LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
* [PATCH 4.14 000/496] 4.14.45-stable review
@ 2018-05-28 9:56 Greg Kroah-Hartman
2018-05-28 9:56 ` [PATCH 4.14 001/496] MIPS: c-r4k: Fix data corruption related to cache coherence Greg Kroah-Hartman
` (469 more replies)
0 siblings, 470 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, torvalds, akpm, linux, shuah, patches,
ben.hutchings, lkft-triage, stable
This is the start of the stable review cycle for the 4.14.45 release.
There are 496 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Wed May 30 10:00:57 UTC 2018.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.45-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linux 4.14.45-rc1
Deepak Rawat <drawat@vmware.com>
drm/vmwgfx: Set dmabuf_size when vmw_dmabuf_init is successful
Randy Dunlap <rdunlap@infradead.org>
kdb: make "mdr" command repeat
Jan Kundrát <jan.kundrat@cesnet.cz>
pinctrl: mcp23s08: spi: Fix regmap debugfs entries
Bjorn Andersson <bjorn.andersson@linaro.org>
pinctrl: msm: Use dynamic GPIO numbering
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
regulator: of: Add a missing 'of_node_put()' in an error handling path of 'of_regulator_match()'
Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>
ARM: dts: porter: Fix HDMI output routing
Aapo Vienamo <aapo@tuxera.com>
ARM: dts: imx7d: cl-som-imx7: fix pinctrl_enet
Filip Sadowski <filip.sadowski@intel.com>
i40e: Add delay after EMP reset for firmware to recover
Charles Keepax <ckeepax@opensource.cirrus.com>
regmap: Correct comparison in regmap_cached
Peter Rosin <peda@axentia.se>
ARM: dts: at91: tse850: use the correct compatible for the eeprom
Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
drm: rcar-du: lvds: Fix LVDS startup on R-Car Gen2
Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
drm: rcar-du: lvds: Fix LVDS startup on R-Car Gen3
Richard Haines <richard_c_haines@btinternet.com>
netlabel: If PF_INET6, check sk_buff ip header version
Prashant Bhole <bhole_prashant_q7@lab.ntt.co.jp>
selftests/net: fixes psock_fanout eBPF test case
Jiri Olsa <jolsa@kernel.org>
perf tests: Fix dwarf unwind for stripped binaries
Jiri Olsa <jolsa@redhat.com>
perf report: Fix memory corruption in --branch-history mode --branch-history
Jiri Olsa <jolsa@kernel.org>
perf tests: Use arch__compare_symbol_names to compare symbols
Jin Yao <yao.jin@linux.intel.com>
perf report: Fix wrong jump arrow
Thomas Richter <tmricht@linux.vnet.ibm.com>
perf test: Fix test case inet_pton to accept inlines.
Baoquan He <bhe@redhat.com>
x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic' specified
Ørjan Eide <orjan.eide@arm.com>
drm/rockchip: Respect page offset for PRIME mmap calls
Joe Perches <joe@perches.com>
MIPS: Octeon: Fix logging messages with spurious periods after newlines
Jake Moroni <mail@jakemoroni.com>
dpaa_eth: fix pause capability advertisement logic
Takeshi Kihara <takeshi.kihara.df@renesas.com>
pinctrl: sh-pfc: r8a7796: Fix MOD_SEL register pin assignment for SSI pins group
Tejun Heo <tj@kernel.org>
rcu: Call touch_nmi_watchdog() while printing stall warnings
Niklas Cassel <niklas.cassel@axis.com>
net: stmmac: call correct function in stmmac_mac_config_rx_queues_routing()
Richard Guy Briggs <rgb@redhat.com>
audit: return on memory error to avoid null pointer dereference
Rafael J. Wysocki <rafael.j.wysocki@intel.com>
PCMCIA / PM: Avoid noirq suspend aborts during suspend-to-idle
Henry Zhang <henryzhang62@gmail.com>
ARM: dts: bcm283x: Fix pin function of JTAG pins
Stefan Wahren <stefan.wahren@i2se.com>
ARM: dts: bcm283x: Fix probing of bcm2835-i2s
Ladislav Michl <ladis@linux-mips.org>
power: supply: ltc2941-battery-gauge: Fix temperature units
Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
sh_eth: fix TSU init on SH7734/R8A7740
Jacob Keller <jacob.e.keller@intel.com>
ixgbe: prevent ptp_rx_hang from running when in FILTER_ALL mode
Jan Kara <jack@suse.cz>
udf: Provide saner default for invalid uid / gid
Thomas Vincent-Cross <me@tvc.id.au>
PCI: Add function 1 DMA alias quirk for Marvell 88SE9220
Madalin Bucur <madalin.bucur@nxp.com>
dpaa_eth: fix SG mapping
Viresh Kumar <viresh.kumar@linaro.org>
cpufreq: Reorder cpufreq_online() error code path
Niklas Cassel <niklas.cassel@axis.com>
net: stmmac: ensure that the MSS desc is the last desc to set the own bit
Niklas Cassel <niklas.cassel@axis.com>
net: stmmac: ensure that the device has released ownership before reading data
Monk Liu <Monk.Liu@amd.com>
drm/amdgpu: adjust timeout for ib_ring_tests(v2)
Monk Liu <Monk.Liu@amd.com>
drm/amdgpu: disable GFX ring and disable PQ wptr in hw_fini
Ravikumar Kattekola <rk@ti.com>
ARM: dts: dra71-evm: Correct evm_sd regulator max voltage
Laurent Pinchart <laurent.pinchart@ideasonboard.com>
drm: omapdrm: dss: Move initialization code from component bind to probe
Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
dmaengine: qcom: bam_dma: get num-channels and num-ees from dt
Cornelia Huck <cohuck@redhat.com>
vfio-ccw: fence off transport mode
Niklas Cassel <niklas.cassel@axis.com>
pinctrl: artpec6: dt: add missing pin group uart5nocts
Richard Fitzgerald <rf@opensource.cirrus.com>
pinctrl: devicetree: Fix dt_to_map_one_config handling of hogs
lionel.debieve@st.com <lionel.debieve@st.com>
hwrng: stm32 - add reset during probe
Alexey Khoroshilov <khoroshilov@ispras.ru>
watchdog: asm9260_wdt: fix error handling in asm9260_wdt_probe()
Govindarajulu Varadarajan <gvaradar@cisco.com>
enic: enable rq before updating rq descriptors
Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
dmaengine: rcar-dmac: Check the done lists in rcar_dmac_chan_get_residue()
Qi Hou <qi.hou@windriver.com>
dmaengine: pl330: fix a race condition in case of threaded irqs
Ming Lei <ming.lei@redhat.com>
block: null_blk: fix 'Invalid parameters' when loading module
Dexuan Cui <decui@microsoft.com>
tools: hv: fix compiler warnings about major/target_fname
Linus Walleij <linus.walleij@linaro.org>
drm/bridge: sii902x: Retry status read after DDI I2C
Vivek Gautam <vivek.gautam@codeaurora.org>
phy: qcom-qmp: Fix phy pipe clock gating
Takashi Iwai <tiwai@suse.de>
ALSA: vmaster: Propagate slave error
Shawn Lin <shawn.lin@rock-chips.com>
phy: rockchip-emmc: retry calpad busy trimming
Ivan Gorinov <ivan.gorinov@intel.com>
x86/devicetree: Fix device IRQ settings in DT
Ivan Gorinov <ivan.gorinov@intel.com>
x86/devicetree: Initialize device tree before using it
Andreas Gruenbacher <agruenba@redhat.com>
gfs2: Fix fallocate chunk size
Bjorn Andersson <bjorn.andersson@linaro.org>
soc: qcom: wcnss_ctrl: Fix increment in NV upload
Ilia Lin <ilialin@codeaurora.org>
arm64: dts: qcom: Fix SPI5 config on MSM8996
Kan Liang <kan.liang@linux.intel.com>
perf/x86/intel: Fix event update for auto-reload
Kan Liang <kan.liang@linux.intel.com>
perf/x86/intel: Fix large period handling on Broadwell CPUs
Mark Rutland <mark.rutland@arm.com>
efi/arm*: Only register page tables when they exist
Maurizio Lombardi <mlombard@redhat.com>
cdrom: do not call check_disk_change() inside cdrom_open()
Kan Liang <kan.liang@linux.intel.com>
perf/x86/intel: Properly save/restore the PMU state in the NMI handler
Guenter Roeck <linux@roeck-us.net>
hwmon: (pmbus/adm1275) Accept negative page register values
Guenter Roeck <linux@roeck-us.net>
hwmon: (pmbus/max8688) Accept negative page register values
Eric Anholt <eric@anholt.net>
drm/panel: simple: Fix the bus format for the Ontat panel
Peter Zijlstra <peterz@infradead.org>
perf/core: Fix perf_output_read_group()
Pierre Bourdon <delroth@google.com>
max17042: propagate of_node to power supply device
leilei.lin <leilei.lin@alibaba-inc.com>
perf/core: Fix installing cgroup events on CPU
Chao Yu <yuchao0@huawei.com>
f2fs: fix to check extent cache in f2fs_drop_extent_tree
Chao Yu <yuchao0@huawei.com>
f2fs: fix to clear CP_TRIMMED_FLAG
Chao Yu <yuchao0@huawei.com>
f2fs: fix to set KEEP_SIZE bit in f2fs_zero_range
Vaibhav Jain <vaibhav@linux.vnet.ibm.com>
cxl: Check if PSL data-cache is available before issue flush request
Alistair Popple <alistair@popple.id.au>
powerpc/powernv/npu: Fix deadlock in mmio_invalidate()
Mathieu Malaterre <malat@debian.org>
powerpc: Add missing prototype for arch_irq_work_raise()
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
drm/meson: Fix an un-handled error path in 'meson_drv_bind_master()'
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
drm/meson: Fix some error handling paths in 'meson_drv_bind_master()'
Kamlakant Patel <kamlakant.patel@cavium.com>
ipmi_ssif: Fix kernel panic at msg_done_handler
Milton Miller <miltonm@us.ibm.com>
watchdog: aspeed: Fix translation of reset mode to ctrl register
Brian Norris <briannorris@chromium.org>
watchdog: dw: RMW the control register
Rafael J. Wysocki <rjw@rjwysocki.net>
PCI: Restore config space on runtime resume despite being unbound
Mathias Kresin <dev@kresin.me>
MIPS: ath79: Fix AR724X_PLL_REG_PCIE_CONFIG offset
Ursula Braun <ubraun@linux.vnet.ibm.com>
net/smc: pay attention to MAX_ORDER for CQ entries
Christophe Jaillet <christophe.jaillet@wanadoo.fr>
spi: bcm-qspi: fIX some error handling paths
Christophe Jaillet <christophe.jaillet@wanadoo.fr>
regulator: gpio: Fix some error handling paths in 'gpio_regulator_probe()'
Leo Yan <leo.yan@linaro.org>
coresight: Use %px to print pcsr instead of %p
Oded Gabbay <oded.gabbay@gmail.com>
drm/amdkfd: add missing include of mm.h
Parav Pandit <parav@mellanox.com>
IB/core: Honor port_num while resolving GID for IB link layer
Thomas Richter <tmricht@linux.vnet.ibm.com>
perf stat: Fix core dump when flag T is used
Yisheng Xie <xieyisheng1@huawei.com>
perf top: Fix top.call-graph config option reading
Vitaly Kuznetsov <vkuznets@redhat.com>
KVM: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in use
Gregory CLEMENT <gregory.clement@bootlin.com>
i2c: mv64xxx: Apply errata delay only in standard mode
Arjun Vynipadath <arjun@chelsio.com>
cxgb4: Fix queue free path of ULD drivers
Seunghun Han <kkamagui@gmail.com>
ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c
Bob Moore <robert.moore@intel.com>
ACPICA: Fix memory leak on unusual memory leak
Erik Schmauss <erik.schmauss@intel.com>
ACPICA: Events: add a return on failure from acpi_hw_register_read
Icenowy Zheng <icenowy@aosc.io>
dt-bindings: add device tree binding for Allwinner H6 main CCU
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
remoteproc: imx_rproc: Fix an error handling path in 'imx_rproc_probe()'
Coly Li <colyli@suse.de>
bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set
Michael Schmitz <schmitzmic@gmail.com>
zorro: Set up z->dev.dma_mask for the DMA API
Honggang Li <honli@redhat.com>
IB/mlx5: Set the default active rate and width to QDR and 4X
Chunyu Hu <chuhu@redhat.com>
cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path
Yong Wu <yong.wu@mediatek.com>
iommu/mediatek: Fix protect memory setting
Thomas Hellstrom <thellstrom@vmware.com>
drm/vmwgfx: Unpin the screen object backup buffer when not used
Eric Sandeen <sandeen@redhat.com>
ext4: don't complain about incorrect features when probing
Philipp Puschmann <pp@emlix.com>
arm: dts: socfpga: fix GIC PPI warning
Jay Vosburgh <jay.vosburgh@canonical.com>
virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS
Milton Miller <miltonm@us.ibm.com>
watchdog: aspeed: Allow configuring for alternate boot
Petr Vorel <pvorel@suse.cz>
ima: Fallback to the builtin hash algorithm
Jiandi An <anjiandi@codeaurora.org>
ima: Fix Kconfig to select TPM 2.0 CRB interface
Arjun Vynipadath <arjun@chelsio.com>
cxgb4: Setup FW queues before registering netdev
Sebastian Gottschall <s.gottschall@dd-wrt.com>
ath9k: fix crash in spectral scan
Jarosław Janik <jaroslaw.janik@gmail.com>
nvme-pci: disable APST for Samsung NVMe SSD 960 EVO + ASUS PRIME Z370-A
Karthikeyan Periyasamy <periyasa@codeaurora.org>
ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk)
Alexey Khoroshilov <khoroshilov@ispras.ru>
watchdog: davinci_wdt: fix error handling in davinci_wdt_probe()
Leon Romanovsky <leonro@mellanox.com>
net/mlx5: Protect from command bit overflow
Michael Ellerman <mpe@ellerman.id.au>
selftests: Print the test we're running to /dev/kmsg
Frank Asseg <frank.asseg@objecthunter.net>
tools/thermal: tmon: fix for segfault
Amitkumar Karwar <amit.karwar@redpinesignals.com>
rsi: fix kernel panic observed on 64bit machine
Michael Ellerman <mpe@ellerman.id.au>
powerpc/perf: Fix kernel address leak via sampling registers
Madhavan Srinivasan <maddy@linux.vnet.ibm.com>
powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer
Guenter Roeck <linux@roeck-us.net>
hwmon: (nct6775) Fix writing pwmX_mode
Helge Deller <deller@gmx.de>
parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode
Luca Coelho <luciano.coelho@intel.com>
iwlwifi: mvm: check if mac80211_queue is valid in iwl_mvm_disable_txq
Greg Ungerer <gerg@linux-m68k.org>
m68k: set dma and coherent masks for platform FEC ethernets
Alexander Shishkin <alexander.shishkin@linux.intel.com>
intel_th: Use correct method of finding hub
Sebastian Andrzej Siewior <bigeasy@linutronix.de>
iommu/amd: Take into account that alloc_dev_data() may return NULL
Anilkumar Kolli <akolli@codeaurora.org>
ath10k: advertize beacon_int_min_gcd
Harry Morris <h.morris@cascoda.com>
ieee802154: ca8210: fix uninitialised data read
Michael Ellerman <mpe@ellerman.id.au>
powerpc/mpic: Check if cpu_possible() in mpic_physmask()
Lenny Szubowicz <lszubowi@redhat.com>
ACPI: acpi_pad: Fix memory leak in power saving threads
Aaro Koskinen <aaro.koskinen@iki.fi>
drivers: macintosh: rack-meter: really fix bogus memsets
Dan Carpenter <dan.carpenter@oracle.com>
xen/acpi: off by one in read_acpi_id()
David Howells <dhowells@redhat.com>
rxrpc: Don't treat call aborts as conn aborts
David Howells <dhowells@redhat.com>
rxrpc: Fix Tx ring annotation after initial Tx failure
Qu Wenruo <wqu@suse.com>
btrfs: qgroup: Fix root item corruption when multiple same source snapshots are created with quota enabled
Jeff Mahoney <jeffm@suse.com>
btrfs: fix lockdep splat in btrfs_alloc_subvolume_writers
Filipe Manana <fdmanana@suse.com>
Btrfs: fix copy_items() return value when logging an inode
Qu Wenruo <wqu@suse.com>
btrfs: tests/qgroup: Fix wrong tree backref level
Nicholas Piggin <npiggin@gmail.com>
powerpc/64s: sreset panic if there is no debugger or crash dump handlers
Florian Fainelli <f.fainelli@gmail.com>
net: bgmac: Correctly annotate register space
Florian Fainelli <f.fainelli@gmail.com>
net: bgmac: Fix endian access in bgmac_dma_tx_ring_free()
David S. Miller <davem@davemloft.net>
sparc64: Make atomic_xchg() an inline function rather than a macro.
David Howells <dhowells@redhat.com>
fscache: Fix hanging wait on page discarded by writeback
Alexander Graf <agraf@suse.de>
lan78xx: Connect phy early
Sean Christopherson <sean.j.christopherson@intel.com>
KVM: VMX: raise internal error for exception during invalid protected mode state
Sai Praneeth <sai.praneeth.prakhya@intel.com>
x86/mm: Fix bogus warning during EFI bootup, use boot_cpu_has() instead of this_cpu_has() in build_cr3_noflush()
Davidlohr Bueso <dave@stgolabs.net>
sched/rt: Fix rq->clock_update_flags < RQCF_ACT_SKIP warning
Nicholas Piggin <npiggin@gmail.com>
powerpc/64s/idle: Fix restore of AMOR on POWER9 after deep sleep
Jun Piao <piaojun@huawei.com>
ocfs2/dlm: don't handle migrate lockres if already in shutdown
Mikhail Malygin <mikhail@malygin.me>
IB/rxe: Fix for oops in rxe_register_device on ppc64le arch
Nikolay Borisov <nborisov@suse.com>
btrfs: Fix possible softlock on single core machines
Liu Bo <bo.liu@linux.alibaba.com>
Btrfs: fix NULL pointer dereference in log_dir_items
Liu Bo <bo.liu@linux.alibaba.com>
Btrfs: bail out on error during replay_dir_deletes
Yang Shi <yang.shi@linux.alibaba.com>
mm: thp: fix potential clearing to referenced flag in page_idle_clear_pte_refs_one()
Huang Ying <ying.huang@intel.com>
mm: fix races between address_space dereference and free in page_evicatable
Claudio Imbrenda <imbrenda@linux.vnet.ibm.com>
mm/ksm: fix interaction with THP
Thomas Falcon <tlfalcon@linux.vnet.ibm.com>
ibmvnic: Zero used TX descriptor counter on reset
Esben Haabendal <eha@deif.com>
dp83640: Ensure against premature access to PHY registers after reset
Sandipan Das <sandipan@linux.vnet.ibm.com>
perf clang: Add support for recent clang versions
Sandipan Das <sandipan@linux.vnet.ibm.com>
perf tools: Fix perf builds with clang support
Anshuman Khandual <khandual@linux.vnet.ibm.com>
powerpc/fscr: Enable interrupts earlier before calling get_user()
Shunyong Yang <shunyong.yang@hxt-semitech.com>
cpufreq: CPPC: Initialize shared perf capabilities of CPUs
Carlos Maiolino <cmaiolino@redhat.com>
Force log to disk before reading the AGF during a fstrim
Jens Axboe <axboe@kernel.dk>
sr: get/drop reference to device in revalidate and check_events
Xidong Wang <wangxidong_97@163.com>
z3fold: fix memory leak
Tom Abraham <tabraham@suse.com>
swap: divide-by-zero when zero length swap file on ssd
Danilo Krummrich <danilokrummrich@dk-develop.de>
fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table
Dave Hansen <dave.hansen@linux.intel.com>
x86/mm: Do not forbid _PAGE_RW before init for __ro_after_init
Joerg Roedel <joro@8bytes.org>
x86/pgtable: Don't set huge PUD/PMD on non-leaf entries
Filipe Manana <fdmanana@suse.com>
Btrfs: fix loss of prealloc extents past i_size after fsync log replay
Liu Bo <bo.liu@linux.alibaba.com>
Btrfs: clean up resources during umount after trans is aborted
Johannes Thumshirn <jthumshirn@suse.de>
nvme: don't send keep-alives to the discovery controller
Jean Delvare <jdelvare@suse.de>
firmware: dmi_scan: Fix UUID length safety check
Rich Felker <dalias@libc.org>
sh: fix debug trap failure to process signals before return to user
Yelena Krivosheev <yelena@marvell.com>
net: mvneta: fix enable of all initialized RXQs
Toshiaki Makita <makita.toshiaki@lab.ntt.co.jp>
vlan: Fix vlan insertion for packets without ethernet header
Toshiaki Makita <makita.toshiaki@lab.ntt.co.jp>
net: Fix untag for vlan packets without ethernet header
Manish Chopra <manish.chopra@cavium.com>
qede: Do not drop rx-checksum invalidated packets.
Stephen Hemminger <stephen@networkplumber.org>
hv_netvsc: enable multicast if necessary
Vinayak Menon <vinmenon@codeaurora.org>
mm/kmemleak.c: wait for scan completion before disabling free
Steven J. Hill <steven.hill@cavium.com>
mm/vmstat.c: fix vmstat_update() preemption BUG
Maninder Singh <maninder1.s@samsung.com>
mm/page_owner: fix recursion bug after changing skip entries
Shakeel Butt <shakeelb@google.com>
mm, slab: memcg_link the SLAB's kmem_cache
Manish Chopra <manish.chopra@cavium.com>
qede: Fix barrier usage after tx doorbell write.
Jan Kiszka <jan.kiszka@siemens.com>
builddeb: Fix header package regarding dtc source links
Cong Wang <xiyou.wangcong@gmail.com>
llc: properly handle dev_queue_xmit() return value
Alexey Dobriyan <adobriyan@gmail.com>
x86/alternatives: Fixup alternative_call_2
Stephane Eranian <eranian@google.com>
perf/x86/intel: Fix linear IP of PEBS real_ip on Haswell and later CPUs
Or Gerlitz <ogerlitz@mellanox.com>
net/mlx5: Make eswitch support to depend on switchdev
Sean Wang <sean.wang@mediatek.com>
net: dsa: mt7530: fix module autoloading for OF platform drivers
Xin Long <lucien.xin@gmail.com>
bonding: fix the err path for dev hwaddr sync in bond_enslave
Pawel Dembicki <paweldembicki@gmail.com>
net: qmi_wwan: add BroadMobi BM806U 2020:2033
Raghuram Chary J <raghuramchary.jallipalli@microchip.com>
lan78xx: Set ASD in MAC_CR when EEE is enabled.
Jinbum Park <jinb.park7@gmail.com>
ARM: 8748/1: mm: Define vdso_start, vdso_end as array
Linus Lüssing <linus.luessing@c0d3.blue>
batman-adv: fix packet loss for broadcasted DHCP packets to a server
Linus Lüssing <linus.luessing@c0d3.blue>
batman-adv: fix multicast-via-unicast transmission with AP isolation
Felix Kuehling <Felix.Kuehling@amd.com>
drm/amdkfd: Fix scratch memory with HWS enabled
Masami Hiramatsu <mhiramat@kernel.org>
selftests: ftrace: Add a testcase for probepoint
Masami Hiramatsu <mhiramat@kernel.org>
selftests: ftrace: Add a testcase for string type with kprobe_event
Masami Hiramatsu <mhiramat@kernel.org>
selftests: ftrace: Add probe event argument syntax testcase
Steffen Klassert <steffen.klassert@secunet.com>
xfrm: Fix transport mode skb control buffer usage.
David Rientjes <rientjes@google.com>
mm, thp: do not cause memcg oom for thp
Yisheng Xie <xieyisheng1@huawei.com>
mm/mempolicy.c: avoid use uninitialized preferred_node
Y.C. Chen <yc_chen@aspeedtech.com>
drm/ast: Fixed 1280x800 Display Issue
Dan Carpenter <dan.carpenter@oracle.com>
macsec: missing dev_put() on error in macsec_newlink()
Florian Fainelli <f.fainelli@gmail.com>
net: dsa: Fix functional dsa-loop dependency on FIXED_PHY
Davide Caratti <dcaratti@redhat.com>
net/sched: fix idr leak in the error path of tcf_skbmod_init()
Davide Caratti <dcaratti@redhat.com>
net/sched: fix idr leak in the error path of __tcf_ipt_init()
Davide Caratti <dcaratti@redhat.com>
net/sched: fix idr leak in the error path of tcp_pedit_init()
Davide Caratti <dcaratti@redhat.com>
net/sched: fix idr leak in the error path of tcf_act_police_init()
Davide Caratti <dcaratti@redhat.com>
net/sched: fix idr leak in the error path of tcf_simp_init()
Davide Caratti <dcaratti@redhat.com>
net/sched: fix idr leak on the error path of tcf_bpf_init()
Kalderon, Michal <Michal.Kalderon@cavium.com>
RDMA/qedr: Fix QP state initialization race
Kalderon, Michal <Michal.Kalderon@cavium.com>
RDMA/qedr: Fix rc initialization on CNQ allocation failure
Kalderon, Michal <Michal.Kalderon@cavium.com>
RDMA/qedr: fix QP's ack timeout configuration
Chien Tin Tung <chien.tin.tung@intel.com>
RDMA/ucma: Correct option size check using optlen
Nicolas Pitre <nicolas.pitre@linaro.org>
kbuild: make scripts/adjust_autoksyms.sh robust against timestamp races
Stefan Wahren <stefan.wahren@i2se.com>
brcmfmac: Fix check for ISO3166 code
Song Liu <songliubraving@fb.com>
perf/cgroup: Fix child event counting bug
Thierry Reding <treding@nvidia.com>
drm/tegra: Shutdown on driver unbind
Avraham Stern <avraham.stern@intel.com>
iwlwifi: mvm: fix array out of bounds reference
Avraham Stern <avraham.stern@intel.com>
iwlwifi: mvm: make sure internal station has a valid id
Avraham Stern <avraham.stern@intel.com>
iwlwifi: mvm: clear tx queue id when unreserving aggregation queue
Andrei Otcheretianski <andrei.otcheretianski@intel.com>
iwlwifi: mvm: Increase session protection time after CS
Stefano Brivio <sbrivio@redhat.com>
vti6: Fix dev->max_mtu setting
Stefano Brivio <sbrivio@redhat.com>
vti4: Don't override MTU passed on link creation via IFLA_MTU
Stefano Brivio <sbrivio@redhat.com>
ip_tunnel: Clamp MTU to bounds on new link
Stefano Brivio <sbrivio@redhat.com>
vti4: Don't count header length twice on tunnel setup
Sven Eckelmann <sven@narfation.org>
batman-adv: Fix skbuff rcsum on packet reroute
Davide Caratti <dcaratti@redhat.com>
net/sched: fix NULL dereference in the error path of tcf_sample_init()
Matthias Schiffer <mschiffer@universe-factory.net>
batman-adv: fix header size check in batadv_dbg_arp()
Toshiaki Makita <makita.toshiaki@lab.ntt.co.jp>
vlan: Fix out of order vlan headers with reorder header off
Toshiaki Makita <makita.toshiaki@lab.ntt.co.jp>
net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off
Rob Herring <robh@kernel.org>
microblaze: switch to NO_BOOTMEM
Johannes Berg <johannes.berg@intel.com>
iwlwifi: mvm: fix error checking for multi/broadcast sta
Beni Lev <beni.lev@intel.com>
iwlwifi: mvm: Correctly set IGTK for AP
Emmanuel Grumbach <emmanuel.grumbach@intel.com>
iwlwifi: mvm: set the correct tid when we flush the MCAST sta
Taehee Yoo <ap420073@gmail.com>
xfrm: fix rcu_read_unlock usage in xfrm_local_error
Karol Herbst <kherbst@redhat.com>
drm/nouveau/bl: fix backlight regression
Lucas Stach <l.stach@pengutronix.de>
drm/imx: move arming of the vblank event to atomic_flush
Arnd Bergmann <arnd@arndb.de>
gpu: ipu-v3: prg: avoid possible array underflow
Andre Przywara <andre.przywara@arm.com>
KVM: arm/arm64: vgic: Add missing irq_lock to vgic_mmio_read_pending
Cathy Zhou <Cathy.Zhou@Oracle.COM>
sunvnet: does not support GSO for sctp
Sabrina Dubroca <sd@queasysnail.net>
ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu
Arvind Yadav <arvind.yadav.cs@gmail.com>
workqueue: use put_device() instead of kfree()
Michael Chan <michael.chan@broadcom.com>
bnxt_en: Check valid VNIC ID in bnxt_hwrm_vnic_set_tpa().
