 
+	if (count + 1 > PAGE_SIZE)
+		count = PAGE_SIZE - 1;
+
 	/*
 	 * if no m/c have been assigned to this writer up to this
 	 * point, use "default" policy entry
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 061/131] stm class: Support devices with multiple instances
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (59 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 060/131] stm class: Prevent user-controllable allocations Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 062/131] stm class: Fix unlocking braino in the error path Greg Kroah-Hartman
                   ` (74 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Chunyan Zhang, Alexander Shishkin,
	Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit 59be422e4ce10e3d49d4c9407a80fab8a9b7bc84 ]

By convention, the name of the stm policy directory in configfs consists of
the device name to which it applies and the actual policy name, separated
by a dot. Now, some devices already have dots in their names that separate
name of the actual device from its instance identifier. Such devices will
result in two (or more, who can tell) dots in the policy directory name.

Existing policy code, however, will treat the first dot as the one that
separates device name from policy name, therefore failing the above case.

This patch makes the last dot in the directory name be the separator, thus
prohibiting dots from being used in policy names.

Suggested-by: Chunyan Zhang <zhang.chunyan@linaro.org>
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/hwtracing/stm/policy.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/drivers/hwtracing/stm/policy.c b/drivers/hwtracing/stm/policy.c
index 94d3abfb737a..1db189657b2b 100644
--- a/drivers/hwtracing/stm/policy.c
+++ b/drivers/hwtracing/stm/policy.c
@@ -332,10 +332,11 @@ stp_policies_make(struct config_group *group, const char *name)
 
 	/*
 	 * node must look like <device_name>.<policy_name>, where
-	 * <device_name> is the name of an existing stm device and
-	 * <policy_name> is an arbitrary string
+	 * <device_name> is the name of an existing stm device; may
+	 *               contain dots;
+	 * <policy_name> is an arbitrary string; may not contain dots
 	 */
-	p = strchr(devname, '.');
+	p = strrchr(devname, '.');
 	if (!p) {
 		kfree(devname);
 		return ERR_PTR(-EINVAL);
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 062/131] stm class: Fix unlocking braino in the error path
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (60 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 061/131] stm class: Support devices with multiple instances Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 063/131] stm class: Guard output assignment against concurrency Greg Kroah-Hartman
                   ` (73 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Laurent Fert, Alexander Shishkin,
	Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit 1810f2c44817c74ca3d05d1e3981e3a2e2ceb6f5 ]

If an illegal attempt is made to unlink stm source device from an
stm device, the stm device's link spinlock mistakenly remains locked.
While this really shouldn't happen (there's a warning in place), the
locking should remain in order so that we can still recover from this
situation if it indeed does happen.

This patch unifies the unlocking in the exit path of
__stm_source_link_drop() to fix this.

Reported-by: Laurent Fert <laurent.fert@intel.com>
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/hwtracing/stm/core.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/drivers/hwtracing/stm/core.c b/drivers/hwtracing/stm/core.c
index e4fa583b57a6..d4deac108578 100644
--- a/drivers/hwtracing/stm/core.c
+++ b/drivers/hwtracing/stm/core.c
@@ -817,10 +817,8 @@ static void __stm_source_link_drop(struct stm_source_device *src,
 	spin_lock(&stm->link_lock);
 	spin_lock(&src->link_lock);
 	link = srcu_dereference_check(src->link, &stm_source_srcu, 1);
-	if (WARN_ON_ONCE(link != stm)) {
-		spin_unlock(&src->link_lock);
-		return;
-	}
+	if (WARN_ON_ONCE(link != stm))
+		goto unlock;
 
 	stm_output_free(link, &src->output);
 	list_del_init(&src->link_entry);
@@ -828,6 +826,7 @@ static void __stm_source_link_drop(struct stm_source_device *src,
 	stm_put_device(link);
 	rcu_assign_pointer(src->link, NULL);
 
+unlock:
 	spin_unlock(&src->link_lock);
 	spin_unlock(&stm->link_lock);
 }
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 063/131] stm class: Guard output assignment against concurrency
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (61 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 062/131] stm class: Fix unlocking braino in the error path Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 064/131] stm class: Fix unbalanced module/device refcounting Greg Kroah-Hartman
                   ` (72 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alexander Shishkin, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit cde4ad8368840e414ecf67db258fe1dabaa5fd2e ]

It is possible to concurrently assign the same output (a character
device writer or an stm_source device) to different stm devices,
which sets off a strategically placed warning in stm_output_assign().

To avoid this, use a spinlock to serialize (un)assignments between
outputs and stm devices.

Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/hwtracing/stm/core.c | 17 +++++++++++++++++
 drivers/hwtracing/stm/stm.h  |  1 +
 2 files changed, 18 insertions(+)

diff --git a/drivers/hwtracing/stm/core.c b/drivers/hwtracing/stm/core.c
index d4deac108578..f8e46c38b565 100644
--- a/drivers/hwtracing/stm/core.c
+++ b/drivers/hwtracing/stm/core.c
@@ -186,6 +186,9 @@ static void stm_output_claim(struct stm_device *stm, struct stm_output *output)
 {
 	struct stp_master *master = stm_master(stm, output->master);
 
+	lockdep_assert_held(&stm->mc_lock);
+	lockdep_assert_held(&output->lock);
+
 	if (WARN_ON_ONCE(master->nr_free < output->nr_chans))
 		return;
 
@@ -200,6 +203,9 @@ stm_output_disclaim(struct stm_device *stm, struct stm_output *output)
 {
 	struct stp_master *master = stm_master(stm, output->master);
 
+	lockdep_assert_held(&stm->mc_lock);
+	lockdep_assert_held(&output->lock);
+
 	bitmap_release_region(&master->chan_map[0], output->channel,
 			      ilog2(output->nr_chans));
 
@@ -292,6 +298,7 @@ static int stm_output_assign(struct stm_device *stm, unsigned int width,
 	}
 
 	spin_lock(&stm->mc_lock);
+	spin_lock(&output->lock);
 	/* output is already assigned -- shouldn't happen */
 	if (WARN_ON_ONCE(output->nr_chans))
 		goto unlock;
@@ -308,6 +315,7 @@ static int stm_output_assign(struct stm_device *stm, unsigned int width,
 
 	ret = 0;
 unlock:
+	spin_unlock(&output->lock);
 	spin_unlock(&stm->mc_lock);
 
 	return ret;
@@ -316,11 +324,18 @@ static int stm_output_assign(struct stm_device *stm, unsigned int width,
 static void stm_output_free(struct stm_device *stm, struct stm_output *output)
 {
 	spin_lock(&stm->mc_lock);
+	spin_lock(&output->lock);
 	if (output->nr_chans)
 		stm_output_disclaim(stm, output);
+	spin_unlock(&output->lock);
 	spin_unlock(&stm->mc_lock);
 }
 
+static void stm_output_init(struct stm_output *output)
+{
+	spin_lock_init(&output->lock);
+}
+
 static int major_match(struct device *dev, const void *data)
 {
 	unsigned int major = *(unsigned int *)data;
@@ -343,6 +358,7 @@ static int stm_char_open(struct inode *inode, struct file *file)
 	if (!stmf)
 		return -ENOMEM;
 
+	stm_output_init(&stmf->output);
 	stmf->stm = to_stm_device(dev);
 
 	if (!try_module_get(stmf->stm->owner))
@@ -953,6 +969,7 @@ int stm_source_register_device(struct device *parent,
 	if (err)
 		goto err;
 
+	stm_output_init(&src->output);
 	spin_lock_init(&src->link_lock);
 	INIT_LIST_HEAD(&src->link_entry);
 	src->data = data;
diff --git a/drivers/hwtracing/stm/stm.h b/drivers/hwtracing/stm/stm.h
index 97ee02241440..4e8c6926260f 100644
--- a/drivers/hwtracing/stm/stm.h
+++ b/drivers/hwtracing/stm/stm.h
@@ -57,6 +57,7 @@ struct stm_device {
 	container_of((_d), struct stm_device, dev)
 
 struct stm_output {
+	spinlock_t		lock;
 	unsigned int		master;
 	unsigned int		channel;
 	unsigned int		nr_chans;
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 064/131] stm class: Fix unbalanced module/device refcounting
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (62 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 063/131] stm class: Guard output assignment against concurrency Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 065/131] stm class: Fix a race in unlinking Greg Kroah-Hartman
                   ` (71 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alexander Shishkin, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit f7c81c7176c72c7899390754b4b038a64b296e4d ]

STM code takes references to the stm device and its module for the
duration of the character device's existence or the stm_source link.
Dropping these references is not well balanced everywhere, which may
lead to leaks.

This patch balances the acquisition and releasing of these two
references and annotates each site so that it's easier to verify
correctness by reading the code.

Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/hwtracing/stm/core.c | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/drivers/hwtracing/stm/core.c b/drivers/hwtracing/stm/core.c
index f8e46c38b565..cdc692d6cedd 100644
--- a/drivers/hwtracing/stm/core.c
+++ b/drivers/hwtracing/stm/core.c
@@ -114,6 +114,7 @@ struct stm_device *stm_find_device(const char *buf)
 
 	stm = to_stm_device(dev);
 	if (!try_module_get(stm->owner)) {
+		/* matches class_find_device() above */
 		put_device(dev);
 		return NULL;
 	}
@@ -126,7 +127,7 @@ struct stm_device *stm_find_device(const char *buf)
  * @stm:	stm device, previously acquired by stm_find_device()
  *
  * This drops the module reference and device reference taken by
- * stm_find_device().
+ * stm_find_device() or stm_char_open().
  */
 void stm_put_device(struct stm_device *stm)
 {
@@ -369,6 +370,8 @@ static int stm_char_open(struct inode *inode, struct file *file)
 	return nonseekable_open(inode, file);
 
 err_free:
+	/* matches class_find_device() above */
+	put_device(dev);
 	kfree(stmf);
 
 	return err;
@@ -379,6 +382,11 @@ static int stm_char_release(struct inode *inode, struct file *file)
 	struct stm_file *stmf = file->private_data;
 
 	stm_output_free(stmf->stm, &stmf->output);
+
+	/*
+	 * matches the stm_char_open()'s
+	 * class_find_device() + try_module_get()
+	 */
 	stm_put_device(stmf->stm);
 	kfree(stmf);
 
@@ -540,10 +548,8 @@ static int stm_char_policy_set_ioctl(struct stm_file *stmf, void __user *arg)
 		ret = stm->data->link(stm->data, stmf->output.master,
 				      stmf->output.channel);
 
-	if (ret) {
+	if (ret)
 		stm_output_free(stmf->stm, &stmf->output);
-		stm_put_device(stmf->stm);
-	}
 
 err_free:
 	kfree(id);
@@ -680,6 +686,7 @@ int stm_register_device(struct device *parent, struct stm_data *stm_data,
 	return 0;
 
 err_device:
+	/* matches device_initialize() above */
 	put_device(&stm->dev);
 err_free:
 	vfree(stm);
@@ -792,7 +799,6 @@ static int stm_source_link_add(struct stm_source_device *src,
 
 fail_free_output:
 	stm_output_free(stm, &src->output);
-	stm_put_device(stm);
 
 fail_detach:
 	mutex_lock(&stm->link_mutex);
@@ -906,8 +912,10 @@ static ssize_t stm_source_link_store(struct device *dev,
 		return -EINVAL;
 
 	err = stm_source_link_add(src, link);
-	if (err)
+	if (err) {
+		/* matches the stm_find_device() above */
 		stm_put_device(link);
+	}
 
 	return err ? : count;
 }
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 065/131] stm class: Fix a race in unlinking
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (63 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 064/131] stm class: Fix unbalanced module/device refcounting Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 066/131] coresight: "DEVICE_ATTR_RO" should defined as static Greg Kroah-Hartman
                   ` (70 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alexander Shishkin, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit b4ca34aaf78ed0cdfc15956d377064104257a437 ]

There is a window in stm_source_link_drop(), during which the source's
link may change before locks are acquired. When this happens, it throws
a warning, since this is not an expected scenario.

This patch handles the race in such a way that if the link appears to
have changed by the time we took the locks, it will release them and
repeat the whole unlinking procedure from the beginning, unless the
other contender beat us to it.

Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/hwtracing/stm/core.c | 54 ++++++++++++++++++++++++++++--------
 1 file changed, 42 insertions(+), 12 deletions(-)

diff --git a/drivers/hwtracing/stm/core.c b/drivers/hwtracing/stm/core.c
index cdc692d6cedd..03b34dcff7f2 100644
--- a/drivers/hwtracing/stm/core.c
+++ b/drivers/hwtracing/stm/core.c
@@ -695,18 +695,26 @@ int stm_register_device(struct device *parent, struct stm_data *stm_data,
 }
 EXPORT_SYMBOL_GPL(stm_register_device);
 
-static void __stm_source_link_drop(struct stm_source_device *src,
-				   struct stm_device *stm);
+static int __stm_source_link_drop(struct stm_source_device *src,
+				  struct stm_device *stm);
 
 void stm_unregister_device(struct stm_data *stm_data)
 {
 	struct stm_device *stm = stm_data->stm;
 	struct stm_source_device *src, *iter;
-	int i;
+	int i, ret;
 
 	mutex_lock(&stm->link_mutex);
 	list_for_each_entry_safe(src, iter, &stm->link_list, link_entry) {
-		__stm_source_link_drop(src, stm);
+		ret = __stm_source_link_drop(src, stm);
+		/*
+		 * src <-> stm link must not change under the same
+		 * stm::link_mutex, so complain loudly if it has;
+		 * also in this situation ret!=0 means this src is
+		 * not connected to this stm and it should be otherwise
+		 * safe to proceed with the tear-down of stm.
+		 */
+		WARN_ON_ONCE(ret);
 	}
 	mutex_unlock(&stm->link_mutex);
 
@@ -825,22 +833,28 @@ static int stm_source_link_add(struct stm_source_device *src,
  *
  * Caller must hold stm::link_mutex.
  */
-static void __stm_source_link_drop(struct stm_source_device *src,
-				   struct stm_device *stm)
+static int __stm_source_link_drop(struct stm_source_device *src,
+				  struct stm_device *stm)
 {
 	struct stm_device *link;
+	int ret = 0;
 
 	lockdep_assert_held(&stm->link_mutex);
 
-	if (src->data->unlink)
-		src->data->unlink(src->data);
-
 	/* for stm::link_list modification, we hold both mutex and spinlock */
 	spin_lock(&stm->link_lock);
 	spin_lock(&src->link_lock);
 	link = srcu_dereference_check(src->link, &stm_source_srcu, 1);
-	if (WARN_ON_ONCE(link != stm))
+
+	/*
+	 * The linked device may have changed since we last looked, because
+	 * we weren't holding the src::link_lock back then; if this is the
+	 * case, tell the caller to retry.
+	 */
+	if (link != stm) {
+		ret = -EAGAIN;
 		goto unlock;
+	}
 
 	stm_output_free(link, &src->output);
 	list_del_init(&src->link_entry);
@@ -851,6 +865,11 @@ static void __stm_source_link_drop(struct stm_source_device *src,
 unlock:
 	spin_unlock(&src->link_lock);
 	spin_unlock(&stm->link_lock);
+
+	if (!ret && src->data->unlink)
+		src->data->unlink(src->data);
+
+	return ret;
 }
 
 /**
@@ -866,18 +885,29 @@ static void __stm_source_link_drop(struct stm_source_device *src,
 static void stm_source_link_drop(struct stm_source_device *src)
 {
 	struct stm_device *stm;
-	int idx;
+	int idx, ret;
 
+retry:
 	idx = srcu_read_lock(&stm_source_srcu);
+	/*
+	 * The stm device will be valid for the duration of this
+	 * read section, but the link may change before we grab
+	 * the src::link_lock in __stm_source_link_drop().
+	 */
 	stm = srcu_dereference(src->link, &stm_source_srcu);
 
+	ret = 0;
 	if (stm) {
 		mutex_lock(&stm->link_mutex);
-		__stm_source_link_drop(src, stm);
+		ret = __stm_source_link_drop(src, stm);
 		mutex_unlock(&stm->link_mutex);
 	}
 
 	srcu_read_unlock(&stm_source_srcu, idx);
+
+	/* if it did change, retry */
+	if (ret == -EAGAIN)
+		goto retry;
 }
 
 static ssize_t stm_source_link_show(struct device *dev,
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 066/131] coresight: "DEVICE_ATTR_RO" should defined as static.
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (64 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 065/131] stm class: Fix a race in unlinking Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 067/131] coresight: etm4x: Check every parameter used by dma_xx_coherent Greg Kroah-Hartman
                   ` (69 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Eric Long, Mathieu Poirier, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit bf16e5b8cdeabc1fe6565af0be475bb2084dc388 ]

"DEVICE_ATTR_RO(name)" should be defined as static. And
there is an unnecessary space at the front of the code.

The sparse tool output logs as the following:
coresight-etm4x.c:2224:1: warning: symbol 'dev_attr_trcoslsr' was
not declared. Should it be static?
coresight-etm4x.c:2225:1: warning: symbol 'dev_attr_trcpdcr' was
not declared. Should it be static?
coresight-etm4x.c:2226:1: warning: symbol 'dev_attr_trcpdsr' was
not declared. Should it be static?
And the smatch tool output logs as the following:
of_coresight.c:89 of_coresight_alloc_memory() warn:
inconsistent indenting

Signed-off-by: Eric Long <eric.long@linaro.org>
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/hwtracing/coresight/coresight-etm4x.c | 2 +-
 drivers/hwtracing/coresight/of_coresight.c    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/hwtracing/coresight/coresight-etm4x.c b/drivers/hwtracing/coresight/coresight-etm4x.c
index a6707642bb23..1ec6798b21e8 100644
--- a/drivers/hwtracing/coresight/coresight-etm4x.c
+++ b/drivers/hwtracing/coresight/coresight-etm4x.c
@@ -2219,7 +2219,7 @@ static ssize_t name##_show(struct device *_dev,				\
 	return scnprintf(buf, PAGE_SIZE, "0x%x\n",			\
 			 readl_relaxed(drvdata->base + offset));	\
 }									\
-DEVICE_ATTR_RO(name)
+static DEVICE_ATTR_RO(name)
 
 coresight_simple_func(trcoslsr, TRCOSLSR);
 coresight_simple_func(trcpdcr, TRCPDCR);
diff --git a/drivers/hwtracing/coresight/of_coresight.c b/drivers/hwtracing/coresight/of_coresight.c
index 7d2bb1549608..fb7597b1c66f 100644
--- a/drivers/hwtracing/coresight/of_coresight.c
+++ b/drivers/hwtracing/coresight/of_coresight.c
@@ -86,7 +86,7 @@ static int of_coresight_alloc_memory(struct device *dev,
 		return -ENOMEM;
 
 	/* Children connected to this component via @outports */
-	 pdata->child_names = devm_kzalloc(dev, pdata->nr_outport *
+	pdata->child_names = devm_kzalloc(dev, pdata->nr_outport *
 					  sizeof(*pdata->child_names),
 					  GFP_KERNEL);
 	if (!pdata->child_names)
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 067/131] coresight: etm4x: Check every parameter used by dma_xx_coherent.
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (65 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 066/131] coresight: "DEVICE_ATTR_RO" should defined as static Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 068/131] asm-generic: Fix local variable shadow in __set_fixmap_offset Greg Kroah-Hartman
                   ` (68 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Eric Long, Mathieu Poirier, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit 61390593f72377c3a8f41ef998462e2d3985adac ]

The dma_alloc_coherent return an "void *" not an "void __iomen *".
It uses the wrong parameters when calls dma_free_coherent function.

The sparse tool output logs as the following:
coresight-tmc.c:199:23:    expected void *<noident>
coresight-tmc.c:199:23:    got void [noderef] <asn:2>*vaddr
coresight-tmc.c:336:30: warning: incorrect type in assignment
(different address spaces)
coresight-tmc.c:336:30:    expected char *buf
coresight-tmc.c:336:30:    got void [noderef] <asn:2>*
coresight-tmc.c:769:50: warning: incorrect type in argument 4
(different base types)
coresight-tmc.c:769:50:    expected unsigned long long
[unsigned] [usertype] dma_handle
coresight-tmc.c:769:50:    got restricted gfp_t

Signed-off-by: Eric Long <eric.long@linaro.org>
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/hwtracing/coresight/coresight-tmc.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/hwtracing/coresight/coresight-tmc.c b/drivers/hwtracing/coresight/coresight-tmc.c
index a57c7ec1661f..62f9d7372e3a 100644
--- a/drivers/hwtracing/coresight/coresight-tmc.c
+++ b/drivers/hwtracing/coresight/coresight-tmc.c
@@ -124,7 +124,7 @@ struct tmc_drvdata {
 	bool			reading;
 	char			*buf;
 	dma_addr_t		paddr;
-	void __iomem		*vaddr;
+	void			*vaddr;
 	u32			size;
 	bool			enable;
 	enum tmc_config_type	config_type;
@@ -766,7 +766,7 @@ static int tmc_probe(struct amba_device *adev, const struct amba_id *id)
 err_devm_kzalloc:
 	if (drvdata->config_type == TMC_CONFIG_TYPE_ETR)
 		dma_free_coherent(dev, drvdata->size,
-				&drvdata->paddr, GFP_KERNEL);
+				drvdata->vaddr, drvdata->paddr);
 	return ret;
 }
 
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 068/131] asm-generic: Fix local variable shadow in __set_fixmap_offset
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (66 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 067/131] coresight: etm4x: Check every parameter used by dma_xx_coherent Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 069/131] staging: ashmem: Avoid deadlock with mmap/shrink Greg Kroah-Hartman
                   ` (67 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Mark Rutland, Arnd Bergmann,
	Catalin Marinas, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit 3694bd76781b76c4f8d2ecd85018feeb1609f0e5 ]

Currently __set_fixmap_offset is a macro function which has a local
variable called 'addr'. If a caller passes a 'phys' parameter which is
derived from a variable also called 'addr', the local variable will
shadow this, and the compiler will complain about the use of an
uninitialized variable. To avoid the issue with namespace clashes,
'addr' is prefixed with a liberal sprinkling of underscores.

Turning __set_fixmap_offset into a static inline breaks the build for
several architectures. Fixing this properly requires updates to a number
of architectures to make them agree on the prototype of __set_fixmap (it
could be done as a subsequent patch series).

Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: Arnd Bergmann <arnd@arndb.de>
[catalin.marinas@arm.com: squashed the original function patch and macro fixup]
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 include/asm-generic/fixmap.h | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/include/asm-generic/fixmap.h b/include/asm-generic/fixmap.h
index 1cbb8338edf3..827e4d3bbc7a 100644
--- a/include/asm-generic/fixmap.h
+++ b/include/asm-generic/fixmap.h
@@ -70,12 +70,12 @@ static inline unsigned long virt_to_fix(const unsigned long vaddr)
 #endif
 
 /* Return a pointer with offset calculated */
-#define __set_fixmap_offset(idx, phys, flags)		      \
-({							      \
-	unsigned long addr;				      \
-	__set_fixmap(idx, phys, flags);			      \
-	addr = fix_to_virt(idx) + ((phys) & (PAGE_SIZE - 1)); \
-	addr;						      \
+#define __set_fixmap_offset(idx, phys, flags)				\
+({									\
+	unsigned long ________addr;					\
+	__set_fixmap(idx, phys, flags);					\
+	________addr = fix_to_virt(idx) + ((phys) & (PAGE_SIZE - 1));	\
+	________addr;							\
 })
 
 #define set_fixmap_offset(idx, phys) \
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 069/131] staging: ashmem: Avoid deadlock with mmap/shrink
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (67 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 068/131] asm-generic: Fix local variable shadow in __set_fixmap_offset Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 070/131] staging: ashmem: Add missing include Greg Kroah-Hartman
                   ` (66 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Android Kernel Team, Matt Wagantall,
	Syed Rameez Mustafa, Osvaldo Banuelos, Subbaraman Narayanamurthy,
	Laura Abbott, John Stultz, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit 18e77054de741ef3ed2a2489bc9bf82a318b2d5e ]

Both ashmem_mmap and ashmem_shrink take the ashmem_lock. It may
be possible for ashmem_mmap to invoke ashmem_shrink:

-000|mutex_lock(lock = 0x0)
-001|ashmem_shrink(?, sc = 0x0) <--- try to take ashmem_mutex again
-002|shrink_slab(shrink = 0xDA5F1CC0, nr_pages_scanned = 0, lru_pages
-002|=
-002|124)
-003|try_to_free_pages(zonelist = 0x0, ?, ?, ?)
-004|__alloc_pages_nodemask(gfp_mask = 21200, order = 1, zonelist =
-004|0xC11D0940,
-005|new_slab(s = 0xE4841E80, ?, node = -1)
-006|__slab_alloc.isra.43.constprop.50(s = 0xE4841E80, gfpflags =
-006|2148925462, ad
-007|kmem_cache_alloc(s = 0xE4841E80, gfpflags = 208)
-008|shmem_alloc_inode(?)
-009|alloc_inode(sb = 0xE480E800)
-010|new_inode_pseudo(?)
-011|new_inode(?)
-012|shmem_get_inode(sb = 0xE480E800, dir = 0x0, ?, dev = 0, flags =
-012|187)
-013|shmem_file_setup(?, ?, flags = 187)
-014|ashmem_mmap(?, vma = 0xC5D64210) <---- Acquire ashmem_mutex
-015|mmap_region(file = 0xDF8E2C00, addr = 1772974080, len = 233472,
-015|flags = 57,
-016|sys_mmap_pgoff(addr = 0, len = 230400, prot = 3, flags = 1, fd =
-016|157, pgoff
-017|ret_fast_syscall(asm)
-->|exception
-018|NUR:0x40097508(asm)
---|end of frame

Avoid this deadlock by using mutex_trylock in ashmem_shrink; if the mutex
is already held, do not attempt to shrink.

Cc: Greg KH <gregkh@linuxfoundation.org>
Cc: Android Kernel Team <kernel-team@android.com>
Reported-by: Matt Wagantall <mattw@codeaurora.org>
Reported-by: Syed Rameez Mustafa <rameezmustafa@codeaurora.org>
Reported-by: Osvaldo Banuelos <osvaldob@codeaurora.org>
Reported-by: Subbaraman Narayanamurthy <subbaram@codeaurora.org>
Signed-off-by: Laura Abbott <lauraa@codeaurora.org>
[jstultz: Minor commit message tweaks]
Signed-off-by: John Stultz <john.stultz@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/staging/android/ashmem.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/staging/android/ashmem.c b/drivers/staging/android/ashmem.c
index e9c74c41aece..b4c425383f99 100644
--- a/drivers/staging/android/ashmem.c
+++ b/drivers/staging/android/ashmem.c
@@ -447,7 +447,9 @@ ashmem_shrink_scan(struct shrinker *shrink, struct shrink_control *sc)
 	if (!(sc->gfp_mask & __GFP_FS))
 		return SHRINK_STOP;
 
-	mutex_lock(&ashmem_mutex);
+	if (!mutex_trylock(&ashmem_mutex))
+		return -1;
+
 	list_for_each_entry_safe(range, next, &ashmem_lru_list, lru) {
 		loff_t start = range->pgstart * PAGE_SIZE;
 		loff_t end = (range->pgend + 1) * PAGE_SIZE;
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 070/131] staging: ashmem: Add missing include
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (68 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 069/131] staging: ashmem: Avoid deadlock with mmap/shrink Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 071/131] staging: ion: Set minimum carveout heap allocation order to PAGE_SHIFT Greg Kroah-Hartman
                   ` (65 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Android Kernel Team, Rom Lemarchand,
	John Stultz, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit 90a2f171383b5ae43b33ab4d9d566b9765622ac7 ]

Include <linux/types.h> into ashmem.h to ensure referenced types
are defined

Cc: Android Kernel Team <kernel-team@android.com>
Cc: Greg KH <gregkh@linuxfoundation.org>
Signed-off-by: Rom Lemarchand <romlem@android.com>
[jstultz: Minor commit message tweaks]
Signed-off-by: John Stultz <john.stultz@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/staging/android/uapi/ashmem.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/staging/android/uapi/ashmem.h b/drivers/staging/android/uapi/ashmem.h
index ba4743c71d6b..13df42d200b7 100644
--- a/drivers/staging/android/uapi/ashmem.h
+++ b/drivers/staging/android/uapi/ashmem.h
@@ -13,6 +13,7 @@
 #define _UAPI_LINUX_ASHMEM_H
 
 #include <linux/ioctl.h>
+#include <linux/types.h>
 
 #define ASHMEM_NAME_LEN		256
 
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 071/131] staging: ion: Set minimum carveout heap allocation order to PAGE_SHIFT
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (69 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 070/131] staging: ashmem: Add missing include Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 072/131] staging: goldfish: audio: fix compiliation on arm Greg Kroah-Hartman
                   ` (64 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, sprd-ind-kernel-group, sanjeev.yadav,
	Colin Cross, Android Kernel Team, Sumit Semwal, Rajmal Menariya,
	John Stultz, Laura Abbott, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit 1328d8efef17d5e16bd6e9cfe59130a833674534 ]

In carveout heap, change minimum allocation order from 12 to
PAGE_SHIFT. After this change each bit in bitmap (genalloc -
General purpose special memory pool) represents one page size
memory.

