hello dear
Assalamu Alaikum Wa Rahmatullahi Wa Barakatuh, hello dear I came across your contact during my private search. Mrs Aisha Al- Qaddafi is my name, the only daughter of late Libyan president, am a single Mother and a Widow with three Children.I have funds the sum of $27.5 million USD for, investment, I am interested in you for investment project assistance in your country,because of my current refugee status, i shall compensate you 30% of the total sum after the funds are transfer into your account,I am willing to, negotiate investment/business profit sharing ratio with you base on the future investment earning profits. Reply me urgent for more details Mrs Aisha Al-Qaddafi
[PATCH] MAINTAINERS: update git tree for sound entries
Several sound related entries in MAINTAINERS refer to the old git tree at "git://git.alsa-project.org/alsa-kernel.git". This is no longer used for development, and Takashi Iwai's kernel.org tree is used instead. Signed-off-by: Ross Zwisler --- MAINTAINERS | 13 ++--- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/MAINTAINERS b/MAINTAINERS index e17ebf70b5480..d373d976a9317 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -3351,7 +3351,7 @@ F:include/uapi/linux/bsg.h BT87X AUDIO DRIVER M: Clemens Ladisch L: alsa-de...@alsa-project.org (moderated for non-subscribers) -T: git git://git.alsa-project.org/alsa-kernel.git +T: git git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git S: Maintained F: Documentation/sound/cards/bt87x.rst F: sound/pci/bt87x.c @@ -3404,7 +3404,7 @@ F:drivers/scsi/FlashPoint.* C-MEDIA CMI8788 DRIVER M: Clemens Ladisch L: alsa-de...@alsa-project.org (moderated for non-subscribers) -T: git git://git.alsa-project.org/alsa-kernel.git +T: git git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git S: Maintained F: sound/pci/oxygen/ @@ -5696,7 +5696,7 @@ F:drivers/edac/qcom_edac.c EDIROL UA-101/UA-1000 DRIVER M: Clemens Ladisch L: alsa-de...@alsa-project.org (moderated for non-subscribers) -T: git git://git.alsa-project.org/alsa-kernel.git +T: git git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git S: Maintained F: sound/usb/misc/ua101.c @@ -6036,7 +6036,7 @@ F:include/linux/f75375s.h FIREWIRE AUDIO DRIVERS M: Clemens Ladisch L: alsa-de...@alsa-project.org (moderated for non-subscribers) -T: git git://git.alsa-project.org/alsa-kernel.git +T: git git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git S: Maintained F: sound/firewire/ @@ -11593,7 +11593,7 @@ F: Documentation/devicetree/bindings/opp/ OPL4 DRIVER M: Clemens Ladisch L: alsa-de...@alsa-project.org (moderated for non-subscribers) -T: git git://git.alsa-project.org/alsa-kernel.git +T: git git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git S: Maintained F: sound/drivers/opl4/ @@ -14490,7 +14490,6 @@ M: Takashi Iwai L: alsa-de...@alsa-project.org (moderated for non-subscribers) W: http://www.alsa-project.org/ T: git git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git -T: git git://git.alsa-project.org/alsa-kernel.git Q: http://patchwork.kernel.org/project/alsa-devel/list/ S: Maintained F: Documentation/sound/ @@ -16100,7 +16099,7 @@ F: drivers/usb/storage/ USB MIDI DRIVER M: Clemens Ladisch L: alsa-de...@alsa-project.org (moderated for non-subscribers) -T: git git://git.alsa-project.org/alsa-kernel.git +T: git git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git S: Maintained F: sound/usb/midi.* -- 2.21.0.593.g511ec345e18-goog
Re: [PATCH V3 07/12] misc: xilinx_sdfec: Add ability to configure LDPC
On Sat, Apr 27, 2019 at 11:05:01PM +0100, Dragan Cvetic wrote:
> --- a/include/uapi/misc/xilinx_sdfec.h
> +++ b/include/uapi/misc/xilinx_sdfec.h
> +/**
> + * xsdfec_calculate_shared_ldpc_table_entry_size - Calculates shared code
> + * table sizes.
> + * @ldpc: Pointer to the LPDC Code Parameters
> + * @table_sizes: Pointer to structure containing the calculated table sizes
> + *
> + * Calculates the size of shared LDPC code tables used for a specified LPDC
> code
> + * parameters.
> + */
> +inline void
> +xsdfec_calculate_shared_ldpc_table_entry_size(struct xsdfec_ldpc_params
> *ldpc,
> + struct xsdfec_ldpc_param_table_sizes *table_sizes)
> +{
> + /* Calculate the sc_size in 32 bit words */
> + table_sizes->sc_size = (ldpc->nlayers + 3) >> 2;
> + /* Calculate the la_size in 256 bit words */
> + table_sizes->la_size = ((ldpc->nlayers << 2) + 15) >> 4;
> + /* Calculate the qc_size in 256 bit words */
> + table_sizes->qc_size = ((ldpc->nqc << 2) + 15) >> 4;
> +}
Why do you have an inline function in a user api .h file? That's really
not a good idea.
thanks,
greg k-h
Re: [PATCH V3 04/12] misc: xilinx_sdfec: Add open, close and ioctl
On Sat, Apr 27, 2019 at 11:04:58PM +0100, Dragan Cvetic wrote: > Add char device interface per DT node present and support > file operations: > - open(), > - close(), > - unlocked_ioctl(), > - compat_ioctl(). Why do you need compat_ioctl() at all? Any "new" driver should never need it. Just create your structures properly. thanks, greg k-h
Re: [PATCH V3 04/12] misc: xilinx_sdfec: Add open, close and ioctl
On Sat, Apr 27, 2019 at 11:04:58PM +0100, Dragan Cvetic wrote:
> +static int xsdfec_dev_open(struct inode *iptr, struct file *fptr)
> +{
> + struct xsdfec_dev *xsdfec;
> +
> + xsdfec = container_of(iptr->i_cdev, struct xsdfec_dev, xsdfec_cdev);
> +
> + if (!atomic_dec_and_test(&xsdfec->open_count)) {
Why do you care about this?
And do you really think it matters? What are you trying to protect from
here?
> + atomic_inc(&xsdfec->open_count);
> + return -EBUSY;
> + }
> +
> + fptr->private_data = xsdfec;
> + return 0;
> +}
> +
> +static int xsdfec_dev_release(struct inode *iptr, struct file *fptr)
> +{
> + struct xsdfec_dev *xsdfec;
> +
> + xsdfec = container_of(iptr->i_cdev, struct xsdfec_dev, xsdfec_cdev);
> +
> + atomic_inc(&xsdfec->open_count);
You increment a number when the device is closed?
You are trying to make it hard to maintain this code over time :)
> + return 0;
> +}
> +
> +static long xsdfec_dev_ioctl(struct file *fptr, unsigned int cmd,
> + unsigned long data)
> +{
> + struct xsdfec_dev *xsdfec = fptr->private_data;
> + void __user *arg = NULL;
> + int rval = -EINVAL;
> + int err = 0;
> +
> + if (!xsdfec)
> + return rval;
> +
> + if (_IOC_TYPE(cmd) != XSDFEC_MAGIC)
> + return -ENOTTY;
> +
> + /* check if ioctl argument is present and valid */
> + if (_IOC_DIR(cmd) != _IOC_NONE) {
> + arg = (void __user *)data;
> + if (!arg) {
> + dev_err(xsdfec->dev,
> + "xilinx sdfec ioctl argument is NULL Pointer");
You just created a way for userspace to spam the kernel log, please do
not do that :(
> + return rval;
> + }
> + }
> +
> + if (err) {
> + dev_err(xsdfec->dev, "Invalid xilinx sdfec ioctl argument");
> + return -EFAULT;
Wrong error, you did not have a memory fault.
Again, you just created a way to spam the kernel log by a user :(
thanks,
greg k-h
Re: [PATCH V3 02/12] misc: xilinx-sdfec: add core driver
On Sat, Apr 27, 2019 at 11:04:56PM +0100, Dragan Cvetic wrote:
> +#define DRIVER_NAME "xilinx_sdfec"
> +#define DRIVER_VERSION "0.3"
Version means nothing with the driver in the kernel tree, please remove
it.
> +#define DRIVER_MAX_DEV BIT(MINORBITS)
Why this number? Why limit yourself to any number?
> +
> +static struct class *xsdfec_class;
Do you really need your own class?
> +static atomic_t xsdfec_ndevs = ATOMIC_INIT(0);
Why?
> +static dev_t xsdfec_devt;
Why?
Why not use misc_device for this? Why do you need your own major with a
bunch of minor devices reserved ahead of time? Why not just create a
new misc device for every individual device that happens to be found in
the system? That will make the code a lot simpler and smaller and
easier.
> +
> +/**
> + * struct xsdfec_dev - Driver data for SDFEC
> + * @regs: device physical base address
> + * @dev: pointer to device struct
> + * @config: Configuration of the SDFEC device
> + * @open_count: Count of char device being opened
> + * @xsdfec_cdev: Character device handle
> + * @irq_lock: Driver spinlock
> + *
> + * This structure contains necessary state for SDFEC driver to operate
> + */
> +struct xsdfec_dev {
> + void __iomem *regs;
> + struct device *dev;
> + struct xsdfec_config config;
> + atomic_t open_count;
> + struct cdev xsdfec_cdev;
> + /* Spinlock to protect state_updated and stats_updated */
> + spinlock_t irq_lock;
> +};
> +
> +static const struct file_operations xsdfec_fops = {
> + .owner = THIS_MODULE,
> +};
No operations at all? That's an easy driver :)
thanks,
greg k-h
Re: [PATCH] overlayfs: ignore empty NFSv4 ACLs in ext4 upperdir
On Thu, May 02, 2019 at 05:08:14PM +0200, Andreas Grünbacher wrote: > You'll still see permissions that differ from what the filesystem > enforces, and copy-up would change that behavior. That's always true, and this issue isn't really specific to NFSv4 ACLs (or ACLs at all), it already exists with just mode bits. The client doesn't know how principals may be mapped on the server, doesn't know group membership, etc. That's the usual model, anyway. Permissions are almost entirely the server's responsibility, and we just provide a few attributes to set/get those server-side permissions. The overlayfs/NFS case is different, I think: the nfs filesystem may be just a static read-only template for a filesystem that's only ever used by clients, and for all I know maybe permissions should only be interpreted on the client side in that case. --b.
Re: [PATCH 0/4] coresight: next v5.1-rc7
On Thu, May 02, 2019 at 10:54:01AM -0600, Mathieu Poirier wrote: > Hi Greg, > > Please see if you can add these to your tree for the coming merge window. > They are confined to the CoreSight subsystem and have been in linux-next for > a week now. > > We can simply wait for the next cycle if you think it is too late for this > one. Snuck them in right now :) thanks, greg k-h
[PATCH v2] x86/fpu: Fault-in user stack if copy_fpstate_to_sigframe() fails
In the compacted form, XSAVES may save only the XMM+SSE state but skip
FP (x87 state).
This is denoted by header->xfeatures = 6. The fastpath
(copy_fpregs_to_sigframe()) does that but _also_ initialises the FP
state (cwd to 0x37f, mxcsr as we do, remaining fields to 0).
The slowpath (copy_xstate_to_user()) leaves most of the FP
state untouched. Only mxcsr and mxcsr_flags are set due to
xfeatures_mxcsr_quirk(). Now that XFEATURE_MASK_FP is set
unconditionally, see
04944b793e18 ("x86: xsave: set FP, SSE bits in the xsave header in the user
sigcontext"),
on return from the signal, random garbage is loaded as the FP state.
Instead of utilizing copy_xstate_to_user(), fault-in the user memory
and retry the fast path. Ideally, the fast path succeeds on the second
attempt but may be retried again if the memory is swapped out due
to memory pressure. If the user memory can not be faulted-in then
get_user_pages() returns an error so we don't loop forever.
Fault in memory via get_user_pages_unlocked() so
copy_fpregs_to_sigframe() succeeds without a fault.
Fixes: 69277c98f5eef ("x86/fpu: Always store the registers in
copy_fpstate_to_sigframe()")
Reported-by: Kurt Kanzenbach
Suggested-by: Dave Hansen
Signed-off-by: Sebastian Andrzej Siewior
---
v1…v2:
- s/get_user_pages()/get_user_pages_unlocked()/
- merge cleanups
I'm posting this all-in-one fix up replacing the original patch so we
don't have a merge window with known bugs (that is the one that the
patch was going the fix and the KASAN fallout that it introduced).
arch/x86/kernel/fpu/signal.c | 31 +++
1 file changed, 15 insertions(+), 16 deletions(-)
diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c
index 7026f1c4e5e30..5a8d118bc423e 100644
--- a/arch/x86/kernel/fpu/signal.c
+++ b/arch/x86/kernel/fpu/signal.c
@@ -157,11 +157,9 @@ static inline int copy_fpregs_to_sigframe(struct
xregs_state __user *buf)
*/
int copy_fpstate_to_sigframe(void __user *buf, void __user *buf_fx, int size)
{
- struct fpu *fpu = ¤t->thread.fpu;
- struct xregs_state *xsave = &fpu->state.xsave;
struct task_struct *tsk = current;
int ia32_fxstate = (buf != buf_fx);
- int ret = -EFAULT;
+ int ret;
ia32_fxstate &= (IS_ENABLED(CONFIG_X86_32) ||
IS_ENABLED(CONFIG_IA32_EMULATION));
@@ -174,11 +172,12 @@ int copy_fpstate_to_sigframe(void __user *buf, void
__user *buf_fx, int size)
sizeof(struct user_i387_ia32_struct), NULL,
(struct _fpstate_32 __user *) buf) ? -1 : 1;
+retry:
/*
* Load the FPU registers if they are not valid for the current task.
* With a valid FPU state we can attempt to save the state directly to
-* userland's stack frame which will likely succeed. If it does not, do
-* the slowpath.
+* userland's stack frame which will likely succeed. If it does not,
+* resolve the fault in the user memory and try again.
*/
fpregs_lock();
if (test_thread_flag(TIF_NEED_FPU_LOAD))
@@ -187,20 +186,20 @@ int copy_fpstate_to_sigframe(void __user *buf, void
__user *buf_fx, int size)
pagefault_disable();
ret = copy_fpregs_to_sigframe(buf_fx);
pagefault_enable();
- if (ret && !test_thread_flag(TIF_NEED_FPU_LOAD))
- copy_fpregs_to_fpstate(fpu);
- set_thread_flag(TIF_NEED_FPU_LOAD);
fpregs_unlock();
if (ret) {
- if (using_compacted_format()) {
- if (copy_xstate_to_user(buf_fx, xsave, 0, size))
- return -1;
- } else {
- fpstate_sanitize_xstate(fpu);
- if (__copy_to_user(buf_fx, xsave, fpu_user_xstate_size))
- return -1;
- }
+ int aligned_size;
+ int nr_pages;
+
+ aligned_size = offset_in_page(buf_fx) + fpu_user_xstate_size;
+ nr_pages = DIV_ROUND_UP(aligned_size, PAGE_SIZE);
+
+ ret = get_user_pages_unlocked((unsigned long)buf_fx, nr_pages,
+ NULL, FOLL_WRITE);
+ if (ret == nr_pages)
+ goto retry;
+ return -EFAULT;
}
/* Save the fsave header for the 32-bit frames. */
--
2.20.1
[PATCH V4 2/2] PCI: dwc: Export APIs to support .remove() implementation
Export all configuration space access APIs and also other APIs to
support host controller drivers of DesignWare core based implementations
while adding support for .remove() hook to build their respective drivers
as modules
Signed-off-by: Vidya Sagar
Acked-by: Gustavo Pimentel
---
Changes from v3:
* Exported only __dw_pcie_{read/write}_dbi() APIs instead of
dw_pcie_read{l/w/b}_dbi & dw_pcie_write{l/w/b}_dbi APIs.
Changes from v2:
* Rebased on top of linux-next top of the tree branch
Changes from v1:
* s/Designware/DesignWare
drivers/pci/controller/dwc/pcie-designware-host.c | 4
drivers/pci/controller/dwc/pcie-designware.c | 4
2 files changed, 8 insertions(+)
diff --git a/drivers/pci/controller/dwc/pcie-designware-host.c
b/drivers/pci/controller/dwc/pcie-designware-host.c
index d069e4290180..f93252d0da5b 100644
--- a/drivers/pci/controller/dwc/pcie-designware-host.c
+++ b/drivers/pci/controller/dwc/pcie-designware-host.c
@@ -311,6 +311,7 @@ void dw_pcie_msi_init(struct pcie_port *pp)
dw_pcie_wr_own_conf(pp, PCIE_MSI_ADDR_HI, 4,
upper_32_bits(msi_target));
}
+EXPORT_SYMBOL_GPL(dw_pcie_msi_init);
int dw_pcie_host_init(struct pcie_port *pp)
{
@@ -495,6 +496,7 @@ int dw_pcie_host_init(struct pcie_port *pp)
dw_pcie_free_msi(pp);
return ret;
}
+EXPORT_SYMBOL_GPL(dw_pcie_host_init);
void dw_pcie_host_deinit(struct pcie_port *pp)
{
@@ -503,6 +505,7 @@ void dw_pcie_host_deinit(struct pcie_port *pp)
if (pci_msi_enabled() && !pp->ops->msi_host_init)
dw_pcie_free_msi(pp);
}
+EXPORT_SYMBOL_GPL(dw_pcie_host_deinit);
static int dw_pcie_access_other_conf(struct pcie_port *pp, struct pci_bus *bus,
u32 devfn, int where, int size, u32 *val,
@@ -695,3 +698,4 @@ void dw_pcie_setup_rc(struct pcie_port *pp)
val |= PORT_LOGIC_SPEED_CHANGE;
dw_pcie_wr_own_conf(pp, PCIE_LINK_WIDTH_SPEED_CONTROL, 4, val);
}
+EXPORT_SYMBOL_GPL(dw_pcie_setup_rc);
diff --git a/drivers/pci/controller/dwc/pcie-designware.c
b/drivers/pci/controller/dwc/pcie-designware.c
index d7cc1a0c1de6..6401e1c5b398 100644
--- a/drivers/pci/controller/dwc/pcie-designware.c
+++ b/drivers/pci/controller/dwc/pcie-designware.c
@@ -40,6 +40,7 @@ int dw_pcie_read(void __iomem *addr, int size, u32 *val)
return PCIBIOS_SUCCESSFUL;
}
+EXPORT_SYMBOL_GPL(dw_pcie_read);
int dw_pcie_write(void __iomem *addr, int size, u32 val)
{
@@ -57,6 +58,7 @@ int dw_pcie_write(void __iomem *addr, int size, u32 val)
return PCIBIOS_SUCCESSFUL;
}
+EXPORT_SYMBOL_GPL(dw_pcie_write);
u32 __dw_pcie_read_dbi(struct dw_pcie *pci, void __iomem *base, u32 reg,
size_t size)
@@ -73,6 +75,7 @@ u32 __dw_pcie_read_dbi(struct dw_pcie *pci, void __iomem
*base, u32 reg,
return val;
}
+EXPORT_SYMBOL_GPL(__dw_pcie_read_dbi);
void __dw_pcie_write_dbi(struct dw_pcie *pci, void __iomem *base, u32 reg,
size_t size, u32 val)
@@ -88,6 +91,7 @@ void __dw_pcie_write_dbi(struct dw_pcie *pci, void __iomem
*base, u32 reg,
if (ret)
dev_err(pci->dev, "Write DBI address failed\n");
}
+EXPORT_SYMBOL_GPL(__dw_pcie_write_dbi);
u32 __dw_pcie_read_dbi2(struct dw_pcie *pci, void __iomem *base, u32 reg,
size_t size)
--
2.17.1
[PATCH V4 1/2] PCI: dwc: Add API support to de-initialize host
Add an API to group all the tasks to be done to de-initialize host which
can then be called by any DesignWare core based driver implementations
while adding .remove() support in their respective drivers.
Signed-off-by: Vidya Sagar
Acked-by: Gustavo Pimentel
---
Changes from v3:
* Added check if (pci_msi_enabled() && !pp->ops->msi_host_init) before calling
dw_pcie_free_msi() API to mimic init path
Changes from v2:
* Rebased on top of linux-next top of the tree branch
Changes from v1:
* s/Designware/DesignWare
drivers/pci/controller/dwc/pcie-designware-host.c | 8
drivers/pci/controller/dwc/pcie-designware.h | 5 +
2 files changed, 13 insertions(+)
diff --git a/drivers/pci/controller/dwc/pcie-designware-host.c
b/drivers/pci/controller/dwc/pcie-designware-host.c
index 77db32529319..d069e4290180 100644
--- a/drivers/pci/controller/dwc/pcie-designware-host.c
+++ b/drivers/pci/controller/dwc/pcie-designware-host.c
@@ -496,6 +496,14 @@ int dw_pcie_host_init(struct pcie_port *pp)
return ret;
}
+void dw_pcie_host_deinit(struct pcie_port *pp)
+{
+ pci_stop_root_bus(pp->root_bus);
+ pci_remove_root_bus(pp->root_bus);
+ if (pci_msi_enabled() && !pp->ops->msi_host_init)
+ dw_pcie_free_msi(pp);
+}
+
static int dw_pcie_access_other_conf(struct pcie_port *pp, struct pci_bus *bus,
u32 devfn, int where, int size, u32 *val,
bool write)
diff --git a/drivers/pci/controller/dwc/pcie-designware.h
b/drivers/pci/controller/dwc/pcie-designware.h
index deab426affd3..4f48ec78c7b9 100644
--- a/drivers/pci/controller/dwc/pcie-designware.h
+++ b/drivers/pci/controller/dwc/pcie-designware.h
@@ -348,6 +348,7 @@ void dw_pcie_msi_init(struct pcie_port *pp);
void dw_pcie_free_msi(struct pcie_port *pp);
void dw_pcie_setup_rc(struct pcie_port *pp);
int dw_pcie_host_init(struct pcie_port *pp);
+void dw_pcie_host_deinit(struct pcie_port *pp);
int dw_pcie_allocate_domains(struct pcie_port *pp);
#else
static inline irqreturn_t dw_handle_msi_irq(struct pcie_port *pp)
@@ -372,6 +373,10 @@ static inline int dw_pcie_host_init(struct pcie_port *pp)
return 0;
}
+static inline void dw_pcie_host_deinit(struct pcie_port *pp)
+{
+}
+
static inline int dw_pcie_allocate_domains(struct pcie_port *pp)
{
return 0;
--
2.17.1
Re: [PATCH V2 1/2] PCI: dwc: Add API support to de-initialize host
On 5/2/2019 8:28 PM, Lorenzo Pieralisi wrote:
On Tue, Apr 16, 2019 at 07:45:15PM +0530, Vidya Sagar wrote:
Add an API to group all the tasks to be done to de-initialize host which
can then be called by any DesignWare core based driver implementations
while adding .remove() support in their respective drivers.
Signed-off-by: Vidya Sagar
Acked-by: Gustavo Pimentel
---
v2:
* s/Designware/DesignWare
drivers/pci/controller/dwc/pcie-designware-host.c | 7 +++
drivers/pci/controller/dwc/pcie-designware.h | 5 +
2 files changed, 12 insertions(+)
diff --git a/drivers/pci/controller/dwc/pcie-designware-host.c
b/drivers/pci/controller/dwc/pcie-designware-host.c
index 3e4169e738a5..d7881490282d 100644
--- a/drivers/pci/controller/dwc/pcie-designware-host.c
+++ b/drivers/pci/controller/dwc/pcie-designware-host.c
@@ -516,6 +516,13 @@ int dw_pcie_host_init(struct pcie_port *pp)
return ret;
}
+void dw_pcie_host_deinit(struct pcie_port *pp)
+{
+ pci_stop_root_bus(pp->root_bus);
+ pci_remove_root_bus(pp->root_bus);
+ dw_pcie_free_msi(pp);
This must mirror the init path, so AFAICS it should not be done
if pp->ops->msi_host_init != NULL
Done.
I'll add check "if (pci_msi_enabled() && !pp->ops->msi_host_init)"
Lorenzo
+}
+
static int dw_pcie_access_other_conf(struct pcie_port *pp, struct pci_bus
*bus,
u32 devfn, int where, int size, u32 *val,
bool write)
diff --git a/drivers/pci/controller/dwc/pcie-designware.h
b/drivers/pci/controller/dwc/pcie-designware.h
index adff0c713665..ea8d1caf11c5 100644
--- a/drivers/pci/controller/dwc/pcie-designware.h
+++ b/drivers/pci/controller/dwc/pcie-designware.h
@@ -343,6 +343,7 @@ void dw_pcie_msi_init(struct pcie_port *pp);
void dw_pcie_free_msi(struct pcie_port *pp);
void dw_pcie_setup_rc(struct pcie_port *pp);
int dw_pcie_host_init(struct pcie_port *pp);
+void dw_pcie_host_deinit(struct pcie_port *pp);
int dw_pcie_allocate_domains(struct pcie_port *pp);
#else
static inline irqreturn_t dw_handle_msi_irq(struct pcie_port *pp)
@@ -367,6 +368,10 @@ static inline int dw_pcie_host_init(struct pcie_port *pp)
return 0;
}
+static inline void dw_pcie_host_deinit(struct pcie_port *pp)
+{
+}
+
static inline int dw_pcie_allocate_domains(struct pcie_port *pp)
{
return 0;
--
2.17.1
Re: [PATCH V2 2/2] PCI: dwc: Export APIs to support .remove() implementation
On 5/2/2019 8:21 PM, Lorenzo Pieralisi wrote:
On Tue, Apr 16, 2019 at 07:45:16PM +0530, Vidya Sagar wrote:
Export all configuration space access APIs and also other APIs to
support host controller drivers of DesignWare core based
implementations while adding support for .remove() hook to build their
respective drivers as modules
Signed-off-by: Vidya Sagar
Acked-by: Gustavo Pimentel
---
v2:
* s/Designware/DesignWare
.../pci/controller/dwc/pcie-designware-host.c | 4 ++
drivers/pci/controller/dwc/pcie-designware.c | 38 +++
drivers/pci/controller/dwc/pcie-designware.h | 35 +++--
3 files changed, 48 insertions(+), 29 deletions(-)
diff --git a/drivers/pci/controller/dwc/pcie-designware-host.c
b/drivers/pci/controller/dwc/pcie-designware-host.c
index d7881490282d..2a5332e5ccfa 100644
--- a/drivers/pci/controller/dwc/pcie-designware-host.c
+++ b/drivers/pci/controller/dwc/pcie-designware-host.c
@@ -333,6 +333,7 @@ void dw_pcie_msi_init(struct pcie_port *pp)
dw_pcie_wr_own_conf(pp, PCIE_MSI_ADDR_HI, 4,
upper_32_bits(msi_target));
}
+EXPORT_SYMBOL_GPL(dw_pcie_msi_init);
int dw_pcie_host_init(struct pcie_port *pp)
{
@@ -515,6 +516,7 @@ int dw_pcie_host_init(struct pcie_port *pp)
dw_pcie_free_msi(pp);
return ret;
}
+EXPORT_SYMBOL_GPL(dw_pcie_host_init);
void dw_pcie_host_deinit(struct pcie_port *pp)
{
@@ -522,6 +524,7 @@ void dw_pcie_host_deinit(struct pcie_port *pp)
pci_remove_root_bus(pp->root_bus);
dw_pcie_free_msi(pp);
}
+EXPORT_SYMBOL_GPL(dw_pcie_host_deinit);
static int dw_pcie_access_other_conf(struct pcie_port *pp, struct pci_bus *bus,
u32 devfn, int where, int size, u32 *val,
@@ -731,3 +734,4 @@ void dw_pcie_setup_rc(struct pcie_port *pp)
val |= PORT_LOGIC_SPEED_CHANGE;
dw_pcie_wr_own_conf(pp, PCIE_LINK_WIDTH_SPEED_CONTROL, 4, val);
}
+EXPORT_SYMBOL_GPL(dw_pcie_setup_rc);
diff --git a/drivers/pci/controller/dwc/pcie-designware.c
b/drivers/pci/controller/dwc/pcie-designware.c
index 31f6331ca46f..f98e2f284ae1 100644
--- a/drivers/pci/controller/dwc/pcie-designware.c
+++ b/drivers/pci/controller/dwc/pcie-designware.c
@@ -40,6 +40,7 @@ int dw_pcie_read(void __iomem *addr, int size, u32 *val)
return PCIBIOS_SUCCESSFUL;
}
+EXPORT_SYMBOL_GPL(dw_pcie_read);
int dw_pcie_write(void __iomem *addr, int size, u32 val)
{
@@ -57,6 +58,7 @@ int dw_pcie_write(void __iomem *addr, int size, u32 val)
return PCIBIOS_SUCCESSFUL;
}
+EXPORT_SYMBOL_GPL(dw_pcie_write);
u32 __dw_pcie_read_dbi(struct dw_pcie *pci, void __iomem *base, u32 reg,
size_t size)
@@ -89,6 +91,42 @@ void __dw_pcie_write_dbi(struct dw_pcie *pci, void __iomem
*base, u32 reg,
dev_err(pci->dev, "Write DBI address failed\n");
}
+void dw_pcie_writel_dbi(struct dw_pcie *pci, u32 reg, u32 val)
+{
+ __dw_pcie_write_dbi(pci, pci->dbi_base, reg, 0x4, val);
+}
+EXPORT_SYMBOL_GPL(dw_pcie_writel_dbi);
+
+u32 dw_pcie_readl_dbi(struct dw_pcie *pci, u32 reg)
+{
+ return __dw_pcie_read_dbi(pci, pci->dbi_base, reg, 0x4);
+}
+EXPORT_SYMBOL_GPL(dw_pcie_readl_dbi);
+
+void dw_pcie_writew_dbi(struct dw_pcie *pci, u32 reg, u16 val)
+{
+ __dw_pcie_write_dbi(pci, pci->dbi_base, reg, 0x2, val);
+}
+EXPORT_SYMBOL_GPL(dw_pcie_writew_dbi);
+
+u16 dw_pcie_readw_dbi(struct dw_pcie *pci, u32 reg)
+{
+ return __dw_pcie_read_dbi(pci, pci->dbi_base, reg, 0x2);
+}
+EXPORT_SYMBOL_GPL(dw_pcie_readw_dbi);
+
+void dw_pcie_writeb_dbi(struct dw_pcie *pci, u32 reg, u8 val)
+{
+ __dw_pcie_write_dbi(pci, pci->dbi_base, reg, 0x1, val);
+}
+EXPORT_SYMBOL_GPL(dw_pcie_writeb_dbi);
+
+u8 dw_pcie_readb_dbi(struct dw_pcie *pci, u32 reg)
+{
+ return __dw_pcie_read_dbi(pci, pci->dbi_base, reg, 0x1);
+}
+EXPORT_SYMBOL_GPL(dw_pcie_readb_dbi);
+
static u32 dw_pcie_readl_ob_unroll(struct dw_pcie *pci, u32 index, u32 reg)
{
u32 offset = PCIE_GET_ATU_OUTB_UNR_REG_OFFSET(index);
diff --git a/drivers/pci/controller/dwc/pcie-designware.h
b/drivers/pci/controller/dwc/pcie-designware.h
index ea8d1caf11c5..86df36701a37 100644
--- a/drivers/pci/controller/dwc/pcie-designware.h
+++ b/drivers/pci/controller/dwc/pcie-designware.h
@@ -265,35 +265,12 @@ void dw_pcie_disable_atu(struct dw_pcie *pci, int index,
enum dw_pcie_region_type type);
void dw_pcie_setup(struct dw_pcie *pci);
-static inline void dw_pcie_writel_dbi(struct dw_pcie *pci, u32 reg, u32 val)
-{
- __dw_pcie_write_dbi(pci, pci->dbi_base, reg, 0x4, val);
-}
-
-static inline u32 dw_pcie_readl_dbi(struct dw_pcie *pci, u32 reg)
-{
- return __dw_pcie_read_dbi(pci, pci->dbi_base, reg, 0x4);
-}
-
-static inline void dw_pcie_writew_dbi(struct dw_pcie *pci, u32 reg, u16 val)
-{
- __dw_pcie_write_dbi(pci, pci->dbi_base, reg, 0x2, val);
-}
-
-static inline u16 dw_pcie_readw_dbi(struct dw_pcie *pci, u32 r
Re: [PATCH v3 3/4] add kexec_cmdline used to ima
On Thu, May 02, 2019 at 12:52:35PM -0400, Mimi Zohar wrote: > On Mon, 2019-04-29 at 14:47 -0700, Prakhar Srivastava wrote: > > From: Prakhar Srivastava > kexec doesn't really know or care about IMA. Other than the IMA call, > itself, nothing should be added to kexec files. As mentioned in 1/4, > the IMA hook would be named something like ima_kexec_cmdline(). > > + f = fdget(kernel_fd); > > + if (!f.file) > > + goto out; > > + > > + size = (f.file->f_path.dentry->d_name.len + cmdline_len - 1+ > > + ARRAY_SIZE(delimiter)) - 1; > > + > > + buf = kzalloc(size, GFP_KERNEL); > > + if (!buf) > > + goto out; > > + > > + memcpy(buf, f.file->f_path.dentry->d_name.name, > > + f.file->f_path.dentry->d_name.len); > > + memcpy(buf + f.file->f_path.dentry->d_name.len, > > + delimiter, ARRAY_SIZE(delimiter) - 1); > > + memcpy(buf + f.file->f_path.dentry->d_name.len + > > + ARRAY_SIZE(delimiter) - 1, > > + cmdline_ptr, cmdline_len - 1); Another thing is that it's so obviously racy, it's not even funny. Consider what rename(2) in parallel will do to that.