Bich HEMON <bich.hemon@st.com>
can: m_can: select pinctrl state in each suspend/resume function
Wolfram Sang <wsa+renesas@sang-engineering.com>
can: m_can: change comparison to bitshift when dealing with a mask
Florian Westphal <fw@strlen.de>
netfilter: ebtables: fix erroneous reject of last rule
Gregory CLEMENT <gregory.clement@bootlin.com>
dmaengine: mv_xor_v2: Fix clock resource by adding a register clock
Luis R. Rodriguez <mcgrof@kernel.org>
lib/test_kmod.c: fix limit check on number of test devices created
Li Zhijian <zhijianx.li@intel.com>
selftests/vm/run_vmtests: adjust hugetlb size according to nr_cpus
Marc Zyngier <marc.zyngier@arm.com>
arm64: Relax ARM_SMCCC_ARCH_WORKAROUND_1 discovery
Bartosz Golaszewski <bgolaszewski@baylibre.com>
ARM: davinci: fix the GPIO lookup for omapl138-hawk
Stephen Hemminger <stephen@networkplumber.org>
hv_netvsc: fix locking during VF setup
Stephen Hemminger <stephen@networkplumber.org>
hv_netvsc: fix locking for rx_mode
Stephen Hemminger <stephen@networkplumber.org>
hv_netvsc: fix filter flags
Arvind Yadav <arvind.yadav.cs@gmail.com>
xen: xenbus: use put_device() instead of kfree()
Bhavesh Davda <bhavesh.davda@oracle.com>
xen-blkfront: move negotiate_mq to cover all cases of new VBDs
Ganesh Goudar <ganeshgr@chelsio.com>
cxgb4: do not set needs_free_netdev for mgmt dev's
Parav Pandit <parav@mellanox.com>
IB/core: Fix possible crash to access NULL netdev
Jeremy Linton <jeremy.linton@arm.com>
net: smsc911x: Fix unload crash when link is up
Hemanth Puranik <hpuranik@codeaurora.org>
net: qcom/emac: Use proper free methods during TX
Michal Kalderon <Michal.Kalderon@cavium.com>
qed: Free RoCE ILT Memory on rmmod qedr
Denis Kirjanov <kda@linux-powerpc.org>
fsl/fman: avoid sleeping in atomic context while adding an address
Peter Malone <peter.malone@gmail.com>
fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper().
Dan Carpenter <dan.carpenter@oracle.com>
IB/mlx5: Fix an error code in __mlx5_ib_modify_qp()
Jack M <jackm@dev.mellanox.co.il>
IB/mlx4: Include GID type when deleting GIDs from HW table under RoCE
Jack Morgenstein <jackm@dev.mellanox.co.il>
IB/mlx4: Fix corruption of RoCEv2 IPv4 GIDs
Kalderon, Michal <Michal.Kalderon@cavium.com>
RDMA/qedr: Fix iWARP write and send with immediate
Kalderon, Michal <Michal.Kalderon@cavium.com>
RDMA/qedr: Fix kernel panic when running fio over NFSoRDMA
Davidlohr Bueso <dave@stgolabs.net>
ia64/err-inject: Use get_user_pages_fast()
Pierre-Yves Kerbrat <pkerbrat@kalray.eu>
e1000e: allocate ring descriptors with dma_zalloc_coherent
Benjamin Poirier <bpoirier@suse.com>
e1000e: Fix check_for_link return value with autoneg off
Jiri Olsa <jolsa@kernel.org>
perf record: Fix crash in pipe mode
Rob Herring <robh@kernel.org>
ARM: dts: rockchip: Add missing #sound-dai-cells on rk3288
Stephen Hemminger <stephen@networkplumber.org>
hv_netvsc: propagate rx filters to VF
Stephen Hemminger <stephen@networkplumber.org>
hv_netvsc: filter multicast/broadcast
Stephen Hemminger <stephen@networkplumber.org>
hv_netvsc: use napi_schedule_irqoff
Linus Lüssing <linus.luessing@c0d3.blue>
batman-adv: Fix multicast packet loss with a single WANT_ALL_IPV4/6 flag
Jayachandran C <jnair@caviumnetworks.com>
watchdog: sbsa: use 32-bit read for WCV
Igor Pylypiv <igor.pylypiv@gmail.com>
watchdog: f71808e_wdt: Fix magic close handling
Ka-Cheong Poon <ka-cheong.poon@oracle.com>
rds: Incorrect reference counting in TCP socket creation
Ilan Peer <ilan.peer@intel.com>
iwlwifi: mvm: Correctly set the tid for mcast queue
Ilan Peer <ilan.peer@intel.com>
iwlwifi: mvm: Direct multicast frames to the correct station
Sara Sharon <sara.sharon@intel.com>
iwlwifi: mvm: fix "failed to remove key" message
Shaul Triebitz <shaul.triebitz@intel.com>
iwlwifi: avoid collecting firmware dump if not loaded
Sara Sharon <sara.sharon@intel.com>
iwlwifi: mvm: fix assert 0x2B00 on older FWs
Andrei Otcheretianski <andrei.otcheretianski@intel.com>
iwlwifi: mvm: Fix channel switch for count 0 and 1
Sara Sharon <sara.sharon@intel.com>
iwlwifi: mvm: fix TX of CCMP 256
Edward Cree <ecree@solarflare.com>
net: ethtool: don't ignore return from driver get_fecparam method
Hannes Reinecke <hare@suse.de>
scsi: core: return BLK_STS_OK for DID_OK in __scsi_error_from_host_byte()
Michael Ellerman <mpe@ellerman.id.au>
selftests/powerpc: Skip the subpage_prot tests if the syscall is unavailable
Ming Lei <ming.lei@redhat.com>
nvme: pci: pass max vectors as num_possible_cpus() to pci_alloc_irq_vectors
Wen Xiong <wenxiong@linux.vnet.ibm.com>
nvme-pci: Fix EEH failure on ppc
Jiufei Xue <jiufei.xue@linux.alibaba.com>
block: display the correct diskname for bio
Chengguang Xu <cgxu519@icloud.com>
ceph: fix potential memory leak in init_caches()
Filipe Manana <fdmanana@suse.com>
Btrfs: fix log replay failure after linking special file and fsync
Filipe Manana <fdmanana@suse.com>
Btrfs: send, fix issuing write op when processing hole in no data mode
Jeff Mahoney <jeffm@suse.com>
btrfs: use kvzalloc to allocate btrfs_fs_info
Giulio Benetti <giulio.benetti@micronovasrl.com>
drm/sun4i: Fix dclk_set_phase
Douglas Anderson <dianders@chromium.org>
arm64: dts: rockchip: Fix rk3399-gru-* s2r (pinctrl hogs, wifi reset)
Steffen Klassert <steffen.klassert@secunet.com>
xfrm: Fix ESN sequence number handling for IPsec GSO packets.
Tom St Denis <tom.stdenis@amd.com>
drm/amd/amdgpu: Correct VRAM width for APUs with GMC9
Roger Pau Monne <roger.pau@citrix.com>
xen/pirq: fix error path cleanup when binding MSIs
Selvin Xavier <selvin.xavier@broadcom.com>
RDMA/bnxt_re: Fix the ib_reg failure cleanup
Devesh Sharma <devesh.sharma@broadcom.com>
RDMA/bnxt_re: Fix incorrect DB offset calculation
Devesh Sharma <devesh.sharma@broadcom.com>
RDMA/bnxt_re: Unconditionly fence non wire memory operations
Moni Shoua <monis@mellanox.com>
IB/mlx: Set slid to zero in Ethernet completion struct
Julian Anastasov <ja@ssi.bg>
ipvs: remove IPS_NAT_MASK check to fix passive FTP
Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
ARC: setup cpu possible mask according to possible-cpus dts property
Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
ARC: mcip: update MCIP debug mask when the new cpu came online
Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
ARC: mcip: halt GFRC counter when ARC cores halt
Ido Schimmel <idosch@mellanox.com>
spectrum: Reference count VLAN entries
Ido Schimmel <idosch@mellanox.com>
mlxsw: spectrum: Treat IPv6 unregistered multicast as broadcast
Jiri Pirko <jiri@mellanox.com>
mlxsw: core: Fix flex keys scratchpad offset conflict
Karsten Graul <kgraul@linux.vnet.ibm.com>
net/smc: use link_id of server in confirm link reply
Max Gurtovoy <maxg@mellanox.com>
nvmet: fix PSDT field check in command format
Joey Pabalinas <joeypabalinas@gmail.com>
net/tcp/illinois: replace broken algorithm reference link
Claudiu Manoil <claudiu.manoil@nxp.com>
gianfar: Fix Rx byte accounting for ndev stats
Felix Fietkau <nbd@nbd.name>
clocksource/drivers/mips-gic-timer: Use correct shift count to extract data
Guenter Roeck <linux@roeck-us.net>
powerpc/boot: Fix random libfdt related build errors
Stefan Wahren <stefan.wahren@i2se.com>
ARM: dts: bcm283x: Fix unit address of local_intc
Florian Fainelli <f.fainelli@gmail.com>
ARM: dts: NSP: Fix amount of RAM on BCM958625HR
Gustavo A. R. Silva <gustavo@embeddedor.com>
nbd: fix return value in error handling path
Xin Long <lucien.xin@gmail.com>
sit: fix IFLA_MTU ignored on NEWLINK
Xin Long <lucien.xin@gmail.com>
ip6_tunnel: fix IFLA_MTU ignored on NEWLINK
Xin Long <lucien.xin@gmail.com>
ip_gre: fix IFLA_MTU ignored on NEWLINK
Tang Junhui <tang.junhui@zte.com.cn>
bcache: fix kcrashes with fio in RAID5 backend dev
Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3
Dave Airlie <airlied@redhat.com>
virtio-gpu: fix ioctl and expose the fixed status to userspace.
Eric Dumazet <edumazet@google.com>
r8152: fix tx packets accounting
Daniel Díaz <daniel.diaz@linaro.org>
selftests/futex: Fix line continuation in Makefile
Ramon Fried <rfried@codeaurora.org>
qrtr: add MODULE_ALIAS macro to smd
David S. Miller <davem@davemloft.net>
ARM: orion5x: Revert commit 4904dbda41c8.
Colin Ian King <colin.king@canonical.com>
xen/pvcalls: fix null pointer dereference on map->sock
Chengguang Xu <cgxu519@icloud.com>
ceph: fix dentry leak when failing to init debugfs
Chengguang Xu <cgxu519@icloud.com>
libceph, ceph: avoid memory leak when specifying same option several times
Colin Ian King <colin.king@canonical.com>
clocksource/drivers/fsl_ftm_timer: Fix error return checking
Jianchao Wang <jianchao.w.wang@oracle.com>
nvme-pci: Fix nvme queue cleanup if IRQ setup fails
Sven Eckelmann <sven@narfation.org>
batman-adv: Fix netlink dumping of BLA backbones
Sven Eckelmann <sven@narfation.org>
batman-adv: Fix netlink dumping of BLA claims
Sven Eckelmann <sven.eckelmann@openmesh.com>
batman-adv: Ignore invalid batadv_v_gw during netlink send
Sven Eckelmann <sven.eckelmann@openmesh.com>
batman-adv: Ignore invalid batadv_iv_gw during netlink send
Florian Westphal <fw@strlen.de>
netfilter: ebtables: convert BUG_ONs to WARN_ONs
Florian Westphal <fw@strlen.de>
netfilter: ipt_CLUSTERIP: put config instead of freeing it
Florian Westphal <fw@strlen.de>
netfilter: ipt_CLUSTERIP: put config struct if we can't increment ct refcount
Matthias Schiffer <mschiffer@universe-factory.net>
batman-adv: invalidate checksum on fragment reassembly
Matthias Schiffer <mschiffer@universe-factory.net>
batman-adv: fix packet checksum in receive path
Yufen Yu <yuyufen@huawei.com>
md/raid1: fix NULL pointer dereference
BingJing Chang <bingjingc@synology.com>
md: fix a potential deadlock of raid5/raid10 reshape
Will Deacon <will.deacon@arm.com>
fs: dcache: Use READ_ONCE when accessing i_dir_seq
Will Deacon <will.deacon@arm.com>
fs: dcache: Avoid livelock between d_alloc_parallel and __d_add
Shyam Saini <shyam@amarulasolutions.com>
ARM: dts: imx6dl: Include correct dtsi file for Engicam i.CoreM6 DualLite/Solo RQS
Sebastian Ott <sebott@linux.vnet.ibm.com>
kvm: fix warning for CONFIG_HAVE_KVM_EVENTFD builds
Chao Gao <chao.gao@intel.com>
KVM: nVMX: Don't halt vcpu when L1 is injecting events to L2
Alexey Kodanev <alexey.kodanev@oracle.com>
macvlan: fix use-after-free in macvlan_common_newlink()
Pratyush Anand <panand@redhat.com>
arm64: fix unwind_frame() for filtered out fn for function graph tracing
Felix Fietkau <nbd@nbd.name>
mac80211: drop frames with unexpected DS bits from fast-rx to slow path
Samuel Neves <sneves@dei.uc.pt>
x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations
Andrea Parri <parri.andrea@gmail.com>
locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs
Wang Hui <john.wanghui@huawei.com>
x86/intel_rdt: Fix incorrect returned value when creating rdgroup sub-directory in resctrl file system
Randy Dunlap <rdunlap@infradead.org>
integrity/security: fix digsig.c build error with header file
Johannes Berg <johannes.berg@intel.com>
regulatory: add NUL to request alpha2
Eric Dumazet <edumazet@google.com>
smsc75xx: fix smsc75xx_set_features()
Tony Lindgren <tony@atomide.com>
ARM: OMAP: Fix dmtimer init for omap1
Bill.Baker@oracle.com <Bill.Baker@oracle.com>
nfs: system crashes after NFS4ERR_MOVED recovery
Rob Herring <robh@kernel.org>
arm64: dts: cavium: fix PCI bus dtc warnings
Eric Biggers <ebiggers@google.com>
PKCS#7: fix direct verification of SignerInfo signature
Li Zhijian <zhijianx.li@intel.com>
selftests/bpf/test_maps: exit child process without error in ENOMEM case
Sebastian Ott <sebott@linux.vnet.ibm.com>
s390/cio: clear timer when terminating driver I/O
Sebastian Ott <sebott@linux.vnet.ibm.com>
s390/cio: fix return code after missing interrupt
Sebastian Ott <sebott@linux.vnet.ibm.com>
s390/cio: fix ccw_device_start_timeout API
Mark Lord <mlord@pobox.com>
powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access
Stefan Agner <stefan@agner.ch>
soc: imx: gpc: de-register power domains only if initialized
Tycho Andersen <tycho@tycho.ws>
seccomp: add a selftest for get_metadata
Anders Roxell <anders.roxell@linaro.org>
selftests/memfd: add run_fuse_test.sh to TEST_FILES
Arnd Bergmann <arnd@arndb.de>
bug.h: work around GCC PR82365 in BUG()
David Rientjes <rientjes@google.com>
kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE
Jesper Dangaard Brouer <brouer@redhat.com>
virtio_net: fix XDP code path in receive_small()
Arnd Bergmann <arnd@arndb.de>
md: raid5: avoid string overflow warning
Andrea Parri <parri.andrea@gmail.com>
locking/xchg/alpha: Add unconditional memory barrier to cmpxchg()
Or Gerlitz <ogerlitz@mellanox.com>
net/mlx5e: Return error if prio is specified when offloading eswitch vlan push
Thomas Falcon <tlfalcon@linux.vnet.ibm.com>
ibmvnic: Check for NULL skb's in NAPI poll routine
Selvin Xavier <selvin.xavier@broadcom.com>
RDMA/bnxt_re: Fix system crash during load/unload
Devesh Sharma <devesh.sharma@broadcom.com>
RDMA/bnxt_re: Unpin SQ and RQ memory if QP create fails
Mark Rutland <mark.rutland@arm.com>
arm64: perf: correct PMUVer probing
Neil Armstrong <narmstrong@baylibre.com>
drm/meson: fix vsync buffer update
Markus Elfring <elfring@users.sourceforge.net>
drm/exynos: g2d: Delete an error message for a failed memory allocation in two functions
Wolfram Sang <wsa+renesas@sang-engineering.com>
drm/exynos: fix comparison to bitshift when dealing with a mask
Arnd Bergmann <arnd@arndb.de>
drm/exynos: g2d: use monotonic timestamps
Yufen Yu <yuyufen@huawei.com>
md raid10: fix NULL deference in handle_write_completed()
Tobias Jordan <Tobias.Jordan@elektrobit.com>
gpu: ipu-v3: prg: fix device node leak in ipu_prg_lookup_by_phandle
Tobias Jordan <Tobias.Jordan@elektrobit.com>
gpu: ipu-v3: pre: fix device node leak in ipu_pre_lookup_by_phandle
Ilan Peer <ilan.peer@intel.com>
mac80211: Fix sending ADDBA response for an ongoing session
Ilan Peer <ilan.peer@intel.com>
mac80211: Do not disconnect on invalid operating class
Avraham Stern <avraham.stern@intel.com>
cfg80211: clear wep keys after disconnection
Sara Sharon <sara.sharon@intel.com>
mac80211: fix calling sleeping function in atomic context
Sara Sharon <sara.sharon@intel.com>
mac80211: fix a possible leak of station stats
Felix Fietkau <nbd@nbd.name>
mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4
Xin Long <lucien.xin@gmail.com>
xfrm: do not call rcu_read_unlock when afinfo is NULL in xfrm_get_tos
Stefan Haberland <sth@linux.vnet.ibm.com>
s390/dasd: fix handling of internal requests
Heinz Mauelshagen <heinzm@redhat.com>
md: fix md_write_start() deadlock w/o metadata devices
Xiao Ni <xni@redhat.com>
MD: Free bioset when md_run fails
David Howells <dhowells@redhat.com>
rxrpc: Work around usercopy check
Kees Cook <keescook@chromium.org>
NFC: llcp: Limit size of SDP URI
Naftali Goldstein <naftali.goldstein@intel.com>
iwlwifi: mvm: always init rs with 20mhz bandwidth rates
Sara Sharon <sara.sharon@intel.com>
iwlwifi: mvm: fix IBSS for devices that support station type API
Sara Sharon <sara.sharon@intel.com>
iwlwifi: mvm: fix security bug in PN checking
Robin Murphy <robin.murphy@arm.com>
ARM: dts: rockchip: Fix DWMMC clocks
Robin Murphy <robin.murphy@arm.com>
arm64: dts: rockchip: Fix DWMMC clocks
Jason Gunthorpe <jgg@mellanox.com>
IB/uverbs: Fix unbalanced unlock on error path for rdma_explicit_destroy
Matan Barak <matanb@mellanox.com>
IB/uverbs: Fix possible oops with duplicate ioctl attributes
Matan Barak <matanb@mellanox.com>
IB/uverbs: Fix method merging in uverbs_ioctl_merge
Joe Lee <asmt.swfae@gmail.com>
xhci: workaround for AMD Promontory disabled ports wakeup
Boris Pismenny <borisp@mellanox.com>
tls: retrun the correct IV in getsockopt
Thomas Falcon <tlfalcon@linux.vnet.ibm.com>
ibmvnic: Clean RX pool buffers during device close
Thomas Falcon <tlfalcon@linux.vnet.ibm.com>
ibmvnic: Free RX socket buffer in case of adapter error
Thomas Falcon <tlfalcon@linux.vnet.ibm.com>
ibmvnic: Wait until reset is complete to set carrier on
Geert Uytterhoeven <geert+renesas@glider.be>
ARM: OMAP1: clock: Fix debugfs_create_*() usage
Tony Lindgren <tony@atomide.com>
ARM: OMAP2+: Fix sar_base inititalization for HS omaps
Tony Lindgren <tony@atomide.com>
ARM: OMAP3: Fix prm wake interrupt for resume
Qi Hou <qi.hou@windriver.com>
ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt
Anders Roxell <anders.roxell@linaro.org>
selftests: memfd: add config fragment for fuse
Naresh Kamboju <naresh.kamboju@linaro.org>
selftests: pstore: Adding config fragment CONFIG_PSTORE_RAM=m
Dominik Brodowski <linux@dominikbrodowski.net>
selftest/vDSO: fix O=
Anders Roxell <anders.roxell@linaro.org>
selftests: sync: missing CFLAGS while compiling
Dong Bo <dongbo4@huawei.com>
libata: Fix compile warning with ATA_DEBUG enabled
Shawn Lin <shawn.lin@rock-chips.com>
arm64: dts: rockchip: correct ep-gpios for rk3399-sapphire
Kamil Trzciński <ayufan@ayufan.eu>
arm64: dts: rockchip: fix rock64 gmac2io stability issues
Jason Wang <jasowang@redhat.com>
ptr_ring: prevent integer overflow when calculating size
Ulf Magnusson <ulfalizer@gmail.com>
ARC: Fix malformed ARC_EMUL_UNALIGNED default
Peter Oh <peter.oh@bowerswilkins.com>
mac80211: mesh: fix wrong mesh TTL offset calculation
James Hogan <jhogan@kernel.org>
MIPS: generic: Fix machine compatible matching
Nicholas Piggin <npiggin@gmail.com>
powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit
Michael Ellerman <mpe@ellerman.id.au>
powerpc/64s: Fix section mismatch warnings from setup_rfi_flush()
Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>
powerpc/pseries: Restore default security feature flags on setup
Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>
powerpc: Move default security feature flags
Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>
powerpc/pseries: Fix clearing of security feature flags
Michael Ellerman <mpe@ellerman.id.au>
powerpc/64s: Wire up cpu_show_spectre_v2()
Michael Ellerman <mpe@ellerman.id.au>
powerpc/64s: Wire up cpu_show_spectre_v1()
Michael Ellerman <mpe@ellerman.id.au>
powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
Michael Ellerman <mpe@ellerman.id.au>
powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
Michael Ellerman <mpe@ellerman.id.au>
powerpc/64s: Enhance the information in cpu_show_meltdown()
Michael Ellerman <mpe@ellerman.id.au>
powerpc/64s: Move cpu_show_meltdown()
Michael Ellerman <mpe@ellerman.id.au>
powerpc/powernv: Set or clear security feature flags
Michael Ellerman <mpe@ellerman.id.au>
powerpc/pseries: Set or clear security feature flags
Michael Ellerman <mpe@ellerman.id.au>
powerpc: Add security feature flags for Spectre/Meltdown
Michael Ellerman <mpe@ellerman.id.au>
powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
Michael Ellerman <mpe@ellerman.id.au>
powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>
powerpc/rfi-flush: Differentiate enabled and patched flush types
Michael Ellerman <mpe@ellerman.id.au>
powerpc/rfi-flush: Always enable fallback flush on pseries
Michael Ellerman <mpe@ellerman.id.au>
powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
Michael Ellerman <mpe@ellerman.id.au>
powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
Michael Ellerman <mpe@ellerman.id.au>
powerpc/powernv: Support firmware disable of RFI flush
Michael Ellerman <mpe@ellerman.id.au>
powerpc/pseries: Support firmware disable of RFI flush
Nicholas Piggin <npiggin@gmail.com>
powerpc/64s: Improve RFI L1-D cache flush fallback
David Vrabel <david.vrabel@nutanix.com>
x86/kvm: fix LAPIC timer drift when guest uses periodic mode
Jim Mattson <jmattson@google.com>
kvm: x86: IA32_ARCH_CAPABILITIES is always supported
Wei Huang <wei@redhat.com>
KVM: x86: Update cpuid properly when CR4.OSXAVE or CR4.PKE is changed
David Hildenbrand <david@redhat.com>
KVM: s390: vsie: fix < 8k check for the itdba
Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
KVM/VMX: Expose SSBD properly to guests
Gustavo A. R. Silva <gustavo@embeddedor.com>
kernel/sys.c: fix potential Spectre v1 issue
David Hildenbrand <david@redhat.com>
kasan: fix memory hotplug during boot
David Hildenbrand <david@redhat.com>
kasan: free allocated shadow memory on MEM_CANCEL_ONLINE
Andrey Ryabinin <aryabinin@virtuozzo.com>
mm/kasan: don't vfree() nonexistent vm_area
Davidlohr Bueso <dave@stgolabs.net>
ipc/shm: fix shmat() nil address after round-down when remapping
Davidlohr Bueso <dave@stgolabs.net>
Revert "ipc/shm: Fix shmat mmap nil-page protection"
Matthew Wilcox <mawilcox@microsoft.com>
idr: fix invalid ptr dereference on item delete
Jens Axboe <axboe@kernel.dk>
sr: pass down correctly sized SCSI sense buffer
Lidong Chen <jemmy858585@gmail.com>
IB/umem: Use the correct mm during ib_umem_release
Michael J. Ruhl <michael.j.ruhl@intel.com>
IB/hfi1: Use after free race condition in send context error path
Michael Neuling <mikey@neuling.org>
powerpc/64s: Clear PCR on boot
Will Deacon <will.deacon@arm.com>
arm64: lse: Add early clobbers to some input/output asm operands
Thomas Hellstrom <thellstrom@vmware.com>
drm/vmwgfx: Fix 32-bit VMW_PORT_HB_[IN|OUT] macros
Joe Jin <joe.jin@oracle.com>
xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent
Sudip Mukherjee <sudipm.mukherjee@gmail.com>