Cc: sprd-ind-kernel-group@googlegroups.com
Cc: sanjeev.yadav@spreadtrum.com
Cc: Colin Cross <ccross@android.com>
Cc: Android Kernel Team <kernel-team@android.com>
Cc: Greg KH <gregkh@linuxfoundation.org>
Cc: Sumit Semwal <sumit.semwal@linaro.org>
Signed-off-by: Rajmal Menariya <rajmal.menariya@spreadtrum.com>
[jstultz: Reworked commit message]
Signed-off-by: John Stultz <john.stultz@linaro.org>
Acked-by: Laura Abbott <labbott@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/staging/android/ion/ion_carveout_heap.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/staging/android/ion/ion_carveout_heap.c b/drivers/staging/android/ion/ion_carveout_heap.c
index 9156d8238c97..e702ce6461fc 100644
--- a/drivers/staging/android/ion/ion_carveout_heap.c
+++ b/drivers/staging/android/ion/ion_carveout_heap.c
@@ -167,7 +167,7 @@ struct ion_heap *ion_carveout_heap_create(struct ion_platform_heap *heap_data)
 	if (!carveout_heap)
 		return ERR_PTR(-ENOMEM);
 
-	carveout_heap->pool = gen_pool_create(12, -1);
+	carveout_heap->pool = gen_pool_create(PAGE_SHIFT, -1);
 	if (!carveout_heap->pool) {
 		kfree(carveout_heap);
 		return ERR_PTR(-ENOMEM);
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 072/131] staging: goldfish: audio: fix compiliation on arm
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (70 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 071/131] staging: ion: Set minimum carveout heap allocation order to PAGE_SHIFT Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 073/131] ARM: 8510/1: rework ARM_CPU_SUSPEND dependencies Greg Kroah-Hartman
                   ` (63 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Greg Hackmann, Jin Qian, Alan, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit 4532150762ceb0d6fd765ebcb3ba6966fbb8faab ]

We do actually need slab.h, by luck we get it on other platforms but not
always on ARM. Include it properly.

Signed-off-by: Greg Hackmann <ghackmann@google.com>
Signed-off-by: Jin Qian <jinqian@android.com>
Signed-off-by: Alan <alan@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/staging/goldfish/goldfish_audio.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/staging/goldfish/goldfish_audio.c b/drivers/staging/goldfish/goldfish_audio.c
index b0927e49d0a8..6ca288bf4059 100644
--- a/drivers/staging/goldfish/goldfish_audio.c
+++ b/drivers/staging/goldfish/goldfish_audio.c
@@ -26,6 +26,7 @@
 #include <linux/sched.h>
 #include <linux/dma-mapping.h>
 #include <linux/uaccess.h>
+#include <linux/slab.h>
 #include <linux/goldfish.h>
 
 MODULE_AUTHOR("Google, Inc.");
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 073/131] ARM: 8510/1: rework ARM_CPU_SUSPEND dependencies
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (71 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 072/131] staging: goldfish: audio: fix compiliation on arm Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 074/131] arm64/kernel: fix incorrect EL0 check in inv_entry macro Greg Kroah-Hartman
                   ` (62 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Lorenzo Pieralisi, Nicolas Pitre,
	Russell King, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit 1b9bdf5c1661873a10e193b8cbb803a87fe5c4a1 ]

The code enabled by the ARM_CPU_SUSPEND config option is used by
kernel subsystems for purposes that go beyond system suspend so its
config entry should be augmented to take more default options into
account and avoid forcing its selection to prevent dependencies
override.

To achieve this goal, this patch reworks the ARM_CPU_SUSPEND config
entry and updates its default config value (by adding the BL_SWITCHER
option to it) and its dependencies (ARCH_SUSPEND_POSSIBLE), so that the
symbol is still selected by default by the subsystems requiring it and
at the same time enforcing the dependencies correctly.

Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Cc: Nicolas Pitre <nico@fluxnic.net>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm/Kconfig | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index 4cc908ee107f..737c8b0dda84 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -1423,7 +1423,6 @@ config BIG_LITTLE
 config BL_SWITCHER
 	bool "big.LITTLE switcher support"
 	depends on BIG_LITTLE && MCPM && HOTPLUG_CPU && ARM_GIC
-	select ARM_CPU_SUSPEND
 	select CPU_PM
 	help
 	  The big.LITTLE "switcher" provides the core functionality to
@@ -2141,7 +2140,8 @@ config ARCH_SUSPEND_POSSIBLE
 	def_bool y
 
 config ARM_CPU_SUSPEND
-	def_bool PM_SLEEP
+	def_bool PM_SLEEP || BL_SWITCHER
+	depends on ARCH_SUSPEND_POSSIBLE
 
 config ARCH_HIBERNATION_POSSIBLE
 	bool
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 074/131] arm64/kernel: fix incorrect EL0 check in inv_entry macro
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (72 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 073/131] ARM: 8510/1: rework ARM_CPU_SUSPEND dependencies Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 075/131] =?UTF-8?q?mac80211:=20fix=20"warning:=20=E2=80=98target=5Fmetric?= =?UTF-8?q?=E2=80=99=20may=20be=20used=20uninitialized"?= Greg Kroah-Hartman
                   ` (61 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Ard Biesheuvel, Catalin Marinas, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit b660950c60a7278f9d8deb7c32a162031207c758 ]

The implementation of macro inv_entry refers to its 'el' argument without
the required leading backslash, which results in an undefined symbol
'el' to be passed into the kernel_entry macro rather than the index of
the exception level as intended.

This undefined symbol strangely enough does not result in build failures,
although it is visible in vmlinux:

     $ nm -n vmlinux |head
                      U el
     0000000000000000 A _kernel_flags_le_hi32
     0000000000000000 A _kernel_offset_le_hi32
     0000000000000000 A _kernel_size_le_hi32
     000000000000000a A _kernel_flags_le_lo32
     .....

However, it does result in incorrect code being generated for invalid
exceptions taken from EL0, since the argument check in kernel_entry
assumes EL1 if its argument does not equal '0'.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm64/kernel/entry.S | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S
index 3028d9b028c7..586326981769 100644
--- a/arch/arm64/kernel/entry.S
+++ b/arch/arm64/kernel/entry.S
@@ -243,7 +243,7 @@ END(vectors)
  * Invalid mode handlers
  */
 	.macro	inv_entry, el, reason, regsize = 64
-	kernel_entry el, \regsize
+	kernel_entry \el, \regsize
 	mov	x0, sp
 	mov	x1, #\reason
 	mrs	x2, esr_el1
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 075/131] =?UTF-8?q?mac80211:=20fix=20"warning:=20=E2=80=98target=5Fmetric?= =?UTF-8?q?=E2=80=99=20may=20be=20used=20uninitialized"?=
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (73 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 074/131] arm64/kernel: fix incorrect EL0 check in inv_entry macro Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 076/131] perf/ring_buffer: Refuse to begin AUX transaction after rb->aux_mmap_count drops Greg Kroah-Hartman
                   ` (60 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jeff Mahoney, Johannes Berg, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit b4201cc4fc6e1c57d6d306b1f787865043d60129 ]

This fixes:

net/mac80211/mesh_hwmp.c:603:26: warning: ‘target_metric’ may be used uninitialized in this function

target_metric is only consumed when reply = true so no bug exists here,
but not all versions of gcc realize it.  Initialize to 0 to remove the
warning.

Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/mac80211/mesh_hwmp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/mac80211/mesh_hwmp.c b/net/mac80211/mesh_hwmp.c
index 33d5271a9e32..466922f09d04 100644
--- a/net/mac80211/mesh_hwmp.c
+++ b/net/mac80211/mesh_hwmp.c
@@ -530,7 +530,7 @@ static void hwmp_preq_frame_process(struct ieee80211_sub_if_data *sdata,
 	const u8 *target_addr, *orig_addr;
 	const u8 *da;
 	u8 target_flags, ttl, flags;
-	u32 orig_sn, target_sn, lifetime, target_metric;
+	u32 orig_sn, target_sn, lifetime, target_metric = 0;
 	bool reply = false;
 	bool forward = true;
 	bool root_is_gate;
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 076/131] perf/ring_buffer: Refuse to begin AUX transaction after rb->aux_mmap_count drops
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (74 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 075/131] =?UTF-8?q?mac80211:=20fix=20"warning:=20=E2=80=98target=5Fmetric?= =?UTF-8?q?=E2=80=99=20may=20be=20used=20uninitialized"?= Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 077/131] arm64: kernel: Include _AC definition in page.h Greg Kroah-Hartman
                   ` (59 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Alexander Shishkin,
	Peter Zijlstra (Intel),
	Arnaldo Carvalho de Melo, Arnaldo Carvalho de Melo, Jiri Olsa,
	Linus Torvalds, Stephane Eranian, Thomas Gleixner, Vince Weaver,
	vince, Ingo Molnar, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit dcb10a967ce82d5ad20570693091139ae716ff76 ]

When ring buffer's AUX area is unmapped and rb->aux_mmap_count drops to
zero, new AUX transactions into this buffer can still be started,
even though the buffer in en route to deallocation.

This patch adds a check to perf_aux_output_begin() for rb->aux_mmap_count
being zero, in which case there is no point starting new transactions,
in other words, the ring buffers that pass a certain point in
perf_mmap_close will not have their events sending new data, which
clears path for freeing those buffers' pages right there and then,
provided that no active transactions are holding the AUX reference.

Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Arnaldo Carvalho de Melo <acme@infradead.org>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephane Eranian <eranian@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Vince Weaver <vincent.weaver@maine.edu>
Cc: vince@deater.net
Link: http://lkml.kernel.org/r/1457098969-21595-2-git-send-email-alexander.shishkin@linux.intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 kernel/events/ring_buffer.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/kernel/events/ring_buffer.c b/kernel/events/ring_buffer.c
index 94dc6b0763ab..7324d83d6bd8 100644
--- a/kernel/events/ring_buffer.c
+++ b/kernel/events/ring_buffer.c
@@ -288,6 +288,13 @@ void *perf_aux_output_begin(struct perf_output_handle *handle,
 	if (!rb_has_aux(rb) || !atomic_inc_not_zero(&rb->aux_refcount))
 		goto err;
 
+	/*
+	 * If rb::aux_mmap_count is zero (and rb_has_aux() above went through),
+	 * the aux buffer is in perf_mmap_close(), about to get freed.
+	 */
+	if (!atomic_read(&rb->aux_mmap_count))
+		goto err;
+
 	/*
 	 * Nesting is not supported for AUX area, make sure nested
 	 * writers are caught early
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 077/131] arm64: kernel: Include _AC definition in page.h
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (75 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 076/131] perf/ring_buffer: Refuse to begin AUX transaction after rb->aux_mmap_count drops Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 078/131] PM / Hibernate: Call flush_icache_range() on pages restored in-place Greg Kroah-Hartman
                   ` (58 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, James Morse, Mark Rutland,
	Catalin Marinas, Will Deacon, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit 812264550dcba6cdbe84bfac2f27e7d23b5b8733 ]

page.h uses '_AC' in the definition of PAGE_SIZE, but doesn't include
linux/const.h where this is defined. This produces build warnings when only
asm/page.h is included by asm code.

Signed-off-by: James Morse <james.morse@arm.com>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm64/include/asm/page.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/arch/arm64/include/asm/page.h b/arch/arm64/include/asm/page.h
index 9b2f5a9d019d..fbafd0ad16df 100644
--- a/arch/arm64/include/asm/page.h
+++ b/arch/arm64/include/asm/page.h
@@ -19,6 +19,8 @@
 #ifndef __ASM_PAGE_H
 #define __ASM_PAGE_H
 
+#include <linux/const.h>
+
 /* PAGE_SHIFT determines the page size */
 /* CONT_SHIFT determines the number of pages which can be tracked together  */
 #ifdef CONFIG_ARM64_64K_PAGES
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 078/131] PM / Hibernate: Call flush_icache_range() on pages restored in-place
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (76 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 077/131] arm64: kernel: Include _AC definition in page.h Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 20:39   ` Pavel Machek
  2019-04-01 17:02 ` [PATCH 4.4 079/131] stm class: Do not leak the chrdev in error path Greg Kroah-Hartman
                   ` (57 subsequent siblings)
  135 siblings, 1 reply; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, James Morse, Pavel Machek,
	Rafael J. Wysocki, Catalin Marinas, Will Deacon, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit f6cf0545ec697ddc278b7457b7d0c0d86a2ea88e ]

Some architectures require code written to memory as if it were data to be
'cleaned' from any data caches before the processor can fetch them as new
instructions.

During resume from hibernate, the snapshot code copies some pages directly,
meaning these architectures do not get a chance to perform their cache
maintenance. Modify the read and decompress code to call
flush_icache_range() on all pages that are restored, so that the restored
in-place pages are guaranteed to be executable on these architectures.

Signed-off-by: James Morse <james.morse@arm.com>
Acked-by: Pavel Machek <pavel@ucw.cz>
Acked-by: Rafael J. Wysocki <rjw@rjwysocki.net>
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
[will: make clean_pages_on_* static and remove initialisers]
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 kernel/power/swap.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/kernel/power/swap.c b/kernel/power/swap.c
index 12cd989dadf6..160e1006640d 100644
--- a/kernel/power/swap.c
+++ b/kernel/power/swap.c
@@ -36,6 +36,14 @@
 
 #define HIBERNATE_SIG	"S1SUSPEND"
 
+/*
+ * When reading an {un,}compressed image, we may restore pages in place,
+ * in which case some architectures need these pages cleaning before they
+ * can be executed. We don't know which pages these may be, so clean the lot.
+ */
+static bool clean_pages_on_read;
+static bool clean_pages_on_decompress;
+
 /*
  *	The swap map is a data structure used for keeping track of each page
  *	written to a swap partition.  It consists of many swap_map_page
@@ -241,6 +249,9 @@ static void hib_end_io(struct bio *bio)
 
 	if (bio_data_dir(bio) == WRITE)
 		put_page(page);
+	else if (clean_pages_on_read)
+		flush_icache_range((unsigned long)page_address(page),
+				   (unsigned long)page_address(page) + PAGE_SIZE);
 
 	if (bio->bi_error && !hb->error)
 		hb->error = bio->bi_error;
@@ -1049,6 +1060,7 @@ static int load_image(struct swap_map_handle *handle,
 
 	hib_init_batch(&hb);
 
+	clean_pages_on_read = true;
 	printk(KERN_INFO "PM: Loading image data pages (%u pages)...\n",
 		nr_to_read);
 	m = nr_to_read / 10;
@@ -1124,6 +1136,10 @@ static int lzo_decompress_threadfn(void *data)
 		d->unc_len = LZO_UNC_SIZE;
 		d->ret = lzo1x_decompress_safe(d->cmp + LZO_HEADER, d->cmp_len,
 		                               d->unc, &d->unc_len);
+		if (clean_pages_on_decompress)
+			flush_icache_range((unsigned long)d->unc,
+					   (unsigned long)d->unc + d->unc_len);
+
 		atomic_set(&d->stop, 1);
 		wake_up(&d->done);
 	}
@@ -1189,6 +1205,8 @@ static int load_image_lzo(struct swap_map_handle *handle,
 	}
 	memset(crc, 0, offsetof(struct crc_data, go));
 
+	clean_pages_on_decompress = true;
+
 	/*
 	 * Start the decompression threads.
 	 */
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 079/131] stm class: Do not leak the chrdev in error path
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (77 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 078/131] PM / Hibernate: Call flush_icache_range() on pages restored in-place Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 080/131] stm class: Fix stm device initialization order Greg Kroah-Hartman
                   ` (56 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Alan Cox, Alexander Shishkin,
	Laurent Fert, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit cbe4a61d1ddc4790d950ca8c33ef79ee68ef5e2b ]

Currently, the error path of stm_register_device() forgets to unregister
the chrdev. Fix this.

Reported-by: Alan Cox <alan.cox@intel.com>
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Reviewed-by: Laurent Fert <laurent.fert@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/hwtracing/stm/core.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/hwtracing/stm/core.c b/drivers/hwtracing/stm/core.c
index 03b34dcff7f2..0c7f0bae001a 100644
--- a/drivers/hwtracing/stm/core.c
+++ b/drivers/hwtracing/stm/core.c
@@ -686,6 +686,8 @@ int stm_register_device(struct device *parent, struct stm_data *stm_data,
 	return 0;
 
 err_device:
+	unregister_chrdev(stm->major, stm_data->name);
+
 	/* matches device_initialize() above */
 	put_device(&stm->dev);
 err_free:
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 080/131] stm class: Fix stm device initialization order
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (78 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 079/131] stm class: Do not leak the chrdev in error path Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 081/131] ipv6: fix endianness error in icmpv6_err Greg Kroah-Hartman
                   ` (55 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Alan Cox, Alexander Shishkin,
	Laurent Fert, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit 389b6699a2aa0b457aa69986e9ddf39f3b4030fd ]

Currently, stm_register_device() makes the device visible and then
proceeds to initializing spinlocks and other properties, which leaves
a window when the device can already be opened but is not yet fully
operational.

Fix this by reversing the initialization order.

Reported-by: Alan Cox <alan.cox@intel.com>
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Reviewed-by: Laurent Fert <laurent.fert@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/hwtracing/stm/core.c | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/drivers/hwtracing/stm/core.c b/drivers/hwtracing/stm/core.c
index 0c7f0bae001a..b6cc841de79d 100644
--- a/drivers/hwtracing/stm/core.c
+++ b/drivers/hwtracing/stm/core.c
@@ -664,18 +664,11 @@ int stm_register_device(struct device *parent, struct stm_data *stm_data,
 	stm->dev.parent = parent;
 	stm->dev.release = stm_device_release;
 
-	err = kobject_set_name(&stm->dev.kobj, "%s", stm_data->name);
-	if (err)
-		goto err_device;
-
-	err = device_add(&stm->dev);
-	if (err)
-		goto err_device;
-
 	mutex_init(&stm->link_mutex);
 	spin_lock_init(&stm->link_lock);
 	INIT_LIST_HEAD(&stm->link_list);
 
+	/* initialize the object before it is accessible via sysfs */
 	spin_lock_init(&stm->mc_lock);
 	mutex_init(&stm->policy_mutex);
 	stm->sw_nmasters = nmasters;
@@ -683,6 +676,14 @@ int stm_register_device(struct device *parent, struct stm_data *stm_data,
 	stm->data = stm_data;
 	stm_data->stm = stm;
 
+	err = kobject_set_name(&stm->dev.kobj, "%s", stm_data->name);
+	if (err)
+		goto err_device;
+
+	err = device_add(&stm->dev);
+	if (err)
+		goto err_device;
+
 	return 0;
 
 err_device:
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 081/131] ipv6: fix endianness error in icmpv6_err
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (79 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 080/131] stm class: Fix stm device initialization order Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 082/131] usb: gadget: configfs: add mutex lock before unregister gadget Greg Kroah-Hartman
                   ` (54 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Lorenzo Colitti,
	Hannes Frederic Sowa, David S. Miller, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit dcb94b88c09ce82a80e188d49bcffdc83ba215a6 ]

IPv6 ping socket error handler doesn't correctly convert the new 32 bit
mtu to host endianness before using.

Cc: Lorenzo Colitti <lorenzo@google.com>
Fixes: 6d0bfe22611602f ("net: ipv6: Add IPv6 support to the ping socket.")
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Acked-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/ipv6/icmp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
index 0a37ddc7af51..3697cd08c515 100644
--- a/net/ipv6/icmp.c
+++ b/net/ipv6/icmp.c
@@ -98,7 +98,7 @@ static void icmpv6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
 
 	if (!(type & ICMPV6_INFOMSG_MASK))
 		if (icmp6->icmp6_type == ICMPV6_ECHO_REQUEST)
-			ping_err(skb, offset, info);
+			ping_err(skb, offset, ntohl(info));
 }
 
 static int icmpv6_rcv(struct sk_buff *skb);
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 082/131] usb: gadget: configfs: add mutex lock before unregister gadget
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (80 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 081/131] ipv6: fix endianness error in icmpv6_err Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 083/131] usb: gadget: rndis: free response queue during REMOTE_NDIS_RESET_MSG Greg Kroah-Hartman
                   ` (53 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Winter Wang, Felipe Balbi, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit cee51c33f52ebf673a088a428ac0fecc33ab77fa ]

There may be a race condition if f_fs calls unregister_gadget_item in
ffs_closed() when unregister_gadget is called by UDC store at the same time.
this leads to a kernel NULL pointer dereference:

[  310.644928] Unable to handle kernel NULL pointer dereference at virtual address 00000004
[  310.645053] init: Service 'adbd' is being killed...
[  310.658938] pgd = c9528000
[  310.662515] [00000004] *pgd=19451831, *pte=00000000, *ppte=00000000
[  310.669702] Internal error: Oops: 817 [#1] PREEMPT SMP ARM
[  310.675211] Modules linked in:
[  310.678294] CPU: 0 PID: 1537 Comm: ->transport Not tainted 4.1.15-03725-g793404c #2
[  310.685958] Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
[  310.692493] task: c8e24200 ti: c945e000 task.ti: c945e000
[  310.697911] PC is at usb_gadget_unregister_driver+0xb4/0xd0
[  310.703502] LR is at __mutex_lock_slowpath+0x10c/0x16c
[  310.708648] pc : [<c075efc0>]    lr : [<c0bfb0bc>]    psr: 600f0113
<snip..>
[  311.565585] [<c075efc0>] (usb_gadget_unregister_driver) from [<c075e2b8>] (unregister_gadget_item+0x1c/0x34)
[  311.575426] [<c075e2b8>] (unregister_gadget_item) from [<c076fcc8>] (ffs_closed+0x8c/0x9c)
[  311.583702] [<c076fcc8>] (ffs_closed) from [<c07736b8>] (ffs_data_reset+0xc/0xa0)
[  311.591194] [<c07736b8>] (ffs_data_reset) from [<c07738ac>] (ffs_data_closed+0x90/0xd0)
[  311.599208] [<c07738ac>] (ffs_data_closed) from [<c07738f8>] (ffs_ep0_release+0xc/0x14)
[  311.607224] [<c07738f8>] (ffs_ep0_release) from [<c023e030>] (__fput+0x80/0x1d0)
[  311.614635] [<c023e030>] (__fput) from [<c014e688>] (task_work_run+0xb0/0xe8)
[  311.621788] [<c014e688>] (task_work_run) from [<c010afdc>] (do_work_pending+0x7c/0xa4)
[  311.629718] [<c010afdc>] (do_work_pending) from [<c010770c>] (work_pending+0xc/0x20)

for functions using functionFS, i.e. android adbd will close /dev/usb-ffs/adb/ep0
when usb IO thread fails, but switch adb from on to off also triggers write
"none" > UDC. These 2 operations both call unregister_gadget, which will lead
to the panic above.

add a mutex before calling unregister_gadget for api used in f_fs.

Signed-off-by: Winter Wang <wente.wang@nxp.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/usb/gadget/configfs.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/usb/gadget/configfs.c b/drivers/usb/gadget/configfs.c
index 6abb6a10ee82..d412e234f336 100644
--- a/drivers/usb/gadget/configfs.c
+++ b/drivers/usb/gadget/configfs.c
@@ -1496,7 +1496,9 @@ void unregister_gadget_item(struct config_item *item)
 {
 	struct gadget_info *gi = to_gadget_info(item);
 
+	mutex_lock(&gi->lock);
 	unregister_gadget(gi);
+	mutex_unlock(&gi->lock);
 }
 EXPORT_SYMBOL_GPL(unregister_gadget_item);
 
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 083/131] usb: gadget: rndis: free response queue during REMOTE_NDIS_RESET_MSG
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (81 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 082/131] usb: gadget: configfs: add mutex lock before unregister gadget Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 084/131] cpu/hotplug: Handle unbalanced hotplug enable/disable Greg Kroah-Hartman
                   ` (52 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Rajkumar Raghupathy, Xerox Lin,
	Amit Pundir, Felipe Balbi, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit 207707d8fd48ebc977fb2b2794004a020e1ee08e ]

When rndis data transfer is in progress, some Windows7 Host PC is not
sending the GET_ENCAPSULATED_RESPONSE command for receiving the response
for the previous SEND_ENCAPSULATED_COMMAND processed.

The rndis function driver appends each response for the
SEND_ENCAPSULATED_COMMAND in a queue. As the above process got corrupted,
the Host sends a REMOTE_NDIS_RESET_MSG command to do a soft-reset.
As the rndis response queue is not freed, the previous response is sent
as a part of this REMOTE_NDIS_RESET_MSG's reset response and the Host
block any more Rndis transfers.

Hence free the rndis response queue as a part of this soft-reset so that
the correct response for REMOTE_NDIS_RESET_MSG is sent properly during the
response command.

Signed-off-by: Rajkumar Raghupathy <raghup@codeaurora.org>
Signed-off-by: Xerox Lin <xerox_lin@htc.com>
[AmitP: Cherry-picked this patch and folded other relevant
        fixes from Android common kernel android-4.4]
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/usb/gadget/function/rndis.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/drivers/usb/gadget/function/rndis.c b/drivers/usb/gadget/function/rndis.c
index 70d3917cc003..2582db38d6a6 100644
--- a/drivers/usb/gadget/function/rndis.c
+++ b/drivers/usb/gadget/function/rndis.c
@@ -680,6 +680,12 @@ static int rndis_reset_response(struct rndis_params *params,
 {
 	rndis_reset_cmplt_type *resp;
 	rndis_resp_t *r;
+	u8 *xbuf;
+	u32 length;
+
+	/* drain the response queue */
+	while ((xbuf = rndis_get_next_response(params, &length)))
+		rndis_free_response(params, xbuf);
 
 	r = rndis_add_response(params, sizeof(rndis_reset_cmplt_type));
 	if (!r)
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 084/131] cpu/hotplug: Handle unbalanced hotplug enable/disable
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (82 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 083/131] usb: gadget: rndis: free response queue during REMOTE_NDIS_RESET_MSG Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 085/131] video: fbdev: Set pixclock = 0 in goldfishfb Greg Kroah-Hartman
                   ` (51 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Lianwei Wang, peterz, linux-pm, oleg,
	Thomas Gleixner, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit 01b41159066531cc8d664362ff0cd89dd137bbfa ]

When cpu_hotplug_enable() is called unbalanced w/o a preceeding
cpu_hotplug_disable() the code emits a warning, but happily decrements the
disabled counter. This causes the next operations to malfunction.

Prevent the decrement and just emit a warning.