[PATCH] posix_acl: Use struct_size() helper
Make use of the struct_size() helper instead of an open-coded version
in order to avoid any potential type mistakes, in particular in the
context in which this code is being used.
So, replace code of the following form:
sizeof(struct posix_acl) + count * sizeof(struct posix_acl_entry)
with:
struct_size(acl, a_entries, count)
and so on...
Notice that variable size is unnecessary, hence it is removed.
This code was detected with the help of Coccinelle.
Signed-off-by: Gustavo A. R. Silva
---
fs/posix_acl.c | 12 ++--
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/fs/posix_acl.c b/fs/posix_acl.c
index 2fd0fde16fe1..d654d8f87280 100644
--- a/fs/posix_acl.c
+++ b/fs/posix_acl.c
@@ -175,9 +175,9 @@ EXPORT_SYMBOL(posix_acl_init);
struct posix_acl *
posix_acl_alloc(int count, gfp_t flags)
{
- const size_t size = sizeof(struct posix_acl) +
- count * sizeof(struct posix_acl_entry);
- struct posix_acl *acl = kmalloc(size, flags);
+ struct posix_acl *acl;
+
+ acl = kmalloc(struct_size(acl, a_entries, count), flags);
if (acl)
posix_acl_init(acl, count);
return acl;
@@ -193,9 +193,9 @@ posix_acl_clone(const struct posix_acl *acl, gfp_t flags)
struct posix_acl *clone = NULL;
if (acl) {
- int size = sizeof(struct posix_acl) + acl->a_count *
- sizeof(struct posix_acl_entry);
- clone = kmemdup(acl, size, flags);
+ clone = kmemdup(acl,
+ struct_size(clone, a_entries, acl->a_count),
+ flags);
if (clone)
refcount_set(&clone->a_refcount, 1);
}
--
2.21.0
Hallo 5/2/2019 4:06:09 PM
Hallo linux-kernel@vger.kernel.org Sehr geehrte Damen und Herren Wir gewähren Darlehen in Höhe von 20.000,00 bis 5 Mio. mit einem Zinssatz von 2% Die Zinsen und die Laufzeiten sind sehr attraktiv (2%) und in punkto Sicherheit beschränken wir uns auf das absolute Minimum. Interessiert? Dann kontaktieren Sie uns doch für weitere Informationen per e-mail Stefanie Hubner.
Re: [PATCH] x86/fpu: Remove the _GPL from the kernel_fpu_begin/end() export
On Thu, May 02, 2019 at 09:29:01AM -0700, Andy Lutomirski wrote: > I'm not saying that we should export things for ZFS's benefit. But, > as far as I know, _GPL means "this interface is sufficiently specific > to Linux details that we think that any user must be a derived work". > I don't think that kernel_fpu_begin() is an example of that. But it is sufficiently specific. It is present on x86 and s390 only - other arches don't have it. -- Regards/Gruss, Boris. Good mailing practices for 400: avoid top-posting and trim the reply.
[PATCH 3/4] dt-bindings: arm: coresight: Unify funnel DT binding
From: Leo Yan
Following the same fashion with replicator DT binding, this patch is to
unify the DT binding for funnel to support static and dynamic modes;
finally we get the funnel DT binding as below:
Before patch:
Static funnel, aka. non-configurable funnel:
Not supported;
Dynamic funnel, aka. configurable funnel:
"arm,coresight-funnel", "arm,primecell";
After patch:
Static funnel:
"arm,coresight-static-funnel";
Dynamic funnel:
"arm,coresight-dynamic-funnel", "arm,primecell";
"arm,coresight-funnel", "arm,primecell"; (obsolete)
At the end of this patch, it gives an example for static funnel DT
binding, and updates the dynamic funnel example.
Cc: Mathieu Poirier
Cc: Suzuki K Poulose
Cc: Wanglai Shi
Signed-off-by: Leo Yan
Reviewed-by: Suzuki K Poulose
Reviewed-by: Rob Herring
Signed-off-by: Mathieu Poirier
---
.../devicetree/bindings/arm/coresight.txt | 53 +--
1 file changed, 48 insertions(+), 5 deletions(-)
diff --git a/Documentation/devicetree/bindings/arm/coresight.txt
b/Documentation/devicetree/bindings/arm/coresight.txt
index d02d160fa8ac..8a88ddebc1a2 100644
--- a/Documentation/devicetree/bindings/arm/coresight.txt
+++ b/Documentation/devicetree/bindings/arm/coresight.txt
@@ -8,7 +8,8 @@ through the intermediate links connecting the source to the
currently selected
sink. Each CoreSight component device should use these properties to describe
its hardware characteristcs.
-* Required properties for all components *except* non-configurable replicators:
+* Required properties for all components *except* non-configurable replicators
+ and non-configurable funnels:
* compatible: These have to be supplemented with "arm,primecell" as
drivers are using the AMBA bus interface. Possible values include:
@@ -24,8 +25,10 @@ its hardware characteristcs.
discovered at boot time when the device is probed.
"arm,coresight-tmc", "arm,primecell";
- - Trace Funnel:
- "arm,coresight-funnel", "arm,primecell";
+ - Trace Programmable Funnel:
+ "arm,coresight-dynamic-funnel", "arm,primecell";
+ "arm,coresight-funnel", "arm,primecell"; (OBSOLETE. For
+ backward compatibility and will be removed)
- Embedded Trace Macrocell (version 3.x) and
Program Flow Trace Macrocell:
@@ -65,7 +68,7 @@ its hardware characteristcs.
"stm-stimulus-base", each corresponding to the areas defined in "reg".
* Required properties for devices that don't show up on the AMBA bus, such as
- non-configurable replicators:
+ non-configurable replicators and non-configurable funnels:
* compatible: Currently supported value is (note the absence of the
AMBA markee):
@@ -74,6 +77,9 @@ its hardware characteristcs.
"arm,coresight-replicator"; (OBSOLETE. For backward
compatibility and will be removed)
+ - Coresight Non-configurable Funnel:
+ "arm,coresight-static-funnel";
+
* port or ports: see "Graph bindings for Coresight" below.
* Optional properties for ETM/PTMs:
@@ -203,8 +209,45 @@ Example:
};
};
+ funnel {
+ /*
+* non-configurable funnel don't show up on the AMBA
+* bus. As such no need to add "arm,primecell".
+*/
+ compatible = "arm,coresight-static-funnel";
+ clocks = <&crg_ctrl HI3660_PCLK>;
+ clock-names = "apb_pclk";
+
+ out-ports {
+ port {
+ combo_funnel_out: endpoint {
+ remote-endpoint = <&top_funnel_in>;
+ };
+ };
+ };
+
+ in-ports {
+ #address-cells = <1>;
+ #size-cells = <0>;
+
+ port@0 {
+ reg = <0>;
+ combo_funnel_in0: endpoint {
+ remote-endpoint = <&cluster0_etf_out>;
+ };
+ };
+
+ port@1 {
+ reg = <1>;
+ combo_funnel_in1: endpoint {
+ remote-endpoint = <&cluster1_etf_out>;
+ };
+ };
+ };
+ };
+
funnel@2004 {
- compatible = "arm,coresight-funnel", "arm,primecell";
+ compatible = "arm,coresight-dynamic-funnel", "arm,primecell";
reg = <0 0x2004 0 0x1000>;
clocks = <&oscclk6a>;
--
2.17.1
[PATCH 4/4] coresight: funnel: Support static funnel
From: Leo Yan
Since CoreSight hardware topology can use a 'hidden' funnel in the
trace data path, this kind funnel doesn't have register for accessing
and is used by default from hardware design perspective. Below is an
example for related hardware topology:
+--+ +--+
| cpu0 |->| ETM |-\
+--+ +--+ \-> ++ +-+
.. | Funnel |->| ETF |-\Hidden funnel
+--+ +--+ /-> ++ +-+ \|
| cpu3 |->| ETM |-/ \ V
+--+ +--+ \-> ++
| Funnel |-> ...
+--+ +--+ /-> ++
| cpu4 |->| ETM |-\ /
+--+ +--+ \-> ++ +-+ /
.. | Funnel |->| ETF |-/
+--+ +--+ /-> ++ +-+
| cpu7 |->| ETM |-/
+--+ +--+
The CoreSight funnel driver only supports dynamic funnel with
registration register resource, thus it cannot support for the static
funnel case and it's impossible to create trace data path for this case.
This patch is to extend CoreSight funnel driver to support both for
static funnel and dynamic funnel. For the dynamic funnel it reuses the
code existed in the driver, for static funnel the driver will support
device probe if without providing register resource and the driver skips
registers accessing when detect the register base is NULL.
Cc: Mathieu Poirier
Cc: Suzuki K Poulose
Cc: Wanglai Shi
Suggested-by: Suzuki K Poulose
Signed-off-by: Leo Yan
Reviewed-by: Suzuki K Poulose
Signed-off-by: Mathieu Poirier
---
.../hwtracing/coresight/coresight-funnel.c| 116 ++
1 file changed, 89 insertions(+), 27 deletions(-)
diff --git a/drivers/hwtracing/coresight/coresight-funnel.c
b/drivers/hwtracing/coresight/coresight-funnel.c
index 927925151509..16b0c0e1e43a 100644
--- a/drivers/hwtracing/coresight/coresight-funnel.c
+++ b/drivers/hwtracing/coresight/coresight-funnel.c
@@ -12,6 +12,8 @@
#include
#include
#include
+#include
+#include
#include
#include
#include
@@ -43,7 +45,7 @@ struct funnel_drvdata {
unsigned long priority;
};
-static int funnel_enable_hw(struct funnel_drvdata *drvdata, int port)
+static int dynamic_funnel_enable_hw(struct funnel_drvdata *drvdata, int port)
{
u32 functl;
int rc = 0;
@@ -71,17 +73,19 @@ static int funnel_enable_hw(struct funnel_drvdata *drvdata,
int port)
static int funnel_enable(struct coresight_device *csdev, int inport,
int outport)
{
- int rc;
+ int rc = 0;
struct funnel_drvdata *drvdata = dev_get_drvdata(csdev->dev.parent);
- rc = funnel_enable_hw(drvdata, inport);
+ if (drvdata->base)
+ rc = dynamic_funnel_enable_hw(drvdata, inport);
if (!rc)
dev_dbg(drvdata->dev, "FUNNEL inport %d enabled\n", inport);
return rc;
}
-static void funnel_disable_hw(struct funnel_drvdata *drvdata, int inport)
+static void dynamic_funnel_disable_hw(struct funnel_drvdata *drvdata,
+ int inport)
{
u32 functl;
@@ -103,7 +107,8 @@ static void funnel_disable(struct coresight_device *csdev,
int inport,
{
struct funnel_drvdata *drvdata = dev_get_drvdata(csdev->dev.parent);
- funnel_disable_hw(drvdata, inport);
+ if (drvdata->base)
+ dynamic_funnel_disable_hw(drvdata, inport);
dev_dbg(drvdata->dev, "FUNNEL inport %d disabled\n", inport);
}
@@ -177,54 +182,70 @@ static struct attribute *coresight_funnel_attrs[] = {
};
ATTRIBUTE_GROUPS(coresight_funnel);
-static int funnel_probe(struct amba_device *adev, const struct amba_id *id)
+static int funnel_probe(struct device *dev, struct resource *res)
{
int ret;
void __iomem *base;
- struct device *dev = &adev->dev;
struct coresight_platform_data *pdata = NULL;
struct funnel_drvdata *drvdata;
- struct resource *res = &adev->res;
struct coresight_desc desc = { 0 };
- struct device_node *np = adev->dev.of_node;
+ struct device_node *np = dev->of_node;
if (np) {
pdata = of_get_coresight_platform_data(dev, np);
if (IS_ERR(pdata))
return PTR_ERR(pdata);
- adev->dev.platform_data = pdata;
+ dev->platform_data = pdata;
}
+ if (of_device_is_compatible(np, "arm,coresight-funnel"))
+ pr_warn_once("Uses OBSOLETE CoreSight funnel binding\n");
+
drvdata = devm_kzalloc(dev, sizeof(*drvdata), GFP_KERNEL);
if (!drvdata)
return -ENOMEM;
- drvdata->dev = &adev->dev;
- drvdata->atclk = devm_clk_get(&adev->dev, "atclk"); /* optional */
+ drvdata->dev = dev;
+ drvdata->atclk = devm_clk_get(dev, "a
[PATCH 2/4] coresight: replicator: Add new device id for static replicator
From: Leo Yan
This patch adds a device id for the new static replicator compatible
string; it changes the driver name from "coresight-replicator" to
"coresight-static-replicator" as well.
This patch also gives warning when use the replicator obsolete DT
binding.
Signed-off-by: Leo Yan
Reviewed-by: Suzuki K Poulose
Signed-off-by: Mathieu Poirier
---
drivers/hwtracing/coresight/coresight-replicator.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/hwtracing/coresight/coresight-replicator.c
b/drivers/hwtracing/coresight/coresight-replicator.c
index 4e0da85efd2d..8c9ce74498e1 100644
--- a/drivers/hwtracing/coresight/coresight-replicator.c
+++ b/drivers/hwtracing/coresight/coresight-replicator.c
@@ -189,6 +189,9 @@ static int replicator_probe(struct device *dev, struct
resource *res)
dev->platform_data = pdata;
}
+ if (of_device_is_compatible(np, "arm,coresight-replicator"))
+ pr_warn_once("Uses OBSOLETE CoreSight replicator binding\n");
+
drvdata = devm_kzalloc(dev, sizeof(*drvdata), GFP_KERNEL);
if (!drvdata)
return -ENOMEM;
@@ -285,13 +288,14 @@ static const struct dev_pm_ops replicator_dev_pm_ops = {
static const struct of_device_id static_replicator_match[] = {
{.compatible = "arm,coresight-replicator"},
+ {.compatible = "arm,coresight-static-replicator"},
{}
};
static struct platform_driver static_replicator_driver = {
.probe = static_replicator_probe,
.driver = {
- .name = "coresight-replicator",
+ .name = "coresight-static-replicator",
.of_match_table = static_replicator_match,
.pm = &replicator_dev_pm_ops,
.suppress_bind_attrs = true,
--
2.17.1
[PATCH 1/4] dt-bindings: arm: coresight: Add new compatible for static replicator
From: Leo Yan
CoreSight uses below bindings for replicator:
Dynamic replicator, aka. configurable replicator:
"arm,coresight-dynamic-replicator", "arm,primecell";
Static replicator, aka. non-configurable replicator:
"arm,coresight-replicator";
The compatible string "arm,coresight-replicator" is not an explicit
naming to express the replicator is 'static'. To unify the naming
convention, this patch introduces a new compatible string
"arm,coresight-static-replicator" for the static replicator; the
compatible string "arm,coresight-replicator" is kept for backward
compatibility, but tag it as obsolete and suggest to use the new
compatible string.
As result CoreSight replicator have below bindings:
Dynamic replicator:
"arm,coresight-dynamic-replicator", "arm,primecell";
Static replicator:
"arm,coresight-static-replicator";
"arm,coresight-replicator"; (obsolete)
Signed-off-by: Leo Yan
Reviewed-by: Suzuki K Poulose
Reviewed-by: Rob Herring
Signed-off-by: Mathieu Poirier
---
Documentation/devicetree/bindings/arm/coresight.txt | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/Documentation/devicetree/bindings/arm/coresight.txt
b/Documentation/devicetree/bindings/arm/coresight.txt
index f8aff65ab921..d02d160fa8ac 100644
--- a/Documentation/devicetree/bindings/arm/coresight.txt
+++ b/Documentation/devicetree/bindings/arm/coresight.txt
@@ -69,7 +69,10 @@ its hardware characteristcs.
* compatible: Currently supported value is (note the absence of the
AMBA markee):
- - "arm,coresight-replicator"
+ - Coresight Non-configurable Replicator:
+ "arm,coresight-static-replicator";
+ "arm,coresight-replicator"; (OBSOLETE. For backward
+ compatibility and will be removed)
* port or ports: see "Graph bindings for Coresight" below.
@@ -169,7 +172,7 @@ Example:
/* non-configurable replicators don't show up on the
* AMBA bus. As such no need to add "arm,primecell".
*/
- compatible = "arm,coresight-replicator";
+ compatible = "arm,coresight-static-replicator";
out-ports {
#address-cells = <1>;
--
2.17.1
[PATCH 0/4] coresight: next v5.1-rc7
Hi Greg, Please see if you can add these to your tree for the coming merge window. They are confined to the CoreSight subsystem and have been in linux-next for a week now. We can simply wait for the next cycle if you think it is too late for this one. Thanks, Mathieu Leo Yan (4): dt-bindings: arm: coresight: Add new compatible for static replicator coresight: replicator: Add new device id for static replicator dt-bindings: arm: coresight: Unify funnel DT binding coresight: funnel: Support static funnel .../devicetree/bindings/arm/coresight.txt | 60 +++-- .../hwtracing/coresight/coresight-funnel.c| 116 ++ .../coresight/coresight-replicator.c | 6 +- 3 files changed, 147 insertions(+), 35 deletions(-) -- 2.17.1
Re: perf tools build broken after v5.1-rc1
On 4/29/19 6:18 PM, Arnaldo Carvalho de Melo wrote:
>>>
>>> Auto-detecting system features:
>>> ... dwarf: [ OFF ]
>>> ...dwarf_getlocations: [ OFF ]
>>> ... glibc: [ on ]
>>
>> Not related to current issue, this run uses a uClibc toolchain and yet it is
>> detecting glibc - doesn't seem right to me.
>
> Ok, I'll improve that, I think it just tries to detect a libc, yeah,
> see:
>
> [acme@quaco linux]$ cat tools/build/feature/test-glibc.c
> // SPDX-License-Identifier: GPL-2.0
> #include
>
> #if !defined(__UCLIBC__)
> #include
> #else
> #define XSTR(s) STR(s)
> #define STR(s) #s
> #endif
>
> int main(void)
> {
> #if !defined(__UCLIBC__)
> const char *version = gnu_get_libc_version();
> #else
> const char *version = XSTR(__GLIBC__) "." XSTR(__GLIBC_MINOR__);
> #endif
>
> return (long)version;
> }
So we return a pointer to a string to declare a glibc build ?
But won't it do so even for other libs, even if those numbers were 0:0. I'm
confused how this feature detction works.
> [acme@quaco linux]$
>
> [perfbuilder@59ca4b424ded /]$ grep __GLIBC__
> /arc_gnu_2017.09-rc2_prebuilt_uclibc_le_arc700_linux_install/arc-snps-linux-uclibc/sysroot/usr/include/*.h
> /arc_gnu_2017.09-rc2_prebuilt_uclibc_le_arc700_linux_install/arc-snps-linux-uclibc/sysroot/usr/include/features.h:
>The macros `__GNU_LIBRARY__', `__GLIBC__', and `__GLIBC_MINOR__' are
> /arc_gnu_2017.09-rc2_prebuilt_uclibc_le_arc700_linux_install/arc-snps-linux-uclibc/sysroot/usr/include/features.h:#define
> __GLIBC__ 2
> /arc_gnu_2017.09-rc2_prebuilt_uclibc_le_arc700_linux_install/arc-snps-linux-uclibc/sysroot/usr/include/features.h:
> ((__GLIBC__ << 16) + __GLIBC_MINOR__ >= ((maj) << 16) + (min))
> [perfbuilder@59ca4b424ded /]$
>
> Isn't that part of uClibc?
Re: [PATCH v3 4/4] added LSM hook to call ima_buffer_check
On Mon, 2019-04-29 at 14:47 -0700, Prakhar Srivastava wrote:
> From: Prakhar Srivastava
>
> added LSM hook to call ima_buffer_check
Casey just responded, "I can imagine an LSM that cares about the
command line, but I don't have interest in it for any work I have in
progress." Unless one of the other LSM maintainers is interested,
let's leave it as an IMA only hook.
Mimi
>
> Signed-off-by: Prakhar Srivastava
> ---
> include/linux/lsm_hooks.h | 3 +++
> include/linux/security.h | 3 +++
> kernel/kexec_internal.h | 4 +++-
> security/security.c | 6 ++
> 4 files changed, 15 insertions(+), 1 deletion(-)
>
> diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
> index a240a3fc5fc4..f18562c1eb24 100644
> --- a/include/linux/lsm_hooks.h
> +++ b/include/linux/lsm_hooks.h
> @@ -1672,6 +1672,8 @@ union security_list_options {
> int (*inode_setsecctx)(struct dentry *dentry, void *ctx, u32 ctxlen);
> int (*inode_getsecctx)(struct inode *inode, void **ctx, u32 *ctxlen);
>
> + int (*buffer_check)(const void *buff, int size, const char *eventname);
> +
> #ifdef CONFIG_SECURITY_NETWORK
> int (*unix_stream_connect)(struct sock *sock, struct sock *other,
> struct sock *newsk);
> @@ -1945,6 +1947,7 @@ struct security_hook_heads {
> struct hlist_head inode_notifysecctx;
> struct hlist_head inode_setsecctx;
> struct hlist_head inode_getsecctx;
> + struct hlist_head buffer_check;
> #ifdef CONFIG_SECURITY_NETWORK
> struct hlist_head unix_stream_connect;
> struct hlist_head unix_may_send;
> diff --git a/include/linux/security.h b/include/linux/security.h
> index 49f2685324b0..8dece6da0dda 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -388,6 +388,7 @@ void security_inode_invalidate_secctx(struct inode
> *inode);
> int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen);
> int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen);
> int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen);
> +void security_buffer_measure(const void *buff, int size, char *eventname);
> #else /* CONFIG_SECURITY */
>
> static inline int call_lsm_notifier(enum lsm_event event, void *data)
> @@ -1188,6 +1189,8 @@ static inline int security_inode_getsecctx(struct inode
> *inode, void **ctx, u32
> {
> return -EOPNOTSUPP;
> }
> +static inline void security_buffer_measure(const void *buff, int size, char
> *eventname)
> +{ }
> #endif /* CONFIG_SECURITY */
>
> #ifdef CONFIG_SECURITY_NETWORK
> diff --git a/kernel/kexec_internal.h b/kernel/kexec_internal.h
> index 48aaf2ac0d0d..9f967fbb5aa0 100644
> --- a/kernel/kexec_internal.h
> +++ b/kernel/kexec_internal.h
> @@ -12,7 +12,9 @@ int kimage_load_segment(struct kimage *image, struct
> kexec_segment *segment);
> void kimage_terminate(struct kimage *image);
> int kimage_is_destination_range(struct kimage *image,
> unsigned long start, unsigned long end);
> -
> +int kexec_cmdline_prepend_img_name(char **outbuf, int kernel_fd,
> + const char *cmdline_ptr,
> + unsigned long cmdline_len);
> extern struct mutex kexec_mutex;
>
> #ifdef CONFIG_KEXEC_FILE
> diff --git a/security/security.c b/security/security.c
> index 23cbb1a295a3..2b575a40470e 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -754,6 +754,12 @@ int security_bprm_check(struct linux_binprm *bprm)
> return ima_bprm_check(bprm);
> }
>
> +void security_buffer_measure(const void *buff, int size, char *eventname)
> +{
> + call_void_hook(buffer_check, buff, size, eventname);
> + return ima_buffer_check(buff, size, eventname);
> +}
> +
> void security_bprm_committing_creds(struct linux_binprm *bprm)
> {
> call_void_hook(bprm_committing_creds, bprm);
Re: [PATCH v3 3/4] add kexec_cmdline used to ima
On Mon, 2019-04-29 at 14:47 -0700, Prakhar Srivastava wrote:
> From: Prakhar Srivastava
>
> prepend the kernel file name to kexec_cmdline
> before measuring the buffer.
>
kexec doesn't really know or care about IMA. Other than the IMA call,
itself, nothing should be added to kexec files. As mentioned in 1/4,
the IMA hook would be named something like ima_kexec_cmdline().