libata: blacklist Micron 500IT SSD with MU01 firmware
Tejun Heo <tj@kernel.org>
libata: Blacklist some Sandisk SSDs for NCQ
Corneliu Doban <corneliu.doban@broadcom.com>
mmc: sdhci-iproc: add SDHCI_QUIRK2_HOST_OFF_CARD_ON for cygnus
Corneliu Doban <corneliu.doban@broadcom.com>
mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register
Srinath Mannam <srinath.mannam@broadcom.com>
mmc: sdhci-iproc: remove hard coded mmc cap 1.8v
Al Viro <viro@zeniv.linux.org.uk>
do d_instantiate/unlock_new_inode combinations safely
Ben Hutchings <ben.hutchings@codethink.co.uk>
ALSA: timer: Fix pause event notification
Al Viro <viro@zeniv.linux.org.uk>
aio: fix io_destroy(2) vs. lookup_ioctx() race
Dave Chinner <dchinner@redhat.com>
fs: don't scan the inode cache before SB_BORN is set
Al Viro <viro@zeniv.linux.org.uk>
affs_lookup(): close a race with affs_remove_link()
Colin Ian King <colin.king@canonical.com>
KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable"
Maciej W. Rozycki <macro@mips.com>
MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs
Maciej W. Rozycki <macro@mips.com>
MIPS: ptrace: Expose FIR register through FP regset
NeilBrown <neil@brown.name>
MIPS: c-r4k: Fix data corruption related to cache coherence
-------------
Diffstat:
.../devicetree/bindings/clock/sunxi-ccu.txt | 4 +
.../devicetree/bindings/dma/mv-xor-v2.txt | 6 +-
.../bindings/pinctrl/axis,artpec6-pinctrl.txt | 5 +-
Makefile | 4 +-
arch/alpha/include/asm/xchg.h | 30 ++-
arch/arc/Kconfig | 1 -
arch/arc/include/asm/bug.h | 3 +-
arch/arc/kernel/mcip.c | 74 ++++++-
arch/arc/kernel/smp.c | 50 ++++-
arch/arm/boot/dts/at91-tse850-3.dts | 2 +-
arch/arm/boot/dts/bcm2836.dtsi | 2 +-
arch/arm/boot/dts/bcm2837.dtsi | 2 +-
arch/arm/boot/dts/bcm283x.dtsi | 6 +-
arch/arm/boot/dts/bcm958625hr.dts | 2 +-
arch/arm/boot/dts/dra71-evm.dts | 4 +-
arch/arm/boot/dts/imx6dl-icore-rqs.dts | 2 +-
arch/arm/boot/dts/imx7d-cl-som-imx7.dts | 52 ++---
arch/arm/boot/dts/r8a7791-porter.dts | 2 +-
arch/arm/boot/dts/rk3036.dtsi | 4 +-
arch/arm/boot/dts/rk322x.dtsi | 6 +-
arch/arm/boot/dts/rk3288.dtsi | 2 +
arch/arm/boot/dts/socfpga.dtsi | 2 +-
arch/arm/include/asm/vdso.h | 2 -
arch/arm/kernel/vdso.c | 12 +-
arch/arm/mach-davinci/board-omapl138-hawk.c | 4 +-
arch/arm/mach-omap1/clock.c | 6 +-
arch/arm/mach-omap2/omap-wakeupgen.c | 4 +-
arch/arm/mach-omap2/pm.c | 4 +-
arch/arm/mach-omap2/timer.c | 19 +-
arch/arm/mach-orion5x/Kconfig | 3 -
arch/arm/mach-orion5x/dns323-setup.c | 53 ++++-
arch/arm/mach-orion5x/tsx09-common.c | 49 ++++-
arch/arm/plat-omap/dmtimer.c | 7 +-
arch/arm64/boot/dts/cavium/thunder2-99xx.dtsi | 3 +-
arch/arm64/boot/dts/qcom/msm8996.dtsi | 4 +-
arch/arm64/boot/dts/rockchip/rk3328-rock64.dts | 5 +-
arch/arm64/boot/dts/rockchip/rk3328.dtsi | 6 +-
arch/arm64/boot/dts/rockchip/rk3368.dtsi | 2 +-
arch/arm64/boot/dts/rockchip/rk3399-gru.dtsi | 16 +-
arch/arm64/boot/dts/rockchip/rk3399-sapphire.dtsi | 2 +-
arch/arm64/include/asm/atomic_lse.h | 24 +--
arch/arm64/include/asm/stacktrace.h | 2 +-
arch/arm64/kernel/cpu_errata.c | 4 +-
arch/arm64/kernel/perf_event.c | 4 +-
arch/arm64/kernel/stacktrace.c | 5 +
arch/arm64/kernel/time.c | 2 +-
arch/cris/include/arch-v10/arch/bug.h | 11 +-
arch/ia64/include/asm/bug.h | 6 +-
arch/ia64/kernel/err_inject.c | 2 +-
arch/m68k/coldfire/device.c | 12 +-
arch/m68k/include/asm/bug.h | 3 +
arch/microblaze/Kconfig | 1 +
arch/microblaze/mm/init.c | 56 +----
arch/mips/cavium-octeon/octeon-irq.c | 10 +-
arch/mips/include/asm/mach-ath79/ar71xx_regs.h | 2 +-
arch/mips/include/asm/machine.h | 2 +-
arch/mips/kernel/ptrace.c | 22 +-
arch/mips/kernel/ptrace32.c | 4 +-
arch/mips/kvm/mips.c | 2 +-
arch/mips/mm/c-r4k.c | 9 +-
arch/powerpc/boot/Makefile | 3 +-
arch/powerpc/include/asm/exception-64s.h | 29 +++
arch/powerpc/include/asm/feature-fixups.h | 19 ++
arch/powerpc/include/asm/hvcall.h | 3 +
arch/powerpc/include/asm/irq_work.h | 1 +
arch/powerpc/include/asm/paca.h | 3 +-
arch/powerpc/include/asm/security_features.h | 85 ++++++++
arch/powerpc/include/asm/setup.h | 2 +-
arch/powerpc/kernel/Makefile | 2 +-
arch/powerpc/kernel/asm-offsets.c | 3 +-
arch/powerpc/kernel/cpu_setup_power.S | 6 +
arch/powerpc/kernel/dt_cpu_ftrs.c | 1 +
arch/powerpc/kernel/exceptions-64s.S | 95 +++++----
arch/powerpc/kernel/idle_book3s.S | 2 +
arch/powerpc/kernel/security.c | 237 +++++++++++++++++++++
arch/powerpc/kernel/setup_64.c | 48 ++---
arch/powerpc/kernel/traps.c | 47 ++--
arch/powerpc/kernel/vmlinux.lds.S | 14 ++
arch/powerpc/lib/feature-fixups.c | 124 ++++++++++-
arch/powerpc/net/bpf_jit_comp.c | 3 +
arch/powerpc/perf/core-book3s.c | 25 +++
arch/powerpc/platforms/powernv/npu-dma.c | 229 ++++++++++++--------
arch/powerpc/platforms/powernv/setup.c | 92 +++++---
arch/powerpc/platforms/pseries/mobility.c | 3 +
arch/powerpc/platforms/pseries/pseries.h | 2 +
arch/powerpc/platforms/pseries/setup.c | 81 +++++--
arch/powerpc/sysdev/mpic.c | 2 +-
arch/powerpc/xmon/xmon.c | 2 +
arch/s390/kvm/vsie.c | 2 +-
arch/sh/kernel/entry-common.S | 2 +-
arch/sparc/include/asm/atomic_64.h | 6 +-
arch/sparc/include/asm/bug.h | 6 +-
arch/x86/events/core.c | 15 +-
arch/x86/events/intel/core.c | 12 +-
arch/x86/events/intel/ds.c | 117 ++++++++--
arch/x86/events/perf_event.h | 2 +-
arch/x86/include/asm/alternative.h | 4 +-
arch/x86/include/asm/tlbflush.h | 7 +-
arch/x86/kernel/apic/apic.c | 2 +-
arch/x86/kernel/cpu/intel_rdt_rdtgroup.c | 1 +
arch/x86/kernel/devicetree.c | 21 +-
arch/x86/kernel/smpboot.c | 1 +
arch/x86/kvm/cpuid.c | 9 +-
arch/x86/kvm/lapic.c | 26 ++-
arch/x86/kvm/vmx.c | 27 ++-
arch/x86/kvm/x86.c | 5 +-
arch/x86/mm/pageattr.c | 6 +-
arch/x86/mm/pgtable.c | 9 +
block/partition-generic.c | 6 +
crypto/asymmetric_keys/pkcs7_trust.c | 1 +
drivers/acpi/acpi_pad.c | 3 +
drivers/acpi/acpica/evevent.c | 9 +-
drivers/acpi/acpica/nseval.c | 8 +
drivers/acpi/acpica/psargs.c | 4 +
drivers/ata/libata-core.c | 6 +
drivers/ata/libata-scsi.c | 2 +-
drivers/base/regmap/regmap.c | 2 +-
drivers/block/nbd.c | 2 +-
drivers/block/null_blk.c | 46 ++--
drivers/block/paride/pcd.c | 2 +
drivers/block/xen-blkfront.c | 17 +-
drivers/cdrom/cdrom.c | 3 -
drivers/cdrom/gdrom.c | 3 +
drivers/char/hw_random/stm32-rng.c | 9 +
drivers/char/ipmi/ipmi_ssif.c | 4 +-
drivers/clocksource/fsl_ftm_timer.c | 2 +-
drivers/clocksource/mips-gic-timer.c | 2 +-
drivers/cpufreq/cppc_cpufreq.c | 23 +-
drivers/cpufreq/cpufreq.c | 6 +-
drivers/dma/mv_xor_v2.c | 25 ++-
drivers/dma/pl330.c | 6 +-
drivers/dma/qcom/bam_dma.c | 27 ++-
drivers/dma/sh/rcar-dmac.c | 11 +-
drivers/firmware/dmi_scan.c | 2 +-
drivers/firmware/efi/arm-runtime.c | 3 +
drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h | 1 +
drivers/gpu/drm/amd/amdgpu/amdgpu_ib.c | 33 ++-
drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 8 +-
drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c | 5 +-
drivers/gpu/drm/amd/amdkfd/kfd_packet_manager.c | 3 +-
drivers/gpu/drm/ast/ast_tables.h | 4 +-
drivers/gpu/drm/bridge/sii902x.c | 20 +-
drivers/gpu/drm/exynos/exynos_drm_g2d.c | 12 +-
drivers/gpu/drm/exynos/regs-fimc.h | 2 +-
drivers/gpu/drm/imx/ipuv3-crtc.c | 5 +
drivers/gpu/drm/meson/meson_crtc.c | 6 +
drivers/gpu/drm/meson/meson_drv.c | 29 ++-
drivers/gpu/drm/meson/meson_drv.h | 3 +
drivers/gpu/drm/meson/meson_plane.c | 7 +-
drivers/gpu/drm/nouveau/nouveau_backlight.c | 10 +-
drivers/gpu/drm/omapdrm/dss/dss.c | 193 +++++++++--------
drivers/gpu/drm/panel/panel-simple.c | 2 +-
drivers/gpu/drm/rcar-du/rcar_du_lvdsenc.c | 18 +-
drivers/gpu/drm/rockchip/rockchip_drm_gem.c | 7 +-
drivers/gpu/drm/sun4i/sun4i_dotclock.c | 5 +-
drivers/gpu/drm/tegra/drm.c | 1 +
drivers/gpu/drm/virtio/virtgpu_ioctl.c | 17 +-
drivers/gpu/drm/vmwgfx/vmwgfx_msg.h | 25 ++-
drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c | 31 ++-
drivers/gpu/ipu-v3/ipu-pre.c | 3 +
drivers/gpu/ipu-v3/ipu-prg.c | 15 +-
drivers/hwmon/nct6775.c | 10 +-
drivers/hwmon/pmbus/adm1275.c | 4 +-
drivers/hwmon/pmbus/max8688.c | 2 +-
drivers/hwtracing/coresight/coresight-cpu-debug.c | 2 +-
drivers/hwtracing/intel_th/core.c | 2 +-
drivers/i2c/busses/i2c-mv64xxx.c | 8 +-
drivers/ide/ide-cd.c | 2 +
drivers/infiniband/core/multicast.c | 26 ++-
drivers/infiniband/core/rdma_core.c | 5 +-
drivers/infiniband/core/sa_query.c | 7 +-
drivers/infiniband/core/ucma.c | 2 +-
drivers/infiniband/core/umem.c | 7 +-
drivers/infiniband/core/uverbs_ioctl.c | 3 +
drivers/infiniband/core/uverbs_ioctl_merge.c | 18 +-
drivers/infiniband/hw/bnxt_re/ib_verbs.c | 24 ++-
drivers/infiniband/hw/bnxt_re/main.c | 10 +-
drivers/infiniband/hw/bnxt_re/qplib_rcfw.c | 6 +-
drivers/infiniband/hw/bnxt_re/qplib_rcfw.h | 1 +
drivers/infiniband/hw/bnxt_re/qplib_sp.c | 3 +-
drivers/infiniband/hw/bnxt_re/roce_hsi.h | 25 ++-
drivers/infiniband/hw/hfi1/chip.c | 4 +
drivers/infiniband/hw/mlx4/cq.c | 4 +-
drivers/infiniband/hw/mlx4/main.c | 11 +-
drivers/infiniband/hw/mlx5/cq.c | 3 +-
drivers/infiniband/hw/mlx5/main.c | 3 +
drivers/infiniband/hw/mlx5/qp.c | 4 +-
drivers/infiniband/hw/qedr/main.c | 3 +-
drivers/infiniband/hw/qedr/verbs.c | 58 +++--
drivers/infiniband/sw/rxe/rxe_verbs.c | 2 +-
drivers/iommu/amd_iommu.c | 2 +
drivers/iommu/mtk_iommu.c | 15 +-
drivers/iommu/mtk_iommu.h | 1 +
drivers/macintosh/rack-meter.c | 4 +-
drivers/md/bcache/request.c | 2 +-
drivers/md/bcache/writeback.c | 20 +-
drivers/md/md.c | 49 ++++-
drivers/md/md.h | 2 +
drivers/md/raid1.c | 11 +
drivers/md/raid10.c | 14 +-
drivers/md/raid5.c | 15 +-
drivers/misc/cxl/cxl.h | 4 +
drivers/misc/cxl/native.c | 11 +-
drivers/misc/cxl/pci.c | 19 +-
drivers/mmc/host/sdhci-iproc.c | 33 ++-
drivers/net/bonding/bond_main.c | 6 +-
drivers/net/can/m_can/m_can.c | 7 +-
drivers/net/dsa/Makefile | 5 +-
drivers/net/dsa/mt7530.c | 1 +
drivers/net/ethernet/broadcom/bgmac.c | 3 +-
drivers/net/ethernet/broadcom/bgmac.h | 6 +-
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 3 +
drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 12 +-
drivers/net/ethernet/chelsio/cxgb4/cxgb4_uld.c | 1 +
drivers/net/ethernet/cisco/enic/enic_main.c | 10 +-
drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 23 +-
drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 2 +-
drivers/net/ethernet/freescale/fman/fman_dtsec.c | 2 +-
drivers/net/ethernet/freescale/gianfar.c | 7 +-
drivers/net/ethernet/ibm/ibmvnic.c | 42 +++-
drivers/net/ethernet/intel/e1000e/ich8lan.c | 2 +-
drivers/net/ethernet/intel/e1000e/mac.c | 2 +-
drivers/net/ethernet/intel/e1000e/netdev.c | 4 +-
drivers/net/ethernet/intel/i40e/i40e_main.c | 11 +
drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 3 +-
drivers/net/ethernet/marvell/mvneta.c | 1 +
drivers/net/ethernet/mellanox/mlx5/core/Kconfig | 2 +-
drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 2 +-
drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 4 +-
drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 2 -
drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 3 +-
.../ethernet/mellanox/mlxsw/core_acl_flex_keys.h | 20 +-
drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 8 +-
drivers/net/ethernet/mellanox/mlxsw/spectrum.h | 1 +
drivers/net/ethernet/mellanox/mlxsw/spectrum_fid.c | 2 +-
drivers/net/ethernet/qlogic/qed/qed_cxt.c | 5 +-
drivers/net/ethernet/qlogic/qed/qed_rdma.c | 1 +
drivers/net/ethernet/qlogic/qede/qede_fp.c | 20 +-
drivers/net/ethernet/qualcomm/emac/emac-mac.c | 23 +-
drivers/net/ethernet/renesas/sh_eth.c | 6 +-
drivers/net/ethernet/renesas/sh_eth.h | 1 +
drivers/net/ethernet/smsc/smsc911x.c | 4 +-
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 16 +-
drivers/net/ethernet/sun/sunvnet.c | 2 +-
drivers/net/hyperv/netvsc.c | 2 +-
drivers/net/hyperv/netvsc_drv.c | 51 ++++-
drivers/net/hyperv/rndis_filter.c | 20 +-
drivers/net/ieee802154/ca8210.c | 14 +-
drivers/net/macsec.c | 5 +-
drivers/net/macvlan.c | 2 +-
drivers/net/phy/dp83640.c | 18 ++
drivers/net/usb/lan78xx.c | 44 ++--
drivers/net/usb/qmi_wwan.c | 1 +
drivers/net/usb/r8152.c | 2 +-
drivers/net/usb/smsc75xx.c | 7 +-
drivers/net/virtio_net.c | 4 +-
drivers/net/wireless/ath/ath10k/mac.c | 12 ++
drivers/net/wireless/ath/ath9k/common-spectral.c | 12 +-
.../broadcom/brcm80211/brcmfmac/cfg80211.c | 2 +-
.../net/wireless/intel/iwlwifi/fw/api/time-event.h | 4 +-
drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 13 +-
drivers/net/wireless/intel/iwlwifi/fw/dbg.h | 3 +
drivers/net/wireless/intel/iwlwifi/fw/runtime.h | 3 +
drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c | 5 +-
drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c | 3 +-
drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 54 ++++-
drivers/net/wireless/intel/iwlwifi/mvm/mvm.h | 3 +
drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 8 +
drivers/net/wireless/intel/iwlwifi/mvm/rs.c | 28 ++-
drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 39 ++--
drivers/net/wireless/intel/iwlwifi/mvm/sta.c | 107 +++++-----
.../net/wireless/intel/iwlwifi/mvm/time-event.c | 21 +-
drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 23 +-
drivers/net/wireless/intel/iwlwifi/mvm/utils.c | 11 +-
drivers/net/wireless/rsi/rsi_91x_sdio.c | 32 ++-
drivers/net/wireless/rsi/rsi_sdio.h | 2 +
drivers/nvme/host/fabrics.c | 4 +-
drivers/nvme/host/pci.c | 27 ++-
drivers/nvme/target/core.c | 9 +-
drivers/parisc/lba_pci.c | 20 +-
drivers/pci/pci-driver.c | 17 +-
drivers/pci/quirks.c | 3 +
drivers/pcmcia/cs.c | 10 +-
drivers/pcmcia/cs_internal.h | 1 +
drivers/phy/qualcomm/phy-qcom-qmp.c | 4 +-
drivers/phy/rockchip/phy-rockchip-emmc.c | 27 ++-
drivers/pinctrl/devicetree.c | 6 +-
drivers/pinctrl/pinctrl-mcp23s08.c | 37 +++-
drivers/pinctrl/qcom/pinctrl-msm.c | 2 +-
drivers/pinctrl/sh-pfc/pfc-r8a7796.c | 40 ++--
drivers/power/supply/ltc2941-battery-gauge.c | 8 +-
drivers/power/supply/max17042_battery.c | 1 +
drivers/regulator/gpio-regulator.c | 16 +-
drivers/regulator/of_regulator.c | 1 +
drivers/remoteproc/imx_rproc.c | 6 +-
drivers/s390/block/dasd.c | 21 +-
drivers/s390/cio/device_fsm.c | 7 +-
drivers/s390/cio/device_ops.c | 72 +++----
drivers/s390/cio/io_sch.h | 1 +
drivers/s390/cio/vfio_ccw_fsm.c | 5 +
drivers/scsi/scsi_lib.c | 2 +
drivers/scsi/sr.c | 21 +-
drivers/scsi/sr_ioctl.c | 10 +-
drivers/soc/imx/gpc.c | 10 +-
drivers/soc/qcom/wcnss_ctrl.c | 2 +-
drivers/spi/spi-bcm-qspi.c | 4 +-
drivers/usb/host/pci-quirks.c | 109 ++++++++++
drivers/usb/host/pci-quirks.h | 5 +
drivers/usb/host/xhci-hub.c | 7 +
drivers/usb/host/xhci-pci.c | 11 +
drivers/usb/host/xhci.h | 2 +-
drivers/video/fbdev/sbuslib.c | 4 +-
drivers/watchdog/asm9260_wdt.c | 8 +-
drivers/watchdog/aspeed_wdt.c | 13 +-
drivers/watchdog/davinci_wdt.c | 15 +-
drivers/watchdog/dw_wdt.c | 23 +-
drivers/watchdog/f71808e_wdt.c | 3 +-
drivers/watchdog/sbsa_gwdt.c | 3 +-
drivers/xen/events/events_base.c | 4 +-
drivers/xen/pvcalls-back.c | 2 +-
drivers/xen/swiotlb-xen.c | 2 +-
drivers/xen/xen-acpi-processor.c | 6 +-
drivers/xen/xenbus/xenbus_probe.c | 5 +-
drivers/zorro/zorro.c | 12 ++
fs/affs/namei.c | 10 +-
fs/aio.c | 4 +-
fs/btrfs/ctree.h | 2 +-
fs/btrfs/disk-io.c | 5 +-
fs/btrfs/extent-tree.c | 1 +
fs/btrfs/inode.c | 16 +-
fs/btrfs/send.c | 3 +
fs/btrfs/super.c | 2 +-
fs/btrfs/tests/qgroup-tests.c | 2 +-
fs/btrfs/transaction.c | 10 +-
fs/btrfs/tree-log.c | 77 ++++++-
fs/ceph/super.c | 27 ++-
fs/dcache.c | 32 ++-
fs/ecryptfs/inode.c | 3 +-
fs/ext2/namei.c | 6 +-
fs/ext4/namei.c | 6 +-
fs/ext4/super.c | 12 ++
fs/f2fs/checkpoint.c | 2 +
fs/f2fs/extent_cache.c | 3 +
fs/f2fs/file.c | 8 +-
fs/f2fs/namei.c | 12 +-
fs/fscache/page.c | 13 +-
fs/gfs2/file.c | 5 +-
fs/gfs2/quota.h | 2 +
fs/jffs2/dir.c | 12 +-
fs/jfs/namei.c | 12 +-
fs/nfs/nfs4client.c | 6 +-
fs/nilfs2/namei.c | 6 +-
fs/ocfs2/dlm/dlmdomain.c | 14 --
fs/ocfs2/dlm/dlmdomain.h | 25 ++-
fs/ocfs2/dlm/dlmrecovery.c | 9 +
fs/orangefs/namei.c | 9 +-
fs/proc/proc_sysctl.c | 3 +
fs/reiserfs/namei.c | 12 +-
fs/super.c | 30 ++-
fs/udf/namei.c | 6 +-
fs/udf/super.c | 5 +-
fs/ufs/namei.c | 6 +-
fs/xfs/xfs_discard.c | 14 +-
include/asm-generic/bug.h | 1 +
include/linux/bio.h | 4 +-
include/linux/compiler-gcc.h | 15 +-
include/linux/compiler.h | 5 +
include/linux/dcache.h | 1 +
include/linux/if_vlan.h | 79 +++++--
include/linux/kvm_host.h | 3 +-
include/linux/ptr_ring.h | 2 +-
include/net/ip.h | 11 +-
include/net/ip_fib.h | 1 +
include/net/llc_conn.h | 2 +-
include/net/mac80211.h | 2 +-
include/net/regulatory.h | 2 +-
include/net/route.h | 3 +-
include/rdma/ib_umem.h | 1 -
include/soc/arc/mcip.h | 5 +
include/uapi/drm/virtgpu_drm.h | 1 +
include/uapi/linux/if_ether.h | 1 +
ipc/shm.c | 19 +-
kernel/audit.c | 2 +
kernel/debug/kdb/kdb_main.c | 27 ++-
kernel/events/core.c | 70 ++++--
kernel/rcu/tree_plugin.h | 14 +-
kernel/relay.c | 2 +-
kernel/sched/rt.c | 2 +
kernel/sys.c | 2 +
kernel/workqueue.c | 2 +-
lib/radix-tree.c | 4 +-
lib/test_kmod.c | 2 +-
mm/huge_memory.c | 5 +-
mm/kasan/kasan.c | 66 +++++-
mm/khugepaged.c | 8 +-
mm/kmemleak.c | 12 +-
mm/ksm.c | 28 +++
mm/mempolicy.c | 3 +
mm/page_idle.c | 12 +-
mm/page_owner.c | 6 +-
mm/slab.c | 1 +
mm/swapfile.c | 4 +
mm/vmscan.c | 8 +-
mm/vmstat.c | 2 +
mm/z3fold.c | 9 +-
net/8021q/vlan_core.c | 4 +-
net/batman-adv/bat_iv_ogm.c | 2 +-
net/batman-adv/bat_v.c | 2 +-
net/batman-adv/bridge_loop_avoidance.c | 22 +-
net/batman-adv/distributed-arp-table.c | 2 +-
net/batman-adv/fragmentation.c | 3 +-
net/batman-adv/gateway_client.c | 5 +-
net/batman-adv/multicast.c | 8 +-
net/batman-adv/routing.c | 15 +-
net/batman-adv/soft-interface.c | 8 +-
net/bridge/netfilter/ebtables.c | 33 ++-
net/ceph/ceph_common.c | 7 +
net/core/ethtool.c | 5 +-
net/core/skbuff.c | 9 +-
net/ipv4/ip_gre.c | 5 -
net/ipv4/ip_tunnel.c | 8 +-
net/ipv4/ip_vti.c | 2 -
net/ipv4/netfilter/ipt_CLUSTERIP.c | 15 +-
net/ipv4/route.c | 26 ++-
net/ipv4/tcp_illinois.c | 2 +-
net/ipv4/xfrm4_policy.c | 1 +
net/ipv6/ip6_tunnel.c | 12 +-
net/ipv6/ip6_vti.c | 2 +-
net/ipv6/sit.c | 7 +
net/llc/llc_c_ac.c | 15 +-
net/llc/llc_conn.c | 32 ++-
net/mac80211/agg-rx.c | 4 +-
net/mac80211/ieee80211_i.h | 2 +-
net/mac80211/mesh.c | 17 +-
net/mac80211/rx.c | 2 +-
net/mac80211/spectmgmt.c | 7 +-
net/mac80211/sta_info.c | 3 +-
net/netfilter/ipvs/ip_vs_ftp.c | 2 +-
net/netlabel/netlabel_unlabeled.c | 10 +
net/nfc/llcp_commands.c | 4 +
net/nfc/netlink.c | 3 +-
net/qrtr/smd.c | 1 +
net/rds/tcp_listen.c | 14 +-
net/rxrpc/input.c | 15 +-
net/rxrpc/recvmsg.c | 5 +-
net/rxrpc/sendmsg.c | 4 +-
net/sched/act_bpf.c | 2 +-
net/sched/act_ipt.c | 9 +-
net/sched/act_pedit.c | 2 +-
net/sched/act_police.c | 2 +-
net/sched/act_sample.c | 3 +-
net/sched/act_simple.c | 2 +-
net/sched/act_skbmod.c | 2 +-
net/smc/smc_core.c | 1 +
net/smc/smc_ib.c | 10 +-
net/smc/smc_llc.c | 2 +-
net/smc/smc_wr.h | 1 -
net/tls/tls_main.c | 3 +-
net/wireless/sme.c | 2 +
net/xfrm/xfrm_input.c | 6 +
net/xfrm/xfrm_output.c | 5 +-
net/xfrm/xfrm_policy.c | 7 +-
net/xfrm/xfrm_replay.c | 2 +-
scripts/adjust_autoksyms.sh | 7 +
scripts/package/builddeb | 2 +-
security/integrity/digsig.c | 1 +
security/integrity/ima/Kconfig | 1 +
security/integrity/ima/ima_crypto.c | 2 +
security/integrity/ima/ima_main.c | 13 ++
sound/core/timer.c | 4 +-
sound/core/vmaster.c | 5 +-
tools/hv/hv_fcopy_daemon.c | 3 +-
tools/hv/hv_vss_daemon.c | 1 +
tools/perf/Makefile.perf | 3 +-
tools/perf/builtin-record.c | 9 +
tools/perf/builtin-stat.c | 9 +-
tools/perf/builtin-top.c | 6 +-
tools/perf/perf.h | 1 +
tools/perf/tests/dwarf-unwind.c | 46 ++--
.../perf/tests/shell/trace+probe_libc_inet_pton.sh | 6 +-
tools/perf/tests/vmlinux-kallsyms.c | 2 +-
tools/perf/ui/browsers/annotate.c | 9 +-
tools/perf/util/c++/clang.cpp | 11 +-
tools/perf/util/hist.c | 4 +-
tools/perf/util/hist.h | 1 -
tools/perf/util/record.c | 8 +-
tools/testing/radix-tree/idr-test.c | 7 +
tools/testing/selftests/Makefile | 1 +
tools/testing/selftests/bpf/test_maps.c | 2 +
.../ftrace/test.d/kprobe/kprobe_args_string.tc | 46 ++++
.../ftrace/test.d/kprobe/kprobe_args_syntax.tc | 97 +++++++++
.../selftests/ftrace/test.d/kprobe/probepoint.tc | 43 ++++
tools/testing/selftests/futex/Makefile | 6 +-
tools/testing/selftests/memfd/Makefile | 1 +
tools/testing/selftests/memfd/config | 1 +
tools/testing/selftests/net/psock_fanout.c | 3 +-
tools/testing/selftests/powerpc/mm/subpage_prot.c | 14 ++
tools/testing/selftests/pstore/config | 1 +
tools/testing/selftests/seccomp/seccomp_bpf.c | 61 ++++++
tools/testing/selftests/sync/Makefile | 2 +-
tools/testing/selftests/vDSO/Makefile | 14 +-
tools/testing/selftests/vm/run_vmtests | 25 ++-
tools/thermal/tmon/sysfs.c | 12 +-
tools/thermal/tmon/tmon.c | 1 -
virt/kvm/arm/vgic/vgic-mmio.c | 3 +
virt/kvm/arm/vgic/vgic.h | 1 +
506 files changed, 4741 insertions(+), 1751 deletions(-)
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 001/496] MIPS: c-r4k: Fix data corruption related to cache coherence
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
@ 2018-05-28 9:56 ` Greg Kroah-Hartman
2018-05-28 9:56 ` [PATCH 4.14 002/496] MIPS: ptrace: Expose FIR register through FP regset Greg Kroah-Hartman
` (468 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, NeilBrown, Ralf Baechle, Paul Burton,
linux-mips, James Hogan
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: NeilBrown <neil@brown.name>
commit 55a2aa08b3af519a9693f99cdf7fa6d8b62d9f65 upstream.