Signed-off-by: Lianwei Wang <lianwei.wang@gmail.com>
Cc: peterz@infradead.org
Cc: linux-pm@vger.kernel.org
Cc: oleg@redhat.com
Link: http://lkml.kernel.org/r/1465541008-12476-1-git-send-email-lianwei.wang@gmail.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 kernel/cpu.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/kernel/cpu.c b/kernel/cpu.c
index 40d20bf5de28..42ce0b0ae5c5 100644
--- a/kernel/cpu.c
+++ b/kernel/cpu.c
@@ -183,10 +183,17 @@ void cpu_hotplug_disable(void)
 }
 EXPORT_SYMBOL_GPL(cpu_hotplug_disable);
 
+static void __cpu_hotplug_enable(void)
+{
+	if (WARN_ONCE(!cpu_hotplug_disabled, "Unbalanced cpu hotplug enable\n"))
+		return;
+	cpu_hotplug_disabled--;
+}
+
 void cpu_hotplug_enable(void)
 {
 	cpu_maps_update_begin();
-	WARN_ON(--cpu_hotplug_disabled < 0);
+	__cpu_hotplug_enable();
 	cpu_maps_update_done();
 }
 EXPORT_SYMBOL_GPL(cpu_hotplug_enable);
@@ -626,7 +633,7 @@ void enable_nonboot_cpus(void)
 
 	/* Allow everyone to use the CPU hotplug again */
 	cpu_maps_update_begin();
-	WARN_ON(--cpu_hotplug_disabled < 0);
+	__cpu_hotplug_enable();
 	if (cpumask_empty(frozen_cpus))
 		goto out;
 
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 085/131] video: fbdev: Set pixclock = 0 in goldfishfb
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (83 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 084/131] cpu/hotplug: Handle unbalanced hotplug enable/disable Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 086/131] arm64: kconfig: drop CONFIG_RTC_LIB dependency Greg Kroah-Hartman
                   ` (50 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Christoffer Dall, Peter Maydell,
	Roman Kiryanov, Bartlomiej Zolnierkiewicz, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit ace6033ec5c356615eaa3582fb1946e9eaff6662 ]

User space Android code identifies pixclock == 0 as a sign for emulation
and will set the frame rate to 60 fps when reading this value, which is
the desired outcome.

Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Roman Kiryanov <rkir@google.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/video/fbdev/goldfishfb.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/video/fbdev/goldfishfb.c b/drivers/video/fbdev/goldfishfb.c
index 14a93cb21310..66d58e93bc32 100644
--- a/drivers/video/fbdev/goldfishfb.c
+++ b/drivers/video/fbdev/goldfishfb.c
@@ -234,7 +234,7 @@ static int goldfish_fb_probe(struct platform_device *pdev)
 	fb->fb.var.activate	= FB_ACTIVATE_NOW;
 	fb->fb.var.height	= readl(fb->reg_base + FB_GET_PHYS_HEIGHT);
 	fb->fb.var.width	= readl(fb->reg_base + FB_GET_PHYS_WIDTH);
-	fb->fb.var.pixclock	= 10000;
+	fb->fb.var.pixclock	= 0;
 
 	fb->fb.var.red.offset = 11;
 	fb->fb.var.red.length = 5;
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 086/131] arm64: kconfig: drop CONFIG_RTC_LIB dependency
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (84 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 085/131] video: fbdev: Set pixclock = 0 in goldfishfb Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 087/131] mmc: mmc: fix switch timeout issue caused by jiffies precision Greg Kroah-Hartman
                   ` (49 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Ezequiel Garcia,
	Will Deacon, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit 99a507771fa57238dc7ffe674ae06090333d02c9 ]

The rtc-lib dependency is not required, and seems it was just
copy-pasted from ARM's Kconfig. If platform requires rtc-lib,
they should select it individually.

Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm64/Kconfig | 1 -
 1 file changed, 1 deletion(-)

diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 5b47218809e0..00c491750918 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -89,7 +89,6 @@ config ARM64
 	select PERF_USE_VMALLOC
 	select POWER_RESET
 	select POWER_SUPPLY
-	select RTC_LIB
 	select SPARSE_IRQ
 	select SYSCTL_EXCEPTION_TRACE
 	select HAVE_CONTEXT_TRACKING
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 087/131] mmc: mmc: fix switch timeout issue caused by jiffies precision
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (85 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 086/131] arm64: kconfig: drop CONFIG_RTC_LIB dependency Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 088/131] cfg80211: size various nl80211 messages correctly Greg Kroah-Hartman
                   ` (48 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Chaotian Jing, Ulf Hansson, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit 987aa5f8059613bf85cbb6f64ffbd34f5cb7a9d1 ]

with CONFIG_HZ=100, the precision of jiffies is 10ms, and the
generic_cmd6_time of some card is also 10ms. then, may be current
time is only 5ms, but already timed out caused by jiffies precision.

Signed-off-by: Chaotian Jing <chaotian.jing@mediatek.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/mmc/core/mmc_ops.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/mmc/core/mmc_ops.c b/drivers/mmc/core/mmc_ops.c
index 1f444269ebbe..76b49b9772d0 100644
--- a/drivers/mmc/core/mmc_ops.c
+++ b/drivers/mmc/core/mmc_ops.c
@@ -542,7 +542,7 @@ int __mmc_switch(struct mmc_card *card, u8 set, u8 index, u8 value,
 		timeout_ms = MMC_OPS_TIMEOUT_MS;
 
 	/* Must check status to be sure of no errors. */
-	timeout = jiffies + msecs_to_jiffies(timeout_ms);
+	timeout = jiffies + msecs_to_jiffies(timeout_ms) + 1;
 	do {
 		if (send_status) {
 			err = __mmc_send_status(card, &status, ignore_crc);
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 088/131] cfg80211: size various nl80211 messages correctly
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (86 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 087/131] mmc: mmc: fix switch timeout issue caused by jiffies precision Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 089/131] stmmac: copy unicast mac address to MAC registers Greg Kroah-Hartman
                   ` (47 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Johannes Berg, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit 4ef8c1c93f848e360754f10eb2e7134c872b6597 ]

Ilan reported that sometimes nl80211 messages weren't working if
the frames being transported got very large, which was really a
problem for userspace-to-kernel messages, but prompted me to look
at the code.

Upon review, I found various places where variable-length data is
transported in an nl80211 message but the message isn't allocated
taking that into account. This shouldn't cause any problems since
the frames aren't really that long, apart in one place where two
(possibly very long frames) might not fit.

Fix all the places (that I found) that get variable length data
from the driver and put it into a message to take the length of
the variable data into account. The 100 there is just a safe
constant for the remaining message overhead (it's usually around
50 for most messages.)

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/wireless/nl80211.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 642a78079ae1..81013490a99f 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -11721,7 +11721,7 @@ static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
 	struct sk_buff *msg;
 	void *hdr;
 
-	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
+	msg = nlmsg_new(100 + len, gfp);
 	if (!msg)
 		return;
 
@@ -11873,7 +11873,7 @@ void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
 	struct sk_buff *msg;
 	void *hdr;
 
-	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
+	msg = nlmsg_new(100 + req_ie_len + resp_ie_len, gfp);
 	if (!msg)
 		return;
 
@@ -11913,7 +11913,7 @@ void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
 	struct sk_buff *msg;
 	void *hdr;
 
-	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
+	msg = nlmsg_new(100 + req_ie_len + resp_ie_len, gfp);
 	if (!msg)
 		return;
 
@@ -11951,7 +11951,7 @@ void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
 	struct sk_buff *msg;
 	void *hdr;
 
-	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
+	msg = nlmsg_new(100 + ie_len, GFP_KERNEL);
 	if (!msg)
 		return;
 
@@ -12028,7 +12028,7 @@ void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
 
 	trace_cfg80211_notify_new_peer_candidate(dev, addr);
 
-	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
+	msg = nlmsg_new(100 + ie_len, gfp);
 	if (!msg)
 		return;
 
@@ -12397,7 +12397,7 @@ int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
 	struct sk_buff *msg;
 	void *hdr;
 
-	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
+	msg = nlmsg_new(100 + len, gfp);
 	if (!msg)
 		return -ENOMEM;
 
@@ -12440,7 +12440,7 @@ void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
 
 	trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);
 
-	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
+	msg = nlmsg_new(100 + len, gfp);
 	if (!msg)
 		return;
 
@@ -13244,7 +13244,7 @@ void cfg80211_ft_event(struct net_device *netdev,
 	if (!ft_event->target_ap)
 		return;
 
-	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
+	msg = nlmsg_new(100 + ft_event->ric_ies_len, GFP_KERNEL);
 	if (!msg)
 		return;
 
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 089/131] stmmac: copy unicast mac address to MAC registers
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (87 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 088/131] cfg80211: size various nl80211 messages correctly Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 090/131] dccp: do not use ipv6 header for ipv4 flow Greg Kroah-Hartman
                   ` (46 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Bhadram Varka, David S. Miller, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit a830405ee452ddc4101c3c9334e6fedd42c6b357 ]

Currently stmmac driver not copying the valid ethernet
MAC address to MAC registers. This patch takes care
of updating the MAC register with MAC address.

Signed-off-by: Bhadram Varka <vbhadram@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 .../net/ethernet/stmicro/stmmac/stmmac_main.c    | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
index 7bba30f24135..059113dce6e0 100644
--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
+++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
@@ -2529,6 +2529,20 @@ static int stmmac_ioctl(struct net_device *dev, struct ifreq *rq, int cmd)
 	return ret;
 }
 
+static int stmmac_set_mac_address(struct net_device *ndev, void *addr)
+{
+	struct stmmac_priv *priv = netdev_priv(ndev);
+	int ret = 0;
+
+	ret = eth_mac_addr(ndev, addr);
+	if (ret)
+		return ret;
+
+	priv->hw->mac->set_umac_addr(priv->hw, ndev->dev_addr, 0);
+
+	return ret;
+}
+
 #ifdef CONFIG_DEBUG_FS
 static struct dentry *stmmac_fs_dir;
 
@@ -2730,7 +2744,7 @@ static const struct net_device_ops stmmac_netdev_ops = {
 #ifdef CONFIG_NET_POLL_CONTROLLER
 	.ndo_poll_controller = stmmac_poll_controller,
 #endif
-	.ndo_set_mac_address = eth_mac_addr,
+	.ndo_set_mac_address = stmmac_set_mac_address,
 };
 
 /**
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 090/131] dccp: do not use ipv6 header for ipv4 flow
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (88 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 089/131] stmmac: copy unicast mac address to MAC registers Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 091/131] mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S Greg Kroah-Hartman
                   ` (45 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Eric Dumazet, David S. Miller

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Eric Dumazet <edumazet@google.com>

[ Upstream commit e0aa67709f89d08c8d8e5bdd9e0b649df61d0090 ]

When a dual stack dccp listener accepts an ipv4 flow,
it should not attempt to use an ipv6 header or
inet6_iif() helper.

Fixes: 3df80d9320bc ("[DCCP]: Introduce DCCPv6")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/dccp/ipv6.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/net/dccp/ipv6.c
+++ b/net/dccp/ipv6.c
@@ -427,8 +427,8 @@ static struct sock *dccp_v6_request_recv
 		newnp->ipv6_mc_list = NULL;
 		newnp->ipv6_ac_list = NULL;
 		newnp->ipv6_fl_list = NULL;
-		newnp->mcast_oif   = inet6_iif(skb);
-		newnp->mcast_hops  = ipv6_hdr(skb)->hop_limit;
+		newnp->mcast_oif   = inet_iif(skb);
+		newnp->mcast_hops  = ip_hdr(skb)->ttl;
 
 		/*
 		 * No need to charge this sock to the relevant IPv6 refcnt debug socks count



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 091/131] mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (89 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 090/131] dccp: do not use ipv6 header for ipv4 flow Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 092/131] net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec Greg Kroah-Hartman
                   ` (44 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Bjorn Helgaas, David S. Miller

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Bjorn Helgaas <bhelgaas@google.com>

[ Upstream commit fae846e2b7124d4b076ef17791c73addf3b26350 ]

The device ID alone does not uniquely identify a device.  Test both the
vendor and device ID to make sure we don't mistakenly think some other
vendor's 0xB410 device is a Digium HFC4S.  Also, instead of the bare hex
ID, use the same constant (PCI_DEVICE_ID_DIGIUM_HFC4S) used in the device
ID table.

No functional change intended.

Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/isdn/hardware/mISDN/hfcmulti.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/drivers/isdn/hardware/mISDN/hfcmulti.c
+++ b/drivers/isdn/hardware/mISDN/hfcmulti.c
@@ -4370,7 +4370,8 @@ setup_pci(struct hfc_multi *hc, struct p
 	if (m->clock2)
 		test_and_set_bit(HFC_CHIP_CLOCK2, &hc->chip);
 
-	if (ent->device == 0xB410) {
+	if (ent->vendor == PCI_VENDOR_ID_DIGIUM &&
+	    ent->device == PCI_DEVICE_ID_DIGIUM_HFC4S) {
 		test_and_set_bit(HFC_CHIP_B410P, &hc->chip);
 		test_and_set_bit(HFC_CHIP_PCM_MASTER, &hc->chip);
 		test_and_clear_bit(HFC_CHIP_PCM_SLAVE, &hc->chip);



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 092/131] net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (90 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 091/131] mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 093/131] net: rose: fix a possible stack overflow Greg Kroah-Hartman
                   ` (43 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Kal Conley, Andrey Konovalov,
	Christoph Paasch, David S. Miller

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Christoph Paasch <cpaasch@apple.com>

[ Upstream commit 398f0132c14754fcd03c1c4f8e7176d001ce8ea1 ]

Since commit fc62814d690c ("net/packet: fix 4gb buffer limit due to overflow check")
one can now allocate packet ring buffers >= UINT_MAX. However, syzkaller
found that that triggers a warning:

[   21.100000] WARNING: CPU: 2 PID: 2075 at mm/page_alloc.c:4584 __alloc_pages_nod0
[   21.101490] Modules linked in:
[   21.101921] CPU: 2 PID: 2075 Comm: syz-executor.0 Not tainted 5.0.0 #146
[   21.102784] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 0.5.1 01/01/2011
[   21.103887] RIP: 0010:__alloc_pages_nodemask+0x2a0/0x630
[   21.104640] Code: fe ff ff 65 48 8b 04 25 c0 de 01 00 48 05 90 0f 00 00 41 bd 01 00 00 00 48 89 44 24 48 e9 9c fe 3
[   21.107121] RSP: 0018:ffff88805e1cf920 EFLAGS: 00010246
[   21.107819] RAX: 0000000000000000 RBX: ffffffff85a488a0 RCX: 0000000000000000
[   21.108753] RDX: 0000000000000000 RSI: dffffc0000000000 RDI: 0000000000000000
[   21.109699] RBP: 1ffff1100bc39f28 R08: ffffed100bcefb67 R09: ffffed100bcefb67
[   21.110646] R10: 0000000000000001 R11: ffffed100bcefb66 R12: 000000000000000d
[   21.111623] R13: 0000000000000000 R14: ffff88805e77d888 R15: 000000000000000d
[   21.112552] FS:  00007f7c7de05700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000
[   21.113612] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   21.114405] CR2: 000000000065c000 CR3: 000000005e58e006 CR4: 00000000001606e0
[   21.115367] Call Trace:
[   21.115705]  ? __alloc_pages_slowpath+0x21c0/0x21c0
[   21.116362]  alloc_pages_current+0xac/0x1e0
[   21.116923]  kmalloc_order+0x18/0x70
[   21.117393]  kmalloc_order_trace+0x18/0x110
[   21.117949]  packet_set_ring+0x9d5/0x1770
[   21.118524]  ? packet_rcv_spkt+0x440/0x440
[   21.119094]  ? lock_downgrade+0x620/0x620
[   21.119646]  ? __might_fault+0x177/0x1b0
[   21.120177]  packet_setsockopt+0x981/0x2940
[   21.120753]  ? __fget+0x2fb/0x4b0
[   21.121209]  ? packet_release+0xab0/0xab0
[   21.121740]  ? sock_has_perm+0x1cd/0x260
[   21.122297]  ? selinux_secmark_relabel_packet+0xd0/0xd0
[   21.123013]  ? __fget+0x324/0x4b0
[   21.123451]  ? selinux_netlbl_socket_setsockopt+0x101/0x320
[   21.124186]  ? selinux_netlbl_sock_rcv_skb+0x3a0/0x3a0
[   21.124908]  ? __lock_acquire+0x529/0x3200
[   21.125453]  ? selinux_socket_setsockopt+0x5d/0x70
[   21.126075]  ? __sys_setsockopt+0x131/0x210
[   21.126533]  ? packet_release+0xab0/0xab0
[   21.127004]  __sys_setsockopt+0x131/0x210
[   21.127449]  ? kernel_accept+0x2f0/0x2f0
[   21.127911]  ? ret_from_fork+0x8/0x50
[   21.128313]  ? do_raw_spin_lock+0x11b/0x280
[   21.128800]  __x64_sys_setsockopt+0xba/0x150
[   21.129271]  ? lockdep_hardirqs_on+0x37f/0x560
[   21.129769]  do_syscall_64+0x9f/0x450
[   21.130182]  entry_SYSCALL_64_after_hwframe+0x49/0xbe

We should allocate with __GFP_NOWARN to handle this.

Cc: Kal Conley <kal.conley@dectris.com>
Cc: Andrey Konovalov <andreyknvl@google.com>
Fixes: fc62814d690c ("net/packet: fix 4gb buffer limit due to overflow check")
Signed-off-by: Christoph Paasch <cpaasch@apple.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/packet/af_packet.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -4130,7 +4130,7 @@ static struct pgv *alloc_pg_vec(struct t
 	struct pgv *pg_vec;
 	int i;
 
-	pg_vec = kcalloc(block_nr, sizeof(struct pgv), GFP_KERNEL);
+	pg_vec = kcalloc(block_nr, sizeof(struct pgv), GFP_KERNEL | __GFP_NOWARN);
 	if (unlikely(!pg_vec))
 		goto out;
 



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 093/131] net: rose: fix a possible stack overflow
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (91 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 092/131] net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 094/131] Add hlist_add_tail_rcu() (Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net) Greg Kroah-Hartman
                   ` (42 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Eric Dumazet, syzbot, David S. Miller

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Eric Dumazet <edumazet@google.com>

[ Upstream commit e5dcc0c3223c45c94100f05f28d8ef814db3d82c ]

rose_write_internal() uses a temp buffer of 100 bytes, but a manual
inspection showed that given arbitrary input, rose_create_facilities()
can fill up to 110 bytes.

Lets use a tailroom of 256 bytes for peace of mind, and remove
the bounce buffer : we can simply allocate a big enough skb
and adjust its length as needed.

syzbot report :

BUG: KASAN: stack-out-of-bounds in memcpy include/linux/string.h:352 [inline]
BUG: KASAN: stack-out-of-bounds in rose_create_facilities net/rose/rose_subr.c:521 [inline]
BUG: KASAN: stack-out-of-bounds in rose_write_internal+0x597/0x15d0 net/rose/rose_subr.c:116
Write of size 7 at addr ffff88808b1ffbef by task syz-executor.0/24854

CPU: 0 PID: 24854 Comm: syz-executor.0 Not tainted 5.0.0+ #97
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 print_address_description.cold+0x7c/0x20d mm/kasan/report.c:187
 kasan_report.cold+0x1b/0x40 mm/kasan/report.c:317
 check_memory_region_inline mm/kasan/generic.c:185 [inline]
 check_memory_region+0x123/0x190 mm/kasan/generic.c:191
 memcpy+0x38/0x50 mm/kasan/common.c:131
 memcpy include/linux/string.h:352 [inline]
 rose_create_facilities net/rose/rose_subr.c:521 [inline]
 rose_write_internal+0x597/0x15d0 net/rose/rose_subr.c:116
 rose_connect+0x7cb/0x1510 net/rose/af_rose.c:826
 __sys_connect+0x266/0x330 net/socket.c:1685
 __do_sys_connect net/socket.c:1696 [inline]
 __se_sys_connect net/socket.c:1693 [inline]
 __x64_sys_connect+0x73/0xb0 net/socket.c:1693
 do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x458079
Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f47b8d9dc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458079
RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000004
RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f47b8d9e6d4
R13: 00000000004be4a4 R14: 00000000004ceca8 R15: 00000000ffffffff

The buggy address belongs to the page:
page:ffffea00022c7fc0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
flags: 0x1fffc0000000000()
raw: 01fffc0000000000 0000000000000000 ffffffff022c0101 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff88808b1ffa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff88808b1ffb00: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 03
>ffff88808b1ffb80: f2 f2 00 00 00 00 00 00 00 00 00 00 00 00 04 f3
                                                             ^
 ffff88808b1ffc00: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
 ffff88808b1ffc80: 00 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 01 f2 01

Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/rose/rose_subr.c |   21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

--- a/net/rose/rose_subr.c
+++ b/net/rose/rose_subr.c
@@ -105,16 +105,17 @@ void rose_write_internal(struct sock *sk
 	struct sk_buff *skb;
 	unsigned char  *dptr;
 	unsigned char  lci1, lci2;
-	char buffer[100];
-	int len, faclen = 0;
+	int maxfaclen = 0;
+	int len, faclen;
+	int reserve;
 
-	len = AX25_BPQ_HEADER_LEN + AX25_MAX_HEADER_LEN + ROSE_MIN_LEN + 1;
+	reserve = AX25_BPQ_HEADER_LEN + AX25_MAX_HEADER_LEN + 1;
+	len = ROSE_MIN_LEN;
 
 	switch (frametype) {
 	case ROSE_CALL_REQUEST:
 		len   += 1 + ROSE_ADDR_LEN + ROSE_ADDR_LEN;
-		faclen = rose_create_facilities(buffer, rose);
-		len   += faclen;
+		maxfaclen = 256;
 		break;
 	case ROSE_CALL_ACCEPTED:
 	case ROSE_CLEAR_REQUEST:
@@ -123,15 +124,16 @@ void rose_write_internal(struct sock *sk
 		break;
 	}
 
-	if ((skb = alloc_skb(len, GFP_ATOMIC)) == NULL)
+	skb = alloc_skb(reserve + len + maxfaclen, GFP_ATOMIC);
+	if (!skb)
 		return;
 
 	/*
 	 *	Space for AX.25 header and PID.
 	 */
-	skb_reserve(skb, AX25_BPQ_HEADER_LEN + AX25_MAX_HEADER_LEN + 1);
+	skb_reserve(skb, reserve);
 
-	dptr = skb_put(skb, skb_tailroom(skb));
+	dptr = skb_put(skb, len);
 
 	lci1 = (rose->lci >> 8) & 0x0F;
 	lci2 = (rose->lci >> 0) & 0xFF;
@@ -146,7 +148,8 @@ void rose_write_internal(struct sock *sk
 		dptr   += ROSE_ADDR_LEN;
 		memcpy(dptr, &rose->source_addr, ROSE_ADDR_LEN);
 		dptr   += ROSE_ADDR_LEN;
-		memcpy(dptr, buffer, faclen);
+		faclen = rose_create_facilities(dptr, rose);
+		skb_put(skb, faclen);
 		dptr   += faclen;
 		break;
 



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 094/131] Add hlist_add_tail_rcu() (Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net)
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (92 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 093/131] net: rose: fix a possible stack overflow Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 095/131] packets: Always register packet sk in the same order Greg Kroah-Hartman
                   ` (41 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, David S. Miller

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: David S. Miller <davem@davemloft.net>

commit 1602f49b58abcb0d34a5f0a29d68e7c1769547aa upstream.

[This commit was a merge, but it added hlist_add_tail_rcu(), which is what we
 need in this stable tree, so I've changed the subject to be more descriptive
 - gregkh]

Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 include/linux/rculist.h |   36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

--- a/include/linux/rculist.h
+++ b/include/linux/rculist.h
@@ -402,6 +402,42 @@ static inline void hlist_add_head_rcu(st
 }
 
 /**
+ * hlist_add_tail_rcu
+ * @n: the element to add to the hash list.
+ * @h: the list to add to.
+ *
+ * Description:
+ * Adds the specified element to the specified hlist,
+ * while permitting racing traversals.
+ *
+ * The caller must take whatever precautions are necessary
+ * (such as holding appropriate locks) to avoid racing
+ * with another list-mutation primitive, such as hlist_add_head_rcu()
+ * or hlist_del_rcu(), running on this same list.
+ * However, it is perfectly legal to run concurrently with
+ * the _rcu list-traversal primitives, such as
+ * hlist_for_each_entry_rcu(), used to prevent memory-consistency
+ * problems on Alpha CPUs.  Regardless of the type of CPU, the
+ * list-traversal primitive must be guarded by rcu_read_lock().
+ */
+static inline void hlist_add_tail_rcu(struct hlist_node *n,
+				      struct hlist_head *h)
+{
+	struct hlist_node *i, *last = NULL;
+
+	for (i = hlist_first_rcu(h); i; i = hlist_next_rcu(i))
+		last = i;
+
+	if (last) {
+		n->next = last->next;
+		n->pprev = &last->next;
+		rcu_assign_pointer(hlist_next_rcu(last), n);
+	} else {
+		hlist_add_head_rcu(n, h);
+	}
+}
+
+/**
  * hlist_add_before_rcu
  * @n: the new element to add to the hash list.
  * @next: the existing element to add the new element before.



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 095/131] packets: Always register packet sk in the same order
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (93 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 094/131] Add hlist_add_tail_rcu() (Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net) Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 096/131] tcp: do not use ipv6 header for ipv4 flow Greg Kroah-Hartman
                   ` (40 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Maxime Chevallier, Willem de Bruijn,
	David S. Miller

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Maxime Chevallier <maxime.chevallier@bootlin.com>

[ Upstream commit a4dc6a49156b1f8d6e17251ffda17c9e6a5db78a ]

When using fanouts with AF_PACKET, the demux functions such as
fanout_demux_cpu will return an index in the fanout socket array, which
corresponds to the selected socket.

The ordering of this array depends on the order the sockets were added
to a given fanout group, so for FANOUT_CPU this means sockets are bound
to cpus in the order they are configured, which is OK.

However, when stopping then restarting the interface these sockets are
bound to, the sockets are reassigned to the fanout group in the reverse
order, due to the fact that they were inserted at the head of the
interface's AF_PACKET socket list.

This means that traffic that was directed to the first socket in the
fanout group is now directed to the last one after an interface restart.

In the case of FANOUT_CPU, traffic from CPU0 will be directed to the
socket that used to receive traffic from the last CPU after an interface
restart.

This commit introduces a helper to add a socket at the tail of a list,
then uses it to register AF_PACKET sockets.

Note that this changes the order in which sockets are listed in /proc and
with sock_diag.

Fixes: dc99f600698d ("packet: Add fanout support")
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
Acked-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 include/net/sock.h     |    6 ++++++
 net/packet/af_packet.c |    2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -651,6 +651,12 @@ static inline void sk_add_node_rcu(struc
 	hlist_add_head_rcu(&sk->sk_node, list);
 }
 
+static inline void sk_add_node_tail_rcu(struct sock *sk, struct hlist_head *list)
+{
+	sock_hold(sk);
+	hlist_add_tail_rcu(&sk->sk_node, list);
+}
+
 static inline void __sk_nulls_add_node_rcu(struct sock *sk, struct hlist_nulls_head *list)
 {
 	hlist_nulls_add_head_rcu(&sk->sk_nulls_node, list);
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -3155,7 +3155,7 @@ static int packet_create(struct net *net
 	}
 
 	mutex_lock(&net->packet.sklist_lock);
-	sk_add_node_rcu(sk, &net->packet.sklist);
+	sk_add_node_tail_rcu(sk, &net->packet.sklist);
 	mutex_unlock(&net->packet.sklist_lock);
 
 	preempt_disable();



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 096/131] tcp: do not use ipv6 header for ipv4 flow
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (94 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 095/131] packets: Always register packet sk in the same order Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 097/131] vxlan: Dont call gro_cells_destroy() before device is unregistered Greg Kroah-Hartman
                   ` (39 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Eric Dumazet, David S. Miller

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Eric Dumazet <edumazet@google.com>

[ Upstream commit 89e4130939a20304f4059ab72179da81f5347528 ]

When a dual stack tcp listener accepts an ipv4 flow,
it should not attempt to use an ipv6 header or tcp_v6_iif() helper.

Fixes: 1397ed35f22d ("ipv6: add flowinfo for tcp6 pkt_options for all cases")
Fixes: df3687ffc665 ("ipv6: add the IPV6_FL_F_REFLECT flag to IPV6_FL_A_GET")
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/ipv6/tcp_ipv6.c |    8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -1043,11 +1043,11 @@ static struct sock *tcp_v6_syn_recv_sock
 		newnp->ipv6_fl_list = NULL;
 		newnp->pktoptions  = NULL;
 		newnp->opt	   = NULL;
-		newnp->mcast_oif   = tcp_v6_iif(skb);
-		newnp->mcast_hops  = ipv6_hdr(skb)->hop_limit;
-		newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb));
+		newnp->mcast_oif   = inet_iif(skb);
+		newnp->mcast_hops  = ip_hdr(skb)->ttl;
+		newnp->rcv_flowinfo = 0;
 		if (np->repflow)
-			newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb));
+			newnp->flow_label = 0;
 
 		/*
 		 * No need to charge this sock to the relevant IPv6 refcnt debug socks count



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 097/131] vxlan: Dont call gro_cells_destroy() before device is unregistered
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (95 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 096/131] tcp: do not use ipv6 header for ipv4 flow Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 098/131] sctp: get sctphdr by offset in sctp_compute_cksum Greg Kroah-Hartman
                   ` (38 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Suanming.Mou, Eric Dumazet,
	Stefano Brivio, Zhiqiang Liu, David S. Miller

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Zhiqiang Liu <liuzhiqiang26@huawei.com>

[ Upstream commit cc4807bb609230d8959fd732b0bf3bd4c2de8eac ]

Commit ad6c9986bcb62 ("vxlan: Fix GRO cells race condition between
receive and link delete") fixed a race condition for the typical case a vxlan
device is dismantled from the current netns. But if a netns is dismantled,
vxlan_destroy_tunnels() is called to schedule a unregister_netdevice_queue()
of all the vxlan tunnels that are related to this netns.