Mimi
> Signed-off-by: Prakhar Srivastava
> ---
> kernel/kexec_core.c | 57 +
> kernel/kexec_file.c | 14 +++
> 2 files changed, 71 insertions(+)
>
> diff --git a/kernel/kexec_core.c b/kernel/kexec_core.c
> index d7140447be75..4667f03d406e 100644
> --- a/kernel/kexec_core.c
> +++ b/kernel/kexec_core.c
> @@ -1213,3 +1213,60 @@ void __weak arch_kexec_protect_crashkres(void)
>
> void __weak arch_kexec_unprotect_crashkres(void)
> {}
> +
> +/**
> + * kexec_cmdline_prepend_img_name - prepare the buffer with cmdline
> + * that needs to be measured
> + * @outbuf - out buffer that contains the formated string
> + * @kernel_fd - the file identifier for the kerenel image
> + * @cmdline_ptr - ptr to the cmdline buffer
> + * @cmdline_len - len of the buffer.
> + *
> + * This generates a buffer in the format Kerenelfilename::cmdline
> + *
> + * On success return 0.
> + * On failure return -EINVAL.
> + */
> +int kexec_cmdline_prepend_img_name(char **outbuf, int kernel_fd,
> + const char *cmdline_ptr,
> + unsigned long cmdline_len)
> +{
> + int ret = -EINVAL;
> + struct fd f = {};
> + int size = 0;
> + char *buf = NULL;
> + char delimiter[] = "::";
> +
> + if (!outbuf || !cmdline_ptr)
> + goto out;
> +
> + f = fdget(kernel_fd);
> + if (!f.file)
> + goto out;
> +
> + size = (f.file->f_path.dentry->d_name.len + cmdline_len - 1+
> + ARRAY_SIZE(delimiter)) - 1;
> +
> + buf = kzalloc(size, GFP_KERNEL);
> + if (!buf)
> + goto out;
> +
> + memcpy(buf, f.file->f_path.dentry->d_name.name,
> + f.file->f_path.dentry->d_name.len);
> + memcpy(buf + f.file->f_path.dentry->d_name.len,
> + delimiter, ARRAY_SIZE(delimiter) - 1);
> + memcpy(buf + f.file->f_path.dentry->d_name.len +
> + ARRAY_SIZE(delimiter) - 1,
> + cmdline_ptr, cmdline_len - 1);
> +
> + *outbuf = buf;
> + ret = size;
> +
> + pr_debug("kexec cmdline buff: %s\n", buf);
> +
> +out:
> + if (f.file)
> + fdput(f);
> +
> + return ret;
> +}
> diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
> index f1d0e00a3971..d287e139085c 100644
> --- a/kernel/kexec_file.c
> +++ b/kernel/kexec_file.c
> @@ -191,6 +191,8 @@ kimage_file_prepare_segments(struct kimage *image, int
> kernel_fd, int initrd_fd,
> int ret = 0;
> void *ldata;
> loff_t size;
> + char *buff_to_measure = NULL;
> + int buff_to_measure_size = 0;
>
> ret = kernel_read_file_from_fd(kernel_fd, &image->kernel_buf,
> &size, INT_MAX, READING_KEXEC_IMAGE);
> @@ -241,6 +243,16 @@ kimage_file_prepare_segments(struct kimage *image, int
> kernel_fd, int initrd_fd,
> ret = -EINVAL;
> goto out;
> }
> +
> + /* IMA measures the cmdline args passed to the next kernel*/
> + buff_to_measure_size =
> + kexec_cmdline_prepend_img_name(&buff_to_measure,
> + kernel_fd, image->cmdline_buf, image->cmdline_buf_len);
> +
> + ima_buffer_check(buff_to_measure, buff_to_measure_size,
> + "kexec_cmdline");
> +
> +
> }
>
> /* Call arch image load handlers */
> @@ -253,7 +265,9 @@ kimage_file_prepare_segments(struct kimage *image, int
> kernel_fd, int initrd_fd,
>
> image->image_loader_data = ldata;
> out:
> +
> /* In case of error, free up all allocated memory in this function */
> + kfree(buff_to_measure);
> if (ret)
> kimage_file_post_load_cleanup(image);
> return ret;
Re: [PATCH v3 2/4] add the buffer to the xattr
On Mon, 2019-04-29 at 14:47 -0700, Prakhar Srivastava wrote: > From: Prakhar Srivastava > > add the buffer to the xattr for a buffer case Please write full patch descriptions, here and in the other patches, explaining the current status with the motivation for the change. > > Signed-off-by: Prakhar Srivastava > --- < snip > > > @@ -630,17 +651,23 @@ static int process_buffer_measurement(const void *buff, > int size, > if (ret < 0) > goto err_out; > > - ret = ima_store_template(entry, violation, NULL, > + if (action & IMA_MEASURE) > + ret = ima_store_template(entry, violation, NULL, > buff, pcr); Although scripts/Lindent has its problems, it does a good job with code formatting. There's no reason here for the line breakage. Mimi
Re: [PATCH v3 1/4] added a new ima policy func buffer_check, and ima hook to measure the buffer hash into ima
On Mon, 2019-04-29 at 14:47 -0700, Prakhar Srivastava wrote:
> From: Prakhar Srivastava
>
> added a new ima policy func buffer_check, and ima hook to
> measure the buffer hash into ima logs.
When defining a new LSN/IMA hook please conform to the existing naming
conventions. Generally LSM hooks are specific to a particular
function. In this instance, the name of the hook would be something
like security_kexec_cmdline() or ima_kexec_cmdline(), which would call
the generic process_buffer_measurement() you've defined.
Mimi
>
> Signed-off-by: Prakhar Srivastava
> ---
> Documentation/ABI/testing/ima_policy | 1 +
> include/linux/ima.h | 5 ++
> security/integrity/ima/ima.h | 1 +
> security/integrity/ima/ima_api.c | 1 +
> security/integrity/ima/ima_main.c| 89
> security/integrity/ima/ima_policy.c | 8 +++
> 6 files changed, 105 insertions(+)
>
> diff --git a/Documentation/ABI/testing/ima_policy
> b/Documentation/ABI/testing/ima_policy
> index 74c6702de74e..12cfe3ff2dea 100644
> --- a/Documentation/ABI/testing/ima_policy
> +++ b/Documentation/ABI/testing/ima_policy
> @@ -29,6 +29,7 @@ Description:
> base: func:=
> [BPRM_CHECK][MMAP_CHECK][CREDS_CHECK][FILE_CHECK][MODULE_CHECK]
> [FIRMWARE_CHECK]
> [KEXEC_KERNEL_CHECK] [KEXEC_INITRAMFS_CHECK]
> + [BUFFER_CHECK]
> mask:= [[^]MAY_READ] [[^]MAY_WRITE] [[^]MAY_APPEND]
> [[^]MAY_EXEC]
> fsmagic:= hex value
> diff --git a/include/linux/ima.h b/include/linux/ima.h
> index dc12fbcf484c..f0abade74707 100644
> --- a/include/linux/ima.h
> +++ b/include/linux/ima.h
> @@ -26,6 +26,8 @@ extern int ima_read_file(struct file *file, enum
> kernel_read_file_id id);
> extern int ima_post_read_file(struct file *file, void *buf, loff_t size,
> enum kernel_read_file_id id);
> extern void ima_post_path_mknod(struct dentry *dentry);
> +extern void ima_buffer_check(const void *buff, int size,
> + const char *eventname);
>
> #ifdef CONFIG_IMA_KEXEC
> extern void ima_add_kexec_buffer(struct kimage *image);
> @@ -92,6 +94,9 @@ static inline void ima_post_path_mknod(struct dentry
> *dentry)
> return;
> }
>
> +static inline void ima_buffer_check(const void *buff, int size,
> + const char *eventname)
> +{}
> #endif /* CONFIG_IMA */
>
> #ifndef CONFIG_IMA_KEXEC
> diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
> index d213e835c498..de70df132575 100644
> --- a/security/integrity/ima/ima.h
> +++ b/security/integrity/ima/ima.h
> @@ -184,6 +184,7 @@ static inline unsigned long ima_hash_key(u8 *digest)
> hook(KEXEC_KERNEL_CHECK)\
> hook(KEXEC_INITRAMFS_CHECK) \
> hook(POLICY_CHECK) \
> + hook(BUFFER_CHECK) \
> hook(MAX_CHECK)
> #define __ima_hook_enumify(ENUM) ENUM,
>
> diff --git a/security/integrity/ima/ima_api.c
> b/security/integrity/ima/ima_api.c
> index c7505fb122d4..cb3f67b366f1 100644
> --- a/security/integrity/ima/ima_api.c
> +++ b/security/integrity/ima/ima_api.c
> @@ -169,6 +169,7 @@ void ima_add_violation(struct file *file, const unsigned
> char *filename,
> * subj=, obj=, type=, func=, mask=, fsmagic=
> * subj,obj, and type: are LSM specific.
> * func: FILE_CHECK | BPRM_CHECK | CREDS_CHECK | MMAP_CHECK | MODULE_CHECK
> + * | BUFFER_CHECK
> * mask: contains the permission mask
> * fsmagic: hex value
> *
> diff --git a/security/integrity/ima/ima_main.c
> b/security/integrity/ima/ima_main.c
> index 357edd140c09..3db3f3966ac7 100644
> --- a/security/integrity/ima/ima_main.c
> +++ b/security/integrity/ima/ima_main.c
> @@ -576,6 +576,95 @@ int ima_load_data(enum kernel_load_data_id id)
> return 0;
> }
>
> +/*
> + * process_buffer_measurement - Measure the buffer passed to ima log.
> + * (Instead of using the file hash the buffer hash is used).
> + * @buff - The buffer that needs to be added to the log
> + * @size - size of buffer(in bytes)
> + * @eventname - this is eventname used for the various buffers
> + * that can be measured.
> + *
> + * The buffer passed is added to the ima logs.
> + * If the sig template is used, then the sig field contains the buffer.
> + *
> + * On success return 0.
> + * On error cases surface errors from ima calls.
> + */
> +static int process_buffer_measurement(const void *buff, int size,
> + const char *eventname, const struct cred *cred,
> + u32 secid)
> +{
> + int ret = -EINVAL;
> + struct ima_template_entry *entry = NULL;
> + struct integrity_iint_cache tmp_iint, *iint = &tmp_iint;
> + struct ima_event_data event_data = {iint, NULL, NULL,
> + NULL, 0, NULL};
> + s
Re: [PATCH] x86/entry/64: randomize kernel stack offset upon syscall
* David Laight wrote: > It has already been measured - it is far too slow. I don't think proper buffering was tested, was it? Only a per syscall RDRAND overhead which I can imagine being not too good. > > Because calling tens of millions of system calls per second will > > deplete any non-CPU-RNG sources of entropy and will also starve all > > other users of random numbers, which might have a more legitimate > > need for randomness, such as the networking stack ... > > If the function you use to generate random numbers from the 'entropy > pool' isn't reversible (in a finite time) I don't think you really need > to worry about bits-in v bits-out. Ok. Thanks, Ingo
Re: [PATCH v3 1/4] ptrace: move clearing of TIF_SYSCALL_EMU flag to core
On Thu, May 02, 2019 at 06:13:30PM +0200, Oleg Nesterov wrote: > On 05/01, Sudeep Holla wrote: > > > > On Wed, May 01, 2019 at 06:13:30PM +0200, Oleg Nesterov wrote: > > > On 04/30, Sudeep Holla wrote: > > > > > > > > While the TIF_SYSCALL_EMU is set in ptrace_resume independent of any > > > > architecture, currently only powerpc and x86 unset the TIF_SYSCALL_EMU > > > > flag in ptrace_disable which gets called from ptrace_detach. > > > > > > > > Let's move the clearing of TIF_SYSCALL_EMU flag to __ptrace_unlink > > > > which gets executed from ptrace_detach and also keep it along with > > > > or close to clearing of TIF_SYSCALL_TRACE. > > > > > > > > Cc: Oleg Nesterov > > > > Cc: Paul Mackerras > > > > Cc: Michael Ellerman > > > > Cc: Thomas Gleixner > > > > Cc: Ingo Molnar > > > > Signed-off-by: Sudeep Holla > > > > > > Acked-by: Oleg Nesterov > > > > > > > Since 1/4 and 2/4 are completely independent of arm64 changes in 3&4/4, > > I prefer you take these via your tree. > > Sorry Sudeep, I can't do this, I need to reanimate my account on kernel.org. Ok, if you're happy for us to take them via arm64 with your ack, then we can do that as well. Just don't want to step on anybody's toes! Will
Re: [PATCH] ARM: multi_v7_defconfig: Enable panic and disk LED triggers
On Thu, May 2, 2019 at 4:33 PM Manivannan Sadhasivam wrote: > > Most development boards and devices have one or more LEDs. It is > useful during debugging if they can be wired to show different > behaviours such as disk or cpu activity or a load-average dependent > heartbeat. Enable panic and disk activity triggers so they can be tied > to LED activity during debugging as well. > > There was a similar patch which added these triggers for ARM64 as well: > https://patchwork.kernel.org/patch/10042681/ > > Signed-off-by: Manivannan Sadhasivam Reviewed-by: Amit Kucheria > --- > arch/arm/configs/multi_v7_defconfig | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/arch/arm/configs/multi_v7_defconfig > b/arch/arm/configs/multi_v7_defconfig > index 2e9fa5312616..466ccc305a05 100644 > --- a/arch/arm/configs/multi_v7_defconfig > +++ b/arch/arm/configs/multi_v7_defconfig > @@ -821,6 +821,8 @@ CONFIG_LEDS_TRIGGER_GPIO=y > CONFIG_LEDS_TRIGGER_DEFAULT_ON=y > CONFIG_LEDS_TRIGGER_TRANSIENT=y > CONFIG_LEDS_TRIGGER_CAMERA=y > +CONFIG_LEDS_TRIGGER_PANIC=y > +CONFIG_LEDS_TRIGGER_DISK=y > CONFIG_EDAC=y > CONFIG_EDAC_HIGHBANK_MC=y > CONFIG_EDAC_HIGHBANK_L2=y > -- > 2.17.1 >
Re: [v1] PCI: mediatek: Remove MSI inner domain
On Thu, Jan 31, 2019 at 08:49:57PM +0800, Jianjun Wang wrote:
> On Thu, 2019-01-31 at 09:44 +, Marc Zyngier wrote:
> > On 31/01/2019 09:19, Honghui Zhang wrote:
> > > On Tue, 2019-01-22 at 17:37 +0800, Jianjun Wang wrote:
> > >> There is no need to create the inner domain as a parent for MSI domian,
> > >> some feature has been implemented by MSI framework.
> > >>
> > >> Remove the inner domain and its irq chip, it will be more closer to
> > >> hardware implementation.
> >
> > This is not about being closer to any HW implementation. This is about
> > having a uniform way to deal with MSI controllers, no matter how they
> > are implemented by the HW.
> >
> > So maybe you could start by explaining what this is trying to achieve.
> >
> > >>
> > > Hi, jianjun, I'm not quite familiar with the irq_chip framework, It was
> > > under Marc's great help with the first version of irq_chip solution
> > > code. I would like you to add him for the review.
> > >
> > > Thanks.
> > >
> > >> Signed-off-by: Jianjun Wang
> > >> ---
> > >> drivers/pci/controller/pcie-mediatek.c | 86 +++---
> > >> 1 file changed, 37 insertions(+), 49 deletions(-)
> > >>
> > >> diff --git a/drivers/pci/controller/pcie-mediatek.c
> > >> b/drivers/pci/controller/pcie-mediatek.c
> > >> index 8d05df56158b..f996a9a6331f 100644
> > >> --- a/drivers/pci/controller/pcie-mediatek.c
> > >> +++ b/drivers/pci/controller/pcie-mediatek.c
> > >> @@ -169,7 +169,6 @@ struct mtk_pcie_soc {
> > >> * @slot: port slot
> > >> * @irq: GIC irq
> > >> * @irq_domain: legacy INTx IRQ domain
> > >> - * @inner_domain: inner IRQ domain
> > >> * @msi_domain: MSI IRQ domain
> > >> * @lock: protect the msi_irq_in_use bitmap
> > >> * @msi_irq_in_use: bit map for assigned MSI IRQ
> > >> @@ -190,7 +189,6 @@ struct mtk_pcie_port {
> > >> u32 slot;
> > >> int irq;
> > >> struct irq_domain *irq_domain;
> > >> -struct irq_domain *inner_domain;
> > >> struct irq_domain *msi_domain;
> > >> struct mutex lock;
> > >> DECLARE_BITMAP(msi_irq_in_use, MTK_MSI_IRQS_NUM);
> > >> @@ -418,22 +416,15 @@ static void mtk_msi_ack_irq(struct irq_data *data)
> > >> u32 hwirq = data->hwirq;
> > >>
> > >> writel(1 << hwirq, port->base + PCIE_IMSI_STATUS);
> > >> +writel(MSI_STATUS, port->base + PCIE_INT_STATUS);
> > >> }
> > >>
> > >> -static struct irq_chip mtk_msi_bottom_irq_chip = {
> > >> -.name = "MTK MSI",
> > >> -.irq_compose_msi_msg= mtk_compose_msi_msg,
> > >> -.irq_set_affinity = mtk_msi_set_affinity,
> > >> -.irq_ack= mtk_msi_ack_irq,
> > >> -};
> > >> -
> > >> -static int mtk_pcie_irq_domain_alloc(struct irq_domain *domain,
> > >> unsigned int virq,
> > >> - unsigned int nr_irqs, void *args)
> > >> +static irq_hw_number_t mtk_pcie_msi_get_hwirq(struct msi_domain_info
> > >> *info,
> > >> + msi_alloc_info_t *arg)
> > >> {
> > >> -struct mtk_pcie_port *port = domain->host_data;
> > >> -unsigned long bit;
> > >> +struct mtk_pcie_port *port = info->chip_data;
> > >> +irq_hw_number_t bit;
> > >>
> > >> -WARN_ON(nr_irqs != 1);
> > >> mutex_lock(&port->lock);
> > >>
> > >> bit = find_first_zero_bit(port->msi_irq_in_use,
> > >> MTK_MSI_IRQS_NUM);
> > >> @@ -446,18 +437,14 @@ static int mtk_pcie_irq_domain_alloc(struct
> > >> irq_domain *domain, unsigned int vir
> > >>
> > >> mutex_unlock(&port->lock);
> > >>
> > >> -irq_domain_set_info(domain, virq, bit, &mtk_msi_bottom_irq_chip,
> > >> -domain->host_data, handle_edge_irq,
> > >> -NULL, NULL);
> > >> -
> > >> -return 0;
> > >> +return bit;
> >
> > Why do you need to override the get_hwirq method? Using the generic
> > PCI/MSI version has the advantage of giving you a universal encoding
> > which makes debugging much easier.
>
> Hi Marc,
>
> In previous patch, we create a inner_domain as a parent for msi_domain,
> when we allocate a irq for MSI, the work flow of each domain will be the
> following:
>
> inner_domain:
> 1. Allocated a irq bit from bitmap as this domain's hwirq;
> 2. Mapping with system virtual irq number;
> 3. Set irq chip and irq handler;
> 4. Send MSI message to EP.
>
> msi_domain:
> 1. Calculate a hwirq;
> 2. Mapping with system virtual irq number;
> 3. Set irq chip which from info->chip and irq handler if defined in
> info.
> 4. Send MSI message to EP or trigger parent domain to send the message.
>
> The last three steps looks similar, if we override the get_hwirq method
> and set irq chip and handler to info structure, MSI framework will do
> the rest of thing. I think it will be more simple and easy to understand
> the driver's work flow.
>
> Further more, if we try to enhance
Re: [PATCH] x86/entry/64: randomize kernel stack offset upon syscall
* Andy Lutomirski wrote: > > 8 gigabits/sec sounds good throughput in principle, if there's no > > scalability pathologies with that. > > The latency is horrible. Latency would be amortized via batching anyway, so 8 gigabits/sec suggests something on the order of magnitude of 4 bits per cycle, right? With 64 bits extraction at a time that would be 16 cycles per 64-bit word, which isn't too bad, is it? But you are right that get_random_bytes() is probably faster, and also more generic. > > It would also be nice to know whether RDRAND does buffering > > *internally*, > > Not in a useful way :( Too bad ... > > Any non-CPU source of randomness for system calls and plans to add > > several extra function calls to every x86 system call is crazy talk I > > believe... > > I think that, in practice, the only real downside to enabling this > thing will be the jitter in syscall times. Although we could decide > that the benefit is a bit dubious and the whole thing isn't worth it. > But it will definitely be optional. Making it "optional" is not really a technical argument in any way though, either distros enable it in which case it's a de-facto default setting, or they don't, in which case it de-facto almost doesn't exist. Thanks, Ingo
Re: [PATCH] edac: sifive: Add EDAC platform driver for SiFive SoCs
Hi Yash,
Sorry for the delay on the earlier version of this - I was trying to work out
what happens
when multiple edac drivers probe based on DT...
On 02/05/2019 12:16, Yash Shah wrote:
> The initial ver of EDAC driver supports:
> - ECC event monitoring and reporting through the EDAC framework for SiFive
> L2 cache controller.
>
You probably don't want this bit preserved in the kernel log:
{
> This patch depends on patch
> 'RISC-V: sifive_l2_cache: Add L2 cache controller driver for SiFive SoCs'
> https://lkml.org/lkml/2019/5/2/309
}
> The EDAC driver registers for notifier events from the L2 cache controller
> driver (arch/riscv/mm/sifive_l2_cache.c) for L2 ECC events
>
> Signed-off-by: Yash Shah
> ---
(if you put it here, it gets discarded when the patch is applied)
Having an separately posted dependency like this is tricky, as this code can't
be
used/tested until the other bits are merged.
> MAINTAINERS| 6 +++
> arch/riscv/Kconfig | 1 +
> drivers/edac/Kconfig | 6 +++
> drivers/edac/Makefile | 1 +
> drivers/edac/sifive_edac.c | 121
> +
> 5 files changed, 135 insertions(+)
> create mode 100644 drivers/edac/sifive_edac.c
> diff --git a/drivers/edac/sifive_edac.c b/drivers/edac/sifive_edac.c
> new file mode 100644
> index 000..eb7a9b9
> --- /dev/null
> +++ b/drivers/edac/sifive_edac.c
> @@ -0,0 +1,121 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * SiFive Platform EDAC Driver
> + *
> + * Copyright (C) 2018-2019 SiFive, Inc.
> + *
> + * This driver is partially based on octeon_edac-pc.c
> + *
> + */
> +#include
> +#include
> +#include "edac_module.h"
> +
> +#define DRVNAME "sifive_edac"
> +
> +extern int register_sifive_l2_error_notifier(struct notifier_block *nb);
> +extern int unregister_sifive_l2_error_notifier(struct notifier_block *nb);
Ideally these would live in some header file.
> +struct sifive_edac_priv {
> + struct notifier_block notifier;
> + struct edac_device_ctl_info *dci;
> +};
> +
> +/**
> + * EDAC error callback
> + *
> + * @event: non-zero if unrecoverable.
> + */
> +static
> +int ecc_err_event(struct notifier_block *this, unsigned long event, void
> *ptr)
> +{
> + const char *msg = (char *)ptr;
> + struct sifive_edac_priv *p;
> +
> + p = container_of(this, struct sifive_edac_priv, notifier);
> +
> + if (event)
> + edac_device_handle_ue(p->dci, 0, 0, msg);
> + else
> + edac_device_handle_ce(p->dci, 0, 0, msg);
This would be easier to read if your SIFIVE_L2_ERR_TYPE_UE were exposed via
some header file.
> +
> + return NOTIFY_STOP;
Your notifier register calls are EXPORT_SYMBOL()d, but Kconfig forbids building
this as a
module, so its not for this driver. If there is another user of this
notifier-chain, won't
NOTIFY_STOP here break it?
> +}
> +
> +static int ecc_register(struct platform_device *pdev)
> +{
> + struct sifive_edac_priv *p;
> +
> + p = devm_kzalloc(&pdev->dev, sizeof(*p), GFP_KERNEL);
> + if (!p)
> + return -ENOMEM;
> +
> + p->notifier.notifier_call = ecc_err_event;
> + platform_set_drvdata(pdev, p);
> +
> + p->dci = edac_device_alloc_ctl_info(sizeof(*p), "sifive_ecc", 1,
sizeof(*p) here is how much space in struct edac_device_ctl_info you need for
private
storage... but you never touch p->dci->pvt_info, so you aren't using it.
0?
> + "sifive_ecc", 1, 1, NULL, 0,
> + edac_device_alloc_index());
> + if (IS_ERR(p->dci))
> + return PTR_ERR(p->dci);
> +
> + p->dci->dev = &pdev->dev;
> + p->dci->mod_name = "Sifive ECC Manager";
> + p->dci->ctl_name = dev_name(&pdev->dev);
> + p->dci->dev_name = dev_name(&pdev->dev);
> +
> + if (edac_device_add_device(p->dci)) {
> + dev_err(p->dci->dev, "failed to register with EDAC core\n");
> + goto err;
> + }
> +
> + register_sifive_l2_error_notifier(&p->notifier);
> +
> + return 0;
> +
> +err:
> + edac_device_free_ctl_info(p->dci);
> +
> + return -ENXIO;
> +}
> +struct platform_device *sifive_pdev;
static?
> +static int __init sifive_edac_init(void)
> +{
> + int ret;
> +
> + sifive_pdev = platform_device_register_simple(DRVNAME, 0, NULL, 0);
> + if (IS_ERR(sifive_pdev))
> + return PTR_ERR(sifive_pdev);
> +
> + ret = ecc_register(sifive_pdev);
> + if (ret)
> + platform_device_unregister(sifive_pdev);
> +
> + return ret;
> +}
> +
> +static void __exit sifive_edac_exit(void)
> +{
> + ecc_unregister(sifive_pdev);
> + platform_device_unregister(sifive_pdev);
> +}
Looks good to me. I think this patch should go with its two dependencies, I'm
not sure why
it got split off...
Reviewed-by: James Morse
Thanks,
James
Re: [PATCH v2] kasan: Initialize tag to 0xff in __kasan_kmalloc
On Thu, May 2, 2019 at 6:31 PM Nathan Chancellor
wrote:
>
> When building with -Wuninitialized and CONFIG_KASAN_SW_TAGS unset, Clang
> warns:
>
> mm/kasan/common.c:484:40: warning: variable 'tag' is uninitialized when
> used here [-Wuninitialized]
> kasan_unpoison_shadow(set_tag(object, tag), size);
> ^~~
>
> set_tag ignores tag in this configuration but clang doesn't realize it
> at this point in its pipeline, as it points to arch_kasan_set_tag as
> being the point where it is used, which will later be expanded to
> (void *)(object) without a use of tag. Initialize tag to 0xff, as it
> removes this warning and doesn't change the meaning of the code.
>
> Link: https://github.com/ClangBuiltLinux/linux/issues/465
> Signed-off-by: Nathan Chancellor
Reviewed-by: Andrey Konovalov
Thanks!
> ---
>
> v1 -> v2:
>
> * Initialize tag to 0xff at Andrey's request
>
> mm/kasan/common.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/mm/kasan/common.c b/mm/kasan/common.c
> index 36afcf64e016..242fdc01aaa9 100644
> --- a/mm/kasan/common.c
> +++ b/mm/kasan/common.c
> @@ -464,7 +464,7 @@ static void *__kasan_kmalloc(struct kmem_cache *cache,
> const void *object,
> {
> unsigned long redzone_start;
> unsigned long redzone_end;
> - u8 tag;
> + u8 tag = 0xff;
>
> if (gfpflags_allow_blocking(flags))
> quarantine_reduce();
> --
> 2.21.0
>
> --
> You received this message because you are subscribed to the Google Groups
> "kasan-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kasan-dev+unsubscr...@googlegroups.com.
> To post to this group, send email to kasan-...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/kasan-dev/20190502163057.6603-1-natechancellor%40gmail.com.
> For more options, visit https://groups.google.com/d/optout.
