Re: [PATCH v2 3/5] KVM: s390: vsie: Allow support for a host without AP
On 23.08.2018 08:44, Pierre Morel wrote:
> On 22/08/2018 19:06, David Hildenbrand wrote:
>> On 22.08.2018 18:51, Pierre Morel wrote:
>>> Currently the CRYCB format used in the host for the
>>> shadowed CRYCB is FORMAT2 while no check is done if
>>> AP instructions are supported in the host.
>>>
>>> We better use the format the host calculated for the
>>> guest 1 as the host already tested it against its
>>> facility set.
>>>
>>> Signed-off-by: Pierre Morel
>>> ---
>>> arch/s390/kvm/vsie.c | 5 +++--
>>> 1 file changed, 3 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/arch/s390/kvm/vsie.c b/arch/s390/kvm/vsie.c
>>> index 56a9d47..0b12916 100644
>>> --- a/arch/s390/kvm/vsie.c
>>> +++ b/arch/s390/kvm/vsie.c
>>> @@ -154,6 +154,7 @@ static int shadow_crycb(struct kvm_vcpu *vcpu, struct
>>> vsie_page *vsie_page)
>>> const u32 crycb_addr = crycbd_o & 0x7ff8U;
>>> unsigned long *b1, *b2;
>>> u8 ecb3_flags;
>>> + unsigned long g1_fmt;
>>>
>>> scb_s->crycbd = 0;
>>> if (!(crycbd_o == CRYCB_FORMAT1))
>>> @@ -180,8 +181,8 @@ static int shadow_crycb(struct kvm_vcpu *vcpu, struct
>>> vsie_page *vsie_page)
>>> return set_validity_icpt(scb_s, 0x0035U);
>>>
>>> scb_s->ecb3 |= ecb3_flags;
>>> - scb_s->crycbd = ((__u32)(__u64) &vsie_page->crycb) | CRYCB_FORMAT1 |
>>> - CRYCB_FORMAT2;
>>> + g1_fmt = vcpu->arch.sie_block->crycbd & 0x03;
>>> + scb_s->crycbd = ((__u32)(__u64) &vsie_page->crycb) | g1_fmt;
>>>
>>> /* xor both blocks in one run */
>>> b1 = (unsigned long *) vsie_page->crycb.dea_wrapping_key_mask;
>>>
>>
>> This is wrong. I remember that with APXA, if FORMAT2 is available, we
>> should always use FORMAT2. That's why we explicitly convert it here.
>>
>
> You are right if FORMAT2 is available we should use FORMAT2
> but the intention here is to use what KVM crypto init function did,
> assuming it did the right thing.
>
> Eventually we are running on a host without AP and we should use FORMAT1.
>
> Isn't it correct?
Yes and no :)
No APXA -> FORMAT2 bit is ignored (and that is one of the reasons why I
am being so strict about simulating HW behavior correctly in nested code
:) )
This only holds as long as we are not using AP. Because from a MSA3
perspective, FORMAT1==FORMAT2 (apart from the length/alignment, which is
fine for us).
Once we support AP (via ECA.28), we'll properly have to create either a
Format0/Format1/Format2. Then, there is actually a semantically
difference ("different fields used").
>
> Regards,
> Pierre
>
>
--
Thanks,
David / dhildenb
Re: please revert commit ce8556cca6 "kbuild: verify that $DEPMOD is installed" introduced in v4.18.4.
Hi Randy, > Am 23.08.2018 um 03:07 schrieb Randy Dunlap : > > On 08/22/2018 05:39 PM, Dmitry Torokhov wrote: >> On Wed, Aug 22, 2018 at 4:35 PM Randy Dunlap wrote: >>> >>> On 08/22/2018 11:53 AM, H. Nikolaus Schaller wrote: This patch requires that /sbin/depmod is installed and installable on the build host. But not all build hosts for cross compiling Linux are Linux systems and are able to provide a working port of depmod, especially at the file patch /sbin/depmod. I use, for example, a Darwin system to cross compile Linux and I run depmod -a on the embedded system once, after installing a new Linux kernel there. I have no problem with seeing a warning, but aborting the build process is IMHO a bad idea since the previous behaviour didn't harm many people as far as I see. Probably 99% of people compiling Linux kernels do that on Linux and 99% of those have depmod installed for optimal operation of their build host. So IMHO printing the warning is good enough. >>> >>> Thanks for the report and sorry about the problem. >>> >>> I'm OK with changing the error to a warning. >>> Does the patch below work for you? >> >> Why would one want a warning on a host that never runs "make >> modules_install"? >> Can this check be only done when we actually try to install modules? > > > So Nikolaus: how do you provoke this problem that you are reporting? > It's not just a theoretical problem, is it? > > The way that I read the top-level Makefile, this check for $DEPMOD only > happens > when you run "make modules_install". Yes, we run on the build host make letux_defconfig dtbs uImage INSTALL_MOD_PATH=/tmp/kernel-modules-$$ modules modules_install and then scp the files from /tmp/kernel-modules-$$ to the embedded device. Or pack into some installable file setfor download on our server. So we run modules_install on the build host as well to copy the modules into the correct hierarchy and give it the correct lib/modules/ prefix. I would have to duplicate this what module_install does in some wrapper script. BTW: it is a standard technique described by others: http://labs.isee.biz/index.php/The_Linux_kernel#IGEP_Boards_based_on_Texas_Instruments_.C2.A0Processors make ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- modules_install INSTALL_MOD_PATH=/media/user/rootfs http://en.gnublin.org/index.php/Kernel_compile_%2B_Module_installation#Compile_the_modules mkdir kernel_archiv make modules_install INSTALL_MOD_PATH=kernel_archiv cp arch/arm/boot/zImage kernel_archiv cd kernel_archiv tar cfvz kernel.tar.gz zImage lib/ All these descriptions will now break if run on a host without /sbin/depmod installed. BR and thanks, Nikolaus
Re: [PATCH v2 5/5] KVM: s390: vsie: Do the CRYCB validation first
On 22/08/2018 19:15, David Hildenbrand wrote: On 22.08.2018 18:51, Pierre Morel wrote: When entering the SIE the CRYCB validation better be done independently of the instruction's availability. Signed-off-by: Pierre Morel --- arch/s390/kvm/vsie.c | 11 ++- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/arch/s390/kvm/vsie.c b/arch/s390/kvm/vsie.c index 7ee4329..fca25aa 100644 --- a/arch/s390/kvm/vsie.c +++ b/arch/s390/kvm/vsie.c @@ -164,17 +164,18 @@ static int shadow_crycb(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page) /* format-1 is supported with message-security-assist extension 3 */ if (!test_kvm_facility(vcpu->kvm, 76)) return 0; - /* we may only allow it if enabled for guest 2 */ - ecb3_flags = scb_o->ecb3 & vcpu->arch.sie_block->ecb3 & -(ECB3_AES | ECB3_DEA); - if (!ecb3_flags) - return 0; if ((crycb_addr & PAGE_MASK) != ((crycb_addr + 128) & PAGE_MASK)) return set_validity_icpt(scb_s, 0x003CU); if (!crycb_addr) return set_validity_icpt(scb_s, 0x0039U); + /* we may only allow it if enabled for guest 2 */ + ecb3_flags = scb_o->ecb3 & vcpu->arch.sie_block->ecb3 & +(ECB3_AES | ECB3_DEA); + if (!ecb3_flags) + return 0; + /* copy only the wrapping keys */ if (read_guest_real(vcpu, crycb_addr + 72, vsie_page->crycb.dea_wrapping_key_mask, 56)) That makes sense, especially if ECB3_AES is used but effectively turned off by us. What is the expected behavior if ECB3_AES | ECB3_DEA are not set by g2 for g3? The use of functions PCKMO-Encrypt-DEA/AES induce a specification error. However other MSA3 function will continue to be usable. Regards, Pierre -- Pierre Morel Linux/KVM/QEMU in Böblingen - Germany
Re: please revert commit ce8556cca6 "kbuild: verify that $DEPMOD is installed" introduced in v4.18.4.
2018-08-23 10:07 GMT+09:00 Randy Dunlap : > On 08/22/2018 05:39 PM, Dmitry Torokhov wrote: >> On Wed, Aug 22, 2018 at 4:35 PM Randy Dunlap wrote: >>> >>> On 08/22/2018 11:53 AM, H. Nikolaus Schaller wrote: This patch requires that /sbin/depmod is installed and installable on the build host. But not all build hosts for cross compiling Linux are Linux systems and are able to provide a working port of depmod, especially at the file patch /sbin/depmod. I use, for example, a Darwin system to cross compile Linux and I run depmod -a on the embedded system once, after installing a new Linux kernel there. I have no problem with seeing a warning, but aborting the build process is IMHO a bad idea since the previous behaviour didn't harm many people as far as I see. Probably 99% of people compiling Linux kernels do that on Linux and 99% of those have depmod installed for optimal operation of their build host. So IMHO printing the warning is good enough. >>> >>> Thanks for the report and sorry about the problem. >>> >>> I'm OK with changing the error to a warning. >>> Does the patch below work for you? >> >> Why would one want a warning on a host that never runs "make >> modules_install"? >> Can this check be only done when we actually try to install modules? > > > So Nikolaus: how do you provoke this problem that you are reporting? > It's not just a theoretical problem, is it? > > The way that I read the top-level Makefile, this check for $DEPMOD only > happens > when you run "make modules_install". > > -- > ~Randy Unless I am misunderstanding, he wants to use "make modules_install" just for copying modules. Then, he will run depmod on the target system later. -- Best Regards Masahiro Yamada
Re: [PATCH v5 3/4] x86/boot/KASLR: Walk srat tables to filter immovable memory
On 08/07/18 at 02:49pm, Chao Fan wrote:
> If 'CONFIG_MEMORY_HOTREMOVE' specified, walk the acpi srat memory
> tables, store the immovable memory regions, so that kaslr can get
> the information abouth where can be selected or not.
> If 'CONFIG_MEMORY_HOTREMOVE' not specified, go on the old code.
>
> Signed-off-by: Chao Fan
> ---
> arch/x86/boot/compressed/kaslr.c | 59
> 1 file changed, 59 insertions(+)
>
> diff --git a/arch/x86/boot/compressed/kaslr.c
> b/arch/x86/boot/compressed/kaslr.c
> index 302517929932..720878f967a3 100644
> --- a/arch/x86/boot/compressed/kaslr.c
> +++ b/arch/x86/boot/compressed/kaslr.c
> @@ -31,6 +31,7 @@
>
> #include "misc.h"
> #include "error.h"
> +#include "acpitb.h"
> #include "../string.h"
>
> #include
> @@ -104,6 +105,14 @@ static bool memmap_too_large;
> /* Store memory limit specified by "mem=nn[KMG]" or "memmap=nn[KMG]" */
> static unsigned long long mem_limit = ULLONG_MAX;
>
> +#ifdef CONFIG_MEMORY_HOTREMOVE
> +/* Store the immovable memory regions */
> +static struct mem_vector immovable_mem[MAX_NUMNODES*2];
> +
> +/* Store the amount of immovable memory regions */
> +static int num_immovable_mem;
> +#endif
> +
>
> enum mem_avoid_index {
> MEM_AVOID_ZO_RANGE = 0,
> @@ -298,6 +307,51 @@ static int handle_mem_options(void)
> return 0;
> }
>
> +#ifdef CONFIG_MEMORY_HOTREMOVE
> +/*
> + * According to ACPI table, filter the immvoable memory regions
> + * and store them in immovable_mem[].
> + */
> +static void handle_immovable_mem(void)
> +{
> + char *args = (char *)get_cmd_line_ptr();
> + struct acpi_table_header *table_header;
> + struct acpi_subtable_header *table;
> + struct acpi_srat_mem_affinity *ma;
> + unsigned long table_end;
> + int i = 0;
> +
> + if (!strstr(args, "movable_node"))
If 'acpi=off' specified, better return too here.
> + return;
> +
> + table_header = get_acpi_srat_table();
> + if (!table_header)
> + return;
> +
> + table_end = (unsigned long)table_header + table_header->length;
> +
> + table = (struct acpi_subtable_header *)
> + ((unsigned long)table_header + sizeof(struct acpi_table_srat));
> +
> + while (((unsigned long)table) + table->length < table_end) {
> + if (table->type == 1) {
> + ma = (struct acpi_srat_mem_affinity *)table;
> + if (!(ma->flags & ACPI_SRAT_MEM_HOT_PLUGGABLE)) {
> + immovable_mem[i].start = ma->base_address;
> + immovable_mem[i].size = ma->length;
> + i++;
> + }
> +
> + if (i >= MAX_NUMNODES*2)
> + break;
> + }
> + table = (struct acpi_subtable_header *)
> + ((unsigned long)table + table->length);
> + }
> + num_immovable_mem = i;
> +}
> +#endif
> +
> /*
> * In theory, KASLR can put the kernel anywhere in the range of [16M, 64T).
> * The mem_avoid array is used to store the ranges that need to be avoided
> @@ -421,6 +475,11 @@ static void mem_avoid_init(unsigned long input, unsigned
> long input_size,
> /* Mark the memmap regions we need to avoid */
> handle_mem_options();
>
> +#ifdef CONFIG_MEMORY_HOTREMOVE
> + /* Mark the immovable regions we need to choose */
> + handle_immovable_mem();
> +#endif
> +
> #ifdef CONFIG_X86_VERBOSE_BOOTUP
> /* Make sure video RAM can be used. */
> add_identity_map(0, PMD_SIZE);
> --
> 2.17.1
>
>
>
Re: [PATCH v2 1/5] KVM: s390: vsie: BUG correction by shadow_crycb
On Wed, 22 Aug 2018 18:53:02 +0200 David Hildenbrand wrote: > On 22.08.2018 18:51, Pierre Morel wrote: > > Copy the key mask to the right offset inside the shadow CRYCB > > > > Signed-off-by: Pierre Morel > > Reviewed-by: David Hildenbrand > > --- > > arch/s390/kvm/vsie.c | 3 ++- > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > diff --git a/arch/s390/kvm/vsie.c b/arch/s390/kvm/vsie.c > > index 9175518..12b9707 100644 > > --- a/arch/s390/kvm/vsie.c > > +++ b/arch/s390/kvm/vsie.c > > @@ -173,7 +173,8 @@ static int shadow_crycb(struct kvm_vcpu *vcpu, struct > > vsie_page *vsie_page) > > return set_validity_icpt(scb_s, 0x0039U); > > > > /* copy only the wrapping keys */ > > - if (read_guest_real(vcpu, crycb_addr + 72, &vsie_page->crycb, 56)) > > + if (read_guest_real(vcpu, crycb_addr + 72, > > + vsie_page->crycb.dea_wrapping_key_mask, 56)) > > return set_validity_icpt(scb_s, 0x0035U); > > > > scb_s->ecb3 |= ecb3_flags; > > > > Please fixup the subject as requested. +1 > (were there more RB-s?) > Yep, mine. FTR: Reviewed-by: Cornelia Huck
[PATCH] mtd: cast to u64 to avoid unexpected error
From: "huijin.park" the params->size is defined as "u64" and, "info->sector_size" and "info->n_sectors" is defined as unsgined and u16 thus, u64 data might have strange data(loss data) if data is overflow. this patch cast it to u64. Signed-off-by: huijin.park --- drivers/mtd/spi-nor/spi-nor.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mtd/spi-nor/spi-nor.c b/drivers/mtd/spi-nor/spi-nor.c index d9c368c..527f281 100644 --- a/drivers/mtd/spi-nor/spi-nor.c +++ b/drivers/mtd/spi-nor/spi-nor.c @@ -2459,7 +2459,7 @@ static int spi_nor_init_params(struct spi_nor *nor, memset(params, 0, sizeof(*params)); /* Set SPI NOR sizes. */ - params->size = info->sector_size * info->n_sectors; + params->size = (u64)info->sector_size * (u64)info->n_sectors; params->page_size = info->page_size; /* (Fast) Read settings. */ -- 1.7.9.5
Re: [PATCH v3 1/2] mm: migration: fix migration of huge PMD shared pages
On Wed 22-08-18 09:48:16, Mike Kravetz wrote:
> On 08/22/2018 05:28 AM, Michal Hocko wrote:
> > On Tue 21-08-18 18:10:42, Mike Kravetz wrote:
> > [...]
> >> diff --git a/mm/rmap.c b/mm/rmap.c
> >> index eb477809a5c0..8cf853a4b093 100644
> >> --- a/mm/rmap.c
> >> +++ b/mm/rmap.c
> >> @@ -1362,11 +1362,21 @@ static bool try_to_unmap_one(struct page *page,
> >> struct vm_area_struct *vma,
> >>}
> >>
> >>/*
> >> - * We have to assume the worse case ie pmd for invalidation. Note that
> >> - * the page can not be free in this function as call of try_to_unmap()
> >> - * must hold a reference on the page.
> >> + * For THP, we have to assume the worse case ie pmd for invalidation.
> >> + * For hugetlb, it could be much worse if we need to do pud
> >> + * invalidation in the case of pmd sharing.
> >> + *
> >> + * Note that the page can not be free in this function as call of
> >> + * try_to_unmap() must hold a reference on the page.
> >> */
> >>end = min(vma->vm_end, start + (PAGE_SIZE << compound_order(page)));
> >> + if (PageHuge(page)) {
> >> + /*
> >> + * If sharing is possible, start and end will be adjusted
> >> + * accordingly.
> >> + */
> >> + (void)huge_pmd_sharing_possible(vma, &start, &end);
> >> + }
> >>mmu_notifier_invalidate_range_start(vma->vm_mm, start, end);
> >
> > I do not get this part. Why don't we simply unconditionally invalidate
> > the whole huge page range?
>
> In this routine, we are only unmapping a single page. The existing code
> is limiting the invalidate range to that page size: 4K or 2M. With shared
> PMDs, we have the possibility of unmapping a PUD_SIZE area: 1G. I don't
> think we want to unconditionally invalidate 1G. Is that what you are asking?
But we know that huge_pmd_unshare unmapped a shared pte so we know when
to flush 2MB or 1GB. I really do not like how huge_pmd_sharing_possible
a) duplicates some checks and b) it updates start/stop out of line.
> I do not know how often PMD sharing is exercised. It certainly is used by
> DBs for large shared areas. I suspect it is less frequent than hugtlb pages
> in general, and certainly less frequent than THP or base pages.
>
> >>
> >>while (page_vma_mapped_walk(&pvmw)) {
> >> @@ -1409,6 +1419,32 @@ static bool try_to_unmap_one(struct page *page,
> >> struct vm_area_struct *vma,
> >>subpage = page - page_to_pfn(page) + pte_pfn(*pvmw.pte);
> >>address = pvmw.address;
> >>
> >> + if (PageHuge(page)) {
> >> + if (huge_pmd_unshare(mm, &address, pvmw.pte)) {
> >
> > huge_pmd_unshare is documented to require a pte lock. Where do we take
> > it?
>
> It is somewhat hidden, but we are in the loop:
>
> while (page_vma_mapped_walk(&pvmw)) {
>
> The routine page_vma_mapped_walk will acquire the lock, and it correctly
> checks for huge pages and uses huge_pte_lockptr().
>
> page_vma_mapped_walk_done() will release the lock.
OK, I can see it now. Thanks for the clarification. page_vma_mapped_walk
is quite hard to follow.
--
Michal Hocko
SUSE Labs
Re: [PATCH v2 5/5] KVM: s390: vsie: Do the CRYCB validation first
On 23.08.2018 09:17, Pierre Morel wrote: > On 22/08/2018 19:15, David Hildenbrand wrote: >> On 22.08.2018 18:51, Pierre Morel wrote: >>> When entering the SIE the CRYCB validation better >>> be done independently of the instruction's >>> availability. >>> >>> Signed-off-by: Pierre Morel >>> --- >>> arch/s390/kvm/vsie.c | 11 ++- >>> 1 file changed, 6 insertions(+), 5 deletions(-) >>> >>> diff --git a/arch/s390/kvm/vsie.c b/arch/s390/kvm/vsie.c >>> index 7ee4329..fca25aa 100644 >>> --- a/arch/s390/kvm/vsie.c >>> +++ b/arch/s390/kvm/vsie.c >>> @@ -164,17 +164,18 @@ static int shadow_crycb(struct kvm_vcpu *vcpu, struct >>> vsie_page *vsie_page) >>> /* format-1 is supported with message-security-assist extension 3 */ >>> if (!test_kvm_facility(vcpu->kvm, 76)) >>> return 0; >>> - /* we may only allow it if enabled for guest 2 */ >>> - ecb3_flags = scb_o->ecb3 & vcpu->arch.sie_block->ecb3 & >>> -(ECB3_AES | ECB3_DEA); >>> - if (!ecb3_flags) >>> - return 0; >>> >>> if ((crycb_addr & PAGE_MASK) != ((crycb_addr + 128) & PAGE_MASK)) >>> return set_validity_icpt(scb_s, 0x003CU); >>> if (!crycb_addr) >>> return set_validity_icpt(scb_s, 0x0039U); >>> >>> + /* we may only allow it if enabled for guest 2 */ >>> + ecb3_flags = scb_o->ecb3 & vcpu->arch.sie_block->ecb3 & >>> +(ECB3_AES | ECB3_DEA); >>> + if (!ecb3_flags) >>> + return 0; >>> + >>> /* copy only the wrapping keys */ >>> if (read_guest_real(vcpu, crycb_addr + 72, >>> vsie_page->crycb.dea_wrapping_key_mask, 56)) >>> >> >> That makes sense, especially if ECB3_AES is used but effectively turned >> off by us. >> >> What is the expected behavior if ECB3_AES | ECB3_DEA are not set by g2 >> for g3? >> > > The use of functions PCKMO-Encrypt-DEA/AES induce a specification error. > > However other MSA3 function will continue to be usable. No, I meant which checks should be performed here. > > Regards, > Pierre > -- Thanks, David / dhildenb
Re: [PATCH v5 3/4] x86/boot/KASLR: Walk srat tables to filter immovable memory
On Thu, Aug 23, 2018 at 03:25:35PM +0800, Baoquan He wrote:
[...]
>> +static void handle_immovable_mem(void)
>> +{
>> +char *args = (char *)get_cmd_line_ptr();
>> +struct acpi_table_header *table_header;
>> +struct acpi_subtable_header *table;
>> +struct acpi_srat_mem_affinity *ma;
>> +unsigned long table_end;
>> +int i = 0;
>> +
>> +if (!strstr(args, "movable_node"))
>
>If 'acpi=off' specified, better return too here.
Thanks, you are right.
Yes, I will think about it and add it to a suitable place.
May the position where we try to get the acpi table is better.
Or just here is also OK.
Thanks,
Chao Fan
>
Re: [PATCH 9/9] power: supply: twl4030-charger: fix OF sibling-node lookup
On Wed, Aug 22, 2018 at 11:36:58PM +0200, Sebastian Reichel wrote:
> Hi,
>
> On Wed, Aug 22, 2018 at 12:55:47PM +0200, Johan Hovold wrote:
> > Use the new of_get_compatible_child() helper to lookup the usb sibling
> > node instead of using of_find_compatible_node(), which searches the
> > entire tree and thus can return an unrelated (non-sibling) node.
> >
> > This also addresses a potential use-after-free (e.g. after probe
> > deferral) as the tree-wide helper drops a reference to its first
> > argument (i.e. the parent device node).
> >
> > While at it, also fix the related phy-node reference leak.
> >
> > Fixes: f5e4edb8c888 ("power: twl4030_charger: find associated phy by more
> > reliable means.")
> > Cc: stable # 4.2
> > Cc: NeilBrown
> > Cc: Felipe Balbi
> > Cc: Sebastian Reichel
> > Signed-off-by: Johan Hovold
> > ---
>
> Reviewed-by: Sebastian Reichel
Thanks for reviewing.