In vxlan_destroy_tunnels(), gro_cells_destroy() is called and finished before
unregister_netdevice_queue(). This means that the gro_cells_destroy() call is
done too soon, for the same reasons explained in above commit.

So we need to fully respect the RCU rules, and thus must remove the
gro_cells_destroy() call or risk use after-free.

Fixes: 58ce31cca1ff ("vxlan: GRO support at tunnel layer")
Signed-off-by: Suanming.Mou <mousuanming@huawei.com>
Suggested-by: Eric Dumazet <eric.dumazet@gmail.com>
Reviewed-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/net/vxlan.c |    4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

--- a/drivers/net/vxlan.c
+++ b/drivers/net/vxlan.c
@@ -3276,10 +3276,8 @@ static void __net_exit vxlan_exit_net(st
 		/* If vxlan->dev is in the same netns, it has already been added
 		 * to the list by the previous loop.
 		 */
-		if (!net_eq(dev_net(vxlan->dev), net)) {
-			gro_cells_destroy(&vxlan->gro_cells);
+		if (!net_eq(dev_net(vxlan->dev), net))
 			unregister_netdevice_queue(vxlan->dev, &list);
-		}
 	}
 
 	unregister_netdevice_many(&list);



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 098/131] sctp: get sctphdr by offset in sctp_compute_cksum
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (96 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 097/131] vxlan: Dont call gro_cells_destroy() before device is unregistered Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 099/131] mac8390: Fix mmio access size probe Greg Kroah-Hartman
                   ` (37 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Li Shuang, Xin Long, David S. Miller

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Xin Long <lucien.xin@gmail.com>

[ Upstream commit 273160ffc6b993c7c91627f5a84799c66dfe4dee ]

sctp_hdr(skb) only works when skb->transport_header is set properly.

But in Netfilter, skb->transport_header for ipv6 is not guaranteed
to be right value for sctphdr. It would cause to fail to check the
checksum for sctp packets.

So fix it by using offset, which is always right in all places.

v1->v2:
  - Fix the changelog.

Fixes: e6d8b64b34aa ("net: sctp: fix and consolidate SCTP checksumming code")
Reported-by: Li Shuang <shuali@redhat.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 include/net/sctp/checksum.h |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/include/net/sctp/checksum.h
+++ b/include/net/sctp/checksum.h
@@ -60,7 +60,7 @@ static inline __wsum sctp_csum_combine(_
 static inline __le32 sctp_compute_cksum(const struct sk_buff *skb,
 					unsigned int offset)
 {
-	struct sctphdr *sh = sctp_hdr(skb);
+	struct sctphdr *sh = (struct sctphdr *)(skb->data + offset);
         __le32 ret, old = sh->checksum;
 	const struct skb_checksum_ops ops = {
 		.update  = sctp_csum_update,



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 099/131] mac8390: Fix mmio access size probe
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (97 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 098/131] sctp: get sctphdr by offset in sctp_compute_cksum Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 100/131] btrfs: remove WARN_ON in log_dir_items Greg Kroah-Hartman
                   ` (36 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Finn Thain, David S. Miller, Stan Johnson

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Finn Thain <fthain@telegraphics.com.au>

[ Upstream commit bb9e5c5bcd76f4474eac3baf643d7a39f7bac7bb ]

The bug that Stan reported is as follows. After a restart, a 16-bit NIC
may be incorrectly identified as a 32-bit NIC and stop working.

mac8390 slot.E: Memory length resource not found, probing
mac8390 slot.E: Farallon EtherMac II-C (type farallon)
mac8390 slot.E: MAC 00:00:c5:30:c2:99, IRQ 61, 32 KB shared memory at 0xfeed0000, 32-bit access.

The bug never arises after a cold start and only intermittently after a
warm start. (I didn't investigate why the bug is intermittent.)

It turns out that memcpy_toio() is deprecated and memcmp_withio() also
has issues. Replacing these calls with mmio accessors fixes the problem.

Reported-and-tested-by: Stan Johnson <userm57@yahoo.com>
Fixes: 2964db0f5904 ("m68k: Mac DP8390 update")
Signed-off-by: Finn Thain <fthain@telegraphics.com.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/net/ethernet/8390/mac8390.c |   19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

--- a/drivers/net/ethernet/8390/mac8390.c
+++ b/drivers/net/ethernet/8390/mac8390.c
@@ -156,8 +156,6 @@ static void dayna_block_output(struct ne
 #define memcpy_fromio(a, b, c)	memcpy((a), (void *)(b), (c))
 #define memcpy_toio(a, b, c)	memcpy((void *)(a), (b), (c))
 
-#define memcmp_withio(a, b, c)	memcmp((a), (void *)(b), (c))
-
 /* Slow Sane (16-bit chunk memory read/write) Cabletron uses this */
 static void slow_sane_get_8390_hdr(struct net_device *dev,
 				   struct e8390_pkt_hdr *hdr, int ring_page);
@@ -237,19 +235,26 @@ static enum mac8390_type __init mac8390_
 
 static enum mac8390_access __init mac8390_testio(volatile unsigned long membase)
 {
-	unsigned long outdata = 0xA5A0B5B0;
-	unsigned long indata =  0x00000000;
+	u32 outdata = 0xA5A0B5B0;
+	u32 indata = 0;
+
 	/* Try writing 32 bits */
-	memcpy_toio(membase, &outdata, 4);
-	/* Now compare them */
-	if (memcmp_withio(&outdata, membase, 4) == 0)
+	nubus_writel(outdata, membase);
+	/* Now read it back */
+	indata = nubus_readl(membase);
+	if (outdata == indata)
 		return ACCESS_32;
+
+	outdata = 0xC5C0D5D0;
+	indata = 0;
+
 	/* Write 16 bit output */
 	word_memcpy_tocard(membase, &outdata, 4);
 	/* Now read it back */
 	word_memcpy_fromcard(&indata, membase, 4);
 	if (outdata == indata)
 		return ACCESS_16;
+
 	return ACCESS_UNKNOWN;
 }
 



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 100/131] btrfs: remove WARN_ON in log_dir_items
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (98 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 099/131] mac8390: Fix mmio access size probe Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 101/131] btrfs: raid56: properly unmap parity page in finish_parity_scrub() Greg Kroah-Hartman
                   ` (35 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Filipe Manana, Josef Bacik, David Sterba

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Josef Bacik <josef@toxicpanda.com>

commit 2cc8334270e281815c3850c3adea363c51f21e0d upstream.

When Filipe added the recursive directory logging stuff in
2f2ff0ee5e430 ("Btrfs: fix metadata inconsistencies after directory
fsync") he specifically didn't take the directory i_mutex for the
children directories that we need to log because of lockdep.  This is
generally fine, but can lead to this WARN_ON() tripping if we happen to
run delayed deletion's in between our first search and our second search
of dir_item/dir_indexes for this directory.  We expect this to happen,
so the WARN_ON() isn't necessary.  Drop the WARN_ON() and add a comment
so we know why this case can happen.

CC: stable@vger.kernel.org # 4.4+
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/btrfs/tree-log.c |   11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

--- a/fs/btrfs/tree-log.c
+++ b/fs/btrfs/tree-log.c
@@ -3321,9 +3321,16 @@ static noinline int log_dir_items(struct
 	}
 	btrfs_release_path(path);
 
-	/* find the first key from this transaction again */
+	/*
+	 * Find the first key from this transaction again.  See the note for
+	 * log_new_dir_dentries, if we're logging a directory recursively we
+	 * won't be holding its i_mutex, which means we can modify the directory
+	 * while we're logging it.  If we remove an entry between our first
+	 * search and this search we'll not find the key again and can just
+	 * bail.
+	 */
 	ret = btrfs_search_slot(NULL, root, &min_key, path, 0, 0);
-	if (WARN_ON(ret != 0))
+	if (ret != 0)
 		goto done;
 
 	/*



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 101/131] btrfs: raid56: properly unmap parity page in finish_parity_scrub()
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (99 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 100/131] btrfs: remove WARN_ON in log_dir_items Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 102/131] ARM: imx6q: cpuidle: fix bug that CPU might not wake up at expected time Greg Kroah-Hartman
                   ` (34 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Johannes Thumshirn, Andrea Righi,
	David Sterba

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Andrea Righi <andrea.righi@canonical.com>

commit 3897b6f0a859288c22fb793fad11ec2327e60fcd upstream.

Parity page is incorrectly unmapped in finish_parity_scrub(), triggering
a reference counter bug on i386, i.e.:

 [ 157.662401] kernel BUG at mm/highmem.c:349!
 [ 157.666725] invalid opcode: 0000 [#1] SMP PTI

The reason is that kunmap(p_page) was completely left out, so we never
did an unmap for the p_page and the loop unmapping the rbio page was
iterating over the wrong number of stripes: unmapping should be done
with nr_data instead of rbio->real_stripes.

Test case to reproduce the bug:

 - create a raid5 btrfs filesystem:
   # mkfs.btrfs -m raid5 -d raid5 /dev/sdb /dev/sdc /dev/sdd /dev/sde

 - mount it:
   # mount /dev/sdb /mnt

 - run btrfs scrub in a loop:
   # while :; do btrfs scrub start -BR /mnt; done

BugLink: https://bugs.launchpad.net/bugs/1812845
Fixes: 5a6ac9eacb49 ("Btrfs, raid56: support parity scrub on raid56")
CC: stable@vger.kernel.org # 4.4+
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/btrfs/raid56.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/fs/btrfs/raid56.c
+++ b/fs/btrfs/raid56.c
@@ -2420,8 +2420,9 @@ static noinline void finish_parity_scrub
 			bitmap_clear(rbio->dbitmap, pagenr, 1);
 		kunmap(p);
 
-		for (stripe = 0; stripe < rbio->real_stripes; stripe++)
+		for (stripe = 0; stripe < nr_data; stripe++)
 			kunmap(page_in_rbio(rbio, stripe, pagenr, 0));
+		kunmap(p_page);
 	}
 
 	__free_page(p_page);



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 102/131] ARM: imx6q: cpuidle: fix bug that CPU might not wake up at expected time
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (100 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 101/131] btrfs: raid56: properly unmap parity page in finish_parity_scrub() Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 103/131] ALSA: compress: add support for 32bit calls in a 64bit kernel Greg Kroah-Hartman
                   ` (33 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Kohji Okuno, Shawn Guo

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Kohji Okuno <okuno.kohji@jp.panasonic.com>

commit 91740fc8242b4f260cfa4d4536d8551804777fae upstream.

In the current cpuidle implementation for i.MX6q, the CPU that sets
'WAIT_UNCLOCKED' and the CPU that returns to 'WAIT_CLOCKED' are always
the same. While the CPU that sets 'WAIT_UNCLOCKED' is in IDLE state of
"WAIT", if the other CPU wakes up and enters IDLE state of "WFI"
istead of "WAIT", this CPU can not wake up at expired time.
 Because, in the case of "WFI", the CPU must be waked up by the local
timer interrupt. But, while 'WAIT_UNCLOCKED' is set, the local timer
is stopped, when all CPUs execute "wfi" instruction. As a result, the
local timer interrupt is not fired.
 In this situation, this CPU will wake up by IRQ different from local
timer. (e.g. broacast timer)

So, this fix changes CPU to return to 'WAIT_CLOCKED'.

Signed-off-by: Kohji Okuno <okuno.kohji@jp.panasonic.com>
Fixes: e5f9dec8ff5f ("ARM: imx6q: support WAIT mode using cpuidle")
Cc: <stable@vger.kernel.org>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm/mach-imx/cpuidle-imx6q.c |   27 ++++++++++-----------------
 1 file changed, 10 insertions(+), 17 deletions(-)

--- a/arch/arm/mach-imx/cpuidle-imx6q.c
+++ b/arch/arm/mach-imx/cpuidle-imx6q.c
@@ -14,30 +14,23 @@
 #include "cpuidle.h"
 #include "hardware.h"
 
-static atomic_t master = ATOMIC_INIT(0);
-static DEFINE_SPINLOCK(master_lock);
+static int num_idle_cpus = 0;
+static DEFINE_SPINLOCK(cpuidle_lock);
 
 static int imx6q_enter_wait(struct cpuidle_device *dev,
 			    struct cpuidle_driver *drv, int index)
 {
-	if (atomic_inc_return(&master) == num_online_cpus()) {
-		/*
-		 * With this lock, we prevent other cpu to exit and enter
-		 * this function again and become the master.
-		 */
-		if (!spin_trylock(&master_lock))
-			goto idle;
+	spin_lock(&cpuidle_lock);
+	if (++num_idle_cpus == num_online_cpus())
 		imx6_set_lpm(WAIT_UNCLOCKED);
-		cpu_do_idle();
-		imx6_set_lpm(WAIT_CLOCKED);
-		spin_unlock(&master_lock);
-		goto done;
-	}
+	spin_unlock(&cpuidle_lock);
 
-idle:
 	cpu_do_idle();
-done:
-	atomic_dec(&master);
+
+	spin_lock(&cpuidle_lock);
+	if (num_idle_cpus-- == num_online_cpus())
+		imx6_set_lpm(WAIT_CLOCKED);
+	spin_unlock(&cpuidle_lock);
 
 	return index;
 }



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 103/131] ALSA: compress: add support for 32bit calls in a 64bit kernel
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (101 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 102/131] ARM: imx6q: cpuidle: fix bug that CPU might not wake up at expected time Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 104/131] ALSA: rawmidi: Fix potential Spectre v1 vulnerability Greg Kroah-Hartman
                   ` (32 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Ravindra Lokhande, Vinod Koul,
	Takashi Iwai, Arnd Bergmann

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Ravindra Lokhande <rlokhande@nvidia.com>

commit c10368897e104c008c610915a218f0fe5fa4ec96 upstream.

Compress offload does not support ioctl calls from a 32bit userspace
in a 64 bit kernel. This patch adds support for ioctls from a 32bit
userspace in a 64bit kernel

Signed-off-by: Ravindra Lokhande <rlokhande@nvidia.com>
Acked-by: Vinod Koul <vinod.koul@intel.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 sound/core/compress_offload.c |   13 +++++++++++++
 1 file changed, 13 insertions(+)

--- a/sound/core/compress_offload.c
+++ b/sound/core/compress_offload.c
@@ -38,6 +38,7 @@
 #include <linux/uio.h>
 #include <linux/uaccess.h>
 #include <linux/module.h>
+#include <linux/compat.h>
 #include <sound/core.h>
 #include <sound/initval.h>
 #include <sound/compress_params.h>
@@ -859,6 +860,15 @@ static long snd_compr_ioctl(struct file
 	return retval;
 }
 
+/* support of 32bit userspace on 64bit platforms */
+#ifdef CONFIG_COMPAT
+static long snd_compr_ioctl_compat(struct file *file, unsigned int cmd,
+						unsigned long arg)
+{
+	return snd_compr_ioctl(file, cmd, (unsigned long)compat_ptr(arg));
+}
+#endif
+
 static const struct file_operations snd_compr_file_ops = {
 		.owner =	THIS_MODULE,
 		.open =		snd_compr_open,
@@ -866,6 +876,9 @@ static const struct file_operations snd_
 		.write =	snd_compr_write,
 		.read =		snd_compr_read,
 		.unlocked_ioctl = snd_compr_ioctl,
+#ifdef CONFIG_COMPAT
+		.compat_ioctl = snd_compr_ioctl_compat,
+#endif
 		.mmap =		snd_compr_mmap,
 		.poll =		snd_compr_poll,
 };



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 104/131] ALSA: rawmidi: Fix potential Spectre v1 vulnerability
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (102 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 103/131] ALSA: compress: add support for 32bit calls in a 64bit kernel Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 105/131] ALSA: seq: oss: Fix " Greg Kroah-Hartman
                   ` (31 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Gustavo A. R. Silva, Takashi Iwai

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Gustavo A. R. Silva <gustavo@embeddedor.com>

commit 2b1d9c8f87235f593826b9cf46ec10247741fff9 upstream.

info->stream is indirectly controlled by user-space, hence leading to
a potential exploitation of the Spectre variant 1 vulnerability.

This issue was detected with the help of Smatch:

sound/core/rawmidi.c:604 __snd_rawmidi_info_select() warn: potential spectre issue 'rmidi->streams' [r] (local cap)

Fix this by sanitizing info->stream before using it to index
rmidi->streams.

Notice that given that speculation windows are large, the policy is
to kill the speculation on the first load and not worry if it can be
completed with a dependent load/store [1].

[1] https://lore.kernel.org/lkml/20180423164740.GY17484@dhcp22.suse.cz/

Cc: stable@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 sound/core/rawmidi.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/sound/core/rawmidi.c
+++ b/sound/core/rawmidi.c
@@ -29,6 +29,7 @@
 #include <linux/mutex.h>
 #include <linux/module.h>
 #include <linux/delay.h>
+#include <linux/nospec.h>
 #include <sound/rawmidi.h>
 #include <sound/info.h>
 #include <sound/control.h>
@@ -591,6 +592,7 @@ static int __snd_rawmidi_info_select(str
 		return -ENXIO;
 	if (info->stream < 0 || info->stream > 1)
 		return -EINVAL;
+	info->stream = array_index_nospec(info->stream, 2);
 	pstr = &rmidi->streams[info->stream];
 	if (pstr->substream_count == 0)
 		return -ENOENT;



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 105/131] ALSA: seq: oss: Fix Spectre v1 vulnerability
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (103 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 104/131] ALSA: rawmidi: Fix potential Spectre v1 vulnerability Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 106/131] ALSA: pcm: Fix possible OOB access in PCM oss plugins Greg Kroah-Hartman
                   ` (30 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Gustavo A. R. Silva, Takashi Iwai

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Gustavo A. R. Silva <gustavo@embeddedor.com>

commit c709f14f0616482b67f9fbcb965e1493a03ff30b upstream.

dev is indirectly controlled by user-space, hence leading to
a potential exploitation of the Spectre variant 1 vulnerability.

This issue was detected with the help of Smatch:

sound/core/seq/oss/seq_oss_synth.c:626 snd_seq_oss_synth_make_info() warn: potential spectre issue 'dp->synths' [w] (local cap)

Fix this by sanitizing dev before using it to index dp->synths.

Notice that given that speculation windows are large, the policy is
to kill the speculation on the first load and not worry if it can be
completed with a dependent load/store [1].

[1] https://lore.kernel.org/lkml/20180423164740.GY17484@dhcp22.suse.cz/

Cc: stable@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 sound/core/seq/oss/seq_oss_synth.c |    7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

--- a/sound/core/seq/oss/seq_oss_synth.c
+++ b/sound/core/seq/oss/seq_oss_synth.c
@@ -617,13 +617,14 @@ int
 snd_seq_oss_synth_make_info(struct seq_oss_devinfo *dp, int dev, struct synth_info *inf)
 {
 	struct seq_oss_synth *rec;
+	struct seq_oss_synthinfo *info = get_synthinfo_nospec(dp, dev);
 
-	if (dev < 0 || dev >= dp->max_synthdev)
+	if (!info)
 		return -ENXIO;
 
-	if (dp->synths[dev].is_midi) {
+	if (info->is_midi) {
 		struct midi_info minf;
-		snd_seq_oss_midi_make_info(dp, dp->synths[dev].midi_mapped, &minf);
+		snd_seq_oss_midi_make_info(dp, info->midi_mapped, &minf);
 		inf->synth_type = SYNTH_TYPE_MIDI;
 		inf->synth_subtype = 0;
 		inf->nr_voices = 16;



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 106/131] ALSA: pcm: Fix possible OOB access in PCM oss plugins
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (104 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 105/131] ALSA: seq: oss: Fix " Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 107/131] ALSA: pcm: Dont suspend stream in unrecoverable PCM state Greg Kroah-Hartman
                   ` (29 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, syzbot+d4503ae45b65c5bc1194, Takashi Iwai

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Takashi Iwai <tiwai@suse.de>

commit ca0214ee2802dd47239a4e39fb21c5b00ef61b22 upstream.

The PCM OSS emulation converts and transfers the data on the fly via
"plugins".  The data is converted over the dynamically allocated
buffer for each plugin, and recently syzkaller caught OOB in this
flow.

Although the bisection by syzbot pointed out to the commit
65766ee0bf7f ("ALSA: oss: Use kvzalloc() for local buffer
allocations"), this is merely a commit to replace vmalloc() with
kvmalloc(), hence it can't be the cause.  The further debug action
revealed that this happens in the case where a slave PCM doesn't
support only the stereo channels while the OSS stream is set up for a
mono channel.  Below is a brief explanation:

At each OSS parameter change, the driver sets up the PCM hw_params
again in snd_pcm_oss_change_params_lock().  This is also the place
where plugins are created and local buffers are allocated.  The
problem is that the plugins are created before the final hw_params is
determined.  Namely, two snd_pcm_hw_param_near() calls for setting the
period size and periods may influence on the final result of channels,
rates, etc, too, while the current code has already created plugins
beforehand with the premature values.  So, the plugin believes that
channels=1, while the actual I/O is with channels=2, which makes the
driver reading/writing over the allocated buffer size.

The fix is simply to move the plugin allocation code after the final
hw_params call.

Reported-by: syzbot+d4503ae45b65c5bc1194@syzkaller.appspotmail.com
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 sound/core/oss/pcm_oss.c |   43 ++++++++++++++++++++++---------------------
 1 file changed, 22 insertions(+), 21 deletions(-)

--- a/sound/core/oss/pcm_oss.c
+++ b/sound/core/oss/pcm_oss.c
@@ -950,6 +950,28 @@ static int snd_pcm_oss_change_params_loc
 	oss_frame_size = snd_pcm_format_physical_width(params_format(params)) *
 			 params_channels(params) / 8;
 
+	err = snd_pcm_oss_period_size(substream, params, sparams);
+	if (err < 0)
+		goto failure;
+
+	n = snd_pcm_plug_slave_size(substream, runtime->oss.period_bytes / oss_frame_size);
+	err = snd_pcm_hw_param_near(substream, sparams, SNDRV_PCM_HW_PARAM_PERIOD_SIZE, n, NULL);
+	if (err < 0)
+		goto failure;
+
+	err = snd_pcm_hw_param_near(substream, sparams, SNDRV_PCM_HW_PARAM_PERIODS,
+				     runtime->oss.periods, NULL);
+	if (err < 0)
+		goto failure;
+
+	snd_pcm_kernel_ioctl(substream, SNDRV_PCM_IOCTL_DROP, NULL);
+
+	err = snd_pcm_kernel_ioctl(substream, SNDRV_PCM_IOCTL_HW_PARAMS, sparams);
+	if (err < 0) {
+		pcm_dbg(substream->pcm, "HW_PARAMS failed: %i\n", err);
+		goto failure;
+	}
+
 #ifdef CONFIG_SND_PCM_OSS_PLUGINS
 	snd_pcm_oss_plugin_clear(substream);
 	if (!direct) {
@@ -984,27 +1006,6 @@ static int snd_pcm_oss_change_params_loc
 	}
 #endif
 
-	err = snd_pcm_oss_period_size(substream, params, sparams);
-	if (err < 0)
-		goto failure;
-
-	n = snd_pcm_plug_slave_size(substream, runtime->oss.period_bytes / oss_frame_size);
-	err = snd_pcm_hw_param_near(substream, sparams, SNDRV_PCM_HW_PARAM_PERIOD_SIZE, n, NULL);
-	if (err < 0)
-		goto failure;
-
-	err = snd_pcm_hw_param_near(substream, sparams, SNDRV_PCM_HW_PARAM_PERIODS,
-				     runtime->oss.periods, NULL);
-	if (err < 0)
-		goto failure;
-
-	snd_pcm_kernel_ioctl(substream, SNDRV_PCM_IOCTL_DROP, NULL);
-
-	if ((err = snd_pcm_kernel_ioctl(substream, SNDRV_PCM_IOCTL_HW_PARAMS, sparams)) < 0) {
-		pcm_dbg(substream->pcm, "HW_PARAMS failed: %i\n", err);
-		goto failure;
-	}
-
 	if (runtime->oss.trigger) {
 		sw_params->start_threshold = 1;
 	} else {



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 107/131] ALSA: pcm: Dont suspend stream in unrecoverable PCM state
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (105 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 106/131] ALSA: pcm: Fix possible OOB access in PCM oss plugins Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 108/131] scsi: sd: Fix a race between closing an sd device and sd I/O Greg Kroah-Hartman
                   ` (28 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai, Jon Hunter

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Takashi Iwai <tiwai@suse.de>

commit 113ce08109f8e3b091399e7cc32486df1cff48e7 upstream.

Currently PCM core sets each opened stream forcibly to SUSPENDED state
via snd_pcm_suspend_all() call, and the user-space is responsible for
re-triggering the resume manually either via snd_pcm_resume() or
prepare call.  The scheme works fine usually, but there are corner
cases where the stream can't be resumed by that call: the streams
still in OPEN state before finishing hw_params.  When they are
suspended, user-space cannot perform resume or prepare because they
haven't been set up yet.  The only possible recovery is to re-open the
device, which isn't nice at all.  Similarly, when a stream is in
DISCONNECTED state, it makes no sense to change it to SUSPENDED
state.  Ditto for in SETUP state; which you can re-prepare directly.

So, this patch addresses these issues by filtering the PCM streams to
be suspended by checking the PCM state.  When a stream is in either
OPEN, SETUP or DISCONNECTED as well as already SUSPENDED, the suspend
action is skipped.

To be noted, this problem was originally reported for the PCM runtime
PM on HD-audio.  And, the runtime PM problem itself was already
addressed (although not intended) by the code refactoring commits
3d21ef0b49f8 ("ALSA: pcm: Suspend streams globally via device type PM
ops") and 17bc4815de58 ("ALSA: pci: Remove superfluous
snd_pcm_suspend*() calls").  These commits eliminated the
snd_pcm_suspend*() calls from the runtime PM suspend callback code
path, hence the racy OPEN state won't appear while runtime PM.
(FWIW, the race window is between snd_pcm_open_substream() and the
first power up in azx_pcm_open().)

Although the runtime PM issue was already "fixed", the same problem is
still present for the system PM, hence this patch is still needed.
And for stable trees, this patch alone should suffice for fixing the
runtime PM problem, too.

Reported-and-tested-by: Jon Hunter <jonathanh@nvidia.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 sound/core/pcm_native.c |    9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

--- a/sound/core/pcm_native.c
+++ b/sound/core/pcm_native.c
@@ -1254,8 +1254,15 @@ static int snd_pcm_pause(struct snd_pcm_
 static int snd_pcm_pre_suspend(struct snd_pcm_substream *substream, int state)
 {
 	struct snd_pcm_runtime *runtime = substream->runtime;
-	if (runtime->status->state == SNDRV_PCM_STATE_SUSPENDED)
+	switch (runtime->status->state) {
+	case SNDRV_PCM_STATE_SUSPENDED:
 		return -EBUSY;
+	/* unresumable PCM state; return -EBUSY for skipping suspend */
+	case SNDRV_PCM_STATE_OPEN:
+	case SNDRV_PCM_STATE_SETUP:
+	case SNDRV_PCM_STATE_DISCONNECTED:
+		return -EBUSY;
+	}
 	runtime->trigger_master = substream;
 	return 0;
 }



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 108/131] scsi: sd: Fix a race between closing an sd device and sd I/O
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (106 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 107/131] ALSA: pcm: Dont suspend stream in unrecoverable PCM state Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:02 ` [PATCH 4.4 109/131] scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host Greg Kroah-Hartman
                   ` (27 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Christoph Hellwig, Ming Lei,
	Hannes Reinecke, Johannes Thumshirn, Jason Yan, Bart Van Assche,
	Martin K. Petersen

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Bart Van Assche <bvanassche@acm.org>

commit c14a57264399efd39514a2329c591a4b954246d8 upstream.