RE: [PATCH] x86/entry/64: randomize kernel stack offset upon syscall
From: Ingo Molnar > Sent: 02 May 2019 16:09 > * Andy Lutomirski wrote: > > > Or we decide that calling get_random_bytes() is okay with IRQs off and > > this all gets a bit simpler. > > BTW., before we go down this path any further, is the plan to bind this > feature to a real CPU-RNG capability, i.e. to the RDRAND instruction, > which excludes a significant group of x86 of CPUs? It has already been measured - it is far too slow. Even just using 6 bits so it doesn't have to be read every system call is probably a significant overhead (I don't think that was tested though). I do agree that using 'real' randomness is probably OTT here. > Because calling tens of millions of system calls per second will deplete > any non-CPU-RNG sources of entropy and will also starve all other users > of random numbers, which might have a more legitimate need for > randomness, such as the networking stack ... If the function you use to generate random numbers from the 'entropy pool' isn't reversible (in a finite time) I don't think you really need to worry about bits-in v bits-out. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
Re: [PATCH] x86/entry/64: randomize kernel stack offset upon syscall
On Thu, May 2, 2019 at 8:09 AM Ingo Molnar wrote: > > > * Andy Lutomirski wrote: > > > Or we decide that calling get_random_bytes() is okay with IRQs off and > > this all gets a bit simpler. > > BTW., before we go down this path any further, is the plan to bind this > feature to a real CPU-RNG capability, i.e. to the RDRAND instruction, > which excludes a significant group of x86 of CPUs? It's kind of the opposite. Elena benchmarked it, and RDRAND's performance was truly awful here. > > Because calling tens of millions of system calls per second will deplete > any non-CPU-RNG sources of entropy and will also starve all other users > of random numbers, which might have a more legitimate need for > randomness, such as the networking stack ... There's no such thing as "starving" other users in this context. The current core RNG code uses a cryptographic RNG that has no limits on the number of bytes extracted. If you want the entropy-accounted stuff, you can use /dev/random, which is separate. > 8 gigabits/sec sounds good throughput in principle, if there's no > scalability pathologies with that. The latency is horrible. > > It would also be nice to know whether RDRAND does buffering *internally*, Not in a useful way :( > Any non-CPU source of randomness for system calls and plans to add > several extra function calls to every x86 system call is crazy talk I > believe... I think that, in practice, the only real downside to enabling this thing will be the jitter in syscall times. Although we could decide that the benefit is a bit dubious and the whole thing isn't worth it. But it will definitely be optional.
[PATCH v2] kasan: Initialize tag to 0xff in __kasan_kmalloc
When building with -Wuninitialized and CONFIG_KASAN_SW_TAGS unset, Clang
warns:
mm/kasan/common.c:484:40: warning: variable 'tag' is uninitialized when
used here [-Wuninitialized]
kasan_unpoison_shadow(set_tag(object, tag), size);
^~~
set_tag ignores tag in this configuration but clang doesn't realize it
at this point in its pipeline, as it points to arch_kasan_set_tag as
being the point where it is used, which will later be expanded to
(void *)(object) without a use of tag. Initialize tag to 0xff, as it
removes this warning and doesn't change the meaning of the code.
Link: https://github.com/ClangBuiltLinux/linux/issues/465
Signed-off-by: Nathan Chancellor
---
v1 -> v2:
* Initialize tag to 0xff at Andrey's request
mm/kasan/common.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mm/kasan/common.c b/mm/kasan/common.c
index 36afcf64e016..242fdc01aaa9 100644
--- a/mm/kasan/common.c
+++ b/mm/kasan/common.c
@@ -464,7 +464,7 @@ static void *__kasan_kmalloc(struct kmem_cache *cache,
const void *object,
{
unsigned long redzone_start;
unsigned long redzone_end;
- u8 tag;
+ u8 tag = 0xff;
if (gfpflags_allow_blocking(flags))
quarantine_reduce();
--
2.21.0
Re: [RFC][PATCH 1/2] x86: Allow breakpoints to emulate call functions
On Thu, May 02, 2019 at 06:21:33PM +0200, Peter Zijlstra wrote: > Much thanks to Joerg Roedel for talking entry_32.S with me. > > TL;DR, on x86_32 kernel->kernel IRET frames are only 3 entries and do > not include ESP/SS, so not only wasn't regs->sp setup, if you changed it > it wouldn't be effective and corrupt random stack state. Also, i386 is bloody insane...
Re: [PATCH] x86/fpu: Remove the _GPL from the kernel_fpu_begin/end() export
On Thu, May 2, 2019 at 8:41 AM Sebastian Andrzej Siewior
wrote:
>
> On 2019-05-02 07:42:14 [-0700], Andy Lutomirski wrote:
> > The FPU is not a super-Linuxy internal detail, so remove the _GPL
> > from its export. Without something like this patch, it's impossible
> > for even highly license-respecting non-GPL modules to use the FPU,
> > which seems silly to me. After all, the FPU is a CPU feature, not
> > really a kernel feature at all.
> >
> > Cc: Sebastian Andrzej Siewior
> > Cc:: Borislav Petkov
> > Cc: Rik van Riel
> > Cc: "H. Peter Anvin"
> > Cc: "Jason A. Donenfeld"
> > Cc: Ard Biesheuvel
> > Cc: Dave Hansen
> > Cc: Ingo Molnar
> > Cc: Nicolai Stange
> > Cc: Paolo Bonzini
> > Cc: Radim Krčmář
> > Cc: Thomas Gleixner
> > Cc: x...@kernel.org
> > Cc: sta...@vger.kernel.org
> > Fixes: 12209993e98c ("x86/fpu: Don't export __kernel_fpu_{begin,end}()")
> > Signed-off-by: Andy Lutomirski
> > ---
> >
> > This fixes a genuine annoyance for ZFS on Linux. Regardless of what
> > one may think about the people who distribute ZFS on Linux
> > *binaries*, as far as I know, the source and the users who build it
> > themselves are entirely respectful of everyone's license. I have no
> > problem with EXPORT_SYMBOL_GPL() in general, but let's please avoid
> > using it for things that aren't fundamentally Linux internals.
>
> Please don't start this. We have everything _GPL that is used for FPU
> related code and only a few functions are exported because KVM needs it.
> Also with the recent FPU rework it is much easier to get this wrong so I
> would not want for any OOT code to mess with it.
>
I'm not saying that we should export things for ZFS's benefit. But,
as far as I know, _GPL means "this interface is sufficiently specific
to Linux details that we think that any user must be a derived work".
I don't think that kernel_fpu_begin() is an example of that.
--Andy
Re: [PATCH] kexec_buffer measure
On 5/2/2019 8:48 AM, Mimi Zohar wrote: [Cc'ing Paul, John, Casey] On Mon, 2019-04-22 at 20:18 -0400, Mimi Zohar wrote: [Cc'ing LSM mailing list] On Fri, 2019-04-19 at 17:30 -0700, prakhar srivastava wrote: 2) Adding a LSM hook We are doing both the command line and kernel version measurement in IMA. Can you please elaborate on how this can be used outside of the scenario? That will help me come back with a better design and code. I am neutral about this. As I said previously, initially you might want to only measure the kexec boot command line, but will you ever want to verify or audit log the boot command line hash?Perhaps LSMs would be interested in the boot command line. ??Should this be an LSM hook? From an LSM perspective, is there any interest in the boot command line? I can imagine an LSM that cares about the command line, but I don't have interest in it for any work I have in progress. Mimi
Re: [PATCH] kexec_buffer measure
On 5/2/2019 8:48 AM, Mimi Zohar wrote: [Cc'ing Paul, John, Casey] On Mon, 2019-04-22 at 20:18 -0400, Mimi Zohar wrote: [Cc'ing LSM mailing list] On Fri, 2019-04-19 at 17:30 -0700, prakhar srivastava wrote: 2) Adding a LSM hook We are doing both the command line and kernel version measurement in IMA. Can you please elaborate on how this can be used outside of the scenario? That will help me come back with a better design and code. I am neutral about this. As I said previously, initially you might want to only measure the kexec boot command line, but will you ever want to verify or audit log the boot command line hash?Perhaps LSMs would be interested in the boot command line. ??Should this be an LSM hook? From an LSM perspective, is there any interest in the boot command line? I can imagine an LSM that cares about the command line, but I have an interest in it for any work I have in progress. Mimi
Re: [PATCH] kasan: Zero initialize tag in __kasan_kmalloc
On Thu, May 2, 2019 at 5:36 PM Nathan Chancellor
wrote:
>
> When building with -Wuninitialized and CONFIG_KASAN_SW_TAGS unset, Clang
> warns:
>
> mm/kasan/common.c:484:40: warning: variable 'tag' is uninitialized when
> used here [-Wuninitialized]
> kasan_unpoison_shadow(set_tag(object, tag), size);
> ^~~
>
> set_tag ignores tag in this configuration but clang doesn't realize it
> at this point in its pipeline, as it points to arch_kasan_set_tag as
> being the point where it is used, which will later be expanded to
> (void *)(object) without a use of tag. Just zero initialize tag, as it
> removes this warning and doesn't change the meaning of the code.
>
> Link: https://github.com/ClangBuiltLinux/linux/issues/465
> Signed-off-by: Nathan Chancellor
> ---
> mm/kasan/common.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/mm/kasan/common.c b/mm/kasan/common.c
> index 36afcf64e016..4c5af68f2a8b 100644
> --- a/mm/kasan/common.c
> +++ b/mm/kasan/common.c
> @@ -464,7 +464,7 @@ static void *__kasan_kmalloc(struct kmem_cache *cache,
> const void *object,
> {
> unsigned long redzone_start;
> unsigned long redzone_end;
> - u8 tag;
> + u8 tag = 0;
Hi Nathan,
Could you change this value to 0xff? This doesn't make any difference,
since set_tag() ignores the tag anyway, but is less confusing, as all
the non-tagged kernel pointers have 0xff in the top byte.
Thanks!
>
> if (gfpflags_allow_blocking(flags))
> quarantine_reduce();
> --
> 2.21.0
>
> --
> You received this message because you are subscribed to the Google Groups
> "kasan-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kasan-dev+unsubscr...@googlegroups.com.
> To post to this group, send email to kasan-...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/kasan-dev/20190502153538.2326-1-natechancellor%40gmail.com.
> For more options, visit https://groups.google.com/d/optout.
Re: [PATCH] mm/hmm: add ARCH_HAS_HMM_MIRROR ARCH_HAS_HMM_DEVICE Kconfig
On Wed, May 01, 2019 at 12:23:58PM -0700, Guenter Roeck wrote: > On Wed, May 01, 2019 at 02:38:51PM -0400, Jerome Glisse wrote: > > Andrew just the patch that would be nice to get in 5.2 so i can fix > > device driver Kconfig before doing the real update to mm HMM Kconfig > > > > On Wed, Apr 17, 2019 at 05:11:41PM -0400, jgli...@redhat.com wrote: > > > From: Jérôme Glisse > > > > > > This patch just add 2 new Kconfig that are _not use_ by anyone. I check > > > that various make ARCH=somearch allmodconfig do work and do not complain. > > > This new Kconfig need to be added first so that device driver that do > > > depend on HMM can be updated. > > > > > > Once drivers are updated then i can update the HMM Kconfig to depends > > > on this new Kconfig in a followup patch. > > > > > I am probably missing something, but why not submit the entire series > together ? > That might explain why XARRAY_MULTI is enabled below, and what the series is > about. Additional comments below. > > > > Signed-off-by: Jérôme Glisse > > > Cc: Guenter Roeck > > > Cc: Leon Romanovsky > > > Cc: Jason Gunthorpe > > > Cc: Andrew Morton > > > Cc: Ralph Campbell > > > Cc: John Hubbard > > > --- > > > mm/Kconfig | 16 > > > 1 file changed, 16 insertions(+) > > > > > > diff --git a/mm/Kconfig b/mm/Kconfig > > > index 25c71eb8a7db..daadc9131087 100644 > > > --- a/mm/Kconfig > > > +++ b/mm/Kconfig > > > @@ -676,6 +676,22 @@ config ZONE_DEVICE > > > > > > If FS_DAX is enabled, then say Y. > > > > > > +config ARCH_HAS_HMM_MIRROR > > > + bool > > > + default y > > > + depends on (X86_64 || PPC64) > > > + depends on MMU && 64BIT > > > + > > > +config ARCH_HAS_HMM_DEVICE > > > + bool > > > + default y > > > + depends on (X86_64 || PPC64) > > > + depends on MEMORY_HOTPLUG > > > + depends on MEMORY_HOTREMOVE > > > + depends on SPARSEMEM_VMEMMAP > > > + depends on ARCH_HAS_ZONE_DEVICE > > This is almost identical to ARCH_HAS_HMM except ARCH_HAS_HMM > depends on ZONE_DEVICE and MMU && 64BIT. ARCH_HAS_HMM_MIRROR > and ARCH_HAS_HMM_DEVICE together almost match ARCH_HAS_HMM, > except for the ARCH_HAS_ZONE_DEVICE vs. ZONE_DEVICE dependency. > And ZONE_DEVICE selects XARRAY_MULTI, meaning there is really > substantial overlap. > > Not really my concern, but personally I'd like to see some > reasoning why the additional options are needed .. thus the > question above, why not submit the series together ? > There is no serie here, this is about solving Kconfig for HMM given that device driver are going through their own tree we want to avoid changing them from the mm tree. So plan is: 1 - Kernel release N add the new Kconfig to mm/Kconfig (this patch) 2 - Kernel release N+1 update driver to depend on new Kconfig ie stop using ARCH_HASH_HMM and start using ARCH_HAS_HMM_MIRROR and ARCH_HAS_HMM_DEVICE (one or the other or both depending on the driver) 3 - Kernel release N+2 remove ARCH_HASH_HMM and do final Kconfig update in mm/Kconfig This has been discuss in the past and while it is bit painfull it is the easiest solution (outside git topic branch but mm tree is not merge as git). Cheers, Jérôme
Re: [PATCH net] cls_matchall: avoid panic when receiving a packet before filter set
On Thu, May 2, 2019 at 1:55 AM Matteo Croce wrote: > > On Thu, May 2, 2019 at 10:51 AM Matteo Croce wrote: > > > > When a matchall classifier is added, there is a small time interval in > > which tp->root is NULL. If we receive a packet in this small time slice > > a NULL pointer dereference will happen, leading to a kernel panic: > > > > Hi, > > I forgot to mark it as v2. Will someone handle it, or I have to > resubmit a v2 or v3? As long as David doesn't get confused on which one he should apply, it is okay. Thanks.
Re: [RFC][PATCH 1/2] x86: Allow breakpoints to emulate call functions
On Wed, May 01, 2019 at 11:24:12PM -0400, Steven Rostedt wrote: > On Wed, 01 May 2019 16:28:31 -0400 > Steven Rostedt wrote: > > > diff --git a/arch/x86/entry/entry_32.S b/arch/x86/entry/entry_32.S > > index d309f30cf7af..50bbf4035baf 100644 > > --- a/arch/x86/entry/entry_32.S > > +++ b/arch/x86/entry/entry_32.S > > @@ -1478,6 +1478,17 @@ ENTRY(int3) > > ASM_CLAC > > pushl $-1 # mark this as an int > > > > +#ifdef CONFIG_VM86 > > + testl $X86_EFLAGS_VM, PT_EFLAGS(%esp) > > + jnz .Lfrom_usermode_no_gap > > +#endif > > + testl $SEGMENT_RPL_MASK, PT_CS(%esp) > > + jnz .Lfrom_usermode_no_gap > > + .rept 6 > > + pushl 5*4(%esp) > > + .endr > > +.Lfrom_usermode_no_gap: > > + > > SAVE_ALL switch_stacks=1 > > ENCODE_FRAME_POINTER > > TRACE_IRQS_OFF > > This failed to work on 32 bit at all (crashed and burned badly - triple > fault!). Indeed so; find a working version below (albeit with a lot of debug garbage still in). It also includes the self-test code that Andy wanted -- it's what I used to debug this mess. Much thanks to Joerg Roedel for talking entry_32.S with me. TL;DR, on x86_32 kernel->kernel IRET frames are only 3 entries and do not include ESP/SS, so not only wasn't regs->sp setup, if you changed it it wouldn't be effective and corrupt random stack state. --- arch/x86/entry/entry_32.S| 87 +++--- arch/x86/entry/entry_64.S| 14 - arch/x86/include/asm/text-patching.h | 20 ++ arch/x86/kernel/alternative.c| 116 +-- arch/x86/kernel/traps.c | 1 + 5 files changed, 225 insertions(+), 13 deletions(-) diff --git a/arch/x86/entry/entry_32.S b/arch/x86/entry/entry_32.S index 7b23431be5cb..01c5bdbe5f39 100644 --- a/arch/x86/entry/entry_32.S +++ b/arch/x86/entry/entry_32.S @@ -203,7 +203,7 @@ .Lend_\@: .endm -.macro SAVE_ALL pt_regs_ax=%eax switch_stacks=0 +.macro SAVE_ALL pt_regs_ax=%eax switch_stacks=0 clear_cs=1 cld PUSH_GS pushl %fs @@ -225,7 +225,7 @@ /* Switch to kernel stack if necessary */ .if \switch_stacks > 0 - SWITCH_TO_KERNEL_STACK + SWITCH_TO_KERNEL_STACK \clear_cs .endif .endm @@ -377,8 +377,9 @@ #define CS_FROM_ENTRY_STACK(1 << 31) #define CS_FROM_USER_CR3 (1 << 30) +#define CS_FROM_INT3 (1 << 29) -.macro SWITCH_TO_KERNEL_STACK +.macro SWITCH_TO_KERNEL_STACK clear_cs=1 ALTERNATIVE "", "jmp .Lend_\@", X86_FEATURE_XENPV @@ -391,12 +392,13 @@ * that register for the time this macro runs */ + .if \clear_cs /* -* The high bits of the CS dword (__csh) are used for -* CS_FROM_ENTRY_STACK and CS_FROM_USER_CR3. Clear them in case -* hardware didn't do this for us. +* The high bits of the CS dword (__csh) are used for CS_FROM_*. Clear +* them in case hardware didn't do this for us. */ andl$(0x), PT_CS(%esp) + .endif /* Are we on the entry stack? Bail out if not! */ movlPER_CPU_VAR(cpu_entry_area), %ecx @@ -1019,6 +1021,29 @@ ENTRY(entry_INT80_32) /* Restore user state */ RESTORE_REGS pop=4 # skip orig_eax/error_code .Lirq_return: + testl $CS_FROM_INT3, 4(%esp) + jz .Lno_iret_fixup + + /* +* Undo the magic from ENTRY(int3), in particular consider the case +* where regs->sp has been modified. +*/ + + pushl %eax + movl%esp, %eax + + movl4*4(%eax), %esp # restore (modified) regs->sp + + /* rebuild IRET frame */ + pushl 3*4(%eax) # flags + pushl 2*4(%eax) # cs + pushl 1*4(%eax) # ip + + andl$0x, 4(%esp)# clear high CS bits + + movl(%eax), %eax# restore eax + +.Lno_iret_fixup: /* * ARCH_HAS_MEMBARRIER_SYNC_CORE rely on IRET core serialization * when returning from IPI handler and when returning from @@ -1477,9 +1502,57 @@ END(nmi) ENTRY(int3) ASM_CLAC + + /* +* The high bits of the CS dword (__csh) are used for CS_FROM_*. Clear +* them in case hardware didn't do this for us. +*/ + andl$0x, 4(%esp) + +#ifdef CONFIG_VM86 + testl $X86_EFLAGS_VM, 8(%esp) + jnz .Lfrom_usermode_no_gap +#endif + testl $SEGMENT_RPL_MASK, 4(%esp) + jnz .Lfrom_usermode_no_gap + + /* +* Here from kernel mode; so the (exception) stack looks like: +* +* 12(esp) - +* 8(esp) - flags +* 4(esp) - cs +* 0(esp) - ip +* +* Lets build a 5 entry IRET frame after that, such that struct pt_regs +* is complete and in particular regs->sp is correct. This gives us +* the original 3 enties as gap: +
Re: [GIT PULL] MTD fixes for 5.1 final
The pull request you sent on Thu, 2 May 2019 10:54:06 +0200 (CEST): > git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux.git > tags/mtd/fixes-for-5.1-rc6 has been merged into torvalds/linux.git: https://git.kernel.org/torvalds/c/e2a4b102d48be7f6055e0e70696ab243ee791e51 Thank you! -- Deet-doot-dot, I am a bot. https://korg.wiki.kernel.org/userdoc/prtracker
Re: [GIT PULL] PCI fixes for v5.1
The pull request you sent on Thu, 2 May 2019 08:55:38 -0500: > git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci.git > tags/pci-v5.1-fixes-3 has been merged into torvalds/linux.git: https://git.kernel.org/torvalds/c/b7a5b22b05472704ca3e891a3a3c7769c057413a Thank you! -- Deet-doot-dot, I am a bot. https://korg.wiki.kernel.org/userdoc/prtracker
Re: [PATCH v3 1/4] ptrace: move clearing of TIF_SYSCALL_EMU flag to core
On 05/01, Sudeep Holla wrote: > > On Wed, May 01, 2019 at 06:13:30PM +0200, Oleg Nesterov wrote: > > On 04/30, Sudeep Holla wrote: > > > > > > While the TIF_SYSCALL_EMU is set in ptrace_resume independent of any > > > architecture, currently only powerpc and x86 unset the TIF_SYSCALL_EMU > > > flag in ptrace_disable which gets called from ptrace_detach. > > > > > > Let's move the clearing of TIF_SYSCALL_EMU flag to __ptrace_unlink > > > which gets executed from ptrace_detach and also keep it along with > > > or close to clearing of TIF_SYSCALL_TRACE. > > > > > > Cc: Oleg Nesterov > > > Cc: Paul Mackerras > > > Cc: Michael Ellerman > > > Cc: Thomas Gleixner > > > Cc: Ingo Molnar > > > Signed-off-by: Sudeep Holla > > > > Acked-by: Oleg Nesterov > > > > Since 1/4 and 2/4 are completely independent of arm64 changes in 3&4/4, > I prefer you take these via your tree. Sorry Sudeep, I can't do this, I need to reanimate my account on kernel.org. Oleg.
Re: [RFC] Disable lockref on arm64
On Thu, May 2, 2019 at 1:27 AM Jan Glauber wrote: > > I'll see how x86 runs the same testcase, I thought that playing > cacheline ping-pong is not the optimal use case for any CPU. Oh, ping-pong is always bad. But from past experience, x86 tends to be able to always do tight a cmpxchg loop without failing more than a once or twice, which is all you need for things like this. And it's "easy" to do in hardware on a CPU: all you need to do is guarantee that when you have a cmpxchg loop, the cacheline is sticky enough that it stays around at the local CPU for the duration of one loop entry (ie from one cmpxchg to the next). Obviously you can do that wrong too, and make cachelines *too* sticky, and then you get fairness issues. But it really sounds like what happens for your ThunderX2 case, the different CPU's steal each others cachelines so quickly that even when you get the cacheline, you don't then get to update it. Does ThunderX2 do LSE atomics? Are the acquire/release versions really slow, perhaps, and more or less serializing (maybe it does the "release" logic even when the store _fails_?), so that doing two back-to-back cmpxchg ends up taking the core a "long" time, so that the cache subsystem then steals it easily in between cmpxchg's in a loop? Does the L1 cache maybe have no way to keep a line around from one cmpxchg to the next? This is (one example) where having a CPU and an interconnect that works together matters. And yes, it probably needs a few generations of hardware tuning where people see problems and fix them. Linus
[PATCH v4] platform/chrome: mfd/cros_ec_debugfs: Add debugfs entry to retrieve EC uptime.
The new debugfs entry 'uptime' is being made available to userspace so that
a userspace daemon can synchronize EC logs with host time.
Signed-off-by: Tim Wawrzynczak
---
Enric, is there something I can do to help speed this along? This patch
is useful for ChromeOS board bringup, and we would like to see it upstreamed
if at all possible.
Also, AFAIK only the cros_ec supports the 'uptime' command for now.
And yes, the file does need to be seekable; the userspace daemon that
consumes the file keeps the file open and seeks back to the beginning
to get the latest uptime value.
Based on your second response to v3, I kept the separate 'create_uptime'
function b/c of the logic for checking support for the uptime command.
Let me know if you'd like me to move all of that logic into _probe.
Changelist from v3:
1) Don't check return values of debugfs_* functions.
2) Only expose 'uptime' file if EC supports it.
---
Documentation/ABI/testing/debugfs-cros-ec | 10 +++
drivers/platform/chrome/cros_ec_debugfs.c | 78 +++
2 files changed, 88 insertions(+)
create mode 100644 Documentation/ABI/testing/debugfs-cros-ec
diff --git a/Documentation/ABI/testing/debugfs-cros-ec
b/Documentation/ABI/testing/debugfs-cros-ec
new file mode 100644
index ..24b781c67a4c
--- /dev/null
+++ b/Documentation/ABI/testing/debugfs-cros-ec
@@ -0,0 +1,10 @@
+What: /sys/kernel/debug/cros_ec/uptime
+Date: March 2019
+KernelVersion: 5.1
+Description:
+ Read-only.
+ Reads the EC's current uptime information
+ (using EC_CMD_GET_UPTIME_INFO) and prints
+ time_since_ec_boot_ms into the file.
+ This is used for synchronizing AP host time
+ with the cros_ec log.
diff --git a/drivers/platform/chrome/cros_ec_debugfs.c
b/drivers/platform/chrome/cros_ec_debugfs.c
index 71308766e891..226545a2150b 100644
--- a/drivers/platform/chrome/cros_ec_debugfs.c
+++ b/drivers/platform/chrome/cros_ec_debugfs.c
@@ -201,6 +201,50 @@ static int cros_ec_console_log_release(struct inode
*inode, struct file *file)
return 0;
}
+static int cros_ec_get_uptime(struct cros_ec_device *ec_dev, u32 *uptime)
+{
+ struct {
+ struct cros_ec_command msg;
+ struct ec_response_uptime_info resp;
+ } __packed ec_buf;
+ struct ec_response_uptime_info *resp;
+ struct cros_ec_command *msg;
+
+ msg = &ec_buf.msg;
+ resp = (struct ec_response_uptime_info *)msg->data;
+
+ msg->command = EC_CMD_GET_UPTIME_INFO;
+ msg->version = 0;
+ msg->insize = sizeof(*resp);
+ msg->outsize = 0;
+
+ ret = cros_ec_cmd_xfer_status(ec_dev, msg);
+ if (ret < 0)
+ return ret;
+
+ *uptime = resp->time_since_ec_boot_ms;
+ return 0;
+}
+
+static ssize_t cros_ec_uptime_read(struct file *file,
+ char __user *user_buf,
+ size_t count,
+ loff_t *ppos)
+{
+ struct cros_ec_debugfs *debug_info = file->private_data;
+ struct cros_ec_device *ec_dev = debug_info->ec->ec_dev;
+ char read_buf[32];
+ int ret;
+ u32 uptime;
+
+ ret = cros_ec_get_uptime(ec_dev, &uptime);
+ if (ret < 0)
+ return ret;
+
+ ret = scnprintf(read_buf, sizeof(read_buf), "%u\n", uptime);
+ return simple_read_from_buffer(user_buf, count, ppos, read_buf, ret);
+}
+
static ssize_t cros_ec_pdinfo_read(struct file *file,
char __user *user_buf,
size_t count,
@@ -269,6 +313,13 @@ const struct file_operations cros_ec_pdinfo_fops = {
.llseek = default_llseek,
};
+const struct file_operations cros_ec_uptime_fops = {
+ .owner = THIS_MODULE,
+ .open = simple_open,
+ .read = cros_ec_uptime_read,
+ .llseek = default_llseek,
+};
+
static int ec_read_version_supported(struct cros_ec_dev *ec)
{
struct ec_params_get_cmd_versions_v1 *params;
@@ -413,6 +464,29 @@ static int cros_ec_create_pdinfo(struct cros_ec_debugfs
*debug_info)
return 0;
}
+static int cros_ec_create_uptime(struct cros_ec_debugfs *debug_info)
+{
+ struct cros_ec_debugfs *debug_info = file->private_data;
+ struct cros_ec_device *ec_dev = debug_info->ec->ec_dev;
+ u32 uptime;
+ int ret;
+
+ /*
+* If the EC does not support the uptime command, which is
+* indicated by xfer_status() returning -EINVAL, then no
+* debugfs entry will be created.
+*/
+ ret = cros_ec_get_uptime(ec_dev, &uptime);
+
+ if (ret == -EINVAL)
+ return supported;
+
+ debugfs_create_file("uptime", 0444, debug_info->dir, debug_info,
+ &cros_ec_uptime_fops);
+
+ return 0;
+}
+
static int cros_ec_debugfs_probe(struct platform_device *pd)
{
struct cros_ec_dev
Re: [PATCH v2 1/2] Add polling support to pidfd
On 05/02, Christian Brauner wrote: > > On Wed, May 01, 2019 at 05:13:12PM +0200, Oleg Nesterov wrote: > > > > Otherwise I see no problems. > > I'll remove the WARN_ON() check when applying this. Can I get your > Acked/Review, Oleg? Yes, feel free to add Reviewed-by: Oleg Nesterov Hmm. Somehow I didn't read the changelog before, I just noticed Suggested-by: Oleg Nesterov Please remove ;) Thanks Joel, I appreciate it, but it is not my idea. Oleg.
[PATCH] MAINTAINERS: include vendor specific files under arch/*/events/*
From: Kim Phillips
Add an explicit subdirectory specification for arch/x86/events/amd to
the MAINTAINERS file, to distinguish it from its parent. This will
produce the correct set of maintainers for the files found therein.