Johan
Re: [PATCH 1/9] of: add helper to lookup compatible child node
On Thu, Aug 23, 2018 at 11:17:26AM +0800, kbuild test robot wrote: > Hi Johan, > > I love your patch! Yet something to improve: > > [auto build test ERROR on robh/for-next] > [also build test ERROR on v4.18 next-20180822] > [if your patch is applied to the wrong git tree, please drop us a note to > help improve the system] > > url: > https://github.com/0day-ci/linux/commits/Johan-Hovold/of-fix-compatible-child-node-lookups/20180823-074211 > base: https://git.kernel.org/pub/scm/linux/kernel/git/robh/linux.git > for-next > config: mips-decstation_defconfig (attached as .config) > compiler: mipsel-linux-gnu-gcc (Debian 7.2.0-11) 7.2.0 > reproduce: > wget > https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O > ~/bin/make.cross > chmod +x ~/bin/make.cross > # save the attached .config to linux build tree > GCC_VERSION=7.2.0 make.cross ARCH=mips > > All errors (new ones prefixed by >>): > >In file included from include/linux/irqdomain.h:35:0, > from arch/mips/include/asm/irq.h:14, > from include/linux/irq.h:23, > from include/asm-generic/hardirq.h:13, > from arch/mips/include/asm/hardirq.h:16, > from include/linux/hardirq.h:9, > from include/linux/interrupt.h:11, > from arch/mips/dec/ecc-berr.c:16: > >> include/linux/of.h:637:28: error: 'of_get_compatible_child' defined but > >> not used [-Werror=unused-function] > static struct device_node *of_get_compatible_child(const struct > device_node *parent, >^~~ >cc1: all warnings being treated as errors Bah, I forgot the inline keyword. I'll fix this in a v2, and I can amend the commit message and mention the start node while at it. Johan
Re: [PATCH v9 21/22] KVM: s390: CPU model support for AP virtualization
On 22.08.2018 23:05, Tony Krowiak wrote: > On 08/22/2018 12:57 PM, David Hildenbrand wrote: > In this case we will have no problem with older guests not having idea > about APXA. > > Would it be a solution? Any feature the guest sees, should be part of the CPU model. The whole environment for cpu subfunctions is already in place both in KVM and QEMU. Only disabling subfunctions in KVM is not implemented yet. You can exclude any subfunctions/facilities that are only valid on LPAR level and cannot be used in some guest either way. (that makes life sometimes easier) I know that this might sound a little bit complicated, but it really isn't. Boils down to modifying kvm_s390_cpu_feat_init() and specifying some features+feature groups in QEMU. >>> OK, we definitively need another patch/patch-set, to handle this. >>> Do you think it can be done in another series since if we always support >>> APXA when we have AP instructions, we already have an indication that >>> APXA exist: the AP facility. >>> >> Please implement the subfunction stuff right away. This will allow to >> handle all future facilities transparently from a kernel POV. > > I find your use of the term 'subfunction' confusing here. In the > kvm_s390_cpu_feat_init(void) function, it looks like the > kvm_s390_available_subfunc structure is filled in with bits > returned from CPACF queries of various MSA facilities to indicate > which CPACF functions are supported. APXA is not a subfunction but > a facility that is indicated by a bit returned from the PQAP(QCI) > instruction. If we are to implement this, wouldn't it be done as > a CPU model feature as opposed to a subfunction? Am I > misunderstanding what you are asking for? Yes, "subfunction" is a confusing terminology. (I once called it subfeature/sufacility, but ended up using subfunction). >From a high level perspective, these are just feature bits - "can I use feature X" / "is feature X available". What all of these "query" blocks (MSA, PLO, PQAP(QCI) ...) have in common is: - in contrast to STFL(E), they are as a default not modified by the hypervisor but silently passed through - dropping one of the bits (e.g. APXA) can break the guest - guest visible ABI - any newly added feature/facility in such a block (new HW generation) should be transparently handled by HW and not require modifications in the hypervisor - because they are right away presented to the guest. (unfortunately with minor exceptions - e.g. APXA might be such a candidate, but that was rather a design error back then) - there is a way we can overwrite which features are presented to the guest The nice thing about that "blob" exported to user space (in contrast to features) is that it does not have to be fixed up in KVM every time a new feature/facility is added. As they should be transparently handled. Only QEMU has to be thought about the new feature - which can be done right away when introducing the new CPU model. That's why the natural choice for PQAP(QCI) is also exposing it as subfunctions, and not as CPU model features (kvm interface). -- Thanks, David / dhildenb
Re: [PATCH v2 2/5] KVM: s390: vsie: Only accept FORMAT1 CRYCB for guest2
On 22/08/2018 18:55, David Hildenbrand wrote: On 22.08.2018 18:51, Pierre Morel wrote: As the comment above the function suggested the shadowing of the guest2 CRYCB can only accept a format 1 since AP instructions are not supported in the guest. Let's modify the check which allowed to accept a format 2 too. As the bit is ignored without AP/APXA, it is perfectly valid to accept a format 2, we just have to interpret it as format 1 (which is what we do) What am I missing? Nothing. I was still having AP interpretation in mind. Signed-off-by: Pierre Morel --- arch/s390/kvm/vsie.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/s390/kvm/vsie.c b/arch/s390/kvm/vsie.c index 12b9707..56a9d47 100644 --- a/arch/s390/kvm/vsie.c +++ b/arch/s390/kvm/vsie.c @@ -156,7 +156,9 @@ static int shadow_crycb(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page) u8 ecb3_flags; scb_s->crycbd = 0; - if (!(crycbd_o & vcpu->arch.sie_block->crycbd & CRYCB_FORMAT1)) + if (!(crycbd_o == CRYCB_FORMAT1)) + return 0; huh, this looks very broken. The address is still in there. completely broken you are right anyway this broken useless patch disappear. Thanks, regards, Pierre -- Pierre Morel Linux/KVM/QEMU in Böblingen - Germany
Re: [PATCH 00/17] staging:rtl8192u: Coding Style changes
Looks good. Thanks! regards, dan carpenter
Re: [PATCH v9 21/22] KVM: s390: CPU model support for AP virtualization
On 22.08.2018 22:16, Tony Krowiak wrote:
> On 08/22/2018 07:24 AM, David Hildenbrand wrote:
>> On 22.08.2018 13:19, David Hildenbrand wrote:
>>> On 13.08.2018 23:48, Tony Krowiak wrote:
From: Tony Krowiak
Introduces a new CPU model feature and two CPU model
facilities to support AP virtualization for KVM guests.
CPU model feature:
The KVM_S390_VM_CPU_FEAT_AP feature indicates that
AP instructions are available on the guest. This
feature will be enabled by the kernel only if the AP
instructions are installed on the linux host. This feature
must be specifically turned on for the KVM guest from
userspace to use the VFIO AP device driver for guest
access to AP devices.
CPU model facilities:
1. AP Query Configuration Information (QCI) facility is installed.
This is indicated by setting facilities bit 12 for
the guest. The kernel will not enable this facility
for the guest if it is not set on the host.
If this facility is not set for the KVM guest, then only
APQNs with an APQI less than 16 will be used by a Linux
guest regardless of the matrix configuration for the virtual
machine. This is a limitation of the Linux AP bus.
2. AP Facilities Test facility (APFT) is installed.
This is indicated by setting facilities bit 15 for
the guest. The kernel will not enable this facility for
the guest if it is not set on the host.
If this facility is not set for the KVM guest, then no
AP devices will be available to the guest regardless of
the guest's matrix configuration for the virtual
machine. This is a limitation of the Linux AP bus.
Signed-off-by: Tony Krowiak
Reviewed-by: Christian Borntraeger
Reviewed-by: Halil Pasic
Tested-by: Michael Mueller
Tested-by: Farhan Ali
Signed-off-by: Christian Borntraeger
---
arch/s390/kvm/kvm-s390.c |5 +
arch/s390/tools/gen_facilities.c |2 ++
2 files changed, 7 insertions(+), 0 deletions(-)
diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
index 1e8cb67..d5e04d2 100644
--- a/arch/s390/kvm/kvm-s390.c
+++ b/arch/s390/kvm/kvm-s390.c
@@ -367,6 +367,11 @@ static void kvm_s390_cpu_feat_init(void)
if (MACHINE_HAS_ESOP)
allow_cpu_feat(KVM_S390_VM_CPU_FEAT_ESOP);
+
+ /* Check if AP instructions installed on host */
+ if (ap_instructions_available())
+ allow_cpu_feat(KVM_S390_VM_CPU_FEAT_AP);
+
/*
* We need SIE support, ESOP (PROT_READ protection for gmap_shadow),
* 64bit SCAO (SCA passthrough) and IDTE (for gmap_shadow unshadowing).
diff --git a/arch/s390/tools/gen_facilities.c
b/arch/s390/tools/gen_facilities.c
index 90a8c9e..a52290b 100644
--- a/arch/s390/tools/gen_facilities.c
+++ b/arch/s390/tools/gen_facilities.c
@@ -106,6 +106,8 @@ struct facility_def {
.name = "FACILITIES_KVM_CPUMODEL",
.bits = (int[]){
+ 12, /* AP Query Configuration Information */
+ 15, /* AP Facilities Test */
-1 /* END */
}
},
>>> I really wonder if we should also export the APXA facility.
>>>
>>> We can probe and allow that CPU feature. However, we cannot disable it
>>> (as of now).
>>>
>>> We have other CPU features where it is the same case (basically all
>>> subfunctions). See kvm_s390_get_processor_subfunc(). We probe them and
>>> export them, but support to disable them has never been implemented.
>>>
>>> On a high level, we could then e.g. deny to start a QEMU guest if APXA
>>> is available but has been disabled. (until we know that disabling it
>>> actually works - if ever).
>>>
>>> This helps to catch nasty migration bugs (e.g. APXA suddenly
>>> disappearing). Although unlikely, definitely possible.
>>>
>>>
>>> Are there any other AP related facilities that the guest can from now on
>>> probe that should also become part of the CPU model?
>>>
>> To be more precise, shouldn't PQAP(QCI) be handled just like other
>> subfunctions? (I remember it should)
>
> When you suggest PQAP(QCI) be handled like other subfunctions, are you
> suggesting that there should be a field in struct kvm_s390_vm_cpu_subfunc
> with a bit indicating the QCI subfunction is available? The availability
> of the QCI subfunction of the PQAP instruction is determined by facilities
> bit 12. Is it not enough to export facilities bit 12?
The feature block (128 bit) from PQAP(QCI) should be passed through a
subfunction block to QEMU.
So it is about passing e.g. APXA availability, not QCI itself. (as you
correctly said, that is stfl 12)
--
Thanks,
David / dhildenb
Re: [PATCH v9 21/22] KVM: s390: CPU model support for AP virtualization
>>> >> I really wonder if we should also export the APXA facility. > > Given this comment is made within the context of the > FACILITIES_KVM_CPUMODEL I might point out that APXA is not > indicated by a facilities bit. It is indicated by a bit in > the QCI control block returned from the PQAP(QCI) > instruction to indicate that APXA is installed on all CPUs. > >> We can probe and allow that CPU feature. However, we cannot disable it >> (as of now). > > Given this patch series implements passthrough devices, > the output of the PQAP(QCI) will always be from a real > device - i.e., there will be no way to disable it. > see below >> >> We have other CPU features where it is the same case (basically all >> subfunctions). See kvm_s390_get_processor_subfunc(). We probe them and >> export them, but support to disable them has never been implemented. >> >> On a high level, we could then e.g. deny to start a QEMU guest if APXA >> is available but has been disabled. (until we know that disabling it >> actually works - if ever). >> >> This helps to catch nasty migration bugs (e.g. APXA suddenly >> disappearing). Although unlikely, definitely possible. > > Migration of AP devices is not supported by this patch series, so this > should > not be an issue. Might not be a problem now, but could be later. As I said in a different reply, the CPU model in QEMU does not care about KVM. I want the QEMU CPU model and the KVM interfaces to be clean and future proof. That's why my opinion is to handle PQAP(QCI) just like all the other "feature blocks" we already have. -- Thanks, David / dhildenb
Re: [PATCH] cpufreq: ti-cpufreq: Only register platform_device when supported
On Wed, Aug 22, 2018 at 09:44:32PM -0500, Dave Gerlach wrote:
> Currently the ti-cpufreq driver blindly registers a 'ti-cpufreq' to force
> the driver to probe on any platforms where the driver is built in.
> However, this should only happen on platforms that actually can make use
> of the driver. There is already functionality in place to match the
> SoC compatible so let's factor this out into a separate call and
> make sure we find a match before creating the ti-cpufreq driver device.
>
> Signed-off-by: Dave Gerlach
> ---
> drivers/cpufreq/ti-cpufreq.c | 25 -
> 1 file changed, 20 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/cpufreq/ti-cpufreq.c b/drivers/cpufreq/ti-cpufreq.c
> index 3f0e2a14895a..541fdcf17b57 100644
> --- a/drivers/cpufreq/ti-cpufreq.c
> +++ b/drivers/cpufreq/ti-cpufreq.c
> @@ -201,19 +201,31 @@ static const struct of_device_id ti_cpufreq_of_match[]
> = {
> {},
> };
>
> +static const struct of_device_id *ti_cpufreq_match_node(void)
> +{
> + struct device_node *np;
> + const struct of_device_id *match;
> +
> + np = of_find_node_by_path("/");
> + match = of_match_node(ti_cpufreq_of_match, np);
> + of_node_put(np);
> +
> + if (!match)
> + return NULL;
> + else
> + return match;
Shouldn't this just be "return match"?
> +}
> +
> static int ti_cpufreq_probe(struct platform_device *pdev)
> {
> u32 version[VERSION_COUNT];
> - struct device_node *np;
> const struct of_device_id *match;
> struct opp_table *ti_opp_table;
> struct ti_cpufreq_data *opp_data;
> const char * const reg_names[] = {"vdd", "vbb"};
> int ret;
>
> - np = of_find_node_by_path("/");
> - match = of_match_node(ti_cpufreq_of_match, np);
> - of_node_put(np);
> + match = ti_cpufreq_match_node();
> if (!match)
> return -ENODEV;
>
> @@ -290,7 +302,10 @@ static int ti_cpufreq_probe(struct platform_device *pdev)
>
> static int ti_cpufreq_init(void)
> {
> - platform_device_register_simple("ti-cpufreq", -1, NULL, 0);
> + /* Check to ensure we are on a compatible platform */
> + if (ti_cpufreq_match_node())
> + platform_device_register_simple("ti-cpufreq", -1, NULL, 0);
> +
> return 0;
> }
> module_init(ti_cpufreq_init);
With that fixed, feel free to add:
Reviewed-by: Johan Hovold
Johan
Re: [PATCH v2 3/5] KVM: s390: vsie: Allow support for a host without AP
On 23/08/2018 09:15, David Hildenbrand wrote:
On 23.08.2018 08:44, Pierre Morel wrote:
On 22/08/2018 19:06, David Hildenbrand wrote:
On 22.08.2018 18:51, Pierre Morel wrote:
Currently the CRYCB format used in the host for the
shadowed CRYCB is FORMAT2 while no check is done if
AP instructions are supported in the host.
We better use the format the host calculated for the
guest 1 as the host already tested it against its
facility set.
Signed-off-by: Pierre Morel
---
arch/s390/kvm/vsie.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/arch/s390/kvm/vsie.c b/arch/s390/kvm/vsie.c
index 56a9d47..0b12916 100644
--- a/arch/s390/kvm/vsie.c
+++ b/arch/s390/kvm/vsie.c
@@ -154,6 +154,7 @@ static int shadow_crycb(struct kvm_vcpu *vcpu, struct
vsie_page *vsie_page)
const u32 crycb_addr = crycbd_o & 0x7ff8U;
unsigned long *b1, *b2;
u8 ecb3_flags;
+ unsigned long g1_fmt;
scb_s->crycbd = 0;
if (!(crycbd_o == CRYCB_FORMAT1))
@@ -180,8 +181,8 @@ static int shadow_crycb(struct kvm_vcpu *vcpu, struct
vsie_page *vsie_page)
return set_validity_icpt(scb_s, 0x0035U);
scb_s->ecb3 |= ecb3_flags;
- scb_s->crycbd = ((__u32)(__u64) &vsie_page->crycb) | CRYCB_FORMAT1 |
- CRYCB_FORMAT2;
+ g1_fmt = vcpu->arch.sie_block->crycbd & 0x03;
+ scb_s->crycbd = ((__u32)(__u64) &vsie_page->crycb) | g1_fmt;
/* xor both blocks in one run */
b1 = (unsigned long *) vsie_page->crycb.dea_wrapping_key_mask;
This is wrong. I remember that with APXA, if FORMAT2 is available, we
should always use FORMAT2. That's why we explicitly convert it here.
You are right if FORMAT2 is available we should use FORMAT2
but the intention here is to use what KVM crypto init function did,
assuming it did the right thing.
Eventually we are running on a host without AP and we should use FORMAT1.
Isn't it correct?
Yes and no :)
No APXA -> FORMAT2 bit is ignored (and that is one of the reasons why I
am being so strict about simulating HW behavior correctly in nested code
:) )
This only holds as long as we are not using AP. Because from a MSA3
perspective, FORMAT1==FORMAT2 (apart from the length/alignment, which is
fine for us).
Once we support AP (via ECA.28), we'll properly have to create either a
Format0/Format1/Format2. Then, there is actually a semantically
difference ("different fields used").
OK
I would have expect something more explicit in the documentation
like for firmware versions older than xxx bit 30 is ignored
instead of if APXA is not installed.
Still must learn the IBM language! :)
regards,
Pierre
--
Pierre Morel
Linux/KVM/QEMU in Böblingen - Germany
[PATCH 4.4 08/79] ARM: dts: Cygnus: Fix I2C controller interrupt type
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Ray Jui
[ Upstream commit 71ca3409703b62b6a092d0d9d13f366c121bc5d3 ]
Fix I2C controller interrupt to use IRQ_TYPE_LEVEL_HIGH for Broadcom
Cygnus SoC.
Fixes: b51c05a331ff ("ARM: dts: add I2C device nodes for Broadcom Cygnus")
Signed-off-by: Ray Jui
Signed-off-by: Florian Fainelli
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
arch/arm/boot/dts/bcm-cygnus.dtsi |4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/arch/arm/boot/dts/bcm-cygnus.dtsi
+++ b/arch/arm/boot/dts/bcm-cygnus.dtsi
@@ -110,7 +110,7 @@
reg = <0x18008000 0x100>;
#address-cells = <1>;
#size-cells = <0>;
- interrupts = ;
+ interrupts = ;
clock-frequency = <10>;
status = "disabled";
};
@@ -138,7 +138,7 @@
reg = <0x1800b000 0x100>;
#address-cells = <1>;
#size-cells = <0>;
- interrupts = ;
+ interrupts = ;
clock-frequency = <10>;
status = "disabled";
};
[PATCH 4.4 25/79] ARM: dts: am437x: make edt-ft5x06 a wakeup source
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Daniel Mack
[ Upstream commit 49a6ec5b807ea4ad7ebe1f58080ebb8497cb2d2c ]
The touchscreen driver no longer configures the device as wakeup source by
default. A "wakeup-source" property is needed.
Signed-off-by: Daniel Mack
Signed-off-by: Tony Lindgren
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
arch/arm/boot/dts/am437x-sk-evm.dts |2 ++
1 file changed, 2 insertions(+)
--- a/arch/arm/boot/dts/am437x-sk-evm.dts
+++ b/arch/arm/boot/dts/am437x-sk-evm.dts
@@ -508,6 +508,8 @@
touchscreen-size-x = <480>;
touchscreen-size-y = <272>;
+
+ wakeup-source;
};
tlv320aic3106: tlv320aic3106@1b {
[PATCH 4.4 11/79] usb: gadget: dwc2: fix memory leak in gadget_init()
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Grigor Tovmasyan
[ Upstream commit 9bb073a053f0464ea74a4d4c331fdb7da58568d6 ]
Freed allocated request for ep0 to prevent memory leak in case when
dwc2_driver_probe() failed.
Cc: Stefan Wahren
Cc: Marek Szyprowski
Tested-by: Stefan Wahren
Tested-by: Marek Szyprowski
Acked-by: Minas Harutyunyan
Signed-off-by: Grigor Tovmasyan
Signed-off-by: Felipe Balbi
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
drivers/usb/dwc2/gadget.c |7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
--- a/drivers/usb/dwc2/gadget.c
+++ b/drivers/usb/dwc2/gadget.c
@@ -3657,9 +3657,11 @@ int dwc2_gadget_init(struct dwc2_hsotg *
}
ret = usb_add_gadget_udc(dev, &hsotg->gadget);
- if (ret)
+ if (ret) {
+ dwc2_hsotg_ep_free_request(&hsotg->eps_out[0]->ep,
+ hsotg->ctrl_req);
return ret;
-
+ }
dwc2_hsotg_dump(hsotg);
return 0;
@@ -3672,6 +3674,7 @@ int dwc2_gadget_init(struct dwc2_hsotg *
int dwc2_hsotg_remove(struct dwc2_hsotg *hsotg)
{
usb_del_gadget_udc(&hsotg->gadget);
+ dwc2_hsotg_ep_free_request(&hsotg->eps_out[0]->ep, hsotg->ctrl_req);
return 0;
}
[PATCH 4.4 26/79] usb: xhci: increase CRS timeout value
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Ajay Gupta
[ Upstream commit 305886ca87be480ae159908c2affd135c04215cf ]
Some controllers take almost 55ms to complete controller
restore state (CRS).
There is no timeout limit mentioned in xhci specification so
fixing the issue by increasing the timeout limit to 100ms
[reformat code comment -Mathias]
Signed-off-by: Ajay Gupta
Signed-off-by: Nagaraj Annaiah
Signed-off-by: Mathias Nyman
Signed-off-by: Greg Kroah-Hartman
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
drivers/usb/host/xhci.c |7 ++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- a/drivers/usb/host/xhci.c
+++ b/drivers/usb/host/xhci.c
@@ -1052,8 +1052,13 @@ int xhci_resume(struct xhci_hcd *xhci, b
command = readl(&xhci->op_regs->command);
command |= CMD_CRS;
writel(command, &xhci->op_regs->command);
+ /*
+* Some controllers take up to 55+ ms to complete the controller
+* restore so setting the timeout to 100ms. Xhci specification
+* doesn't mention any timeout value.
+*/
if (xhci_handshake(&xhci->op_regs->status,
- STS_RESTORE, 0, 10 * 1000)) {
+ STS_RESTORE, 0, 100 * 1000)) {
xhci_warn(xhci, "WARN: xHC restore state timeout\n");
spin_unlock_irq(&xhci->lock);
return -ETIMEDOUT;
[PATCH 4.4 22/79] Smack: Mark inode instant in smack_task_to_inode
4.4-stable review patch. If anyone has any objections, please let me know. -- From: Casey Schaufler [ Upstream commit 7b4e88434c4e7982fb053c49657e1c8bbb8692d9 ] Smack: Mark inode instant in smack_task_to_inode /proc clean-up in commit 1bbc55131e59bd099fdc568d3aa0b42634dbd188 resulted in smack_task_to_inode() being called before smack_d_instantiate. This resulted in the smk_inode value being ignored, even while present for files in /proc/self. Marking the inode as instant here fixes that. Signed-off-by: Casey Schaufler Signed-off-by: James Morris Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- security/smack/smack_lsm.c |1 + 1 file changed, 1 insertion(+) --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -2260,6 +2260,7 @@ static void smack_task_to_inode(struct t struct smack_known *skp = smk_of_task_struct(p); isp->smk_inode = skp; + isp->smk_flags |= SMK_INODE_INSTANT; } /*
[PATCH 4.4 05/79] selftests: user: return Kselftest Skip code for skipped tests
4.4-stable review patch. If anyone has any objections, please let me know. -- From: "Shuah Khan (Samsung OSG)" [ Upstream commit d7d5311d4aa9611fe1a5a851e6f75733237a668a ] When user test is skipped because of unmet dependencies and/or unsupported configuration, it exits with error which is treated as a fail by the Kselftest framework. This leads to false negative result even when the test could not be run. Change it to return kselftest skip code when a test gets skipped to clearly report that the test could not be run. Add an explicit check for module presence and return skip code if module isn't present. Kselftest framework SKIP code is 4 and the framework prints appropriate messages to indicate that the test is skipped. Signed-off-by: Shuah Khan (Samsung OSG) Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- tools/testing/selftests/user/test_user_copy.sh |7 +++ 1 file changed, 7 insertions(+) --- a/tools/testing/selftests/user/test_user_copy.sh +++ b/tools/testing/selftests/user/test_user_copy.sh @@ -1,6 +1,13 @@ #!/bin/sh # Runs copy_to/from_user infrastructure using test_user_copy kernel module +# Kselftest framework requirement - SKIP code is 4. +ksft_skip=4 + +if ! /sbin/modprobe -q -n test_user_copy; then + echo "user: module test_user_copy is not found [SKIP]" + exit $ksft_skip +fi if /sbin/modprobe -q test_user_copy; then /sbin/modprobe -q -r test_user_copy echo "user_copy: ok"
[PATCH 4.4 23/79] cxgb4: when disabling dcb set txq dcb priority to 0
4.4-stable review patch. If anyone has any objections, please let me know. -- From: Ganesh Goudar [ Upstream commit 5ce36338a30f9814fc4824f9fe6c20cd83d872c7 ] When we are disabling DCB, store "0" in txq->dcb_prio since that's used for future TX Work Request "OVLAN_IDX" values. Setting non zero priority upon disabling DCB would halt the traffic. Reported-by: AMG Zollner Robert CC: David Ahern Signed-off-by: Casey Leedom Signed-off-by: Ganesh Goudar Signed-off-by: David S. Miller Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c +++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c @@ -338,7 +338,7 @@ static void dcb_tx_queue_prio_enable(str "Can't %s DCB Priority on port %d, TX Queue %d: err=%d\n", enable ? "set" : "unset", pi->port_id, i, -err); else - txq->dcb_prio = value; + txq->dcb_prio = enable ? value : 0; } } #endif /* CONFIG_CHELSIO_T4_DCB */
[PATCH 4.4 24/79] brcmfmac: stop watchdog before detach and free everything
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Michael Trimarchi
[ Upstream commit 373c83a801f15b1e3d02d855fad89112bd4ccbe0 ]
Using built-in in kernel image without a firmware in filesystem
or in the kernel image can lead to a kernel NULL pointer deference.
Watchdog need to be stopped in brcmf_sdio_remove
The system is going down NOW!