The scsi_end_request() function calls scsi_cmd_to_driver() indirectly and
hence needs the disk->private_data pointer. Avoid that that pointer is
cleared before all affected I/O requests have finished. This patch avoids
that the following crash occurs:

Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
Call trace:
 scsi_mq_uninit_cmd+0x1c/0x30
 scsi_end_request+0x7c/0x1b8
 scsi_io_completion+0x464/0x668
 scsi_finish_command+0xbc/0x160
 scsi_eh_flush_done_q+0x10c/0x170
 sas_scsi_recover_host+0x84c/0xa98 [libsas]
 scsi_error_handler+0x140/0x5b0
 kthread+0x100/0x12c
 ret_from_fork+0x10/0x18

Cc: Christoph Hellwig <hch@lst.de>
Cc: Ming Lei <ming.lei@redhat.com>
Cc: Hannes Reinecke <hare@suse.com>
Cc: Johannes Thumshirn <jthumshirn@suse.de>
Cc: Jason Yan <yanaijie@huawei.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Reported-by: Jason Yan <yanaijie@huawei.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/scsi/sd.c |   19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

--- a/drivers/scsi/sd.c
+++ b/drivers/scsi/sd.c
@@ -1276,11 +1276,6 @@ static void sd_release(struct gendisk *d
 			scsi_set_medium_removal(sdev, SCSI_REMOVAL_ALLOW);
 	}
 
-	/*
-	 * XXX and what if there are packets in flight and this close()
-	 * XXX is followed by a "rmmod sd_mod"?
-	 */
-
 	scsi_disk_put(sdkp);
 }
 
@@ -3227,11 +3222,23 @@ static void scsi_disk_release(struct dev
 {
 	struct scsi_disk *sdkp = to_scsi_disk(dev);
 	struct gendisk *disk = sdkp->disk;
-	
+	struct request_queue *q = disk->queue;
+
 	spin_lock(&sd_index_lock);
 	ida_remove(&sd_index_ida, sdkp->index);
 	spin_unlock(&sd_index_lock);
 
+	/*
+	 * Wait until all requests that are in progress have completed.
+	 * This is necessary to avoid that e.g. scsi_end_request() crashes
+	 * due to clearing the disk->private_data pointer. Wait from inside
+	 * scsi_disk_release() instead of from sd_release() to avoid that
+	 * freezing and unfreezing the request queue affects user space I/O
+	 * in case multiple processes open a /dev/sd... node concurrently.
+	 */
+	blk_mq_freeze_queue(q);
+	blk_mq_unfreeze_queue(q);
+
 	disk->private_data = NULL;
 	put_disk(disk);
 	put_device(&sdkp->device->sdev_gendev);



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 109/131] scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (107 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 108/131] scsi: sd: Fix a race between closing an sd device and sd I/O Greg Kroah-Hartman
@ 2019-04-01 17:02 ` Greg Kroah-Hartman
  2019-04-01 17:03 ` [PATCH 4.4 110/131] scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices Greg Kroah-Hartman
                   ` (26 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Steffen Maier, Jens Remus,
	Benjamin Block, Martin K. Petersen

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Steffen Maier <maier@linux.ibm.com>

commit fe67888fc007a76b81e37da23ce5bd8fb95890b0 upstream.

An already deleted SCSI device can exist on the Scsi_Host and remain there
because something still holds a reference.  A new SCSI device with the same
H:C:T:L and FCP device, target port WWPN, and FCP LUN can be created.  When
we try to unblock an rport, we still find the deleted SCSI device and
return early because the zfcp_scsi_dev of that SCSI device is not
ZFCP_STATUS_COMMON_UNBLOCKED. Hence we miss to unblock the rport, even if
the new proper SCSI device would be in good state.

Therefore, skip deleted SCSI devices when iterating the sdevs of the shost.
[cf. __scsi_device_lookup{_by_target}() or scsi_device_get()]

The following abbreviated trace sequence can indicate such problem:

Area           : REC
Tag            : ersfs_3
LUN            : 0x4045400300000000
WWPN           : 0x50050763031bd327
LUN status     : 0x40000000     not ZFCP_STATUS_COMMON_UNBLOCKED
Ready count    : n		not incremented yet
Running count  : 0x00000000
ERP want       : 0x01
ERP need       : 0xc1		ZFCP_ERP_ACTION_NONE

Area           : REC
Tag            : ersfs_3
LUN            : 0x4045400300000000
WWPN           : 0x50050763031bd327
LUN status     : 0x41000000
Ready count    : n+1
Running count  : 0x00000000
ERP want       : 0x01
ERP need       : 0x01

...

Area           : REC
Level          : 4		only with increased trace level
Tag            : ertru_l
LUN            : 0x4045400300000000
WWPN           : 0x50050763031bd327
LUN status     : 0x40000000
Request ID     : 0x0000000000000000
ERP status     : 0x01800000
ERP step       : 0x1000
ERP action     : 0x01
ERP count      : 0x00

NOT followed by a trace record with tag "scpaddy"
for WWPN 0x50050763031bd327.

Signed-off-by: Steffen Maier <maier@linux.ibm.com>
Fixes: 6f2ce1c6af37 ("scsi: zfcp: fix rport unblock race with LUN recovery")
Cc: <stable@vger.kernel.org> #2.6.32+
Reviewed-by: Jens Remus <jremus@linux.ibm.com>
Reviewed-by: Benjamin Block <bblock@linux.ibm.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/s390/scsi/zfcp_erp.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/drivers/s390/scsi/zfcp_erp.c
+++ b/drivers/s390/scsi/zfcp_erp.c
@@ -1306,6 +1306,9 @@ static void zfcp_erp_try_rport_unblock(s
 		struct zfcp_scsi_dev *zsdev = sdev_to_zfcp(sdev);
 		int lun_status;
 
+		if (sdev->sdev_state == SDEV_DEL ||
+		    sdev->sdev_state == SDEV_CANCEL)
+			continue;
 		if (zsdev->port != port)
 			continue;
 		/* LUN under port of interest */



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 110/131] scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (108 preceding siblings ...)
  2019-04-01 17:02 ` [PATCH 4.4 109/131] scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host Greg Kroah-Hartman
@ 2019-04-01 17:03 ` Greg Kroah-Hartman
  2019-04-01 17:03 ` [PATCH 4.4 111/131] tty: atmel_serial: fix a potential NULL pointer dereference Greg Kroah-Hartman
                   ` (25 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:03 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Steffen Maier, Jens Remus,
	Benjamin Block, Martin K. Petersen

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Steffen Maier <maier@linux.ibm.com>

commit 242ec1455151267fe35a0834aa9038e4c4670884 upstream.

Suppose more than one non-NPIV FCP device is active on the same channel.
Send I/O to storage and have some of the pending I/O run into a SCSI
command timeout, e.g. due to bit errors on the fibre. Now the error
situation stops. However, we saw FCP requests continue to timeout in the
channel. The abort will be successful, but the subsequent TUR fails.
Scsi_eh starts. The LUN reset fails. The target reset fails.  The host
reset only did an FCP device recovery. However, for non-NPIV FCP devices,
this does not close and reopen ports on the SAN-side if other non-NPIV FCP
device(s) share the same open ports.

In order to resolve the continuing FCP request timeouts, we need to
explicitly close and reopen ports on the SAN-side.

This was missing since the beginning of zfcp in v2.6.0 history commit
ea127f975424 ("[PATCH] s390 (7/7): zfcp host adapter.").

Note: The FSF requests for forced port reopen could run into FSF request
timeouts due to other reasons. This would trigger an internal FCP device
recovery. Pending forced port reopen recoveries would get dismissed. So
some ports might not get fully reopened during this host reset handler.
However, subsequent I/O would trigger the above described escalation and
eventually all ports would be forced reopen to resolve any continuing FCP
request timeouts due to earlier bit errors.

Signed-off-by: Steffen Maier <maier@linux.ibm.com>
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: <stable@vger.kernel.org> #3.0+
Reviewed-by: Jens Remus <jremus@linux.ibm.com>
Reviewed-by: Benjamin Block <bblock@linux.ibm.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/s390/scsi/zfcp_erp.c  |   14 ++++++++++++++
 drivers/s390/scsi/zfcp_ext.h  |    2 ++
 drivers/s390/scsi/zfcp_scsi.c |    4 ++++
 3 files changed, 20 insertions(+)

--- a/drivers/s390/scsi/zfcp_erp.c
+++ b/drivers/s390/scsi/zfcp_erp.c
@@ -652,6 +652,20 @@ static void zfcp_erp_strategy_memwait(st
 	add_timer(&erp_action->timer);
 }
 
+void zfcp_erp_port_forced_reopen_all(struct zfcp_adapter *adapter,
+				     int clear, char *dbftag)
+{
+	unsigned long flags;
+	struct zfcp_port *port;
+
+	write_lock_irqsave(&adapter->erp_lock, flags);
+	read_lock(&adapter->port_list_lock);
+	list_for_each_entry(port, &adapter->port_list, list)
+		_zfcp_erp_port_forced_reopen(port, clear, dbftag);
+	read_unlock(&adapter->port_list_lock);
+	write_unlock_irqrestore(&adapter->erp_lock, flags);
+}
+
 static void _zfcp_erp_port_reopen_all(struct zfcp_adapter *adapter,
 				      int clear, char *id)
 {
--- a/drivers/s390/scsi/zfcp_ext.h
+++ b/drivers/s390/scsi/zfcp_ext.h
@@ -68,6 +68,8 @@ extern void zfcp_erp_clear_port_status(s
 extern int  zfcp_erp_port_reopen(struct zfcp_port *, int, char *);
 extern void zfcp_erp_port_shutdown(struct zfcp_port *, int, char *);
 extern void zfcp_erp_port_forced_reopen(struct zfcp_port *, int, char *);
+extern void zfcp_erp_port_forced_reopen_all(struct zfcp_adapter *adapter,
+					    int clear, char *dbftag);
 extern void zfcp_erp_set_lun_status(struct scsi_device *, u32);
 extern void zfcp_erp_clear_lun_status(struct scsi_device *, u32);
 extern void zfcp_erp_lun_reopen(struct scsi_device *, int, char *);
--- a/drivers/s390/scsi/zfcp_scsi.c
+++ b/drivers/s390/scsi/zfcp_scsi.c
@@ -326,6 +326,10 @@ static int zfcp_scsi_eh_host_reset_handl
 	struct zfcp_adapter *adapter = zfcp_sdev->port->adapter;
 	int ret = SUCCESS, fc_ret;
 
+	if (!(adapter->connection_features & FSF_FEATURE_NPIV_MODE)) {
+		zfcp_erp_port_forced_reopen_all(adapter, 0, "schrh_p");
+		zfcp_erp_wait(adapter);
+	}
 	zfcp_erp_adapter_reopen(adapter, 0, "schrh_1");
 	zfcp_erp_wait(adapter);
 	fc_ret = fc_block_scsi_eh(scpnt);



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 111/131] tty: atmel_serial: fix a potential NULL pointer dereference
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (109 preceding siblings ...)
  2019-04-01 17:03 ` [PATCH 4.4 110/131] scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices Greg Kroah-Hartman
@ 2019-04-01 17:03 ` Greg Kroah-Hartman
  2019-04-01 17:03 ` [PATCH 4.4 112/131] staging: vt6655: Remove vif check from vnt_interrupt Greg Kroah-Hartman
                   ` (24 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:03 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Kangjie Lu, Richard Genoud

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Kangjie Lu <kjlu@umn.edu>

commit c85be041065c0be8bc48eda4c45e0319caf1d0e5 upstream.

In case dmaengine_prep_dma_cyclic fails, the fix returns a proper
error code to avoid NULL pointer dereference.

Signed-off-by: Kangjie Lu <kjlu@umn.edu>
Fixes: 34df42f59a60 ("serial: at91: add rx dma support")
Acked-by: Richard Genoud <richard.genoud@gmail.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/tty/serial/atmel_serial.c |    4 ++++
 1 file changed, 4 insertions(+)

--- a/drivers/tty/serial/atmel_serial.c
+++ b/drivers/tty/serial/atmel_serial.c
@@ -1167,6 +1167,10 @@ static int atmel_prepare_rx_dma(struct u
 					 sg_dma_len(&atmel_port->sg_rx)/2,
 					 DMA_DEV_TO_MEM,
 					 DMA_PREP_INTERRUPT);
+	if (!desc) {
+		dev_err(port->dev, "Preparing DMA cyclic failed\n");
+		goto chan_err;
+	}
 	desc->callback = atmel_complete_rx_dma;
 	desc->callback_param = port;
 	atmel_port->desc_rx = desc;



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 112/131] staging: vt6655: Remove vif check from vnt_interrupt
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (110 preceding siblings ...)
  2019-04-01 17:03 ` [PATCH 4.4 111/131] tty: atmel_serial: fix a potential NULL pointer dereference Greg Kroah-Hartman
@ 2019-04-01 17:03 ` Greg Kroah-Hartman
  2019-04-01 17:03 ` [PATCH 4.4 113/131] staging: vt6655: Fix interrupt race condition on device start up Greg Kroah-Hartman
                   ` (23 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:03 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Malcolm Priestley

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Malcolm Priestley <tvboxspy@gmail.com>

commit cc26358f89c3e493b54766b1ca56cfc6b14db78a upstream.

A check for vif is made in vnt_interrupt_work.

There is a small chance of leaving interrupt disabled while vif
is NULL and the work hasn't been scheduled.

Signed-off-by: Malcolm Priestley <tvboxspy@gmail.com>
CC: stable@vger.kernel.org # v4.2+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/staging/vt6655/device_main.c |    3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

--- a/drivers/staging/vt6655/device_main.c
+++ b/drivers/staging/vt6655/device_main.c
@@ -1079,8 +1079,7 @@ static irqreturn_t vnt_interrupt(int irq
 {
 	struct vnt_private *priv = arg;
 
-	if (priv->vif)
-		schedule_work(&priv->interrupt_work);
+	schedule_work(&priv->interrupt_work);
 
 	return IRQ_HANDLED;
 }



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 113/131] staging: vt6655: Fix interrupt race condition on device start up.
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (111 preceding siblings ...)
  2019-04-01 17:03 ` [PATCH 4.4 112/131] staging: vt6655: Remove vif check from vnt_interrupt Greg Kroah-Hartman
@ 2019-04-01 17:03 ` Greg Kroah-Hartman
  2019-04-01 17:03 ` [PATCH 4.4 114/131] serial: max310x: Fix to avoid potential NULL pointer dereference Greg Kroah-Hartman
                   ` (22 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:03 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Malcolm Priestley

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Malcolm Priestley <tvboxspy@gmail.com>

commit 3b9c2f2e0e99bb67c96abcb659b3465efe3bee1f upstream.

It appears on some slower systems that the driver can find its way
out of the workqueue while the interrupt is disabled by continuous polling
by it.

Move MACvIntEnable to vnt_interrupt_work so that it is always enabled
on all routes out of vnt_interrupt_process.

Move MACvIntDisable so that the device doesn't keep polling the system
while the workqueue is being processed.

Signed-off-by: Malcolm Priestley <tvboxspy@gmail.com>
CC: stable@vger.kernel.org # v4.2+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/staging/vt6655/device_main.c |    8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

--- a/drivers/staging/vt6655/device_main.c
+++ b/drivers/staging/vt6655/device_main.c
@@ -972,8 +972,6 @@ static void vnt_interrupt_process(struct
 		return;
 	}
 
-	MACvIntDisable(priv->PortOffset);
-
 	spin_lock_irqsave(&priv->lock, flags);
 
 	/* Read low level stats */
@@ -1062,8 +1060,6 @@ static void vnt_interrupt_process(struct
 	}
 
 	spin_unlock_irqrestore(&priv->lock, flags);
-
-	MACvIntEnable(priv->PortOffset, IMR_MASK_VALUE);
 }
 
 static void vnt_interrupt_work(struct work_struct *work)
@@ -1073,6 +1069,8 @@ static void vnt_interrupt_work(struct wo
 
 	if (priv->vif)
 		vnt_interrupt_process(priv);
+
+	MACvIntEnable(priv->PortOffset, IMR_MASK_VALUE);
 }
 
 static irqreturn_t vnt_interrupt(int irq,  void *arg)
@@ -1081,6 +1079,8 @@ static irqreturn_t vnt_interrupt(int irq
 
 	schedule_work(&priv->interrupt_work);
 
+	MACvIntDisable(priv->PortOffset);
+
 	return IRQ_HANDLED;
 }
 



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 114/131] serial: max310x: Fix to avoid potential NULL pointer dereference
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (112 preceding siblings ...)
  2019-04-01 17:03 ` [PATCH 4.4 113/131] staging: vt6655: Fix interrupt race condition on device start up Greg Kroah-Hartman
@ 2019-04-01 17:03 ` Greg Kroah-Hartman
  2019-04-01 17:03 ` [PATCH 4.4 115/131] serial: sh-sci: Fix setting SCSCR_TIE while transferring data Greg Kroah-Hartman
                   ` (21 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:03 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Aditya Pakki

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Aditya Pakki <pakki001@umn.edu>

commit 3a10e3dd52e80b9a97a3346020024d17b2c272d6 upstream.

of_match_device can return a NULL pointer when matching device is not
found. This patch avoids a scenario causing NULL pointer derefernce.

Signed-off-by: Aditya Pakki <pakki001@umn.edu>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/tty/serial/max310x.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/drivers/tty/serial/max310x.c
+++ b/drivers/tty/serial/max310x.c
@@ -1306,6 +1306,8 @@ static int max310x_spi_probe(struct spi_
 	if (spi->dev.of_node) {
 		const struct of_device_id *of_id =
 			of_match_device(max310x_dt_ids, &spi->dev);
+		if (!of_id)
+			return -ENODEV;
 
 		devtype = (struct max310x_devtype *)of_id->data;
 	} else {



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 115/131] serial: sh-sci: Fix setting SCSCR_TIE while transferring data
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (113 preceding siblings ...)
  2019-04-01 17:03 ` [PATCH 4.4 114/131] serial: max310x: Fix to avoid potential NULL pointer dereference Greg Kroah-Hartman
@ 2019-04-01 17:03 ` Greg Kroah-Hartman
  2019-04-01 17:03 ` [PATCH 4.4 116/131] USB: serial: cp210x: add new device id Greg Kroah-Hartman
                   ` (20 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:03 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Hoan Nguyen An

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Hoan Nguyen An <na-hoan@jinso.co.jp>

commit 93bcefd4c6bad4c69dbc4edcd3fbf774b24d930d upstream.

We disable transmission interrupt (clear SCSCR_TIE) after all data has been transmitted
(if uart_circ_empty(xmit)). While transmitting, if the data is still in the tty buffer,
re-enable the SCSCR_TIE bit, which was done at sci_start_tx().
This is unnecessary processing, wasting CPU operation if the data transmission length is large.
And further, transmit end, FIFO empty bits disabling have also been performed in the step above.

Signed-off-by: Hoan Nguyen An <na-hoan@jinso.co.jp>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/tty/serial/sh-sci.c |   12 +-----------
 1 file changed, 1 insertion(+), 11 deletions(-)

--- a/drivers/tty/serial/sh-sci.c
+++ b/drivers/tty/serial/sh-sci.c
@@ -746,19 +746,9 @@ static void sci_transmit_chars(struct ua
 
 	if (uart_circ_chars_pending(xmit) < WAKEUP_CHARS)
 		uart_write_wakeup(port);
-	if (uart_circ_empty(xmit)) {
+	if (uart_circ_empty(xmit))
 		sci_stop_tx(port);
-	} else {
-		ctrl = serial_port_in(port, SCSCR);
 
-		if (port->type != PORT_SCI) {
-			serial_port_in(port, SCxSR); /* Dummy read */
-			sci_clear_SCxSR(port, SCxSR_TDxE_CLEAR(port));
-		}
-
-		ctrl |= SCSCR_TIE;
-		serial_port_out(port, SCSCR, ctrl);
-	}
 }
 
 /* On SH3, SCIF may read end-of-break as a space->mark char */



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 116/131] USB: serial: cp210x: add new device id
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (114 preceding siblings ...)
  2019-04-01 17:03 ` [PATCH 4.4 115/131] serial: sh-sci: Fix setting SCSCR_TIE while transferring data Greg Kroah-Hartman
@ 2019-04-01 17:03 ` Greg Kroah-Hartman
  2019-04-01 17:03 ` [PATCH 4.4 117/131] USB: serial: ftdi_sio: add additional NovaTech products Greg Kroah-Hartman
                   ` (19 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:03 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Uli, Johan Hovold

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

commit a595ecdd5f60b2d93863cebb07eec7f935839b54 upstream.

Lorenz Messtechnik has a device that is controlled by the cp210x driver,
so add the device id to the driver.  The device id was provided by
Silicon-Labs for the devices from this vendor.

Reported-by: Uli <t9cpu@web.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/usb/serial/cp210x.c |    1 +
 1 file changed, 1 insertion(+)

--- a/drivers/usb/serial/cp210x.c
+++ b/drivers/usb/serial/cp210x.c
@@ -76,6 +76,7 @@ static const struct usb_device_id id_tab
 	{ USB_DEVICE(0x10C4, 0x804E) }, /* Software Bisque Paramount ME build-in converter */
 	{ USB_DEVICE(0x10C4, 0x8053) }, /* Enfora EDG1228 */
 	{ USB_DEVICE(0x10C4, 0x8054) }, /* Enfora GSM2228 */
+	{ USB_DEVICE(0x10C4, 0x8056) }, /* Lorenz Messtechnik devices */
 	{ USB_DEVICE(0x10C4, 0x8066) }, /* Argussoft In-System Programmer */
 	{ USB_DEVICE(0x10C4, 0x806F) }, /* IMS USB to RS422 Converter Cable */
 	{ USB_DEVICE(0x10C4, 0x807A) }, /* Crumb128 board */



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 117/131] USB: serial: ftdi_sio: add additional NovaTech products
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (115 preceding siblings ...)
  2019-04-01 17:03 ` [PATCH 4.4 116/131] USB: serial: cp210x: add new device id Greg Kroah-Hartman
@ 2019-04-01 17:03 ` Greg Kroah-Hartman
  2019-04-01 17:03 ` [PATCH 4.4 118/131] USB: serial: mos7720: fix mos_parport refcount imbalance on error path Greg Kroah-Hartman
                   ` (18 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:03 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, George McCollister, Johan Hovold

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: George McCollister <george.mccollister@gmail.com>

commit 422c2537ba9d42320f8ab6573940269f87095320 upstream.

Add PIDs for the NovaTech OrionLX+ and Orion I/O so they can be
automatically detected.

Signed-off-by: George McCollister <george.mccollister@gmail.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/usb/serial/ftdi_sio.c     |    2 ++
 drivers/usb/serial/ftdi_sio_ids.h |    4 +++-
 2 files changed, 5 insertions(+), 1 deletion(-)

--- a/drivers/usb/serial/ftdi_sio.c
+++ b/drivers/usb/serial/ftdi_sio.c
@@ -604,6 +604,8 @@ static const struct usb_device_id id_tab
 		.driver_info = (kernel_ulong_t)&ftdi_jtag_quirk },
 	{ USB_DEVICE(FTDI_VID, FTDI_NT_ORIONLXM_PID),
 		.driver_info = (kernel_ulong_t)&ftdi_jtag_quirk },
+	{ USB_DEVICE(FTDI_VID, FTDI_NT_ORIONLX_PLUS_PID) },
+	{ USB_DEVICE(FTDI_VID, FTDI_NT_ORION_IO_PID) },
 	{ USB_DEVICE(FTDI_VID, FTDI_SYNAPSE_SS200_PID) },
 	{ USB_DEVICE(FTDI_VID, FTDI_CUSTOMWARE_MINIPLEX_PID) },
 	{ USB_DEVICE(FTDI_VID, FTDI_CUSTOMWARE_MINIPLEX2_PID) },
--- a/drivers/usb/serial/ftdi_sio_ids.h
+++ b/drivers/usb/serial/ftdi_sio_ids.h
@@ -566,7 +566,9 @@
 /*
  * NovaTech product ids (FTDI_VID)
  */
-#define FTDI_NT_ORIONLXM_PID	0x7c90	/* OrionLXm Substation Automation Platform */
+#define FTDI_NT_ORIONLXM_PID		0x7c90	/* OrionLXm Substation Automation Platform */
+#define FTDI_NT_ORIONLX_PLUS_PID	0x7c91	/* OrionLX+ Substation Automation Platform */
+#define FTDI_NT_ORION_IO_PID		0x7c92	/* Orion I/O */
 
 /*
  * Synapse Wireless product ids (FTDI_VID)



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 118/131] USB: serial: mos7720: fix mos_parport refcount imbalance on error path
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (116 preceding siblings ...)
  2019-04-01 17:03 ` [PATCH 4.4 117/131] USB: serial: ftdi_sio: add additional NovaTech products Greg Kroah-Hartman
@ 2019-04-01 17:03 ` Greg Kroah-Hartman
  2019-04-01 17:03 ` [PATCH 4.4 119/131] USB: serial: option: set driver_info for SIM5218 and compatibles Greg Kroah-Hartman
                   ` (17 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:03 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Lin Yi, Johan Hovold

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Lin Yi <teroincn@163.com>

commit 2908b076f5198d231de62713cb2b633a3a4b95ac upstream.

The write_parport_reg_nonblock() helper takes a reference to the struct
mos_parport, but failed to release it in a couple of error paths after
allocation failures, leading to a memory leak.

Johan said that move the kref_get() and mos_parport assignment to the
end of urbtrack initialisation is a better way, so move it. and
mos_parport do not used until urbtrack initialisation.

Signed-off-by: Lin Yi <teroincn@163.com>
Fixes: b69578df7e98 ("USB: usbserial: mos7720: add support for parallel port on moschip 7715")
Cc: stable <stable@vger.kernel.org>     # 2.6.35
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/usb/serial/mos7720.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/drivers/usb/serial/mos7720.c
+++ b/drivers/usb/serial/mos7720.c
@@ -368,8 +368,6 @@ static int write_parport_reg_nonblock(st
 	if (!urbtrack)
 		return -ENOMEM;
 
-	kref_get(&mos_parport->ref_count);
-	urbtrack->mos_parport = mos_parport;
 	urbtrack->urb = usb_alloc_urb(0, GFP_ATOMIC);
 	if (!urbtrack->urb) {
 		kfree(urbtrack);
@@ -390,6 +388,8 @@ static int write_parport_reg_nonblock(st
 			     usb_sndctrlpipe(usbdev, 0),
 			     (unsigned char *)urbtrack->setup,
 			     NULL, 0, async_complete, urbtrack);
+	kref_get(&mos_parport->ref_count);
+	urbtrack->mos_parport = mos_parport;
 	kref_init(&urbtrack->ref_count);
 	INIT_LIST_HEAD(&urbtrack->urblist_entry);
 



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 119/131] USB: serial: option: set driver_info for SIM5218 and compatibles
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (117 preceding siblings ...)
  2019-04-01 17:03 ` [PATCH 4.4 118/131] USB: serial: mos7720: fix mos_parport refcount imbalance on error path Greg Kroah-Hartman
@ 2019-04-01 17:03 ` Greg Kroah-Hartman
  2019-04-01 17:03 ` [PATCH 4.4 120/131] USB: serial: option: add Olicard 600 Greg Kroah-Hartman
                   ` (16 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:03 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mans Rullgard, Johan Hovold

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Mans Rullgard <mans@mansr.com>

commit f8df5c2c3e2df5ffaf9fb5503da93d477a8c7db4 upstream.

The SIMCom SIM5218 and compatible devices have 5 USB interfaces, only 4
of which are serial ports.  The fifth is a network interface supported
by the qmi-wwan driver.  Furthermore, the serial ports do not support
modem control signals.  Add driver_info flags to reflect this.