When DMA will be performed to a MIPS32 1004K CPS, the L1-cache for the
range needs to be flushed and invalidated first.
The code currently takes one of two approaches.
1/ If the range is less than the size of the dcache, then HIT type
requests flush/invalidate cache lines for the particular addresses.
HIT-type requests a globalised by the CPS so this is safe on SMP.
2/ If the range is larger than the size of dcache, then INDEX type
requests flush/invalidate the whole cache. INDEX type requests affect
the local cache only. CPS does not propagate them in any way. So this
invalidation is not safe on SMP CPS systems.
Data corruption due to '2' can quite easily be demonstrated by
repeatedly "echo 3 > /proc/sys/vm/drop_caches" and then sha1sum a file
that is several times the size of available memory. Dropping caches
means that large contiguous extents (large than dcache) are more likely.
This was not a problem before Linux-4.8 because option 2 was never used
if CONFIG_MIPS_CPS was defined. The commit which removed that apparently
didn't appreciate the full consequence of the change.
We could, in theory, globalize the INDEX based flush by sending an IPI
to other cores. These cache invalidation routines can be called with
interrupts disabled and synchronous IPI require interrupts to be
enabled. Asynchronous IPI may not trigger writeback soon enough. So we
cannot use IPI in practice.
We can already test if IPI would be needed for an INDEX operation with
r4k_op_needs_ipi(R4K_INDEX). If this is true then we mustn't try the
INDEX approach as we cannot use IPI. If this is false (e.g. when there
is only one core and hence one L1 cache) then it is safe to use the
INDEX approach without IPI.
This patch avoids options 2 if r4k_op_needs_ipi(R4K_INDEX), and so
eliminates the corruption.
Fixes: c00ab4896ed5 ("MIPS: Remove cpu_has_safe_index_cacheops")
Signed-off-by: NeilBrown <neil@brown.name>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Paul Burton <paul.burton@mips.com>
Cc: linux-mips@linux-mips.org
Cc: <stable@vger.kernel.org> # 4.8+
Patchwork: https://patchwork.linux-mips.org/patch/19259/
Signed-off-by: James Hogan <jhogan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/mm/c-r4k.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
--- a/arch/mips/mm/c-r4k.c
+++ b/arch/mips/mm/c-r4k.c
@@ -851,9 +851,12 @@ static void r4k_dma_cache_wback_inv(unsi
/*
* Either no secondary cache or the available caches don't have the
* subset property so we have to flush the primary caches
- * explicitly
+ * explicitly.
+ * If we would need IPI to perform an INDEX-type operation, then
+ * we have to use the HIT-type alternative as IPI cannot be used
+ * here due to interrupts possibly being disabled.
*/
- if (size >= dcache_size) {
+ if (!r4k_op_needs_ipi(R4K_INDEX) && size >= dcache_size) {
r4k_blast_dcache();
} else {
R4600_HIT_CACHEOP_WAR_IMPL;
@@ -890,7 +893,7 @@ static void r4k_dma_cache_inv(unsigned l
return;
}
- if (size >= dcache_size) {
+ if (!r4k_op_needs_ipi(R4K_INDEX) && size >= dcache_size) {
r4k_blast_dcache();
} else {
R4600_HIT_CACHEOP_WAR_IMPL;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 002/496] MIPS: ptrace: Expose FIR register through FP regset
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
2018-05-28 9:56 ` [PATCH 4.14 001/496] MIPS: c-r4k: Fix data corruption related to cache coherence Greg Kroah-Hartman
@ 2018-05-28 9:56 ` Greg Kroah-Hartman
2018-05-28 9:56 ` [PATCH 4.14 003/496] MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs Greg Kroah-Hartman
` (467 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, James Hogan, Maciej W. Rozycki,
Ralf Baechle, linux-mips
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Maciej W. Rozycki <macro@mips.com>
commit 71e909c0cdad28a1df1fa14442929e68615dee45 upstream.
Correct commit 7aeb753b5353 ("MIPS: Implement task_user_regset_view.")
and expose the FIR register using the unused 4 bytes at the end of the
NT_PRFPREG regset. Without that register included clients cannot use
the PTRACE_GETREGSET request to retrieve the complete FPU register set
and have to resort to one of the older interfaces, either PTRACE_PEEKUSR
or PTRACE_GETFPREGS, to retrieve the missing piece of data. Also the
register is irreversibly missing from core dumps.
This register is architecturally hardwired and read-only so the write
path does not matter. Ignore data supplied on writes then.
Fixes: 7aeb753b5353 ("MIPS: Implement task_user_regset_view.")
Signed-off-by: James Hogan <jhogan@kernel.org>
Signed-off-by: Maciej W. Rozycki <macro@mips.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: linux-mips@linux-mips.org
Cc: <stable@vger.kernel.org> # 3.13+
Patchwork: https://patchwork.linux-mips.org/patch/19273/
Signed-off-by: James Hogan <jhogan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/kernel/ptrace.c | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
--- a/arch/mips/kernel/ptrace.c
+++ b/arch/mips/kernel/ptrace.c
@@ -454,7 +454,7 @@ static int fpr_get_msa(struct task_struc
/*
* Copy the floating-point context to the supplied NT_PRFPREG buffer.
* Choose the appropriate helper for general registers, and then copy
- * the FCSR register separately.
+ * the FCSR and FIR registers separately.
*/
static int fpr_get(struct task_struct *target,
const struct user_regset *regset,
@@ -462,6 +462,7 @@ static int fpr_get(struct task_struct *t
void *kbuf, void __user *ubuf)
{
const int fcr31_pos = NUM_FPU_REGS * sizeof(elf_fpreg_t);
+ const int fir_pos = fcr31_pos + sizeof(u32);
int err;
if (sizeof(target->thread.fpu.fpr[0]) == sizeof(elf_fpreg_t))
@@ -474,6 +475,12 @@ static int fpr_get(struct task_struct *t
err = user_regset_copyout(&pos, &count, &kbuf, &ubuf,
&target->thread.fpu.fcr31,
fcr31_pos, fcr31_pos + sizeof(u32));
+ if (err)
+ return err;
+
+ err = user_regset_copyout(&pos, &count, &kbuf, &ubuf,
+ &boot_cpu_data.fpu_id,
+ fir_pos, fir_pos + sizeof(u32));
return err;
}
@@ -522,7 +529,8 @@ static int fpr_set_msa(struct task_struc
/*
* Copy the supplied NT_PRFPREG buffer to the floating-point context.
* Choose the appropriate helper for general registers, and then copy
- * the FCSR register separately.
+ * the FCSR register separately. Ignore the incoming FIR register
+ * contents though, as the register is read-only.
*
* We optimize for the case where `count % sizeof(elf_fpreg_t) == 0',
* which is supposed to have been guaranteed by the kernel before
@@ -536,6 +544,7 @@ static int fpr_set(struct task_struct *t
const void *kbuf, const void __user *ubuf)
{
const int fcr31_pos = NUM_FPU_REGS * sizeof(elf_fpreg_t);
+ const int fir_pos = fcr31_pos + sizeof(u32);
u32 fcr31;
int err;
@@ -563,6 +572,11 @@ static int fpr_set(struct task_struct *t
ptrace_setfcr31(target, fcr31);
}
+ if (count > 0)
+ err = user_regset_copyin_ignore(&pos, &count, &kbuf, &ubuf,
+ fir_pos,
+ fir_pos + sizeof(u32));
+
return err;
}
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 003/496] MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
2018-05-28 9:56 ` [PATCH 4.14 001/496] MIPS: c-r4k: Fix data corruption related to cache coherence Greg Kroah-Hartman
2018-05-28 9:56 ` [PATCH 4.14 002/496] MIPS: ptrace: Expose FIR register through FP regset Greg Kroah-Hartman
@ 2018-05-28 9:56 ` Greg Kroah-Hartman
2018-05-28 9:56 ` [PATCH 4.14 004/496] KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable" Greg Kroah-Hartman
` (466 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maciej W. Rozycki, Ralf Baechle,
linux-mips, James Hogan
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Maciej W. Rozycki <macro@mips.com>
commit 9a3a92ccfe3620743d4ae57c987dc8e9c5f88996 upstream.
Check the TIF_32BIT_FPREGS task setting of the tracee rather than the
tracer in determining the layout of floating-point general registers in
the floating-point context, correcting access to odd-numbered registers
for o32 tracees where the setting disagrees between the two processes.
Fixes: 597ce1723e0f ("MIPS: Support for 64-bit FP with O32 binaries")
Signed-off-by: Maciej W. Rozycki <macro@mips.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: linux-mips@linux-mips.org
Cc: <stable@vger.kernel.org> # 3.14+
Signed-off-by: James Hogan <jhogan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/kernel/ptrace.c | 4 ++--
arch/mips/kernel/ptrace32.c | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
--- a/arch/mips/kernel/ptrace.c
+++ b/arch/mips/kernel/ptrace.c
@@ -798,7 +798,7 @@ long arch_ptrace(struct task_struct *chi
fregs = get_fpu_regs(child);
#ifdef CONFIG_32BIT
- if (test_thread_flag(TIF_32BIT_FPREGS)) {
+ if (test_tsk_thread_flag(child, TIF_32BIT_FPREGS)) {
/*
* The odd registers are actually the high
* order bits of the values stored in the even
@@ -887,7 +887,7 @@ long arch_ptrace(struct task_struct *chi
init_fp_ctx(child);
#ifdef CONFIG_32BIT
- if (test_thread_flag(TIF_32BIT_FPREGS)) {
+ if (test_tsk_thread_flag(child, TIF_32BIT_FPREGS)) {
/*
* The odd registers are actually the high
* order bits of the values stored in the even
--- a/arch/mips/kernel/ptrace32.c
+++ b/arch/mips/kernel/ptrace32.c
@@ -98,7 +98,7 @@ long compat_arch_ptrace(struct task_stru
break;
}
fregs = get_fpu_regs(child);
- if (test_thread_flag(TIF_32BIT_FPREGS)) {
+ if (test_tsk_thread_flag(child, TIF_32BIT_FPREGS)) {
/*
* The odd registers are actually the high
* order bits of the values stored in the even
@@ -205,7 +205,7 @@ long compat_arch_ptrace(struct task_stru
sizeof(child->thread.fpu));
child->thread.fpu.fcr31 = 0;
}
- if (test_thread_flag(TIF_32BIT_FPREGS)) {
+ if (test_tsk_thread_flag(child, TIF_32BIT_FPREGS)) {
/*
* The odd registers are actually the high
* order bits of the values stored in the even
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 004/496] KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable"
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (2 preceding siblings ...)
2018-05-28 9:56 ` [PATCH 4.14 003/496] MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs Greg Kroah-Hartman
@ 2018-05-28 9:56 ` Greg Kroah-Hartman
2018-05-28 9:56 ` [PATCH 4.14 005/496] affs_lookup(): close a race with affs_remove_link() Greg Kroah-Hartman
` (465 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Colin Ian King, Ralf Baechle,
linux-mips, kernel-janitors, James Hogan
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Colin Ian King <colin.king@canonical.com>
commit ba3696e94d9d590d9a7e55f68e81c25dba515191 upstream.
Trivial fix to spelling mistake in debugfs_entries text.
Fixes: 669e846e6c4e ("KVM/MIPS32: MIPS arch specific APIs for KVM")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: linux-mips@linux-mips.org
Cc: kernel-janitors@vger.kernel.org
Cc: <stable@vger.kernel.org> # 3.10+
Signed-off-by: James Hogan <jhogan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/kvm/mips.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/mips/kvm/mips.c
+++ b/arch/mips/kvm/mips.c
@@ -45,7 +45,7 @@ struct kvm_stats_debugfs_item debugfs_en
{ "cache", VCPU_STAT(cache_exits), KVM_STAT_VCPU },
{ "signal", VCPU_STAT(signal_exits), KVM_STAT_VCPU },
{ "interrupt", VCPU_STAT(int_exits), KVM_STAT_VCPU },
- { "cop_unsuable", VCPU_STAT(cop_unusable_exits), KVM_STAT_VCPU },
+ { "cop_unusable", VCPU_STAT(cop_unusable_exits), KVM_STAT_VCPU },
{ "tlbmod", VCPU_STAT(tlbmod_exits), KVM_STAT_VCPU },
{ "tlbmiss_ld", VCPU_STAT(tlbmiss_ld_exits), KVM_STAT_VCPU },
{ "tlbmiss_st", VCPU_STAT(tlbmiss_st_exits), KVM_STAT_VCPU },
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 005/496] affs_lookup(): close a race with affs_remove_link()
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (3 preceding siblings ...)
2018-05-28 9:56 ` [PATCH 4.14 004/496] KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable" Greg Kroah-Hartman
@ 2018-05-28 9:56 ` Greg Kroah-Hartman
2018-05-28 9:56 ` [PATCH 4.14 006/496] fs: dont scan the inode cache before SB_BORN is set Greg Kroah-Hartman
` (464 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:56 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, David Sterba, Al Viro
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Al Viro <viro@zeniv.linux.org.uk>
commit 30da870ce4a4e007c901858a96e9e394a1daa74a upstream.
we unlock the directory hash too early - if we are looking at secondary
link and primary (in another directory) gets removed just as we unlock,
we could have the old primary moved in place of the secondary, leaving
us to look into freed entry (and leaving our dentry with ->d_fsdata
pointing to a freed entry).
Cc: stable@vger.kernel.org # 2.4.4+
Acked-by: David Sterba <dsterba@suse.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/affs/namei.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
--- a/fs/affs/namei.c
+++ b/fs/affs/namei.c
@@ -206,9 +206,10 @@ affs_lookup(struct inode *dir, struct de
affs_lock_dir(dir);
bh = affs_find_entry(dir, dentry);
- affs_unlock_dir(dir);
- if (IS_ERR(bh))
+ if (IS_ERR(bh)) {
+ affs_unlock_dir(dir);
return ERR_CAST(bh);
+ }
if (bh) {
u32 ino = bh->b_blocknr;
@@ -222,10 +223,13 @@ affs_lookup(struct inode *dir, struct de
}
affs_brelse(bh);
inode = affs_iget(sb, ino);
- if (IS_ERR(inode))
+ if (IS_ERR(inode)) {
+ affs_unlock_dir(dir);
return ERR_CAST(inode);
+ }
}
d_add(dentry, inode);
+ affs_unlock_dir(dir);
return NULL;
}
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 006/496] fs: dont scan the inode cache before SB_BORN is set
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (4 preceding siblings ...)
2018-05-28 9:56 ` [PATCH 4.14 005/496] affs_lookup(): close a race with affs_remove_link() Greg Kroah-Hartman
@ 2018-05-28 9:56 ` Greg Kroah-Hartman
2018-05-28 9:56 ` [PATCH 4.14 007/496] aio: fix io_destroy(2) vs. lookup_ioctx() race Greg Kroah-Hartman
` (463 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:56 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Dave Chinner, Al Viro
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dave Chinner <dchinner@redhat.com>
commit 79f546a696bff2590169fb5684e23d65f4d9f591 upstream.
We recently had an oops reported on a 4.14 kernel in
xfs_reclaim_inodes_count() where sb->s_fs_info pointed to garbage
and so the m_perag_tree lookup walked into lala land. It produces
an oops down this path during the failed mount:
radix_tree_gang_lookup_tag+0xc4/0x130
xfs_perag_get_tag+0x37/0xf0
xfs_reclaim_inodes_count+0x32/0x40
xfs_fs_nr_cached_objects+0x11/0x20
super_cache_count+0x35/0xc0
shrink_slab.part.66+0xb1/0x370
shrink_node+0x7e/0x1a0
try_to_free_pages+0x199/0x470
__alloc_pages_slowpath+0x3a1/0xd20
__alloc_pages_nodemask+0x1c3/0x200
cache_grow_begin+0x20b/0x2e0
fallback_alloc+0x160/0x200
kmem_cache_alloc+0x111/0x4e0
The problem is that the superblock shrinker is running before the
filesystem structures it depends on have been fully set up. i.e.
the shrinker is registered in sget(), before ->fill_super() has been
called, and the shrinker can call into the filesystem before
fill_super() does it's setup work. Essentially we are exposed to
both use-after-free and use-before-initialisation bugs here.
To fix this, add a check for the SB_BORN flag in super_cache_count.
In general, this flag is not set until ->fs_mount() completes
successfully, so we know that it is set after the filesystem
setup has completed. This matches the trylock_super() behaviour
which will not let super_cache_scan() run if SB_BORN is not set, and
hence will not allow the superblock shrinker from entering the
filesystem while it is being set up or after it has failed setup
and is being torn down.
Cc: stable@kernel.org
Signed-Off-By: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/super.c | 30 ++++++++++++++++++++++++------
1 file changed, 24 insertions(+), 6 deletions(-)
--- a/fs/super.c
+++ b/fs/super.c
@@ -120,13 +120,23 @@ static unsigned long super_cache_count(s
sb = container_of(shrink, struct super_block, s_shrink);
/*
- * Don't call trylock_super as it is a potential
- * scalability bottleneck. The counts could get updated
- * between super_cache_count and super_cache_scan anyway.
- * Call to super_cache_count with shrinker_rwsem held
- * ensures the safety of call to list_lru_shrink_count() and
- * s_op->nr_cached_objects().
+ * We don't call trylock_super() here as it is a scalability bottleneck,
+ * so we're exposed to partial setup state. The shrinker rwsem does not
+ * protect filesystem operations backing list_lru_shrink_count() or
+ * s_op->nr_cached_objects(). Counts can change between
+ * super_cache_count and super_cache_scan, so we really don't need locks
+ * here.
+ *
+ * However, if we are currently mounting the superblock, the underlying
+ * filesystem might be in a state of partial construction and hence it
+ * is dangerous to access it. trylock_super() uses a SB_BORN check to
+ * avoid this situation, so do the same here. The memory barrier is
+ * matched with the one in mount_fs() as we don't hold locks here.
*/
+ if (!(sb->s_flags & SB_BORN))
+ return 0;
+ smp_rmb();
+
if (sb->s_op && sb->s_op->nr_cached_objects)
total_objects = sb->s_op->nr_cached_objects(sb, sc);
@@ -1232,6 +1242,14 @@ mount_fs(struct file_system_type *type,
sb = root->d_sb;
BUG_ON(!sb);
WARN_ON(!sb->s_bdi);
+
+ /*
+ * Write barrier is for super_cache_count(). We place it before setting
+ * SB_BORN as the data dependency between the two functions is the
+ * superblock structure contents that we just set up, not the SB_BORN
+ * flag.
+ */
+ smp_wmb();
sb->s_flags |= SB_BORN;
error = security_sb_kern_mount(sb, flags, secdata);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 007/496] aio: fix io_destroy(2) vs. lookup_ioctx() race
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (5 preceding siblings ...)
2018-05-28 9:56 ` [PATCH 4.14 006/496] fs: dont scan the inode cache before SB_BORN is set Greg Kroah-Hartman
@ 2018-05-28 9:56 ` Greg Kroah-Hartman
2018-05-28 9:56 ` [PATCH 4.14 008/496] ALSA: timer: Fix pause event notification Greg Kroah-Hartman
` (462 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:56 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Al Viro
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Al Viro <viro@zeniv.linux.org.uk>
commit baf10564fbb66ea222cae66fbff11c444590ffd9 upstream.
kill_ioctx() used to have an explicit RCU delay between removing the
reference from ->ioctx_table and percpu_ref_kill() dropping the refcount.
At some point that delay had been removed, on the theory that
percpu_ref_kill() itself contained an RCU delay. Unfortunately, that was
the wrong kind of RCU delay and it didn't care about rcu_read_lock() used
by lookup_ioctx(). As the result, we could get ctx freed right under
lookup_ioctx(). Tejun has fixed that in a6d7cff472e ("fs/aio: Add explicit
RCU grace period when freeing kioctx"); however, that fix is not enough.