[ 1348.110759] Unable to handle kernel NULL pointer dereference at virtual
address 02f8
Sent SIGTERM to all processes
[ 1348.121412] Mem abort info:
[ 1348.126962] ESR = 0x9604
[ 1348.130023] Exception class = DABT (current EL), IL = 32 bits
[ 1348.135948] SET = 0, FnV = 0
[ 1348.138997] EA = 0, S1PTW = 0
[ 1348.142154] Data abort info:
[ 1348.145045] ISV = 0, ISS = 0x0004
[ 1348.148884] CM = 0, WnR = 0
[ 1348.151861] user pgtable: 4k pages, 48-bit VAs, pgdp = (ptrval)
[ 1348.158475] [02f8] pgd=
[ 1348.163364] Internal error: Oops: 9604 [#1] PREEMPT SMP
[ 1348.168927] Modules linked in: ipv6
[ 1348.172421] CPU: 3 PID: 1421 Comm: brcmf_wdog/mmc0 Not tainted
4.17.0-rc5-next-20180517 #18
[ 1348.180757] Hardware name: Amarula A64-Relic (DT)
[ 1348.185455] pstate: 6005 (nZCv daif -PAN -UAO)
[ 1348.190251] pc : brcmf_sdiod_freezer_count+0x0/0x20
[ 1348.195124] lr : brcmf_sdio_watchdog_thread+0x64/0x290
[ 1348.200253] sp : 0b85be30
[ 1348.203561] x29: 0b85be30 x28:
[ 1348.208868] x27: 0b6cb918 x26: 80003b990638
[ 1348.214176] x25: 087b1a20 x24: 80003b94f800
[ 1348.219483] x23: 08e620c8 x22: 08f0b660
[ 1348.224790] x21: 08c6a858 x20: fe00
[ 1348.230097] x19: 80003b94f800 x18: 0001
[ 1348.235404] x17: ab2e8a74 x16: 080d7de8
[ 1348.240711] x15: x14: 0400
[ 1348.246018] x13: 0400 x12: 0001
[ 1348.251324] x11: 02c4 x10: 0a10
[ 1348.256631] x9 : 0b85bc40 x8 : 80003be11870
[ 1348.261937] x7 : 80003dfc7308 x6 : 00078ff08b55
[ 1348.267243] x5 : 0139e1058400 x4 :
[ 1348.272550] x3 : dead0100 x2 : 958f2788d6618100
[ 1348.277856] x1 : fe00 x0 :
Signed-off-by: Michael Trimarchi
Acked-by: Arend van Spriel
Tested-by: Andy Shevchenko
Signed-off-by: Kalle Valo
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
drivers/net/wireless/brcm80211/brcmfmac/sdio.c |7 +++
1 file changed, 7 insertions(+)
--- a/drivers/net/wireless/brcm80211/brcmfmac/sdio.c
+++ b/drivers/net/wireless/brcm80211/brcmfmac/sdio.c
@@ -4291,6 +4291,13 @@ void brcmf_sdio_remove(struct brcmf_sdio
brcmf_dbg(TRACE, "Enter\n");
if (bus) {
+ /* Stop watchdog task */
+ if (bus->watchdog_tsk) {
+ send_sig(SIGTERM, bus->watchdog_tsk, 1);
+ kthread_stop(bus->watchdog_tsk);
+ bus->watchdog_tsk = NULL;
+ }
+
/* De-register interrupt handler */
brcmf_sdiod_intr_unregister(bus->sdiodev);
[PATCH 4.4 07/79] selftests: sync: add config fragment for testing sync framework
4.4-stable review patch. If anyone has any objections, please let me know. -- From: Fathi Boudra [ Upstream commit d6a3e55131fcb1e5ca1753f4b6f297a177b2fc91 ] Unless the software synchronization objects (CONFIG_SW_SYNC) is enabled, the sync test will be skipped: TAP version 13 1..0 # Skipped: Sync framework not supported by kernel Add a config fragment file to be able to run "make kselftest-merge" to enable relevant configuration required in order to run the sync test. Signed-off-by: Fathi Boudra Link: https://lkml.org/lkml/2017/5/5/14 Signed-off-by: Anders Roxell Signed-off-by: Shuah Khan (Samsung OSG) Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- tools/testing/selftests/sync/config |4 1 file changed, 4 insertions(+) create mode 100644 tools/testing/selftests/sync/config --- /dev/null +++ b/tools/testing/selftests/sync/config @@ -0,0 +1,4 @@ +CONFIG_STAGING=y +CONFIG_ANDROID=y +CONFIG_SYNC=y +CONFIG_SW_SYNC=y
[PATCH 4.4 13/79] arm64: make secondary_start_kernel() notrace
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Zhizhou Zhang
[ Upstream commit b154886f7892499d0d3054026e19dfb9a731df61 ]
We can't call function trace hook before setup percpu offset.
When entering secondary_start_kernel(), percpu offset has not
been initialized. So this lead hotplug malfunction.
Here is the flow to reproduce this bug:
echo 0 > /sys/devices/system/cpu/cpu1/online
echo function > /sys/kernel/debug/tracing/current_tracer
echo 1 > /sys/kernel/debug/tracing/tracing_on
echo 1 > /sys/devices/system/cpu/cpu1/online
Acked-by: Mark Rutland
Tested-by: Suzuki K Poulose
Signed-off-by: Zhizhou Zhang
Signed-off-by: Catalin Marinas
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
arch/arm64/kernel/smp.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm64/kernel/smp.c
+++ b/arch/arm64/kernel/smp.c
@@ -131,7 +131,7 @@ static void smp_store_cpu_info(unsigned
* This is the secondary CPU boot entry. We're using this CPUs
* idle thread stack, but a set of temporary page tables.
*/
-asmlinkage void secondary_start_kernel(void)
+asmlinkage notrace void secondary_start_kernel(void)
{
struct mm_struct *mm = &init_mm;
unsigned int cpu = smp_processor_id();
[PATCH 4.4 03/79] selftests: pstore: return Kselftest Skip code for skipped tests
4.4-stable review patch. If anyone has any objections, please let me know. -- From: "Shuah Khan (Samsung OSG)" [ Upstream commit 856e7c4b619af622d56b3b454f7bec32a170ac99 ] When pstore_post_reboot test gets skipped because of unmet dependencies and/or unsupported configuration, it returns 0 which is treated as a pass by the Kselftest framework. This leads to false positive result even when the test could not be run. Change it to return kselftest skip code when a test gets skipped to clearly report that the test could not be run. Kselftest framework SKIP code is 4 and the framework prints appropriate messages to indicate that the test is skipped. Signed-off-by: Shuah Khan (Samsung OSG) Reviewed-by: Kees Cook Signed-off-by: Shuah Khan (Samsung OSG) Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- tools/testing/selftests/pstore/pstore_post_reboot_tests |5 - 1 file changed, 4 insertions(+), 1 deletion(-) --- a/tools/testing/selftests/pstore/pstore_post_reboot_tests +++ b/tools/testing/selftests/pstore/pstore_post_reboot_tests @@ -7,13 +7,16 @@ # # Released under the terms of the GPL v2. +# Kselftest framework requirement - SKIP code is 4. +ksft_skip=4 + . ./common_tests if [ -e $REBOOT_FLAG ]; then rm $REBOOT_FLAG else prlog "pstore_crash_test has not been executed yet. we skip further tests." -exit 0 +exit $ksft_skip fi prlog -n "Mounting pstore filesystem ... "
[PATCH 4.4 00/79] 4.4.152-stable review
This is the start of the stable review cycle for the 4.4.152 release. There are 79 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Aug 25 07:48:51 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.152-rc1.gz or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h - Pseudo-Shortlog of commits: Greg Kroah-Hartman Linux 4.4.152-rc1 Jann Horn reiserfs: fix broken xattr handling (heap corruption, bad retval) Esben Haabendal i2c: imx: Fix race condition in dma read Lukas Wunner PCI: pciehp: Fix use-after-free on unplug Myron Stowe PCI: Skip MPS logic for Virtual Functions (VFs) Lukas Wunner PCI: hotplug: Don't leak pci_slot on registration failure John David Anglin parisc: Remove unnecessary barriers from spinlock.h Elad Raz bridge: Propagate vlan add failure to user Willem de Bruijn packet: refine ring v3 block size test to hold one frame Florian Westphal netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state Eric Dumazet xfrm_user: prevent leaking 2 bytes of kernel memory John David Anglin parisc: Remove ordered stores from syscall.S Jeremy Cline ext4: fix spectre gadget in ext4_mb_regular_allocator() Paolo Bonzini KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer Daniel Rosenberg staging: android: ion: check for kref overflow Randy Dunlap tcp: identify cryptic messages as TCP seq # bugs Stefan Wahren net: qca_spi: Fix log level if probe fails Stefan Wahren net: qca_spi: Make sure the QCA7000 reset is triggered Stefan Wahren net: qca_spi: Avoid packet drop during initial sync David Lechner net: usb: rtl8150: demote allmulti message to dev_dbg() Randy Dunlap net/ethernet/freescale/fman: fix cross-build error Dan Carpenter drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() Yuchung Cheng tcp: remove DELAYED ACK events in DCTCP Dan Carpenter qlogic: check kstrtoul() for errors Willem de Bruijn packet: reset network header if packet shorter than ll reserved space Alexander Duyck ixgbe: Be more careful when modifying MAC filters Adam Ford ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller Steven Rostedt (VMware) ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot Kim Phillips perf llvm-utils: Remove bashism from kernel include fetch script Vikas Gupta bnxt_en: Fix for system hang if request_irq fails Russell King drm/armada: fix colorkey mode property Stefan Schmidt ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem Stefan Schmidt ieee802154: at86rf230: use __func__ macro for debug messages Stefan Schmidt ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem Daniel Mack ARM: pxa: irq: fix handling of ICMR registers in suspend/resume Florian Westphal netfilter: x_tables: set module owner for icmp(6) matches Yuiko Oshino smsc75xx: Add workaround for gigabit link up hardware errata. Zhen Lei kasan: fix shadow_size calculation error in kasan_module_alloc Mathieu Malaterre tracing: Use __printf markup to silence compiler Fabio Estevam ARM: imx_v4_v5_defconfig: Select ULPI support Fabio Estevam ARM: imx_v6_v7_defconfig: Select ULPI support Jason Gerecke HID: wacom: Correct touch maximum XY of 2nd-gen Intuos Greg Ungerer m68k: fix "bad page state" oops on ColdFire boot Sudarsana Reddy Kalluru bnx2x: Fix receiving tx-timeout in error or recovery state. Marek Szyprowski drm/exynos: decon5433: Fix WINCONx reset value Marek Szyprowski drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes Marek Szyprowski drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes BingJing Chang md/raid10: fix that replacement cannot complete recovery after reassemble Dan Carpenter dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() Keerthy ARM: dts: da850: Fix interrups property for gpio Andy Lutomirski selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs Jiri Olsa perf tests: Add event parsing error handling to parse events test Sandipan Das perf report powerpc: Fix crash if callchain is empty Thomas Richter perf test session topology: Fix test on s390 Ajay Gupta usb: xhci: increase CRS timeout value Daniel Mack ARM: dts: am437x: make edt-ft5x06 a wakeup source Michael Trimarchi brcmfmac: stop watchdog before detach and free everything Ganes
[PATCH 4.4 06/79] selftests: zram: return Kselftest Skip code for skipped tests
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: "Shuah Khan (Samsung OSG)"
[ Upstream commit 685814466bf8398192cf855415a0bb2cefc1930e ]
When zram test is skipped because of unmet dependencies and/or
unsupported configuration, it exits with error which is treated as
a fail by the Kselftest framework. This leads to false negative result
even when the test could not be run.
Change it to return kselftest skip code when a test gets skipped to
clearly report that the test could not be run.
Kselftest framework SKIP code is 4 and the framework prints appropriate
messages to indicate that the test is skipped.
Signed-off-by: Shuah Khan (Samsung OSG)
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
tools/testing/selftests/zram/zram.sh |5 -
tools/testing/selftests/zram/zram_lib.sh |5 -
2 files changed, 8 insertions(+), 2 deletions(-)
--- a/tools/testing/selftests/zram/zram.sh
+++ b/tools/testing/selftests/zram/zram.sh
@@ -1,6 +1,9 @@
#!/bin/bash
TCID="zram.sh"
+# Kselftest framework requirement - SKIP code is 4.
+ksft_skip=4
+
. ./zram_lib.sh
run_zram () {
@@ -23,5 +26,5 @@ elif [ -b /dev/zram0 ]; then
else
echo "$TCID : No zram.ko module or /dev/zram0 device file not found"
echo "$TCID : CONFIG_ZRAM is not set"
- exit 1
+ exit $ksft_skip
fi
--- a/tools/testing/selftests/zram/zram_lib.sh
+++ b/tools/testing/selftests/zram/zram_lib.sh
@@ -18,6 +18,9 @@ MODULE=0
dev_makeswap=-1
dev_mounted=-1
+# Kselftest framework requirement - SKIP code is 4.
+ksft_skip=4
+
trap INT
check_prereqs()
@@ -27,7 +30,7 @@ check_prereqs()
if [ $uid -ne 0 ]; then
echo $msg must be run as root >&2
- exit 0
+ exit $ksft_skip
fi
}
[PATCH 4.4 02/79] netfilter: ipv6: nf_defrag: reduce struct net memory waste
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Eric Dumazet
[ Upstream commit 9ce7bc036ae4cfe3393232c86e9e1fea2153c237 ]
It is a waste of memory to use a full "struct netns_sysctl_ipv6"
while only one pointer is really used, considering netns_sysctl_ipv6
keeps growing.
Also, since "struct netns_frags" has cache line alignment,
it is better to move the frags_hdr pointer outside, otherwise
we spend a full cache line for this pointer.
This saves 192 bytes of memory per netns.
Fixes: c038a767cd69 ("ipv6: add a new namespace for nf_conntrack_reasm")
Signed-off-by: Eric Dumazet
Signed-off-by: Pablo Neira Ayuso
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
include/net/net_namespace.h |1 +
include/net/netns/ipv6.h|1 -
net/ipv6/netfilter/nf_conntrack_reasm.c |6 +++---
3 files changed, 4 insertions(+), 4 deletions(-)
--- a/include/net/net_namespace.h
+++ b/include/net/net_namespace.h
@@ -115,6 +115,7 @@ struct net {
#endif
#if IS_ENABLED(CONFIG_NF_DEFRAG_IPV6)
struct netns_nf_fragnf_frag;
+ struct ctl_table_header *nf_frag_frags_hdr;
#endif
struct sock *nfnl;
struct sock *nfnl_stash;
--- a/include/net/netns/ipv6.h
+++ b/include/net/netns/ipv6.h
@@ -86,7 +86,6 @@ struct netns_ipv6 {
#if IS_ENABLED(CONFIG_NF_DEFRAG_IPV6)
struct netns_nf_frag {
- struct netns_sysctl_ipv6 sysctl;
struct netns_frags frags;
};
#endif
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -118,7 +118,7 @@ static int nf_ct_frag6_sysctl_register(s
if (hdr == NULL)
goto err_reg;
- net->nf_frag.sysctl.frags_hdr = hdr;
+ net->nf_frag_frags_hdr = hdr;
return 0;
err_reg:
@@ -132,8 +132,8 @@ static void __net_exit nf_ct_frags6_sysc
{
struct ctl_table *table;
- table = net->nf_frag.sysctl.frags_hdr->ctl_table_arg;
- unregister_net_sysctl_table(net->nf_frag.sysctl.frags_hdr);
+ table = net->nf_frag_frags_hdr->ctl_table_arg;
+ unregister_net_sysctl_table(net->nf_frag_frags_hdr);
if (!net_eq(net, &init_net))
kfree(table);
}
[PATCH 4.4 09/79] usb: dwc2: fix isoc split in transfer with no data
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: William Wu
[ Upstream commit 70c3c8cb83856758025c2a211dd022bc0478922a ]
If isoc split in transfer with no data (the length of DATA0
packet is zero), we can't simply return immediately. Because
the DATA0 can be the first transaction or the second transaction
for the isoc split in transaction. If the DATA0 packet with no
data is in the first transaction, we can return immediately.
But if the DATA0 packet with no data is in the second transaction
of isoc split in transaction sequence, we need to increase the
qtd->isoc_frame_index and giveback urb to device driver if needed,
otherwise, the MDATA packet will be lost.
A typical test case is that connect the dwc2 controller with an
usb hs Hub (GL852G-12), and plug an usb fs audio device (Plantronics
headset) into the downstream port of Hub. Then use the usb mic
to record, we can find noise when playback.
In the case, the isoc split in transaction sequence like this:
- SSPLIT IN transaction
- CSPLIT IN transaction
- MDATA packet (176 bytes)
- CSPLIT IN transaction
- DATA0 packet (0 byte)
This patch use both the length of DATA0 and qtd->isoc_split_offset
to check if the DATA0 is in the second transaction.
Tested-by: Gevorg Sahakyan
Tested-by: Heiko Stuebner
Acked-by: Minas Harutyunyan hmi...@synopsys.com>
Signed-off-by: William Wu
Signed-off-by: Felipe Balbi
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
drivers/usb/dwc2/hcd_intr.c |3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/drivers/usb/dwc2/hcd_intr.c
+++ b/drivers/usb/dwc2/hcd_intr.c
@@ -931,9 +931,8 @@ static int dwc2_xfercomp_isoc_split_in(s
frame_desc = &qtd->urb->iso_descs[qtd->isoc_frame_index];
len = dwc2_get_actual_xfer_length(hsotg, chan, chnum, qtd,
DWC2_HC_XFER_COMPLETE, NULL);
- if (!len) {
+ if (!len && !qtd->isoc_split_offset) {
qtd->complete_split = 0;
- qtd->isoc_split_offset = 0;
return 0;
}
[PATCH 4.4 04/79] selftests: static_keys: return Kselftest Skip code for skipped tests
4.4-stable review patch. If anyone has any objections, please let me know. -- From: "Shuah Khan (Samsung OSG)" [ Upstream commit 8781578087b8fb8829558bac96c3c24e5ba26f82 ] When static_keys test is skipped because of unmet dependencies and/or unsupported configuration, it exits with error which is treated as a fail by the Kselftest framework. This leads to false negative result even when the test could not be run. Change it to return kselftest skip code when a test gets skipped to clearly report that the test could not be run. Added an explicit searches for test_static_key_base and test_static_keys modules and return skip code if they aren't found to differentiate between the failure to load the module condition and module not found condition. Kselftest framework SKIP code is 4 and the framework prints appropriate messages to indicate that the test is skipped. Signed-off-by: Shuah Khan (Samsung OSG) Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- tools/testing/selftests/static_keys/test_static_keys.sh | 13 + 1 file changed, 13 insertions(+) --- a/tools/testing/selftests/static_keys/test_static_keys.sh +++ b/tools/testing/selftests/static_keys/test_static_keys.sh @@ -1,6 +1,19 @@ #!/bin/sh # Runs static keys kernel module tests +# Kselftest framework requirement - SKIP code is 4. +ksft_skip=4 + +if ! /sbin/modprobe -q -n test_static_key_base; then + echo "static_key: module test_static_key_base is not found [SKIP]" + exit $ksft_skip +fi + +if ! /sbin/modprobe -q -n test_static_keys; then + echo "static_key: module test_static_keys is not found [SKIP]" + exit $ksft_skip +fi + if /sbin/modprobe -q test_static_key_base; then if /sbin/modprobe -q test_static_keys; then echo "static_key: ok"
[PATCH 4.4 10/79] usb: gadget: composite: fix delayed_status race condition when set_interface
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Chunfeng Yun
[ Upstream commit 980900d6318066b9f8314bfb87329a20fd0d1ca4 ]
It happens when enable debug log, if set_alt() returns
USB_GADGET_DELAYED_STATUS and usb_composite_setup_continue()
is called before increasing count of @delayed_status,
so fix it by using spinlock of @cdev->lock.
Signed-off-by: Chunfeng Yun
Tested-by: Jay Hsu
Signed-off-by: Felipe Balbi
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
drivers/usb/gadget/composite.c |3 +++
1 file changed, 3 insertions(+)
--- a/drivers/usb/gadget/composite.c
+++ b/drivers/usb/gadget/composite.c
@@ -1619,6 +1619,8 @@ composite_setup(struct usb_gadget *gadge
*/
if (w_value && !f->get_alt)
break;
+
+ spin_lock(&cdev->lock);
value = f->set_alt(f, w_index, w_value);
if (value == USB_GADGET_DELAYED_STATUS) {
DBG(cdev,
@@ -1628,6 +1630,7 @@ composite_setup(struct usb_gadget *gadge
DBG(cdev, "delayed_status count %d\n",
cdev->delayed_status);
}
+ spin_unlock(&cdev->lock);
break;
case USB_REQ_GET_INTERFACE:
if (ctrl->bRequestType != (USB_DIR_IN|USB_RECIP_INTERFACE))
[PATCH 4.4 01/79] ARC: Explicitly add -mmedium-calls to CFLAGS
4.4-stable review patch. If anyone has any objections, please let me know. -- From: Alexey Brodkin [ Upstream commit 74c11e300c103af47db5b658fdcf28002421e250 ] GCC built for arc*-*-linux has "-mmedium-calls" implicitly enabled by default thus we don't see any problems during Linux kernel compilation. ->8 arc-linux-gcc -mcpu=arc700 -Q --help=target | grep calls -mlong-calls [disabled] -mmedium-calls[enabled] ->8 But if we try to use so-called Elf32 toolchain with GCC configured for arc*-*-elf* then we'd see the following failure: ->8 init/do_mounts.o: In function 'init_rootfs': do_mounts.c:(.init.text+0x108): relocation truncated to fit: R_ARC_S21W_PCREL against symbol 'unregister_filesystem' defined in .text section in fs/filesystems.o arc-elf32-ld: final link failed: Symbol needs debug section which does not exist make: *** [vmlinux] Error 1 ->8 That happens because neither "-mmedium-calls" nor "-mlong-calls" are enabled in Elf32 GCC: ->8 arc-elf32-gcc -mcpu=arc700 -Q --help=target | grep calls -mlong-calls [disabled] -mmedium-calls[disabled] ->8 Now to make it possible to use Elf32 toolchain for building Linux kernel we're explicitly add "-mmedium-calls" to CFLAGS. And since we add "-mmedium-calls" to the global CFLAGS there's no point in having per-file copies thus removing them. Signed-off-by: Alexey Brodkin Signed-off-by: Vineet Gupta Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- arch/arc/Makefile | 15 +-- 1 file changed, 1 insertion(+), 14 deletions(-) --- a/arch/arc/Makefile +++ b/arch/arc/Makefile @@ -14,7 +14,7 @@ endif KBUILD_DEFCONFIG := nsim_700_defconfig -cflags-y += -fno-common -pipe -fno-builtin -D__linux__ +cflags-y += -fno-common -pipe -fno-builtin -mmedium-calls -D__linux__ cflags-$(CONFIG_ISA_ARCOMPACT) += -mA7 cflags-$(CONFIG_ISA_ARCV2) += -mcpu=archs @@ -137,16 +137,3 @@ dtbs: scripts archclean: $(Q)$(MAKE) $(clean)=$(boot) - -# Hacks to enable final link due to absence of link-time branch relexation -# and gcc choosing optimal(shorter) branches at -O3 -# -# vineetg Feb 2010: -mlong-calls switched off for overall kernel build -# However lib/decompress_inflate.o (.init.text) calls -# zlib_inflate_workspacesize (.text) causing relocation errors. -# Thus forcing all exten calls in this file to be long calls -export CFLAGS_decompress_inflate.o = -mmedium-calls -export CFLAGS_initramfs.o = -mmedium-calls -ifdef CONFIG_SMP -export CFLAGS_core.o = -mmedium-calls -endif
[PATCH 4.4 16/79] net: hamradio: use eth_broadcast_addr
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Stefan Agner
[ Upstream commit 4e8439aa34802deab11cee68b0ecb18f887fb153 ]
The array bpq_eth_addr is only used to get the size of an
address, whereas the bcast_addr is used to set the broadcast
address. This leads to a warning when using clang:
drivers/net/hamradio/bpqether.c:94:13: warning: variable 'bpq_eth_addr' is not
needed and will not be emitted [-Wunneeded-internal-declaration]
static char bpq_eth_addr[6];
^
Remove both variables and use the common eth_broadcast_addr
to set the broadcast address.
Signed-off-by: Stefan Agner
Signed-off-by: David S. Miller
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
drivers/net/hamradio/bpqether.c |8 ++--
1 file changed, 2 insertions(+), 6 deletions(-)
--- a/drivers/net/hamradio/bpqether.c
+++ b/drivers/net/hamradio/bpqether.c
@@ -89,10 +89,6 @@
static const char banner[] __initconst = KERN_INFO \
"AX.25: bpqether driver version 004\n";
-static char bcast_addr[6]={0xFF,0xFF,0xFF,0xFF,0xFF,0xFF};
-
-static char bpq_eth_addr[6];
-
static int bpq_rcv(struct sk_buff *, struct net_device *, struct packet_type
*, struct net_device *);
static int bpq_device_event(struct notifier_block *, unsigned long, void *);
@@ -515,8 +511,8 @@ static int bpq_new_device(struct net_dev
bpq->ethdev = edev;
bpq->axdev = ndev;
- memcpy(bpq->dest_addr, bcast_addr, sizeof(bpq_eth_addr));
- memcpy(bpq->acpt_addr, bcast_addr, sizeof(bpq_eth_addr));
+ eth_broadcast_addr(bpq->dest_addr);
+ eth_broadcast_addr(bpq->acpt_addr);
err = register_netdevice(ndev);
if (err)
[PATCH 4.4 18/79] ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Alexey Brodkin
[ Upstream commit 2f24ef7413a4d91657ef04e77c27ce0b313e6c95 ]
machine_desc->init_per_cpu() hook is supposed to be per cpu
initialization and would seem to apply equally to UP and/or SMP.
Infact the comment in header file seems to suggest it works for
UP too, which was not the case and this patch.
This enables !CONFIG_SMP build for platforms such as hsdk.
Signed-off-by: Alexey Brodkin
Signed-off-by: Vineet Gupta
[vgupta: trimmeed changelog]
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
arch/arc/include/asm/mach_desc.h |2 --
arch/arc/kernel/irq.c|2 +-
2 files changed, 1 insertion(+), 3 deletions(-)
--- a/arch/arc/include/asm/mach_desc.h
+++ b/arch/arc/include/asm/mach_desc.h
@@ -34,9 +34,7 @@ struct machine_desc {
const char *name;
const char **dt_compat;
void(*init_early)(void);
-#ifdef CONFIG_SMP
void(*init_per_cpu)(unsigned int);
-#endif
void(*init_machine)(void);
void(*init_late)(void);
--- a/arch/arc/kernel/irq.c
+++ b/arch/arc/kernel/irq.c
@@ -31,10 +31,10 @@ void __init init_IRQ(void)
/* a SMP H/w block could do IPI IRQ request here */
if (plat_smp_ops.init_per_cpu)
plat_smp_ops.init_per_cpu(smp_processor_id());
+#endif
if (machine_desc->init_per_cpu)
machine_desc->init_per_cpu(smp_processor_id());
-#endif
}
/*
[PATCH 4.4 15/79] enic: initialize enic->rfs_h.lock in enic_probe
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Govindarajulu Varadarajan
[ Upstream commit 3256d29fc7aecdf99feb1cb9475ed2252769a8a7 ]
lockdep spotted that we are using rfs_h.lock in enic_get_rxnfc() without
initializing. rfs_h.lock is initialized in enic_open(). But ethtool_ops
can be called when interface is down.
Move enic_rfs_flw_tbl_init to enic_probe.
INFO: trying to register non-static key.
the code is fine but needs lockdep annotation.
turning off the locking correctness validator.