Fixes: 39b0332a2158 ("perf/x86: Move perf_event_amd.c ... =>
x86/events/amd/core.c")
Signed-off-by: Kim Phillips
Cc: Janakarajan Natarajan
Cc: Suravee Suthikulpanit
Cc: Gary Hook
Cc: Thomas Lendacky
Cc: Martin Liška
Cc: Peter Zijlstra
Cc: Ingo Molnar
Cc: Arnaldo Carvalho de Melo
Cc: Alexander Shishkin
Cc: Jiri Olsa
Cc: Namhyung Kim
Cc: Thomas Gleixner
Cc: Borislav Petkov
Cc: "H. Peter Anvin"
Cc: Pu Wen
Cc: x...@kernel.org
Cc: linux-kernel@vger.kernel.org
---
MAINTAINERS | 1 +
1 file changed, 1 insertion(+)
diff --git a/MAINTAINERS b/MAINTAINERS
index 5c38f21aee78..3a15b6d7584e 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -12176,6 +12176,7 @@ F: arch/*/kernel/*/*/perf_event*.c
F: arch/*/include/asm/perf_event.h
F: arch/*/kernel/perf_callchain.c
F: arch/*/events/*
+F: arch/*/events/*/*
F: tools/perf/
PERSONALITY HANDLING
--
2.21.0
[PATCH 4.9 05/32] s390: limit brk randomization to 32MB
[ Upstream commit cd479eccd2e057116d504852814402a1e68ead80 ]
For a 64-bit process the randomization of the program break is quite
large with 1GB. That is as big as the randomization of the anonymous
mapping base, for a test case started with '/lib/ld64.so.1 '
it can happen that the heap is placed after the stack. To avoid
this limit the program break randomization to 32MB for 64-bit and
keep 8MB for 31-bit.
Reported-by: Stefan Liebler
Signed-off-by: Martin Schwidefsky
Signed-off-by: Sasha Levin (Microsoft)
---
arch/s390/include/asm/elf.h | 11 +++
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/arch/s390/include/asm/elf.h b/arch/s390/include/asm/elf.h
index 8d665f1b29f8..f0fe566a9910 100644
--- a/arch/s390/include/asm/elf.h
+++ b/arch/s390/include/asm/elf.h
@@ -215,11 +215,14 @@ do {
\
/*
* Cache aliasing on the latest machines calls for a mapping granularity
- * of 512KB. For 64-bit processes use a 512KB alignment and a randomization
- * of up to 1GB. For 31-bit processes the virtual address space is limited,
- * use no alignment and limit the randomization to 8MB.
+ * of 512KB for the anonymous mapping base. For 64-bit processes use a
+ * 512KB alignment and a randomization of up to 1GB. For 31-bit processes
+ * the virtual address space is limited, use no alignment and limit the
+ * randomization to 8MB.
+ * For the additional randomization of the program break use 32MB for
+ * 64-bit and 8MB for 31-bit.
*/
-#define BRK_RND_MASK (is_compat_task() ? 0x7ffUL : 0x3UL)
+#define BRK_RND_MASK (is_compat_task() ? 0x7ffUL : 0x1fffUL)
#define MMAP_RND_MASK (is_compat_task() ? 0x7ffUL : 0x3ff80UL)
#define MMAP_ALIGN_MASK(is_compat_task() ? 0 : 0x7fUL)
#define STACK_RND_MASK MMAP_RND_MASK
--
2.19.1
[PATCH 4.9 04/32] ARM: dts: bcm283x: Fix hdmi hpd gpio pull
[ Upstream commit 544e784188f1dd7c797c70b213385e67d92005b6 ]
Raspberry pi board model B revison 2 have the hot plug detector gpio
active high (and not low as it was in the dts).
Signed-off-by: Helen Koike
Fixes: 49ac67e0c39c ("ARM: bcm2835: Add VC4 to the device tree.")
Reviewed-by: Eric Anholt
Signed-off-by: Eric Anholt
Signed-off-by: Sasha Levin (Microsoft)
---
arch/arm/boot/dts/bcm2835-rpi-b-rev2.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/bcm2835-rpi-b-rev2.dts
b/arch/arm/boot/dts/bcm2835-rpi-b-rev2.dts
index 84df85ea6296..7efde03daadd 100644
--- a/arch/arm/boot/dts/bcm2835-rpi-b-rev2.dts
+++ b/arch/arm/boot/dts/bcm2835-rpi-b-rev2.dts
@@ -26,5 +26,5 @@
};
&hdmi {
- hpd-gpios = <&gpio 46 GPIO_ACTIVE_LOW>;
+ hpd-gpios = <&gpio 46 GPIO_ACTIVE_HIGH>;
};
--
2.19.1
[PATCH 4.9 00/32] 4.9.173-stable review
This is the start of the stable review cycle for the 4.9.173 release. There are 32 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat 04 May 2019 02:32:02 PM UTC. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.173-rc1.gz or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h - Pseudo-Shortlog of commits: Greg Kroah-Hartman Linux 4.9.173-rc1 Alex Williamson vfio/type1: Limit DMA mappings per container Kangjie Lu leds: pca9532: fix a potential NULL pointer dereference Changbin Du kconfig/[mn]conf: handle backspace (^H) key Geert Uytterhoeven gpio: of: Fix of_gpiochip_add() error path raymond pang libata: fix using DMA buffers on stack Steffen Maier scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN Al Viro ceph: fix use-after-free on symlink traversal Mukesh Ojha usb: u132-hcd: fix resource leak Kangjie Lu scsi: qla4xxx: fix a potential NULL pointer dereference Wen Yang net: ethernet: ti: fix possible object reference leak Wen Yang net: ibm: fix possible object reference leak Wen Yang net: xilinx: fix possible object reference leak Trond Myklebust NFS: Fix a typo in nfs_init_timeout_values() Dan Carpenter staging: rtl8712: uninitialized memory in read_bbreg_hdl() Lukas Wunner net: ks8851: Set initial carrier state to down Lukas Wunner net: ks8851: Delay requesting IRQ until opened Lukas Wunner net: ks8851: Reassert reset pin if chip ID check fails Lukas Wunner net: ks8851: Dequeue RX packets explicitly Marco Felsch ARM: dts: pfla02: increase phy reset duration Guido Kiener usb: gadget: net2272: Fix net2272_dequeue() Guido Kiener usb: gadget: net2280: Fix net2280_dequeue() Guido Kiener usb: gadget: net2280: Fix overrun of OUT messages Petr Štetiar serial: ar933x_uart: Fix build failure with disabled console Mao Wenan sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init() Xin Long netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING Pablo Neira Ayuso netfilter: nft_set_rbtree: check for inactive element after flag mismatch Aditya Pakki qlcnic: Avoid potential NULL pointer dereference Martin Schwidefsky s390: limit brk randomization to 32MB Helen Koike ARM: dts: bcm283x: Fix hdmi hpd gpio pull Hans Verkuil media: vivid: check if the cec_adapter is valid Gustavo A. R. Silva usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set Alexander Kappner usbnet: ipheth: prevent TX queue timeouts when device not ready - Diffstat: Makefile | 4 +-- arch/arm/boot/dts/bcm2835-rpi-b-rev2.dts | 2 +- arch/arm/boot/dts/imx6qdl-phytec-pfla02.dtsi | 1 + arch/s390/include/asm/elf.h| 11 --- drivers/ata/libata-zpodd.c | 34 ++-- drivers/gpio/gpiolib-of.c | 8 - drivers/leds/leds-pca9532.c| 8 +++-- drivers/media/platform/vivid/vivid-vid-common.c| 3 +- drivers/net/ethernet/ibm/ehea/ehea_main.c | 1 + drivers/net/ethernet/micrel/ks8851.c | 36 +++--- .../net/ethernet/qlogic/qlcnic/qlcnic_ethtool.c| 2 ++ drivers/net/ethernet/ti/netcp_ethss.c | 8 +++-- drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 2 ++ drivers/net/usb/ipheth.c | 33 ++-- drivers/s390/scsi/zfcp_fc.c| 21 ++--- drivers/scsi/qla4xxx/ql4_os.c | 2 ++ drivers/staging/rtl8712/rtl8712_cmd.c | 10 +- drivers/staging/rtl8712/rtl8712_cmd.h | 2 +- drivers/tty/serial/ar933x_uart.c | 24 +-- drivers/tty/serial/sc16is7xx.c | 12 ++-- drivers/usb/gadget/udc/net2272.c | 1 + drivers/usb/gadget/udc/net2280.c | 8 ++--- drivers/usb/host/u132-hcd.c| 3 ++ drivers/vfio/vfio_iommu_type1.c| 14 + fs/ceph/inode.c| 2 +- fs/nfs/client.c| 2 +- net/bridge/br_netfilter_hooks.c| 1 + net/bridge/br_netfilter_ipv6.c | 2 ++ net/netfilter/nft_set_rbtree.c | 7 ++--- scripts/kconfig/lxdialog/inputbox.c| 3 +- scripts/kconfig/ncon
[PATCH 4.9 09/32] sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init()
[ Upstream commit ac0cdb3d990108df795b676cd0d0e65ac34b2273 ]
Add the missing uart_unregister_driver() and i2c_del_driver() before return
from sc16is7xx_init() in the error handling case.
Signed-off-by: Mao Wenan
Reviewed-by: Vladimir Zapolskiy
Signed-off-by: Greg Kroah-Hartman
Signed-off-by: Sasha Levin (Microsoft)
---
drivers/tty/serial/sc16is7xx.c | 12 ++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/drivers/tty/serial/sc16is7xx.c b/drivers/tty/serial/sc16is7xx.c
index ea6b62cece88..82451bb6622b 100644
--- a/drivers/tty/serial/sc16is7xx.c
+++ b/drivers/tty/serial/sc16is7xx.c
@@ -1482,7 +1482,7 @@ static int __init sc16is7xx_init(void)
ret = i2c_add_driver(&sc16is7xx_i2c_uart_driver);
if (ret < 0) {
pr_err("failed to init sc16is7xx i2c --> %d\n", ret);
- return ret;
+ goto err_i2c;
}
#endif
@@ -1490,10 +1490,18 @@ static int __init sc16is7xx_init(void)
ret = spi_register_driver(&sc16is7xx_spi_uart_driver);
if (ret < 0) {
pr_err("failed to init sc16is7xx spi --> %d\n", ret);
- return ret;
+ goto err_spi;
}
#endif
return ret;
+
+err_spi:
+#ifdef CONFIG_SERIAL_SC16IS7XX_I2C
+ i2c_del_driver(&sc16is7xx_i2c_uart_driver);
+#endif
+err_i2c:
+ uart_unregister_driver(&sc16is7xx_uart);
+ return ret;
}
module_init(sc16is7xx_init);
--
2.19.1
[PATCH 4.9 11/32] usb: gadget: net2280: Fix overrun of OUT messages
[ Upstream commit 9d6a54c1430647355a5e23434881b2ca3d192b48 ] The OUT endpoint normally blocks (NAK) subsequent packets when a short packet was received and returns an incomplete queue entry to the gadget driver. Thereby the gadget driver can detect a short packet when reading queue entries with a length that is not equal to a multiple of packet size. The start_queue() function enables receiving OUT packets regardless of the content of the OUT FIFO. This results in a race: With the current code, it's possible that the "!ep->is_in && (readl(&ep->regs->ep_stat) & BIT(NAK_OUT_PACKETS))" test in start_dma() will fail, then a short packet will be received, and then start_queue() will call stop_out_naking(). That's what we don't want (OUT naking gets turned off while there is data in the FIFO) because then the next driver request might receive a mixture of old and new packets. With the patch, this race can't occur because the FIFO's state is tested after we know that OUT naking is already turned on, and OUT naking is stopped only when both of the conditions are met. This ensures that all received data is delivered to the gadget driver, which can detect a short packet now before new packets are appended to the last short packet. Acked-by: Alan Stern Signed-off-by: Guido Kiener Signed-off-by: Felipe Balbi Signed-off-by: Sasha Levin (Microsoft) --- drivers/usb/gadget/udc/net2280.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/usb/gadget/udc/net2280.c b/drivers/usb/gadget/udc/net2280.c index 7a8c36642293..57b88f4f49c5 100644 --- a/drivers/usb/gadget/udc/net2280.c +++ b/drivers/usb/gadget/udc/net2280.c @@ -870,9 +870,6 @@ static void start_queue(struct net2280_ep *ep, u32 dmactl, u32 td_dma) (void) readl(&ep->dev->pci->pcimstctl); writel(BIT(DMA_START), &dma->dmastat); - - if (!ep->is_in) - stop_out_naking(ep); } static void start_dma(struct net2280_ep *ep, struct net2280_request *req) @@ -911,6 +908,7 @@ static void start_dma(struct net2280_ep *ep, struct net2280_request *req) writel(BIT(DMA_START), &dma->dmastat); return; } + stop_out_naking(ep); } tmp = dmactl_default; -- 2.19.1
[PATCH 4.9 20/32] NFS: Fix a typo in nfs_init_timeout_values()
[ Upstream commit 5a698243930c441afccec04e4d5dc8febfd2b775 ]
Specifying a retrans=0 mount parameter to a NFS/TCP mount, is
inadvertently causing the NFS client to rewrite any specified
timeout parameter to the default of 60 seconds.
Fixes: a956beda19a6 ("NFS: Allow the mount option retrans=0")
Signed-off-by: Trond Myklebust
Signed-off-by: Sasha Levin (Microsoft)
---
fs/nfs/client.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/nfs/client.c b/fs/nfs/client.c
index ebecfb8fba06..28d8a57a9908 100644
--- a/fs/nfs/client.c
+++ b/fs/nfs/client.c
@@ -440,7 +440,7 @@ void nfs_init_timeout_values(struct rpc_timeout *to, int
proto,
case XPRT_TRANSPORT_RDMA:
if (retrans == NFS_UNSPEC_RETRANS)
to->to_retries = NFS_DEF_TCP_RETRANS;
- if (timeo == NFS_UNSPEC_TIMEO || to->to_retries == 0)
+ if (timeo == NFS_UNSPEC_TIMEO || to->to_initval == 0)
to->to_initval = NFS_DEF_TCP_TIMEO * HZ / 10;
if (to->to_initval > NFS_MAX_TCP_TIMEOUT)
to->to_initval = NFS_MAX_TCP_TIMEOUT;
--
2.19.1
[GIT] Networking
1) Out of bounds access in xfrm IPSEC policy unlink, from Yue Haibing. 2) Missing length check for esp4 UDP encap, from Sabrina Dubroca. 3) Fix byte order of RX STBC access in mac80211, from Johannes Berg. 4) Inifnite loop in bpftool map create, from Alban Crequy. 5) Register mark fix in ebpf verifier after pkt/null checks, from Paul Chaignon. 6) Properly use rcu_dereference_sk_user_data in L2TP code, from Eric Dumazet. 7) Buffer overrun in marvell phy driver, from Andrew Lunn. 8) Several crash and statistics handling fixes to bnxt_en driver, from Michael Chan and Vasundhara Volam. 9) Several fixes to the TLS layer from Jakub Kicinski (copying negative amounts of data in reencrypt, reencrypt frag copying, blind nskb->sk NULL deref, etc.). 10) Several UDP GRO fixes, from Paolo Abeni and Eric Dumazet. 11) PID/UID checks on ipv6 flow labels are inverted, from Willem de Bruijn. 12) Use after free in l2tp, from Eric Dumazet. 13) IPV6 route destroy races, also from Eric Dumazet. 14) SCTP state machine can erroneously run recursively, fix from Xin Long. 15) Adjust AF_PACKET msg_name length checks, add padding bytes if necessary. From Willem de Bruijn. 16) Preserve skb_iif, so that forwarded packets have consistent values even if fragmentation is involved. From Shmulik Ladkani. Please pull, thanks a lot! The following changes since commit cd8dead0c39457e58ec1d36db93aedca811d48f1: Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net (2019-04-24 16:18:59 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git for you to fetch changes up to 4dd2b82d5adfbe0b1587ccad7a8f76d826120f37: udp: fix GRO packet of death (2019-05-01 22:29:56 -0400) Alban Crequy (1): tools: bpftool: fix infinite loop in map create Andrew Lunn (1): net: phy: marvell: Fix buffer overrun with stats counters Bhagavathi Perumal S (1): mac80211: Fix kernel panic due to use of txq after free Bjørn Mork (1): qmi_wwan: new Wistron, ZTE and D-Link devices Brian Norris (1): ath10k: perform crash dump collection in workqueue Cong Wang (1): xfrm: clean up xfrm protocol checks Dan Carpenter (1): net: dsa: bcm_sf2: fix buffer overflow doing set_rxnfc David Ahern (1): selftests: fib_rule_tests: Fix icmp proto with ipv6 David Howells (1): rxrpc: Fix net namespace cleanup David S. Miller (7): Merge git://git.kernel.org/.../bpf/bpf Merge branch 'bnxt_en-Misc-bug-fixes' Merge branch 'tls-data-copies' Merge tag 'mac80211-for-davem-2019-04-26' of git://git.kernel.org/.../jberg/mac80211 Merge branch 'ieee802154-for-davem-2019-04-25' of git://git.kernel.org/.../sschmidt/wpan Merge branch 'master' of git://git.kernel.org/.../klassert/ipsec Merge tag 'wireless-drivers-for-davem-2019-04-30' of git://git.kernel.org/.../kvalo/wireless-drivers Douglas Anderson (1): mwifiex: Make resume actually do something useful again on SDIO cards Emmanuel Grumbach (1): iwlwifi: fix driver operation for 5350 Eric Dumazet (6): l2tp: use rcu_dereference_sk_user_data() in l2tp_udp_encap_recv() tcp: add sanity tests in tcp_add_backlog() ipv6/flowlabel: wait rcu grace period before put_pid() l2ip: fix possible use-after-free ipv6: fix races in ip6_dst_destroy() udp: fix GRO packet of death Fabien Dessenne (1): net: ethernet: stmmac: manage the get_irq probe defer case Greg Kroah-Hartman (1): iwlwifi: mvm: properly check debugfs dentry before using it Hangbin Liu (1): selftests: fib_rule_tests: print the result and return 1 if any tests failed Jakub Kicinski (3): net/tls: don't copy negative amounts of data in reencrypt net/tls: fix copy to fragments in reencrypt net/tls: avoid NULL pointer deref on nskb->sk in fallback Jan Kiszka (1): stmmac: pci: Fix typo in IOT2000 comment Jeremy Sowden (2): vti4: ipip tunnel deregistration fixes. vti4: removed duplicate log message. Johannes Berg (3): mac80211: fix RX STBC override byte order iwlwifi: mvm: don't attempt debug collection in rfkill mac80211: don't attempt to rename ERR_PTR() debugfs dirs Kalle Valo (3): Merge tag 'iwlwifi-for-kalle-2019-04-19' of git://git.kernel.org/.../iwlwifi/iwlwifi-fixes Merge tag 'iwlwifi-for-kalle-2019-04-28' of git://git.kernel.org/.../iwlwifi/iwlwifi-fixes Merge ath-current from git://git.kernel.org/.../kvalo/ath.git Kangjie Lu (1): net: ieee802154: fix missing checks for regmap_update_bits Luca Coelho (2): iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb() iwlwifi: mvm: fix merge damage in iwl_mvm_vif_dbgfs_register() Marcel Holtmann (1): genetlink: use idr_alloc_cyclic for family->id assignment Martin KaFai Lau (1): ipv6: A
Re: [PATCH 1/2] ARM: dts: imx6ul: Add csi node
Oi Fabio,
On Thu 02 May 2019 at 16:28, Fabio Estevam wrote:
> [Adding Rui]
>
> On Tue, Apr 30, 2019 at 4:47 AM Sébastien Szymanski
> wrote:
>>
>> Add csi node for i.MX6UL SoC.
>>
>> Signed-off-by: Sébastien Szymanski
>> ---
>> arch/arm/boot/dts/imx6ul.dtsi | 11 +++
>> 1 file changed, 11 insertions(+)
>>
>> diff --git a/arch/arm/boot/dts/imx6ul.dtsi b/arch/arm/boot/dts/imx6ul.dtsi
>> index 62ed30c781ed..af322bc58333 100644
>> --- a/arch/arm/boot/dts/imx6ul.dtsi
>> +++ b/arch/arm/boot/dts/imx6ul.dtsi
>> @@ -951,6 +951,17 @@
>> };
>> };
>>
>> + csi: csi@21c4000 {
>> + compatible = "fsl,imx6ul-csi",
>> "fsl,imx7-csi";
>> + reg = <0x021c4000 0x4000>;
>> + interrupts = ;
>> + clocks = <&clks IMX6UL_CLK_DUMMY>,
>> +<&clks IMX6UL_CLK_CSI>,
>> +<&clks IMX6UL_CLK_DUMMY>;
>> + clock-names = "axi", "mclk", "dcic";
>
> Also, I understand you followed
> Documentation/devicetree/bindings/media/imx7-csi.txt and passed these
> three clocks, but looking at the i.MX7D and i.MX6UL/ULL Reference
> Manuals, I don't find the the descriptions for the "axi" and "dcic"
> CSI clocks.
>
> It looks like that only "mclk" is what we really need here.
Yeah, you are right.
>
> Should we change the bindings and the imx7-csi driver to not request
> "axi" and "dcic" clocks?
>
> Rui, what do you think? If you agree I can send a fix for this.
If you please, that would be great. thanks.
---
Cheers,
Rui
[PATCH 4.9 25/32] usb: u132-hcd: fix resource leak
[ Upstream commit f276e002793cdb820862e8ea8f76769d56bba575 ]
if platform_driver_register fails, cleanup the allocated resource
gracefully.
Signed-off-by: Mukesh Ojha
Signed-off-by: Greg Kroah-Hartman
Signed-off-by: Sasha Levin (Microsoft)
---
drivers/usb/host/u132-hcd.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/usb/host/u132-hcd.c b/drivers/usb/host/u132-hcd.c
index 43618976d68a..3efb7b0e8269 100644
--- a/drivers/usb/host/u132-hcd.c
+++ b/drivers/usb/host/u132-hcd.c
@@ -3208,6 +3208,9 @@ static int __init u132_hcd_init(void)
printk(KERN_INFO "driver %s\n", hcd_name);
workqueue = create_singlethread_workqueue("u132");
retval = platform_driver_register(&u132_platform_driver);
+ if (retval)
+ destroy_workqueue(workqueue);
+
return retval;
}
--
2.19.1
[PATCH 4.9 12/32] usb: gadget: net2280: Fix net2280_dequeue()
[ Upstream commit f1d3fba17cd4eeea20397f1324b7b9c69a6a935c ]
When a request must be dequeued with net2280_dequeue() e.g. due
to a device clear action and the same request is finished by the
function scan_dma_completions() then the function net2280_dequeue()
does not find the request in the following search loop and
returns the error -EINVAL without restoring the status ep->stopped.
Thus the endpoint keeps blocked and does not receive any data
anymore.
This fix restores the status and does not issue an error message.
Acked-by: Alan Stern
Signed-off-by: Guido Kiener
Signed-off-by: Felipe Balbi
Signed-off-by: Sasha Levin (Microsoft)
---
drivers/usb/gadget/udc/net2280.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/gadget/udc/net2280.c b/drivers/usb/gadget/udc/net2280.c
index 57b88f4f49c5..dfaed8e8cc52 100644
--- a/drivers/usb/gadget/udc/net2280.c
+++ b/drivers/usb/gadget/udc/net2280.c
@@ -1277,9 +1277,9 @@ static int net2280_dequeue(struct usb_ep *_ep, struct
usb_request *_req)
break;
}
if (&req->req != _req) {
+ ep->stopped = stopped;
spin_unlock_irqrestore(&ep->dev->lock, flags);
- dev_err(&ep->dev->pdev->dev, "%s: Request mismatch\n",
- __func__);
+ ep_dbg(ep->dev, "%s: Request mismatch\n", __func__);
return -EINVAL;
}
--
2.19.1
[PATCH 4.9 32/32] vfio/type1: Limit DMA mappings per container
From: Alex Williamson
commit 492855939bdb59c6f947b0b5b44af9ad82b7e38c upstream.
Memory backed DMA mappings are accounted against a user's locked
memory limit, including multiple mappings of the same memory. This
accounting bounds the number of such mappings that a user can create.
However, DMA mappings that are not backed by memory, such as DMA
mappings of device MMIO via mmaps, do not make use of page pinning
and therefore do not count against the user's locked memory limit.
These mappings still consume memory, but the memory is not well
associated to the process for the purpose of oom killing a task.
To add bounding on this use case, we introduce a limit to the total
number of concurrent DMA mappings that a user is allowed to create.
This limit is exposed as a tunable module option where the default
value of 64K is expected to be well in excess of any reasonable use
case (a large virtual machine configuration would typically only make
use of tens of concurrent mappings).
This fixes CVE-2019-3882.
Reviewed-by: Eric Auger
Tested-by: Eric Auger
Reviewed-by: Peter Xu
Reviewed-by: Cornelia Huck
Signed-off-by: Alex Williamson
[groeck: Adjust for missing upstream commit]
Signed-off-by: Guenter Roeck
Signed-off-by: Greg Kroah-Hartman
---
drivers/vfio/vfio_iommu_type1.c | 14 ++
1 file changed, 14 insertions(+)
--- a/drivers/vfio/vfio_iommu_type1.c
+++ b/drivers/vfio/vfio_iommu_type1.c
@@ -53,10 +53,16 @@ module_param_named(disable_hugepages,
MODULE_PARM_DESC(disable_hugepages,
"Disable VFIO IOMMU support for IOMMU hugepages.");
+static unsigned int dma_entry_limit __read_mostly = U16_MAX;
+module_param_named(dma_entry_limit, dma_entry_limit, uint, 0644);
+MODULE_PARM_DESC(dma_entry_limit,
+"Maximum number of user DMA mappings per container (65535).");
+
struct vfio_iommu {
struct list_headdomain_list;
struct mutexlock;
struct rb_root dma_list;
+ unsigned intdma_avail;
boolv2;
boolnesting;
};
@@ -384,6 +390,7 @@ static void vfio_remove_dma(struct vfio_
vfio_unmap_unpin(iommu, dma);
vfio_unlink_dma(iommu, dma);
kfree(dma);
+ iommu->dma_avail++;
}
static unsigned long vfio_pgsize_bitmap(struct vfio_iommu *iommu)
@@ -584,12 +591,18 @@ static int vfio_dma_do_map(struct vfio_i
return -EEXIST;
}
+ if (!iommu->dma_avail) {
+ mutex_unlock(&iommu->lock);
+ return -ENOSPC;
+ }
+
dma = kzalloc(sizeof(*dma), GFP_KERNEL);
if (!dma) {
mutex_unlock(&iommu->lock);
return -ENOMEM;
}
+ iommu->dma_avail--;
dma->iova = iova;
dma->vaddr = vaddr;
dma->prot = prot;
@@ -905,6 +918,7 @@ static void *vfio_iommu_type1_open(unsig
INIT_LIST_HEAD(&iommu->domain_list);
iommu->dma_list = RB_ROOT;
+ iommu->dma_avail = dma_entry_limit;
mutex_init(&iommu->lock);
return iommu;
[PATCH 4.9 17/32] net: ks8851: Delay requesting IRQ until opened
[ Upstream commit d268f31552794abf5b6aa5af31021643411f25f5 ]
The ks8851 driver currently requests the IRQ before registering the
net_device. Because the net_device name is used as IRQ name and is
still "eth%d" when the IRQ is requested, it's impossibe to tell IRQs
apart if multiple ks8851 chips are present. Most other drivers delay
requesting the IRQ until the net_device is opened. Do the same.
The driver doesn't enable interrupts on the chip before opening the
net_device and disables them when closing it, so there doesn't seem to
be a need to request the IRQ already on probe.