Suppose io_destroy() from one thread races with e.g. io_setup() from another;
CPU1 removes the reference from current->mm->ioctx_table[...] just as CPU2
has picked it (under rcu_read_lock()). Then CPU1 proceeds to drop the
refcount, getting it to 0 and triggering a call of free_ioctx_users(),
which proceeds to drop the secondary refcount and once that reaches zero
calls free_ioctx_reqs(). That does
INIT_RCU_WORK(&ctx->free_rwork, free_ioctx);
queue_rcu_work(system_wq, &ctx->free_rwork);
and schedules freeing the whole thing after RCU delay.
In the meanwhile CPU2 has gotten around to percpu_ref_get(), bumping the
refcount from 0 to 1 and returned the reference to io_setup().
Tejun's fix (that queue_rcu_work() in there) guarantees that ctx won't get
freed until after percpu_ref_get(). Sure, we'd increment the counter before
ctx can be freed. Now we are out of rcu_read_lock() and there's nothing to
stop freeing of the whole thing. Unfortunately, CPU2 assumes that since it
has grabbed the reference, ctx is *NOT* going away until it gets around to
dropping that reference.
The fix is obvious - use percpu_ref_tryget_live() and treat failure as miss.
It's not costlier than what we currently do in normal case, it's safe to
call since freeing *is* delayed and it closes the race window - either
lookup_ioctx() comes before percpu_ref_kill() (in which case ctx->users
won't reach 0 until the caller of lookup_ioctx() drops it) or lookup_ioctx()
fails, ctx->users is unaffected and caller of lookup_ioctx() doesn't see
the object in question at all.
Cc: stable@kernel.org
Fixes: a6d7cff472e "fs/aio: Add explicit RCU grace period when freeing kioctx"
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/aio.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/fs/aio.c
+++ b/fs/aio.c
@@ -1087,8 +1087,8 @@ static struct kioctx *lookup_ioctx(unsig
ctx = rcu_dereference(table->table[id]);
if (ctx && ctx->user_id == ctx_id) {
- percpu_ref_get(&ctx->users);
- ret = ctx;
+ if (percpu_ref_tryget_live(&ctx->users))
+ ret = ctx;
}
out:
rcu_read_unlock();
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 008/496] ALSA: timer: Fix pause event notification
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (6 preceding siblings ...)
2018-05-28 9:56 ` [PATCH 4.14 007/496] aio: fix io_destroy(2) vs. lookup_ioctx() race Greg Kroah-Hartman
@ 2018-05-28 9:56 ` Greg Kroah-Hartman
2018-05-28 9:56 ` [PATCH 4.14 009/496] do d_instantiate/unlock_new_inode combinations safely Greg Kroah-Hartman
` (461 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:56 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ben Hutchings, Takashi Iwai
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ben Hutchings <ben.hutchings@codethink.co.uk>
commit 3ae180972564846e6d794e3615e1ab0a1e6c4ef9 upstream.
Commit f65e0d299807 ("ALSA: timer: Call notifier in the same spinlock")
combined the start/continue and stop/pause functions, and in doing so
changed the event code for the pause case to SNDRV_TIMER_EVENT_CONTINUE.
Change it back to SNDRV_TIMER_EVENT_PAUSE.
Fixes: f65e0d299807 ("ALSA: timer: Call notifier in the same spinlock")
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Cc: stable@vger.kernel.org
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/core/timer.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/sound/core/timer.c
+++ b/sound/core/timer.c
@@ -592,7 +592,7 @@ static int snd_timer_stop1(struct snd_ti
else
timeri->flags |= SNDRV_TIMER_IFLG_PAUSED;
snd_timer_notify1(timeri, stop ? SNDRV_TIMER_EVENT_STOP :
- SNDRV_TIMER_EVENT_CONTINUE);
+ SNDRV_TIMER_EVENT_PAUSE);
unlock:
spin_unlock_irqrestore(&timer->lock, flags);
return result;
@@ -614,7 +614,7 @@ static int snd_timer_stop_slave(struct s
list_del_init(&timeri->ack_list);
list_del_init(&timeri->active_list);
snd_timer_notify1(timeri, stop ? SNDRV_TIMER_EVENT_STOP :
- SNDRV_TIMER_EVENT_CONTINUE);
+ SNDRV_TIMER_EVENT_PAUSE);
spin_unlock(&timeri->timer->lock);
}
spin_unlock_irqrestore(&slave_active_lock, flags);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 009/496] do d_instantiate/unlock_new_inode combinations safely
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (7 preceding siblings ...)
2018-05-28 9:56 ` [PATCH 4.14 008/496] ALSA: timer: Fix pause event notification Greg Kroah-Hartman
@ 2018-05-28 9:56 ` Greg Kroah-Hartman
2018-05-28 9:56 ` [PATCH 4.14 010/496] mmc: sdhci-iproc: remove hard coded mmc cap 1.8v Greg Kroah-Hartman
` (460 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mike Marshall, Andreas Dilger, Al Viro
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Al Viro <viro@zeniv.linux.org.uk>
commit 1e2e547a93a00ebc21582c06ca3c6cfea2a309ee upstream.
For anything NFS-exported we do _not_ want to unlock new inode
before it has grown an alias; original set of fixes got the
ordering right, but missed the nasty complication in case of
lockdep being enabled - unlock_new_inode() does
lockdep_annotate_inode_mutex_key(inode)
which can only be done before anyone gets a chance to touch
->i_mutex. Unfortunately, flipping the order and doing
unlock_new_inode() before d_instantiate() opens a window when
mkdir can race with open-by-fhandle on a guessed fhandle, leading
to multiple aliases for a directory inode and all the breakage
that follows from that.
Correct solution: a new primitive (d_instantiate_new())
combining these two in the right order - lockdep annotate, then
d_instantiate(), then the rest of unlock_new_inode(). All
combinations of d_instantiate() with unlock_new_inode() should
be converted to that.
Cc: stable@kernel.org # 2.6.29 and later
Tested-by: Mike Marshall <hubcap@omnibond.com>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/inode.c | 16 ++++------------
fs/dcache.c | 22 ++++++++++++++++++++++
fs/ecryptfs/inode.c | 3 +--
fs/ext2/namei.c | 6 ++----
fs/ext4/namei.c | 6 ++----
fs/f2fs/namei.c | 12 ++++--------
fs/jffs2/dir.c | 12 ++++--------
fs/jfs/namei.c | 12 ++++--------
fs/nilfs2/namei.c | 6 ++----
fs/orangefs/namei.c | 9 +++------
fs/reiserfs/namei.c | 12 ++++--------
fs/udf/namei.c | 6 ++----
fs/ufs/namei.c | 6 ++----
include/linux/dcache.h | 1 +
14 files changed, 57 insertions(+), 72 deletions(-)
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -6664,8 +6664,7 @@ static int btrfs_mknod(struct inode *dir
goto out_unlock_inode;
} else {
btrfs_update_inode(trans, root, inode);
- unlock_new_inode(inode);
- d_instantiate(dentry, inode);
+ d_instantiate_new(dentry, inode);
}
out_unlock:
@@ -6742,8 +6741,7 @@ static int btrfs_create(struct inode *di
goto out_unlock_inode;
BTRFS_I(inode)->io_tree.ops = &btrfs_extent_io_ops;
- unlock_new_inode(inode);
- d_instantiate(dentry, inode);
+ d_instantiate_new(dentry, inode);
out_unlock:
btrfs_end_transaction(trans);
@@ -6890,12 +6888,7 @@ static int btrfs_mkdir(struct inode *dir
if (err)
goto out_fail_inode;
- d_instantiate(dentry, inode);
- /*
- * mkdir is special. We're unlocking after we call d_instantiate
- * to avoid a race with nfsd calling d_instantiate.
- */
- unlock_new_inode(inode);
+ d_instantiate_new(dentry, inode);
drop_on_err = 0;
out_fail:
@@ -10573,8 +10566,7 @@ static int btrfs_symlink(struct inode *d
goto out_unlock_inode;
}
- unlock_new_inode(inode);
- d_instantiate(dentry, inode);
+ d_instantiate_new(dentry, inode);
out_unlock:
btrfs_end_transaction(trans);
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -1867,6 +1867,28 @@ void d_instantiate(struct dentry *entry,
}
EXPORT_SYMBOL(d_instantiate);
+/*
+ * This should be equivalent to d_instantiate() + unlock_new_inode(),
+ * with lockdep-related part of unlock_new_inode() done before
+ * anything else. Use that instead of open-coding d_instantiate()/
+ * unlock_new_inode() combinations.
+ */
+void d_instantiate_new(struct dentry *entry, struct inode *inode)
+{
+ BUG_ON(!hlist_unhashed(&entry->d_u.d_alias));
+ BUG_ON(!inode);
+ lockdep_annotate_inode_mutex_key(inode);
+ security_d_instantiate(entry, inode);
+ spin_lock(&inode->i_lock);
+ __d_instantiate(entry, inode);
+ WARN_ON(!(inode->i_state & I_NEW));
+ inode->i_state &= ~I_NEW;
+ smp_mb();
+ wake_up_bit(&inode->i_state, __I_NEW);
+ spin_unlock(&inode->i_lock);
+}
+EXPORT_SYMBOL(d_instantiate_new);
+
/**
* d_instantiate_no_diralias - instantiate a non-aliased dentry
* @entry: dentry to complete
--- a/fs/ecryptfs/inode.c
+++ b/fs/ecryptfs/inode.c
@@ -284,8 +284,7 @@ ecryptfs_create(struct inode *directory_
iget_failed(ecryptfs_inode);
goto out;
}
- unlock_new_inode(ecryptfs_inode);
- d_instantiate(ecryptfs_dentry, ecryptfs_inode);
+ d_instantiate_new(ecryptfs_dentry, ecryptfs_inode);
out:
return rc;
}
--- a/fs/ext2/namei.c
+++ b/fs/ext2/namei.c
@@ -41,8 +41,7 @@ static inline int ext2_add_nondir(struct
{
int err = ext2_add_link(dentry, inode);
if (!err) {
- unlock_new_inode(inode);
- d_instantiate(dentry, inode);
+ d_instantiate_new(dentry, inode);
return 0;
}
inode_dec_link_count(inode);
@@ -269,8 +268,7 @@ static int ext2_mkdir(struct inode * dir
if (err)
goto out_fail;
- unlock_new_inode(inode);
- d_instantiate(dentry, inode);
+ d_instantiate_new(dentry, inode);
out:
return err;
--- a/fs/ext4/namei.c
+++ b/fs/ext4/namei.c
@@ -2420,8 +2420,7 @@ static int ext4_add_nondir(handle_t *han
int err = ext4_add_entry(handle, dentry, inode);
if (!err) {
ext4_mark_inode_dirty(handle, inode);
- unlock_new_inode(inode);
- d_instantiate(dentry, inode);
+ d_instantiate_new(dentry, inode);
return 0;
}
drop_nlink(inode);
@@ -2660,8 +2659,7 @@ out_clear_inode:
err = ext4_mark_inode_dirty(handle, dir);
if (err)
goto out_clear_inode;
- unlock_new_inode(inode);
- d_instantiate(dentry, inode);
+ d_instantiate_new(dentry, inode);
if (IS_DIRSYNC(dir))
ext4_handle_sync(handle);
--- a/fs/f2fs/namei.c
+++ b/fs/f2fs/namei.c
@@ -201,8 +201,7 @@ static int f2fs_create(struct inode *dir
alloc_nid_done(sbi, ino);
- d_instantiate(dentry, inode);
- unlock_new_inode(inode);
+ d_instantiate_new(dentry, inode);
if (IS_DIRSYNC(dir))
f2fs_sync_fs(sbi->sb, 1);
@@ -529,8 +528,7 @@ static int f2fs_symlink(struct inode *di
err = page_symlink(inode, disk_link.name, disk_link.len);
err_out:
- d_instantiate(dentry, inode);
- unlock_new_inode(inode);
+ d_instantiate_new(dentry, inode);
/*
* Let's flush symlink data in order to avoid broken symlink as much as
@@ -588,8 +586,7 @@ static int f2fs_mkdir(struct inode *dir,
alloc_nid_done(sbi, inode->i_ino);
- d_instantiate(dentry, inode);
- unlock_new_inode(inode);
+ d_instantiate_new(dentry, inode);
if (IS_DIRSYNC(dir))
f2fs_sync_fs(sbi->sb, 1);
@@ -637,8 +634,7 @@ static int f2fs_mknod(struct inode *dir,
alloc_nid_done(sbi, inode->i_ino);
- d_instantiate(dentry, inode);
- unlock_new_inode(inode);
+ d_instantiate_new(dentry, inode);
if (IS_DIRSYNC(dir))
f2fs_sync_fs(sbi->sb, 1);
--- a/fs/jffs2/dir.c
+++ b/fs/jffs2/dir.c
@@ -209,8 +209,7 @@ static int jffs2_create(struct inode *di
__func__, inode->i_ino, inode->i_mode, inode->i_nlink,
f->inocache->pino_nlink, inode->i_mapping->nrpages);
- unlock_new_inode(inode);
- d_instantiate(dentry, inode);
+ d_instantiate_new(dentry, inode);
return 0;
fail:
@@ -430,8 +429,7 @@ static int jffs2_symlink (struct inode *
mutex_unlock(&dir_f->sem);
jffs2_complete_reservation(c);
- unlock_new_inode(inode);
- d_instantiate(dentry, inode);
+ d_instantiate_new(dentry, inode);
return 0;
fail:
@@ -575,8 +573,7 @@ static int jffs2_mkdir (struct inode *di
mutex_unlock(&dir_f->sem);
jffs2_complete_reservation(c);
- unlock_new_inode(inode);
- d_instantiate(dentry, inode);
+ d_instantiate_new(dentry, inode);
return 0;
fail:
@@ -747,8 +744,7 @@ static int jffs2_mknod (struct inode *di
mutex_unlock(&dir_f->sem);
jffs2_complete_reservation(c);
- unlock_new_inode(inode);
- d_instantiate(dentry, inode);
+ d_instantiate_new(dentry, inode);
return 0;
fail:
--- a/fs/jfs/namei.c
+++ b/fs/jfs/namei.c
@@ -178,8 +178,7 @@ static int jfs_create(struct inode *dip,
unlock_new_inode(ip);
iput(ip);
} else {
- unlock_new_inode(ip);
- d_instantiate(dentry, ip);
+ d_instantiate_new(dentry, ip);
}
out2:
@@ -313,8 +312,7 @@ static int jfs_mkdir(struct inode *dip,
unlock_new_inode(ip);
iput(ip);
} else {
- unlock_new_inode(ip);
- d_instantiate(dentry, ip);
+ d_instantiate_new(dentry, ip);
}
out2:
@@ -1059,8 +1057,7 @@ static int jfs_symlink(struct inode *dip
unlock_new_inode(ip);
iput(ip);
} else {
- unlock_new_inode(ip);
- d_instantiate(dentry, ip);
+ d_instantiate_new(dentry, ip);
}
out2:
@@ -1447,8 +1444,7 @@ static int jfs_mknod(struct inode *dir,
unlock_new_inode(ip);
iput(ip);
} else {
- unlock_new_inode(ip);
- d_instantiate(dentry, ip);
+ d_instantiate_new(dentry, ip);
}
out1:
--- a/fs/nilfs2/namei.c
+++ b/fs/nilfs2/namei.c
@@ -46,8 +46,7 @@ static inline int nilfs_add_nondir(struc
int err = nilfs_add_link(dentry, inode);
if (!err) {
- d_instantiate(dentry, inode);
- unlock_new_inode(inode);
+ d_instantiate_new(dentry, inode);
return 0;
}
inode_dec_link_count(inode);
@@ -243,8 +242,7 @@ static int nilfs_mkdir(struct inode *dir
goto out_fail;
nilfs_mark_inode_dirty(inode);
- d_instantiate(dentry, inode);
- unlock_new_inode(inode);
+ d_instantiate_new(dentry, inode);
out:
if (!err)
err = nilfs_transaction_commit(dir->i_sb);
--- a/fs/orangefs/namei.c
+++ b/fs/orangefs/namei.c
@@ -71,8 +71,7 @@ static int orangefs_create(struct inode
get_khandle_from_ino(inode),
dentry);
- d_instantiate(dentry, inode);
- unlock_new_inode(inode);
+ d_instantiate_new(dentry, inode);
orangefs_set_timeout(dentry);
ORANGEFS_I(inode)->getattr_time = jiffies - 1;
ORANGEFS_I(inode)->getattr_mask = STATX_BASIC_STATS;
@@ -320,8 +319,7 @@ static int orangefs_symlink(struct inode
"Assigned symlink inode new number of %pU\n",
get_khandle_from_ino(inode));
- d_instantiate(dentry, inode);
- unlock_new_inode(inode);
+ d_instantiate_new(dentry, inode);
orangefs_set_timeout(dentry);
ORANGEFS_I(inode)->getattr_time = jiffies - 1;
ORANGEFS_I(inode)->getattr_mask = STATX_BASIC_STATS;
@@ -385,8 +383,7 @@ static int orangefs_mkdir(struct inode *
"Assigned dir inode new number of %pU\n",
get_khandle_from_ino(inode));
- d_instantiate(dentry, inode);
- unlock_new_inode(inode);
+ d_instantiate_new(dentry, inode);
orangefs_set_timeout(dentry);
ORANGEFS_I(inode)->getattr_time = jiffies - 1;
ORANGEFS_I(inode)->getattr_mask = STATX_BASIC_STATS;
--- a/fs/reiserfs/namei.c
+++ b/fs/reiserfs/namei.c
@@ -687,8 +687,7 @@ static int reiserfs_create(struct inode
reiserfs_update_inode_transaction(inode);
reiserfs_update_inode_transaction(dir);
- unlock_new_inode(inode);
- d_instantiate(dentry, inode);
+ d_instantiate_new(dentry, inode);
retval = journal_end(&th);
out_failed:
@@ -771,8 +770,7 @@ static int reiserfs_mknod(struct inode *
goto out_failed;
}
- unlock_new_inode(inode);
- d_instantiate(dentry, inode);
+ d_instantiate_new(dentry, inode);
retval = journal_end(&th);
out_failed:
@@ -871,8 +869,7 @@ static int reiserfs_mkdir(struct inode *
/* the above add_entry did not update dir's stat data */
reiserfs_update_sd(&th, dir);
- unlock_new_inode(inode);
- d_instantiate(dentry, inode);
+ d_instantiate_new(dentry, inode);
retval = journal_end(&th);
out_failed:
reiserfs_write_unlock(dir->i_sb);
@@ -1187,8 +1184,7 @@ static int reiserfs_symlink(struct inode
goto out_failed;
}
- unlock_new_inode(inode);
- d_instantiate(dentry, inode);
+ d_instantiate_new(dentry, inode);
retval = journal_end(&th);
out_failed:
reiserfs_write_unlock(parent_dir->i_sb);
--- a/fs/udf/namei.c
+++ b/fs/udf/namei.c
@@ -621,8 +621,7 @@ static int udf_add_nondir(struct dentry
if (fibh.sbh != fibh.ebh)
brelse(fibh.ebh);
brelse(fibh.sbh);
- unlock_new_inode(inode);
- d_instantiate(dentry, inode);
+ d_instantiate_new(dentry, inode);
return 0;
}
@@ -732,8 +731,7 @@ static int udf_mkdir(struct inode *dir,
inc_nlink(dir);
dir->i_ctime = dir->i_mtime = current_time(dir);
mark_inode_dirty(dir);
- unlock_new_inode(inode);
- d_instantiate(dentry, inode);
+ d_instantiate_new(dentry, inode);
if (fibh.sbh != fibh.ebh)
brelse(fibh.ebh);
brelse(fibh.sbh);
--- a/fs/ufs/namei.c
+++ b/fs/ufs/namei.c
@@ -39,8 +39,7 @@ static inline int ufs_add_nondir(struct
{
int err = ufs_add_link(dentry, inode);
if (!err) {
- unlock_new_inode(inode);
- d_instantiate(dentry, inode);
+ d_instantiate_new(dentry, inode);
return 0;
}
inode_dec_link_count(inode);
@@ -193,8 +192,7 @@ static int ufs_mkdir(struct inode * dir,
if (err)
goto out_fail;
- unlock_new_inode(inode);
- d_instantiate(dentry, inode);
+ d_instantiate_new(dentry, inode);
return 0;
out_fail:
--- a/include/linux/dcache.h
+++ b/include/linux/dcache.h
@@ -226,6 +226,7 @@ extern seqlock_t rename_lock;
* These are the low-level FS interfaces to the dcache..
*/
extern void d_instantiate(struct dentry *, struct inode *);
+extern void d_instantiate_new(struct dentry *, struct inode *);
extern struct dentry * d_instantiate_unique(struct dentry *, struct inode *);
extern int d_instantiate_no_diralias(struct dentry *, struct inode *);
extern void __d_drop(struct dentry *dentry);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 010/496] mmc: sdhci-iproc: remove hard coded mmc cap 1.8v
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (8 preceding siblings ...)
2018-05-28 9:56 ` [PATCH 4.14 009/496] do d_instantiate/unlock_new_inode combinations safely Greg Kroah-Hartman
@ 2018-05-28 9:56 ` Greg Kroah-Hartman
2018-05-28 9:56 ` [PATCH 4.14 011/496] mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register Greg Kroah-Hartman
` (459 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Srinath Mannam, Scott Branden,
Ray Jui, Ulf Hansson
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Srinath Mannam <srinath.mannam@broadcom.com>
commit 4c94238f37af87a2165c3fb491b4a8b50e90649c upstream.
Remove hard coded mmc cap 1.8v from platform data as it is board specific.
The 1.8v DDR mmc caps can be enabled using DTS property for those
boards that support it.
Fixes: b17b4ab8ce38 ("mmc: sdhci-iproc: define MMC caps in platform data")
Signed-off-by: Srinath Mannam <srinath.mannam@broadcom.com>
Signed-off-by: Scott Branden <scott.branden@broadcom.com>
Reviewed-by: Ray Jui <ray.jui@broadcom.com>
Cc: stable@vger.kernel.org # v4.8+
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/host/sdhci-iproc.c | 1 -
1 file changed, 1 deletion(-)
--- a/drivers/mmc/host/sdhci-iproc.c
+++ b/drivers/mmc/host/sdhci-iproc.c
@@ -206,7 +206,6 @@ static const struct sdhci_iproc_data ipr
.caps1 = SDHCI_DRIVER_TYPE_C |
SDHCI_DRIVER_TYPE_D |
SDHCI_SUPPORT_DDR50,
- .mmc_caps = MMC_CAP_1_8V_DDR,
};
static const struct sdhci_pltfm_data sdhci_bcm2835_pltfm_data = {
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 011/496] mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (9 preceding siblings ...)
2018-05-28 9:56 ` [PATCH 4.14 010/496] mmc: sdhci-iproc: remove hard coded mmc cap 1.8v Greg Kroah-Hartman
@ 2018-05-28 9:56 ` Greg Kroah-Hartman
2018-05-28 9:56 ` [PATCH 4.14 012/496] mmc: sdhci-iproc: add SDHCI_QUIRK2_HOST_OFF_CARD_ON for cygnus Greg Kroah-Hartman
` (458 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Corneliu Doban, Scott Branden, Ulf Hansson
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Corneliu Doban <corneliu.doban@broadcom.com>
commit 5f651b870485ee60f5abbbd85195a6852978894a upstream.
When the host controller accepts only 32bit writes, the value of the
16bit TRANSFER_MODE register, that has the same 32bit address as the
16bit COMMAND register, needs to be saved and it will be written
in a 32bit write together with the command as this will trigger the
host to send the command on the SD interface.
When sending the tuning command, TRANSFER_MODE is written and then
sdhci_set_transfer_mode reads it back to clear AUTO_CMD12 bit and
write it again resulting in wrong value to be written because the
initial write value was saved in a shadow and the read-back returned
a wrong value, from the register.
Fix sdhci_iproc_readw to return the saved value of TRANSFER_MODE
when a saved value exist.
Same fix for read of BLOCK_SIZE and BLOCK_COUNT registers, that are
saved for a different reason, although a scenario that will cause the
mentioned problem on this registers is not probable.
Fixes: b580c52d58d9 ("mmc: sdhci-iproc: add IPROC SDHCI driver")
Signed-off-by: Corneliu Doban <corneliu.doban@broadcom.com>
Signed-off-by: Scott Branden <scott.branden@broadcom.com>
Cc: stable@vger.kernel.org # v4.1+
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/host/sdhci-iproc.c | 30 +++++++++++++++++++++++++-----
1 file changed, 25 insertions(+), 5 deletions(-)
--- a/drivers/mmc/host/sdhci-iproc.c
+++ b/drivers/mmc/host/sdhci-iproc.c
@@ -33,6 +33,8 @@ struct sdhci_iproc_host {
const struct sdhci_iproc_data *data;
u32 shadow_cmd;
u32 shadow_blk;
+ bool is_cmd_shadowed;
+ bool is_blk_shadowed;
};
#define REG_OFFSET_IN_BITS(reg) ((reg) << 3 & 0x18)
@@ -48,8 +50,22 @@ static inline u32 sdhci_iproc_readl(stru
static u16 sdhci_iproc_readw(struct sdhci_host *host, int reg)
{
- u32 val = sdhci_iproc_readl(host, (reg & ~3));
- u16 word = val >> REG_OFFSET_IN_BITS(reg) & 0xffff;
+ struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host);
+ struct sdhci_iproc_host *iproc_host = sdhci_pltfm_priv(pltfm_host);
+ u32 val;
+ u16 word;
+
+ if ((reg == SDHCI_TRANSFER_MODE) && iproc_host->is_cmd_shadowed) {
+ /* Get the saved transfer mode */
+ val = iproc_host->shadow_cmd;
+ } else if ((reg == SDHCI_BLOCK_SIZE || reg == SDHCI_BLOCK_COUNT) &&
+ iproc_host->is_blk_shadowed) {
+ /* Get the saved block info */
+ val = iproc_host->shadow_blk;
+ } else {
+ val = sdhci_iproc_readl(host, (reg & ~3));
+ }
+ word = val >> REG_OFFSET_IN_BITS(reg) & 0xffff;
return word;
}
@@ -105,13 +121,15 @@ static void sdhci_iproc_writew(struct sd
if (reg == SDHCI_COMMAND) {
/* Write the block now as we are issuing a command */
- if (iproc_host->shadow_blk != 0) {
+ if (iproc_host->is_blk_shadowed) {
sdhci_iproc_writel(host, iproc_host->shadow_blk,
SDHCI_BLOCK_SIZE);
- iproc_host->shadow_blk = 0;
+ iproc_host->is_blk_shadowed = false;
}
oldval = iproc_host->shadow_cmd;
- } else if (reg == SDHCI_BLOCK_SIZE || reg == SDHCI_BLOCK_COUNT) {
+ iproc_host->is_cmd_shadowed = false;
+ } else if ((reg == SDHCI_BLOCK_SIZE || reg == SDHCI_BLOCK_COUNT) &&
+ iproc_host->is_blk_shadowed) {
/* Block size and count are stored in shadow reg */
oldval = iproc_host->shadow_blk;
} else {
@@ -123,9 +141,11 @@ static void sdhci_iproc_writew(struct sd
if (reg == SDHCI_TRANSFER_MODE) {
/* Save the transfer mode until the command is issued */
iproc_host->shadow_cmd = newval;
+ iproc_host->is_cmd_shadowed = true;
} else if (reg == SDHCI_BLOCK_SIZE || reg == SDHCI_BLOCK_COUNT) {
/* Save the block info until the command is issued */
iproc_host->shadow_blk = newval;
+ iproc_host->is_blk_shadowed = true;
} else {
/* Command or other regular 32-bit write */
sdhci_iproc_writel(host, newval, reg & ~3);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 012/496] mmc: sdhci-iproc: add SDHCI_QUIRK2_HOST_OFF_CARD_ON for cygnus
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (10 preceding siblings ...)