CPU: 18 PID: 1189 Comm: ethtool Not tainted 4.17.0-rc7-devel+ #27
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
1.11.0-20171110_100015-anatol 04/01/2014
Call Trace:
dump_stack+0x85/0xc0
register_lock_class+0x550/0x560
? __handle_mm_fault+0xa8b/0x1100
__lock_acquire+0x81/0x670
lock_acquire+0xb9/0x1e0
? enic_get_rxnfc+0x139/0x2b0 [enic]
_raw_spin_lock_bh+0x38/0x80
? enic_get_rxnfc+0x139/0x2b0 [enic]
enic_get_rxnfc+0x139/0x2b0 [enic]
ethtool_get_rxnfc+0x8d/0x1c0
dev_ethtool+0x16c8/0x2400
? __mutex_lock+0x64d/0xa00
? dev_load+0x6a/0x150
dev_ioctl+0x253/0x4b0
sock_do_ioctl+0x9a/0x130
sock_ioctl+0x1af/0x350
do_vfs_ioctl+0x8e/0x670
? syscall_trace_enter+0x1e2/0x380
ksys_ioctl+0x60/0x90
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x5a/0x170
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Signed-off-by: Govindarajulu Varadarajan
Signed-off-by: David S. Miller
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
drivers/net/ethernet/cisco/enic/enic_clsf.c |3 +--
drivers/net/ethernet/cisco/enic/enic_main.c |3 ++-
2 files changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/net/ethernet/cisco/enic/enic_clsf.c
+++ b/drivers/net/ethernet/cisco/enic/enic_clsf.c
@@ -78,7 +78,6 @@ void enic_rfs_flw_tbl_init(struct enic *
enic->rfs_h.max = enic->config.num_arfs;
enic->rfs_h.free = enic->rfs_h.max;
enic->rfs_h.toclean = 0;
- enic_rfs_timer_start(enic);
}
void enic_rfs_flw_tbl_free(struct enic *enic)
@@ -87,7 +86,6 @@ void enic_rfs_flw_tbl_free(struct enic *
enic_rfs_timer_stop(enic);
spin_lock_bh(&enic->rfs_h.lock);
- enic->rfs_h.free = 0;
for (i = 0; i < (1 << ENIC_RFS_FLW_BITSHIFT); i++) {
struct hlist_head *hhead;
struct hlist_node *tmp;
@@ -98,6 +96,7 @@ void enic_rfs_flw_tbl_free(struct enic *
enic_delfltr(enic, n->fltr_id);
hlist_del(&n->node);
kfree(n);
+ enic->rfs_h.free++;
}
}
spin_unlock_bh(&enic->rfs_h.lock);
--- a/drivers/net/ethernet/cisco/enic/enic_main.c
+++ b/drivers/net/ethernet/cisco/enic/enic_main.c
@@ -1760,7 +1760,7 @@ static int enic_open(struct net_device *
vnic_intr_unmask(&enic->intr[i]);
enic_notify_timer_start(enic);
- enic_rfs_flw_tbl_init(enic);
+ enic_rfs_timer_start(enic);
return 0;
@@ -2694,6 +2694,7 @@ static int enic_probe(struct pci_dev *pd
enic->notify_timer.function = enic_notify_timer;
enic->notify_timer.data = (unsigned long)enic;
+ enic_rfs_flw_tbl_init(enic);
enic_set_rx_coal_setting(enic);
INIT_WORK(&enic->reset, enic_reset);
INIT_WORK(&enic->tx_hang_reset, enic_tx_hang_reset);
[PATCH 4.4 17/79] net: propagate dev_get_valid_name return code
4.4-stable review patch. If anyone has any objections, please let me know. -- From: Li RongQing [ Upstream commit 7892bd081045222b9e4027fec279a28d6fe7aa66 ] if dev_get_valid_name failed, propagate its return code and remove the setting err to ENODEV, it will be set to 0 again before dev_change_net_namespace exits. Signed-off-by: Li RongQing Signed-off-by: David S. Miller Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- net/core/dev.c |4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/net/core/dev.c +++ b/net/core/dev.c @@ -7420,7 +7420,8 @@ int dev_change_net_namespace(struct net_ /* We get here if we can't use the current device name */ if (!pat) goto out; - if (dev_get_valid_name(net, dev, pat) < 0) + err = dev_get_valid_name(net, dev, pat); + if (err < 0) goto out; } @@ -7432,7 +7433,6 @@ int dev_change_net_namespace(struct net_ dev_close(dev); /* And unlink it from device chain */ - err = -ENODEV; unlist_netdevice(dev); synchronize_net();
[PATCH 4.4 20/79] locking/lockdep: Do not record IRQ state within lockdep code
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: "Steven Rostedt (VMware)"
[ Upstream commit fcc784be837714a9173b372ff9fb9b514590dad9 ]
While debugging where things were going wrong with mapping
enabling/disabling interrupts with the lockdep state and actual real
enabling and disabling interrupts, I had to silent the IRQ
disabling/enabling in debug_check_no_locks_freed() because it was
always showing up as it was called before the splat was.
Use raw_local_irq_save/restore() for not only debug_check_no_locks_freed()
but for all internal lockdep functions, as they hide useful information
about where interrupts were used incorrectly last.
Signed-off-by: Steven Rostedt (VMware)
Cc: Andrew Morton
Cc: Linus Torvalds
Cc: Paul E. McKenney
Cc: Peter Zijlstra
Cc: Thomas Gleixner
Cc: Will Deacon
Link: https://lkml.kernel.org/lkml/20180404140630.3f4f4...@gandalf.local.home
Signed-off-by: Ingo Molnar
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
kernel/locking/lockdep.c | 12 ++--
1 file changed, 6 insertions(+), 6 deletions(-)
--- a/kernel/locking/lockdep.c
+++ b/kernel/locking/lockdep.c
@@ -1264,11 +1264,11 @@ unsigned long lockdep_count_forward_deps
this.parent = NULL;
this.class = class;
- local_irq_save(flags);
+ raw_local_irq_save(flags);
arch_spin_lock(&lockdep_lock);
ret = __lockdep_count_forward_deps(&this);
arch_spin_unlock(&lockdep_lock);
- local_irq_restore(flags);
+ raw_local_irq_restore(flags);
return ret;
}
@@ -1291,11 +1291,11 @@ unsigned long lockdep_count_backward_dep
this.parent = NULL;
this.class = class;
- local_irq_save(flags);
+ raw_local_irq_save(flags);
arch_spin_lock(&lockdep_lock);
ret = __lockdep_count_backward_deps(&this);
arch_spin_unlock(&lockdep_lock);
- local_irq_restore(flags);
+ raw_local_irq_restore(flags);
return ret;
}
@@ -4123,7 +4123,7 @@ void debug_check_no_locks_freed(const vo
if (unlikely(!debug_locks))
return;
- local_irq_save(flags);
+ raw_local_irq_save(flags);
for (i = 0; i < curr->lockdep_depth; i++) {
hlock = curr->held_locks + i;
@@ -4134,7 +4134,7 @@ void debug_check_no_locks_freed(const vo
print_freed_lock_bug(curr, mem_from, mem_from + mem_len, hlock);
break;
}
- local_irq_restore(flags);
+ raw_local_irq_restore(flags);
}
EXPORT_SYMBOL_GPL(debug_check_no_locks_freed);
[PATCH 4.4 32/79] dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate()
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Dan Carpenter
[ Upstream commit c4c2b7644cc9a41f17a8cc8904efe3f66ae4c7ed ]
The d->chans[] array has d->dma_requests elements so the > should be
>= here.
Fixes: 8e6152bc660e ("dmaengine: Add hisilicon k3 DMA engine driver")
Signed-off-by: Dan Carpenter
Signed-off-by: Vinod Koul
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
drivers/dma/k3dma.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/dma/k3dma.c
+++ b/drivers/dma/k3dma.c
@@ -660,7 +660,7 @@ static struct dma_chan *k3_of_dma_simple
struct k3_dma_dev *d = ofdma->of_dma_data;
unsigned int request = dma_spec->args[0];
- if (request > d->dma_requests)
+ if (request >= d->dma_requests)
return NULL;
return dma_get_slave_channel(&(d->chans[request].vc.chan));
[PATCH 4.4 30/79] selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Andy Lutomirski
[ Upstream commit ec348020566009d3da9b99f07c05814d13969c78 ]
When I wrote the sigreturn test, I didn't realize that AMD's busted
IRET behavior was different from Intel's busted IRET behavior:
On AMD CPUs, the CPU leaks the high 32 bits of the kernel stack pointer
to certain userspace contexts. Gee, thanks. There's very little
the kernel can do about it. Modify the test so it passes.
Signed-off-by: Andy Lutomirski
Cc: Borislav Petkov
Cc: Linus Torvalds
Cc: Peter Zijlstra
Cc: Thomas Gleixner
Link:
http://lkml.kernel.org/r/86e7fd3564497f657de30a36da4505799eebef01.1530076529.git.l...@kernel.org
Signed-off-by: Ingo Molnar
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
tools/testing/selftests/x86/sigreturn.c | 46
1 file changed, 29 insertions(+), 17 deletions(-)
--- a/tools/testing/selftests/x86/sigreturn.c
+++ b/tools/testing/selftests/x86/sigreturn.c
@@ -456,19 +456,38 @@ static int test_valid_sigreturn(int cs_b
greg_t req = requested_regs[i], res = resulting_regs[i];
if (i == REG_TRAPNO || i == REG_IP)
continue; /* don't care */
- if (i == REG_SP) {
- printf("\tSP: %llx -> %llx\n", (unsigned long long)req,
- (unsigned long long)res);
+ if (i == REG_SP) {
/*
-* In many circumstances, the high 32 bits of rsp
-* are zeroed. For example, we could be a real
-* 32-bit program, or we could hit any of a number
-* of poorly-documented IRET or segmented ESP
-* oddities. If this happens, it's okay.
+* If we were using a 16-bit stack segment, then
+* the kernel is a bit stuck: IRET only restores
+* the low 16 bits of ESP/RSP if SS is 16-bit.
+* The kernel uses a hack to restore bits 31:16,
+* but that hack doesn't help with bits 63:32.
+* On Intel CPUs, bits 63:32 end up zeroed, and, on
+* AMD CPUs, they leak the high bits of the kernel
+* espfix64 stack pointer. There's very little that
+* the kernel can do about it.
+*
+* Similarly, if we are returning to a 32-bit context,
+* the CPU will often lose the high 32 bits of RSP.
*/
- if (res == (req & 0x))
- continue; /* OK; not expected to work */
+
+ if (res == req)
+ continue;
+
+ if (cs_bits != 64 && ((res ^ req) & 0x) == 0) {
+ printf("[NOTE]\tSP: %llx -> %llx\n",
+ (unsigned long long)req,
+ (unsigned long long)res);
+ continue;
+ }
+
+ printf("[FAIL]\tSP mismatch: requested 0x%llx; got
0x%llx\n",
+ (unsigned long long)requested_regs[i],
+ (unsigned long long)resulting_regs[i]);
+ nerrs++;
+ continue;
}
bool ignore_reg = false;
@@ -507,13 +526,6 @@ static int test_valid_sigreturn(int cs_b
}
if (requested_regs[i] != resulting_regs[i] && !ignore_reg) {
- /*
-* SP is particularly interesting here. The
-* usual cause of failures is that we hit the
-* nasty IRET case of returning to a 16-bit SS,
-* in which case bits 16:31 of the *kernel*
-* stack pointer persist in ESP.
-*/
printf("[FAIL]\tReg %d mismatch: requested 0x%llx; got
0x%llx\n",
i, (unsigned long long)requested_regs[i],
(unsigned long long)resulting_regs[i]);
[PATCH 4.4 14/79] qed: Add sanity check for SIMD fastpath handler.
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Sudarsana Reddy Kalluru
[ Upstream commit 3935a70968820c3994db4de7e6e1c7e814bff875 ]
Avoid calling a SIMD fastpath handler if it is NULL. The check is needed
to handle an unlikely scenario where unsolicited interrupt is destined to
a PF in INTa mode.
Fixes: fe56b9e6a ("qed: Add module with basic common support")
Signed-off-by: Sudarsana Reddy Kalluru
Signed-off-by: Ariel Elior
Signed-off-by: Michal Kalderon
Signed-off-by: David S. Miller
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
drivers/net/ethernet/qlogic/qed/qed_main.c | 12 ++--
1 file changed, 10 insertions(+), 2 deletions(-)
--- a/drivers/net/ethernet/qlogic/qed/qed_main.c
+++ b/drivers/net/ethernet/qlogic/qed/qed_main.c
@@ -461,8 +461,16 @@ static irqreturn_t qed_single_int(int ir
/* Fastpath interrupts */
for (j = 0; j < 64; j++) {
if ((0x2ULL << j) & status) {
- hwfn->simd_proto_handler[j].func(
- hwfn->simd_proto_handler[j].token);
+ struct qed_simd_fp_handler *p_handler =
+ &hwfn->simd_proto_handler[j];
+
+ if (p_handler->func)
+ p_handler->func(p_handler->token);
+ else
+ DP_NOTICE(hwfn,
+ "Not calling fastpath handler
as it is NULL [handler #%d, status 0x%llx]\n",
+ j, status);
+
status &= ~(0x2ULL << j);
rc = IRQ_HANDLED;
}
[PATCH 4.4 29/79] perf tests: Add event parsing error handling to parse events test
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Jiri Olsa
[ Upstream commit 933ccf2002aaef1037cb676622a694f5390c3d59 ]
Add missing error handling for parse_events calls in test_event function
that led to following segfault on s390:
running test 52 'intel_pt//u'
perf: Segmentation fault
...
/lib64/libc.so.6(vasprintf+0xe6) [0x3fffca3f106]
/lib64/libc.so.6(asprintf+0x46) [0x3fffca1aa96]
./perf(parse_events_add_pmu+0xb8) [0x80132088]
./perf(parse_events_parse+0xc62) [0x8019529a]
./perf(parse_events+0x98) [0x801341c0]
./perf(test__parse_events+0x48) [0x800cd140]
./perf(cmd_test+0x26a) [0x800bd44a]
test child interrupted
Adding the struct parse_events_error argument to parse_events call. Also
adding parse_events_print_error to get more details on the parsing
failures, like:
# perf test 6 -v
running test 52 'intel_pt//u'failed to parse event 'intel_pt//u', err 1, str
'Cannot find PMU `intel_pt'. Missing kernel support?'
event syntax error: 'intel_pt//u'
\___ Cannot find PMU `intel_pt'. Missing kernel support?
Committer note:
Use named initializers in the struct parse_events_error variable to
avoid breaking the build on centos5, 6 and others with a similar gcc:
cc1: warnings being treated as errors
tests/parse-events.c: In function 'test_event':
tests/parse-events.c:1696: error: missing initializer
tests/parse-events.c:1696: error: (near initialization for 'err.str')
Reported-by: Kim Phillips
Signed-off-by: Jiri Olsa
Tested-by: Kim Phillips
Cc: Alexander Shishkin
Cc: David Ahern
Cc: Heiko Carstens
Cc: Hendrik Brueckner
Cc: Martin Schwidefsky
Cc: Namhyung Kim
Cc: Peter Zijlstra
Cc: Thomas Richter
Link: http://lkml.kernel.org/r/20180611093422.1005-1-jo...@kernel.org
Signed-off-by: Arnaldo Carvalho de Melo
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
tools/perf/tests/parse-events.c |8 +---
1 file changed, 5 insertions(+), 3 deletions(-)
--- a/tools/perf/tests/parse-events.c
+++ b/tools/perf/tests/parse-events.c
@@ -1614,6 +1614,7 @@ static struct terms_test test__terms[] =
static int test_event(struct evlist_test *e)
{
+ struct parse_events_error err = { .idx = 0, };
struct perf_evlist *evlist;
int ret;
@@ -1621,10 +1622,11 @@ static int test_event(struct evlist_test
if (evlist == NULL)
return -ENOMEM;
- ret = parse_events(evlist, e->name, NULL);
+ ret = parse_events(evlist, e->name, &err);
if (ret) {
- pr_debug("failed to parse event '%s', err %d\n",
-e->name, ret);
+ pr_debug("failed to parse event '%s', err %d, str '%s'\n",
+e->name, ret, err.str);
+ parse_events_print_error(&err, e->name);
} else {
ret = e->check(evlist);
}
[PATCH 4.4 43/79] kasan: fix shadow_size calculation error in kasan_module_alloc
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Zhen Lei
[ Upstream commit 1e8e18f694a52d703665012ca486826f64bac29d ]
There is a special case that the size is "(N << KASAN_SHADOW_SCALE_SHIFT)
Pages plus X", the value of X is [1, KASAN_SHADOW_SCALE_SIZE-1]. The
operation "size >> KASAN_SHADOW_SCALE_SHIFT" will drop X, and the
roundup operation can not retrieve the missed one page. For example:
size=0x28006, PAGE_SIZE=0x1000, KASAN_SHADOW_SCALE_SHIFT=3, we will get
shadow_size=0x5000, but actually we need 6 pages.
shadow_size = round_up(size >> KASAN_SHADOW_SCALE_SHIFT, PAGE_SIZE);
This can lead to a kernel crash when kasan is enabled and the value of
mod->core_layout.size or mod->init_layout.size is like above. Because
the shadow memory of X has not been allocated and mapped.
move_module:
ptr = module_alloc(mod->core_layout.size);
...
memset(ptr, 0, mod->core_layout.size);//crashed
Unable to handle kernel paging request at virtual address 0f97b000
..
Call trace:
__asan_storeN+0x174/0x1a8
memset+0x24/0x48
layout_and_allocate+0xcd8/0x1800
load_module+0x190/0x23e8
SyS_finit_module+0x148/0x180
Link:
http://lkml.kernel.org/r/1529659626-12660-1-git-send-email-thunder.leiz...@huawei.com
Signed-off-by: Zhen Lei
Reviewed-by: Dmitriy Vyukov
Acked-by: Andrey Ryabinin
Cc: Alexander Potapenko
Cc: Hanjun Guo
Cc: Libin
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
mm/kasan/kasan.c |5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/mm/kasan/kasan.c
+++ b/mm/kasan/kasan.c
@@ -427,12 +427,13 @@ void kasan_kfree_large(const void *ptr)
int kasan_module_alloc(void *addr, size_t size)
{
void *ret;
+ size_t scaled_size;
size_t shadow_size;
unsigned long shadow_start;
shadow_start = (unsigned long)kasan_mem_to_shadow(addr);
- shadow_size = round_up(size >> KASAN_SHADOW_SCALE_SHIFT,
- PAGE_SIZE);
+ scaled_size = (size + KASAN_SHADOW_MASK) >> KASAN_SHADOW_SCALE_SHIFT;
+ shadow_size = round_up(scaled_size, PAGE_SIZE);
if (WARN_ON(!PAGE_ALIGNED(shadow_start)))
return -EINVAL;
[PATCH 4.4 19/79] net: davinci_emac: match the mdio device against its compatible if possible
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Bartosz Golaszewski
[ Upstream commit ea0820bb771175c7d4192fc6f5b5c56b3c6d5239 ]
Device tree based systems without of_dev_auxdata will have the mdio
device named differently than "davinci_mdio(.0)". In this case use the
device's parent's compatible string for matching
Signed-off-by: Bartosz Golaszewski
Signed-off-by: David S. Miller
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
drivers/net/ethernet/ti/davinci_emac.c |4
1 file changed, 4 insertions(+)
--- a/drivers/net/ethernet/ti/davinci_emac.c
+++ b/drivers/net/ethernet/ti/davinci_emac.c
@@ -1517,6 +1517,10 @@ static int emac_devioctl(struct net_devi
static int match_first_device(struct device *dev, void *data)
{
+ if (dev->parent && dev->parent->of_node)
+ return of_device_is_compatible(dev->parent->of_node,
+ "ti,davinci_mdio");
+
return !strncmp(dev_name(dev), "davinci_mdio", 12);
}
[PATCH 4.4 12/79] scsi: xen-scsifront: add error handling for xenbus_printf
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Zhouyang Jia
[ Upstream commit 93efbd39870474cc536b9caf4a6efeb03b0bc56f ]
When xenbus_printf fails, the lack of error-handling code may
cause unexpected results.
This patch adds error-handling code after calling xenbus_printf.
Signed-off-by: Zhouyang Jia
Reviewed-by: Juergen Gross
Signed-off-by: Juergen Gross
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
drivers/scsi/xen-scsifront.c | 33 ++---
1 file changed, 26 insertions(+), 7 deletions(-)
--- a/drivers/scsi/xen-scsifront.c
+++ b/drivers/scsi/xen-scsifront.c
@@ -676,10 +676,17 @@ static int scsifront_dev_reset_handler(s
static int scsifront_sdev_configure(struct scsi_device *sdev)
{
struct vscsifrnt_info *info = shost_priv(sdev->host);
+ int err;
- if (info && current == info->curr)
- xenbus_printf(XBT_NIL, info->dev->nodename,
+ if (info && current == info->curr) {
+ err = xenbus_printf(XBT_NIL, info->dev->nodename,
info->dev_state_path, "%d", XenbusStateConnected);
+ if (err) {
+ xenbus_dev_error(info->dev, err,
+ "%s: writing dev_state_path", __func__);
+ return err;
+ }
+ }
return 0;
}
@@ -687,10 +694,15 @@ static int scsifront_sdev_configure(stru
static void scsifront_sdev_destroy(struct scsi_device *sdev)
{
struct vscsifrnt_info *info = shost_priv(sdev->host);
+ int err;
- if (info && current == info->curr)
- xenbus_printf(XBT_NIL, info->dev->nodename,
+ if (info && current == info->curr) {
+ err = xenbus_printf(XBT_NIL, info->dev->nodename,
info->dev_state_path, "%d", XenbusStateClosed);
+ if (err)
+ xenbus_dev_error(info->dev, err,
+ "%s: writing dev_state_path", __func__);
+ }
}
static struct scsi_host_template scsifront_sht = {
@@ -1025,9 +1037,12 @@ static void scsifront_do_lun_hotplug(str
if (scsi_add_device(info->host, chn, tgt, lun)) {
dev_err(&dev->dev, "scsi_add_device\n");
- xenbus_printf(XBT_NIL, dev->nodename,
+ err = xenbus_printf(XBT_NIL, dev->nodename,
info->dev_state_path,
"%d", XenbusStateClosed);
+ if (err)
+ xenbus_dev_error(dev, err,
+ "%s: writing dev_state_path",
__func__);
}
break;
case VSCSIFRONT_OP_DEL_LUN:
@@ -1041,10 +1056,14 @@ static void scsifront_do_lun_hotplug(str
}
break;
case VSCSIFRONT_OP_READD_LUN:
- if (device_state == XenbusStateConnected)
- xenbus_printf(XBT_NIL, dev->nodename,
+ if (device_state == XenbusStateConnected) {
+ err = xenbus_printf(XBT_NIL, dev->nodename,
info->dev_state_path,
"%d", XenbusStateConnected);
+ if (err)
+ xenbus_dev_error(dev, err,
+ "%s: writing dev_state_path",
__func__);
+ }
break;
default:
break;
[PATCH 4.4 41/79] ARM: imx_v4_v5_defconfig: Select ULPI support
4.4-stable review patch. If anyone has any objections, please let me know. -- From: Fabio Estevam [ Upstream commit 2ceb2780b790b74bc408a949f6aedbad8afa693e ] Select CONFIG_USB_CHIPIDEA_ULPI and CONFIG_USB_ULPI_BUS so that USB ULPI can be functional on some boards like that use ULPI interface. Signed-off-by: Fabio Estevam Signed-off-by: Shawn Guo Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- arch/arm/configs/imx_v4_v5_defconfig |2 ++ 1 file changed, 2 insertions(+) --- a/arch/arm/configs/imx_v4_v5_defconfig +++ b/arch/arm/configs/imx_v4_v5_defconfig @@ -145,9 +145,11 @@ CONFIG_USB_STORAGE=y CONFIG_USB_CHIPIDEA=y CONFIG_USB_CHIPIDEA_UDC=y CONFIG_USB_CHIPIDEA_HOST=y +CONFIG_USB_CHIPIDEA_ULPI=y CONFIG_NOP_USB_XCEIV=y CONFIG_USB_GADGET=y CONFIG_USB_ETH=m +CONFIG_USB_ULPI_BUS=y CONFIG_MMC=y CONFIG_MMC_SDHCI=y CONFIG_MMC_SDHCI_PLTFM=y
[PATCH 4.4 44/79] smsc75xx: Add workaround for gigabit link up hardware errata.
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Yuiko Oshino
[ Upstream commit d461e3da905332189aad546b2ad9adbe6071c7cc ]
In certain conditions, the device may not be able to link in gigabit mode. This
software workaround ensures that the device will not enter the failure state.