Signed-off-by: Mans Rullgard <mans@mansr.com>
Fixes: ec0cd94d881c ("usb: option: add SIMCom SIM5218")
Cc: stable <stable@vger.kernel.org>	# 3.2
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/usb/serial/option.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/drivers/usb/serial/option.c
+++ b/drivers/usb/serial/option.c
@@ -1066,7 +1066,8 @@ static const struct usb_device_id option
 	  .driver_info = RSVD(3) },
 	{ USB_DEVICE(QUALCOMM_VENDOR_ID, 0x6613)}, /* Onda H600/ZTE MF330 */
 	{ USB_DEVICE(QUALCOMM_VENDOR_ID, 0x0023)}, /* ONYX 3G device */
-	{ USB_DEVICE(QUALCOMM_VENDOR_ID, 0x9000)}, /* SIMCom SIM5218 */
+	{ USB_DEVICE(QUALCOMM_VENDOR_ID, 0x9000), /* SIMCom SIM5218 */
+	  .driver_info = NCTRL(0) | NCTRL(1) | NCTRL(2) | NCTRL(3) | RSVD(4) },
 	/* Quectel products using Qualcomm vendor ID */
 	{ USB_DEVICE(QUALCOMM_VENDOR_ID, QUECTEL_PRODUCT_UC15)},
 	{ USB_DEVICE(QUALCOMM_VENDOR_ID, QUECTEL_PRODUCT_UC20),



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 120/131] USB: serial: option: add Olicard 600
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (118 preceding siblings ...)
  2019-04-01 17:03 ` [PATCH 4.4 119/131] USB: serial: option: set driver_info for SIM5218 and compatibles Greg Kroah-Hartman
@ 2019-04-01 17:03 ` Greg Kroah-Hartman
  2019-04-01 17:03 ` [PATCH 4.4 121/131] Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc Greg Kroah-Hartman
                   ` (15 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:03 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Bjørn Mork, Johan Hovold

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Bjørn Mork <bjorn@mork.no>

commit 84f3b43f7378b98b7e3096d5499de75183d4347c upstream.

This is a Qualcomm based device with a QMI function on interface 4.
It is mode switched from 2020:2030 using a standard eject message.

T:  Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#=  6 Spd=480  MxCh= 0
D:  Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs=  1
P:  Vendor=2020 ProdID=2031 Rev= 2.32
S:  Manufacturer=Mobile Connect
S:  Product=Mobile Connect
S:  SerialNumber=0123456789ABCDEF
C:* #Ifs= 6 Cfg#= 1 Atr=80 MxPwr=500mA
I:* If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none)
E:  Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E:  Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=(none)
E:  Ad=83(I) Atr=03(Int.) MxPS=  10 Ivl=32ms
E:  Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E:  Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=(none)
E:  Ad=85(I) Atr=03(Int.) MxPS=  10 Ivl=32ms
E:  Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E:  Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=(none)
E:  Ad=87(I) Atr=03(Int.) MxPS=  10 Ivl=32ms
E:  Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E:  Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none)
E:  Ad=89(I) Atr=03(Int.) MxPS=   8 Ivl=32ms
E:  Ad=88(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E:  Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 5 Alt= 0 #EPs= 2 Cls=08(stor.) Sub=06 Prot=50 Driver=(none)
E:  Ad=8a(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E:  Ad=06(O) Atr=02(Bulk) MxPS= 512 Ivl=125us

Cc: stable@vger.kernel.org
Signed-off-by: Bjørn Mork <bjorn@mork.no>
[ johan: use tabs to align comments in adjacent lines ]
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/usb/serial/option.c |   10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

--- a/drivers/usb/serial/option.c
+++ b/drivers/usb/serial/option.c
@@ -1942,10 +1942,12 @@ static const struct usb_device_id option
 	  .driver_info = RSVD(4) },
 	{ USB_DEVICE_INTERFACE_CLASS(0x2001, 0x7e35, 0xff),			/* D-Link DWM-222 */
 	  .driver_info = RSVD(4) },
-	{ USB_DEVICE_AND_INTERFACE_INFO(0x07d1, 0x3e01, 0xff, 0xff, 0xff) }, /* D-Link DWM-152/C1 */
-	{ USB_DEVICE_AND_INTERFACE_INFO(0x07d1, 0x3e02, 0xff, 0xff, 0xff) }, /* D-Link DWM-156/C1 */
-	{ USB_DEVICE_AND_INTERFACE_INFO(0x07d1, 0x7e11, 0xff, 0xff, 0xff) }, /* D-Link DWM-156/A3 */
-	{ USB_DEVICE_INTERFACE_CLASS(0x2020, 0x4000, 0xff) },                /* OLICARD300 - MT6225 */
+	{ USB_DEVICE_AND_INTERFACE_INFO(0x07d1, 0x3e01, 0xff, 0xff, 0xff) },	/* D-Link DWM-152/C1 */
+	{ USB_DEVICE_AND_INTERFACE_INFO(0x07d1, 0x3e02, 0xff, 0xff, 0xff) },	/* D-Link DWM-156/C1 */
+	{ USB_DEVICE_AND_INTERFACE_INFO(0x07d1, 0x7e11, 0xff, 0xff, 0xff) },	/* D-Link DWM-156/A3 */
+	{ USB_DEVICE_INTERFACE_CLASS(0x2020, 0x2031, 0xff),			/* Olicard 600 */
+	  .driver_info = RSVD(4) },
+	{ USB_DEVICE_INTERFACE_CLASS(0x2020, 0x4000, 0xff) },			/* OLICARD300 - MT6225 */
 	{ USB_DEVICE(INOVIA_VENDOR_ID, INOVIA_SEW858) },
 	{ USB_DEVICE(VIATELECOM_VENDOR_ID, VIATELECOM_PRODUCT_CDS7) },
 	{ USB_DEVICE_AND_INTERFACE_INFO(WETELECOM_VENDOR_ID, WETELECOM_PRODUCT_WMD200, 0xff, 0xff, 0xff) },



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 121/131] Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (119 preceding siblings ...)
  2019-04-01 17:03 ` [PATCH 4.4 120/131] USB: serial: option: add Olicard 600 Greg Kroah-Hartman
@ 2019-04-01 17:03 ` Greg Kroah-Hartman
  2019-04-01 17:03 ` [PATCH 4.4 122/131] fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links Greg Kroah-Hartman
                   ` (14 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:03 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Wentao Wang, Daniel Thompson

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Wentao Wang <witallwang@gmail.com>

commit 3ec8002951ea173e24b466df1ea98c56b7920e63 upstream.

Echo "" to /sys/module/kgdboc/parameters/kgdboc will fail with "No such
device” error.

This is caused by function "configure_kgdboc" who init err to ENODEV
when the config is empty (legal input) the code go out with ENODEV
returned.

Fixes: 2dd453168643 ("kgdboc: Fix restrict error")
Signed-off-by: Wentao Wang <witallwang@gmail.com>
Cc: stable <stable@vger.kernel.org>
Acked-by: Daniel Thompson <daniel.thompson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/tty/serial/kgdboc.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

--- a/drivers/tty/serial/kgdboc.c
+++ b/drivers/tty/serial/kgdboc.c
@@ -148,8 +148,10 @@ static int configure_kgdboc(void)
 	char *cptr = config;
 	struct console *cons;
 
-	if (!strlen(config) || isspace(config[0]))
+	if (!strlen(config) || isspace(config[0])) {
+		err = 0;
 		goto noconfig;
+	}
 
 	kgdboc_io_ops.is_console = 0;
 	kgdb_tty_driver = NULL;



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 122/131] fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (120 preceding siblings ...)
  2019-04-01 17:03 ` [PATCH 4.4 121/131] Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc Greg Kroah-Hartman
@ 2019-04-01 17:03 ` Greg Kroah-Hartman
  2019-04-01 17:03 ` [PATCH 4.4 123/131] gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input Greg Kroah-Hartman
                   ` (13 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:03 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, YueHaibing, Hulk Robot,
	Luis Chamberlain, Kees Cook, Alexey Dobriyan, Alexei Starovoitov,
	Daniel Borkmann, Al Viro, Eric W. Biederman, Andrew Morton,
	Linus Torvalds

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: YueHaibing <yuehaibing@huawei.com>

commit 23da9588037ecdd4901db76a5b79a42b529c4ec3 upstream.

Syzkaller reports:

kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN PTI
CPU: 1 PID: 5373 Comm: syz-executor.0 Not tainted 5.0.0-rc8+ #3
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
RIP: 0010:put_links+0x101/0x440 fs/proc/proc_sysctl.c:1599
Code: 00 0f 85 3a 03 00 00 48 8b 43 38 48 89 44 24 20 48 83 c0 38 48 89 c2 48 89 44 24 28 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 fe 02 00 00 48 8b 74 24 20 48 c7 c7 60 2a 9d 91
RSP: 0018:ffff8881d828f238 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffff8881e01b1140 RCX: ffffffff8ee98267
RDX: 0000000000000007 RSI: ffffc90001479000 RDI: ffff8881e01b1178
RBP: dffffc0000000000 R08: ffffed103ee27259 R09: ffffed103ee27259
R10: 0000000000000001 R11: ffffed103ee27258 R12: fffffffffffffff4
R13: 0000000000000006 R14: ffff8881f59838c0 R15: dffffc0000000000
FS:  00007f072254f700(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fff8b286668 CR3: 00000001f0542002 CR4: 00000000007606e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
 drop_sysctl_table+0x152/0x9f0 fs/proc/proc_sysctl.c:1629
 get_subdir fs/proc/proc_sysctl.c:1022 [inline]
 __register_sysctl_table+0xd65/0x1090 fs/proc/proc_sysctl.c:1335
 br_netfilter_init+0xbc/0x1000 [br_netfilter]
 do_one_initcall+0xfa/0x5ca init/main.c:887
 do_init_module+0x204/0x5f6 kernel/module.c:3460
 load_module+0x66b2/0x8570 kernel/module.c:3808
 __do_sys_finit_module+0x238/0x2a0 kernel/module.c:3902
 do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x462e99
Code: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f072254ec58 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
RAX: ffffffffffffffda RBX: 000000000073bf00 RCX: 0000000000462e99
RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003
RBP: 00007f072254ec70 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f072254f6bc
R13: 00000000004bcefa R14: 00000000006f6fb0 R15: 0000000000000004
Modules linked in: br_netfilter(+) dvb_usb_dibusb_mc_common dib3000mc dibx000_common dvb_usb_dibusb_common dvb_usb_dw2102 dvb_usb classmate_laptop palmas_regulator cn videobuf2_v4l2 v4l2_common snd_soc_bd28623 mptbase snd_usb_usx2y snd_usbmidi_lib snd_rawmidi wmi libnvdimm lockd sunrpc grace rc_kworld_pc150u rc_core rtc_da9063 sha1_ssse3 i2c_cros_ec_tunnel adxl34x_spi adxl34x nfnetlink lib80211 i5500_temp dvb_as102 dvb_core videobuf2_common videodev media videobuf2_vmalloc videobuf2_memops udc_core lnbp22 leds_lp3952 hid_roccat_ryos s1d13xxxfb mtd vport_geneve openvswitch nf_conncount nf_nat_ipv6 nsh geneve udp_tunnel ip6_udp_tunnel snd_soc_mt6351 sis_agp phylink snd_soc_adau1761_spi snd_soc_adau1761 snd_soc_adau17x1 snd_soc_core snd_pcm_dmaengine ac97_bus snd_compress snd_soc_adau_utils snd_soc_sigmadsp_regmap snd_soc_sigmadsp raid_class hid_roccat_konepure hid_roccat_common hid_roccat c2port_duramar2150 core mdio_bcm_unimac iptable_security iptable_raw iptable_mangle
 iptable_nat nf_nat_ipv4 nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 iptable_filter bpfilter ip6_vti ip_vti ip_gre ipip sit tunnel4 ip_tunnel hsr veth netdevsim devlink vxcan batman_adv cfg80211 rfkill chnl_net caif nlmon dummy team bonding vcan bridge stp llc ip6_gre gre ip6_tunnel tunnel6 tun crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel joydev mousedev ide_pci_generic piix aesni_intel aes_x86_64 ide_core crypto_simd atkbd cryptd glue_helper serio_raw ata_generic pata_acpi i2c_piix4 floppy sch_fq_codel ip_tables x_tables ipv6 [last unloaded: lm73]
Dumping ftrace buffer:
   (ftrace buffer empty)
---[ end trace 770020de38961fd0 ]---

A new dir entry can be created in get_subdir and its 'header->parent' is
set to NULL.  Only after insert_header success, it will be set to 'dir',
otherwise 'header->parent' is set to NULL and drop_sysctl_table is called.
However in err handling path of get_subdir, drop_sysctl_table also be
called on 'new->header' regardless its value of parent pointer.  Then
put_links is called, which triggers NULL-ptr deref when access member of
header->parent.

In fact we have multiple error paths which call drop_sysctl_table() there,
upon failure on insert_links() we also call drop_sysctl_table().And even
in the successful case on __register_sysctl_table() we still always call
drop_sysctl_table().This patch fix it.

Link: http://lkml.kernel.org/r/20190314085527.13244-1-yuehaibing@huawei.com
Fixes: 0e47c99d7fe25 ("sysctl: Replace root_list with links between sysctl_table_sets")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Reported-by: Hulk Robot <hulkci@huawei.com>
Acked-by: Luis Chamberlain <mcgrof@kernel.org>
Cc: Kees Cook <keescook@chromium.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Alexei Starovoitov <ast@kernel.org>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: <stable@vger.kernel.org>    [3.4+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/proc/proc_sysctl.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/fs/proc/proc_sysctl.c
+++ b/fs/proc/proc_sysctl.c
@@ -1550,7 +1550,8 @@ static void drop_sysctl_table(struct ctl
 	if (--header->nreg)
 		return;
 
-	put_links(header);
+	if (parent)
+		put_links(header);
 	start_unregistering(header);
 	if (!--header->count)
 		kfree_rcu(header, rcu);



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 123/131] gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (121 preceding siblings ...)
  2019-04-01 17:03 ` [PATCH 4.4 122/131] fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links Greg Kroah-Hartman
@ 2019-04-01 17:03 ` Greg Kroah-Hartman
  2019-04-01 17:03 ` [PATCH 4.4 124/131] perf intel-pt: Fix TSC slip Greg Kroah-Hartman
                   ` (12 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:03 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Axel Lin, Thierry Reding,
	Bartosz Golaszewski

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Axel Lin <axel.lin@ingics.com>

commit c5bc6e526d3f217ed2cc3681d256dc4a2af4cc2b upstream.

Current code test wrong value so it does not verify if the written
data is correctly read back. Fix it.
Also make it return -EPERM if read value does not match written bit,
just like it done for adnp_gpio_direction_output().

Fixes: 5e969a401a01 ("gpio: Add Avionic Design N-bit GPIO expander support")
Cc: <stable@vger.kernel.org>
Signed-off-by: Axel Lin <axel.lin@ingics.com>
Reviewed-by: Thierry Reding <thierry.reding@gmail.com>
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpio/gpio-adnp.c |    6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

--- a/drivers/gpio/gpio-adnp.c
+++ b/drivers/gpio/gpio-adnp.c
@@ -137,8 +137,10 @@ static int adnp_gpio_direction_input(str
 	if (err < 0)
 		goto out;
 
-	if (err & BIT(pos))
-		err = -EACCES;
+	if (value & BIT(pos)) {
+		err = -EPERM;
+		goto out;
+	}
 
 	err = 0;
 



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 124/131] perf intel-pt: Fix TSC slip
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (122 preceding siblings ...)
  2019-04-01 17:03 ` [PATCH 4.4 123/131] gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input Greg Kroah-Hartman
@ 2019-04-01 17:03 ` Greg Kroah-Hartman
  2019-04-01 17:03 ` [PATCH 4.4 125/131] x86/smp: Enforce CONFIG_HOTPLUG_CPU when SMP=y Greg Kroah-Hartman
                   ` (11 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:03 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Adrian Hunter, Jiri Olsa,
	Arnaldo Carvalho de Melo

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Adrian Hunter <adrian.hunter@intel.com>

commit f3b4e06b3bda759afd042d3d5fa86bea8f1fe278 upstream.

A TSC packet can slip past MTC packets so that the timestamp appears to
go backwards. One estimate is that can be up to about 40 CPU cycles,
which is certainly less than 0x1000 TSC ticks, but accept slippage an
order of magnitude more to be on the safe side.

Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: stable@vger.kernel.org
Fixes: 79b58424b821c ("perf tools: Add Intel PT support for decoding MTC packets")
Link: http://lkml.kernel.org/r/20190325135135.18348-1-adrian.hunter@intel.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 tools/perf/util/intel-pt-decoder/intel-pt-decoder.c |   20 ++++++++------------
 1 file changed, 8 insertions(+), 12 deletions(-)

--- a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
+++ b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
@@ -238,19 +238,15 @@ struct intel_pt_decoder *intel_pt_decode
 		if (!(decoder->tsc_ctc_ratio_n % decoder->tsc_ctc_ratio_d))
 			decoder->tsc_ctc_mult = decoder->tsc_ctc_ratio_n /
 						decoder->tsc_ctc_ratio_d;
-
-		/*
-		 * Allow for timestamps appearing to backwards because a TSC
-		 * packet has slipped past a MTC packet, so allow 2 MTC ticks
-		 * or ...
-		 */
-		decoder->tsc_slip = multdiv(2 << decoder->mtc_shift,
-					decoder->tsc_ctc_ratio_n,
-					decoder->tsc_ctc_ratio_d);
 	}
-	/* ... or 0x100 paranoia */
-	if (decoder->tsc_slip < 0x100)
-		decoder->tsc_slip = 0x100;
+
+	/*
+	 * A TSC packet can slip past MTC packets so that the timestamp appears
+	 * to go backwards. One estimate is that can be up to about 40 CPU
+	 * cycles, which is certainly less than 0x1000 TSC ticks, but accept
+	 * slippage an order of magnitude more to be on the safe side.
+	 */
+	decoder->tsc_slip = 0x10000;
 
 	intel_pt_log("timestamp: mtc_shift %u\n", decoder->mtc_shift);
 	intel_pt_log("timestamp: tsc_ctc_ratio_n %u\n", decoder->tsc_ctc_ratio_n);



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 125/131] x86/smp: Enforce CONFIG_HOTPLUG_CPU when SMP=y
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (123 preceding siblings ...)
  2019-04-01 17:03 ` [PATCH 4.4 124/131] perf intel-pt: Fix TSC slip Greg Kroah-Hartman
@ 2019-04-01 17:03 ` Greg Kroah-Hartman
  2019-04-01 17:03 ` [PATCH 4.4 126/131] KVM: Reject device ioctls from processes other than the VMs creator Greg Kroah-Hartman
                   ` (10 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:03 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Tianyu Lan, Thomas Gleixner,
	Konrad Wilk, Josh Poimboeuf, Mukesh Ojha, Peter Zijlstra,
	Jiri Kosina, Rik van Riel, Andy Lutomirski, Micheal Kelley,
	K. Y. Srinivasan, Linus Torvalds, Borislav Petkov

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Thomas Gleixner <tglx@linutronix.de>

commit bebd024e4815b1a170fcd21ead9c2222b23ce9e6 upstream.

The SMT disable 'nosmt' command line argument is not working properly when
CONFIG_HOTPLUG_CPU is disabled. The teardown of the sibling CPUs which are
required to be brought up due to the MCE issues, cannot work. The CPUs are
then kept in a half dead state.

As the 'nosmt' functionality has become popular due to the speculative
hardware vulnerabilities, the half torn down state is not a proper solution
to the problem.

Enforce CONFIG_HOTPLUG_CPU=y when SMP is enabled so the full operation is
possible.

Reported-by: Tianyu Lan <Tianyu.Lan@microsoft.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Konrad Wilk <konrad.wilk@oracle.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Mukesh Ojha <mojha@codeaurora.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Jiri Kosina <jkosina@suse.cz>
Cc: Rik van Riel <riel@surriel.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Micheal Kelley <michael.h.kelley@microsoft.com>
Cc: "K. Y. Srinivasan" <kys@microsoft.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: K. Y. Srinivasan <kys@microsoft.com>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/20190326163811.598166056@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/x86/Kconfig |    8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1970,14 +1970,8 @@ config PHYSICAL_ALIGN
 	  Don't change this unless you know what you are doing.
 
 config HOTPLUG_CPU
-	bool "Support for hot-pluggable CPUs"
+	def_bool y
 	depends on SMP
-	---help---
-	  Say Y here to allow turning CPUs off and on. CPUs can be
-	  controlled through /sys/devices/system/cpu.
-	  ( Note: power management support will enable this option
-	    automatically on SMP systems. )
-	  Say N if you want to disable CPU hotplug.
 
 config BOOTPARAM_HOTPLUG_CPU0
 	bool "Set default setting of cpu0_hotpluggable"



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 126/131] KVM: Reject device ioctls from processes other than the VMs creator
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (124 preceding siblings ...)
  2019-04-01 17:03 ` [PATCH 4.4 125/131] x86/smp: Enforce CONFIG_HOTPLUG_CPU when SMP=y Greg Kroah-Hartman
@ 2019-04-01 17:03 ` Greg Kroah-Hartman
  2019-04-01 17:03 ` [PATCH 4.4 127/131] xhci: Fix port resume done detection for SS ports with LPM enabled Greg Kroah-Hartman
                   ` (9 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:03 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Sean Christopherson, Paolo Bonzini

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Sean Christopherson <sean.j.christopherson@intel.com>

commit ddba91801aeb5c160b660caed1800eb3aef403f8 upstream.

KVM's API requires thats ioctls must be issued from the same process
that created the VM.  In other words, userspace can play games with a
VM's file descriptors, e.g. fork(), SCM_RIGHTS, etc..., but only the
creator can do anything useful.  Explicitly reject device ioctls that
are issued by a process other than the VM's creator, and update KVM's
API documentation to extend its requirements to device ioctls.

Fixes: 852b6d57dc7f ("kvm: add device control API")
Cc: <stable@vger.kernel.org>
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 Documentation/virtual/kvm/api.txt |   16 +++++++++++-----
 virt/kvm/kvm_main.c               |    3 +++
 2 files changed, 14 insertions(+), 5 deletions(-)

--- a/Documentation/virtual/kvm/api.txt
+++ b/Documentation/virtual/kvm/api.txt
@@ -13,7 +13,7 @@ of a virtual machine.  The ioctls belong
 
  - VM ioctls: These query and set attributes that affect an entire virtual
    machine, for example memory layout.  In addition a VM ioctl is used to
-   create virtual cpus (vcpus).
+   create virtual cpus (vcpus) and devices.
 
    Only run VM ioctls from the same process (address space) that was used
    to create the VM.
@@ -24,6 +24,11 @@ of a virtual machine.  The ioctls belong
    Only run vcpu ioctls from the same thread that was used to create the
    vcpu.
 
+ - device ioctls: These query and set attributes that control the operation
+   of a single device.
+
+   device ioctls must be issued from the same process (address space) that
+   was used to create the VM.
 
 2. File descriptors
 -------------------
@@ -32,10 +37,11 @@ The kvm API is centered around file desc
 open("/dev/kvm") obtains a handle to the kvm subsystem; this handle
 can be used to issue system ioctls.  A KVM_CREATE_VM ioctl on this
 handle will create a VM file descriptor which can be used to issue VM
-ioctls.  A KVM_CREATE_VCPU ioctl on a VM fd will create a virtual cpu
-and return a file descriptor pointing to it.  Finally, ioctls on a vcpu
-fd can be used to control the vcpu, including the important task of
-actually running guest code.
+ioctls.  A KVM_CREATE_VCPU or KVM_CREATE_DEVICE ioctl on a VM fd will
+create a virtual cpu or device and return a file descriptor pointing to
+the new resource.  Finally, ioctls on a vcpu or device fd can be used
+to control the vcpu or device.  For vcpus, this includes the important
+task of actually running guest code.
 
 In general file descriptors can be migrated among processes by means
 of fork() and the SCM_RIGHTS facility of unix domain socket.  These
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -2611,6 +2611,9 @@ static long kvm_device_ioctl(struct file
 {
 	struct kvm_device *dev = filp->private_data;
 
+	if (dev->kvm->mm != current->mm)
+		return -EIO;
+
 	switch (ioctl) {
 	case KVM_SET_DEVICE_ATTR:
 		return kvm_device_ioctl_attr(dev, dev->ops->set_attr, arg);



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 127/131] xhci: Fix port resume done detection for SS ports with LPM enabled
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (125 preceding siblings ...)
  2019-04-01 17:03 ` [PATCH 4.4 126/131] KVM: Reject device ioctls from processes other than the VMs creator Greg Kroah-Hartman
@ 2019-04-01 17:03 ` Greg Kroah-Hartman
  2019-04-01 17:03 ` [PATCH 4.4 128/131] Revert "USB: core: only clean up what we allocated" Greg Kroah-Hartman
                   ` (8 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:03 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mathias Nyman

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Mathias Nyman <mathias.nyman@linux.intel.com>

commit 6cbcf596934c8e16d6288c7cc62dfb7ad8eadf15 upstream.

A suspended SS port in U3 link state will go to U0 when resumed, but
can almost immediately after that enter U1 or U2 link power save
states before host controller driver reads the port status.

Host controller driver only checks for U0 state, and might miss
the finished resume, leaving flags unclear and skip notifying usb
code of the wake.

Add U1 and U2 to the possible link states when checking for finished
port resume.

Cc: stable <stable@vger.kernel.org>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/usb/host/xhci-ring.c |    9 ++++++---
 drivers/usb/host/xhci.h      |    1 +
 2 files changed, 7 insertions(+), 3 deletions(-)

--- a/drivers/usb/host/xhci-ring.c
+++ b/drivers/usb/host/xhci-ring.c
@@ -1642,10 +1642,13 @@ static void handle_port_status(struct xh
 		}
 	}
 
-	if ((temp & PORT_PLC) && (temp & PORT_PLS_MASK) == XDEV_U0 &&
-			DEV_SUPERSPEED_ANY(temp)) {
+	if ((temp & PORT_PLC) &&
+	    DEV_SUPERSPEED_ANY(temp) &&
+	    ((temp & PORT_PLS_MASK) == XDEV_U0 ||
+	     (temp & PORT_PLS_MASK) == XDEV_U1 ||
+	     (temp & PORT_PLS_MASK) == XDEV_U2)) {
 		xhci_dbg(xhci, "resume SS port %d finished\n", port_id);
-		/* We've just brought the device into U0 through either the
+		/* We've just brought the device into U0/1/2 through either the
 		 * Resume state after a device remote wakeup, or through the
 		 * U3Exit state after a host-initiated resume.  If it's a device
 		 * initiated remote wake, don't pass up the link state change,
--- a/drivers/usb/host/xhci.h
+++ b/drivers/usb/host/xhci.h
@@ -309,6 +309,7 @@ struct xhci_op_regs {
  */
 #define PORT_PLS_MASK	(0xf << 5)
 #define XDEV_U0		(0x0 << 5)
+#define XDEV_U1		(0x1 << 5)
 #define XDEV_U2		(0x2 << 5)
 #define XDEV_U3		(0x3 << 5)
 #define XDEV_INACTIVE	(0x6 << 5)



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 128/131] Revert "USB: core: only clean up what we allocated"
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (126 preceding siblings ...)
  2019-04-01 17:03 ` [PATCH 4.4 127/131] xhci: Fix port resume done detection for SS ports with LPM enabled Greg Kroah-Hartman
@ 2019-04-01 17:03 ` Greg Kroah-Hartman
  2019-04-01 17:03 ` [PATCH 4.4 129/131] arm64: support keyctl() system call in 32-bit mode Greg Kroah-Hartman
                   ` (7 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:03 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Andrey Konovalov, Nathan Chancellor,
	Arnd Bergmann

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

commit cf4df407e0d7cde60a45369c2a3414d18e2d4fdd upstream.

This reverts commit 32fd87b3bbf5f7a045546401dfe2894dbbf4d8c3.

Alan wrote a better fix for this...