2018-05-28 9:56 ` [PATCH 4.14 011/496] mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register Greg Kroah-Hartman
@ 2018-05-28 9:56 ` Greg Kroah-Hartman
2018-05-28 9:56 ` [PATCH 4.14 013/496] libata: Blacklist some Sandisk SSDs for NCQ Greg Kroah-Hartman
` (457 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Corneliu Doban, Scott Branden,
Ray Jui, Srinath Mannam, Ulf Hansson
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Corneliu Doban <corneliu.doban@broadcom.com>
commit 3de06d5a1f05c11c94cbb68af14dbfa7fb81d78b upstream.
The SDHCI_QUIRK2_HOST_OFF_CARD_ON is needed for the driver to
properly reset the host controller (reset all) on initialization
after exiting deep sleep.
Signed-off-by: Corneliu Doban <corneliu.doban@broadcom.com>
Signed-off-by: Scott Branden <scott.branden@broadcom.com>
Reviewed-by: Ray Jui <ray.jui@broadcom.com>
Reviewed-by: Srinath Mannam <srinath.mannam@broadcom.com>
Fixes: c833e92bbb60 ("mmc: sdhci-iproc: support standard byte register accesses")
Cc: stable@vger.kernel.org # v4.10+
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/host/sdhci-iproc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/mmc/host/sdhci-iproc.c
+++ b/drivers/mmc/host/sdhci-iproc.c
@@ -186,7 +186,7 @@ static const struct sdhci_ops sdhci_ipro
static const struct sdhci_pltfm_data sdhci_iproc_cygnus_pltfm_data = {
.quirks = SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK,
- .quirks2 = SDHCI_QUIRK2_ACMD23_BROKEN,
+ .quirks2 = SDHCI_QUIRK2_ACMD23_BROKEN | SDHCI_QUIRK2_HOST_OFF_CARD_ON,
.ops = &sdhci_iproc_32only_ops,
};
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 013/496] libata: Blacklist some Sandisk SSDs for NCQ
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (11 preceding siblings ...)
2018-05-28 9:56 ` [PATCH 4.14 012/496] mmc: sdhci-iproc: add SDHCI_QUIRK2_HOST_OFF_CARD_ON for cygnus Greg Kroah-Hartman
@ 2018-05-28 9:56 ` Greg Kroah-Hartman
2018-05-28 9:56 ` [PATCH 4.14 014/496] libata: blacklist Micron 500IT SSD with MU01 firmware Greg Kroah-Hartman
` (456 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:56 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Tejun Heo, Dave Jones
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tejun Heo <tj@kernel.org>
commit 322579dcc865b94b47345ad1b6002ad167f85405 upstream.
Sandisk SSDs SD7SN6S256G and SD8SN8U256G are regularly locking up
regularly under sustained moderate load with NCQ enabled. Blacklist
for now.
Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Dave Jones <davej@codemonkey.org.uk>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/ata/libata-core.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/ata/libata-core.c
+++ b/drivers/ata/libata-core.c
@@ -4483,6 +4483,10 @@ static const struct ata_blacklist_entry
/* https://bugzilla.kernel.org/show_bug.cgi?id=15573 */
{ "C300-CTFDDAC128MAG", "0001", ATA_HORKAGE_NONCQ, },
+ /* Some Sandisk SSDs lock up hard with NCQ enabled. Reported on
+ SD7SN6S256G and SD8SN8U256G */
+ { "SanDisk SD[78]SN*G", NULL, ATA_HORKAGE_NONCQ, },
+
/* devices which puke on READ_NATIVE_MAX */
{ "HDS724040KLSA80", "KFAOA20N", ATA_HORKAGE_BROKEN_HPA, },
{ "WDC WD3200JD-00KLB0", "WD-WCAMR1130137", ATA_HORKAGE_BROKEN_HPA },
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 014/496] libata: blacklist Micron 500IT SSD with MU01 firmware
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (12 preceding siblings ...)
2018-05-28 9:56 ` [PATCH 4.14 013/496] libata: Blacklist some Sandisk SSDs for NCQ Greg Kroah-Hartman
@ 2018-05-28 9:56 ` Greg Kroah-Hartman
2018-05-28 9:56 ` [PATCH 4.14 015/496] xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent Greg Kroah-Hartman
` (455 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Martin K. Petersen, Sudip Mukherjee,
Tejun Heo
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
commit 136d769e0b3475d71350aa3648a116a6ee7a8f6c upstream.
While whitelisting Micron M500DC drives, the tweaked blacklist entry
enabled queued TRIM from M500IT variants also. But these do not support
queued TRIM. And while using those SSDs with the latest kernel we have
seen errors and even the partition table getting corrupted.
Some part from the dmesg:
[ 6.727384] ata1.00: ATA-9: Micron_M500IT_MTFDDAK060MBD, MU01, max UDMA/133
[ 6.727390] ata1.00: 117231408 sectors, multi 16: LBA48 NCQ (depth 31/32), AA
[ 6.741026] ata1.00: supports DRM functions and may not be fully accessible
[ 6.759887] ata1.00: configured for UDMA/133
[ 6.762256] scsi 0:0:0:0: Direct-Access ATA Micron_M500IT_MT MU01 PQ: 0 ANSI: 5
and then for the error:
[ 120.860334] ata1.00: exception Emask 0x1 SAct 0x7ffc0007 SErr 0x0 action 0x6 frozen
[ 120.860338] ata1.00: irq_stat 0x40000008
[ 120.860342] ata1.00: failed command: SEND FPDMA QUEUED
[ 120.860351] ata1.00: cmd 64/01:00:00:00:00/00:00:00:00:00/a0 tag 0 ncq dma 512 out
res 40/00:00:00:00:00/00:00:00:00:00/00 Emask 0x5 (timeout)
[ 120.860353] ata1.00: status: { DRDY }
[ 120.860543] ata1: hard resetting link
[ 121.166128] ata1: SATA link up 3.0 Gbps (SStatus 123 SControl 300)
[ 121.166376] ata1.00: supports DRM functions and may not be fully accessible
[ 121.186238] ata1.00: supports DRM functions and may not be fully accessible
[ 121.204445] ata1.00: configured for UDMA/133
[ 121.204454] ata1.00: device reported invalid CHS sector 0
[ 121.204541] sd 0:0:0:0: [sda] tag#18 UNKNOWN(0x2003) Result: hostbyte=0x00 driverbyte=0x08
[ 121.204546] sd 0:0:0:0: [sda] tag#18 Sense Key : 0x5 [current]
[ 121.204550] sd 0:0:0:0: [sda] tag#18 ASC=0x21 ASCQ=0x4
[ 121.204555] sd 0:0:0:0: [sda] tag#18 CDB: opcode=0x93 93 08 00 00 00 00 00 04 28 80 00 00 00 30 00 00
[ 121.204559] print_req_error: I/O error, dev sda, sector 272512
After few reboots with these errors, and the SSD is corrupted.
After blacklisting it, the errors are not seen and the SSD does not get
corrupted any more.
Fixes: 243918be6393 ("libata: Do not blacklist Micron M500DC")
Cc: Martin K. Petersen <martin.petersen@oracle.com>
Cc: stable@vger.kernel.org
Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/ata/libata-core.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/ata/libata-core.c
+++ b/drivers/ata/libata-core.c
@@ -4547,6 +4547,8 @@ static const struct ata_blacklist_entry
{ "SanDisk SD7UB3Q*G1001", NULL, ATA_HORKAGE_NOLPM, },
/* devices that don't properly handle queued TRIM commands */
+ { "Micron_M500IT_*", "MU01", ATA_HORKAGE_NO_NCQ_TRIM |
+ ATA_HORKAGE_ZERO_AFTER_TRIM, },
{ "Micron_M500_*", NULL, ATA_HORKAGE_NO_NCQ_TRIM |
ATA_HORKAGE_ZERO_AFTER_TRIM, },
{ "Crucial_CT*M500*", NULL, ATA_HORKAGE_NO_NCQ_TRIM |
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 015/496] xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (13 preceding siblings ...)
2018-05-28 9:56 ` [PATCH 4.14 014/496] libata: blacklist Micron 500IT SSD with MU01 firmware Greg Kroah-Hartman
@ 2018-05-28 9:56 ` Greg Kroah-Hartman
2018-05-28 9:56 ` [PATCH 4.14 016/496] drm/vmwgfx: Fix 32-bit VMW_PORT_HB_[IN|OUT] macros Greg Kroah-Hartman
` (454 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Joe Jin, John Sobecki, Rzeszutek Wilk
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Joe Jin <joe.jin@oracle.com>
commit 4855c92dbb7b3b85c23e88ab7ca04f99b9677b41 upstream.
When run raidconfig from Dom0 we found that the Xen DMA heap is reduced,
but Dom Heap is increased by the same size. Tracing raidconfig we found
that the related ioctl() in megaraid_sas will call dma_alloc_coherent()
to apply memory. If the memory allocated by Dom0 is not in the DMA area,
it will exchange memory with Xen to meet the requiment. Later drivers
call dma_free_coherent() to free the memory, on xen_swiotlb_free_coherent()
the check condition (dev_addr + size - 1 <= dma_mask) is always false,
it prevents calling xen_destroy_contiguous_region() to return the memory
to the Xen DMA heap.
This issue introduced by commit 6810df88dcfc2 "xen-swiotlb: When doing
coherent alloc/dealloc check before swizzling the MFNs.".
Signed-off-by: Joe Jin <joe.jin@oracle.com>
Tested-by: John Sobecki <john.sobecki@oracle.com>
Reviewed-by: Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: stable@vger.kernel.org
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/xen/swiotlb-xen.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/xen/swiotlb-xen.c
+++ b/drivers/xen/swiotlb-xen.c
@@ -365,7 +365,7 @@ xen_swiotlb_free_coherent(struct device
* physical address */
phys = xen_bus_to_phys(dev_addr);
- if (((dev_addr + size - 1 > dma_mask)) ||
+ if (((dev_addr + size - 1 <= dma_mask)) ||
range_straddles_page_boundary(phys, size))
xen_destroy_contiguous_region(phys, order);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 016/496] drm/vmwgfx: Fix 32-bit VMW_PORT_HB_[IN|OUT] macros
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (14 preceding siblings ...)
2018-05-28 9:56 ` [PATCH 4.14 015/496] xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent Greg Kroah-Hartman
@ 2018-05-28 9:56 ` Greg Kroah-Hartman
2018-05-28 9:56 ` [PATCH 4.14 017/496] arm64: lse: Add early clobbers to some input/output asm operands Greg Kroah-Hartman
` (453 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thomas Hellstrom, Brian Paul, Sinclair Yeh
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Hellstrom <thellstrom@vmware.com>
commit 938ae7259c908ad031da35d551da297640bb640c upstream.
Depending on whether the kernel is compiled with frame-pointer or not,
the temporary memory location used for the bp parameter in these macros
is referenced relative to the stack pointer or the frame pointer.
Hence we can never reference that parameter when we've modified either
the stack pointer or the frame pointer, because then the compiler would
generate an incorrect stack reference.
Fix this by pushing the temporary memory parameter on a known location on
the stack before modifying the stack- and frame pointers.
Cc: <stable@vger.kernel.org>
Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
Reviewed-by: Brian Paul <brianp@vmware.com>
Reviewed-by: Sinclair Yeh <syeh@vmware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/vmwgfx/vmwgfx_msg.h | 25 +++++++++++++++++--------
1 file changed, 17 insertions(+), 8 deletions(-)
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_msg.h
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_msg.h
@@ -135,17 +135,24 @@
#else
-/* In the 32-bit version of this macro, we use "m" because there is no
- * more register left for bp
+/*
+ * In the 32-bit version of this macro, we store bp in a memory location
+ * because we've ran out of registers.
+ * Now we can't reference that memory location while we've modified
+ * %esp or %ebp, so we first push it on the stack, just before we push
+ * %ebp, and then when we need it we read it from the stack where we
+ * just pushed it.
*/
#define VMW_PORT_HB_OUT(cmd, in_ecx, in_si, in_di, \
port_num, magic, bp, \
eax, ebx, ecx, edx, si, di) \
({ \
- asm volatile ("push %%ebp;" \
- "mov %12, %%ebp;" \
+ asm volatile ("push %12;" \
+ "push %%ebp;" \
+ "mov 0x04(%%esp), %%ebp;" \
"rep outsb;" \
- "pop %%ebp;" : \
+ "pop %%ebp;" \
+ "add $0x04, %%esp;" : \
"=a"(eax), \
"=b"(ebx), \
"=c"(ecx), \
@@ -167,10 +174,12 @@
port_num, magic, bp, \
eax, ebx, ecx, edx, si, di) \
({ \
- asm volatile ("push %%ebp;" \
- "mov %12, %%ebp;" \
+ asm volatile ("push %12;" \
+ "push %%ebp;" \
+ "mov 0x04(%%esp), %%ebp;" \
"rep insb;" \
- "pop %%ebp" : \
+ "pop %%ebp;" \
+ "add $0x04, %%esp;" : \
"=a"(eax), \
"=b"(ebx), \
"=c"(ecx), \
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 017/496] arm64: lse: Add early clobbers to some input/output asm operands
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (15 preceding siblings ...)
2018-05-28 9:56 ` [PATCH 4.14 016/496] drm/vmwgfx: Fix 32-bit VMW_PORT_HB_[IN|OUT] macros Greg Kroah-Hartman
@ 2018-05-28 9:56 ` Greg Kroah-Hartman
2018-05-28 9:56 ` [PATCH 4.14 018/496] powerpc/64s: Clear PCR on boot Greg Kroah-Hartman
` (452 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dave Martin, Robin Murphy,
Mark Salter, Will Deacon
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Will Deacon <will.deacon@arm.com>
commit 32c3fa7cdf0c4a3eb8405fc3e13398de019e828b upstream.
For LSE atomics that read and write a register operand, we need to
ensure that these operands are annotated as "early clobber" if the
register is written before all of the input operands have been consumed.
Failure to do so can result in the compiler allocating the same register
to both operands, leading to splats such as:
Unable to handle kernel paging request at virtual address 11111122222221
[...]
x1 : 1111111122222222 x0 : 1111111122222221
Process swapper/0 (pid: 1, stack limit = 0x000000008209f908)
Call trace:
test_atomic64+0x1360/0x155c
where x0 has been allocated as both the value to be stored and also the
atomic_t pointer.
This patch adds the missing clobbers.
Cc: <stable@vger.kernel.org>
Cc: Dave Martin <dave.martin@arm.com>
Cc: Robin Murphy <robin.murphy@arm.com>
Reported-by: Mark Salter <msalter@redhat.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/include/asm/atomic_lse.h | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
--- a/arch/arm64/include/asm/atomic_lse.h
+++ b/arch/arm64/include/asm/atomic_lse.h
@@ -117,7 +117,7 @@ static inline void atomic_and(int i, ato
/* LSE atomics */
" mvn %w[i], %w[i]\n"
" stclr %w[i], %[v]")
- : [i] "+r" (w0), [v] "+Q" (v->counter)
+ : [i] "+&r" (w0), [v] "+Q" (v->counter)
: "r" (x1)
: __LL_SC_CLOBBERS);
}
@@ -135,7 +135,7 @@ static inline int atomic_fetch_and##name
/* LSE atomics */ \
" mvn %w[i], %w[i]\n" \
" ldclr" #mb " %w[i], %w[i], %[v]") \
- : [i] "+r" (w0), [v] "+Q" (v->counter) \
+ : [i] "+&r" (w0), [v] "+Q" (v->counter) \
: "r" (x1) \
: __LL_SC_CLOBBERS, ##cl); \
\
@@ -161,7 +161,7 @@ static inline void atomic_sub(int i, ato
/* LSE atomics */
" neg %w[i], %w[i]\n"
" stadd %w[i], %[v]")
- : [i] "+r" (w0), [v] "+Q" (v->counter)
+ : [i] "+&r" (w0), [v] "+Q" (v->counter)
: "r" (x1)
: __LL_SC_CLOBBERS);
}
@@ -180,7 +180,7 @@ static inline int atomic_sub_return##nam
" neg %w[i], %w[i]\n" \
" ldadd" #mb " %w[i], w30, %[v]\n" \
" add %w[i], %w[i], w30") \
- : [i] "+r" (w0), [v] "+Q" (v->counter) \
+ : [i] "+&r" (w0), [v] "+Q" (v->counter) \
: "r" (x1) \
: __LL_SC_CLOBBERS , ##cl); \
\
@@ -207,7 +207,7 @@ static inline int atomic_fetch_sub##name
/* LSE atomics */ \
" neg %w[i], %w[i]\n" \
" ldadd" #mb " %w[i], %w[i], %[v]") \
- : [i] "+r" (w0), [v] "+Q" (v->counter) \
+ : [i] "+&r" (w0), [v] "+Q" (v->counter) \
: "r" (x1) \
: __LL_SC_CLOBBERS, ##cl); \
\
@@ -314,7 +314,7 @@ static inline void atomic64_and(long i,
/* LSE atomics */
" mvn %[i], %[i]\n"
" stclr %[i], %[v]")
- : [i] "+r" (x0), [v] "+Q" (v->counter)
+ : [i] "+&r" (x0), [v] "+Q" (v->counter)
: "r" (x1)
: __LL_SC_CLOBBERS);
}
@@ -332,7 +332,7 @@ static inline long atomic64_fetch_and##n
/* LSE atomics */ \
" mvn %[i], %[i]\n" \
" ldclr" #mb " %[i], %[i], %[v]") \
- : [i] "+r" (x0), [v] "+Q" (v->counter) \
+ : [i] "+&r" (x0), [v] "+Q" (v->counter) \
: "r" (x1) \
: __LL_SC_CLOBBERS, ##cl); \
\
@@ -358,7 +358,7 @@ static inline void atomic64_sub(long i,
/* LSE atomics */
" neg %[i], %[i]\n"
" stadd %[i], %[v]")
- : [i] "+r" (x0), [v] "+Q" (v->counter)
+ : [i] "+&r" (x0), [v] "+Q" (v->counter)
: "r" (x1)
: __LL_SC_CLOBBERS);
}
@@ -377,7 +377,7 @@ static inline long atomic64_sub_return##
" neg %[i], %[i]\n" \
" ldadd" #mb " %[i], x30, %[v]\n" \
" add %[i], %[i], x30") \
- : [i] "+r" (x0), [v] "+Q" (v->counter) \
+ : [i] "+&r" (x0), [v] "+Q" (v->counter) \
: "r" (x1) \
: __LL_SC_CLOBBERS, ##cl); \
\
@@ -404,7 +404,7 @@ static inline long atomic64_fetch_sub##n
/* LSE atomics */ \
" neg %[i], %[i]\n" \
" ldadd" #mb " %[i], %[i], %[v]") \
- : [i] "+r" (x0), [v] "+Q" (v->counter) \
+ : [i] "+&r" (x0), [v] "+Q" (v->counter) \
: "r" (x1) \
: __LL_SC_CLOBBERS, ##cl); \
\
@@ -435,7 +435,7 @@ static inline long atomic64_dec_if_posit
" sub x30, x30, %[ret]\n"
" cbnz x30, 1b\n"
"2:")
- : [ret] "+r" (x0), [v] "+Q" (v->counter)
+ : [ret] "+&r" (x0), [v] "+Q" (v->counter)
:
: __LL_SC_CLOBBERS, "cc", "memory");
@@ -516,7 +516,7 @@ static inline long __cmpxchg_double##nam
" eor %[old1], %[old1], %[oldval1]\n" \
" eor %[old2], %[old2], %[oldval2]\n" \
" orr %[old1], %[old1], %[old2]") \
- : [old1] "+r" (x0), [old2] "+r" (x1), \
+ : [old1] "+&r" (x0), [old2] "+&r" (x1), \
[v] "+Q" (*(unsigned long *)ptr) \
: [new1] "r" (x2), [new2] "r" (x3), [ptr] "r" (x4), \
[oldval1] "r" (oldval1), [oldval2] "r" (oldval2) \
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 018/496] powerpc/64s: Clear PCR on boot
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (16 preceding siblings ...)
2018-05-28 9:56 ` [PATCH 4.14 017/496] arm64: lse: Add early clobbers to some input/output asm operands Greg Kroah-Hartman
@ 2018-05-28 9:56 ` Greg Kroah-Hartman
2018-05-28 9:56 ` [PATCH 4.14 019/496] IB/hfi1: Use after free race condition in send context error path Greg Kroah-Hartman
` (451 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michael Neuling, Michael Ellerman
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Neuling <mikey@neuling.org>
commit faf37c44a105f3608115785f17cbbf3500f8bc71 upstream.
Clear the PCR (Processor Compatibility Register) on boot to ensure we
are not running in a compatibility mode.
We've seen this cause problems when a crash (and kdump) occurs while
running compat mode guests. The kdump kernel then runs with the PCR
set and causes problems. The symptom in the kdump kernel (also seen in
petitboot after fast-reboot) is early userspace programs taking
sigills on newer instructions (seen in libc).
Signed-off-by: Michael Neuling <mikey@neuling.org>
Cc: stable@vger.kernel.org
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/kernel/cpu_setup_power.S | 6 ++++++
arch/powerpc/kernel/dt_cpu_ftrs.c | 1 +
2 files changed, 7 insertions(+)
--- a/arch/powerpc/kernel/cpu_setup_power.S
+++ b/arch/powerpc/kernel/cpu_setup_power.S
@@ -28,6 +28,7 @@ _GLOBAL(__setup_cpu_power7)
beqlr
li r0,0
mtspr SPRN_LPID,r0
+ mtspr SPRN_PCR,r0
mfspr r3,SPRN_LPCR
li r4,(LPCR_LPES1 >> LPCR_LPES_SH)
bl __init_LPCR_ISA206
@@ -42,6 +43,7 @@ _GLOBAL(__restore_cpu_power7)
beqlr
li r0,0
mtspr SPRN_LPID,r0
+ mtspr SPRN_PCR,r0
mfspr r3,SPRN_LPCR
li r4,(LPCR_LPES1 >> LPCR_LPES_SH)
bl __init_LPCR_ISA206
@@ -59,6 +61,7 @@ _GLOBAL(__setup_cpu_power8)
beqlr
li r0,0
mtspr SPRN_LPID,r0
+ mtspr SPRN_PCR,r0
mfspr r3,SPRN_LPCR
ori r3, r3, LPCR_PECEDH
li r4,0 /* LPES = 0 */
@@ -81,6 +84,7 @@ _GLOBAL(__restore_cpu_power8)
beqlr
li r0,0
mtspr SPRN_LPID,r0
+ mtspr SPRN_PCR,r0
mfspr r3,SPRN_LPCR
ori r3, r3, LPCR_PECEDH
li r4,0 /* LPES = 0 */
@@ -103,6 +107,7 @@ _GLOBAL(__setup_cpu_power9)
mtspr SPRN_PSSCR,r0
mtspr SPRN_LPID,r0
mtspr SPRN_PID,r0
+ mtspr SPRN_PCR,r0
mfspr r3,SPRN_LPCR
LOAD_REG_IMMEDIATE(r4, LPCR_PECEDH | LPCR_PECE_HVEE | LPCR_HVICE | LPCR_HEIC)
or r3, r3, r4
@@ -128,6 +133,7 @@ _GLOBAL(__restore_cpu_power9)
mtspr SPRN_PSSCR,r0
mtspr SPRN_LPID,r0
mtspr SPRN_PID,r0
+ mtspr SPRN_PCR,r0
mfspr r3,SPRN_LPCR
LOAD_REG_IMMEDIATE(r4, LPCR_PECEDH | LPCR_PECE_HVEE | LPCR_HVICE | LPCR_HEIC)
or r3, r3, r4
--- a/arch/powerpc/kernel/dt_cpu_ftrs.c
+++ b/arch/powerpc/kernel/dt_cpu_ftrs.c
@@ -137,6 +137,7 @@ static void __restore_cpu_cpufeatures(vo
if (hv_mode) {
mtspr(SPRN_LPID, 0);
mtspr(SPRN_HFSCR, system_registers.hfscr);
+ mtspr(SPRN_PCR, 0);
}
mtspr(SPRN_FSCR, system_registers.fscr);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 019/496] IB/hfi1: Use after free race condition in send context error path
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (17 preceding siblings ...)
2018-05-28 9:56 ` [PATCH 4.14 018/496] powerpc/64s: Clear PCR on boot Greg Kroah-Hartman
@ 2018-05-28 9:56 ` Greg Kroah-Hartman
2018-05-28 9:56 ` [PATCH 4.14 020/496] IB/umem: Use the correct mm during ib_umem_release Greg Kroah-Hartman
` (450 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mike Marciniszyn, Dennis Dalessandro,
Michael J. Ruhl, Doug Ledford
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael J. Ruhl <michael.j.ruhl@intel.com>
commit f9e76ca3771bf23d2142a81a88ddd8f31f5c4c03 upstream.