Fixes: d0cad871703b898a442e4049c532ec39168e5b57 ("SMSC75XX USB 2.0 Gigabit
Ethernet Devices")
Signed-off-by: Yuiko Oshino
Signed-off-by: David S. Miller
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
drivers/net/usb/smsc75xx.c | 62 +
1 file changed, 62 insertions(+)
--- a/drivers/net/usb/smsc75xx.c
+++ b/drivers/net/usb/smsc75xx.c
@@ -81,6 +81,9 @@ static bool turbo_mode = true;
module_param(turbo_mode, bool, 0644);
MODULE_PARM_DESC(turbo_mode, "Enable multiple frames per Rx transaction");
+static int smsc75xx_link_ok_nopm(struct usbnet *dev);
+static int smsc75xx_phy_gig_workaround(struct usbnet *dev);
+
static int __must_check __smsc75xx_read_reg(struct usbnet *dev, u32 index,
u32 *data, int in_pm)
{
@@ -840,6 +843,9 @@ static int smsc75xx_phy_initialize(struc
return -EIO;
}
+ /* phy workaround for gig link */
+ smsc75xx_phy_gig_workaround(dev);
+
smsc75xx_mdio_write(dev->net, dev->mii.phy_id, MII_ADVERTISE,
ADVERTISE_ALL | ADVERTISE_CSMA | ADVERTISE_PAUSE_CAP |
ADVERTISE_PAUSE_ASYM);
@@ -978,6 +984,62 @@ static int smsc75xx_wait_ready(struct us
return -EIO;
}
+static int smsc75xx_phy_gig_workaround(struct usbnet *dev)
+{
+ struct mii_if_info *mii = &dev->mii;
+ int ret = 0, timeout = 0;
+ u32 buf, link_up = 0;
+
+ /* Set the phy in Gig loopback */
+ smsc75xx_mdio_write(dev->net, mii->phy_id, MII_BMCR, 0x4040);
+
+ /* Wait for the link up */
+ do {
+ link_up = smsc75xx_link_ok_nopm(dev);
+ usleep_range(1, 2);
+ timeout++;
+ } while ((!link_up) && (timeout < 1000));
+
+ if (timeout >= 1000) {
+ netdev_warn(dev->net, "Timeout waiting for PHY link up\n");
+ return -EIO;
+ }
+
+ /* phy reset */
+ ret = smsc75xx_read_reg(dev, PMT_CTL, &buf);
+ if (ret < 0) {
+ netdev_warn(dev->net, "Failed to read PMT_CTL: %d\n", ret);
+ return ret;
+ }
+
+ buf |= PMT_CTL_PHY_RST;
+
+ ret = smsc75xx_write_reg(dev, PMT_CTL, buf);
+ if (ret < 0) {
+ netdev_warn(dev->net, "Failed to write PMT_CTL: %d\n", ret);
+ return ret;
+ }
+
+ timeout = 0;
+ do {
+ usleep_range(1, 2);
+ ret = smsc75xx_read_reg(dev, PMT_CTL, &buf);
+ if (ret < 0) {
+ netdev_warn(dev->net, "Failed to read PMT_CTL: %d\n",
+ ret);
+ return ret;
+ }
+ timeout++;
+ } while ((buf & PMT_CTL_PHY_RST) && (timeout < 100));
+
+ if (timeout >= 100) {
+ netdev_warn(dev->net, "timeout waiting for PHY Reset\n");
+ return -EIO;
+ }
+
+ return 0;
+}
+
static int smsc75xx_reset(struct usbnet *dev)
{
struct smsc75xx_priv *pdata = (struct smsc75xx_priv *)(dev->data[0]);
[PATCH 4.4 45/79] netfilter: x_tables: set module owner for icmp(6) matches
4.4-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal [ Upstream commit d376bef9c29b3c65aeee4e785fffcd97ef0a9a81 ] nft_compat relies on xt_request_find_match to increment refcount of the module that provides the match/target. The (builtin) icmp matches did't set the module owner so it was possible to rmmod ip(6)tables while icmp extensions were still in use. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- net/ipv4/netfilter/ip_tables.c |1 + net/ipv6/netfilter/ip6_tables.c |1 + 2 files changed, 2 insertions(+) --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c @@ -2072,6 +2072,7 @@ static struct xt_match ipt_builtin_mt[] .checkentry = icmp_checkentry, .proto = IPPROTO_ICMP, .family = NFPROTO_IPV4, + .me = THIS_MODULE, }, }; --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c @@ -2073,6 +2073,7 @@ static struct xt_match ip6t_builtin_mt[] .checkentry = icmp6_checkentry, .proto = IPPROTO_ICMPV6, .family = NFPROTO_IPV6, + .me = THIS_MODULE, }, };
[PATCH 4.4 21/79] ipv6: mcast: fix unsolicited report interval after receiving querys
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Hangbin Liu
[ Upstream commit 6c6da92808442908287fae8ebb0ca041a52469f4 ]
After recieving MLD querys, we update idev->mc_maxdelay with max_delay
from query header. This make the later unsolicited reports have the same
interval with mc_maxdelay, which means we may send unsolicited reports with
long interval time instead of default configured interval time.
Also as we will not call ipv6_mc_reset() after device up. This issue will
be there even after leave the group and join other groups.
Fixes: fc4eba58b4c14 ("ipv6: make unsolicited report intervals configurable for
mld")
Signed-off-by: Hangbin Liu
Signed-off-by: David S. Miller
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
net/ipv6/mcast.c |9 ++---
1 file changed, 6 insertions(+), 3 deletions(-)
--- a/net/ipv6/mcast.c
+++ b/net/ipv6/mcast.c
@@ -2061,7 +2061,8 @@ void ipv6_mc_dad_complete(struct inet6_d
mld_send_initial_cr(idev);
idev->mc_dad_count--;
if (idev->mc_dad_count)
- mld_dad_start_timer(idev, idev->mc_maxdelay);
+ mld_dad_start_timer(idev,
+ unsolicited_report_interval(idev));
}
}
@@ -2073,7 +2074,8 @@ static void mld_dad_timer_expire(unsigne
if (idev->mc_dad_count) {
idev->mc_dad_count--;
if (idev->mc_dad_count)
- mld_dad_start_timer(idev, idev->mc_maxdelay);
+ mld_dad_start_timer(idev,
+ unsolicited_report_interval(idev));
}
in6_dev_put(idev);
}
@@ -2431,7 +2433,8 @@ static void mld_ifc_timer_expire(unsigne
if (idev->mc_ifc_count) {
idev->mc_ifc_count--;
if (idev->mc_ifc_count)
- mld_ifc_start_timer(idev, idev->mc_maxdelay);
+ mld_ifc_start_timer(idev,
+ unsolicited_report_interval(idev));
}
in6_dev_put(idev);
}
[PATCH 4.4 27/79] perf test session topology: Fix test on s390
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Thomas Richter
[ Upstream commit b930e62ecd362843002bdf84c2940439822af321 ]
On s390 this test case fails because the socket identifiction numbers
assigned to the CPU are higher than the CPU identification numbers.
F/ix this by adding the platform architecture into the perf data header
flag information. This helps identifiing the test platform and handles
s390 specifics in process_cpu_topology().
Before:
[root@p23lp27 perf]# perf test -v -F 39
39: Session topology :
--- start ---
templ file: /tmp/perf-test-iUv755
socket_id number is too big.You may need to upgrade the perf tool.
end
Session topology: Skip
[root@p23lp27 perf]#
After:
[root@p23lp27 perf]# perf test -v -F 39
39: Session topology :
--- start ---
templ file: /tmp/perf-test-8X8VTs
CPU 0, core 0, socket 6
CPU 1, core 1, socket 3
end
Session topology: Ok
[root@p23lp27 perf]#
Signed-off-by: Thomas Richter
Reviewed-by: Hendrik Brueckner
Cc: Heiko Carstens
Cc: Martin Schwidefsky
Fixes: c84974ed9fb6 ("perf test: Add entry to test cpu topology")
Link: http://lkml.kernel.org/r/20180611073153.15592-2-tmri...@linux.ibm.com
Signed-off-by: Arnaldo Carvalho de Melo
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
tools/perf/tests/topology.c |1 +
1 file changed, 1 insertion(+)
--- a/tools/perf/tests/topology.c
+++ b/tools/perf/tests/topology.c
@@ -42,6 +42,7 @@ static int session_write_header(char *pa
perf_header__set_feat(&session->header, HEADER_CPU_TOPOLOGY);
perf_header__set_feat(&session->header, HEADER_NRCPUS);
+ perf_header__set_feat(&session->header, HEADER_ARCH);
session->header.data_size += DATA_SIZE;
[PATCH 4.4 28/79] perf report powerpc: Fix crash if callchain is empty
4.4-stable review patch. If anyone has any objections, please let me know. -- From: Sandipan Das [ Upstream commit 143c99f6ac6812d23254e80844d6e34be897d3e1 ] For some cases, the callchain provided by the kernel may be empty. So, the callchain ip filtering code will cause a crash if we do not check whether the struct ip_callchain pointer is NULL before accessing any members. This can be observed on a powerpc64le system running Fedora 27 as shown below. # perf record -b -e cycles:u ls Before: # perf report --branch-history perf: Segmentation fault backtrace perf[0x1027615c] linux-vdso64.so.1(__kernel_sigtramp_rt64+0x0)[0x7fff856304d8] perf(arch_skip_callchain_idx+0x44)[0x10257c58] perf[0x1017f2e4] perf(thread__resolve_callchain+0x124)[0x1017ff5c] perf(sample__resolve_callchain+0xf0)[0x10172788] ... After: # perf report --branch-history Samples: 25 of event 'cycles:u', Event count (approx.): 2306870 Overhead Source:LineSymbol Shared Object + 11.60% _init+35736[.] _initls +9.84% strcoll_l.c:137[.] __strcoll_l libc-2.26.so +9.16% memcpy.S:175 [.] __memcpy_power7 libc-2.26.so +9.01% gconv_charset.h:54 [.] _nl_find_locale libc-2.26.so +8.87% dl-addr.c:52 [.] _dl_addr libc-2.26.so +8.83% _init+236 [.] _initls ... Reported-by: Ravi Bangoria Signed-off-by: Sandipan Das Acked-by: Ravi Bangoria Cc: Jiri Olsa Cc: Naveen N. Rao Cc: Sukadev Bhattiprolu Link: http://lkml.kernel.org/r/20180611104049.11048-1-sandi...@linux.ibm.com Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- tools/perf/arch/powerpc/util/skip-callchain-idx.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/tools/perf/arch/powerpc/util/skip-callchain-idx.c +++ b/tools/perf/arch/powerpc/util/skip-callchain-idx.c @@ -243,7 +243,7 @@ int arch_skip_callchain_idx(struct threa u64 ip; u64 skip_slot = -1; - if (chain->nr < 3) + if (!chain || chain->nr < 3) return skip_slot; ip = chain->ips[2];
[PATCH 4.4 46/79] ARM: pxa: irq: fix handling of ICMR registers in suspend/resume
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Daniel Mack
[ Upstream commit 0c1049dcb4ceec640d8bd797335bcbebdcab44d2 ]
PXA3xx platforms have 56 interrupts that are stored in two ICMR
registers. The code in pxa_irq_suspend() and pxa_irq_resume() however
does a simple division by 32 which only leads to one register being
saved at suspend and restored at resume time. The NAND interrupt
setting, for instance, is lost.
Fix this by using DIV_ROUND_UP() instead.
Signed-off-by: Daniel Mack
Signed-off-by: Robert Jarzmik
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
arch/arm/mach-pxa/irq.c |4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/arch/arm/mach-pxa/irq.c
+++ b/arch/arm/mach-pxa/irq.c
@@ -185,7 +185,7 @@ static int pxa_irq_suspend(void)
{
int i;
- for (i = 0; i < pxa_internal_irq_nr / 32; i++) {
+ for (i = 0; i < DIV_ROUND_UP(pxa_internal_irq_nr, 32); i++) {
void __iomem *base = irq_base(i);
saved_icmr[i] = __raw_readl(base + ICMR);
@@ -204,7 +204,7 @@ static void pxa_irq_resume(void)
{
int i;
- for (i = 0; i < pxa_internal_irq_nr / 32; i++) {
+ for (i = 0; i < DIV_ROUND_UP(pxa_internal_irq_nr, 32); i++) {
void __iomem *base = irq_base(i);
__raw_writel(saved_icmr[i], base + ICMR);
[PATCH 4.4 47/79] ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Stefan Schmidt
[ Upstream commit 20f330452ad8814f2289a589baf65e21270879a7 ]
The check is valid but it does not warrant to crash the kernel. A
WARN_ON() is good enough here.
Found by checkpatch.
Signed-off-by: Stefan Schmidt
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
drivers/net/ieee802154/at86rf230.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/ieee802154/at86rf230.c
+++ b/drivers/net/ieee802154/at86rf230.c
@@ -932,7 +932,7 @@ at86rf230_xmit(struct ieee802154_hw *hw,
static int
at86rf230_ed(struct ieee802154_hw *hw, u8 *level)
{
- BUG_ON(!level);
+ WARN_ON(!level);
*level = 0xbe;
return 0;
}
[PATCH 4.4 51/79] bnxt_en: Fix for system hang if request_irq fails
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Vikas Gupta
[ Upstream commit c58387ab1614f6d7fb9e244f214b61e7631421fc ]
Fix bug in the error code path when bnxt_request_irq() returns failure.
bnxt_disable_napi() should not be called in this error path because
NAPI has not been enabled yet.
Fixes: c0c050c58d84 ("bnxt_en: New Broadcom ethernet driver.")
Signed-off-by: Vikas Gupta
Signed-off-by: Michael Chan
Signed-off-by: David S. Miller
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c |4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -4591,7 +4591,7 @@ static int __bnxt_open_nic(struct bnxt *
rc = bnxt_request_irq(bp);
if (rc) {
netdev_err(bp->dev, "bnxt_request_irq err: %x\n", rc);
- goto open_err;
+ goto open_err_irq;
}
}
@@ -4629,6 +4629,8 @@ static int __bnxt_open_nic(struct bnxt *
open_err:
bnxt_disable_napi(bp);
+
+open_err_irq:
bnxt_del_napi(bp);
open_err_free_mem:
[PATCH 4.4 48/79] ieee802154: at86rf230: use __func__ macro for debug messages
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Stefan Schmidt
[ Upstream commit 8a81388ec27c4c0adbdecd20e67bb5f411ab46b2 ]
Instead of having the function name hard-coded (it might change and we
forgot to update them in the debug output) we can use __func__ instead
and also shorter the line so we do not need to break it. Also fix an
extra blank line while being here.
Found by checkpatch.
Signed-off-by: Stefan Schmidt
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
drivers/net/ieee802154/at86rf230.c | 13 -
1 file changed, 4 insertions(+), 9 deletions(-)
--- a/drivers/net/ieee802154/at86rf230.c
+++ b/drivers/net/ieee802154/at86rf230.c
@@ -1108,8 +1108,7 @@ at86rf230_set_hw_addr_filt(struct ieee80
if (changed & IEEE802154_AFILT_SADDR_CHANGED) {
u16 addr = le16_to_cpu(filt->short_addr);
- dev_vdbg(&lp->spi->dev,
-"at86rf230_set_hw_addr_filt called for saddr\n");
+ dev_vdbg(&lp->spi->dev, "%s called for saddr\n", __func__);
__at86rf230_write(lp, RG_SHORT_ADDR_0, addr);
__at86rf230_write(lp, RG_SHORT_ADDR_1, addr >> 8);
}
@@ -1117,8 +1116,7 @@ at86rf230_set_hw_addr_filt(struct ieee80
if (changed & IEEE802154_AFILT_PANID_CHANGED) {
u16 pan = le16_to_cpu(filt->pan_id);
- dev_vdbg(&lp->spi->dev,
-"at86rf230_set_hw_addr_filt called for pan id\n");
+ dev_vdbg(&lp->spi->dev, "%s called for pan id\n", __func__);
__at86rf230_write(lp, RG_PAN_ID_0, pan);
__at86rf230_write(lp, RG_PAN_ID_1, pan >> 8);
}
@@ -1127,15 +1125,13 @@ at86rf230_set_hw_addr_filt(struct ieee80
u8 i, addr[8];
memcpy(addr, &filt->ieee_addr, 8);
- dev_vdbg(&lp->spi->dev,
-"at86rf230_set_hw_addr_filt called for IEEE addr\n");
+ dev_vdbg(&lp->spi->dev, "%s called for IEEE addr\n", __func__);
for (i = 0; i < 8; i++)
__at86rf230_write(lp, RG_IEEE_ADDR_0 + i, addr[i]);
}
if (changed & IEEE802154_AFILT_PANC_CHANGED) {
- dev_vdbg(&lp->spi->dev,
-"at86rf230_set_hw_addr_filt called for panc change\n");
+ dev_vdbg(&lp->spi->dev, "%s called for panc change\n",
__func__);
if (filt->pan_coord)
at86rf230_write_subreg(lp, SR_AACK_I_AM_COORD, 1);
else
@@ -1239,7 +1235,6 @@ at86rf230_set_cca_mode(struct ieee802154
return at86rf230_write_subreg(lp, SR_CCA_MODE, val);
}
-
static int
at86rf230_set_cca_ed_level(struct ieee802154_hw *hw, s32 mbm)
{
[PATCH 4.4 52/79] perf llvm-utils: Remove bashism from kernel include fetch script
4.4-stable review patch. If anyone has any objections, please let me know. -- From: Kim Phillips [ Upstream commit f6432b9f65001651412dbc3589d251534822d4ab ] Like system(), popen() calls /bin/sh, which may/may not be bash. Script when run on dash and encounters the line, yields: exit: Illegal number: -1 checkbashisms report on script content: possible bashism (exit|return with negative status code): exit -1 Remove the bashism and use the more portable non-zero failure status code 1. Signed-off-by: Kim Phillips Cc: Alexander Shishkin Cc: Hendrik Brueckner Cc: Jiri Olsa Cc: Michael Petlan Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Sandipan Das Cc: Thomas Richter Link: http://lkml.kernel.org/r/20180629124652.8d0af7e2281fd3fd8262c...@arm.com Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- tools/perf/util/llvm-utils.c |6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- a/tools/perf/util/llvm-utils.c +++ b/tools/perf/util/llvm-utils.c @@ -254,16 +254,16 @@ static const char *kinc_fetch_script = "#!/usr/bin/env sh\n" "if ! test -d \"$KBUILD_DIR\"\n" "then\n" -" exit -1\n" +" exit 1\n" "fi\n" "if ! test -f \"$KBUILD_DIR/include/generated/autoconf.h\"\n" "then\n" -" exit -1\n" +" exit 1\n" "fi\n" "TMPDIR=`mktemp -d`\n" "if test -z \"$TMPDIR\"\n" "then\n" -"exit -1\n" +"exit 1\n" "fi\n" "cat << EOF > $TMPDIR/Makefile\n" "obj-y := dummy.o\n"
[PATCH 4.4 33/79] md/raid10: fix that replacement cannot complete recovery after reassemble
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: BingJing Chang
[ Upstream commit bda3153998f3eb2cafa4a6311971143628eacdbc ]
During assemble, the spare marked for replacement is not checked.
conf->fullsync cannot be updated to be 1. As a result, recovery will
treat it as a clean array. All recovering sectors are skipped. Original
device is replaced with the not-recovered spare.
mdadm -C /dev/md0 -l10 -n4 -pn2 /dev/loop[0123]
mdadm /dev/md0 -a /dev/loop4
mdadm /dev/md0 --replace /dev/loop0
mdadm -S /dev/md0 # stop array during recovery
mdadm -A /dev/md0 /dev/loop[01234]
After reassemble, you can see recovery go on, but it completes
immediately. In fact, recovery is not actually processed.
To solve this problem, we just add the missing logics for replacment
spares. (In raid1.c or raid5.c, they have already been checked.)
Reported-by: Alex Chen
Reviewed-by: Alex Wu
Reviewed-by: Chung-Chiang Cheng
Signed-off-by: BingJing Chang
Signed-off-by: Shaohua Li
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
drivers/md/raid10.c |7 +++
1 file changed, 7 insertions(+)
--- a/drivers/md/raid10.c
+++ b/drivers/md/raid10.c
@@ -3691,6 +3691,13 @@ static int run(struct mddev *mddev)
disk->rdev->saved_raid_disk < 0)
conf->fullsync = 1;
}
+
+ if (disk->replacement &&
+ !test_bit(In_sync, &disk->replacement->flags) &&
+ disk->replacement->saved_raid_disk < 0) {
+ conf->fullsync = 1;
+ }
+
disk->recovery_disabled = mddev->recovery_disabled - 1;
}
[PATCH 4.4 49/79] ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Stefan Schmidt
[ Upstream commit 8f2fbc6c60ff213369e06a73610fc882a42fdf20 ]
The check is valid but it does not warrant to crash the kernel. A
WARN_ON() is good enough here.
Found by checkpatch.
Signed-off-by: Stefan Schmidt
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
drivers/net/ieee802154/fakelb.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/ieee802154/fakelb.c
+++ b/drivers/net/ieee802154/fakelb.c
@@ -49,7 +49,7 @@ struct fakelb_phy {
static int fakelb_hw_ed(struct ieee802154_hw *hw, u8 *level)
{
- BUG_ON(!level);
+ WARN_ON(!level);
*level = 0xbe;
return 0;
[PATCH 4.4 53/79] ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: "Steven Rostedt (VMware)"
[ Upstream commit b4c7e2bd2eb4764afe3af9409ff3b1b87116fa30 ]
Dynamic ftrace requires modifying the code segments that are usually
set to read-only. To do this, a per arch function is called both before
and after the ftrace modifications are performed. The "before" function
will set kernel code text to read-write to allow for ftrace to make the
modifications, and the "after" function will set the kernel code text
back to "read-only" to keep the kernel code text protected.
The issue happens when dynamic ftrace is tested at boot up. The test is
done before the kernel code text has been set to read-only. But the
"before" and "after" calls are still performed. The "after" call will
change the kernel code text to read-only prematurely, and other boot
code that expects this code to be read-write will fail.
The solution is to add a variable that is set when the kernel code text
is expected to be converted to read-only, and make the ftrace "before"
and "after" calls do nothing if that variable is not yet set. This is
similar to the x86 solution from commit 162396309745 ("ftrace, x86:
make kernel text writable only for conversions").
Link: http://lkml.kernel.org/r/20180620212906.24b7b...@vmware.local.home
Reported-by: Stefan Agner
Tested-by: Stefan Agner
Signed-off-by: Steven Rostedt (VMware)
Signed-off-by: Russell King
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
arch/arm/mm/init.c |9 +
1 file changed, 9 insertions(+)
--- a/arch/arm/mm/init.c
+++ b/arch/arm/mm/init.c
@@ -716,19 +716,28 @@ int __mark_rodata_ro(void *unused)
return 0;
}
+static int kernel_set_to_readonly __read_mostly;
+
void mark_rodata_ro(void)
{
+ kernel_set_to_readonly = 1;
stop_machine(__mark_rodata_ro, NULL, NULL);
}
void set_kernel_text_rw(void)
{
+ if (!kernel_set_to_readonly)
+ return;
+
set_section_perms(ro_perms, ARRAY_SIZE(ro_perms), false,
current->active_mm);
}
void set_kernel_text_ro(void)
{
+ if (!kernel_set_to_readonly)
+ return;
+
set_section_perms(ro_perms, ARRAY_SIZE(ro_perms), true,
current->active_mm);
}
[PATCH 4.4 50/79] drm/armada: fix colorkey mode property
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Russell King
[ Upstream commit d378859a667edc99e3473704847698cae97ca2b1 ]
The colorkey mode property was not correctly disabling the colorkeying
when "disabled" mode was selected. Arrange for this to work as one
would expect.
Signed-off-by: Russell King
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
drivers/gpu/drm/armada/armada_hw.h |1 +
drivers/gpu/drm/armada/armada_overlay.c | 30 ++
2 files changed, 23 insertions(+), 8 deletions(-)
--- a/drivers/gpu/drm/armada/armada_hw.h
+++ b/drivers/gpu/drm/armada/armada_hw.h
@@ -160,6 +160,7 @@ enum {
CFG_ALPHAM_GRA = 0x1 << 16,
CFG_ALPHAM_CFG = 0x2 << 16,
CFG_ALPHA_MASK = 0xff << 8,
+#define CFG_ALPHA(x) ((x) << 8)
CFG_PIXCMD_MASK = 0xff,
};
--- a/drivers/gpu/drm/armada/armada_overlay.c
+++ b/drivers/gpu/drm/armada/armada_overlay.c
@@ -27,6 +27,7 @@ struct armada_ovl_plane_properties {
uint16_t contrast;
uint16_t saturation;
uint32_t colorkey_mode;
+ uint32_t colorkey_enable;
};
struct armada_ovl_plane {
@@ -62,11 +63,13 @@ armada_ovl_update_attr(struct armada_ovl
writel_relaxed(0x2000, dcrtc->base + LCD_SPU_CBSH_HUE);
spin_lock_irq(&dcrtc->irq_lock);
- armada_updatel(prop->colorkey_mode | CFG_ALPHAM_GRA,
-CFG_CKMODE_MASK | CFG_ALPHAM_MASK | CFG_ALPHA_MASK,
-dcrtc->base + LCD_SPU_DMA_CTRL1);
-
- armada_updatel(ADV_GRACOLORKEY, 0, dcrtc->base + LCD_SPU_ADV_REG);
+ armada_updatel(prop->colorkey_mode,
+ CFG_CKMODE_MASK | CFG_ALPHAM_MASK | CFG_ALPHA_MASK,
+ dcrtc->base + LCD_SPU_DMA_CTRL1);
+ if (dcrtc->variant->has_spu_adv_reg)
+ armada_updatel(prop->colorkey_enable,
+ ADV_GRACOLORKEY | ADV_VIDCOLORKEY,
+ dcrtc->base + LCD_SPU_ADV_REG);
spin_unlock_irq(&dcrtc->irq_lock);
}
@@ -339,8 +342,17 @@ static int armada_ovl_plane_set_property
dplane->prop.colorkey_vb |= K2B(val);
update_attr = true;
} else if (property == priv->colorkey_mode_prop) {
- dplane->prop.colorkey_mode &= ~CFG_CKMODE_MASK;
- dplane->prop.colorkey_mode |= CFG_CKMODE(val);
+ if (val == CKMODE_DISABLE) {
+ dplane->prop.colorkey_mode =
+ CFG_CKMODE(CKMODE_DISABLE) |
+ CFG_ALPHAM_CFG | CFG_ALPHA(255);
+ dplane->prop.colorkey_enable = 0;
+ } else {
+ dplane->prop.colorkey_mode =
+ CFG_CKMODE(val) |
+ CFG_ALPHAM_GRA | CFG_ALPHA(0);
+ dplane->prop.colorkey_enable = ADV_GRACOLORKEY;
+ }
update_attr = true;
} else if (property == priv->brightness_prop) {
dplane->prop.brightness = val - 256;
@@ -469,7 +481,9 @@ int armada_overlay_plane_create(struct d
dplane->prop.colorkey_yr = 0xfefefe00;
dplane->prop.colorkey_ug = 0x01010100;
dplane->prop.colorkey_vb = 0x01010100;
- dplane->prop.colorkey_mode = CFG_CKMODE(CKMODE_RGB);
+ dplane->prop.colorkey_mode = CFG_CKMODE(CKMODE_RGB) |
+CFG_ALPHAM_GRA | CFG_ALPHA(0);
+ dplane->prop.colorkey_enable = ADV_GRACOLORKEY;
dplane->prop.brightness = 0;
dplane->prop.contrast = 0x4000;
dplane->prop.saturation = 0x4000;
[PATCH 4.4 35/79] drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes
4.4-stable review patch. If anyone has any objections, please let me know. -- From: Marek Szyprowski [ Upstream commit ab337fc274a1957ff0771f19e826c736253f7c39 ] Set per-plane global alpha to maximum value to get proper blending of XRGB and ARGB planes. This fixes the strange order of overlapping planes. Signed-off-by: Marek Szyprowski Signed-off-by: Inki Dae Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- drivers/gpu/drm/exynos/exynos5433_drm_decon.c |4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/drivers/gpu/drm/exynos/exynos5433_drm_decon.c +++ b/drivers/gpu/drm/exynos/exynos5433_drm_decon.c @@ -278,8 +278,8 @@ static void decon_update_plane(struct ex COORDINATE_Y(plane->crtc_y + plane->crtc_h - 1); writel(val, ctx->addr + DECON_VIDOSDxB(win)); - val = VIDOSD_Wx_ALPHA_R_F(0x0) | VIDOSD_Wx_ALPHA_G_F(0x0) | - VIDOSD_Wx_ALPHA_B_F(0x0); + val = VIDOSD_Wx_ALPHA_R_F(0xff) | VIDOSD_Wx_ALPHA_G_F(0xff) | + VIDOSD_Wx_ALPHA_B_F(0xff); writel(val, ctx->addr + DECON_VIDOSDxC(win)); val = VIDOSD_Wx_ALPHA_R_F(0x0) | VIDOSD_Wx_ALPHA_G_F(0x0) |
[PATCH 4.4 55/79] ixgbe: Be more careful when modifying MAC filters
4.4-stable review patch. If anyone has any objections, please let me know. -- From: Alexander Duyck [ Upstream commit d14c780c11fbc10f66c43e7b64eefe87ca442bd3 ] This change makes it so that we are much more explicit about the ordering of updates to the receive address register (RAR) table. Prior to this patch I believe we may have been updating the table while entries were still active, or possibly allowing for reordering of things since we weren't explicitly flushing writes to either the lower or upper portion of the register prior to accessing the other half. Signed-off-by: Alexander Duyck Reviewed-by: Shannon Nelson Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 12 +++- 1 file changed, 11 insertions(+), 1 deletion(-) --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_common.c +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_common.c @@ -1814,7 +1814,12 @@ s32 ixgbe_set_rar_generic(struct ixgbe_h if (enable_addr != 0) rar_high |= IXGBE_RAH_AV; + /* Record lower 32 bits of MAC address and then make +* sure that write is flushed to hardware before writing +* the upper 16 bits and setting the valid bit. +*/ IXGBE_WRITE_REG(hw, IXGBE_RAL(index), rar_low); + IXGBE_WRITE_FLUSH(hw); IXGBE_WRITE_REG(hw, IXGBE_RAH(index), rar_high); return 0; @@ -1846,8 +1851,13 @@ s32 ixgbe_clear_rar_generic(struct ixgbe rar_high = IXGBE_READ_REG(hw, IXGBE_RAH(index)); rar_high &= ~(0x | IXGBE_RAH_AV); - IXGBE_WRITE_REG(hw, IXGBE_RAL(index), 0); + /* Clear the address valid bit and upper 16 bits of the address +* before clearing the lower bits. This way we aren't updating +* a live filter. +*/ IXGBE_WRITE_REG(hw, IXGBE_RAH(index), rar_high); + IXGBE_WRITE_FLUSH(hw); + IXGBE_WRITE_REG(hw, IXGBE_RAL(index), 0); /* clear VMDq pool/queue selection for this RAR */ hw->mac.ops.clear_vmdq(hw, index, IXGBE_CLEAR_VMDQ_ALL);
[PATCH 4.4 56/79] packet: reset network header if packet shorter than ll reserved space
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Willem de Bruijn
[ Upstream commit 993675a3100b16a4c80dfd70cbcde8ea7127b31d ]
If variable length link layer headers result in a packet shorter
than dev->hard_header_len, reset the network header offset. Else
skb->mac_len may exceed skb->len after skb_mac_reset_len.
packet_sendmsg_spkt already has similar logic.