Signed-off-by: Lukas Wunner
Cc: Frank Pavlic
Cc: Ben Dooks
Cc: Tristram Ha
Signed-off-by: David S. Miller
Signed-off-by: Sasha Levin (Microsoft)
---
drivers/net/ethernet/micrel/ks8851.c | 24 +++-
1 file changed, 11 insertions(+), 13 deletions(-)
diff --git a/drivers/net/ethernet/micrel/ks8851.c
b/drivers/net/ethernet/micrel/ks8851.c
index a8c5641ff955..ff6cab4f6343 100644
--- a/drivers/net/ethernet/micrel/ks8851.c
+++ b/drivers/net/ethernet/micrel/ks8851.c
@@ -797,6 +797,15 @@ static void ks8851_tx_work(struct work_struct *work)
static int ks8851_net_open(struct net_device *dev)
{
struct ks8851_net *ks = netdev_priv(dev);
+ int ret;
+
+ ret = request_threaded_irq(dev->irq, NULL, ks8851_irq,
+ IRQF_TRIGGER_LOW | IRQF_ONESHOT,
+ dev->name, ks);
+ if (ret < 0) {
+ netdev_err(dev, "failed to get irq\n");
+ return ret;
+ }
/* lock the card, even if we may not actually be doing anything
* else at the moment */
@@ -911,6 +920,8 @@ static int ks8851_net_stop(struct net_device *dev)
dev_kfree_skb(txb);
}
+ free_irq(dev->irq, ks);
+
return 0;
}
@@ -1542,14 +1553,6 @@ static int ks8851_probe(struct spi_device *spi)
ks8851_read_selftest(ks);
ks8851_init_mac(ks);
- ret = request_threaded_irq(spi->irq, NULL, ks8851_irq,
- IRQF_TRIGGER_LOW | IRQF_ONESHOT,
- ndev->name, ks);
- if (ret < 0) {
- dev_err(&spi->dev, "failed to get irq\n");
- goto err_irq;
- }
-
ret = register_netdev(ndev);
if (ret) {
dev_err(&spi->dev, "failed to register network device\n");
@@ -1562,11 +1565,7 @@ static int ks8851_probe(struct spi_device *spi)
return 0;
-
err_netdev:
- free_irq(ndev->irq, ks);
-
-err_irq:
err_id:
if (gpio_is_valid(gpio))
gpio_set_value(gpio, 0);
@@ -1587,7 +1586,6 @@ static int ks8851_remove(struct spi_device *spi)
dev_info(&spi->dev, "remove\n");
unregister_netdev(priv->netdev);
- free_irq(spi->irq, priv);
if (gpio_is_valid(priv->gpio))
gpio_set_value(priv->gpio, 0);
regulator_disable(priv->vdd_reg);
--
2.19.1
Re: [PATCH] kexec_buffer measure
[Cc'ing Paul, John, Casey] On Mon, 2019-04-22 at 20:18 -0400, Mimi Zohar wrote: > [Cc'ing LSM mailing list] > > On Fri, 2019-04-19 at 17:30 -0700, prakhar srivastava wrote: > > > 2) Adding a LSM hook > > We are doing both the command line and kernel version measurement in IMA. > > Can you please elaborate on how this can be used outside of the scenario? > > That will help me come back with a better design and code. I am > > neutral about this. > > As I said previously, initially you might want to only measure the > kexec boot command line, but will you ever want to verify or audit log > the boot command line hash? Perhaps LSMs would be interested in the > boot command line. Should this be an LSM hook? >From an LSM perspective, is there any interest in the boot command line? Mimi
[PATCH 4.14 10/49] qlcnic: Avoid potential NULL pointer dereference
[ Upstream commit 5bf7295fe34a5251b1d241b9736af4697b590670 ]
netdev_alloc_skb can fail and return a NULL pointer which is
dereferenced without a check. The patch avoids such a scenario.
Signed-off-by: Aditya Pakki
Signed-off-by: David S. Miller
Signed-off-by: Sasha Levin (Microsoft)
---
drivers/net/ethernet/qlogic/qlcnic/qlcnic_ethtool.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_ethtool.c
b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_ethtool.c
index 7f7deeaf1cf0..da042bc520d4 100644
--- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_ethtool.c
+++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_ethtool.c
@@ -1047,6 +1047,8 @@ int qlcnic_do_lb_test(struct qlcnic_adapter *adapter, u8
mode)
for (i = 0; i < QLCNIC_NUM_ILB_PKT; i++) {
skb = netdev_alloc_skb(adapter->netdev, QLCNIC_ILB_PKT_SIZE);
+ if (!skb)
+ break;
qlcnic_create_loopback_buff(skb->data, adapter->mac_addr);
skb_put(skb, QLCNIC_ILB_PKT_SIZE);
adapter->ahw->diag_cnt = 0;
--
2.19.1
[PATCH 4.14 14/49] sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init()
[ Upstream commit ac0cdb3d990108df795b676cd0d0e65ac34b2273 ]
Add the missing uart_unregister_driver() and i2c_del_driver() before return
from sc16is7xx_init() in the error handling case.
Signed-off-by: Mao Wenan
Reviewed-by: Vladimir Zapolskiy
Signed-off-by: Greg Kroah-Hartman
Signed-off-by: Sasha Levin (Microsoft)
---
drivers/tty/serial/sc16is7xx.c | 12 ++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/drivers/tty/serial/sc16is7xx.c b/drivers/tty/serial/sc16is7xx.c
index a79f18edf2bd..e48523da47ac 100644
--- a/drivers/tty/serial/sc16is7xx.c
+++ b/drivers/tty/serial/sc16is7xx.c
@@ -1483,7 +1483,7 @@ static int __init sc16is7xx_init(void)
ret = i2c_add_driver(&sc16is7xx_i2c_uart_driver);
if (ret < 0) {
pr_err("failed to init sc16is7xx i2c --> %d\n", ret);
- return ret;
+ goto err_i2c;
}
#endif
@@ -1491,10 +1491,18 @@ static int __init sc16is7xx_init(void)
ret = spi_register_driver(&sc16is7xx_spi_uart_driver);
if (ret < 0) {
pr_err("failed to init sc16is7xx spi --> %d\n", ret);
- return ret;
+ goto err_spi;
}
#endif
return ret;
+
+err_spi:
+#ifdef CONFIG_SERIAL_SC16IS7XX_I2C
+ i2c_del_driver(&sc16is7xx_i2c_uart_driver);
+#endif
+err_i2c:
+ uart_unregister_driver(&sc16is7xx_uart);
+ return ret;
}
module_init(sc16is7xx_init);
--
2.19.1
[PATCH 4.14 21/49] net: ks8851: Dequeue RX packets explicitly
[ Upstream commit 536d3680fd2dab5c39857d62a3e084198fc74ff9 ]
The ks8851 driver lets the chip auto-dequeue received packets once they
have been read in full. It achieves that by setting the ADRFE flag in
the RXQCR register ("Auto-Dequeue RXQ Frame Enable").
However if allocation of a packet's socket buffer or retrieval of the
packet over the SPI bus fails, the packet will not have been read in
full and is not auto-dequeued. Such partial retrieval of a packet
confuses the chip's RX queue management: On the next RX interrupt,
the first packet read from the queue will be the one left there
previously and this one can be retrieved without issues. But for any
newly received packets, the frame header status and byte count registers
(RXFHSR and RXFHBCR) contain bogus values, preventing their retrieval.
The chip allows explicitly dequeueing a packet from the RX queue by
setting the RRXEF flag in the RXQCR register ("Release RX Error Frame").
This could be used to dequeue the packet in case of an error, but if
that error is a failed SPI transfer, it is unknown if the packet was
transferred in full and was auto-dequeued or if it was only transferred
in part and requires an explicit dequeue. The safest approach is thus
to always dequeue packets explicitly and forgo auto-dequeueing.
Without this change, I've witnessed packet retrieval break completely
when an SPI DMA transfer fails, requiring a chip reset. Explicit
dequeueing magically fixes this and makes packet retrieval absolutely
robust for me.
The chip's documentation suggests auto-dequeuing and uses the RRXEF
flag only to dequeue error frames which the driver doesn't want to
retrieve. But that seems to be a fair-weather approach.
Signed-off-by: Lukas Wunner
Cc: Frank Pavlic
Cc: Ben Dooks
Cc: Tristram Ha
Signed-off-by: David S. Miller
Signed-off-by: Sasha Levin (Microsoft)
---
drivers/net/ethernet/micrel/ks8851.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/net/ethernet/micrel/ks8851.c
b/drivers/net/ethernet/micrel/ks8851.c
index 2fe96f1f3fe5..55b0d756 100644
--- a/drivers/net/ethernet/micrel/ks8851.c
+++ b/drivers/net/ethernet/micrel/ks8851.c
@@ -526,9 +526,8 @@ static void ks8851_rx_pkts(struct ks8851_net *ks)
/* set dma read address */
ks8851_wrreg16(ks, KS_RXFDPR, RXFDPR_RXFPAI | 0x00);
- /* start the packet dma process, and set auto-dequeue rx */
- ks8851_wrreg16(ks, KS_RXQCR,
- ks->rc_rxqcr | RXQCR_SDA | RXQCR_ADRFE);
+ /* start DMA access */
+ ks8851_wrreg16(ks, KS_RXQCR, ks->rc_rxqcr | RXQCR_SDA);
if (rxlen > 4) {
unsigned int rxalign;
@@ -559,7 +558,8 @@ static void ks8851_rx_pkts(struct ks8851_net *ks)
}
}
- ks8851_wrreg16(ks, KS_RXQCR, ks->rc_rxqcr);
+ /* end DMA access and dequeue packet */
+ ks8851_wrreg16(ks, KS_RXQCR, ks->rc_rxqcr | RXQCR_RRXEF);
}
}
--
2.19.1
[PATCH 4.14 17/49] usb: gadget: net2280: Fix overrun of OUT messages
[ Upstream commit 9d6a54c1430647355a5e23434881b2ca3d192b48 ] The OUT endpoint normally blocks (NAK) subsequent packets when a short packet was received and returns an incomplete queue entry to the gadget driver. Thereby the gadget driver can detect a short packet when reading queue entries with a length that is not equal to a multiple of packet size. The start_queue() function enables receiving OUT packets regardless of the content of the OUT FIFO. This results in a race: With the current code, it's possible that the "!ep->is_in && (readl(&ep->regs->ep_stat) & BIT(NAK_OUT_PACKETS))" test in start_dma() will fail, then a short packet will be received, and then start_queue() will call stop_out_naking(). That's what we don't want (OUT naking gets turned off while there is data in the FIFO) because then the next driver request might receive a mixture of old and new packets. With the patch, this race can't occur because the FIFO's state is tested after we know that OUT naking is already turned on, and OUT naking is stopped only when both of the conditions are met. This ensures that all received data is delivered to the gadget driver, which can detect a short packet now before new packets are appended to the last short packet. Acked-by: Alan Stern Signed-off-by: Guido Kiener Signed-off-by: Felipe Balbi Signed-off-by: Sasha Levin (Microsoft) --- drivers/usb/gadget/udc/net2280.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/usb/gadget/udc/net2280.c b/drivers/usb/gadget/udc/net2280.c index 9cbb061582a7..a071ab0c163b 100644 --- a/drivers/usb/gadget/udc/net2280.c +++ b/drivers/usb/gadget/udc/net2280.c @@ -870,9 +870,6 @@ static void start_queue(struct net2280_ep *ep, u32 dmactl, u32 td_dma) (void) readl(&ep->dev->pci->pcimstctl); writel(BIT(DMA_START), &dma->dmastat); - - if (!ep->is_in) - stop_out_naking(ep); } static void start_dma(struct net2280_ep *ep, struct net2280_request *req) @@ -911,6 +908,7 @@ static void start_dma(struct net2280_ep *ep, struct net2280_request *req) writel(BIT(DMA_START), &dma->dmastat); return; } + stop_out_naking(ep); } tmp = dmactl_default; -- 2.19.1
[PATCH 4.14 07/49] fs: prevent page refcount overflow in pipe_buf_get
From: Matthew Wilcox
commit 15fab63e1e57be9fdb5eec1bbc5916e9825e9acb upstream.
Change pipe_buf_get() to return a bool indicating whether it succeeded
in raising the refcount of the page (if the thing in the pipe is a page).
This removes another mechanism for overflowing the page refcount. All
callers converted to handle a failure.
Reported-by: Jann Horn
Signed-off-by: Matthew Wilcox
Cc: sta...@kernel.org
Signed-off-by: Linus Torvalds
Signed-off-by: Greg Kroah-Hartman
---
fs/fuse/dev.c | 12 ++--
fs/pipe.c |4 ++--
fs/splice.c | 12 ++--
include/linux/pipe_fs_i.h | 10 ++
kernel/trace/trace.c |6 +-
5 files changed, 29 insertions(+), 15 deletions(-)
--- a/fs/fuse/dev.c
+++ b/fs/fuse/dev.c
@@ -1981,10 +1981,8 @@ static ssize_t fuse_dev_splice_write(str
rem += pipe->bufs[(pipe->curbuf + idx) & (pipe->buffers -
1)].len;
ret = -EINVAL;
- if (rem < len) {
- pipe_unlock(pipe);
- goto out;
- }
+ if (rem < len)
+ goto out_free;
rem = len;
while (rem) {
@@ -2002,7 +2000,9 @@ static ssize_t fuse_dev_splice_write(str
pipe->curbuf = (pipe->curbuf + 1) & (pipe->buffers - 1);
pipe->nrbufs--;
} else {
- pipe_buf_get(pipe, ibuf);
+ if (!pipe_buf_get(pipe, ibuf))
+ goto out_free;
+
*obuf = *ibuf;
obuf->flags &= ~PIPE_BUF_FLAG_GIFT;
obuf->len = rem;
@@ -2025,11 +2025,11 @@ static ssize_t fuse_dev_splice_write(str
ret = fuse_dev_do_write(fud, &cs, len);
pipe_lock(pipe);
+out_free:
for (idx = 0; idx < nbuf; idx++)
pipe_buf_release(pipe, &bufs[idx]);
pipe_unlock(pipe);
-out:
kfree(bufs);
return ret;
}
--- a/fs/pipe.c
+++ b/fs/pipe.c
@@ -194,9 +194,9 @@ EXPORT_SYMBOL(generic_pipe_buf_steal);
* in the tee() system call, when we duplicate the buffers in one
* pipe into another.
*/
-void generic_pipe_buf_get(struct pipe_inode_info *pipe, struct pipe_buffer
*buf)
+bool generic_pipe_buf_get(struct pipe_inode_info *pipe, struct pipe_buffer
*buf)
{
- get_page(buf->page);
+ return try_get_page(buf->page);
}
EXPORT_SYMBOL(generic_pipe_buf_get);
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -1571,7 +1571,11 @@ retry:
* Get a reference to this pipe buffer,
* so we can copy the contents over.
*/
- pipe_buf_get(ipipe, ibuf);
+ if (!pipe_buf_get(ipipe, ibuf)) {
+ if (ret == 0)
+ ret = -EFAULT;
+ break;
+ }
*obuf = *ibuf;
/*
@@ -1645,7 +1649,11 @@ static int link_pipe(struct pipe_inode_i
* Get a reference to this pipe buffer,
* so we can copy the contents over.
*/
- pipe_buf_get(ipipe, ibuf);
+ if (!pipe_buf_get(ipipe, ibuf)) {
+ if (ret == 0)
+ ret = -EFAULT;
+ break;
+ }
obuf = opipe->bufs + nbuf;
*obuf = *ibuf;
--- a/include/linux/pipe_fs_i.h
+++ b/include/linux/pipe_fs_i.h
@@ -108,18 +108,20 @@ struct pipe_buf_operations {
/*
* Get a reference to the pipe buffer.
*/
- void (*get)(struct pipe_inode_info *, struct pipe_buffer *);
+ bool (*get)(struct pipe_inode_info *, struct pipe_buffer *);
};
/**
* pipe_buf_get - get a reference to a pipe_buffer
* @pipe: the pipe that the buffer belongs to
* @buf: the buffer to get a reference to
+ *
+ * Return: %true if the reference was successfully obtained.
*/
-static inline void pipe_buf_get(struct pipe_inode_info *pipe,
+static inline __must_check bool pipe_buf_get(struct pipe_inode_info *pipe,
struct pipe_buffer *buf)
{
- buf->ops->get(pipe, buf);
+ return buf->ops->get(pipe, buf);
}
/**
@@ -179,7 +181,7 @@ struct pipe_inode_info *alloc_pipe_info(
void free_pipe_info(struct pipe_inode_info *);
/* Generic pipe buffer ops functions */
-void generic_pipe_buf_get(struct pipe_inode_info *, struct pipe_buffer *);
+bool generic_pipe_buf_get(struct pipe_inode_info *, struct pipe_buffer *);
int generic_pipe_buf_confirm(struct pipe_inode_info *, struct pipe_buffer *);
int generic_pipe_buf_steal(struct pipe_inode_info *, struct pipe_buffer *);
int generic_pipe_buf_nosteal(struct pipe_inode_info *, struct pipe_buffer *);
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -6739,12 +6739,16 @@ static void buffe
[PATCH 4.14 06/49] mm: prevent get_user_pages() from overflowing page refcount
From: Linus Torvalds
commit 8fde12ca79aff9b5ba951fce1a2641901b8d8e64 upstream.
If the page refcount wraps around past zero, it will be freed while
there are still four billion references to it. One of the possible
avenues for an attacker to try to make this happen is by doing direct IO
on a page multiple times. This patch makes get_user_pages() refuse to
take a new page reference if there are already more than two billion
references to the page.
Reported-by: Jann Horn
Acked-by: Matthew Wilcox
Cc: sta...@kernel.org
Signed-off-by: Linus Torvalds
Signed-off-by: Greg Kroah-Hartman
---
mm/gup.c | 45 ++---
mm/hugetlb.c | 13 +
2 files changed, 47 insertions(+), 11 deletions(-)
--- a/mm/gup.c
+++ b/mm/gup.c
@@ -153,7 +153,10 @@ retry:
}
if (flags & FOLL_GET) {
- get_page(page);
+ if (unlikely(!try_get_page(page))) {
+ page = ERR_PTR(-ENOMEM);
+ goto out;
+ }
/* drop the pgmap reference now that we hold the page */
if (pgmap) {
@@ -280,7 +283,10 @@ retry_locked:
if (pmd_trans_unstable(pmd))
ret = -EBUSY;
} else {
- get_page(page);
+ if (unlikely(!try_get_page(page))) {
+ spin_unlock(ptl);
+ return ERR_PTR(-ENOMEM);
+ }
spin_unlock(ptl);
lock_page(page);
ret = split_huge_page(page);
@@ -464,7 +470,10 @@ static int get_gate_page(struct mm_struc
if (is_device_public_page(*page))
goto unmap;
}
- get_page(*page);
+ if (unlikely(!try_get_page(*page))) {
+ ret = -ENOMEM;
+ goto unmap;
+ }
out:
ret = 0;
unmap:
@@ -1365,6 +1374,20 @@ static void undo_dev_pagemap(int *nr, in
}
}
+/*
+ * Return the compund head page with ref appropriately incremented,
+ * or NULL if that failed.
+ */
+static inline struct page *try_get_compound_head(struct page *page, int refs)
+{
+ struct page *head = compound_head(page);
+ if (WARN_ON_ONCE(page_ref_count(head) < 0))
+ return NULL;
+ if (unlikely(!page_cache_add_speculative(head, refs)))
+ return NULL;
+ return head;
+}
+
#ifdef __HAVE_ARCH_PTE_SPECIAL
static int gup_pte_range(pmd_t pmd, unsigned long addr, unsigned long end,
int write, struct page **pages, int *nr)
@@ -1399,9 +1422,9 @@ static int gup_pte_range(pmd_t pmd, unsi
VM_BUG_ON(!pfn_valid(pte_pfn(pte)));
page = pte_page(pte);
- head = compound_head(page);
- if (!page_cache_get_speculative(head))
+ head = try_get_compound_head(page, 1);
+ if (!head)
goto pte_unmap;
if (unlikely(pte_val(pte) != pte_val(*ptep))) {
@@ -1537,8 +1560,8 @@ static int gup_huge_pmd(pmd_t orig, pmd_
refs++;
} while (addr += PAGE_SIZE, addr != end);
- head = compound_head(pmd_page(orig));
- if (!page_cache_add_speculative(head, refs)) {
+ head = try_get_compound_head(pmd_page(orig), refs);
+ if (!head) {
*nr -= refs;
return 0;
}
@@ -1575,8 +1598,8 @@ static int gup_huge_pud(pud_t orig, pud_
refs++;
} while (addr += PAGE_SIZE, addr != end);
- head = compound_head(pud_page(orig));
- if (!page_cache_add_speculative(head, refs)) {
+ head = try_get_compound_head(pud_page(orig), refs);
+ if (!head) {
*nr -= refs;
return 0;
}
@@ -1612,8 +1635,8 @@ static int gup_huge_pgd(pgd_t orig, pgd_
refs++;
} while (addr += PAGE_SIZE, addr != end);
- head = compound_head(pgd_page(orig));
- if (!page_cache_add_speculative(head, refs)) {
+ head = try_get_compound_head(pgd_page(orig), refs);
+ if (!head) {
*nr -= refs;
return 0;
}
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -4255,6 +4255,19 @@ long follow_hugetlb_page(struct mm_struc
pfn_offset = (vaddr & ~huge_page_mask(h)) >> PAGE_SHIFT;
page = pte_page(huge_ptep_get(pte));
+
+ /*
+* Instead of doing 'try_get_page()' below in the same_page
+* loop, just check the count once here.
+*/
+ if (unlikely(page_count(page) <= 0)) {
+ if (pages) {
+ spin_unlock(ptl);
+ remainder = 0;
+ err = -ENOMEM;
+ break;
+
[PATCH 4.14 26/49] staging: rtlwifi: rtl8822b: fix to avoid potential NULL pointer dereference
[ Upstream commit d70d70aec9632679dd00dcc1b1e8b2517e2c7da0 ] skb allocated via dev_alloc_skb can fail and return a NULL pointer. This patch avoids such a scenario and returns, consistent with other invocations. Signed-off-by: Aditya Pakki Reviewed-by: Mukesh Ojha Signed-off-by: Greg Kroah-Hartman Signed-off-by: Sasha Levin (Microsoft) --- drivers/staging/rtlwifi/rtl8822be/fw.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/staging/rtlwifi/rtl8822be/fw.c b/drivers/staging/rtlwifi/rtl8822be/fw.c index acabb2470d55..02ca3157c5a5 100644 --- a/drivers/staging/rtlwifi/rtl8822be/fw.c +++ b/drivers/staging/rtlwifi/rtl8822be/fw.c @@ -752,6 +752,8 @@ void rtl8822be_set_fw_rsvdpagepkt(struct ieee80211_hw *hw, bool b_dl_finished) u1_rsvd_page_loc, 3); skb = dev_alloc_skb(totalpacketlen); + if (!skb) + return; memcpy((u8 *)skb_put(skb, totalpacketlen), &reserved_page_packet, totalpacketlen); -- 2.19.1
[PATCH 4.14 29/49] net: macb: Add null check for PCLK and HCLK
[ Upstream commit cd5afa91f078c0787be0a62b5ef90301c00b0271 ]
Both PCLK and HCLK are "required" clocks according to macb devicetree
documentation. There is a chance that devm_clk_get doesn't return a
negative error but just a NULL clock structure instead. In such a case
the driver proceeds as usual and uses pclk value 0 to calculate MDC
divisor which is incorrect. Hence fix the same in clock initialization.
Signed-off-by: Harini Katakam
Signed-off-by: David S. Miller
Signed-off-by: Sasha Levin (Microsoft)
---
drivers/net/ethernet/cadence/macb_main.c | 10 --
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/cadence/macb_main.c
b/drivers/net/ethernet/cadence/macb_main.c
index 9046993947cc..2287749de087 100644
--- a/drivers/net/ethernet/cadence/macb_main.c
+++ b/drivers/net/ethernet/cadence/macb_main.c
@@ -2817,14 +2817,20 @@ static int macb_clk_init(struct platform_device *pdev,
struct clk **pclk,
*hclk = devm_clk_get(&pdev->dev, "hclk");
}
- if (IS_ERR(*pclk)) {
+ if (IS_ERR_OR_NULL(*pclk)) {
err = PTR_ERR(*pclk);
+ if (!err)
+ err = -ENODEV;
+
dev_err(&pdev->dev, "failed to get macb_clk (%u)\n", err);
return err;
}
- if (IS_ERR(*hclk)) {
+ if (IS_ERR_OR_NULL(*hclk)) {
err = PTR_ERR(*hclk);
+ if (!err)
+ err = -ENODEV;
+
dev_err(&pdev->dev, "failed to get hclk (%u)\n", err);
return err;
}
--
2.19.1
[PATCH 4.14 09/49] s390: limit brk randomization to 32MB
[ Upstream commit cd479eccd2e057116d504852814402a1e68ead80 ]
For a 64-bit process the randomization of the program break is quite
large with 1GB. That is as big as the randomization of the anonymous
mapping base, for a test case started with '/lib/ld64.so.1 '
it can happen that the heap is placed after the stack. To avoid
this limit the program break randomization to 32MB for 64-bit and
keep 8MB for 31-bit.
Reported-by: Stefan Liebler
Signed-off-by: Martin Schwidefsky
Signed-off-by: Sasha Levin (Microsoft)
---
arch/s390/include/asm/elf.h | 11 +++
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/arch/s390/include/asm/elf.h b/arch/s390/include/asm/elf.h
index 1a61b1b997f2..3055c030f765 100644
--- a/arch/s390/include/asm/elf.h
+++ b/arch/s390/include/asm/elf.h
@@ -252,11 +252,14 @@ do {
\
/*
* Cache aliasing on the latest machines calls for a mapping granularity
- * of 512KB. For 64-bit processes use a 512KB alignment and a randomization
- * of up to 1GB. For 31-bit processes the virtual address space is limited,
- * use no alignment and limit the randomization to 8MB.
+ * of 512KB for the anonymous mapping base. For 64-bit processes use a
+ * 512KB alignment and a randomization of up to 1GB. For 31-bit processes
+ * the virtual address space is limited, use no alignment and limit the
+ * randomization to 8MB.
+ * For the additional randomization of the program break use 32MB for
+ * 64-bit and 8MB for 31-bit.
*/
-#define BRK_RND_MASK (is_compat_task() ? 0x7ffUL : 0x3UL)
+#define BRK_RND_MASK (is_compat_task() ? 0x7ffUL : 0x1fffUL)
#define MMAP_RND_MASK (is_compat_task() ? 0x7ffUL : 0x3ff80UL)
#define MMAP_ALIGN_MASK(is_compat_task() ? 0 : 0x7fUL)
#define STACK_RND_MASK MMAP_RND_MASK
--
2.19.1
[PATCH 4.14 44/49] libata: fix using DMA buffers on stack
[ Upstream commit dd08a8d9a66de4b54575c294a92630299f7e0fe7 ]
When CONFIG_VMAP_STACK=y, __pa() returns incorrect physical address for
a stack virtual address. Stack DMA buffers must be avoided.
Signed-off-by: raymond pang
Signed-off-by: Jens Axboe
Signed-off-by: Sasha Levin (Microsoft)
---
drivers/ata/libata-zpodd.c | 34 --
1 file changed, 24 insertions(+), 10 deletions(-)
diff --git a/drivers/ata/libata-zpodd.c b/drivers/ata/libata-zpodd.c
index b3ed8f9953a8..173e6f2dd9af 100644
--- a/drivers/ata/libata-zpodd.c
+++ b/drivers/ata/libata-zpodd.c
@@ -52,38 +52,52 @@ static int eject_tray(struct ata_device *dev)
/* Per the spec, only slot type and drawer type ODD can be supported */
static enum odd_mech_type zpodd_get_mech_type(struct ata_device *dev)
{
- char buf[16];
+ char *buf;
unsigned int ret;
- struct rm_feature_desc *desc = (void *)(buf + 8);
+ struct rm_feature_desc *desc;
struct ata_taskfile tf;
static const char cdb[] = { GPCMD_GET_CONFIGURATION,
2, /* only 1 feature descriptor requested */
0, 3, /* 3, removable medium feature */
0, 0, 0,/* reserved */
- 0, sizeof(buf),
+ 0, 16,
0, 0, 0,
};
+ buf = kzalloc(16, GFP_KERNEL);
+ if (!buf)
+ return ODD_MECH_TYPE_UNSUPPORTED;
+ desc = (void *)(buf + 8);
+
ata_tf_init(dev, &tf);
tf.flags = ATA_TFLAG_ISADDR | ATA_TFLAG_DEVICE;
tf.command = ATA_CMD_PACKET;
tf.protocol = ATAPI_PROT_PIO;
- tf.lbam = sizeof(buf);
+ tf.lbam = 16;
ret = ata_exec_internal(dev, &tf, cdb, DMA_FROM_DEVICE,
- buf, sizeof(buf), 0);
- if (ret)
+ buf, 16, 0);
+ if (ret) {
+ kfree(buf);
return ODD_MECH_TYPE_UNSUPPORTED;
+ }
- if (be16_to_cpu(desc->feature_code) != 3)
+ if (be16_to_cpu(desc->feature_code) != 3) {
+ kfree(buf);
return ODD_MECH_TYPE_UNSUPPORTED;
+ }
- if (desc->mech_type == 0 && desc->load == 0 && desc->eject == 1)
+ if (desc->mech_type == 0 && desc->load == 0 && desc->eject == 1) {
+ kfree(buf);
return ODD_MECH_TYPE_SLOT;
- else if (desc->mech_type == 1 && desc->load == 0 && desc->eject == 1)
+ } else if (desc->mech_type == 1 && desc->load == 0 &&
+ desc->eject == 1) {
+ kfree(buf);
return ODD_MECH_TYPE_DRAWER;
- else
+ } else {
+ kfree(buf);
return ODD_MECH_TYPE_UNSUPPORTED;
+ }
}
/* Test if ODD is zero power ready by sense code */
--
2.19.1
[PATCH 4.14 38/49] drm/meson: Uninstall IRQ handler
[ Upstream commit 2d8f92897ad816f5dda54b2ed2fd9f2d7cb1abde ]
meson_drv_unbind() doesn't unregister the IRQ handler, which can lead to
use-after-free if the IRQ fires after unbind:
[ 64.656876] Unable to handle kernel paging request at virtual address
11706dbc
...