A pio send egress error can occur when the PSM library attempts to
to send a bad packet. That issue is still being investigated.
The pio error interrupt handler then attempts to progress the recovery
of the errored pio send context.
Code inspection reveals that the handling lacks the necessary locking
if that recovery interleaves with a PSM close of the "context" object
contains the pio send context.
The lack of the locking can cause the recovery to access the already
freed pio send context object and incorrectly deduce that the pio
send context is actually a kernel pio send context as shown by the
NULL deref stack below:
[<ffffffff8143d78c>] _dev_info+0x6c/0x90
[<ffffffffc0613230>] sc_restart+0x70/0x1f0 [hfi1]
[<ffffffff816ab124>] ? __schedule+0x424/0x9b0
[<ffffffffc06133c5>] sc_halted+0x15/0x20 [hfi1]
[<ffffffff810aa3ba>] process_one_work+0x17a/0x440
[<ffffffff810ab086>] worker_thread+0x126/0x3c0
[<ffffffff810aaf60>] ? manage_workers.isra.24+0x2a0/0x2a0
[<ffffffff810b252f>] kthread+0xcf/0xe0
[<ffffffff810b2460>] ? insert_kthread_work+0x40/0x40
[<ffffffff816b8798>] ret_from_fork+0x58/0x90
[<ffffffff810b2460>] ? insert_kthread_work+0x40/0x40
This is the best case scenario and other scenarios can corrupt the
already freed memory.
Fix by adding the necessary locking in the pio send context error
handler.
Cc: <stable@vger.kernel.org> # 4.9.x
Reviewed-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Reviewed-by: Dennis Dalessandro <dennis.dalessandro@intel.com>
Signed-off-by: Michael J. Ruhl <michael.j.ruhl@intel.com>
Signed-off-by: Dennis Dalessandro <dennis.dalessandro@intel.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/hw/hfi1/chip.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/infiniband/hw/hfi1/chip.c
+++ b/drivers/infiniband/hw/hfi1/chip.c
@@ -5945,6 +5945,7 @@ static void is_sendctxt_err_int(struct h
u64 status;
u32 sw_index;
int i = 0;
+ unsigned long irq_flags;
sw_index = dd->hw_to_sw[hw_context];
if (sw_index >= dd->num_send_contexts) {
@@ -5954,10 +5955,12 @@ static void is_sendctxt_err_int(struct h
return;
}
sci = &dd->send_contexts[sw_index];
+ spin_lock_irqsave(&dd->sc_lock, irq_flags);
sc = sci->sc;
if (!sc) {
dd_dev_err(dd, "%s: context %u(%u): no sc?\n", __func__,
sw_index, hw_context);
+ spin_unlock_irqrestore(&dd->sc_lock, irq_flags);
return;
}
@@ -5979,6 +5982,7 @@ static void is_sendctxt_err_int(struct h
*/
if (sc->type != SC_USER)
queue_work(dd->pport->hfi1_wq, &sc->halt_work);
+ spin_unlock_irqrestore(&dd->sc_lock, irq_flags);
/*
* Update the counters for the corresponding status bits.
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 020/496] IB/umem: Use the correct mm during ib_umem_release
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (18 preceding siblings ...)
2018-05-28 9:56 ` [PATCH 4.14 019/496] IB/hfi1: Use after free race condition in send context error path Greg Kroah-Hartman
@ 2018-05-28 9:56 ` Greg Kroah-Hartman
2018-05-28 9:56 ` [PATCH 4.14 021/496] sr: pass down correctly sized SCSI sense buffer Greg Kroah-Hartman
` (449 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:56 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Lidong Chen, Jason Gunthorpe
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lidong Chen <jemmy858585@gmail.com>
commit 8e907ed4882714fd13cfe670681fc6cb5284c780 upstream.
User-space may invoke ibv_reg_mr and ibv_dereg_mr in different threads.
If ibv_dereg_mr is called after the thread which invoked ibv_reg_mr has
exited, get_pid_task will return NULL and ib_umem_release will not
decrease mm->pinned_vm.
Instead of using threads to locate the mm, use the overall tgid from the
ib_ucontext struct instead. This matches the behavior of ODP and
disassociate in handling the mm of the process that called ibv_reg_mr.
Cc: <stable@vger.kernel.org>
Fixes: 87773dd56d54 ("IB: ib_umem_release() should decrement mm->pinned_vm from ib_umem_get")
Signed-off-by: Lidong Chen <lidongchen@tencent.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/core/umem.c | 7 +------
include/rdma/ib_umem.h | 1 -
2 files changed, 1 insertion(+), 7 deletions(-)
--- a/drivers/infiniband/core/umem.c
+++ b/drivers/infiniband/core/umem.c
@@ -119,7 +119,6 @@ struct ib_umem *ib_umem_get(struct ib_uc
umem->length = size;
umem->address = addr;
umem->page_shift = PAGE_SHIFT;
- umem->pid = get_task_pid(current, PIDTYPE_PID);
/*
* We ask for writable memory if any of the following
* access flags are set. "Local write" and "remote write"
@@ -132,7 +131,6 @@ struct ib_umem *ib_umem_get(struct ib_uc
IB_ACCESS_REMOTE_ATOMIC | IB_ACCESS_MW_BIND));
if (access & IB_ACCESS_ON_DEMAND) {
- put_pid(umem->pid);
ret = ib_umem_odp_get(context, umem, access);
if (ret) {
kfree(umem);
@@ -148,7 +146,6 @@ struct ib_umem *ib_umem_get(struct ib_uc
page_list = (struct page **) __get_free_page(GFP_KERNEL);
if (!page_list) {
- put_pid(umem->pid);
kfree(umem);
return ERR_PTR(-ENOMEM);
}
@@ -231,7 +228,6 @@ out:
if (ret < 0) {
if (need_release)
__ib_umem_release(context->device, umem, 0);
- put_pid(umem->pid);
kfree(umem);
} else
current->mm->pinned_vm = locked;
@@ -274,8 +270,7 @@ void ib_umem_release(struct ib_umem *ume
__ib_umem_release(umem->context->device, umem, 1);
- task = get_pid_task(umem->pid, PIDTYPE_PID);
- put_pid(umem->pid);
+ task = get_pid_task(umem->context->tgid, PIDTYPE_PID);
if (!task)
goto out;
mm = get_task_mm(task);
--- a/include/rdma/ib_umem.h
+++ b/include/rdma/ib_umem.h
@@ -48,7 +48,6 @@ struct ib_umem {
int writable;
int hugetlb;
struct work_struct work;
- struct pid *pid;
struct mm_struct *mm;
unsigned long diff;
struct ib_umem_odp *odp_data;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 021/496] sr: pass down correctly sized SCSI sense buffer
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (19 preceding siblings ...)
2018-05-28 9:56 ` [PATCH 4.14 020/496] IB/umem: Use the correct mm during ib_umem_release Greg Kroah-Hartman
@ 2018-05-28 9:56 ` Greg Kroah-Hartman
2018-05-28 9:56 ` [PATCH 4.14 022/496] idr: fix invalid ptr dereference on item delete Greg Kroah-Hartman
` (448 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Piotr Gabriel Kosinski,
Daniel Shapira, Kees Cook, Jens Axboe
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jens Axboe <axboe@kernel.dk>
commit f7068114d45ec55996b9040e98111afa56e010fe upstream.
We're casting the CDROM layer request_sense to the SCSI sense
buffer, but the former is 64 bytes and the latter is 96 bytes.
As we generally allocate these on the stack, we end up blowing
up the stack.
Fix this by wrapping the scsi_execute() call with a properly
sized sense buffer, and copying back the bits for the CDROM
layer.
Cc: stable@vger.kernel.org
Reported-by: Piotr Gabriel Kosinski <pg.kosinski@gmail.com>
Reported-by: Daniel Shapira <daniel@twistlock.com>
Tested-by: Kees Cook <keescook@chromium.org>
Fixes: 82ed4db499b8 ("block: split scsi_request out of struct request")
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/sr_ioctl.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
--- a/drivers/scsi/sr_ioctl.c
+++ b/drivers/scsi/sr_ioctl.c
@@ -188,9 +188,13 @@ int sr_do_ioctl(Scsi_CD *cd, struct pack
struct scsi_device *SDev;
struct scsi_sense_hdr sshdr;
int result, err = 0, retries = 0;
+ unsigned char sense_buffer[SCSI_SENSE_BUFFERSIZE], *senseptr = NULL;
SDev = cd->device;
+ if (cgc->sense)
+ senseptr = sense_buffer;
+
retry:
if (!scsi_block_when_processing_errors(SDev)) {
err = -ENODEV;
@@ -198,10 +202,12 @@ int sr_do_ioctl(Scsi_CD *cd, struct pack
}
result = scsi_execute(SDev, cgc->cmd, cgc->data_direction,
- cgc->buffer, cgc->buflen,
- (unsigned char *)cgc->sense, &sshdr,
+ cgc->buffer, cgc->buflen, senseptr, &sshdr,
cgc->timeout, IOCTL_RETRIES, 0, 0, NULL);
+ if (cgc->sense)
+ memcpy(cgc->sense, sense_buffer, sizeof(*cgc->sense));
+
/* Minimal error checking. Ignore cases we know about, and report the rest. */
if (driver_byte(result) != 0) {
switch (sshdr.sense_key) {
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 022/496] idr: fix invalid ptr dereference on item delete
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (20 preceding siblings ...)
2018-05-28 9:56 ` [PATCH 4.14 021/496] sr: pass down correctly sized SCSI sense buffer Greg Kroah-Hartman
@ 2018-05-28 9:56 ` Greg Kroah-Hartman
2018-05-28 9:56 ` [PATCH 4.14 023/496] Revert "ipc/shm: Fix shmat mmap nil-page protection" Greg Kroah-Hartman
` (447 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+35666cba7f0a337e2e79,
Matthew Wilcox, Andrew Morton, Linus Torvalds
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Matthew Wilcox <mawilcox@microsoft.com>
commit 7a4deea1aa8bddfed4ef1b35fc2b6732563d8ad5 upstream.
If the radix tree underlying the IDR happens to be full and we attempt
to remove an id which is larger than any id in the IDR, we will call
__radix_tree_delete() with an uninitialised 'slot' pointer, at which
point anything could happen. This was easiest to hit with a single
entry at id 0 and attempting to remove a non-0 id, but it could have
happened with 64 entries and attempting to remove an id >= 64.
Roman said:
The syzcaller test boils down to opening /dev/kvm, creating an
eventfd, and calling a couple of KVM ioctls. None of this requires
superuser. And the result is dereferencing an uninitialized pointer
which is likely a crash. The specific path caught by syzbot is via
KVM_HYPERV_EVENTD ioctl which is new in 4.17. But I guess there are
other user-triggerable paths, so cc:stable is probably justified.
Matthew added:
We have around 250 calls to idr_remove() in the kernel today. Many of
them pass an ID which is embedded in the object they're removing, so
they're safe. Picking a few likely candidates:
drivers/firewire/core-cdev.c looks unsafe; the ID comes from an ioctl.
drivers/gpu/drm/amd/amdgpu/amdgpu_ctx.c is similar
drivers/atm/nicstar.c could be taken down by a handcrafted packet
Link: http://lkml.kernel.org/r/20180518175025.GD6361@bombadil.infradead.org
Fixes: 0a835c4f090a ("Reimplement IDR and IDA using the radix tree")
Reported-by: <syzbot+35666cba7f0a337e2e79@syzkaller.appspotmail.com>
Debugged-by: Roman Kagan <rkagan@virtuozzo.com>
Signed-off-by: Matthew Wilcox <mawilcox@microsoft.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
lib/radix-tree.c | 4 +++-
tools/testing/radix-tree/idr-test.c | 7 +++++++
2 files changed, 10 insertions(+), 1 deletion(-)
--- a/lib/radix-tree.c
+++ b/lib/radix-tree.c
@@ -2037,10 +2037,12 @@ void *radix_tree_delete_item(struct radi
unsigned long index, void *item)
{
struct radix_tree_node *node = NULL;
- void __rcu **slot;
+ void __rcu **slot = NULL;
void *entry;
entry = __radix_tree_lookup(root, index, &node, &slot);
+ if (!slot)
+ return NULL;
if (!entry && (!is_idr(root) || node_tag_get(root, node, IDR_FREE,
get_slot_offset(node, slot))))
return NULL;
--- a/tools/testing/radix-tree/idr-test.c
+++ b/tools/testing/radix-tree/idr-test.c
@@ -202,6 +202,13 @@ void idr_checks(void)
idr_remove(&idr, 3);
idr_remove(&idr, 0);
+ assert(idr_alloc(&idr, DUMMY_PTR, 0, 0, GFP_KERNEL) == 0);
+ idr_remove(&idr, 1);
+ for (i = 1; i < RADIX_TREE_MAP_SIZE; i++)
+ assert(idr_alloc(&idr, DUMMY_PTR, 0, 0, GFP_KERNEL) == i);
+ idr_remove(&idr, 1 << 30);
+ idr_destroy(&idr);
+
for (i = INT_MAX - 3UL; i < INT_MAX + 1UL; i++) {
struct item *item = item_create(i, 0);
assert(idr_alloc(&idr, item, i, i + 10, GFP_KERNEL) == i);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 023/496] Revert "ipc/shm: Fix shmat mmap nil-page protection"
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (21 preceding siblings ...)
2018-05-28 9:56 ` [PATCH 4.14 022/496] idr: fix invalid ptr dereference on item delete Greg Kroah-Hartman
@ 2018-05-28 9:56 ` Greg Kroah-Hartman
2018-05-28 9:56 ` [PATCH 4.14 024/496] ipc/shm: fix shmat() nil address after round-down when remapping Greg Kroah-Hartman
` (446 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Davidlohr Bueso, Joe Lawrence,
Andrea Arcangeli, Manfred Spraul, Andrew Morton, Linus Torvalds
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Davidlohr Bueso <dave@stgolabs.net>
commit a73ab244f0dad8fffb3291b905f73e2d3eaa7c00 upstream.
Patch series "ipc/shm: shmat() fixes around nil-page".
These patches fix two issues reported[1] a while back by Joe and Andrea
around how shmat(2) behaves with nil-page.
The first reverts a commit that it was incorrectly thought that mapping
nil-page (address=0) was a no no with MAP_FIXED. This is not the case,
with the exception of SHM_REMAP; which is address in the second patch.
I chose two patches because it is easier to backport and it explicitly
reverts bogus behaviour. Both patches ought to be in -stable and ltp
testcases need updated (the added testcase around the cve can be
modified to just test for SHM_RND|SHM_REMAP).
[1] lkml.kernel.org/r/20180430172152.nfa564pvgpk3ut7p@linux-n805
This patch (of 2):
Commit 95e91b831f87 ("ipc/shm: Fix shmat mmap nil-page protection")
worked on the idea that we should not be mapping as root addr=0 and
MAP_FIXED. However, it was reported that this scenario is in fact
valid, thus making the patch both bogus and breaks userspace as well.
For example X11's libint10.so relies on shmat(1, SHM_RND) for lowmem
initialization[1].
[1] https://cgit.freedesktop.org/xorg/xserver/tree/hw/xfree86/os-support/linux/int10/linux.c#n347
Link: http://lkml.kernel.org/r/20180503203243.15045-2-dave@stgolabs.net
Fixes: 95e91b831f87 ("ipc/shm: Fix shmat mmap nil-page protection")
Signed-off-by: Davidlohr Bueso <dbueso@suse.de>
Reported-by: Joe Lawrence <joe.lawrence@redhat.com>
Reported-by: Andrea Arcangeli <aarcange@redhat.com>
Cc: Manfred Spraul <manfred@colorfullife.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
ipc/shm.c | 9 ++-------
1 file changed, 2 insertions(+), 7 deletions(-)
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -1309,13 +1309,8 @@ long do_shmat(int shmid, char __user *sh
if (addr) {
if (addr & (shmlba - 1)) {
- /*
- * Round down to the nearest multiple of shmlba.
- * For sane do_mmap_pgoff() parameters, avoid
- * round downs that trigger nil-page and MAP_FIXED.
- */
- if ((shmflg & SHM_RND) && addr >= shmlba)
- addr &= ~(shmlba - 1);
+ if (shmflg & SHM_RND)
+ addr &= ~(shmlba - 1); /* round down */
else
#ifndef __ARCH_FORCE_SHMLBA
if (addr & ~PAGE_MASK)
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 024/496] ipc/shm: fix shmat() nil address after round-down when remapping
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (22 preceding siblings ...)
2018-05-28 9:56 ` [PATCH 4.14 023/496] Revert "ipc/shm: Fix shmat mmap nil-page protection" Greg Kroah-Hartman
@ 2018-05-28 9:56 ` Greg Kroah-Hartman
2018-05-28 9:56 ` [PATCH 4.14 025/496] mm/kasan: dont vfree() nonexistent vm_area Greg Kroah-Hartman
` (445 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Davidlohr Bueso, Andrea Arcangeli,
Joe Lawrence, Manfred Spraul, Andrew Morton, Linus Torvalds
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Davidlohr Bueso <dave@stgolabs.net>
commit 8f89c007b6dec16a1793cb88de88fcc02117bbbc upstream.
shmat()'s SHM_REMAP option forbids passing a nil address for; this is in
fact the very first thing we check for. Andrea reported that for
SHM_RND|SHM_REMAP cases we can end up bypassing the initial addr check,
but we need to check again if the address was rounded down to nil. As
of this patch, such cases will return -EINVAL.
Link: http://lkml.kernel.org/r/20180503204934.kk63josdu6u53fbd@linux-n805
Signed-off-by: Davidlohr Bueso <dbueso@suse.de>
Reported-by: Andrea Arcangeli <aarcange@redhat.com>
Cc: Joe Lawrence <joe.lawrence@redhat.com>
Cc: Manfred Spraul <manfred@colorfullife.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
ipc/shm.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -1309,9 +1309,17 @@ long do_shmat(int shmid, char __user *sh
if (addr) {
if (addr & (shmlba - 1)) {
- if (shmflg & SHM_RND)
+ if (shmflg & SHM_RND) {
addr &= ~(shmlba - 1); /* round down */
- else
+
+ /*
+ * Ensure that the round-down is non-nil
+ * when remapping. This can happen for
+ * cases when addr < shmlba.
+ */
+ if (!addr && (shmflg & SHM_REMAP))
+ goto out;
+ } else
#ifndef __ARCH_FORCE_SHMLBA
if (addr & ~PAGE_MASK)
#endif
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 025/496] mm/kasan: dont vfree() nonexistent vm_area
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (23 preceding siblings ...)
2018-05-28 9:56 ` [PATCH 4.14 024/496] ipc/shm: fix shmat() nil address after round-down when remapping Greg Kroah-Hartman
@ 2018-05-28 9:56 ` Greg Kroah-Hartman
2018-05-28 9:56 ` [PATCH 4.14 026/496] kasan: free allocated shadow memory on MEM_CANCEL_ONLINE Greg Kroah-Hartman
` (444 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andrey Ryabinin, Paul Menzel,
Alexander Potapenko, Dmitry Vyukov, Matthew Wilcox,
Andrew Morton, Linus Torvalds
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andrey Ryabinin <aryabinin@virtuozzo.com>
commit 0f901dcbc31f88ae41a2aaa365f7802b5d520a28 upstream.
KASAN uses different routines to map shadow for hot added memory and
memory obtained in boot process. Attempt to offline memory onlined by
normal boot process leads to this:
Trying to vfree() nonexistent vm area (000000005d3b34b9)
WARNING: CPU: 2 PID: 13215 at mm/vmalloc.c:1525 __vunmap+0x147/0x190
Call Trace:
kasan_mem_notifier+0xad/0xb9
notifier_call_chain+0x166/0x260
__blocking_notifier_call_chain+0xdb/0x140
__offline_pages+0x96a/0xb10
memory_subsys_offline+0x76/0xc0
device_offline+0xb8/0x120
store_mem_state+0xfa/0x120
kernfs_fop_write+0x1d5/0x320
__vfs_write+0xd4/0x530
vfs_write+0x105/0x340
SyS_write+0xb0/0x140
Obviously we can't call vfree() to free memory that wasn't allocated via
vmalloc(). Use find_vm_area() to see if we can call vfree().
Unfortunately it's a bit tricky to properly unmap and free shadow
allocated during boot, so we'll have to keep it. If memory will come
online again that shadow will be reused.
Matthew asked: how can you call vfree() on something that isn't a
vmalloc address?
vfree() is able to free any address returned by
__vmalloc_node_range(). And __vmalloc_node_range() gives you any
address you ask. It doesn't have to be an address in [VMALLOC_START,
VMALLOC_END] range.
That's also how the module_alloc()/module_memfree() works on
architectures that have designated area for modules.
[aryabinin@virtuozzo.com: improve comments]
Link: http://lkml.kernel.org/r/dabee6ab-3a7a-51cd-3b86-5468718e0390@virtuozzo.com
[akpm@linux-foundation.org: fix typos, reflow comment]
Link: http://lkml.kernel.org/r/20180201163349.8700-1-aryabinin@virtuozzo.com
Fixes: fa69b5989bb0 ("mm/kasan: add support for memory hotplug")
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Reported-by: Paul Menzel <pmenzel+linux-kasan-dev@molgen.mpg.de>
Cc: Alexander Potapenko <glider@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/kasan/kasan.c | 63 +++++++++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 61 insertions(+), 2 deletions(-)
--- a/mm/kasan/kasan.c
+++ b/mm/kasan/kasan.c
@@ -737,6 +737,40 @@ void __asan_unpoison_stack_memory(const
EXPORT_SYMBOL(__asan_unpoison_stack_memory);
#ifdef CONFIG_MEMORY_HOTPLUG
+static bool shadow_mapped(unsigned long addr)
+{
+ pgd_t *pgd = pgd_offset_k(addr);
+ p4d_t *p4d;
+ pud_t *pud;
+ pmd_t *pmd;
+ pte_t *pte;
+
+ if (pgd_none(*pgd))
+ return false;
+ p4d = p4d_offset(pgd, addr);
+ if (p4d_none(*p4d))
+ return false;
+ pud = pud_offset(p4d, addr);
+ if (pud_none(*pud))
+ return false;
+
+ /*
+ * We can't use pud_large() or pud_huge(), the first one is
+ * arch-specific, the last one depends on HUGETLB_PAGE. So let's abuse
+ * pud_bad(), if pud is bad then it's bad because it's huge.
+ */
+ if (pud_bad(*pud))
+ return true;
+ pmd = pmd_offset(pud, addr);
+ if (pmd_none(*pmd))
+ return false;
+
+ if (pmd_bad(*pmd))
+ return true;
+ pte = pte_offset_kernel(pmd, addr);
+ return !pte_none(*pte);
+}
+
static int __meminit kasan_mem_notifier(struct notifier_block *nb,
unsigned long action, void *data)
{
@@ -758,6 +792,14 @@ static int __meminit kasan_mem_notifier(
case MEM_GOING_ONLINE: {
void *ret;
+ /*
+ * If shadow is mapped already than it must have been mapped
+ * during the boot. This could happen if we onlining previously
+ * offlined memory.
+ */
+ if (shadow_mapped(shadow_start))
+ return NOTIFY_OK;
+
ret = __vmalloc_node_range(shadow_size, PAGE_SIZE, shadow_start,
shadow_end, GFP_KERNEL,
PAGE_KERNEL, VM_NO_GUARD,
@@ -769,8 +811,25 @@ static int __meminit kasan_mem_notifier(
kmemleak_ignore(ret);
return NOTIFY_OK;
}
- case MEM_OFFLINE:
- vfree((void *)shadow_start);
+ case MEM_OFFLINE: {
+ struct vm_struct *vm;
+
+ /*
+ * shadow_start was either mapped during boot by kasan_init()
+ * or during memory online by __vmalloc_node_range().
+ * In the latter case we can use vfree() to free shadow.
+ * Non-NULL result of the find_vm_area() will tell us if
+ * that was the second case.
+ *
+ * Currently it's not possible to free shadow mapped
+ * during boot by kasan_init(). It's because the code
+ * to do that hasn't been written yet. So we'll just
+ * leak the memory.
+ */
+ vm = find_vm_area((void *)shadow_start);
+ if (vm)
+ vfree((void *)shadow_start);
+ }
}
return NOTIFY_OK;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 026/496] kasan: free allocated shadow memory on MEM_CANCEL_ONLINE
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (24 preceding siblings ...)
2018-05-28 9:56 ` [PATCH 4.14 025/496] mm/kasan: dont vfree() nonexistent vm_area Greg Kroah-Hartman
@ 2018-05-28 9:56 ` Greg Kroah-Hartman
2018-05-28 9:56 ` [PATCH 4.14 027/496] kasan: fix memory hotplug during boot Greg Kroah-Hartman
` (443 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David Hildenbrand, Andrey Ryabinin,
Alexander Potapenko, Dmitry Vyukov, Andrew Morton,
Linus Torvalds
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Hildenbrand <david@redhat.com>
commit ed1596f9ab958dd156a66c9ff1029d3761c1786a upstream.
We have to free memory again when we cancel onlining, otherwise a later
onlining attempt will fail.
Link: http://lkml.kernel.org/r/20180522100756.18478-2-david@redhat.com
Fixes: fa69b5989bb0 ("mm/kasan: add support for memory hotplug")
Signed-off-by: David Hildenbrand <david@redhat.com>
Acked-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/kasan/kasan.c | 1 +
1 file changed, 1 insertion(+)
--- a/mm/kasan/kasan.c
+++ b/mm/kasan/kasan.c
@@ -811,6 +811,7 @@ static int __meminit kasan_mem_notifier(
kmemleak_ignore(ret);
return NOTIFY_OK;
}
+ case MEM_CANCEL_ONLINE:
case MEM_OFFLINE: {
struct vm_struct *vm;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 027/496] kasan: fix memory hotplug during boot
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (25 preceding siblings ...)
2018-05-28 9:56 ` [PATCH 4.14 026/496] kasan: free allocated shadow memory on MEM_CANCEL_ONLINE Greg Kroah-Hartman
@ 2018-05-28 9:56 ` Greg Kroah-Hartman
2018-05-28 9:56 ` [PATCH 4.14 028/496] kernel/sys.c: fix potential Spectre v1 issue Greg Kroah-Hartman
` (442 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David Hildenbrand, Andrey Ryabinin,
Alexander Potapenko, Dmitry Vyukov, Andrew Morton,
Linus Torvalds
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Hildenbrand <david@redhat.com>
commit 3f1959721558a976aaf9c2024d5bc884e6411bf7 upstream.