Fixes: b84bbaf7a6c8 ("packet: in packet_snd start writing at link layer
allocation")
Signed-off-by: Willem de Bruijn
Signed-off-by: David S. Miller
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
net/packet/af_packet.c |2 ++
1 file changed, 2 insertions(+)
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -2780,6 +2780,8 @@ static int packet_snd(struct socket *soc
goto out_free;
} else if (reserve) {
skb_reserve(skb, -reserve);
+ if (len < reserve)
+ skb_reset_network_header(skb);
}
/* Returns -EFAULT on error */
[PATCH 4.4 57/79] qlogic: check kstrtoul() for errors
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Dan Carpenter
[ Upstream commit 5fc853cc01c68f84984ecc2d5fd777ecad78240f ]
We accidentally left out the error handling for kstrtoul().
Fixes: a520030e326a ("qlcnic: Implement flash sysfs callback for 83xx adapter")
Signed-off-by: Dan Carpenter
Signed-off-by: David S. Miller
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
drivers/net/ethernet/qlogic/qlcnic/qlcnic_sysfs.c |2 ++
1 file changed, 2 insertions(+)
--- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_sysfs.c
+++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_sysfs.c
@@ -1128,6 +1128,8 @@ static ssize_t qlcnic_83xx_sysfs_flash_w
struct qlcnic_adapter *adapter = dev_get_drvdata(dev);
ret = kstrtoul(buf, 16, &data);
+ if (ret)
+ return ret;
switch (data) {
case QLC_83XX_FLASH_SECTOR_ERASE_CMD:
[PATCH 4.4 54/79] ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Adam Ford
[ Upstream commit 923847413f7316b5ced3491769b3fefa6c56a79a ]
The AM3517 has a different OTG controller location than the OMAP3,
which is included from omap3.dtsi. This results in a hwmod error.
Since the AM3517 has a different OTG controller address, this patch
disabes one that is isn't available.
Signed-off-by: Adam Ford
Signed-off-by: Tony Lindgren
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
arch/arm/boot/dts/am3517.dtsi |5 +
1 file changed, 5 insertions(+)
--- a/arch/arm/boot/dts/am3517.dtsi
+++ b/arch/arm/boot/dts/am3517.dtsi
@@ -74,6 +74,11 @@
};
};
+/* Table Table 5-79 of the TRM shows 480ab000 is reserved */
+&usb_otg_hs {
+ status = "disabled";
+};
+
&iva {
status = "disabled";
};
[PATCH 4.4 34/79] drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes
4.4-stable review patch. If anyone has any objections, please let me know. -- From: Marek Szyprowski [ Upstream commit dd209ef809080ced903e7747ee3ef640c923a1d2 ] Fix following issues related to planar YUV pixel format configuration: - NV16/61 modes were incorrectly programmed as NV12/21, - YVU420 was programmed as YUV420 on source, - YVU420 and YUV422 were programmed as YUV420 on output. Signed-off-by: Marek Szyprowski Signed-off-by: Inki Dae Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- drivers/gpu/drm/exynos/exynos_drm_gsc.c | 29 - drivers/gpu/drm/exynos/regs-gsc.h |1 + 2 files changed, 21 insertions(+), 9 deletions(-) --- a/drivers/gpu/drm/exynos/exynos_drm_gsc.c +++ b/drivers/gpu/drm/exynos/exynos_drm_gsc.c @@ -526,21 +526,25 @@ static int gsc_src_set_fmt(struct device GSC_IN_CHROMA_ORDER_CRCB); break; case DRM_FORMAT_NV21: + cfg |= (GSC_IN_CHROMA_ORDER_CRCB | GSC_IN_YUV420_2P); + break; case DRM_FORMAT_NV61: - cfg |= (GSC_IN_CHROMA_ORDER_CRCB | - GSC_IN_YUV420_2P); + cfg |= (GSC_IN_CHROMA_ORDER_CRCB | GSC_IN_YUV422_2P); break; case DRM_FORMAT_YUV422: cfg |= GSC_IN_YUV422_3P; break; case DRM_FORMAT_YUV420: + cfg |= (GSC_IN_CHROMA_ORDER_CBCR | GSC_IN_YUV420_3P); + break; case DRM_FORMAT_YVU420: - cfg |= GSC_IN_YUV420_3P; + cfg |= (GSC_IN_CHROMA_ORDER_CRCB | GSC_IN_YUV420_3P); break; case DRM_FORMAT_NV12: + cfg |= (GSC_IN_CHROMA_ORDER_CBCR | GSC_IN_YUV420_2P); + break; case DRM_FORMAT_NV16: - cfg |= (GSC_IN_CHROMA_ORDER_CBCR | - GSC_IN_YUV420_2P); + cfg |= (GSC_IN_CHROMA_ORDER_CBCR | GSC_IN_YUV422_2P); break; default: dev_err(ippdrv->dev, "invalid target yuv order 0x%x.\n", fmt); @@ -800,18 +804,25 @@ static int gsc_dst_set_fmt(struct device GSC_OUT_CHROMA_ORDER_CRCB); break; case DRM_FORMAT_NV21: - case DRM_FORMAT_NV61: cfg |= (GSC_OUT_CHROMA_ORDER_CRCB | GSC_OUT_YUV420_2P); break; + case DRM_FORMAT_NV61: + cfg |= (GSC_OUT_CHROMA_ORDER_CRCB | GSC_OUT_YUV422_2P); + break; case DRM_FORMAT_YUV422: + cfg |= GSC_OUT_YUV422_3P; + break; case DRM_FORMAT_YUV420: + cfg |= (GSC_OUT_CHROMA_ORDER_CBCR | GSC_OUT_YUV420_3P); + break; case DRM_FORMAT_YVU420: - cfg |= GSC_OUT_YUV420_3P; + cfg |= (GSC_OUT_CHROMA_ORDER_CRCB | GSC_OUT_YUV420_3P); break; case DRM_FORMAT_NV12: + cfg |= (GSC_OUT_CHROMA_ORDER_CBCR | GSC_OUT_YUV420_2P); + break; case DRM_FORMAT_NV16: - cfg |= (GSC_OUT_CHROMA_ORDER_CBCR | - GSC_OUT_YUV420_2P); + cfg |= (GSC_OUT_CHROMA_ORDER_CBCR | GSC_OUT_YUV422_2P); break; default: dev_err(ippdrv->dev, "invalid target yuv order 0x%x.\n", fmt); --- a/drivers/gpu/drm/exynos/regs-gsc.h +++ b/drivers/gpu/drm/exynos/regs-gsc.h @@ -138,6 +138,7 @@ #define GSC_OUT_YUV420_3P (3 << 4) #define GSC_OUT_YUV422_1P (4 << 4) #define GSC_OUT_YUV422_2P (5 << 4) +#define GSC_OUT_YUV422_3P (6 << 4) #define GSC_OUT_YUV444 (7 << 4) #define GSC_OUT_TILE_TYPE_MASK (1 << 2) #define GSC_OUT_TILE_C_16x8(0 << 2)
[PATCH 4.4 36/79] drm/exynos: decon5433: Fix WINCONx reset value
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Marek Szyprowski
[ Upstream commit 7b7aa62c05eac9789c208b946f515983a9255d8d ]
The only bits that should be preserved in decon_win_set_fmt() is
WINCONx_ENWIN_F. All other bits depends on the selected pixel formats and
are set by the mentioned function.
Signed-off-by: Marek Szyprowski
Signed-off-by: Inki Dae
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
drivers/gpu/drm/exynos/exynos5433_drm_decon.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/gpu/drm/exynos/exynos5433_drm_decon.c
+++ b/drivers/gpu/drm/exynos/exynos5433_drm_decon.c
@@ -190,7 +190,7 @@ static void decon_win_set_pixfmt(struct
unsigned long val;
val = readl(ctx->addr + DECON_WINCONx(win));
- val &= ~WINCONx_BPPMODE_MASK;
+ val &= WINCONx_ENWIN_F;
switch (fb->pixel_format) {
case DRM_FORMAT_XRGB1555:
[PATCH 4.4 37/79] bnx2x: Fix receiving tx-timeout in error or recovery state.
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Sudarsana Reddy Kalluru
[ Upstream commit 484c016d9392786ce5c74017c206c706f29f823d ]
Driver performs the internal reload when it receives tx-timeout event from
the OS. Internal reload might fail in some scenarios e.g., fatal HW issues.
In such cases OS still see the link, which would result in undesirable
functionalities such as re-generation of tx-timeouts.
The patch addresses this issue by indicating the link-down to OS when
tx-timeout is detected, and keeping the link in down state till the
internal reload is successful.
Please consider applying it to 'net' branch.
Signed-off-by: Sudarsana Reddy Kalluru
Signed-off-by: Ariel Elior
Signed-off-by: David S. Miller
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
drivers/net/ethernet/broadcom/bnx2x/bnx2x.h |1 +
drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c |6 ++
drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c |6 ++
3 files changed, 13 insertions(+)
--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x.h
+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x.h
@@ -1634,6 +1634,7 @@ struct bnx2x {
struct link_varslink_vars;
u32 link_cnt;
struct bnx2x_link_report_data last_reported_link;
+ boolforce_link_down;
struct mdio_if_info mdio;
--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c
+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c
@@ -1277,6 +1277,11 @@ void __bnx2x_link_report(struct bnx2x *b
{
struct bnx2x_link_report_data cur_data;
+ if (bp->force_link_down) {
+ bp->link_vars.link_up = 0;
+ return;
+ }
+
/* reread mf_cfg */
if (IS_PF(bp) && !CHIP_IS_E1(bp))
bnx2x_read_mf_cfg(bp);
@@ -2840,6 +2845,7 @@ int bnx2x_nic_load(struct bnx2x *bp, int
bp->pending_max = 0;
}
+ bp->force_link_down = false;
if (bp->port.pmf) {
rc = bnx2x_initial_phy_init(bp, load_mode);
if (rc)
--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
@@ -10222,6 +10222,12 @@ static void bnx2x_sp_rtnl_task(struct wo
bp->sp_rtnl_state = 0;
smp_mb();
+ /* Immediately indicate link as down */
+ bp->link_vars.link_up = 0;
+ bp->force_link_down = true;
+ netif_carrier_off(bp->dev);
+ BNX2X_ERR("Indicating link is down due to Tx-timeout\n");
+
bnx2x_nic_unload(bp, UNLOAD_NORMAL, true);
bnx2x_nic_load(bp, LOAD_NORMAL);
[PATCH 4.4 59/79] drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply()
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Dan Carpenter
[ Upstream commit 7f073d011f93e92d4d225526b9ab6b8b0bbd6613 ]
The bo array has req->nr_buffers elements so the > should be >= so we
don't read beyond the end of the array.
Fixes: a1606a9596e5 ("drm/nouveau: new gem pushbuf interface, bump to 0.0.16")
Signed-off-by: Dan Carpenter
Signed-off-by: Ben Skeggs
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
drivers/gpu/drm/nouveau/nouveau_gem.c |4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/gpu/drm/nouveau/nouveau_gem.c
+++ b/drivers/gpu/drm/nouveau/nouveau_gem.c
@@ -602,7 +602,7 @@ nouveau_gem_pushbuf_reloc_apply(struct n
struct nouveau_bo *nvbo;
uint32_t data;
- if (unlikely(r->bo_index > req->nr_buffers)) {
+ if (unlikely(r->bo_index >= req->nr_buffers)) {
NV_PRINTK(err, cli, "reloc bo index invalid\n");
ret = -EINVAL;
break;
@@ -612,7 +612,7 @@ nouveau_gem_pushbuf_reloc_apply(struct n
if (b->presumed.valid)
continue;
- if (unlikely(r->reloc_bo_index > req->nr_buffers)) {
+ if (unlikely(r->reloc_bo_index >= req->nr_buffers)) {
NV_PRINTK(err, cli, "reloc container bo index
invalid\n");
ret = -EINVAL;
break;
[PATCH 4.4 71/79] netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Florian Westphal
commit 6613b6173dee098997229caf1f3b961c49da75e6 upstream.
When first DCCP packet is SYNC or SYNCACK, we insert a new conntrack
that has an un-initialized timeout value, i.e. such entry could be
reaped at any time.
Mark them as INVALID and only ignore SYNC/SYNCACK when connection had
an old state.
Reported-by: syzbot+6f18401420df260e3...@syzkaller.appspotmail.com
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
Signed-off-by: Greg Kroah-Hartman
---
net/netfilter/nf_conntrack_proto_dccp.c |8
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/net/netfilter/nf_conntrack_proto_dccp.c
+++ b/net/netfilter/nf_conntrack_proto_dccp.c
@@ -244,14 +244,14 @@ dccp_state_table[CT_DCCP_ROLE_MAX + 1][D
* We currently ignore Sync packets
*
* sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
- sIG, sIG, sIG, sIG, sIG, sIG, sIG, sIG,
+ sIV, sIG, sIG, sIG, sIG, sIG, sIG, sIG,
},
[DCCP_PKT_SYNCACK] = {
/*
* We currently ignore SyncAck packets
*
* sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
- sIG, sIG, sIG, sIG, sIG, sIG, sIG, sIG,
+ sIV, sIG, sIG, sIG, sIG, sIG, sIG, sIG,
},
},
[CT_DCCP_ROLE_SERVER] = {
@@ -372,14 +372,14 @@ dccp_state_table[CT_DCCP_ROLE_MAX + 1][D
* We currently ignore Sync packets
*
* sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
- sIG, sIG, sIG, sIG, sIG, sIG, sIG, sIG,
+ sIV, sIG, sIG, sIG, sIG, sIG, sIG, sIG,
},
[DCCP_PKT_SYNCACK] = {
/*
* We currently ignore SyncAck packets
*
* sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
- sIG, sIG, sIG, sIG, sIG, sIG, sIG, sIG,
+ sIV, sIG, sIG, sIG, sIG, sIG, sIG, sIG,
},
},
};
[PATCH 4.4 31/79] ARM: dts: da850: Fix interrups property for gpio
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Keerthy
[ Upstream commit 3eb1b955cd7ed1e621ace856710006c2a8a7f231 ]
The intc #interrupt-cells is equal to 1. Currently gpio
node has 2 cells per IRQ which is wrong. Remove the additional
cell for each of the interrupts.
Signed-off-by: Keerthy
Fixes: 2e38b946dc54 ("ARM: davinci: da850: add GPIO DT node")
Signed-off-by: Sekhar Nori
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
arch/arm/boot/dts/da850.dtsi |6 +-
1 file changed, 1 insertion(+), 5 deletions(-)
--- a/arch/arm/boot/dts/da850.dtsi
+++ b/arch/arm/boot/dts/da850.dtsi
@@ -267,11 +267,7 @@
compatible = "ti,dm6441-gpio";
gpio-controller;
reg = <0x226000 0x1000>;
- interrupts = <42 IRQ_TYPE_EDGE_BOTH
- 43 IRQ_TYPE_EDGE_BOTH 44 IRQ_TYPE_EDGE_BOTH
- 45 IRQ_TYPE_EDGE_BOTH 46 IRQ_TYPE_EDGE_BOTH
- 47 IRQ_TYPE_EDGE_BOTH 48 IRQ_TYPE_EDGE_BOTH
- 49 IRQ_TYPE_EDGE_BOTH 50 IRQ_TYPE_EDGE_BOTH>;
+ interrupts = <42 43 44 45 46 47 48 49 50>;
ti,ngpio = <144>;
ti,davinci-gpio-unbanked = <0>;
status = "disabled";
[PATCH 4.4 72/79] packet: refine ring v3 block size test to hold one frame
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Willem de Bruijn
commit 4576cd469d980317c4edd9173f8b694aa71ea3a3 upstream.
TPACKET_V3 stores variable length frames in fixed length blocks.
Blocks must be able to store a block header, optional private space
and at least one minimum sized frame.
Frames, even for a zero snaplen packet, store metadata headers and
optional reserved space.
In the block size bounds check, ensure that the frame of the
chosen configuration fits. This includes sockaddr_ll and optional
tp_reserve.
Syzbot was able to construct a ring with insuffient room for the
sockaddr_ll in the header of a zero-length frame, triggering an
out-of-bounds write in dev_parse_header.
Convert the comparison to less than, as zero is a valid snap len.
This matches the test for minimum tp_frame_size immediately below.
Fixes: f6fb8f100b80 ("af-packet: TPACKET_V3 flexible buffer implementation.")
Fixes: eb73190f4fbe ("net/packet: refine check for priv area size")
Reported-by: syzbot
Signed-off-by: Willem de Bruijn
Signed-off-by: David S. Miller
Signed-off-by: Greg Kroah-Hartman
---
net/packet/af_packet.c | 10 ++
1 file changed, 6 insertions(+), 4 deletions(-)
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -4176,6 +4176,8 @@ static int packet_set_ring(struct sock *
}
if (req->tp_block_nr) {
+ unsigned int min_frame_size;
+
/* Sanity tests and some calculations */
err = -EBUSY;
if (unlikely(rb->pg_vec))
@@ -4198,12 +4200,12 @@ static int packet_set_ring(struct sock *
goto out;
if (unlikely(!PAGE_ALIGNED(req->tp_block_size)))
goto out;
+ min_frame_size = po->tp_hdrlen + po->tp_reserve;
if (po->tp_version >= TPACKET_V3 &&
- req->tp_block_size <=
- BLK_PLUS_PRIV((u64)req_u->req3.tp_sizeof_priv) +
sizeof(struct tpacket3_hdr))
+ req->tp_block_size <
+ BLK_PLUS_PRIV((u64)req_u->req3.tp_sizeof_priv) +
min_frame_size)
goto out;
- if (unlikely(req->tp_frame_size < po->tp_hdrlen +
- po->tp_reserve))
+ if (unlikely(req->tp_frame_size < min_frame_size))
goto out;
if (unlikely(req->tp_frame_size & (TPACKET_ALIGNMENT - 1)))
goto out;
[PATCH 4.4 68/79] ext4: fix spectre gadget in ext4_mb_regular_allocator()
4.4-stable review patch. If anyone has any objections, please let me know. -- From: Jeremy Cline commit 1a5d5e5d51e75a5bca67dadbcea8c841934b7b85 upstream. 'ac->ac_g_ex.fe_len' is a user-controlled value which is used in the derivation of 'ac->ac_2order'. 'ac->ac_2order', in turn, is used to index arrays which makes it a potential spectre gadget. Fix this by sanitizing the value assigned to 'ac->ac2_order'. This covers the following accesses found with the help of smatch: * fs/ext4/mballoc.c:1896 ext4_mb_simple_scan_group() warn: potential spectre issue 'grp->bb_counters' [w] (local cap) * fs/ext4/mballoc.c:445 mb_find_buddy() warn: potential spectre issue 'EXT4_SB(e4b->bd_sb)->s_mb_offsets' [r] (local cap) * fs/ext4/mballoc.c:446 mb_find_buddy() warn: potential spectre issue 'EXT4_SB(e4b->bd_sb)->s_mb_maxs' [r] (local cap) Suggested-by: Josh Poimboeuf Signed-off-by: Jeremy Cline Signed-off-by: Theodore Ts'o Cc: sta...@vger.kernel.org Signed-off-by: Greg Kroah-Hartman --- fs/ext4/mballoc.c |4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -26,6 +26,7 @@ #include #include #include +#include #include #include @@ -2144,7 +2145,8 @@ ext4_mb_regular_allocator(struct ext4_al * This should tell if fe_len is exactly power of 2 */ if ((ac->ac_g_ex.fe_len & (~(1 << (i - 1 == 0) - ac->ac_2order = i - 1; + ac->ac_2order = array_index_nospec(i - 1, + sb->s_blocksize_bits + 2); } /* if stream allocation is enabled, use global goal */
[PATCH 4.4 75/79] PCI: hotplug: Dont leak pci_slot on registration failure
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Lukas Wunner
commit 4ce6435820d1f1cc2c2788e232735eb244bcc8a3 upstream.
If addition of sysfs files fails on registration of a hotplug slot, the
struct pci_slot as well as the entry in the slot_list is leaked. The
issue has been present since the hotplug core was introduced in 2002:
https://git.kernel.org/tglx/history/c/a8a2069f432c
Perhaps the idea was that even though sysfs addition fails, the slot
should still be usable. But that's not how drivers use the interface,
they abort probe if a non-zero value is returned.
Signed-off-by: Lukas Wunner
Signed-off-by: Bjorn Helgaas
Cc: sta...@vger.kernel.org # v2.4.15+
Cc: Greg Kroah-Hartman
Signed-off-by: Greg Kroah-Hartman
---
drivers/pci/hotplug/pci_hotplug_core.c |9 +
1 file changed, 9 insertions(+)
--- a/drivers/pci/hotplug/pci_hotplug_core.c
+++ b/drivers/pci/hotplug/pci_hotplug_core.c
@@ -457,8 +457,17 @@ int __pci_hp_register(struct hotplug_slo
list_add(&slot->slot_list, &pci_hotplug_slot_list);
result = fs_add_slot(pci_slot);
+ if (result)
+ goto err_list_del;
+
kobject_uevent(&pci_slot->kobj, KOBJ_ADD);
dbg("Added slot %s to the list\n", name);
+ goto out;
+
+err_list_del:
+ list_del(&slot->slot_list);
+ pci_slot->hotplug = NULL;
+ pci_destroy_slot(pci_slot);
out:
mutex_unlock(&pci_hp_mutex);
return result;
[PATCH 4.4 77/79] PCI: pciehp: Fix use-after-free on unplug
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Lukas Wunner
commit 281e878eab191cce4259abbbf1a0322e3adae02c upstream.
When pciehp is unbound (e.g. on unplug of a Thunderbolt device), the
hotplug_slot struct is deregistered and thus freed before freeing the
IRQ. The IRQ handler and the work items it schedules print the slot
name referenced from the freed structure in various informational and
debug log messages, each time resulting in a quadruple dereference of
freed pointers (hotplug_slot -> pci_slot -> kobject -> name).
At best the slot name is logged as "(null)", at worst kernel memory is
exposed in logs or the driver crashes:
pciehp :10:00.0:pcie204: Slot((null)): Card not present
An attacker may provoke the bug by unplugging multiple devices on a
Thunderbolt daisy chain at once. Unplugging can also be simulated by
powering down slots via sysfs. The bug is particularly easy to trigger
in poll mode.
It has been present since the driver's introduction in 2004:
https://git.kernel.org/tglx/history/c/c16b4b14d980
Fix by rearranging teardown such that the IRQ is freed first. Run the
work items queued by the IRQ handler to completion before freeing the
hotplug_slot struct by draining the work queue from the ->release_slot
callback which is invoked by pci_hp_deregister().