[ 64.662001] pc : meson_irq+0x18/0x30 [meson_drm]
I'm assuming that a similar problem could happen on the error path of
bind(), so uninstall the IRQ handler there as well.
Fixes: bbbe775ec5b5 ("drm: Add support for Amlogic Meson Graphic Controller")
Signed-off-by: Jean-Philippe Brucker
Acked-by: Neil Armstrong
Signed-off-by: Neil Armstrong
Link:
https://patchwork.freedesktop.org/patch/msgid/20190322152657.13752-2-jean-philippe.bruc...@arm.com
Signed-off-by: Sasha Levin (Microsoft)
---
drivers/gpu/drm/meson/meson_drv.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/meson/meson_drv.c
b/drivers/gpu/drm/meson/meson_drv.c
index 1a1b0b9cf1fa..0608243c3387 100644
--- a/drivers/gpu/drm/meson/meson_drv.c
+++ b/drivers/gpu/drm/meson/meson_drv.c
@@ -277,10 +277,12 @@ static int meson_drv_bind_master(struct device *dev, bool
has_components)
ret = drm_dev_register(drm, 0);
if (ret)
- goto free_drm;
+ goto uninstall_irq;
return 0;
+uninstall_irq:
+ drm_irq_uninstall(drm);
free_drm:
drm_dev_unref(drm);
@@ -298,6 +300,7 @@ static void meson_drv_unbind(struct device *dev)
struct drm_device *drm = priv->drm;
drm_dev_unregister(drm);
+ drm_irq_uninstall(drm);
drm_kms_helper_poll_fini(drm);
drm_fbdev_cma_fini(priv->fbdev);
drm_mode_config_cleanup(drm);
--
2.19.1
[PATCH 4.14 43/49] scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN
[ Upstream commit c8206579175c34a2546de8a74262456278a7795a ]
If an incoming ELS of type RSCN contains more than one element, zfcp
suboptimally causes repeated erp trigger NOP trace records for each
previously failed port. These could be ports that went away. It loops over
each RSCN element, and for each of those in an inner loop over all
zfcp_ports.
The trigger to recover failed ports should be just the reception of some
RSCN, no matter how many elements it has. So we can loop over failed ports
separately, and only then loop over each RSCN element to handle the
non-failed ports.
The call chain was:
zfcp_fc_incoming_rscn
for (i = 1; i < no_entries; i++)
_zfcp_fc_incoming_rscn
list_for_each_entry(port, &adapter->port_list, list)
if (masked port->d_id match) zfcp_fc_test_link
if (!port->d_id) zfcp_erp_port_reopen "fcrscn1" <===
In order the reduce the "flooding" of the REC trace area in such cases, we
factor out handling the failed ports to be outside of the entries loop:
zfcp_fc_incoming_rscn
if (no_entries > 1) <===
list_for_each_entry(port, &adapter->port_list, list) <===
if (!port->d_id) zfcp_erp_port_reopen "fcrscn1" <===
for (i = 1; i < no_entries; i++)
_zfcp_fc_incoming_rscn
list_for_each_entry(port, &adapter->port_list, list)
if (masked port->d_id match) zfcp_fc_test_link
Abbreviated example trace records before this code change:
Tag: fcrscn1
WWPN : 0x500507630310d327
ERP want : 0x02
ERP need : 0x02
Tag: fcrscn1
WWPN : 0x500507630310d327
ERP want : 0x02
ERP need : 0x00 NOP => superfluous trace record
The last trace entry repeats if there are more than 2 RSCN elements.
Signed-off-by: Steffen Maier
Reviewed-by: Benjamin Block
Reviewed-by: Jens Remus
Signed-off-by: Martin K. Petersen
Signed-off-by: Sasha Levin (Microsoft)
---
drivers/s390/scsi/zfcp_fc.c | 21 +
1 file changed, 17 insertions(+), 4 deletions(-)
diff --git a/drivers/s390/scsi/zfcp_fc.c b/drivers/s390/scsi/zfcp_fc.c
index ca218c82321f..0c5fd722a72d 100644
--- a/drivers/s390/scsi/zfcp_fc.c
+++ b/drivers/s390/scsi/zfcp_fc.c
@@ -240,10 +240,6 @@ static void _zfcp_fc_incoming_rscn(struct zfcp_fsf_req
*fsf_req, u32 range,
list_for_each_entry(port, &adapter->port_list, list) {
if ((port->d_id & range) == (ntoh24(page->rscn_fid) & range))
zfcp_fc_test_link(port);
- if (!port->d_id)
- zfcp_erp_port_reopen(port,
-ZFCP_STATUS_COMMON_ERP_FAILED,
-"fcrscn1");
}
read_unlock_irqrestore(&adapter->port_list_lock, flags);
}
@@ -251,6 +247,7 @@ static void _zfcp_fc_incoming_rscn(struct zfcp_fsf_req
*fsf_req, u32 range,
static void zfcp_fc_incoming_rscn(struct zfcp_fsf_req *fsf_req)
{
struct fsf_status_read_buffer *status_buffer = (void *)fsf_req->data;
+ struct zfcp_adapter *adapter = fsf_req->adapter;
struct fc_els_rscn *head;
struct fc_els_rscn_page *page;
u16 i;
@@ -264,6 +261,22 @@ static void zfcp_fc_incoming_rscn(struct zfcp_fsf_req
*fsf_req)
no_entries = be16_to_cpu(head->rscn_plen) /
sizeof(struct fc_els_rscn_page);
+ if (no_entries > 1) {
+ /* handle failed ports */
+ unsigned long flags;
+ struct zfcp_port *port;
+
+ read_lock_irqsave(&adapter->port_list_lock, flags);
+ list_for_each_entry(port, &adapter->port_list, list) {
+ if (port->d_id)
+ continue;
+ zfcp_erp_port_reopen(port,
+ZFCP_STATUS_COMMON_ERP_FAILED,
+"fcrscn1");
+ }
+ read_unlock_irqrestore(&adapter->port_list_lock, flags);
+ }
+
for (i = 1; i < no_entries; i++) {
/* skip head and start with 1st element */
page++;
--
2.19.1
[PATCH 4.14 42/49] ceph: fix use-after-free on symlink traversal
[ Upstream commit daf5cc27eed99afdea8d96e71b89ba41f5406ef6 ]
free the symlink body after the same RCU delay we have for freeing the
struct inode itself, so that traversal during RCU pathwalk wouldn't step
into freed memory.
Signed-off-by: Al Viro
Reviewed-by: Jeff Layton
Signed-off-by: Ilya Dryomov
Signed-off-by: Sasha Levin (Microsoft)
---
fs/ceph/inode.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/ceph/inode.c b/fs/ceph/inode.c
index a1492bdc6d03..f2b722f0df5d 100644
--- a/fs/ceph/inode.c
+++ b/fs/ceph/inode.c
@@ -520,6 +520,7 @@ static void ceph_i_callback(struct rcu_head *head)
struct inode *inode = container_of(head, struct inode, i_rcu);
struct ceph_inode_info *ci = ceph_inode(inode);
+ kfree(ci->i_symlink);
kmem_cache_free(ceph_inode_cachep, ci);
}
@@ -551,7 +552,6 @@ void ceph_destroy_inode(struct inode *inode)
ceph_put_snap_realm(mdsc, realm);
}
- kfree(ci->i_symlink);
while ((n = rb_first(&ci->i_fragtree)) != NULL) {
frag = rb_entry(n, struct ceph_inode_frag, node);
rb_erase(n, &ci->i_fragtree);
--
2.19.1
Re: Alloc refcount increments to fail
On Thu, May 02, 2019 at 08:26:21AM -0700, Matthew Wilcox wrote:
> +/**
> + * refcount_try_inc - Increment a refcount if it's below INT_MAX
> + * @r: the refcount to increment
> + *
> + * Avoid the counter saturating by declining to increment the counter
> + * if it is more than halfway to saturation.
> + */
> +static inline __must_check bool refcount_try_inc(refcount_t *r)
> +{
> + if (refcount_read(r) < 0)
> + return false;
> + refcount_inc(r);
> + return true;
> +}
So two of those in parallel with have zero protection, won't they?
[PATCH 4.14 47/49] iommu/amd: Reserve exclusion range in iova-domain
[ Upstream commit 8aafaaf2212192012f5bae305bb31cdf7681d777 ]
If a device has an exclusion range specified in the IVRS
table, this region needs to be reserved in the iova-domain
of that device. This hasn't happened until now and can cause
data corruption on data transfered with these devices.
Treat exclusion ranges as reserved regions in the iommu-core
to fix the problem.
Fixes: be2a022c0dd0 ('x86, AMD IOMMU: add functions to parse IOMMU memory
mapping requirements for devices')
Signed-off-by: Joerg Roedel
Reviewed-by: Gary R Hook
Signed-off-by: Sasha Levin (Microsoft)
---
drivers/iommu/amd_iommu.c | 9 ++---
drivers/iommu/amd_iommu_init.c | 7 ---
drivers/iommu/amd_iommu_types.h | 2 ++
3 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/drivers/iommu/amd_iommu.c b/drivers/iommu/amd_iommu.c
index bd339bfe0d15..684f7cdd814b 100644
--- a/drivers/iommu/amd_iommu.c
+++ b/drivers/iommu/amd_iommu.c
@@ -3127,21 +3127,24 @@ static void amd_iommu_get_resv_regions(struct device
*dev,
return;
list_for_each_entry(entry, &amd_iommu_unity_map, list) {
+ int type, prot = 0;
size_t length;
- int prot = 0;
if (devid < entry->devid_start || devid > entry->devid_end)
continue;
+ type = IOMMU_RESV_DIRECT;
length = entry->address_end - entry->address_start;
if (entry->prot & IOMMU_PROT_IR)
prot |= IOMMU_READ;
if (entry->prot & IOMMU_PROT_IW)
prot |= IOMMU_WRITE;
+ if (entry->prot & IOMMU_UNITY_MAP_FLAG_EXCL_RANGE)
+ /* Exclusion range */
+ type = IOMMU_RESV_RESERVED;
region = iommu_alloc_resv_region(entry->address_start,
-length, prot,
-IOMMU_RESV_DIRECT);
+length, prot, type);
if (!region) {
pr_err("Out of memory allocating dm-regions for %s\n",
dev_name(dev));
diff --git a/drivers/iommu/amd_iommu_init.c b/drivers/iommu/amd_iommu_init.c
index b97984a5ddad..91d7718625a6 100644
--- a/drivers/iommu/amd_iommu_init.c
+++ b/drivers/iommu/amd_iommu_init.c
@@ -1980,6 +1980,9 @@ static int __init init_unity_map_range(struct ivmd_header
*m)
if (e == NULL)
return -ENOMEM;
+ if (m->flags & IVMD_FLAG_EXCL_RANGE)
+ init_exclusion_range(m);
+
switch (m->type) {
default:
kfree(e);
@@ -2026,9 +2029,7 @@ static int __init init_memory_definitions(struct
acpi_table_header *table)
while (p < end) {
m = (struct ivmd_header *)p;
- if (m->flags & IVMD_FLAG_EXCL_RANGE)
- init_exclusion_range(m);
- else if (m->flags & IVMD_FLAG_UNITY_MAP)
+ if (m->flags & (IVMD_FLAG_UNITY_MAP | IVMD_FLAG_EXCL_RANGE))
init_unity_map_range(m);
p += m->length;
diff --git a/drivers/iommu/amd_iommu_types.h b/drivers/iommu/amd_iommu_types.h
index f6b24c7d8b70..3054c0971759 100644
--- a/drivers/iommu/amd_iommu_types.h
+++ b/drivers/iommu/amd_iommu_types.h
@@ -369,6 +369,8 @@
#define IOMMU_PROT_IR 0x01
#define IOMMU_PROT_IW 0x02
+#define IOMMU_UNITY_MAP_FLAG_EXCL_RANGE(1 << 2)
+
/* IOMMU capabilities */
#define IOMMU_CAP_IOTLB 24
#define IOMMU_CAP_NPCACHE 26
--
2.19.1
[PATCH 4.14 49/49] leds: pca9532: fix a potential NULL pointer dereference
[ Upstream commit 0aab8e4df4702b31314a27ec4b0631dfad0fae0a ]
In case of_match_device cannot find a match, return -EINVAL to avoid
NULL pointer dereference.
Fixes: fa4191a609f2 ("leds: pca9532: Add device tree support")
Signed-off-by: Kangjie Lu
Signed-off-by: Jacek Anaszewski
Signed-off-by: Sasha Levin (Microsoft)
---
drivers/leds/leds-pca9532.c | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/leds/leds-pca9532.c b/drivers/leds/leds-pca9532.c
index 7fea18b0c15d..7cb4d685a1f1 100644
--- a/drivers/leds/leds-pca9532.c
+++ b/drivers/leds/leds-pca9532.c
@@ -513,6 +513,7 @@ static int pca9532_probe(struct i2c_client *client,
const struct i2c_device_id *id)
{
int devid;
+ const struct of_device_id *of_id;
struct pca9532_data *data = i2c_get_clientdata(client);
struct pca9532_platform_data *pca9532_pdata =
dev_get_platdata(&client->dev);
@@ -528,8 +529,11 @@ static int pca9532_probe(struct i2c_client *client,
dev_err(&client->dev, "no platform data\n");
return -EINVAL;
}
- devid = (int)(uintptr_t)of_match_device(
- of_pca9532_leds_match, &client->dev)->data;
+ of_id = of_match_device(of_pca9532_leds_match,
+ &client->dev);
+ if (unlikely(!of_id))
+ return -EINVAL;
+ devid = (int)(uintptr_t) of_id->data;
} else {
devid = id->driver_data;
}
--
2.19.1
[PATCH 4.14 48/49] ptrace: take into account saved_sigmask in PTRACE{GET,SET}SIGMASK
[ Upstream commit fcfc2aa0185f4a731d05a21e9f359968fdfd02e7 ]
There are a few system calls (pselect, ppoll, etc) which replace a task
sigmask while they are running in a kernel-space
When a task calls one of these syscalls, the kernel saves a current
sigmask in task->saved_sigmask and sets a syscall sigmask.
On syscall-exit-stop, ptrace traps a task before restoring the
saved_sigmask, so PTRACE_GETSIGMASK returns the syscall sigmask and
PTRACE_SETSIGMASK does nothing, because its sigmask is replaced by
saved_sigmask, when the task returns to user-space.
This patch fixes this problem. PTRACE_GETSIGMASK returns saved_sigmask
if it's set. PTRACE_SETSIGMASK drops the TIF_RESTORE_SIGMASK flag.
Link: http://lkml.kernel.org/r/20181120060616.6043-1-ava...@gmail.com
Fixes: 29000caecbe8 ("ptrace: add ability to get/set signal-blocked mask")
Signed-off-by: Andrei Vagin
Acked-by: Oleg Nesterov
Cc: "Eric W. Biederman"
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
Signed-off-by: Sasha Levin (Microsoft)
---
include/linux/sched/signal.h | 18 ++
kernel/ptrace.c | 15 +--
2 files changed, 31 insertions(+), 2 deletions(-)
diff --git a/include/linux/sched/signal.h b/include/linux/sched/signal.h
index fbf86ecd149d..bcaba7e8ca6e 100644
--- a/include/linux/sched/signal.h
+++ b/include/linux/sched/signal.h
@@ -377,10 +377,20 @@ static inline void set_restore_sigmask(void)
set_thread_flag(TIF_RESTORE_SIGMASK);
WARN_ON(!test_thread_flag(TIF_SIGPENDING));
}
+
+static inline void clear_tsk_restore_sigmask(struct task_struct *tsk)
+{
+ clear_tsk_thread_flag(tsk, TIF_RESTORE_SIGMASK);
+}
+
static inline void clear_restore_sigmask(void)
{
clear_thread_flag(TIF_RESTORE_SIGMASK);
}
+static inline bool test_tsk_restore_sigmask(struct task_struct *tsk)
+{
+ return test_tsk_thread_flag(tsk, TIF_RESTORE_SIGMASK);
+}
static inline bool test_restore_sigmask(void)
{
return test_thread_flag(TIF_RESTORE_SIGMASK);
@@ -398,6 +408,10 @@ static inline void set_restore_sigmask(void)
current->restore_sigmask = true;
WARN_ON(!test_thread_flag(TIF_SIGPENDING));
}
+static inline void clear_tsk_restore_sigmask(struct task_struct *tsk)
+{
+ tsk->restore_sigmask = false;
+}
static inline void clear_restore_sigmask(void)
{
current->restore_sigmask = false;
@@ -406,6 +420,10 @@ static inline bool test_restore_sigmask(void)
{
return current->restore_sigmask;
}
+static inline bool test_tsk_restore_sigmask(struct task_struct *tsk)
+{
+ return tsk->restore_sigmask;
+}
static inline bool test_and_clear_restore_sigmask(void)
{
if (!current->restore_sigmask)
diff --git a/kernel/ptrace.c b/kernel/ptrace.c
index 84b1367935e4..f1c85b6c39ae 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
@@ -29,6 +29,7 @@
#include
#include
#include
+#include
/*
* Access another process' address space via ptrace.
@@ -925,18 +926,26 @@ int ptrace_request(struct task_struct *child, long
request,
ret = ptrace_setsiginfo(child, &siginfo);
break;
- case PTRACE_GETSIGMASK:
+ case PTRACE_GETSIGMASK: {
+ sigset_t *mask;
+
if (addr != sizeof(sigset_t)) {
ret = -EINVAL;
break;
}
- if (copy_to_user(datavp, &child->blocked, sizeof(sigset_t)))
+ if (test_tsk_restore_sigmask(child))
+ mask = &child->saved_sigmask;
+ else
+ mask = &child->blocked;
+
+ if (copy_to_user(datavp, mask, sizeof(sigset_t)))
ret = -EFAULT;
else
ret = 0;
break;
+ }
case PTRACE_SETSIGMASK: {
sigset_t new_set;
@@ -962,6 +971,8 @@ int ptrace_request(struct task_struct *child, long request,
child->blocked = new_set;
spin_unlock_irq(&child->sighand->siglock);
+ clear_tsk_restore_sigmask(child);
+
ret = 0;
break;
}
--
2.19.1
[PATCH 4.14 36/49] gpio: aspeed: fix a potential NULL pointer dereference
[ Upstream commit 6cf4511e9729c00a7306cf94085f9cc3c52ee723 ] In case devm_kzalloc, the patch returns ENOMEM to avoid potential NULL pointer dereference. Signed-off-by: Kangjie Lu Reviewed-by: Andrew Jeffery Signed-off-by: Bartosz Golaszewski Signed-off-by: Sasha Levin (Microsoft) --- drivers/gpio/gpio-aspeed.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/gpio/gpio-aspeed.c b/drivers/gpio/gpio-aspeed.c index f03fe916eb9d..f6d1bda8a802 100644 --- a/drivers/gpio/gpio-aspeed.c +++ b/drivers/gpio/gpio-aspeed.c @@ -861,6 +861,8 @@ static int __init aspeed_gpio_probe(struct platform_device *pdev) gpio->offset_timer = devm_kzalloc(&pdev->dev, gpio->chip.ngpio, GFP_KERNEL); + if (!gpio->offset_timer) + return -ENOMEM; return aspeed_gpio_setup_irqs(gpio, pdev); } -- 2.19.1
[PATCH 4.14 35/49] net: ethernet: ti: fix possible object reference leak
[ Upstream commit 75eac7b5f68b0a0671e795ac636457ee27cc11d8 ]
The call to of_get_child_by_name returns a node pointer with refcount
incremented thus it must be explicitly decremented after the last
usage.
Detected by coccinelle with the following warnings:
./drivers/net/ethernet/ti/netcp_ethss.c:3661:2-8: ERROR: missing of_node_put;
acquired a node pointer with refcount incremented on line 3654, but without a
corresponding object release within this function.
./drivers/net/ethernet/ti/netcp_ethss.c:3665:2-8: ERROR: missing of_node_put;
acquired a node pointer with refcount incremented on line 3654, but without a
corresponding object release within this function.
Signed-off-by: Wen Yang
Cc: Wingman Kwok
Cc: Murali Karicheri
Cc: "David S. Miller"
Cc: net...@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: David S. Miller
Signed-off-by: Sasha Levin (Microsoft)
---
drivers/net/ethernet/ti/netcp_ethss.c | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/ti/netcp_ethss.c
b/drivers/net/ethernet/ti/netcp_ethss.c
index 28cb38af1a34..ff7a71ca0b13 100644
--- a/drivers/net/ethernet/ti/netcp_ethss.c
+++ b/drivers/net/ethernet/ti/netcp_ethss.c
@@ -3538,12 +3538,16 @@ static int gbe_probe(struct netcp_device *netcp_device,
struct device *dev,
ret = netcp_txpipe_init(&gbe_dev->tx_pipe, netcp_device,
gbe_dev->dma_chan_name, gbe_dev->tx_queue_id);
- if (ret)
+ if (ret) {
+ of_node_put(interfaces);
return ret;
+ }
ret = netcp_txpipe_open(&gbe_dev->tx_pipe);
- if (ret)
+ if (ret) {
+ of_node_put(interfaces);
return ret;
+ }
/* Create network interfaces */
INIT_LIST_HEAD(&gbe_dev->gbe_intf_head);
--
2.19.1
[PATCH 4.14 32/49] NFS: Fix a typo in nfs_init_timeout_values()
[ Upstream commit 5a698243930c441afccec04e4d5dc8febfd2b775 ]
Specifying a retrans=0 mount parameter to a NFS/TCP mount, is
inadvertently causing the NFS client to rewrite any specified
timeout parameter to the default of 60 seconds.
Fixes: a956beda19a6 ("NFS: Allow the mount option retrans=0")
Signed-off-by: Trond Myklebust
Signed-off-by: Sasha Levin (Microsoft)
---
fs/nfs/client.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/nfs/client.c b/fs/nfs/client.c
index 7d6ddfd60271..a98d64a6eda5 100644
--- a/fs/nfs/client.c
+++ b/fs/nfs/client.c
@@ -459,7 +459,7 @@ void nfs_init_timeout_values(struct rpc_timeout *to, int
proto,
case XPRT_TRANSPORT_RDMA:
if (retrans == NFS_UNSPEC_RETRANS)
to->to_retries = NFS_DEF_TCP_RETRANS;
- if (timeo == NFS_UNSPEC_TIMEO || to->to_retries == 0)
+ if (timeo == NFS_UNSPEC_TIMEO || to->to_initval == 0)
to->to_initval = NFS_DEF_TCP_TIMEO * HZ / 10;
if (to->to_initval > NFS_MAX_TCP_TIMEOUT)
to->to_initval = NFS_MAX_TCP_TIMEOUT;
--
2.19.1
[PATCH 4.14 28/49] staging: rtlwifi: Fix potential NULL pointer dereference of kzalloc
[ Upstream commit 6a8ca24590a2136921439b376c926c11a6effc0e ] phydm.internal is allocated using kzalloc which is used multiple times without a check for NULL pointer. This patch avoids such a scenario by returning 0, consistent with the failure case. Signed-off-by: Aditya Pakki Reviewed-by: Mukesh Ojha Signed-off-by: Greg Kroah-Hartman Signed-off-by: Sasha Levin (Microsoft) --- drivers/staging/rtlwifi/phydm/rtl_phydm.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/staging/rtlwifi/phydm/rtl_phydm.c b/drivers/staging/rtlwifi/phydm/rtl_phydm.c index 85e490d3601f..cab563fefc34 100644 --- a/drivers/staging/rtlwifi/phydm/rtl_phydm.c +++ b/drivers/staging/rtlwifi/phydm/rtl_phydm.c @@ -191,6 +191,8 @@ static int rtl_phydm_init_priv(struct rtl_priv *rtlpriv, rtlpriv->phydm.internal = kzalloc(sizeof(struct phy_dm_struct), GFP_KERNEL); + if (!rtlpriv->phydm.internal) + return 0; _rtl_phydm_init_com_info(rtlpriv, ic, params); -- 2.19.1
[PATCH 4.19 03/72] mm: make page ref count overflow check tighter and more explicit
From: Linus Torvalds
commit f958d7b528b1b40c44cfda5eabe2d82760d868c3 upstream.
We have a VM_BUG_ON() to check that the page reference count doesn't
underflow (or get close to overflow) by checking the sign of the count.
That's all fine, but we actually want to allow people to use a "get page
ref unless it's already very high" helper function, and we want that one
to use the sign of the page ref (without triggering this VM_BUG_ON).
Change the VM_BUG_ON to only check for small underflows (or _very_ close
to overflowing), and ignore overflows which have strayed into negative
territory.
Acked-by: Matthew Wilcox
Cc: Jann Horn
Cc: sta...@kernel.org
Signed-off-by: Linus Torvalds
Signed-off-by: Greg Kroah-Hartman
---
include/linux/mm.h |6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -915,6 +915,10 @@ static inline bool is_device_public_page
}
#endif /* CONFIG_DEV_PAGEMAP_OPS */
+/* 127: arbitrary random number, small enough to assemble well */
+#define page_ref_zero_or_close_to_overflow(page) \
+ ((unsigned int) page_ref_count(page) + 127u <= 127u)
+
static inline void get_page(struct page *page)
{
page = compound_head(page);
@@ -922,7 +926,7 @@ static inline void get_page(struct page
* Getting a normal page or the head of a compound page
* requires to already have an elevated page->_refcount.
*/
- VM_BUG_ON_PAGE(page_ref_count(page) <= 0, page);
+ VM_BUG_ON_PAGE(page_ref_zero_or_close_to_overflow(page), page);
page_ref_inc(page);
}
[PATCH 4.19 04/72] mm: add try_get_page() helper function
From: Linus Torvalds
commit 88b1a17dfc3ed7728316478fae0f5ad508f50397 upstream.
This is the same as the traditional 'get_page()' function, but instead
of unconditionally incrementing the reference count of the page, it only
does so if the count was "safe". It returns whether the reference count
was incremented (and is marked __must_check, since the caller obviously
has to be aware of it).
Also like 'get_page()', you can't use this function unless you already
had a reference to the page. The intent is that you can use this
exactly like get_page(), but in situations where you want to limit the
maximum reference count.
The code currently does an unconditional WARN_ON_ONCE() if we ever hit
the reference count issues (either zero or negative), as a notification
that the conditional non-increment actually happened.
NOTE! The count access for the "safety" check is inherently racy, but
that doesn't matter since the buffer we use is basically half the range
of the reference count (ie we look at the sign of the count).
Acked-by: Matthew Wilcox
Cc: Jann Horn
Cc: sta...@kernel.org
Signed-off-by: Linus Torvalds
Signed-off-by: Greg Kroah-Hartman
---
include/linux/mm.h |9 +
1 file changed, 9 insertions(+)
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -930,6 +930,15 @@ static inline void get_page(struct page
page_ref_inc(page);
}
+static inline __must_check bool try_get_page(struct page *page)
+{
+ page = compound_head(page);
+ if (WARN_ON_ONCE(page_ref_count(page) <= 0))
+ return false;
+ page_ref_inc(page);
+ return true;
+}
+
static inline void put_page(struct page *page)
{
page = compound_head(page);
[PATCH 4.19 08/72] s390: limit brk randomization to 32MB
[ Upstream commit cd479eccd2e057116d504852814402a1e68ead80 ]
For a 64-bit process the randomization of the program break is quite
large with 1GB. That is as big as the randomization of the anonymous
mapping base, for a test case started with '/lib/ld64.so.1 '
it can happen that the heap is placed after the stack. To avoid
this limit the program break randomization to 32MB for 64-bit and
keep 8MB for 31-bit.
Reported-by: Stefan Liebler
Signed-off-by: Martin Schwidefsky
Signed-off-by: Sasha Levin (Microsoft)
---
arch/s390/include/asm/elf.h | 11 +++
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/arch/s390/include/asm/elf.h b/arch/s390/include/asm/elf.h
index 7d22a474a040..f74639a05f0f 100644
--- a/arch/s390/include/asm/elf.h
+++ b/arch/s390/include/asm/elf.h
@@ -252,11 +252,14 @@ do {
\
/*
* Cache aliasing on the latest machines calls for a mapping granularity
- * of 512KB. For 64-bit processes use a 512KB alignment and a randomization
- * of up to 1GB. For 31-bit processes the virtual address space is limited,
- * use no alignment and limit the randomization to 8MB.