Cc: Andrey Konovalov <andreyknvl@google.com>
Cc: stable <stable@vger.kernel.org>
Cc: Nathan Chancellor <natechancellor@gmail.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/usb/core/config.c |    9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

--- a/drivers/usb/core/config.c
+++ b/drivers/usb/core/config.c
@@ -734,21 +734,18 @@ void usb_destroy_configuration(struct us
 		return;
 
 	if (dev->rawdescriptors) {
-		for (i = 0; i < dev->descriptor.bNumConfigurations &&
-				i < USB_MAXCONFIG; i++)
+		for (i = 0; i < dev->descriptor.bNumConfigurations; i++)
 			kfree(dev->rawdescriptors[i]);
 
 		kfree(dev->rawdescriptors);
 		dev->rawdescriptors = NULL;
 	}
 
-	for (c = 0; c < dev->descriptor.bNumConfigurations &&
-			c < USB_MAXCONFIG; c++) {
+	for (c = 0; c < dev->descriptor.bNumConfigurations; c++) {
 		struct usb_host_config *cf = &dev->config[c];
 
 		kfree(cf->string);
-		for (i = 0; i < cf->desc.bNumInterfaces &&
-				i < USB_MAXINTERFACES; i++) {
+		for (i = 0; i < cf->desc.bNumInterfaces; i++) {
 			if (cf->intf_cache[i])
 				kref_put(&cf->intf_cache[i]->ref,
 					  usb_release_interface_cache);



^ permalink raw reply	[flat|nested] 144+ messages in thread

* [PATCH 4.4 129/131] arm64: support keyctl() system call in 32-bit mode
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (127 preceding siblings ...)
  2019-04-01 17:03 ` [PATCH 4.4 128/131] Revert "USB: core: only clean up what we allocated" Greg Kroah-Hartman
@ 2019-04-01 17:03 ` Greg Kroah-Hartman
  2019-04-01 17:03 ` [PATCH 4.4 130/131] coresight: removing bind/unbind options from sysfs Greg Kroah-Hartman
                   ` (6 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:03 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Eric Biggers, Will Deacon, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit 5c2a625937ba49bc691089370638223d310cda9a ]

As is the case for a number of other architectures that have a 32-bit
compat mode, enable KEYS_COMPAT if both COMPAT and KEYS are enabled.
This allows AArch32 programs to use the keyctl() system call when
running on an AArch64 kernel.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm64/Kconfig | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 00c491750918..f18b8c26a959 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -818,6 +818,10 @@ config SYSVIPC_COMPAT
 	def_bool y
 	depends on COMPAT && SYSVIPC
 
+config KEYS_COMPAT
+	def_bool y
+	depends on COMPAT && KEYS
+
 endmenu
 
 menu "Power management options"
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 130/131] coresight: removing bind/unbind options from sysfs
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (128 preceding siblings ...)
  2019-04-01 17:03 ` [PATCH 4.4 129/131] arm64: support keyctl() system call in 32-bit mode Greg Kroah-Hartman
@ 2019-04-01 17:03 ` Greg Kroah-Hartman
  2019-04-01 17:03 ` [PATCH 4.4 131/131] stm class: Hide STM-specific options if STM is disabled Greg Kroah-Hartman
                   ` (5 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:03 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Rabin Vincent, Mathieu Poirier, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit b15f0fb657e040401d875d11ae13b269af8a16e0 ]

The coresight drivers have absolutely no control over bind and unbind
operations triggered from sysfs. The operations simply can't be
cancelled or denied event when one or several tracing sessions are
under way.  Since the memory associated to individual device is
invariably freed, the end result is a kernel crash when the path from
source to sink is travelled again as demonstrated here[1].

One solution could be to keep track of all the path (i.e tracing
session) that get created and iterate through the elements of those path
looking for the coresight device that is being removed.  This proposition
doesn't scale well since there is no upper bound on the amount of
concurrent trace session that can be created.

With the above in mind, this patch prevent devices from being unbounded
from their driver by using the driver->suppress_bind_attr option.  That way
trace sessions can be managed without fearing to loose devices.

Since device can't be removed anymore the xyz_remove() functions found in
each driver is also removed.

[1]. http://www.spinics.net/lists/arm-kernel/msg474952.html

Reported-by: Rabin Vincent <rabin@rab.in>
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/hwtracing/coresight/coresight-etb10.c    | 11 +----------
 drivers/hwtracing/coresight/coresight-etm3x.c    | 13 +------------
 drivers/hwtracing/coresight/coresight-etm4x.c    | 13 +------------
 drivers/hwtracing/coresight/coresight-funnel.c   | 10 +---------
 .../coresight/coresight-replicator-qcom.c        | 11 +----------
 .../hwtracing/coresight/coresight-replicator.c   | 16 +---------------
 drivers/hwtracing/coresight/coresight-tmc.c      | 15 +--------------
 drivers/hwtracing/coresight/coresight-tpiu.c     | 10 +---------
 8 files changed, 8 insertions(+), 91 deletions(-)

diff --git a/drivers/hwtracing/coresight/coresight-etb10.c b/drivers/hwtracing/coresight/coresight-etb10.c
index 77d0f9c1118d..92969dae739d 100644
--- a/drivers/hwtracing/coresight/coresight-etb10.c
+++ b/drivers/hwtracing/coresight/coresight-etb10.c
@@ -489,15 +489,6 @@ static int etb_probe(struct amba_device *adev, const struct amba_id *id)
 	return ret;
 }
 
-static int etb_remove(struct amba_device *adev)
-{
-	struct etb_drvdata *drvdata = amba_get_drvdata(adev);
-
-	misc_deregister(&drvdata->miscdev);
-	coresight_unregister(drvdata->csdev);
-	return 0;
-}
-
 #ifdef CONFIG_PM
 static int etb_runtime_suspend(struct device *dev)
 {
@@ -537,10 +528,10 @@ static struct amba_driver etb_driver = {
 		.name	= "coresight-etb10",
 		.owner	= THIS_MODULE,
 		.pm	= &etb_dev_pm_ops,
+		.suppress_bind_attrs = true,
 
 	},
 	.probe		= etb_probe,
-	.remove		= etb_remove,
 	.id_table	= etb_ids,
 };
 
diff --git a/drivers/hwtracing/coresight/coresight-etm3x.c b/drivers/hwtracing/coresight/coresight-etm3x.c
index d630b7ece735..5981fcc69960 100644
--- a/drivers/hwtracing/coresight/coresight-etm3x.c
+++ b/drivers/hwtracing/coresight/coresight-etm3x.c
@@ -1877,17 +1877,6 @@ static int etm_probe(struct amba_device *adev, const struct amba_id *id)
 	return ret;
 }
 
-static int etm_remove(struct amba_device *adev)
-{
-	struct etm_drvdata *drvdata = amba_get_drvdata(adev);
-
-	coresight_unregister(drvdata->csdev);
-	if (--etm_count == 0)
-		unregister_hotcpu_notifier(&etm_cpu_notifier);
-
-	return 0;
-}
-
 #ifdef CONFIG_PM
 static int etm_runtime_suspend(struct device *dev)
 {
@@ -1948,9 +1937,9 @@ static struct amba_driver etm_driver = {
 		.name	= "coresight-etm3x",
 		.owner	= THIS_MODULE,
 		.pm	= &etm_dev_pm_ops,
+		.suppress_bind_attrs = true,
 	},
 	.probe		= etm_probe,
-	.remove		= etm_remove,
 	.id_table	= etm_ids,
 };
 
diff --git a/drivers/hwtracing/coresight/coresight-etm4x.c b/drivers/hwtracing/coresight/coresight-etm4x.c
index 1ec6798b21e8..0edc10b44004 100644
--- a/drivers/hwtracing/coresight/coresight-etm4x.c
+++ b/drivers/hwtracing/coresight/coresight-etm4x.c
@@ -2684,17 +2684,6 @@ static int etm4_probe(struct amba_device *adev, const struct amba_id *id)
 	return ret;
 }
 
-static int etm4_remove(struct amba_device *adev)
-{
-	struct etmv4_drvdata *drvdata = amba_get_drvdata(adev);
-
-	coresight_unregister(drvdata->csdev);
-	if (--etm4_count == 0)
-		unregister_hotcpu_notifier(&etm4_cpu_notifier);
-
-	return 0;
-}
-
 static struct amba_id etm4_ids[] = {
 	{       /* ETM 4.0 - Qualcomm */
 		.id	= 0x0003b95d,
@@ -2712,9 +2701,9 @@ static struct amba_id etm4_ids[] = {
 static struct amba_driver etm4x_driver = {
 	.drv = {
 		.name   = "coresight-etm4x",
+		.suppress_bind_attrs = true,
 	},
 	.probe		= etm4_probe,
-	.remove		= etm4_remove,
 	.id_table	= etm4_ids,
 };
 
diff --git a/drivers/hwtracing/coresight/coresight-funnel.c b/drivers/hwtracing/coresight/coresight-funnel.c
index 2e36bde7fcb4..25e8ea140a09 100644
--- a/drivers/hwtracing/coresight/coresight-funnel.c
+++ b/drivers/hwtracing/coresight/coresight-funnel.c
@@ -226,14 +226,6 @@ static int funnel_probe(struct amba_device *adev, const struct amba_id *id)
 	return 0;
 }
 
-static int funnel_remove(struct amba_device *adev)
-{
-	struct funnel_drvdata *drvdata = amba_get_drvdata(adev);
-
-	coresight_unregister(drvdata->csdev);
-	return 0;
-}
-
 #ifdef CONFIG_PM
 static int funnel_runtime_suspend(struct device *dev)
 {
@@ -273,9 +265,9 @@ static struct amba_driver funnel_driver = {
 		.name	= "coresight-funnel",
 		.owner	= THIS_MODULE,
 		.pm	= &funnel_dev_pm_ops,
+		.suppress_bind_attrs = true,
 	},
 	.probe		= funnel_probe,
-	.remove		= funnel_remove,
 	.id_table	= funnel_ids,
 };
 
diff --git a/drivers/hwtracing/coresight/coresight-replicator-qcom.c b/drivers/hwtracing/coresight/coresight-replicator-qcom.c
index 584059e9e866..444815179460 100644
--- a/drivers/hwtracing/coresight/coresight-replicator-qcom.c
+++ b/drivers/hwtracing/coresight/coresight-replicator-qcom.c
@@ -156,15 +156,6 @@ static int replicator_probe(struct amba_device *adev, const struct amba_id *id)
 	return 0;
 }
 
-static int replicator_remove(struct amba_device *adev)
-{
-	struct replicator_state *drvdata = amba_get_drvdata(adev);
-
-	pm_runtime_disable(&adev->dev);
-	coresight_unregister(drvdata->csdev);
-	return 0;
-}
-
 #ifdef CONFIG_PM
 static int replicator_runtime_suspend(struct device *dev)
 {
@@ -206,9 +197,9 @@ static struct amba_driver replicator_driver = {
 	.drv = {
 		.name	= "coresight-replicator-qcom",
 		.pm	= &replicator_dev_pm_ops,
+		.suppress_bind_attrs = true,
 	},
 	.probe		= replicator_probe,
-	.remove		= replicator_remove,
 	.id_table	= replicator_ids,
 };
 
diff --git a/drivers/hwtracing/coresight/coresight-replicator.c b/drivers/hwtracing/coresight/coresight-replicator.c
index 963ac197c253..b77d700a3f0e 100644
--- a/drivers/hwtracing/coresight/coresight-replicator.c
+++ b/drivers/hwtracing/coresight/coresight-replicator.c
@@ -127,20 +127,6 @@ static int replicator_probe(struct platform_device *pdev)
 	return ret;
 }
 
-static int replicator_remove(struct platform_device *pdev)
-{
-	struct replicator_drvdata *drvdata = platform_get_drvdata(pdev);
-
-	coresight_unregister(drvdata->csdev);
-	pm_runtime_get_sync(&pdev->dev);
-	if (!IS_ERR(drvdata->atclk))
-		clk_disable_unprepare(drvdata->atclk);
-	pm_runtime_put_noidle(&pdev->dev);
-	pm_runtime_disable(&pdev->dev);
-
-	return 0;
-}
-
 #ifdef CONFIG_PM
 static int replicator_runtime_suspend(struct device *dev)
 {
@@ -175,11 +161,11 @@ static const struct of_device_id replicator_match[] = {
 
 static struct platform_driver replicator_driver = {
 	.probe          = replicator_probe,
-	.remove         = replicator_remove,
 	.driver         = {
 		.name   = "coresight-replicator",
 		.of_match_table = replicator_match,
 		.pm	= &replicator_dev_pm_ops,
+		.suppress_bind_attrs = true,
 	},
 };
 
diff --git a/drivers/hwtracing/coresight/coresight-tmc.c b/drivers/hwtracing/coresight/coresight-tmc.c
index 62f9d7372e3a..c4fa70ed14ce 100644
--- a/drivers/hwtracing/coresight/coresight-tmc.c
+++ b/drivers/hwtracing/coresight/coresight-tmc.c
@@ -770,19 +770,6 @@ static int tmc_probe(struct amba_device *adev, const struct amba_id *id)
 	return ret;
 }
 
-static int tmc_remove(struct amba_device *adev)
-{
-	struct tmc_drvdata *drvdata = amba_get_drvdata(adev);
-
-	misc_deregister(&drvdata->miscdev);
-	coresight_unregister(drvdata->csdev);
-	if (drvdata->config_type == TMC_CONFIG_TYPE_ETR)
-		dma_free_coherent(drvdata->dev, drvdata->size,
-				  &drvdata->paddr, GFP_KERNEL);
-
-	return 0;
-}
-
 static struct amba_id tmc_ids[] = {
 	{
 		.id     = 0x0003b961,
@@ -795,9 +782,9 @@ static struct amba_driver tmc_driver = {
 	.drv = {
 		.name   = "coresight-tmc",
 		.owner  = THIS_MODULE,
+		.suppress_bind_attrs = true,
 	},
 	.probe		= tmc_probe,
-	.remove		= tmc_remove,
 	.id_table	= tmc_ids,
 };
 
diff --git a/drivers/hwtracing/coresight/coresight-tpiu.c b/drivers/hwtracing/coresight/coresight-tpiu.c
index fe3a2b19a5db..105c192eb2c1 100644
--- a/drivers/hwtracing/coresight/coresight-tpiu.c
+++ b/drivers/hwtracing/coresight/coresight-tpiu.c
@@ -180,14 +180,6 @@ static int tpiu_probe(struct amba_device *adev, const struct amba_id *id)
 	return 0;
 }
 
-static int tpiu_remove(struct amba_device *adev)
-{
-	struct tpiu_drvdata *drvdata = amba_get_drvdata(adev);
-
-	coresight_unregister(drvdata->csdev);
-	return 0;
-}
-
 #ifdef CONFIG_PM
 static int tpiu_runtime_suspend(struct device *dev)
 {
@@ -231,9 +223,9 @@ static struct amba_driver tpiu_driver = {
 		.name	= "coresight-tpiu",
 		.owner	= THIS_MODULE,
 		.pm	= &tpiu_dev_pm_ops,
+		.suppress_bind_attrs = true,
 	},
 	.probe		= tpiu_probe,
-	.remove		= tpiu_remove,
 	.id_table	= tpiu_ids,
 };
 
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* [PATCH 4.4 131/131] stm class: Hide STM-specific options if STM is disabled
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (129 preceding siblings ...)
  2019-04-01 17:03 ` [PATCH 4.4 130/131] coresight: removing bind/unbind options from sysfs Greg Kroah-Hartman
@ 2019-04-01 17:03 ` Greg Kroah-Hartman
  2019-04-01 22:43 ` [PATCH 4.4 000/131] 4.4.178-stable review kernelci.org bot
                   ` (4 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-01 17:03 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Linus Torvalds, Geert Uytterhoeven,
	Alexander Shishkin, Sasha Levin

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit 4a2e2b19f96acfc037a9773c7729d133ce1e7e3b ]

If STM=n, it doesn't make sense to ask about STM_DUMMY and
STM_SOURCE_CONSOLE support, which are not even built when enabled
anyway. Hence hide these options if STM=n.

Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/hwtracing/stm/Kconfig | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/hwtracing/stm/Kconfig b/drivers/hwtracing/stm/Kconfig
index e7a348807f0c..e0ac75395526 100644
--- a/drivers/hwtracing/stm/Kconfig
+++ b/drivers/hwtracing/stm/Kconfig
@@ -9,6 +9,8 @@ config STM
 
 	  Say Y here to enable System Trace Module device support.
 
+if STM
+
 config STM_DUMMY
 	tristate "Dummy STM driver"
 	help
@@ -25,3 +27,5 @@ config STM_SOURCE_CONSOLE
 
 	  If you want to send kernel console messages over STM devices,
 	  say Y.
+
+endif
-- 
2.19.1




^ permalink raw reply related	[flat|nested] 144+ messages in thread

* Re: [PATCH 4.4 034/131] lib/int_sqrt: optimize small argument
  2019-04-01 17:01 ` [PATCH 4.4 034/131] lib/int_sqrt: optimize small argument Greg Kroah-Hartman
@ 2019-04-01 17:42   ` Joe Perches
  2019-04-02  6:59     ` Greg Kroah-Hartman
  0 siblings, 1 reply; 144+ messages in thread
From: Joe Perches @ 2019-04-01 17:42 UTC (permalink / raw)
  To: Greg Kroah-Hartman, linux-kernel
  Cc: stable, Peter Zijlstra (Intel),
	Anshul Garg, Linus Torvalds, Davidlohr Bueso, Thomas Gleixner,
	Ingo Molnar, Will Deacon, David Miller, Matthew Wilcox,
	Kees Cook, Michael Davidson, Andrew Morton, Arnd Bergmann

On Mon, 2019-04-01 at 19:01 +0200, Greg Kroah-Hartman wrote:
> 4.4-stable review patch.  If anyone has any objections, please let me know.

If this is to be ported just for an optimization
(which I think is dubious as it's not a bug fix),
why not port the __fls optimization too?

__fls has a bigger effect on performance.

------------------
> 
> From: Peter Zijlstra <peterz@infradead.org>
> 
> commit 3f3295709edea6268ff1609855f498035286af73 upstream.
> 
> The current int_sqrt() computation is sub-optimal for the case of small
> @x.  Which is the interesting case when we're going to do cumulative
> distribution functions on idle times, which we assume to be a random
> variable, where the target residency of the deepest idle state gives an
> upper bound on the variable (5e6ns on recent Intel chips).
> 
> In the case of small @x, the compute loop:
> 
> 	while (m != 0) {
> 		b = y + m;
> 		y >>= 1;
> 
> 		if (x >= b) {
> 			x -= b;
> 			y += m;
> 		}
> 		m >>= 2;
> 	}
> 
> can be reduced to:
> 
> 	while (m > x)
> 		m >>= 2;
> 
> Because y==0, b==m and until x>=m y will remain 0.
> 
> And while this is computationally equivalent, it runs much faster
> because there's less code, in particular less branches.
> 
>       cycles:                 branches:              branch-misses:
> 
> OLD:
> 
> hot:   45.109444 +- 0.044117  44.333392 +- 0.002254  0.018723 +- 0.000593
> cold: 187.737379 +- 0.156678  44.333407 +- 0.002254  6.272844 +- 0.004305
> 
> PRE:
> 
> hot:   67.937492 +- 0.064124  66.999535 +- 0.000488  0.066720 +- 0.001113
> cold: 232.004379 +- 0.332811  66.999527 +- 0.000488  6.914634 +- 0.006568
> 
> POST:
> 
> hot:   43.633557 +- 0.034373  45.333132 +- 0.002277  0.023529 +- 0.000681
> cold: 207.438411 +- 0.125840  45.333132 +- 0.002277  6.976486 +- 0.004219
> 
> Averages computed over all values <128k using a LFSR to generate order.
> Cold numbers have a LFSR based branch trace buffer 'confuser' ran between
> each int_sqrt() invocation.
> 
> Link: http://lkml.kernel.org/r/20171020164644.876503355@infradead.org
> Fixes: 30493cc9dddb ("lib/int_sqrt.c: optimize square root algorithm")
> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
> Suggested-by: Anshul Garg <aksgarg1989@gmail.com>
> Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
> Cc: Davidlohr Bueso <dave@stgolabs.net>
> Cc: Thomas Gleixner <tglx@linutronix.de>
> Cc: Ingo Molnar <mingo@kernel.org>
> Cc: Will Deacon <will.deacon@arm.com>
> Cc: Joe Perches <joe@perches.com>
> Cc: David Miller <davem@davemloft.net>
> Cc: Matthew Wilcox <mawilcox@microsoft.com>
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Michael Davidson <md@google.com>
> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> 
> ---
>  lib/int_sqrt.c |    3 +++
>  1 file changed, 3 insertions(+)
> 
> --- a/lib/int_sqrt.c
> +++ b/lib/int_sqrt.c
> @@ -22,6 +22,9 @@ unsigned long int_sqrt(unsigned long x)
>  		return x;
>  
>  	m = 1UL << (BITS_PER_LONG - 2);
> +	while (m > x)
> +		m >>= 2;
> +
>  	while (m != 0) {
>  		b = y + m;
>  		y >>= 1;
> 
> 


^ permalink raw reply	[flat|nested] 144+ messages in thread

* Re: [PATCH 4.4 078/131] PM / Hibernate: Call flush_icache_range() on pages restored in-place
  2019-04-01 17:02 ` [PATCH 4.4 078/131] PM / Hibernate: Call flush_icache_range() on pages restored in-place Greg Kroah-Hartman
@ 2019-04-01 20:39   ` Pavel Machek
  2019-04-03 11:00     ` Catalin Marinas
  0 siblings, 1 reply; 144+ messages in thread
From: Pavel Machek @ 2019-04-01 20:39 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: linux-kernel, stable, James Morse, Rafael J. Wysocki,
	Catalin Marinas, Will Deacon, Sasha Levin

[-- Attachment #1: Type: text/plain, Size: 3311 bytes --]

On Mon 2019-04-01 19:02:28, Greg Kroah-Hartman wrote:
> 4.4-stable review patch.  If anyone has any objections, please let me know.
> 
> ------------------
> 
> [ Upstream commit f6cf0545ec697ddc278b7457b7d0c0d86a2ea88e ]
> 
> Some architectures require code written to memory as if it were data to be
> 'cleaned' from any data caches before the processor can fetch them as new
> instructions.
> 
> During resume from hibernate, the snapshot code copies some pages directly,
> meaning these architectures do not get a chance to perform their cache
> maintenance. Modify the read and decompress code to call
> flush_icache_range() on all pages that are restored, so that the restored
> in-place pages are guaranteed to be executable on these architectures.
> 
> Signed-off-by: James Morse <james.morse@arm.com>
> Acked-by: Pavel Machek <pavel@ucw.cz>
> Acked-by: Rafael J. Wysocki <rjw@rjwysocki.net>
> Acked-by: Catalin Marinas <catalin.marinas@arm.com>
> [will: make clean_pages_on_* static and remove initialisers]
> Signed-off-by: Will Deacon <will.deacon@arm.com>
> Signed-off-by: Sasha Levin <sashal@kernel.org>

I don't think this is suitable for stable.

Catalin: Are there platforms that a) need this and b) support
hibernation in 4.4.X?

Thanks
								Pavel

> @@ -36,6 +36,14 @@
>  
>  #define HIBERNATE_SIG	"S1SUSPEND"
>  
> +/*
> + * When reading an {un,}compressed image, we may restore pages in place,
> + * in which case some architectures need these pages cleaning before they
> + * can be executed. We don't know which pages these may be, so clean the lot.
> + */
> +static bool clean_pages_on_read;
> +static bool clean_pages_on_decompress;
> +
>  /*
>   *	The swap map is a data structure used for keeping track of each page
>   *	written to a swap partition.  It consists of many swap_map_page
> @@ -241,6 +249,9 @@ static void hib_end_io(struct bio *bio)
>  
>  	if (bio_data_dir(bio) == WRITE)
>  		put_page(page);
> +	else if (clean_pages_on_read)
> +		flush_icache_range((unsigned long)page_address(page),
> +				   (unsigned long)page_address(page) + PAGE_SIZE);
>  
>  	if (bio->bi_error && !hb->error)
>  		hb->error = bio->bi_error;
> @@ -1049,6 +1060,7 @@ static int load_image(struct swap_map_handle *handle,
>  
>  	hib_init_batch(&hb);
>  
> +	clean_pages_on_read = true;
>  	printk(KERN_INFO "PM: Loading image data pages (%u pages)...\n",
>  		nr_to_read);
>  	m = nr_to_read / 10;
> @@ -1124,6 +1136,10 @@ static int lzo_decompress_threadfn(void *data)
>  		d->unc_len = LZO_UNC_SIZE;
>  		d->ret = lzo1x_decompress_safe(d->cmp + LZO_HEADER, d->cmp_len,
>  		                               d->unc, &d->unc_len);
> +		if (clean_pages_on_decompress)
> +			flush_icache_range((unsigned long)d->unc,
> +					   (unsigned long)d->unc + d->unc_len);
> +
>  		atomic_set(&d->stop, 1);
>  		wake_up(&d->done);
>  	}
> @@ -1189,6 +1205,8 @@ static int load_image_lzo(struct swap_map_handle *handle,
>  	}
>  	memset(crc, 0, offsetof(struct crc_data, go));
>  
> +	clean_pages_on_decompress = true;
> +
>  	/*
>  	 * Start the decompression threads.
>  	 */

-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

^ permalink raw reply	[flat|nested] 144+ messages in thread

* Re: [PATCH 4.4 000/131] 4.4.178-stable review
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (130 preceding siblings ...)
  2019-04-01 17:03 ` [PATCH 4.4 131/131] stm class: Hide STM-specific options if STM is disabled Greg Kroah-Hartman
@ 2019-04-01 22:43 ` kernelci.org bot
  2019-04-02  2:57 ` Naresh Kamboju
                   ` (3 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: kernelci.org bot @ 2019-04-01 22:43 UTC (permalink / raw)
  To: Greg Kroah-Hartman, linux-kernel
  Cc: Greg Kroah-Hartman, torvalds, akpm, linux, shuah, patches,
	ben.hutchings, lkft-triage, stable

stable-rc/linux-4.4.y boot: 92 boots: 2 failed, 74 passed with 16 offline (v4.4.177-132-gd83f26e3dc56)

Full Boot Summary: https://kernelci.org/boot/all/job/stable-rc/branch/linux-4.4.y/kernel/v4.4.177-132-gd83f26e3dc56/
Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-4.4.y/kernel/v4.4.177-132-gd83f26e3dc56/

Tree: stable-rc
Branch: linux-4.4.y
Git Describe: v4.4.177-132-gd83f26e3dc56
Git Commit: d83f26e3dc56e1998cf85b7d35bf5c5819f03215
Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
Tested: 44 unique boards, 21 SoC families, 14 builds out of 190

Boot Failures Detected:

arm:

    multi_v7_defconfig:
        gcc-7:
            stih410-b2120: 1 failed lab

arm64:

    defconfig:
        gcc-7:
            qcom-qdf2400: 1 failed lab

Offline Platforms:

arm:

    bcm2835_defconfig:
        gcc-7
            bcm2835-rpi-b: 1 offline lab

    multi_v7_defconfig:
        gcc-7
            alpine-db: 1 offline lab
            at91-sama5d4_xplained: 1 offline lab
            qcom-apq8064-cm-qs600: 1 offline lab
            qcom-apq8064-ifc6410: 1 offline lab
            socfpga_cyclone5_de0_sockit: 1 offline lab
            sun5i-r8-chip: 1 offline lab
            tegra124-jetson-tk1: 1 offline lab
            tegra20-iris-512: 1 offline lab

    tegra_defconfig:
        gcc-7
            tegra124-jetson-tk1: 1 offline lab
            tegra20-iris-512: 1 offline lab

    sunxi_defconfig:
        gcc-7
            sun5i-r8-chip: 1 offline lab

    sama5_defconfig:
        gcc-7
            at91-sama5d4_xplained: 1 offline lab

    qcom_defconfig:
        gcc-7
            qcom-apq8064-cm-qs600: 1 offline lab
            qcom-apq8064-ifc6410: 1 offline lab

arm64:

    defconfig:
        gcc-7
            apq8016-sbc: 1 offline lab

---
For more info write to <info@kernelci.org>

^ permalink raw reply	[flat|nested] 144+ messages in thread

* Re: [PATCH 4.4 000/131] 4.4.178-stable review
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (131 preceding siblings ...)
  2019-04-01 22:43 ` [PATCH 4.4 000/131] 4.4.178-stable review kernelci.org bot
@ 2019-04-02  2:57 ` Naresh Kamboju
  2019-04-02  9:02 ` Jon Hunter
                   ` (2 subsequent siblings)
  135 siblings, 0 replies; 144+ messages in thread
From: Naresh Kamboju @ 2019-04-02  2:57 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: open list, Linus Torvalds, Andrew Morton, Guenter Roeck,
	Shuah Khan, patches, Ben Hutchings, lkft-triage, linux- stable

On Mon, 1 Apr 2019 at 22:59, Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> This is the start of the stable review cycle for the 4.4.178 release.
> There are 131 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed Apr  3 16:59:39 UTC 2019.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
>         https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.178-rc1.gz
> or in the git tree and branch at:
>         git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>

Results from Linaro’s test farm.
No regressions on arm64, arm, x86_64, and i386.