Signed-off-by: Lukas Wunner
Signed-off-by: Bjorn Helgaas
Cc: sta...@vger.kernel.org # v2.6.4
Signed-off-by: Greg Kroah-Hartman
---
drivers/pci/hotplug/pciehp.h |1 +
drivers/pci/hotplug/pciehp_core.c |7 +++
drivers/pci/hotplug/pciehp_hpc.c |5 ++---
3 files changed, 10 insertions(+), 3 deletions(-)
--- a/drivers/pci/hotplug/pciehp.h
+++ b/drivers/pci/hotplug/pciehp.h
@@ -132,6 +132,7 @@ int pciehp_unconfigure_device(struct slo
void pciehp_queue_pushbutton_work(struct work_struct *work);
struct controller *pcie_init(struct pcie_device *dev);
int pcie_init_notification(struct controller *ctrl);
+void pcie_shutdown_notification(struct controller *ctrl);
int pciehp_enable_slot(struct slot *p_slot);
int pciehp_disable_slot(struct slot *p_slot);
void pcie_reenable_notification(struct controller *ctrl);
--- a/drivers/pci/hotplug/pciehp_core.c
+++ b/drivers/pci/hotplug/pciehp_core.c
@@ -77,6 +77,12 @@ static int reset_slot(struct hotplug_s
*/
static void release_slot(struct hotplug_slot *hotplug_slot)
{
+ struct slot *slot = hotplug_slot->private;
+
+ /* queued work needs hotplug_slot name */
+ cancel_delayed_work(&slot->work);
+ drain_workqueue(slot->wq);
+
kfree(hotplug_slot->ops);
kfree(hotplug_slot->info);
kfree(hotplug_slot);
@@ -276,6 +282,7 @@ static void pciehp_remove(struct pcie_de
{
struct controller *ctrl = get_service_data(dev);
+ pcie_shutdown_notification(ctrl);
cleanup_slot(ctrl);
pciehp_release_ctrl(ctrl);
}
--- a/drivers/pci/hotplug/pciehp_hpc.c
+++ b/drivers/pci/hotplug/pciehp_hpc.c
@@ -741,7 +741,7 @@ int pcie_init_notification(struct contro
return 0;
}
-static void pcie_shutdown_notification(struct controller *ctrl)
+void pcie_shutdown_notification(struct controller *ctrl)
{
if (ctrl->notification_enabled) {
pcie_disable_notification(ctrl);
@@ -776,7 +776,7 @@ abort:
static void pcie_cleanup_slot(struct controller *ctrl)
{
struct slot *slot = ctrl->slot;
- cancel_delayed_work(&slot->work);
+
destroy_workqueue(slot->wq);
kfree(slot);
}
@@ -853,7 +853,6 @@ abort:
void pciehp_release_ctrl(struct controller *ctrl)
{
- pcie_shutdown_notification(ctrl);
pcie_cleanup_slot(ctrl);
kfree(ctrl);
}
[PATCH 4.4 40/79] ARM: imx_v6_v7_defconfig: Select ULPI support
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Fabio Estevam
[ Upstream commit 157bcc06094c3c5800d3f4676527047b79b618e7 ]
Select CONFIG_USB_CHIPIDEA_ULPI and CONFIG_USB_ULPI_BUS so that
USB ULPI can be functional on some boards like imx51-babbge.
This fixes a kernel hang in 4.18-rc1 on i.mx51-babbage, caused by commit
03e6275ae381 ("usb: chipidea: Fix ULPI on imx51").
Suggested-by: Andrey Smirnov
Signed-off-by: Fabio Estevam
Signed-off-by: Shawn Guo
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
arch/arm/configs/imx_v6_v7_defconfig |2 ++
1 file changed, 2 insertions(+)
--- a/arch/arm/configs/imx_v6_v7_defconfig
+++ b/arch/arm/configs/imx_v6_v7_defconfig
@@ -261,6 +261,7 @@ CONFIG_USB_STORAGE=y
CONFIG_USB_CHIPIDEA=y
CONFIG_USB_CHIPIDEA_UDC=y
CONFIG_USB_CHIPIDEA_HOST=y
+CONFIG_USB_CHIPIDEA_ULPI=y
CONFIG_USB_SERIAL=m
CONFIG_USB_SERIAL_GENERIC=y
CONFIG_USB_SERIAL_FTDI_SIO=m
@@ -287,6 +288,7 @@ CONFIG_USB_G_NCM=m
CONFIG_USB_GADGETFS=m
CONFIG_USB_MASS_STORAGE=m
CONFIG_USB_G_SERIAL=m
+CONFIG_USB_ULPI_BUS=y
CONFIG_MMC=y
CONFIG_MMC_SDHCI=y
CONFIG_MMC_SDHCI_PLTFM=y
[PATCH 4.4 39/79] HID: wacom: Correct touch maximum XY of 2nd-gen Intuos
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Jason Gerecke
[ Upstream commit 3b8d573586d1b9dee33edf6cb6f2ca05f4bca568 ]
The touch sensors on the 2nd-gen Intuos tablets don't use a 4096x4096
sensor like other similar tablets (3rd-gen Bamboo, Intuos5, etc.).
The incorrect maximum XY values don't normally affect userspace since
touch input from these devices is typically relative rather than
absolute. It does, however, cause problems when absolute distances
need to be measured, e.g. for gesture recognition. Since the resolution
of the touch sensor on these devices is 10 units / mm (versus 100 for
the pen sensor), the proper maximum values can be calculated by simply
dividing by 10.
Fixes: b5fd2a3e92 ("Input: wacom - add support for three new Intuos devices")
Signed-off-by: Jason Gerecke
Signed-off-by: Jiri Kosina
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
drivers/hid/wacom_wac.c | 10 --
1 file changed, 8 insertions(+), 2 deletions(-)
--- a/drivers/hid/wacom_wac.c
+++ b/drivers/hid/wacom_wac.c
@@ -2487,8 +2487,14 @@ void wacom_setup_device_quirks(struct wa
if (features->type >= INTUOSHT && features->type <=
BAMBOO_PT)
features->device_type |= WACOM_DEVICETYPE_PAD;
- features->x_max = 4096;
- features->y_max = 4096;
+ if (features->type == INTUOSHT2) {
+ features->x_max = features->x_max / 10;
+ features->y_max = features->y_max / 10;
+ }
+ else {
+ features->x_max = 4096;
+ features->y_max = 4096;
+ }
}
else if (features->pktlen == WACOM_PKGLEN_BBTOUCH) {
features->device_type |= WACOM_DEVICETYPE_PAD;
[PATCH 4.4 70/79] xfrm_user: prevent leaking 2 bytes of kernel memory
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Eric Dumazet
commit 45c180bc29babbedd6b8c01b975780ef44d9d09c upstream.
struct xfrm_userpolicy_type has two holes, so we should not
use C99 style initializer.
KMSAN report:
BUG: KMSAN: kernel-infoleak in copyout lib/iov_iter.c:140 [inline]
BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x1b14/0x2800 lib/iov_iter.c:571
CPU: 1 PID: 4520 Comm: syz-executor841 Not tainted 4.17.0+ #5
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x185/0x1d0 lib/dump_stack.c:113
kmsan_report+0x188/0x2a0 mm/kmsan/kmsan.c:1117
kmsan_internal_check_memory+0x138/0x1f0 mm/kmsan/kmsan.c:1211
kmsan_copy_to_user+0x7a/0x160 mm/kmsan/kmsan.c:1253
copyout lib/iov_iter.c:140 [inline]
_copy_to_iter+0x1b14/0x2800 lib/iov_iter.c:571
copy_to_iter include/linux/uio.h:106 [inline]
skb_copy_datagram_iter+0x422/0xfa0 net/core/datagram.c:431
skb_copy_datagram_msg include/linux/skbuff.h:3268 [inline]
netlink_recvmsg+0x6f1/0x1900 net/netlink/af_netlink.c:1959
sock_recvmsg_nosec net/socket.c:802 [inline]
sock_recvmsg+0x1d6/0x230 net/socket.c:809
___sys_recvmsg+0x3fe/0x810 net/socket.c:2279
__sys_recvmmsg+0x58e/0xe30 net/socket.c:2391
do_sys_recvmmsg+0x2a6/0x3e0 net/socket.c:2472
__do_sys_recvmmsg net/socket.c:2485 [inline]
__se_sys_recvmmsg net/socket.c:2481 [inline]
__x64_sys_recvmmsg+0x15d/0x1c0 net/socket.c:2481
do_syscall_64+0x15b/0x230 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x446ce9
RSP: 002b:7fc307918db8 EFLAGS: 0293 ORIG_RAX: 012b
RAX: ffda RBX: 006dbc24 RCX: 00446ce9
RDX: 000a RSI: 20005040 RDI: 0003
RBP: 006dbc20 R08: 20004e40 R09:
R10: 4000 R11: 0293 R12:
R13: 7ffc8d2df32f R14: 7fc3079199c0 R15: 0001
Uninit was stored to memory at:
kmsan_save_stack_with_flags mm/kmsan/kmsan.c:279 [inline]
kmsan_save_stack mm/kmsan/kmsan.c:294 [inline]
kmsan_internal_chain_origin+0x12b/0x210 mm/kmsan/kmsan.c:685
kmsan_memcpy_origins+0x11d/0x170 mm/kmsan/kmsan.c:527
__msan_memcpy+0x109/0x160 mm/kmsan/kmsan_instr.c:413
__nla_put lib/nlattr.c:569 [inline]
nla_put+0x276/0x340 lib/nlattr.c:627
copy_to_user_policy_type net/xfrm/xfrm_user.c:1678 [inline]
dump_one_policy+0xbe1/0x1090 net/xfrm/xfrm_user.c:1708
xfrm_policy_walk+0x45a/0xd00 net/xfrm/xfrm_policy.c:1013
xfrm_dump_policy+0x1c0/0x2a0 net/xfrm/xfrm_user.c:1749
netlink_dump+0x9b5/0x1550 net/netlink/af_netlink.c:2226
__netlink_dump_start+0x1131/0x1270 net/netlink/af_netlink.c:2323
netlink_dump_start include/linux/netlink.h:214 [inline]
xfrm_user_rcv_msg+0x8a3/0x9b0 net/xfrm/xfrm_user.c:2577
netlink_rcv_skb+0x37e/0x600 net/netlink/af_netlink.c:2448
xfrm_netlink_rcv+0xb2/0xf0 net/xfrm/xfrm_user.c:2598
netlink_unicast_kernel net/netlink/af_netlink.c:1310 [inline]
netlink_unicast+0x1680/0x1750 net/netlink/af_netlink.c:1336
netlink_sendmsg+0x104f/0x1350 net/netlink/af_netlink.c:1901
sock_sendmsg_nosec net/socket.c:629 [inline]
sock_sendmsg net/socket.c:639 [inline]
___sys_sendmsg+0xec8/0x1320 net/socket.c:2117
__sys_sendmsg net/socket.c:2155 [inline]
__do_sys_sendmsg net/socket.c:2164 [inline]
__se_sys_sendmsg net/socket.c:2162 [inline]
__x64_sys_sendmsg+0x331/0x460 net/socket.c:2162
do_syscall_64+0x15b/0x230 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Local variable description: upt.i@dump_one_policy
Variable was created at:
dump_one_policy+0x78/0x1090 net/xfrm/xfrm_user.c:1689
xfrm_policy_walk+0x45a/0xd00 net/xfrm/xfrm_policy.c:1013
Byte 130 of 137 is uninitialized
Memory access starts at 88019550407f
Fixes: c0144beaeca42 ("[XFRM] netlink: Use nla_put()/NLA_PUT() variantes")
Signed-off-by: Eric Dumazet
Reported-by: syzbot
Cc: Steffen Klassert
Cc: Herbert Xu
Signed-off-by: Steffen Klassert
Signed-off-by: Greg Kroah-Hartman
---
net/xfrm/xfrm_user.c |8 +---
1 file changed, 5 insertions(+), 3 deletions(-)
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -1624,9 +1624,11 @@ static inline size_t userpolicy_type_att
#ifdef CONFIG_XFRM_SUB_POLICY
static int copy_to_user_policy_type(u8 type, struct sk_buff *skb)
{
- struct xfrm_userpolicy_type upt = {
- .type = type,
- };
+ struct xfrm_userpolicy_type upt;
+
+ /* Sadly there are two holes in struct xfrm_userpolicy_type */
+ memset(&upt, 0, sizeof(upt));
+ upt.type = type;
return nla_put(skb, XFRMA_POLICY_TYPE, sizeof(upt), &upt);
}
[PATCH 4.9 010/130] ARM: dts: NSP: Fix i2c controller interrupt type
4.9-stable review patch. If anyone has any objections, please let me know.
--
From: Florian Fainelli
[ Upstream commit a3e32e78a40017756c71ef6dad429ffe3301126a ]
The i2c controller should use IRQ_TYPE_LEVEL_HIGH instead of
IRQ_TYPE_NONE.
Fixes: 0f9f27a36d09 ("ARM: dts: NSP: Add I2C support to the DT")
Signed-off-by: Florian Fainelli
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
arch/arm/boot/dts/bcm-nsp.dtsi |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm/boot/dts/bcm-nsp.dtsi
+++ b/arch/arm/boot/dts/bcm-nsp.dtsi
@@ -288,7 +288,7 @@
reg = <0x38000 0x50>;
#address-cells = <1>;
#size-cells = <0>;
- interrupts = ;
+ interrupts = ;
clock-frequency = <10>;
};
[PATCH 4.4 58/79] tcp: remove DELAYED ACK events in DCTCP
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Yuchung Cheng
[ Upstream commit a69258f7aa2623e0930212f09c586fd06674ad79 ]
After fixing the way DCTCP tracking delayed ACKs, the delayed-ACK
related callbacks are no longer needed
Signed-off-by: Yuchung Cheng
Signed-off-by: Eric Dumazet
Acked-by: Neal Cardwell
Acked-by: Lawrence Brakmo
Signed-off-by: David S. Miller
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
include/net/tcp.h |2 --
net/ipv4/tcp_dctcp.c | 25 -
net/ipv4/tcp_output.c |4
3 files changed, 31 deletions(-)
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -821,8 +821,6 @@ enum tcp_ca_event {
CA_EVENT_LOSS, /* loss timeout */
CA_EVENT_ECN_NO_CE, /* ECT set, but not CE marked */
CA_EVENT_ECN_IS_CE, /* received CE marked IP packet */
- CA_EVENT_DELAYED_ACK, /* Delayed ack is sent */
- CA_EVENT_NON_DELAYED_ACK,
};
/* Information about inbound ACK, passed to cong_ops->in_ack_event() */
--- a/net/ipv4/tcp_dctcp.c
+++ b/net/ipv4/tcp_dctcp.c
@@ -55,7 +55,6 @@ struct dctcp {
u32 dctcp_alpha;
u32 next_seq;
u32 ce_state;
- u32 delayed_ack_reserved;
u32 loss_cwnd;
};
@@ -96,7 +95,6 @@ static void dctcp_init(struct sock *sk)
ca->dctcp_alpha = min(dctcp_alpha_on_init, DCTCP_MAX_ALPHA);
- ca->delayed_ack_reserved = 0;
ca->loss_cwnd = 0;
ca->ce_state = 0;
@@ -230,25 +228,6 @@ static void dctcp_state(struct sock *sk,
}
}
-static void dctcp_update_ack_reserved(struct sock *sk, enum tcp_ca_event ev)
-{
- struct dctcp *ca = inet_csk_ca(sk);
-
- switch (ev) {
- case CA_EVENT_DELAYED_ACK:
- if (!ca->delayed_ack_reserved)
- ca->delayed_ack_reserved = 1;
- break;
- case CA_EVENT_NON_DELAYED_ACK:
- if (ca->delayed_ack_reserved)
- ca->delayed_ack_reserved = 0;
- break;
- default:
- /* Don't care for the rest. */
- break;
- }
-}
-
static void dctcp_cwnd_event(struct sock *sk, enum tcp_ca_event ev)
{
switch (ev) {
@@ -258,10 +237,6 @@ static void dctcp_cwnd_event(struct sock
case CA_EVENT_ECN_NO_CE:
dctcp_ce_state_1_to_0(sk);
break;
- case CA_EVENT_DELAYED_ACK:
- case CA_EVENT_NON_DELAYED_ACK:
- dctcp_update_ack_reserved(sk, ev);
- break;
default:
/* Don't care for the rest. */
break;
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -3316,8 +3316,6 @@ void tcp_send_delayed_ack(struct sock *s
int ato = icsk->icsk_ack.ato;
unsigned long timeout;
- tcp_ca_event(sk, CA_EVENT_DELAYED_ACK);
-
if (ato > TCP_DELACK_MIN) {
const struct tcp_sock *tp = tcp_sk(sk);
int max_ato = HZ / 2;
@@ -3374,8 +3372,6 @@ void __tcp_send_ack(struct sock *sk, u32
if (sk->sk_state == TCP_CLOSE)
return;
- tcp_ca_event(sk, CA_EVENT_NON_DELAYED_ACK);
-
/* We are not putting this on the write queue, so
* tcp_transmit_skb() will set the ownership to this
* sock.
[PATCH 4.4 63/79] net: qca_spi: Make sure the QCA7000 reset is triggered
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Stefan Wahren
[ Upstream commit 711c62dfa6bdb4326ca6c587f295ea5c4f7269de ]
In case the SPI thread is not running, a simple reset of sync
state won't fix the transmit timeout. We also need to wake up the kernel
thread.
Signed-off-by: Stefan Wahren
Fixes: ed7d42e24eff ("net: qca_spi: fix transmit queue timeout handling")
Signed-off-by: David S. Miller
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
drivers/net/ethernet/qualcomm/qca_spi.c |3 +++
1 file changed, 3 insertions(+)
--- a/drivers/net/ethernet/qualcomm/qca_spi.c
+++ b/drivers/net/ethernet/qualcomm/qca_spi.c
@@ -739,6 +739,9 @@ qcaspi_netdev_tx_timeout(struct net_devi
qca->net_dev->stats.tx_errors++;
/* Trigger tx queue flush and QCA7000 reset */
qca->sync = QCASPI_SYNC_UNKNOWN;
+
+ if (qca->spi_thread)
+ wake_up_process(qca->spi_thread);
}
static int
[PATCH 4.4 67/79] KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer
4.4-stable review patch. If anyone has any objections, please let me know. -- From: Paolo Bonzini commit 9432a3175770e06cb83eada2d91fac90c977cb99 upstream. A comment warning against this bug is there, but the code is not doing what the comment says. Therefore it is possible that an EPOLLHUP races against irq_bypass_register_consumer. The EPOLLHUP handler schedules irqfd_shutdown, and if that runs soon enough, you get a use-after-free. Reported-by: syzbot Cc: sta...@vger.kernel.org Signed-off-by: Paolo Bonzini Reviewed-by: David Hildenbrand Signed-off-by: Sudip Mukherjee Signed-off-by: Greg Kroah-Hartman --- virt/kvm/eventfd.c | 11 ++- 1 file changed, 6 insertions(+), 5 deletions(-) --- a/virt/kvm/eventfd.c +++ b/virt/kvm/eventfd.c @@ -405,11 +405,6 @@ kvm_irqfd_assign(struct kvm *kvm, struct if (events & POLLIN) schedule_work(&irqfd->inject); - /* -* do not drop the file until the irqfd is fully initialized, otherwise -* we might race against the POLLHUP -*/ - fdput(f); #ifdef CONFIG_HAVE_KVM_IRQ_BYPASS irqfd->consumer.token = (void *)irqfd->eventfd; irqfd->consumer.add_producer = kvm_arch_irq_bypass_add_producer; @@ -423,6 +418,12 @@ kvm_irqfd_assign(struct kvm *kvm, struct #endif srcu_read_unlock(&kvm->irq_srcu, idx); + + /* +* do not drop the file until the irqfd is fully initialized, otherwise +* we might race against the POLLHUP +*/ + fdput(f); return 0; fail:
[PATCH 4.4 64/79] net: qca_spi: Fix log level if probe fails
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Stefan Wahren
[ Upstream commit 50973993260a6934f0a00da53d9b746cfbea89ab ]
In cases the probing fails the log level of the messages should
be an error.
Signed-off-by: Stefan Wahren
Signed-off-by: David S. Miller
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
drivers/net/ethernet/qualcomm/qca_spi.c | 16
1 file changed, 8 insertions(+), 8 deletions(-)
--- a/drivers/net/ethernet/qualcomm/qca_spi.c
+++ b/drivers/net/ethernet/qualcomm/qca_spi.c
@@ -868,22 +868,22 @@ qca_spi_probe(struct spi_device *spi)
if ((qcaspi_clkspeed < QCASPI_CLK_SPEED_MIN) ||
(qcaspi_clkspeed > QCASPI_CLK_SPEED_MAX)) {
- dev_info(&spi->dev, "Invalid clkspeed: %d\n",
-qcaspi_clkspeed);
+ dev_err(&spi->dev, "Invalid clkspeed: %d\n",
+ qcaspi_clkspeed);
return -EINVAL;
}
if ((qcaspi_burst_len < QCASPI_BURST_LEN_MIN) ||
(qcaspi_burst_len > QCASPI_BURST_LEN_MAX)) {
- dev_info(&spi->dev, "Invalid burst len: %d\n",
-qcaspi_burst_len);
+ dev_err(&spi->dev, "Invalid burst len: %d\n",
+ qcaspi_burst_len);
return -EINVAL;
}
if ((qcaspi_pluggable < QCASPI_PLUGGABLE_MIN) ||
(qcaspi_pluggable > QCASPI_PLUGGABLE_MAX)) {
- dev_info(&spi->dev, "Invalid pluggable: %d\n",
-qcaspi_pluggable);
+ dev_err(&spi->dev, "Invalid pluggable: %d\n",
+ qcaspi_pluggable);
return -EINVAL;
}
@@ -944,8 +944,8 @@ qca_spi_probe(struct spi_device *spi)
}
if (register_netdev(qcaspi_devs)) {
- dev_info(&spi->dev, "Unable to register net device %s\n",
-qcaspi_devs->name);
+ dev_err(&spi->dev, "Unable to register net device %s\n",
+ qcaspi_devs->name);
free_netdev(qcaspi_devs);
return -EFAULT;
}
[PATCH 4.4 76/79] PCI: Skip MPS logic for Virtual Functions (VFs)
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Myron Stowe
commit 3dbe97efe8bf450b183d6dee2305cbc032e6b8a4 upstream.
PCIe r4.0, sec 9.3.5.4, "Device Control Register", shows both
Max_Payload_Size (MPS) and Max_Read_request_Size (MRRS) to be 'RsvdP' for
VFs. Just prior to the table it states:
"PF and VF functionality is defined in Section 7.5.3.4 except where
noted in Table 9-16. For VF fields marked 'RsvdP', the PF setting
applies to the VF."
All of which implies that with respect to Max_Payload_Size Supported
(MPSS), MPS, and MRRS values, we should not be paying any attention to the
VF's fields, but rather only to the PF's. Only looking at the PF's fields
also logically makes sense as it's the sole physical interface to the PCIe
bus.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=200527
Fixes: 27d868b5e6cf ("PCI: Set MPS to match upstream bridge")
Signed-off-by: Myron Stowe
Signed-off-by: Bjorn Helgaas
Cc: sta...@vger.kernel.org # 4.3+
Cc: Keith Busch
Cc: Sinan Kaya
Cc: Dongdong Liu
Cc: Jon Mason
Signed-off-by: Greg Kroah-Hartman
---
drivers/pci/probe.c |4
1 file changed, 4 insertions(+)
--- a/drivers/pci/probe.c
+++ b/drivers/pci/probe.c
@@ -1338,6 +1338,10 @@ static void pci_configure_mps(struct pci
if (!pci_is_pcie(dev) || !bridge || !pci_is_pcie(bridge))
return;
+ /* MPS and MRRS fields are of type 'RsvdP' for VFs, short-circuit out */
+ if (dev->is_virtfn)
+ return;
+
mps = pcie_get_mps(dev);
p_mps = pcie_get_mps(bridge);
[PATCH 4.9 001/130] x86/entry/64: Remove %ebx handling from error_entry/exit
4.9-stable review patch. If anyone has any objections, please let me know.
--
From: Andy Lutomirski
commit b3681dd548d06deb2e1573890829dff4b15abf46 upstream.
error_entry and error_exit communicate the user vs. kernel status of
the frame using %ebx. This is unnecessary -- the information is in
regs->cs. Just use regs->cs.
This makes error_entry simpler and makes error_exit more robust.
It also fixes a nasty bug. Before all the Spectre nonsense, the
xen_failsafe_callback entry point returned like this:
ALLOC_PT_GPREGS_ON_STACK
SAVE_C_REGS
SAVE_EXTRA_REGS
ENCODE_FRAME_POINTER
jmp error_exit
And it did not go through error_entry. This was bogus: RBX
contained garbage, and error_exit expected a flag in RBX.
Fortunately, it generally contained *nonzero* garbage, so the
correct code path was used. As part of the Spectre fixes, code was
added to clear RBX to mitigate certain speculation attacks. Now,
depending on kernel configuration, RBX got zeroed and, when running
some Wine workloads, the kernel crashes. This was introduced by:
commit 3ac6d8c787b8 ("x86/entry/64: Clear registers for
exceptions/interrupts, to reduce speculation attack surface")
With this patch applied, RBX is no longer needed as a flag, and the
problem goes away.
I suspect that malicious userspace could use this bug to crash the
kernel even without the offending patch applied, though.