+ * of 512KB for the anonymous mapping base. For 64-bit processes use a
+ * 512KB alignment and a randomization of up to 1GB. For 31-bit processes
+ * the virtual address space is limited, use no alignment and limit the
+ * randomization to 8MB.
+ * For the additional randomization of the program break use 32MB for
+ * 64-bit and 8MB for 31-bit.
*/
-#define BRK_RND_MASK (is_compat_task() ? 0x7ffUL : 0x3UL)
+#define BRK_RND_MASK (is_compat_task() ? 0x7ffUL : 0x1fffUL)
#define MMAP_RND_MASK (is_compat_task() ? 0x7ffUL : 0x3ff80UL)
#define MMAP_ALIGN_MASK(is_compat_task() ? 0 : 0x7fUL)
#define STACK_RND_MASK MMAP_RND_MASK
--
2.19.1
[PATCH 4.19 20/72] s390/qeth: fix race when initializing the IP address table
[ Upstream commit 7221b727f0079a32aca91f657141e1de564d4b97 ]
The ucast IP table is utilized by some of the L3-specific sysfs attributes
that qeth_l3_create_device_attributes() provides. So initialize the table
_before_ registering the attributes.
Fixes: ebccc7397e4a ("s390/qeth: add missing hash table initializations")
Signed-off-by: Julian Wiedmann
Signed-off-by: David S. Miller
Signed-off-by: Sasha Levin (Microsoft)
---
drivers/s390/net/qeth_l3_main.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/s390/net/qeth_l3_main.c b/drivers/s390/net/qeth_l3_main.c
index 7f71ca0d08e7..9c5e801b3f6c 100644
--- a/drivers/s390/net/qeth_l3_main.c
+++ b/drivers/s390/net/qeth_l3_main.c
@@ -2586,12 +2586,14 @@ static int qeth_l3_probe_device(struct ccwgroup_device
*gdev)
struct qeth_card *card = dev_get_drvdata(&gdev->dev);
int rc;
+ hash_init(card->ip_htable);
+
if (gdev->dev.type == &qeth_generic_devtype) {
rc = qeth_l3_create_device_attributes(&gdev->dev);
if (rc)
return rc;
}
- hash_init(card->ip_htable);
+
hash_init(card->ip_mc_htable);
card->options.layer2 = 0;
card->info.hwtrap = 0;
--
2.19.1
[PATCH 4.19 07/72] ARM: dts: bcm283x: Fix hdmi hpd gpio pull
[ Upstream commit 544e784188f1dd7c797c70b213385e67d92005b6 ]
Raspberry pi board model B revison 2 have the hot plug detector gpio
active high (and not low as it was in the dts).
Signed-off-by: Helen Koike
Fixes: 49ac67e0c39c ("ARM: bcm2835: Add VC4 to the device tree.")
Reviewed-by: Eric Anholt
Signed-off-by: Eric Anholt
Signed-off-by: Sasha Levin (Microsoft)
---
arch/arm/boot/dts/bcm2835-rpi-b-rev2.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/bcm2835-rpi-b-rev2.dts
b/arch/arm/boot/dts/bcm2835-rpi-b-rev2.dts
index 5641d162dfdb..28e7513ce617 100644
--- a/arch/arm/boot/dts/bcm2835-rpi-b-rev2.dts
+++ b/arch/arm/boot/dts/bcm2835-rpi-b-rev2.dts
@@ -93,7 +93,7 @@
};
&hdmi {
- hpd-gpios = <&gpio 46 GPIO_ACTIVE_LOW>;
+ hpd-gpios = <&gpio 46 GPIO_ACTIVE_HIGH>;
};
&pwm {
--
2.19.1
[PATCH 4.19 12/72] qlcnic: Avoid potential NULL pointer dereference
[ Upstream commit 5bf7295fe34a5251b1d241b9736af4697b590670 ]
netdev_alloc_skb can fail and return a NULL pointer which is
dereferenced without a check. The patch avoids such a scenario.
Signed-off-by: Aditya Pakki
Signed-off-by: David S. Miller
Signed-off-by: Sasha Levin (Microsoft)
---
drivers/net/ethernet/qlogic/qlcnic/qlcnic_ethtool.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_ethtool.c
b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_ethtool.c
index 3b0adda7cc9c..a4cd6f2cfb86 100644
--- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_ethtool.c
+++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_ethtool.c
@@ -1048,6 +1048,8 @@ int qlcnic_do_lb_test(struct qlcnic_adapter *adapter, u8
mode)
for (i = 0; i < QLCNIC_NUM_ILB_PKT; i++) {
skb = netdev_alloc_skb(adapter->netdev, QLCNIC_ILB_PKT_SIZE);
+ if (!skb)
+ break;
qlcnic_create_loopback_buff(skb->data, adapter->mac_addr);
skb_put(skb, QLCNIC_ILB_PKT_SIZE);
adapter->ahw->diag_cnt = 0;
--
2.19.1
[PATCH 4.19 27/72] usb: dwc3: pci: add support for Comet Lake PCH ID
[ Upstream commit 7ae622c978db6b2e28b4fced6ecd2a174492059d ]
This patch simply adds a new PCI Device ID
Signed-off-by: Felipe Balbi
Signed-off-by: Sasha Levin (Microsoft)
---
drivers/usb/dwc3/dwc3-pci.c | 4
1 file changed, 4 insertions(+)
diff --git a/drivers/usb/dwc3/dwc3-pci.c b/drivers/usb/dwc3/dwc3-pci.c
index fdc6e4e403e8..8cced3609e24 100644
--- a/drivers/usb/dwc3/dwc3-pci.c
+++ b/drivers/usb/dwc3/dwc3-pci.c
@@ -29,6 +29,7 @@
#define PCI_DEVICE_ID_INTEL_BXT_M 0x1aaa
#define PCI_DEVICE_ID_INTEL_APL0x5aaa
#define PCI_DEVICE_ID_INTEL_KBP0xa2b0
+#define PCI_DEVICE_ID_INTEL_CMLH 0x02ee
#define PCI_DEVICE_ID_INTEL_GLK0x31aa
#define PCI_DEVICE_ID_INTEL_CNPLP 0x9dee
#define PCI_DEVICE_ID_INTEL_CNPH 0xa36e
@@ -305,6 +306,9 @@ static const struct pci_device_id dwc3_pci_id_table[] = {
{ PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_MRFLD),
(kernel_ulong_t) &dwc3_pci_mrfld_properties, },
+ { PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_CMLH),
+ (kernel_ulong_t) &dwc3_pci_intel_properties, },
+
{ PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_SPTLP),
(kernel_ulong_t) &dwc3_pci_intel_properties, },
--
2.19.1
Alloc refcount increments to fail
In the comments section of a recent LWN article [1], Neil asked if we
could have a way for refcount users to avoid getting to the saturated
state if they have a way of handling fallback gracefully. Here's an
attempt to provide that functionality. I'm not sure it's compatible
with Kees' "x86/asm: Implement fast refcount overflow protection", but
I thought I'd send it out anyway so people who have thought about this
more deeply than I have can tell me if it's an idea worth pursuing or not.
[1] https://lwn.net/Articles/786044/
diff --git a/include/linux/refcount.h b/include/linux/refcount.h
index e28cce21bad6..c4b15b5ec084 100644
--- a/include/linux/refcount.h
+++ b/include/linux/refcount.h
@@ -108,6 +108,21 @@ static inline void refcount_dec(refcount_t *r)
# endif /* !CONFIG_ARCH_HAS_REFCOUNT */
#endif /* CONFIG_REFCOUNT_FULL */
+/**
+ * refcount_try_inc - Increment a refcount if it's below INT_MAX
+ * @r: the refcount to increment
+ *
+ * Avoid the counter saturating by declining to increment the counter
+ * if it is more than halfway to saturation.
+ */
+static inline __must_check bool refcount_try_inc(refcount_t *r)
+{
+ if (refcount_read(r) < 0)
+ return false;
+ refcount_inc(r);
+ return true;
+}
+
extern __must_check bool refcount_dec_if_one(refcount_t *r);
extern __must_check bool refcount_dec_not_one(refcount_t *r);
extern __must_check bool refcount_dec_and_mutex_lock(refcount_t *r, struct
mutex *lock);
[PATCH 4.19 37/72] staging: rtl8188eu: Fix potential NULL pointer dereference of kcalloc
[ Upstream commit 7671ce0d92933762f469266daf43bd34d422d58c ]
hwxmits is allocated via kcalloc and not checked for failure before its
dereference. The patch fixes this problem by returning error upstream
in rtl8723bs, rtl8188eu.
Signed-off-by: Aditya Pakki
Acked-by: Mukesh Ojha
Reviewed-by: Hans de Goede
Signed-off-by: Greg Kroah-Hartman
Signed-off-by: Sasha Levin (Microsoft)
---
drivers/staging/rtl8188eu/core/rtw_xmit.c| 9 +++--
drivers/staging/rtl8188eu/include/rtw_xmit.h | 2 +-
drivers/staging/rtl8723bs/core/rtw_xmit.c| 14 +++---
drivers/staging/rtl8723bs/include/rtw_xmit.h | 2 +-
4 files changed, 16 insertions(+), 11 deletions(-)
diff --git a/drivers/staging/rtl8188eu/core/rtw_xmit.c
b/drivers/staging/rtl8188eu/core/rtw_xmit.c
index 2130d78e0d9f..dd9b02d316f3 100644
--- a/drivers/staging/rtl8188eu/core/rtw_xmit.c
+++ b/drivers/staging/rtl8188eu/core/rtw_xmit.c
@@ -178,7 +178,9 @@ s32 _rtw_init_xmit_priv(struct xmit_priv *pxmitpriv, struct
adapter *padapter)
pxmitpriv->free_xmit_extbuf_cnt = num_xmit_extbuf;
- rtw_alloc_hwxmits(padapter);
+ res = rtw_alloc_hwxmits(padapter);
+ if (res == _FAIL)
+ goto exit;
rtw_init_hwxmits(pxmitpriv->hwxmits, pxmitpriv->hwxmit_entry);
for (i = 0; i < 4; i++)
@@ -1502,7 +1504,7 @@ s32 rtw_xmit_classifier(struct adapter *padapter, struct
xmit_frame *pxmitframe)
return res;
}
-void rtw_alloc_hwxmits(struct adapter *padapter)
+s32 rtw_alloc_hwxmits(struct adapter *padapter)
{
struct hw_xmit *hwxmits;
struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
@@ -1511,6 +1513,8 @@ void rtw_alloc_hwxmits(struct adapter *padapter)
pxmitpriv->hwxmits = kcalloc(pxmitpriv->hwxmit_entry,
sizeof(struct hw_xmit), GFP_KERNEL);
+ if (!pxmitpriv->hwxmits)
+ return _FAIL;
hwxmits = pxmitpriv->hwxmits;
@@ -1518,6 +1522,7 @@ void rtw_alloc_hwxmits(struct adapter *padapter)
hwxmits[1] .sta_queue = &pxmitpriv->vi_pending;
hwxmits[2] .sta_queue = &pxmitpriv->be_pending;
hwxmits[3] .sta_queue = &pxmitpriv->bk_pending;
+ return _SUCCESS;
}
void rtw_free_hwxmits(struct adapter *padapter)
diff --git a/drivers/staging/rtl8188eu/include/rtw_xmit.h
b/drivers/staging/rtl8188eu/include/rtw_xmit.h
index 788f59c74ea1..ba7e15fbde72 100644
--- a/drivers/staging/rtl8188eu/include/rtw_xmit.h
+++ b/drivers/staging/rtl8188eu/include/rtw_xmit.h
@@ -336,7 +336,7 @@ s32 rtw_txframes_sta_ac_pending(struct adapter *padapter,
void rtw_init_hwxmits(struct hw_xmit *phwxmit, int entry);
s32 _rtw_init_xmit_priv(struct xmit_priv *pxmitpriv, struct adapter *padapter);
void _rtw_free_xmit_priv(struct xmit_priv *pxmitpriv);
-void rtw_alloc_hwxmits(struct adapter *padapter);
+s32 rtw_alloc_hwxmits(struct adapter *padapter);
void rtw_free_hwxmits(struct adapter *padapter);
s32 rtw_xmit(struct adapter *padapter, struct sk_buff **pkt);
diff --git a/drivers/staging/rtl8723bs/core/rtw_xmit.c
b/drivers/staging/rtl8723bs/core/rtw_xmit.c
index edb678190b4b..16291de5c0d9 100644
--- a/drivers/staging/rtl8723bs/core/rtw_xmit.c
+++ b/drivers/staging/rtl8723bs/core/rtw_xmit.c
@@ -260,7 +260,9 @@ s32 _rtw_init_xmit_priv(struct xmit_priv *pxmitpriv, struct
adapter *padapter)
}
}
- rtw_alloc_hwxmits(padapter);
+ res = rtw_alloc_hwxmits(padapter);
+ if (res == _FAIL)
+ goto exit;
rtw_init_hwxmits(pxmitpriv->hwxmits, pxmitpriv->hwxmit_entry);
for (i = 0; i < 4; i++) {
@@ -2144,7 +2146,7 @@ s32 rtw_xmit_classifier(struct adapter *padapter, struct
xmit_frame *pxmitframe)
return res;
}
-void rtw_alloc_hwxmits(struct adapter *padapter)
+s32 rtw_alloc_hwxmits(struct adapter *padapter)
{
struct hw_xmit *hwxmits;
struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
@@ -2155,10 +2157,8 @@ void rtw_alloc_hwxmits(struct adapter *padapter)
pxmitpriv->hwxmits = rtw_zmalloc(sizeof(struct hw_xmit) *
pxmitpriv->hwxmit_entry);
- if (pxmitpriv->hwxmits == NULL) {
- DBG_871X("alloc hwxmits fail!...\n");
- return;
- }
+ if (!pxmitpriv->hwxmits)
+ return _FAIL;
hwxmits = pxmitpriv->hwxmits;
@@ -2204,7 +2204,7 @@ void rtw_alloc_hwxmits(struct adapter *padapter)
}
-
+ return _SUCCESS;
}
void rtw_free_hwxmits(struct adapter *padapter)
diff --git a/drivers/staging/rtl8723bs/include/rtw_xmit.h
b/drivers/staging/rtl8723bs/include/rtw_xmit.h
index a75b668d09a6..021c72361fbb 100644
--- a/drivers/staging/rtl8723bs/include/rtw_xmit.h
+++ b/drivers/staging/rtl8723bs/include/rtw_xmit.h
@@ -486,7 +486,7 @@ s32 _rtw_init_xmit_priv(struct xmit_priv *pxmitpriv, struct
adapter *padapter);
void _rtw_free_xmit_priv (struct xmit_priv *pxmitpriv);
-void rtw_alloc_hwxmits(struct adapter *padapter);
+s32 rtw_alloc_hwxmits(struct a
[PATCH 4.19 34/72] net: ks8851: Reassert reset pin if chip ID check fails
[ Upstream commit 761cfa979a0c177d6c2d93ef5585cd79ae49a7d5 ]
Commit 73fdeb82e963 ("net: ks8851: Add optional vdd_io regulator and
reset gpio") amended the ks8851 driver to briefly assert the chip's
reset pin on probe. It also amended the probe routine's error path to
reassert the reset pin if a subsequent initialization step fails.
However the commit misplaced reassertion of the reset pin in the error
path such that it is not performed if the check of the Chip ID and
Enable Register (CIDER) fails. The error path is therefore slightly
asymmetrical to the probe routine's body. Fix it.
Signed-off-by: Lukas Wunner
Cc: Frank Pavlic
Cc: Stephen Boyd
Cc: Nishanth Menon
Signed-off-by: David S. Miller
Signed-off-by: Sasha Levin (Microsoft)
---
drivers/net/ethernet/micrel/ks8851.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/micrel/ks8851.c
b/drivers/net/ethernet/micrel/ks8851.c
index a93f8e842c07..1633fa5c709c 100644
--- a/drivers/net/ethernet/micrel/ks8851.c
+++ b/drivers/net/ethernet/micrel/ks8851.c
@@ -1554,9 +1554,9 @@ static int ks8851_probe(struct spi_device *spi)
free_irq(ndev->irq, ks);
err_irq:
+err_id:
if (gpio_is_valid(gpio))
gpio_set_value(gpio, 0);
-err_id:
regulator_disable(ks->vdd_reg);
err_reg:
regulator_disable(ks->vdd_io);
--
2.19.1
[PATCH 4.19 39/72] staging: rtl8712: uninitialized memory in read_bbreg_hdl()
[ Upstream commit 22c971db7dd4b0ad8dd88e99c407f7a1f4231a2e ]
Colin King reported a bug in read_bbreg_hdl():
memcpy(pcmd->rsp, (u8 *)&val, pcmd->rspsz);
The problem is that "val" is uninitialized.
This code is obviously not useful, but so far as I can tell
"pcmd->cmdcode" is never GEN_CMD_CODE(_Read_BBREG) so it's not harmful
either. For now the easiest fix is to just call r8712_free_cmd_obj()
and return.
Fixes: 2865d42c78a9 ("staging: r8712u: Add the new driver to the mainline
kernel")
Reported-by: Colin Ian King
Signed-off-by: Dan Carpenter
Signed-off-by: Greg Kroah-Hartman
Signed-off-by: Sasha Levin (Microsoft)
---
drivers/staging/rtl8712/rtl8712_cmd.c | 10 +-
drivers/staging/rtl8712/rtl8712_cmd.h | 2 +-
2 files changed, 2 insertions(+), 10 deletions(-)
diff --git a/drivers/staging/rtl8712/rtl8712_cmd.c
b/drivers/staging/rtl8712/rtl8712_cmd.c
index b1dfe9f46619..63bc811681d9 100644
--- a/drivers/staging/rtl8712/rtl8712_cmd.c
+++ b/drivers/staging/rtl8712/rtl8712_cmd.c
@@ -159,17 +159,9 @@ static u8 write_macreg_hdl(struct _adapter *padapter, u8
*pbuf)
static u8 read_bbreg_hdl(struct _adapter *padapter, u8 *pbuf)
{
- u32 val;
- void (*pcmd_callback)(struct _adapter *dev, struct cmd_obj *pcmd);
struct cmd_obj *pcmd = (struct cmd_obj *)pbuf;
- if (pcmd->rsp && pcmd->rspsz > 0)
- memcpy(pcmd->rsp, (u8 *)&val, pcmd->rspsz);
- pcmd_callback = cmd_callback[pcmd->cmdcode].callback;
- if (!pcmd_callback)
- r8712_free_cmd_obj(pcmd);
- else
- pcmd_callback(padapter, pcmd);
+ r8712_free_cmd_obj(pcmd);
return H2C_SUCCESS;
}
diff --git a/drivers/staging/rtl8712/rtl8712_cmd.h
b/drivers/staging/rtl8712/rtl8712_cmd.h
index 9181bb6b04c3..a101a0a50955 100644
--- a/drivers/staging/rtl8712/rtl8712_cmd.h
+++ b/drivers/staging/rtl8712/rtl8712_cmd.h
@@ -152,7 +152,7 @@ enum rtl8712_h2c_cmd {
static struct _cmd_callbackcmd_callback[] = {
{GEN_CMD_CODE(_Read_MACREG), NULL}, /*0*/
{GEN_CMD_CODE(_Write_MACREG), NULL},
- {GEN_CMD_CODE(_Read_BBREG), &r8712_getbbrfreg_cmdrsp_callback},
+ {GEN_CMD_CODE(_Read_BBREG), NULL},
{GEN_CMD_CODE(_Write_BBREG), NULL},
{GEN_CMD_CODE(_Read_RFREG), &r8712_getbbrfreg_cmdrsp_callback},
{GEN_CMD_CODE(_Write_RFREG), NULL}, /*5*/
--
2.19.1
[PATCH 4.19 38/72] staging: rtlwifi: rtl8822b: fix to avoid potential NULL pointer dereference
[ Upstream commit d70d70aec9632679dd00dcc1b1e8b2517e2c7da0 ] skb allocated via dev_alloc_skb can fail and return a NULL pointer. This patch avoids such a scenario and returns, consistent with other invocations. Signed-off-by: Aditya Pakki Reviewed-by: Mukesh Ojha Signed-off-by: Greg Kroah-Hartman Signed-off-by: Sasha Levin (Microsoft) --- drivers/staging/rtlwifi/rtl8822be/fw.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/staging/rtlwifi/rtl8822be/fw.c b/drivers/staging/rtlwifi/rtl8822be/fw.c index a40396614814..c1ed52df05f0 100644 --- a/drivers/staging/rtlwifi/rtl8822be/fw.c +++ b/drivers/staging/rtlwifi/rtl8822be/fw.c @@ -741,6 +741,8 @@ void rtl8822be_set_fw_rsvdpagepkt(struct ieee80211_hw *hw, bool b_dl_finished) u1_rsvd_page_loc, 3); skb = dev_alloc_skb(totalpacketlen); + if (!skb) + return; memcpy((u8 *)skb_put(skb, totalpacketlen), &reserved_page_packet, totalpacketlen); -- 2.19.1
[PATCH 4.19 13/72] xsk: fix umem memory leak on cleanup
[ Upstream commit 044175a06706d516aa42874bb44dbbfc3c4d20eb ]
When the umem is cleaned up, the task that created it might already be
gone. If the task was gone, the xdp_umem_release function did not free
the pages member of struct xdp_umem.
It turned out that the task lookup was not needed at all; The code was
a left-over when we moved from task accounting to user accounting [1].
This patch fixes the memory leak by removing the task lookup logic
completely.
[1] https://lore.kernel.org/netdev/20180131135356.19134-3-bjorn.to...@gmail.com/
Link:
https://lore.kernel.org/netdev/c1cb2ca8-6a14-3980-8672-f3de0bb38...@suse.cz/
Fixes: c0c77d8fb787 ("xsk: add user memory registration support sockopt")
Reported-by: Jiri Slaby
Signed-off-by: Björn Töpel
Signed-off-by: Daniel Borkmann
Signed-off-by: Sasha Levin (Microsoft)
---
include/net/xdp_sock.h | 1 -
net/xdp/xdp_umem.c | 19 +--
2 files changed, 1 insertion(+), 19 deletions(-)
diff --git a/include/net/xdp_sock.h b/include/net/xdp_sock.h
index 7161856bcf9c..c2c10cc9ffa0 100644
--- a/include/net/xdp_sock.h
+++ b/include/net/xdp_sock.h
@@ -34,7 +34,6 @@ struct xdp_umem {
u32 headroom;
u32 chunk_size_nohr;
struct user_struct *user;
- struct pid *pid;
unsigned long address;
refcount_t users;
struct work_struct work;
diff --git a/net/xdp/xdp_umem.c b/net/xdp/xdp_umem.c
index bfe2dbea480b..a3b037fbfecd 100644
--- a/net/xdp/xdp_umem.c
+++ b/net/xdp/xdp_umem.c
@@ -152,9 +152,6 @@ static void xdp_umem_unaccount_pages(struct xdp_umem *umem)
static void xdp_umem_release(struct xdp_umem *umem)
{
- struct task_struct *task;
- struct mm_struct *mm;
-
xdp_umem_clear_dev(umem);
if (umem->fq) {
@@ -169,21 +166,10 @@ static void xdp_umem_release(struct xdp_umem *umem)
xdp_umem_unpin_pages(umem);
- task = get_pid_task(umem->pid, PIDTYPE_PID);
- put_pid(umem->pid);
- if (!task)
- goto out;
- mm = get_task_mm(task);
- put_task_struct(task);
- if (!mm)
- goto out;
-
- mmput(mm);
kfree(umem->pages);
umem->pages = NULL;
xdp_umem_unaccount_pages(umem);
-out:
kfree(umem);
}
@@ -312,7 +298,6 @@ static int xdp_umem_reg(struct xdp_umem *umem, struct
xdp_umem_reg *mr)
if (size_chk < 0)
return -EINVAL;
- umem->pid = get_task_pid(current, PIDTYPE_PID);
umem->address = (unsigned long)addr;
umem->props.chunk_mask = ~((u64)chunk_size - 1);
umem->props.size = size;
@@ -328,7 +313,7 @@ static int xdp_umem_reg(struct xdp_umem *umem, struct
xdp_umem_reg *mr)
err = xdp_umem_account_pages(umem);
if (err)
- goto out;
+ return err;
err = xdp_umem_pin_pages(umem);
if (err)
@@ -347,8 +332,6 @@ static int xdp_umem_reg(struct xdp_umem *umem, struct
xdp_umem_reg *mr)
out_account:
xdp_umem_unaccount_pages(umem);
-out:
- put_pid(umem->pid);
return err;
}
--
2.19.1
[PATCH 4.19 32/72] i2c: i801: Add support for Intel Comet Lake
[ Upstream commit 5cd1c56c42beb6d228cc8d4373fdc5f5ec78a5ad ]
Add PCI ID for Intel Comet Lake PCH.
Signed-off-by: Jarkko Nikula
Reviewed-by: Jean Delvare
Signed-off-by: Wolfram Sang
Signed-off-by: Sasha Levin (Microsoft)
---
Documentation/i2c/busses/i2c-i801 | 1 +
drivers/i2c/busses/Kconfig| 1 +
drivers/i2c/busses/i2c-i801.c | 4
3 files changed, 6 insertions(+)
diff --git a/Documentation/i2c/busses/i2c-i801
b/Documentation/i2c/busses/i2c-i801
index d1ee484a787d..ee9984f35868 100644
--- a/Documentation/i2c/busses/i2c-i801
+++ b/Documentation/i2c/busses/i2c-i801
@@ -36,6 +36,7 @@ Supported adapters:
* Intel Cannon Lake (PCH)
* Intel Cedar Fork (PCH)
* Intel Ice Lake (PCH)
+ * Intel Comet Lake (PCH)
Datasheets: Publicly available at the Intel website
On Intel Patsburg and later chipsets, both the normal host SMBus controller
diff --git a/drivers/i2c/busses/Kconfig b/drivers/i2c/busses/Kconfig
index ac4b09642f63..8f803812ea24 100644
--- a/drivers/i2c/busses/Kconfig
+++ b/drivers/i2c/busses/Kconfig
@@ -131,6 +131,7 @@ config I2C_I801
Cannon Lake (PCH)
Cedar Fork (PCH)
Ice Lake (PCH)
+ Comet Lake (PCH)
This driver can also be built as a module. If so, the module
will be called i2c-i801.
diff --git a/drivers/i2c/busses/i2c-i801.c b/drivers/i2c/busses/i2c-i801.c
index c91e145ef5a5..679c6c41f64b 100644
--- a/drivers/i2c/busses/i2c-i801.c
+++ b/drivers/i2c/busses/i2c-i801.c
@@ -71,6 +71,7 @@
* Cannon Lake-LP (PCH)0x9da3 32 hardyes yes
yes
* Cedar Fork (PCH)0x18df 32 hardyes yes yes
* Ice Lake-LP (PCH) 0x34a3 32 hardyes yes yes
+ * Comet Lake (PCH)0x02a3 32 hardyes yes yes
*
* Features supported by this driver:
* Software PECno
@@ -240,6 +241,7 @@
#define PCI_DEVICE_ID_INTEL_LEWISBURG_SSKU_SMBUS 0xa223
#define PCI_DEVICE_ID_INTEL_KABYLAKE_PCH_H_SMBUS 0xa2a3
#define PCI_DEVICE_ID_INTEL_CANNONLAKE_H_SMBUS 0xa323
+#define PCI_DEVICE_ID_INTEL_COMETLAKE_SMBUS0x02a3
struct i801_mux_config {
char *gpio_chip;
@@ -1038,6 +1040,7 @@ static const struct pci_device_id i801_ids[] = {
{ PCI_DEVICE(PCI_VENDOR_ID_INTEL,
PCI_DEVICE_ID_INTEL_CANNONLAKE_H_SMBUS) },
{ PCI_DEVICE(PCI_VENDOR_ID_INTEL,
PCI_DEVICE_ID_INTEL_CANNONLAKE_LP_SMBUS) },
{ PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICELAKE_LP_SMBUS)
},
+ { PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_COMETLAKE_SMBUS)
},
{ 0, }
};
@@ -1534,6 +1537,7 @@ static int i801_probe(struct pci_dev *dev, const struct
pci_device_id *id)
case PCI_DEVICE_ID_INTEL_DNV_SMBUS:
case PCI_DEVICE_ID_INTEL_KABYLAKE_PCH_H_SMBUS:
case PCI_DEVICE_ID_INTEL_ICELAKE_LP_SMBUS:
+ case PCI_DEVICE_ID_INTEL_COMETLAKE_SMBUS:
priv->features |= FEATURE_I2C_BLOCK_READ;
priv->features |= FEATURE_IRQ;
priv->features |= FEATURE_SMBUS_PEC;
--
2.19.1