Summary
------------------------------------------------------------------------

kernel: 4.4.178-rc1
git repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
git branch: linux-4.4.y
git commit: d83f26e3dc56e1998cf85b7d35bf5c5819f03215
git describe: v4.4.177-132-gd83f26e3dc56
Test details: https://qa-reports.linaro.org/lkft/linux-stable-rc-4.4-oe/build/v4.4.177-132-gd83f26e3dc56

No regressions (compared to build v4.4.177)

No fixes (compared to build v4.4.177)

Ran 17065 total tests in the following environments and test suites.

Environments
--------------
- i386
- juno-r2 - arm64
- qemu_arm
- qemu_i386
- qemu_x86_64
- x15 - arm
- x86_64

Test Suites
-----------
* boot
* kselftest
* libhugetlbfs
* ltp-cap_bounds-tests
* ltp-commands-tests
* ltp-containers-tests
* ltp-cpuhotplug-tests
* ltp-cve-tests
* ltp-dio-tests
* ltp-fcntl-locktests-tests
* ltp-filecaps-tests
* ltp-fs-tests
* ltp-fs_bind-tests
* ltp-fs_perms_simple-tests
* ltp-fsx-tests
* ltp-hugetlb-tests
* ltp-io-tests
* ltp-ipc-tests
* ltp-math-tests
* ltp-mm-tests
* ltp-nptl-tests
* ltp-open-posix-tests
* ltp-pty-tests
* ltp-sched-tests
* ltp-securebits-tests
* ltp-timers-tests
* perf
* spectre-meltdown-checker-test
* v4l2-compliance
* ltp-syscalls-tests
* install-android-platform-tools-r2600
* kselftest-vsyscall-mode-native
* kselftest-vsyscall-mode-none

Summary
------------------------------------------------------------------------

kernel: 4.4.178-rc1
git repo: https://git.linaro.org/lkft/arm64-stable-rc.git
git branch: 4.4.178-rc1-hikey-20190401-414
git commit: 2d75babf7185cfb2ecd3c49eb62339fbf6e01ae1
git describe: 4.4.178-rc1-hikey-20190401-414
Test details: https://qa-reports.linaro.org/lkft/linaro-hikey-stable-rc-4.4-oe/build/4.4.178-rc1-hikey-20190401-414

No regressions (compared to build 4.4.178-rc1-hikey-20190401-413)

No fixes (compared to build 4.4.178-rc1-hikey-20190401-413)

Ran 3008 total tests in the following environments and test suites.

Environments
--------------
- hi6220-hikey - arm64
- qemu_arm64

Test Suites
-----------
* boot
* install-android-platform-tools-r2600
* kselftest
* libhugetlbfs
* ltp-cap_bounds-tests
* ltp-commands-tests
* ltp-containers-tests
* ltp-cpuhotplug-tests
* ltp-cve-tests
* ltp-dio-tests
* ltp-fcntl-locktests-tests
* ltp-filecaps-tests
* ltp-fs-tests
* ltp-fs_bind-tests
* ltp-fs_perms_simple-tests
* ltp-fsx-tests
* ltp-hugetlb-tests
* ltp-io-tests
* ltp-ipc-tests
* ltp-math-tests
* ltp-mm-tests
* ltp-nptl-tests
* ltp-pty-tests
* ltp-sched-tests
* ltp-securebits-tests
* ltp-syscalls-tests
* ltp-timers-tests
* perf
* spectre-meltdown-checker-test
* v4l2-compliance

-- 
Linaro LKFT
https://lkft.linaro.org

^ permalink raw reply	[flat|nested] 144+ messages in thread

* Re: [PATCH 4.4 034/131] lib/int_sqrt: optimize small argument
  2019-04-01 17:42   ` Joe Perches
@ 2019-04-02  6:59     ` Greg Kroah-Hartman
  2019-04-02  9:00       ` Joe Perches
  0 siblings, 1 reply; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-02  6:59 UTC (permalink / raw)
  To: Joe Perches
  Cc: linux-kernel, stable, Peter Zijlstra (Intel),
	Anshul Garg, Linus Torvalds, Davidlohr Bueso, Thomas Gleixner,
	Ingo Molnar, Will Deacon, David Miller, Matthew Wilcox,
	Kees Cook, Michael Davidson, Andrew Morton, Arnd Bergmann

On Mon, Apr 01, 2019 at 10:42:52AM -0700, Joe Perches wrote:
> On Mon, 2019-04-01 at 19:01 +0200, Greg Kroah-Hartman wrote:
> > 4.4-stable review patch.  If anyone has any objections, please let me know.
> 
> If this is to be ported just for an optimization
> (which I think is dubious as it's not a bug fix),

Yes, it was requested to be backported because of that.

> why not port the __fls optimization too?
> 
> __fls has a bigger effect on performance.

What commit are you referring to?

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 144+ messages in thread

* Re: [PATCH 4.4 034/131] lib/int_sqrt: optimize small argument
  2019-04-02  6:59     ` Greg Kroah-Hartman
@ 2019-04-02  9:00       ` Joe Perches
  2019-04-02 11:10         ` Greg Kroah-Hartman
  0 siblings, 1 reply; 144+ messages in thread
From: Joe Perches @ 2019-04-02  9:00 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: linux-kernel, stable, Peter Zijlstra (Intel),
	Anshul Garg, Linus Torvalds, Davidlohr Bueso, Thomas Gleixner,
	Ingo Molnar, Will Deacon, David Miller, Matthew Wilcox,
	Kees Cook, Michael Davidson, Andrew Morton, Arnd Bergmann

On Tue, 2019-04-02 at 08:59 +0200, Greg Kroah-Hartman wrote:
> On Mon, Apr 01, 2019 at 10:42:52AM -0700, Joe Perches wrote:
> > On Mon, 2019-04-01 at 19:01 +0200, Greg Kroah-Hartman wrote:
> > > 4.4-stable review patch.  If anyone has any objections, please let me know.
> > 
> > If this is to be ported just for an optimization
> > (which I think is dubious as it's not a bug fix),
> 
> Yes, it was requested to be backported because of that.
> 
> > why not port the __fls optimization too?
> > 
> > __fls has a bigger effect on performance.
> 
> What commit are you referring to?

f8ae107eef209bff29a5816bc1aad40d5cd69a80

> thanks,
> 
> greg k-h


^ permalink raw reply	[flat|nested] 144+ messages in thread

* Re: [PATCH 4.4 000/131] 4.4.178-stable review
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (132 preceding siblings ...)
  2019-04-02  2:57 ` Naresh Kamboju
@ 2019-04-02  9:02 ` Jon Hunter
  2019-04-02 19:04 ` Guenter Roeck
  2019-04-02 23:56 ` shuah
  135 siblings, 0 replies; 144+ messages in thread
From: Jon Hunter @ 2019-04-02  9:02 UTC (permalink / raw)
  To: Greg Kroah-Hartman, linux-kernel
  Cc: torvalds, akpm, linux, shuah, patches, ben.hutchings,
	lkft-triage, stable, linux-tegra


On 01/04/2019 18:01, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.4.178 release.
> There are 131 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Wed Apr  3 16:59:39 UTC 2019.
> Anything received after that time might be too late.
> 
> The whole patch series can be found in one patch at:
> 	https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.178-rc1.gz
> or in the git tree and branch at:
> 	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y
> and the diffstat can be found below.
> 
> thanks,
> 
> greg k-h

All tests are passing for Tegra ...

Test results for stable-v4.4:
    6 builds:	6 pass, 0 fail
    12 boots:	12 pass, 0 fail
    17 tests:	17 pass, 0 fail

Linux version:	4.4.178-rc1-g3156397
Boards tested:	tegra124-jetson-tk1, tegra20-ventana,
                tegra30-cardhu-a04

Cheers
Jon

-- 
nvpublic

^ permalink raw reply	[flat|nested] 144+ messages in thread

* Re: [PATCH 4.4 034/131] lib/int_sqrt: optimize small argument
  2019-04-02  9:00       ` Joe Perches
@ 2019-04-02 11:10         ` Greg Kroah-Hartman
  0 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-02 11:10 UTC (permalink / raw)
  To: Joe Perches
  Cc: linux-kernel, stable, Peter Zijlstra (Intel),
	Anshul Garg, Linus Torvalds, Davidlohr Bueso, Thomas Gleixner,
	Ingo Molnar, Will Deacon, David Miller, Matthew Wilcox,
	Kees Cook, Michael Davidson, Andrew Morton, Arnd Bergmann

On Tue, Apr 02, 2019 at 02:00:06AM -0700, Joe Perches wrote:
> On Tue, 2019-04-02 at 08:59 +0200, Greg Kroah-Hartman wrote:
> > On Mon, Apr 01, 2019 at 10:42:52AM -0700, Joe Perches wrote:
> > > On Mon, 2019-04-01 at 19:01 +0200, Greg Kroah-Hartman wrote:
> > > > 4.4-stable review patch.  If anyone has any objections, please let me know.
> > > 
> > > If this is to be ported just for an optimization
> > > (which I think is dubious as it's not a bug fix),
> > 
> > Yes, it was requested to be backported because of that.
> > 
> > > why not port the __fls optimization too?
> > > 
> > > __fls has a bigger effect on performance.
> > 
> > What commit are you referring to?
> 
> f8ae107eef209bff29a5816bc1aad40d5cd69a80

Thanks for the commit id, I'll look into adding that to a later round of
kernel releases.

greg k-h

^ permalink raw reply	[flat|nested] 144+ messages in thread

* Re: [PATCH 4.4 000/131] 4.4.178-stable review
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (133 preceding siblings ...)
  2019-04-02  9:02 ` Jon Hunter
@ 2019-04-02 19:04 ` Guenter Roeck
  2019-04-02 23:56 ` shuah
  135 siblings, 0 replies; 144+ messages in thread
From: Guenter Roeck @ 2019-04-02 19:04 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: linux-kernel, torvalds, akpm, shuah, patches, ben.hutchings,
	lkft-triage, stable

On Mon, Apr 01, 2019 at 07:01:10PM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.4.178 release.
> There are 131 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Wed Apr  3 16:59:39 UTC 2019.
> Anything received after that time might be too late.
> 
Build results:
	total: 171 pass: 171 fail: 0
Qemu test results:
	total: 292 pass: 292 fail: 0

Guenter

^ permalink raw reply	[flat|nested] 144+ messages in thread

* Re: [PATCH 4.4 000/131] 4.4.178-stable review
  2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
                   ` (134 preceding siblings ...)
  2019-04-02 19:04 ` Guenter Roeck
@ 2019-04-02 23:56 ` shuah
  135 siblings, 0 replies; 144+ messages in thread
From: shuah @ 2019-04-02 23:56 UTC (permalink / raw)
  To: Greg Kroah-Hartman, linux-kernel
  Cc: torvalds, akpm, linux, patches, ben.hutchings, lkft-triage,
	stable, shuah

On 4/1/19 11:01 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.4.178 release.
> There are 131 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Wed Apr  3 16:59:39 UTC 2019.
> Anything received after that time might be too late.
> 
> The whole patch series can be found in one patch at:
> 	https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.178-rc1.gz
> or in the git tree and branch at:
> 	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y
> and the diffstat can be found below.
> 
> thanks,
> 
> greg k-h
> 

Compiled and booted on my test system. No dmesg regressions.

thanks,
-- Shuah


^ permalink raw reply	[flat|nested] 144+ messages in thread

* Re: [PATCH 4.4 078/131] PM / Hibernate: Call flush_icache_range() on pages restored in-place
  2019-04-01 20:39   ` Pavel Machek
@ 2019-04-03 11:00     ` Catalin Marinas
  2019-04-03 13:40       ` Greg Kroah-Hartman
  0 siblings, 1 reply; 144+ messages in thread
From: Catalin Marinas @ 2019-04-03 11:00 UTC (permalink / raw)
  To: Pavel Machek
  Cc: Greg Kroah-Hartman, linux-kernel, stable, James Morse,
	Rafael J. Wysocki, Will Deacon, Sasha Levin

On Mon, Apr 01, 2019 at 10:39:18PM +0200, Pavel Machek wrote:
> On Mon 2019-04-01 19:02:28, Greg Kroah-Hartman wrote:
> > 4.4-stable review patch.  If anyone has any objections, please let me know.
> > 
> > ------------------
> > 
> > [ Upstream commit f6cf0545ec697ddc278b7457b7d0c0d86a2ea88e ]
> > 
> > Some architectures require code written to memory as if it were data to be
> > 'cleaned' from any data caches before the processor can fetch them as new
> > instructions.
> > 
> > During resume from hibernate, the snapshot code copies some pages directly,
> > meaning these architectures do not get a chance to perform their cache
> > maintenance. Modify the read and decompress code to call
> > flush_icache_range() on all pages that are restored, so that the restored
> > in-place pages are guaranteed to be executable on these architectures.
> > 
> > Signed-off-by: James Morse <james.morse@arm.com>
> > Acked-by: Pavel Machek <pavel@ucw.cz>
> > Acked-by: Rafael J. Wysocki <rjw@rjwysocki.net>
> > Acked-by: Catalin Marinas <catalin.marinas@arm.com>
> > [will: make clean_pages_on_* static and remove initialisers]
> > Signed-off-by: Will Deacon <will.deacon@arm.com>
> > Signed-off-by: Sasha Levin <sashal@kernel.org>
> 
> I don't think this is suitable for stable.
> 
> Catalin: Are there platforms that a) need this and b) support
> hibernation in 4.4.X?

Good point. This commit was required for the arm64 hibernate support
that went in the 4.7 kernel.

Greg, why was this patch selected for stable? It's harmless anyway.

Thanks.

-- 
Catalin


^ permalink raw reply	[flat|nested] 144+ messages in thread

* Re: [PATCH 4.4 078/131] PM / Hibernate: Call flush_icache_range() on pages restored in-place
  2019-04-03 11:00     ` Catalin Marinas
@ 2019-04-03 13:40       ` Greg Kroah-Hartman
  0 siblings, 0 replies; 144+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-03 13:40 UTC (permalink / raw)
  To: Catalin Marinas
  Cc: Pavel Machek, linux-kernel, stable, James Morse,
	Rafael J. Wysocki, Will Deacon, Sasha Levin

On Wed, Apr 03, 2019 at 12:00:51PM +0100, Catalin Marinas wrote:
> On Mon, Apr 01, 2019 at 10:39:18PM +0200, Pavel Machek wrote:
> > On Mon 2019-04-01 19:02:28, Greg Kroah-Hartman wrote:
> > > 4.4-stable review patch.  If anyone has any objections, please let me know.
> > > 
> > > ------------------
> > > 
> > > [ Upstream commit f6cf0545ec697ddc278b7457b7d0c0d86a2ea88e ]
> > > 
> > > Some architectures require code written to memory as if it were data to be
> > > 'cleaned' from any data caches before the processor can fetch them as new
> > > instructions.
> > > 
> > > During resume from hibernate, the snapshot code copies some pages directly,
> > > meaning these architectures do not get a chance to perform their cache
> > > maintenance. Modify the read and decompress code to call
> > > flush_icache_range() on all pages that are restored, so that the restored
> > > in-place pages are guaranteed to be executable on these architectures.
> > > 
> > > Signed-off-by: James Morse <james.morse@arm.com>
> > > Acked-by: Pavel Machek <pavel@ucw.cz>
> > > Acked-by: Rafael J. Wysocki <rjw@rjwysocki.net>
> > > Acked-by: Catalin Marinas <catalin.marinas@arm.com>
> > > [will: make clean_pages_on_* static and remove initialisers]
> > > Signed-off-by: Will Deacon <will.deacon@arm.com>
> > > Signed-off-by: Sasha Levin <sashal@kernel.org>
> > 
> > I don't think this is suitable for stable.
> > 
> > Catalin: Are there platforms that a) need this and b) support
> > hibernation in 4.4.X?
> 
> Good point. This commit was required for the arm64 hibernate support
> that went in the 4.7 kernel.
> 
> Greg, why was this patch selected for stable? It's harmless anyway.

It came in through Sasha's "magic patch selection AI" tools :)

If it's harmless, might as well leave it in now, and not revert it.

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 144+ messages in thread

end of thread, other threads:[~2019-04-03 13:52 UTC | newest]

Thread overview: 144+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-04-01 17:01 [PATCH 4.4 000/131] 4.4.178-stable review Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 001/131] mmc: pxamci: fix enum type confusion Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 002/131] drm/vmwgfx: Dont double-free the mode stored in par->set_mode Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 003/131] udf: Fix crash on IO error during truncate Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 004/131] mips: loongson64: lemote-2f: Add IRQF_NO_SUSPEND to "cascade" irqaction Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 005/131] MIPS: Fix kernel crash for R6 in jump label branch function Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 006/131] futex: Ensure that futex address is aligned in handle_futex_death() Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 007/131] ext4: fix NULL pointer dereference while journal is aborted Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 008/131] ext4: fix data corruption caused by unaligned direct AIO Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 009/131] ext4: brelse all indirect buffer in ext4_ind_remove_space() Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 010/131] mmc: tmio_mmc_core: dont claim spurious interrupts Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 011/131] media: v4l2-ctrls.c/uvc: zero v4l2_event Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 012/131] locking/lockdep: Add debug_locks check in __lock_downgrade() Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 013/131] ALSA: hda - Record the current power state before suspend/resume calls Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 014/131] ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 015/131] mmc: pwrseq_simple: Make reset-gpios optional to match doc Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 016/131] mmc: debugfs: Add a restriction to mmc debugfs clock setting Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 017/131] mmc: make MAN_BKOPS_EN message a debug Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 018/131] mmc: sanitize bus width in debug output Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 019/131] mmc: core: shut up "voltage-ranges unspecified" pr_info() Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 020/131] usb: dwc3: gadget: Fix suspend/resume during device mode Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 021/131] arm64: mm: Add trace_irqflags annotations to do_debug_exception() Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 022/131] mmc: core: fix using wrong io voltage if mmc_select_hs200 fails Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 023/131] mm/rmap: replace BUG_ON(anon_vma->degree) with VM_WARN_ON Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 024/131] extcon: usb-gpio: Dont miss event during suspend/resume Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 025/131] kbuild: setlocalversion: print error to STDERR Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 026/131] usb: gadget: composite: fix dereference after null check coverify warning Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 027/131] usb: gadget: Add the gserial port checking in gs_start_tx() Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 028/131] tcp/dccp: drop SYN packets if accept queue is full Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 029/131] serial: sprd: adjust TIMEOUT to a big value Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 030/131] Hang/soft lockup in d_invalidate with simultaneous calls Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 031/131] arm64: traps: disable irq in die() Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 032/131] usb: renesas_usbhs: gadget: fix unused-but-set-variable warning Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 033/131] serial: sprd: clear timeout interrupt only rather than all interrupts Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 034/131] lib/int_sqrt: optimize small argument Greg Kroah-Hartman
2019-04-01 17:42   ` Joe Perches
2019-04-02  6:59     ` Greg Kroah-Hartman
2019-04-02  9:00       ` Joe Perches
2019-04-02 11:10         ` Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 035/131] USB: core: only clean up what we allocated Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 036/131] rtc: Fix overflow when converting time64_t to rtc_time Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 037/131] ath10k: avoid possible string overflow Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 038/131] Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 039/131] Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 040/131] sched/fair: Fix new tasks load avg removed from source CPU in wake_up_new_task() Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 041/131] mmc: block: Allow more than 8 partitions per card Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 042/131] arm64: fix COMPAT_SHMLBA definition for large pages Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 043/131] efi: stub: define DISABLE_BRANCH_PROFILING for all architectures Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 044/131] ARM: 8458/1: bL_switcher: add GIC dependency Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 045/131] ARM: 8494/1: mm: Enable PXN when running non-LPAE kernel on LPAE processor Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 046/131] android: unconditionally remove callbacks in sync_fence_free() Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 047/131] vmstat: make vmstat_updater deferrable again and shut down on idle Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 048/131] hid-sensor-hub.c: fix wrong do_div() usage Greg Kroah-Hartman
2019-04-01 17:01 ` [PATCH 4.4 049/131] arm64: hide __efistub_ aliases from kallsyms Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 050/131] perf: Synchronously free aux pages in case of allocation failure Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 051/131] net: diag: support v4mapped sockets in inet_diag_find_one_icsk() Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 052/131] Revert "mmc: block: dont use parameter prefix if built as module" Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 053/131] writeback: initialize inode members that track writeback history Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 054/131] coresight: fixing lockdep error Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 055/131] coresight: coresight_unregister() function cleanup Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 056/131] coresight: release reference taken by bus_find_device() Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 057/131] coresight: remove csdevs link from topology Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 058/131] stm class: Fix locking in unbinding policy path Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 059/131] stm class: Fix link list locking Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 060/131] stm class: Prevent user-controllable allocations Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 061/131] stm class: Support devices with multiple instances Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 062/131] stm class: Fix unlocking braino in the error path Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 063/131] stm class: Guard output assignment against concurrency Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 064/131] stm class: Fix unbalanced module/device refcounting Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 065/131] stm class: Fix a race in unlinking Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 066/131] coresight: "DEVICE_ATTR_RO" should defined as static Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 067/131] coresight: etm4x: Check every parameter used by dma_xx_coherent Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 068/131] asm-generic: Fix local variable shadow in __set_fixmap_offset Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 069/131] staging: ashmem: Avoid deadlock with mmap/shrink Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 070/131] staging: ashmem: Add missing include Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 071/131] staging: ion: Set minimum carveout heap allocation order to PAGE_SHIFT Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 072/131] staging: goldfish: audio: fix compiliation on arm Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 073/131] ARM: 8510/1: rework ARM_CPU_SUSPEND dependencies Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 074/131] arm64/kernel: fix incorrect EL0 check in inv_entry macro Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 075/131] =?UTF-8?q?mac80211:=20fix=20"warning:=20=E2=80=98target=5Fmetric?= =?UTF-8?q?=E2=80=99=20may=20be=20used=20uninitialized"?= Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 076/131] perf/ring_buffer: Refuse to begin AUX transaction after rb->aux_mmap_count drops Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 077/131] arm64: kernel: Include _AC definition in page.h Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 078/131] PM / Hibernate: Call flush_icache_range() on pages restored in-place Greg Kroah-Hartman
2019-04-01 20:39   ` Pavel Machek
2019-04-03 11:00     ` Catalin Marinas
2019-04-03 13:40       ` Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 079/131] stm class: Do not leak the chrdev in error path Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 080/131] stm class: Fix stm device initialization order Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 081/131] ipv6: fix endianness error in icmpv6_err Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 082/131] usb: gadget: configfs: add mutex lock before unregister gadget Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 083/131] usb: gadget: rndis: free response queue during REMOTE_NDIS_RESET_MSG Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 084/131] cpu/hotplug: Handle unbalanced hotplug enable/disable Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 085/131] video: fbdev: Set pixclock = 0 in goldfishfb Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 086/131] arm64: kconfig: drop CONFIG_RTC_LIB dependency Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 087/131] mmc: mmc: fix switch timeout issue caused by jiffies precision Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 088/131] cfg80211: size various nl80211 messages correctly Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 089/131] stmmac: copy unicast mac address to MAC registers Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 090/131] dccp: do not use ipv6 header for ipv4 flow Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 091/131] mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 092/131] net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 093/131] net: rose: fix a possible stack overflow Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 094/131] Add hlist_add_tail_rcu() (Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net) Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 095/131] packets: Always register packet sk in the same order Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 096/131] tcp: do not use ipv6 header for ipv4 flow Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 097/131] vxlan: Dont call gro_cells_destroy() before device is unregistered Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 098/131] sctp: get sctphdr by offset in sctp_compute_cksum Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 099/131] mac8390: Fix mmio access size probe Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 100/131] btrfs: remove WARN_ON in log_dir_items Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 101/131] btrfs: raid56: properly unmap parity page in finish_parity_scrub() Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 102/131] ARM: imx6q: cpuidle: fix bug that CPU might not wake up at expected time Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 103/131] ALSA: compress: add support for 32bit calls in a 64bit kernel Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 104/131] ALSA: rawmidi: Fix potential Spectre v1 vulnerability Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 105/131] ALSA: seq: oss: Fix " Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 106/131] ALSA: pcm: Fix possible OOB access in PCM oss plugins Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 107/131] ALSA: pcm: Dont suspend stream in unrecoverable PCM state Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 108/131] scsi: sd: Fix a race between closing an sd device and sd I/O Greg Kroah-Hartman
2019-04-01 17:02 ` [PATCH 4.4 109/131] scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host Greg Kroah-Hartman
2019-04-01 17:03 ` [PATCH 4.4 110/131] scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices Greg Kroah-Hartman
2019-04-01 17:03 ` [PATCH 4.4 111/131] tty: atmel_serial: fix a potential NULL pointer dereference Greg Kroah-Hartman
2019-04-01 17:03 ` [PATCH 4.4 112/131] staging: vt6655: Remove vif check from vnt_interrupt Greg Kroah-Hartman
2019-04-01 17:03 ` [PATCH 4.4 113/131] staging: vt6655: Fix interrupt race condition on device start up Greg Kroah-Hartman
2019-04-01 17:03 ` [PATCH 4.4 114/131] serial: max310x: Fix to avoid potential NULL pointer dereference Greg Kroah-Hartman
2019-04-01 17:03 ` [PATCH 4.4 115/131] serial: sh-sci: Fix setting SCSCR_TIE while transferring data Greg Kroah-Hartman
2019-04-01 17:03 ` [PATCH 4.4 116/131] USB: serial: cp210x: add new device id Greg Kroah-Hartman
2019-04-01 17:03 ` [PATCH 4.4 117/131] USB: serial: ftdi_sio: add additional NovaTech products Greg Kroah-Hartman
2019-04-01 17:03 ` [PATCH 4.4 118/131] USB: serial: mos7720: fix mos_parport refcount imbalance on error path Greg Kroah-Hartman
2019-04-01 17:03 ` [PATCH 4.4 119/131] USB: serial: option: set driver_info for SIM5218 and compatibles Greg Kroah-Hartman
2019-04-01 17:03 ` [PATCH 4.4 120/131] USB: serial: option: add Olicard 600 Greg Kroah-Hartman
2019-04-01 17:03 ` [PATCH 4.4 121/131] Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc Greg Kroah-Hartman
2019-04-01 17:03 ` [PATCH 4.4 122/131] fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links Greg Kroah-Hartman
2019-04-01 17:03 ` [PATCH 4.4 123/131] gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input Greg Kroah-Hartman
2019-04-01 17:03 ` [PATCH 4.4 124/131] perf intel-pt: Fix TSC slip Greg Kroah-Hartman
2019-04-01 17:03 ` [PATCH 4.4 125/131] x86/smp: Enforce CONFIG_HOTPLUG_CPU when SMP=y Greg Kroah-Hartman
2019-04-01 17:03 ` [PATCH 4.4 126/131] KVM: Reject device ioctls from processes other than the VMs creator Greg Kroah-Hartman
2019-04-01 17:03 ` [PATCH 4.4 127/131] xhci: Fix port resume done detection for SS ports with LPM enabled Greg Kroah-Hartman
2019-04-01 17:03 ` [PATCH 4.4 128/131] Revert "USB: core: only clean up what we allocated" Greg Kroah-Hartman
2019-04-01 17:03 ` [PATCH 4.4 129/131] arm64: support keyctl() system call in 32-bit mode Greg Kroah-Hartman
2019-04-01 17:03 ` [PATCH 4.4 130/131] coresight: removing bind/unbind options from sysfs Greg Kroah-Hartman
2019-04-01 17:03 ` [PATCH 4.4 131/131] stm class: Hide STM-specific options if STM is disabled Greg Kroah-Hartman
2019-04-01 22:43 ` [PATCH 4.4 000/131] 4.4.178-stable review kernelci.org bot
2019-04-02  2:57 ` Naresh Kamboju
2019-04-02  9:02 ` Jon Hunter
2019-04-02 19:04 ` Guenter Roeck
2019-04-02 23:56 ` shuah

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).