[ Historical note: I wrote this patch as a cleanup before I was aware
of the bug it fixed. ]
[ Note to stable maintainers: this should probably get applied to all
kernels. If you're nervous about that, a more conservative fix to
add xorl %ebx,%ebx; incl %ebx before the jump to error_exit should
also fix the problem. ]
Reported-and-tested-by: M. Vefa Bicakci
Signed-off-by: Andy Lutomirski
Cc: Boris Ostrovsky
Cc: Borislav Petkov
Cc: Brian Gerst
Cc: Dave Hansen
Cc: Denys Vlasenko
Cc: Dominik Brodowski
Cc: Greg KH
Cc: H. Peter Anvin
Cc: Josh Poimboeuf
Cc: Juergen Gross
Cc: Linus Torvalds
Cc: Peter Zijlstra
Cc: Thomas Gleixner
Cc: sta...@vger.kernel.org
Cc: xen-de...@lists.xenproject.org
Fixes: 3ac6d8c787b8 ("x86/entry/64: Clear registers for exceptions/interrupts,
to reduce speculation attack surface")
Link:
http://lkml.kernel.org/r/b5010a090d3586b2d6e06c7ad3ec5542d1241c45.1532282627.git.l...@kernel.org
Signed-off-by: Ingo Molnar
Signed-off-by: Sarah Newman
Signed-off-by: Greg Kroah-Hartman
---
arch/x86/entry/entry_64.S | 20
1 file changed, 4 insertions(+), 16 deletions(-)
--- a/arch/x86/entry/entry_64.S
+++ b/arch/x86/entry/entry_64.S
@@ -774,7 +774,7 @@ ENTRY(\sym)
call\do_sym
- jmp error_exit /* %ebx: no swapgs flag */
+ jmp error_exit
.endif
END(\sym)
.endm
@@ -1043,7 +1043,6 @@ END(paranoid_exit)
/*
* Save all registers in pt_regs, and switch gs if needed.
- * Return: EBX=0: came from user mode; EBX=1: otherwise
*/
ENTRY(error_entry)
cld
@@ -1056,7 +1055,6 @@ ENTRY(error_entry)
* the kernel CR3 here.
*/
SWITCH_KERNEL_CR3
- xorl%ebx, %ebx
testb $3, CS+8(%rsp)
jz .Lerror_kernelspace
@@ -1087,7 +1085,6 @@ ENTRY(error_entry)
* for these here too.
*/
.Lerror_kernelspace:
- incl%ebx
leaqnative_irq_return_iret(%rip), %rcx
cmpq%rcx, RIP+8(%rsp)
je .Lerror_bad_iret
@@ -1119,28 +1116,19 @@ ENTRY(error_entry)
/*
* Pretend that the exception came from user mode: set up pt_regs
-* as if we faulted immediately after IRET and clear EBX so that
-* error_exit knows that we will be returning to user mode.
+* as if we faulted immediately after IRET.
*/
mov %rsp, %rdi
callfixup_bad_iret
mov %rax, %rsp
- decl%ebx
jmp .Lerror_entry_from_usermode_after_swapgs
END(error_entry)
-
-/*
- * On entry, EBX is a "return to kernel mode" flag:
- * 1: already in kernel mode, don't need SWAPGS
- * 0: user gsbase is loaded, we need SWAPGS and standard preparation for
return to usermode
- */
ENTRY(error_exit)
- movl%ebx, %eax
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
- testl %eax, %eax
- jnz retint_kernel
+ testb $3, CS(%rsp)
+ jz retint_kernel
jmp retint_user
END(error_exit)
[PATCH 4.4 66/79] staging: android: ion: check for kref overflow
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Daniel Rosenberg
This patch is against 4.4. It does not apply to master due to a large
rework of ion in 4.12 which removed the affected functions altogther.
4c23cbff073f3b9b ("staging: android: ion: Remove import interface")
Userspace can cause the kref to handles to increment
arbitrarily high. Ensure it does not overflow.
Signed-off-by: Daniel Rosenberg
Signed-off-by: Greg Kroah-Hartman
---
v2: Fixed patch corruption :(
It applies from 3.18 to 4.11, although with a trivial conflict resolution
for the later branches.
drivers/staging/android/ion/ion.c | 17 ++---
1 file changed, 14 insertions(+), 3 deletions(-)
--- a/drivers/staging/android/ion/ion.c
+++ b/drivers/staging/android/ion/ion.c
@@ -15,6 +15,7 @@
*
*/
+#include
#include
#include
#include
@@ -387,6 +388,16 @@ static void ion_handle_get(struct ion_ha
kref_get(&handle->ref);
}
+/* Must hold the client lock */
+static struct ion_handle *ion_handle_get_check_overflow(
+ struct ion_handle *handle)
+{
+ if (atomic_read(&handle->ref.refcount) + 1 == 0)
+ return ERR_PTR(-EOVERFLOW);
+ ion_handle_get(handle);
+ return handle;
+}
+
static int ion_handle_put_nolock(struct ion_handle *handle)
{
int ret;
@@ -433,9 +444,9 @@ static struct ion_handle *ion_handle_get
handle = idr_find(&client->idr, id);
if (handle)
- ion_handle_get(handle);
+ return ion_handle_get_check_overflow(handle);
- return handle ? handle : ERR_PTR(-EINVAL);
+ return ERR_PTR(-EINVAL);
}
struct ion_handle *ion_handle_get_by_id(struct ion_client *client,
@@ -1202,7 +1213,7 @@ struct ion_handle *ion_import_dma_buf(st
/* if a handle exists for this buffer just take a reference to it */
handle = ion_handle_lookup(client, buffer);
if (!IS_ERR(handle)) {
- ion_handle_get(handle);
+ handle = ion_handle_get_check_overflow(handle);
mutex_unlock(&client->lock);
goto end;
}
[PATCH 4.9 003/130] usb: dwc3: of-simple: fix use-after-free on remove
4.9-stable review patch. If anyone has any objections, please let me know.
--
From: Johan Hovold
[ Upstream commit 896e518883f18e601335908192e33426c1f599a4 ]
The clocks have already been explicitly disabled and put as part of
remove() so the runtime suspend callback must not be run when balancing
the runtime PM usage count before returning.
Fixes: 16adc674d0d6 ("usb: dwc3: add generic OF glue layer")
Signed-off-by: Johan Hovold
Signed-off-by: Felipe Balbi
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
drivers/usb/dwc3/dwc3-of-simple.c |3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/usb/dwc3/dwc3-of-simple.c
+++ b/drivers/usb/dwc3/dwc3-of-simple.c
@@ -132,8 +132,9 @@ static int dwc3_of_simple_remove(struct
of_platform_depopulate(dev);
- pm_runtime_put_sync(dev);
pm_runtime_disable(dev);
+ pm_runtime_put_noidle(dev);
+ pm_runtime_set_suspended(dev);
return 0;
}
[PATCH 4.9 006/130] selftests: static_keys: return Kselftest Skip code for skipped tests
4.9-stable review patch. If anyone has any objections, please let me know. -- From: "Shuah Khan (Samsung OSG)" [ Upstream commit 8781578087b8fb8829558bac96c3c24e5ba26f82 ] When static_keys test is skipped because of unmet dependencies and/or unsupported configuration, it exits with error which is treated as a fail by the Kselftest framework. This leads to false negative result even when the test could not be run. Change it to return kselftest skip code when a test gets skipped to clearly report that the test could not be run. Added an explicit searches for test_static_key_base and test_static_keys modules and return skip code if they aren't found to differentiate between the failure to load the module condition and module not found condition. Kselftest framework SKIP code is 4 and the framework prints appropriate messages to indicate that the test is skipped. Signed-off-by: Shuah Khan (Samsung OSG) Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- tools/testing/selftests/static_keys/test_static_keys.sh | 13 + 1 file changed, 13 insertions(+) --- a/tools/testing/selftests/static_keys/test_static_keys.sh +++ b/tools/testing/selftests/static_keys/test_static_keys.sh @@ -1,6 +1,19 @@ #!/bin/sh # Runs static keys kernel module tests +# Kselftest framework requirement - SKIP code is 4. +ksft_skip=4 + +if ! /sbin/modprobe -q -n test_static_key_base; then + echo "static_key: module test_static_key_base is not found [SKIP]" + exit $ksft_skip +fi + +if ! /sbin/modprobe -q -n test_static_keys; then + echo "static_key: module test_static_keys is not found [SKIP]" + exit $ksft_skip +fi + if /sbin/modprobe -q test_static_key_base; then if /sbin/modprobe -q test_static_keys; then echo "static_key: ok"
[PATCH 4.9 012/130] ARM: dts: Cygnus: Fix I2C controller interrupt type
4.9-stable review patch. If anyone has any objections, please let me know.
--
From: Ray Jui
[ Upstream commit 71ca3409703b62b6a092d0d9d13f366c121bc5d3 ]
Fix I2C controller interrupt to use IRQ_TYPE_LEVEL_HIGH for Broadcom
Cygnus SoC.
Fixes: b51c05a331ff ("ARM: dts: add I2C device nodes for Broadcom Cygnus")
Signed-off-by: Ray Jui
Signed-off-by: Florian Fainelli
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
arch/arm/boot/dts/bcm-cygnus.dtsi |4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/arch/arm/boot/dts/bcm-cygnus.dtsi
+++ b/arch/arm/boot/dts/bcm-cygnus.dtsi
@@ -128,7 +128,7 @@
reg = <0x18008000 0x100>;
#address-cells = <1>;
#size-cells = <0>;
- interrupts = ;
+ interrupts = ;
clock-frequency = <10>;
status = "disabled";
};
@@ -157,7 +157,7 @@
reg = <0x1800b000 0x100>;
#address-cells = <1>;
#size-cells = <0>;
- interrupts = ;
+ interrupts = ;
clock-frequency = <10>;
status = "disabled";
};
[PATCH 4.9 014/130] arm64: dts: ns2: Fix I2C controller interrupt type
4.9-stable review patch. If anyone has any objections, please let me know.
--
From: Ray Jui
[ Upstream commit e605c287deed45624e8d35a15e3f0b4faab1a62d ]
Fix I2C controller interrupt to use IRQ_TYPE_LEVEL_HIGH for Broadcom NS2
SoC.
Fixes: 7ac674e8df7a ("arm64: dts: Add I2C nodes for NS2")
Signed-off-by: Ray Jui
Signed-off-by: Florian Fainelli
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
arch/arm64/boot/dts/broadcom/ns2.dtsi |4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/arch/arm64/boot/dts/broadcom/ns2.dtsi
+++ b/arch/arm64/boot/dts/broadcom/ns2.dtsi
@@ -393,7 +393,7 @@
reg = <0x6608 0x100>;
#address-cells = <1>;
#size-cells = <0>;
- interrupts = ;
+ interrupts = ;
clock-frequency = <10>;
status = "disabled";
};
@@ -421,7 +421,7 @@
reg = <0x660b 0x100>;
#address-cells = <1>;
#size-cells = <0>;
- interrupts = ;
+ interrupts = ;
clock-frequency = <10>;
status = "disabled";
};
[PATCH 4.9 000/130] 4.9.124-stable review
This is the start of the stable review cycle for the 4.9.124 release. There are 130 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Aug 25 07:48:45 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.124-rc1.gz or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h - Pseudo-Shortlog of commits: Greg Kroah-Hartman Linux 4.9.124-rc1 Jann Horn reiserfs: fix broken xattr handling (heap corruption, bad retval) Esben Haabendal i2c: imx: Fix race condition in dma read Lukas Wunner PCI: pciehp: Fix unprotected list iteration in IRQ handler Lukas Wunner PCI: pciehp: Fix use-after-free on unplug Myron Stowe PCI: Skip MPS logic for Virtual Functions (VFs) Lukas Wunner PCI: hotplug: Don't leak pci_slot on registration failure Sergei Shtylyov PCI: OF: Fix I/O space page leak John David Anglin parisc: Remove unnecessary barriers from spinlock.h Willem de Bruijn packet: refine ring v3 block size test to hold one frame Florian Westphal netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state Eric Dumazet xfrm_user: prevent leaking 2 bytes of kernel memory John David Anglin parisc: Remove ordered stores from syscall.S Jeremy Cline ext4: fix spectre gadget in ext4_mb_regular_allocator() Paolo Bonzini KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer Randy Dunlap tcp: identify cryptic messages as TCP seq # bugs Stefan Wahren net: qca_spi: Fix log level if probe fails Stefan Wahren net: qca_spi: Make sure the QCA7000 reset is triggered Stefan Wahren net: qca_spi: Avoid packet drop during initial sync Sergei Shtylyov PCI: versatile: Fix I/O space page leak David Lechner net: usb: rtl8150: demote allmulti message to dev_dbg() Randy Dunlap net/ethernet/freescale/fman: fix cross-build error Dan Carpenter drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() Wei Yongjun pinctrl: nsp: Fix potential NULL dereference Dan Carpenter pinctrl: nsp: off by ones in nsp_pinmux_enable() Yuchung Cheng tcp: remove DELAYED ACK events in DCTCP Dan Carpenter qlogic: check kstrtoul() for errors Willem de Bruijn packet: reset network header if packet shorter than ll reserved space Laura Abbott tools: build: Use HOSTLDFLAGS with fixdep Alexander Duyck ixgbe: Be more careful when modifying MAC filters Adam Ford ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller Nishanth Menon ARM: DRA7/OMAP5: Enable ACTLR[0] (Enable invalidates of BTB) for secondary cores Steven Rostedt (VMware) ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot Kamal Heib RDMA/mlx5: Fix memory leak in mlx5_ib_create_srq() error path Dave Jiang nfit: fix unchecked dereference in acpi_nfit_ctl Kim Phillips perf llvm-utils: Remove bashism from kernel include fetch script Vikas Gupta bnxt_en: Fix for system hang if request_irq fails Michael Chan bnxt_en: Always set output parameters in bnxt_get_max_rings(). Peter Zijlstra ARC: Improve cmpxchg syscall implementation Andrey Ryabinin netfilter: nf_conntrack: Fix possible possible crash on module loading. Russell King drm/armada: fix colorkey mode property Stefan Schmidt ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem Stefan Schmidt ieee802154: at86rf230: use __func__ macro for debug messages Stefan Schmidt ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem Davide Caratti net/sched: act_tunnel_key: fix NULL dereference when 'goto chain' is used Daniel Mack ARM: pxa: irq: fix handling of ICMR registers in suspend/resume Vladimir Zapolskiy ravb: fix invalid context bug while changing link options by ethtool Vladimir Zapolskiy ravb: fix invalid context bug while calling auto-negotiation by ethtool Vladimir Zapolskiy sh_eth: fix invalid context bug while changing link options by ethtool Vladimir Zapolskiy sh_eth: fix invalid context bug while calling auto-negotiation by ethtool Arun Kumar Neelakantam net: qrtr: Broadcast messages only from control port Paul Moore ipv6: make ipv6_renew_options() interrupt/kernel safe Florian Westphal netfilter: x_tables: set module owner for icmp(6) matches Lubomir Rintel ieee802154: 6lowpan: set IFLA_LINK Taeung Song samples/bpf: Check the error of write() and read() Taeung Song samples/bpf: add missing Yuiko Oshino smsc75xx: Add workaround for
[PATCH 4.9 008/130] selftests: zram: return Kselftest Skip code for skipped tests
4.9-stable review patch. If anyone has any objections, please let me know.
--
From: "Shuah Khan (Samsung OSG)"
[ Upstream commit 685814466bf8398192cf855415a0bb2cefc1930e ]
When zram test is skipped because of unmet dependencies and/or
unsupported configuration, it exits with error which is treated as
a fail by the Kselftest framework. This leads to false negative result
even when the test could not be run.
Change it to return kselftest skip code when a test gets skipped to
clearly report that the test could not be run.
Kselftest framework SKIP code is 4 and the framework prints appropriate
messages to indicate that the test is skipped.
Signed-off-by: Shuah Khan (Samsung OSG)
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
tools/testing/selftests/zram/zram.sh |5 -
tools/testing/selftests/zram/zram_lib.sh |5 -
2 files changed, 8 insertions(+), 2 deletions(-)
--- a/tools/testing/selftests/zram/zram.sh
+++ b/tools/testing/selftests/zram/zram.sh
@@ -1,6 +1,9 @@
#!/bin/bash
TCID="zram.sh"
+# Kselftest framework requirement - SKIP code is 4.
+ksft_skip=4
+
. ./zram_lib.sh
run_zram () {
@@ -23,5 +26,5 @@ elif [ -b /dev/zram0 ]; then
else
echo "$TCID : No zram.ko module or /dev/zram0 device file not found"
echo "$TCID : CONFIG_ZRAM is not set"
- exit 1
+ exit $ksft_skip
fi
--- a/tools/testing/selftests/zram/zram_lib.sh
+++ b/tools/testing/selftests/zram/zram_lib.sh
@@ -18,6 +18,9 @@ MODULE=0
dev_makeswap=-1
dev_mounted=-1
+# Kselftest framework requirement - SKIP code is 4.
+ksft_skip=4
+
trap INT
check_prereqs()
@@ -27,7 +30,7 @@ check_prereqs()
if [ $uid -ne 0 ]; then
echo $msg must be run as root >&2
- exit 0
+ exit $ksft_skip
fi
}
[PATCH 4.9 011/130] ARM: dts: NSP: Fix PCIe controllers interrupt types
4.9-stable review patch. If anyone has any objections, please let me know.
--
From: Florian Fainelli
[ Upstream commit 403fde644855bc71318c8db65646383e22653b13 ]
The interrupts for the PCIe controllers should all be of type
IRQ_TYPE_LEVEL_HIGH instead of IRQ_TYPE_NONE.
Fixes: d71eb9412088 ("ARM: dts: NSP: Add MSI support on PCI")
Fixes: 522199029fdc ("ARM: dts: NSP: Fix PCIE DT issue")
Signed-off-by: Florian Fainelli
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
arch/arm/boot/dts/bcm-nsp.dtsi | 30 +++---
1 file changed, 15 insertions(+), 15 deletions(-)
--- a/arch/arm/boot/dts/bcm-nsp.dtsi
+++ b/arch/arm/boot/dts/bcm-nsp.dtsi
@@ -375,7 +375,7 @@
#interrupt-cells = <1>;
interrupt-map-mask = <0 0 0 0>;
- interrupt-map = <0 0 0 0 &gic GIC_SPI 131 IRQ_TYPE_NONE>;
+ interrupt-map = <0 0 0 0 &gic GIC_SPI 131 IRQ_TYPE_LEVEL_HIGH>;
linux,pci-domain = <0>;
@@ -397,10 +397,10 @@
compatible = "brcm,iproc-msi";
msi-controller;
interrupt-parent = <&gic>;
- interrupts = ,
-,
-,
-;
+ interrupts = ,
+,
+,
+;
brcm,pcie-msi-inten;
};
};
@@ -411,7 +411,7 @@
#interrupt-cells = <1>;
interrupt-map-mask = <0 0 0 0>;
- interrupt-map = <0 0 0 0 &gic GIC_SPI 137 IRQ_TYPE_NONE>;
+ interrupt-map = <0 0 0 0 &gic GIC_SPI 137 IRQ_TYPE_LEVEL_HIGH>;
linux,pci-domain = <1>;
@@ -433,10 +433,10 @@
compatible = "brcm,iproc-msi";
msi-controller;
interrupt-parent = <&gic>;
- interrupts = ,
-,
-,
-;
+ interrupts = ,
+,
+,
+;
brcm,pcie-msi-inten;
};
};
@@ -447,7 +447,7 @@
#interrupt-cells = <1>;
interrupt-map-mask = <0 0 0 0>;
- interrupt-map = <0 0 0 0 &gic GIC_SPI 143 IRQ_TYPE_NONE>;
+ interrupt-map = <0 0 0 0 &gic GIC_SPI 143 IRQ_TYPE_LEVEL_HIGH>;
linux,pci-domain = <2>;
@@ -469,10 +469,10 @@
compatible = "brcm,iproc-msi";
msi-controller;
interrupt-parent = <&gic>;
- interrupts = ,
-,
-,
-;
+ interrupts = ,
+,
+,
+;
brcm,pcie-msi-inten;
};
};
[PATCH 4.9 004/130] netfilter: ipv6: nf_defrag: reduce struct net memory waste
4.9-stable review patch. If anyone has any objections, please let me know.
--
From: Eric Dumazet
[ Upstream commit 9ce7bc036ae4cfe3393232c86e9e1fea2153c237 ]
It is a waste of memory to use a full "struct netns_sysctl_ipv6"
while only one pointer is really used, considering netns_sysctl_ipv6
keeps growing.
Also, since "struct netns_frags" has cache line alignment,
it is better to move the frags_hdr pointer outside, otherwise
we spend a full cache line for this pointer.
This saves 192 bytes of memory per netns.
Fixes: c038a767cd69 ("ipv6: add a new namespace for nf_conntrack_reasm")
Signed-off-by: Eric Dumazet
Signed-off-by: Pablo Neira Ayuso
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
include/net/net_namespace.h |1 +
include/net/netns/ipv6.h|1 -
net/ipv6/netfilter/nf_conntrack_reasm.c |6 +++---
3 files changed, 4 insertions(+), 4 deletions(-)
--- a/include/net/net_namespace.h
+++ b/include/net/net_namespace.h
@@ -116,6 +116,7 @@ struct net {
#endif
#if IS_ENABLED(CONFIG_NF_DEFRAG_IPV6)
struct netns_nf_fragnf_frag;
+ struct ctl_table_header *nf_frag_frags_hdr;
#endif
struct sock *nfnl;
struct sock *nfnl_stash;
--- a/include/net/netns/ipv6.h
+++ b/include/net/netns/ipv6.h
@@ -89,7 +89,6 @@ struct netns_ipv6 {
#if IS_ENABLED(CONFIG_NF_DEFRAG_IPV6)
struct netns_nf_frag {
- struct netns_sysctl_ipv6 sysctl;
struct netns_frags frags;
};
#endif
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -117,7 +117,7 @@ static int nf_ct_frag6_sysctl_register(s
if (hdr == NULL)
goto err_reg;
- net->nf_frag.sysctl.frags_hdr = hdr;
+ net->nf_frag_frags_hdr = hdr;
return 0;
err_reg:
@@ -131,8 +131,8 @@ static void __net_exit nf_ct_frags6_sysc
{
struct ctl_table *table;
- table = net->nf_frag.sysctl.frags_hdr->ctl_table_arg;
- unregister_net_sysctl_table(net->nf_frag.sysctl.frags_hdr);
+ table = net->nf_frag_frags_hdr->ctl_table_arg;
+ unregister_net_sysctl_table(net->nf_frag_frags_hdr);
if (!net_eq(net, &init_net))
kfree(table);
}
[PATCH 4.9 005/130] selftests: pstore: return Kselftest Skip code for skipped tests
4.9-stable review patch. If anyone has any objections, please let me know. -- From: "Shuah Khan (Samsung OSG)" [ Upstream commit 856e7c4b619af622d56b3b454f7bec32a170ac99 ] When pstore_post_reboot test gets skipped because of unmet dependencies and/or unsupported configuration, it returns 0 which is treated as a pass by the Kselftest framework. This leads to false positive result even when the test could not be run. Change it to return kselftest skip code when a test gets skipped to clearly report that the test could not be run. Kselftest framework SKIP code is 4 and the framework prints appropriate messages to indicate that the test is skipped. Signed-off-by: Shuah Khan (Samsung OSG) Reviewed-by: Kees Cook Signed-off-by: Shuah Khan (Samsung OSG) Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- tools/testing/selftests/pstore/pstore_post_reboot_tests |5 - 1 file changed, 4 insertions(+), 1 deletion(-) --- a/tools/testing/selftests/pstore/pstore_post_reboot_tests +++ b/tools/testing/selftests/pstore/pstore_post_reboot_tests @@ -7,13 +7,16 @@ # # Released under the terms of the GPL v2. +# Kselftest framework requirement - SKIP code is 4. +ksft_skip=4 + . ./common_tests if [ -e $REBOOT_FLAG ]; then rm $REBOOT_FLAG else prlog "pstore_crash_test has not been executed yet. we skip further tests." -exit 0 +exit $ksft_skip fi prlog -n "Mounting pstore filesystem ... "
[PATCH 4.9 023/130] xen/scsiback: add error handling for xenbus_printf
4.9-stable review patch. If anyone has any objections, please let me know.
--
From: Zhouyang Jia
[ Upstream commit 7c63ca24c878e0051c91904b72174029320ef4bd ]
When xenbus_printf fails, the lack of error-handling code may
cause unexpected results.
This patch adds error-handling code after calling xenbus_printf.
Signed-off-by: Zhouyang Jia
Reviewed-by: Juergen Gross
Signed-off-by: Juergen Gross
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
---
drivers/xen/xen-scsiback.c | 16 +---
1 file changed, 13 insertions(+), 3 deletions(-)
--- a/drivers/xen/xen-scsiback.c
+++ b/drivers/xen/xen-scsiback.c
@@ -1014,6 +1014,7 @@ static void scsiback_do_add_lun(struct v
{
struct v2p_entry *entry;
unsigned long flags;
+ int err;
if (try) {
spin_lock_irqsave(&info->v2p_lock, flags);
@@ -1029,8 +1030,11 @@ static void scsiback_do_add_lun(struct v
scsiback_del_translation_entry(info, vir);
}
} else if (!try) {
- xenbus_printf(XBT_NIL, info->dev->nodename, state,
+ err = xenbus_printf(XBT_NIL, info->dev->nodename, state,
"%d", XenbusStateClosed);
+ if (err)
+ xenbus_dev_error(info->dev, err,
+ "%s: writing %s", __func__, state);
}
}
@@ -1069,8 +1073,11 @@ static void scsiback_do_1lun_hotplug(str
snprintf(str, sizeof(str), "vscsi-devs/%s/p-dev", ent);
val = xenbus_read(XBT_NIL, dev->nodename, str, NULL);
if (IS_ERR(val)) {
- xenbus_printf(XBT_NIL, dev->nodename, state,
+ err = xenbus_printf(XBT_NIL, dev->nodename, state,
"%d", XenbusStateClosed);
+ if (err)
+ xenbus_dev_error(info->dev, err,
+ "%s: writing %s", __func__, state);
return;
}
strlcpy(phy, val, VSCSI_NAMELEN);
@@ -1081,8 +1088,11 @@ static void scsiback_do_1lun_hotplug(str
err = xenbus_scanf(XBT_NIL, dev->nodename, str, "%u:%u:%u:%u",
&vir.hst, &vir.chn, &vir.tgt, &vir.lun);
if (XENBUS_EXIST_ERR(err)) {
- xenbus_printf(XBT_NIL, dev->nodename, state,
+ err = xenbus_printf(XBT_NIL, dev->nodename, state,
"%d", XenbusStateClosed);
+ if (err)
+ xenbus_dev_error(info->dev, err,
+ "%s: writing %s", __func__, state);
return;
}