Using module_init() is wrong. E.g. ACPI adds and onlines memory before
our memory notifier gets registered.
This makes sure that ACPI memory detected during boot up will not result
in a kernel crash.
Easily reproducible with QEMU, just specify a DIMM when starting up.
Link: http://lkml.kernel.org/r/20180522100756.18478-3-david@redhat.com
Fixes: 786a8959912e ("kasan: disable memory hotplug")
Signed-off-by: David Hildenbrand <david@redhat.com>
Acked-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/kasan/kasan.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/mm/kasan/kasan.c
+++ b/mm/kasan/kasan.c
@@ -843,5 +843,5 @@ static int __init kasan_memhotplug_init(
return 0;
}
-module_init(kasan_memhotplug_init);
+core_initcall(kasan_memhotplug_init);
#endif
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 028/496] kernel/sys.c: fix potential Spectre v1 issue
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (26 preceding siblings ...)
2018-05-28 9:56 ` [PATCH 4.14 027/496] kasan: fix memory hotplug during boot Greg Kroah-Hartman
@ 2018-05-28 9:56 ` Greg Kroah-Hartman
2018-05-28 9:56 ` [PATCH 4.14 030/496] KVM: s390: vsie: fix < 8k check for the itdba Greg Kroah-Hartman
` (441 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Gustavo A. R. Silva, Andrew Morton,
Alexei Starovoitov, Dan Williams, Thomas Gleixner,
Peter Zijlstra, Linus Torvalds
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gustavo A. R. Silva <gustavo@embeddedor.com>
commit 23d6aef74da86a33fa6bb75f79565e0a16ee97c2 upstream.
`resource' can be controlled by user-space, hence leading to a potential
exploitation of the Spectre variant 1 vulnerability.
This issue was detected with the help of Smatch:
kernel/sys.c:1474 __do_compat_sys_old_getrlimit() warn: potential spectre issue 'get_current()->signal->rlim' (local cap)
kernel/sys.c:1455 __do_sys_old_getrlimit() warn: potential spectre issue 'get_current()->signal->rlim' (local cap)
Fix this by sanitizing *resource* before using it to index
current->signal->rlim
Notice that given that speculation windows are large, the policy is to
kill the speculation on the first load and not worry if it can be
completed with a dependent load/store [1].
[1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2
Link: http://lkml.kernel.org/r/20180515030038.GA11822@embeddedor.com
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Alexei Starovoitov <ast@kernel.org>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/sys.c | 2 ++
1 file changed, 2 insertions(+)
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -1395,6 +1395,7 @@ SYSCALL_DEFINE2(old_getrlimit, unsigned
if (resource >= RLIM_NLIMITS)
return -EINVAL;
+ resource = array_index_nospec(resource, RLIM_NLIMITS);
task_lock(current->group_leader);
x = current->signal->rlim[resource];
task_unlock(current->group_leader);
@@ -1414,6 +1415,7 @@ COMPAT_SYSCALL_DEFINE2(old_getrlimit, un
if (resource >= RLIM_NLIMITS)
return -EINVAL;
+ resource = array_index_nospec(resource, RLIM_NLIMITS);
task_lock(current->group_leader);
r = current->signal->rlim[resource];
task_unlock(current->group_leader);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 030/496] KVM: s390: vsie: fix < 8k check for the itdba
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (27 preceding siblings ...)
2018-05-28 9:56 ` [PATCH 4.14 028/496] kernel/sys.c: fix potential Spectre v1 issue Greg Kroah-Hartman
@ 2018-05-28 9:56 ` Greg Kroah-Hartman
2018-05-28 9:56 ` [PATCH 4.14 034/496] powerpc/64s: Improve RFI L1-D cache flush fallback Greg Kroah-Hartman
` (440 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Christian Borntraeger,
Janosch Frank, Cornelia Huck, David Hildenbrand
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Hildenbrand <david@redhat.com>
commit f4a551b72358facbbe5714248dff78404272feee upstream.
By missing an "L", we might detect some addresses to be <8k,
although they are not.
e.g. for itdba = 100001fff
!(gpa & ~0x1fffU) -> 1
!(gpa & ~0x1fffUL) -> 0
So we would report a SIE validity intercept although everything is fine.
Fixes: 166ecb3 ("KVM: s390: vsie: support transactional execution")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Janosch Frank <frankja@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Cc: stable@vger.kernel.org # v4.8+
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/s390/kvm/vsie.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/s390/kvm/vsie.c
+++ b/arch/s390/kvm/vsie.c
@@ -590,7 +590,7 @@ static int pin_blocks(struct kvm_vcpu *v
gpa = READ_ONCE(scb_o->itdba) & ~0xffUL;
if (gpa && (scb_s->ecb & ECB_TE)) {
- if (!(gpa & ~0x1fffU)) {
+ if (!(gpa & ~0x1fffUL)) {
rc = set_validity_icpt(scb_s, 0x0080U);
goto unpin;
}
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 034/496] powerpc/64s: Improve RFI L1-D cache flush fallback
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (28 preceding siblings ...)
2018-05-28 9:56 ` [PATCH 4.14 030/496] KVM: s390: vsie: fix < 8k check for the itdba Greg Kroah-Hartman
@ 2018-05-28 9:56 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 035/496] powerpc/pseries: Support firmware disable of RFI flush Greg Kroah-Hartman
` (439 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:56 UTC (permalink / raw)
To: linux-kernel, greg
Cc: Greg Kroah-Hartman, stable, Nicholas Piggin, Michael Ellerman
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nicholas Piggin <npiggin@gmail.com>
commit bdcb1aefc5b3f7d0f1dc8b02673602bca2ff7a4b upstream.
The fallback RFI flush is used when firmware does not provide a way
to flush the cache. It's a "displacement flush" that evicts useful
data by displacing it with an uninteresting buffer.
The flush has to take care to work with implementation specific cache
replacment policies, so the recipe has been in flux. The initial
slow but conservative approach is to touch all lines of a congruence
class, with dependencies between each load. It has since been
determined that a linear pattern of loads without dependencies is
sufficient, and is significantly faster.
Measuring the speed of a null syscall with RFI fallback flush enabled
gives the relative improvement:
P8 - 1.83x
P9 - 1.75x
The flush also becomes simpler and more adaptable to different cache
geometries.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/include/asm/paca.h | 3 -
arch/powerpc/kernel/asm-offsets.c | 3 -
arch/powerpc/kernel/exceptions-64s.S | 76 ++++++++++++++++-------------------
arch/powerpc/kernel/setup_64.c | 13 -----
arch/powerpc/xmon/xmon.c | 2
5 files changed, 41 insertions(+), 56 deletions(-)
--- a/arch/powerpc/include/asm/paca.h
+++ b/arch/powerpc/include/asm/paca.h
@@ -238,8 +238,7 @@ struct paca_struct {
*/
u64 exrfi[EX_SIZE] __aligned(0x80);
void *rfi_flush_fallback_area;
- u64 l1d_flush_congruence;
- u64 l1d_flush_sets;
+ u64 l1d_flush_size;
#endif
};
--- a/arch/powerpc/kernel/asm-offsets.c
+++ b/arch/powerpc/kernel/asm-offsets.c
@@ -239,8 +239,7 @@ int main(void)
OFFSET(PACA_IN_NMI, paca_struct, in_nmi);
OFFSET(PACA_RFI_FLUSH_FALLBACK_AREA, paca_struct, rfi_flush_fallback_area);
OFFSET(PACA_EXRFI, paca_struct, exrfi);
- OFFSET(PACA_L1D_FLUSH_CONGRUENCE, paca_struct, l1d_flush_congruence);
- OFFSET(PACA_L1D_FLUSH_SETS, paca_struct, l1d_flush_sets);
+ OFFSET(PACA_L1D_FLUSH_SIZE, paca_struct, l1d_flush_size);
#endif
OFFSET(PACAHWCPUID, paca_struct, hw_cpu_id);
--- a/arch/powerpc/kernel/exceptions-64s.S
+++ b/arch/powerpc/kernel/exceptions-64s.S
@@ -1440,39 +1440,37 @@ TRAMP_REAL_BEGIN(rfi_flush_fallback)
std r9,PACA_EXRFI+EX_R9(r13)
std r10,PACA_EXRFI+EX_R10(r13)
std r11,PACA_EXRFI+EX_R11(r13)
- std r12,PACA_EXRFI+EX_R12(r13)
- std r8,PACA_EXRFI+EX_R13(r13)
mfctr r9
ld r10,PACA_RFI_FLUSH_FALLBACK_AREA(r13)
- ld r11,PACA_L1D_FLUSH_SETS(r13)
- ld r12,PACA_L1D_FLUSH_CONGRUENCE(r13)
- /*
- * The load adresses are at staggered offsets within cachelines,
- * which suits some pipelines better (on others it should not
- * hurt).
- */
- addi r12,r12,8
+ ld r11,PACA_L1D_FLUSH_SIZE(r13)
+ srdi r11,r11,(7 + 3) /* 128 byte lines, unrolled 8x */
mtctr r11
DCBT_STOP_ALL_STREAM_IDS(r11) /* Stop prefetch streams */
/* order ld/st prior to dcbt stop all streams with flushing */
sync
-1: li r8,0
- .rept 8 /* 8-way set associative */
- ldx r11,r10,r8
- add r8,r8,r12
- xor r11,r11,r11 // Ensure r11 is 0 even if fallback area is not
- add r8,r8,r11 // Add 0, this creates a dependency on the ldx
- .endr
- addi r10,r10,128 /* 128 byte cache line */
+
+ /*
+ * The load adresses are at staggered offsets within cachelines,
+ * which suits some pipelines better (on others it should not
+ * hurt).
+ */
+1:
+ ld r11,(0x80 + 8)*0(r10)
+ ld r11,(0x80 + 8)*1(r10)
+ ld r11,(0x80 + 8)*2(r10)
+ ld r11,(0x80 + 8)*3(r10)
+ ld r11,(0x80 + 8)*4(r10)
+ ld r11,(0x80 + 8)*5(r10)
+ ld r11,(0x80 + 8)*6(r10)
+ ld r11,(0x80 + 8)*7(r10)
+ addi r10,r10,0x80*8
bdnz 1b
mtctr r9
ld r9,PACA_EXRFI+EX_R9(r13)
ld r10,PACA_EXRFI+EX_R10(r13)
ld r11,PACA_EXRFI+EX_R11(r13)
- ld r12,PACA_EXRFI+EX_R12(r13)
- ld r8,PACA_EXRFI+EX_R13(r13)
GET_SCRATCH0(r13);
rfid
@@ -1482,39 +1480,37 @@ TRAMP_REAL_BEGIN(hrfi_flush_fallback)
std r9,PACA_EXRFI+EX_R9(r13)
std r10,PACA_EXRFI+EX_R10(r13)
std r11,PACA_EXRFI+EX_R11(r13)
- std r12,PACA_EXRFI+EX_R12(r13)
- std r8,PACA_EXRFI+EX_R13(r13)
mfctr r9
ld r10,PACA_RFI_FLUSH_FALLBACK_AREA(r13)
- ld r11,PACA_L1D_FLUSH_SETS(r13)
- ld r12,PACA_L1D_FLUSH_CONGRUENCE(r13)
- /*
- * The load adresses are at staggered offsets within cachelines,
- * which suits some pipelines better (on others it should not
- * hurt).
- */
- addi r12,r12,8
+ ld r11,PACA_L1D_FLUSH_SIZE(r13)
+ srdi r11,r11,(7 + 3) /* 128 byte lines, unrolled 8x */
mtctr r11
DCBT_STOP_ALL_STREAM_IDS(r11) /* Stop prefetch streams */
/* order ld/st prior to dcbt stop all streams with flushing */
sync
-1: li r8,0
- .rept 8 /* 8-way set associative */
- ldx r11,r10,r8
- add r8,r8,r12
- xor r11,r11,r11 // Ensure r11 is 0 even if fallback area is not
- add r8,r8,r11 // Add 0, this creates a dependency on the ldx
- .endr
- addi r10,r10,128 /* 128 byte cache line */
+
+ /*
+ * The load adresses are at staggered offsets within cachelines,
+ * which suits some pipelines better (on others it should not
+ * hurt).
+ */
+1:
+ ld r11,(0x80 + 8)*0(r10)
+ ld r11,(0x80 + 8)*1(r10)
+ ld r11,(0x80 + 8)*2(r10)
+ ld r11,(0x80 + 8)*3(r10)
+ ld r11,(0x80 + 8)*4(r10)
+ ld r11,(0x80 + 8)*5(r10)
+ ld r11,(0x80 + 8)*6(r10)
+ ld r11,(0x80 + 8)*7(r10)
+ addi r10,r10,0x80*8
bdnz 1b
mtctr r9
ld r9,PACA_EXRFI+EX_R9(r13)
ld r10,PACA_EXRFI+EX_R10(r13)
ld r11,PACA_EXRFI+EX_R11(r13)
- ld r12,PACA_EXRFI+EX_R12(r13)
- ld r8,PACA_EXRFI+EX_R13(r13)
GET_SCRATCH0(r13);
hrfid
--- a/arch/powerpc/kernel/setup_64.c
+++ b/arch/powerpc/kernel/setup_64.c
@@ -851,19 +851,8 @@ static void init_fallback_flush(void)
memset(l1d_flush_fallback_area, 0, l1d_size * 2);
for_each_possible_cpu(cpu) {
- /*
- * The fallback flush is currently coded for 8-way
- * associativity. Different associativity is possible, but it
- * will be treated as 8-way and may not evict the lines as
- * effectively.
- *
- * 128 byte lines are mandatory.
- */
- u64 c = l1d_size / 8;
-
paca[cpu].rfi_flush_fallback_area = l1d_flush_fallback_area;
- paca[cpu].l1d_flush_congruence = c;
- paca[cpu].l1d_flush_sets = c / 128;
+ paca[cpu].l1d_flush_size = l1d_size;
}
}
--- a/arch/powerpc/xmon/xmon.c
+++ b/arch/powerpc/xmon/xmon.c
@@ -2348,6 +2348,8 @@ static void dump_one_paca(int cpu)
DUMP(p, slb_cache_ptr, "x");
for (i = 0; i < SLB_CACHE_ENTRIES; i++)
printf(" slb_cache[%d]: = 0x%016lx\n", i, p->slb_cache[i]);
+
+ DUMP(p, rfi_flush_fallback_area, "px");
#endif
DUMP(p, dscr_default, "llx");
#ifdef CONFIG_PPC_BOOK3E
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 035/496] powerpc/pseries: Support firmware disable of RFI flush
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (29 preceding siblings ...)
2018-05-28 9:56 ` [PATCH 4.14 034/496] powerpc/64s: Improve RFI L1-D cache flush fallback Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 036/496] powerpc/powernv: " Greg Kroah-Hartman
` (438 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel, greg; +Cc: Greg Kroah-Hartman, stable, Michael Ellerman
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Ellerman <mpe@ellerman.id.au>
commit 582605a429e20ae68fd0b041b2e840af296edd08 upstream.
Some versions of firmware will have a setting that can be configured
to disable the RFI flush, add support for it.
Fixes: 8989d56878a7 ("powerpc/pseries: Query hypervisor for RFI flush settings")
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/platforms/pseries/setup.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/arch/powerpc/platforms/pseries/setup.c
+++ b/arch/powerpc/platforms/pseries/setup.c
@@ -482,7 +482,8 @@ static void pseries_setup_rfi_flush(void
if (types == L1D_FLUSH_NONE)
types = L1D_FLUSH_FALLBACK;
- if (!(result.behaviour & H_CPU_BEHAV_L1D_FLUSH_PR))
+ if ((!(result.behaviour & H_CPU_BEHAV_L1D_FLUSH_PR)) ||
+ (!(result.behaviour & H_CPU_BEHAV_FAVOUR_SECURITY)))
enable = false;
} else {
/* Default to fallback if case hcall is not available */
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 036/496] powerpc/powernv: Support firmware disable of RFI flush
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (30 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 035/496] powerpc/pseries: Support firmware disable of RFI flush Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 037/496] powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code Greg Kroah-Hartman
` (437 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel, greg; +Cc: Greg Kroah-Hartman, stable, Michael Ellerman
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Ellerman <mpe@ellerman.id.au>
commit eb0a2d2620ae431c543963c8c7f08f597366fc60 upstream.
Some versions of firmware will have a setting that can be configured
to disable the RFI flush, add support for it.
Fixes: 6e032b350cd1 ("powerpc/powernv: Check device-tree for RFI flush settings")
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/platforms/powernv/setup.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/arch/powerpc/platforms/powernv/setup.c
+++ b/arch/powerpc/platforms/powernv/setup.c
@@ -79,6 +79,10 @@ static void pnv_setup_rfi_flush(void)
if (np && of_property_read_bool(np, "disabled"))
enable--;
+ np = of_get_child_by_name(fw_features, "speculation-policy-favor-security");
+ if (np && of_property_read_bool(np, "disabled"))
+ enable = 0;
+
of_node_put(np);
of_node_put(fw_features);
}
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 037/496] powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (31 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 036/496] powerpc/powernv: " Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 038/496] powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again Greg Kroah-Hartman
` (436 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel, greg
Cc: Greg Kroah-Hartman, stable, Michael Ellerman, Mauricio Faria de Oliveira
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Ellerman <mpe@ellerman.id.au>
commit 1e2a9fc7496955faacbbed49461d611b704a7505 upstream.
rfi_flush_enable() includes a check to see if we're already
enabled (or disabled), and in that case does nothing.
But that means calling setup_rfi_flush() a 2nd time doesn't actually
work, which is a bit confusing.
Move that check into the debugfs code, where it really belongs.
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/kernel/setup_64.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
--- a/arch/powerpc/kernel/setup_64.c
+++ b/arch/powerpc/kernel/setup_64.c
@@ -822,9 +822,6 @@ static void do_nothing(void *unused)
void rfi_flush_enable(bool enable)
{
- if (rfi_flush == enable)
- return;
-
if (enable) {
do_rfi_flush_fixups(enabled_flush_types);
on_each_cpu(do_nothing, NULL, 1);
@@ -878,13 +875,19 @@ void __init setup_rfi_flush(enum l1d_flu
#ifdef CONFIG_DEBUG_FS
static int rfi_flush_set(void *data, u64 val)
{
+ bool enable;
+
if (val == 1)
- rfi_flush_enable(true);
+ enable = true;
else if (val == 0)
- rfi_flush_enable(false);
+ enable = false;
else
return -EINVAL;
+ /* Only do anything if we're changing state */
+ if (enable != rfi_flush)
+ rfi_flush_enable(enable);
+
return 0;
}
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 038/496] powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (32 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 037/496] powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 039/496] powerpc/rfi-flush: Always enable fallback flush on pseries Greg Kroah-Hartman
` (435 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel, greg
Cc: Greg Kroah-Hartman, stable, Michael Ellerman, Mauricio Faria de Oliveira
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Ellerman <mpe@ellerman.id.au>
commit abf110f3e1cea40f5ea15e85f5d67c39c14568a7 upstream.
For PowerVM migration we want to be able to call setup_rfi_flush()
again after we've migrated the partition.
To support that we need to check that we're not trying to allocate the
fallback flush area after memblock has gone away (i.e., boot-time only).
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/include/asm/setup.h | 2 +-
arch/powerpc/kernel/setup_64.c | 6 +++++-
2 files changed, 6 insertions(+), 2 deletions(-)
--- a/arch/powerpc/include/asm/setup.h
+++ b/arch/powerpc/include/asm/setup.h
@@ -49,7 +49,7 @@ enum l1d_flush_type {
L1D_FLUSH_MTTRIG = 0x8,
};
-void __init setup_rfi_flush(enum l1d_flush_type, bool enable);
+void setup_rfi_flush(enum l1d_flush_type, bool enable);
void do_rfi_flush_fixups(enum l1d_flush_type types);
#endif /* !__ASSEMBLY__ */
--- a/arch/powerpc/kernel/setup_64.c
+++ b/arch/powerpc/kernel/setup_64.c
@@ -836,6 +836,10 @@ static void init_fallback_flush(void)
u64 l1d_size, limit;
int cpu;
+ /* Only allocate the fallback flush area once (at boot time). */
+ if (l1d_flush_fallback_area)
+ return;
+
l1d_size = ppc64_caches.l1d.size;
limit = min(safe_stack_limit(), ppc64_rma_size);
@@ -853,7 +857,7 @@ static void init_fallback_flush(void)
}
}
-void __init setup_rfi_flush(enum l1d_flush_type types, bool enable)
+void setup_rfi_flush(enum l1d_flush_type types, bool enable)
{
if (types & L1D_FLUSH_FALLBACK) {
pr_info("rfi-flush: Using fallback displacement flush\n");
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 039/496] powerpc/rfi-flush: Always enable fallback flush on pseries
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (33 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 038/496] powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 040/496] powerpc/rfi-flush: Differentiate enabled and patched flush types Greg Kroah-Hartman
` (434 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel, greg
Cc: Greg Kroah-Hartman, stable, Michael Ellerman, Mauricio Faria de Oliveira
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Ellerman <mpe@ellerman.id.au>
commit 84749a58b6e382f109abf1e734bc4dd43c2c25bb upstream.
This ensures the fallback flush area is always allocated on pseries,
so in case a LPAR is migrated from a patched to an unpatched system,
it is possible to enable the fallback flush in the target system.
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/platforms/pseries/setup.c | 10 +---------
1 file changed, 1 insertion(+), 9 deletions(-)
--- a/arch/powerpc/platforms/pseries/setup.c
+++ b/arch/powerpc/platforms/pseries/setup.c
@@ -468,26 +468,18 @@ static void pseries_setup_rfi_flush(void
/* Enable by default */
enable = true;
+ types = L1D_FLUSH_FALLBACK;
rc = plpar_get_cpu_characteristics(&result);
if (rc == H_SUCCESS) {
- types = L1D_FLUSH_NONE;
-
if (result.character & H_CPU_CHAR_L1D_FLUSH_TRIG2)
types |= L1D_FLUSH_MTTRIG;
if (result.character & H_CPU_CHAR_L1D_FLUSH_ORI30)
types |= L1D_FLUSH_ORI;
- /* Use fallback if nothing set in hcall */
- if (types == L1D_FLUSH_NONE)
- types = L1D_FLUSH_FALLBACK;
-
if ((!(result.behaviour & H_CPU_BEHAV_L1D_FLUSH_PR)) ||
(!(result.behaviour & H_CPU_BEHAV_FAVOUR_SECURITY)))
enable = false;
- } else {
- /* Default to fallback if case hcall is not available */
- types = L1D_FLUSH_FALLBACK;
}
setup_rfi_flush(types, enable);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 040/496] powerpc/rfi-flush: Differentiate enabled and patched flush types
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (34 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 039/496] powerpc/rfi-flush: Always enable fallback flush on pseries Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 041/496] powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration Greg Kroah-Hartman
` (433 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel, greg
Cc: Greg Kroah-Hartman, stable, Michael Ellerman, Mauricio Faria de Oliveira
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>
commit 0063d61ccfc011f379a31acaeba6de7c926fed2c upstream.
Currently the rfi-flush messages print 'Using <type> flush' for all
enabled_flush_types, but that is not necessarily true -- as now the
fallback flush is always enabled on pseries, but the fixup function
overwrites its nop/branch slot with other flush types, if available.
So, replace the 'Using <type> flush' messages with '<type> flush is
available'.
Also, print the patched flush types in the fixup function, so users
can know what is (not) being used (e.g., the slower, fallback flush,
or no flush type at all if flush is disabled via the debugfs switch).
Suggested-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/kernel/setup_64.c | 6 +++---
arch/powerpc/lib/feature-fixups.c | 9 ++++++++-
2 files changed, 11 insertions(+), 4 deletions(-)
--- a/arch/powerpc/kernel/setup_64.c
+++ b/arch/powerpc/kernel/setup_64.c
@@ -860,15 +860,15 @@ static void init_fallback_flush(void)
void setup_rfi_flush(enum l1d_flush_type types, bool enable)
{
if (types & L1D_FLUSH_FALLBACK) {
- pr_info("rfi-flush: Using fallback displacement flush\n");
+ pr_info("rfi-flush: fallback displacement flush available\n");
init_fallback_flush();
}
if (types & L1D_FLUSH_ORI)
- pr_info("rfi-flush: Using ori type flush\n");
+ pr_info("rfi-flush: ori type flush available\n");
if (types & L1D_FLUSH_MTTRIG)
- pr_info("rfi-flush: Using mttrig type flush\n");
+ pr_info("rfi-flush: mttrig type flush available\n");
enabled_flush_types = types;
--- a/arch/powerpc/lib/feature-fixups.c
+++ b/arch/powerpc/lib/feature-fixups.c
@@ -153,7 +153,14 @@ void do_rfi_flush_fixups(enum l1d_flush_
patch_instruction(dest + 2, instrs[2]);
}
- printk(KERN_DEBUG "rfi-flush: patched %d locations\n", i);
+ printk(KERN_DEBUG "rfi-flush: patched %d locations (%s flush)\n", i,
+ (types == L1D_FLUSH_NONE) ? "no" :
+ (types == L1D_FLUSH_FALLBACK) ? "fallback displacement" :
+ (types & L1D_FLUSH_ORI) ? (types & L1D_FLUSH_MTTRIG)
+ ? "ori+mttrig type"
+ : "ori type" :
+ (types & L1D_FLUSH_MTTRIG) ? "mttrig type"
+ : "unknown");
}
#endif /* CONFIG_PPC_BOOK3S_64 */
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 041/496] powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (35 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 040/496] powerpc/rfi-flush: Differentiate enabled and patched flush types Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 042/496] powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags Greg Kroah-Hartman
` (432 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel, greg
Cc: Greg Kroah-Hartman, stable, Michael Ellerman, Mauricio Faria de Oliveira
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Ellerman <mpe@ellerman.id.au>
commit 921bc6cf807ceb2ab8005319cf39f33494d6b100 upstream.
We might have migrated to a machine that uses a different flush type,
or doesn't need flushing at all.
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/platforms/pseries/mobility.c | 3 +++
arch/powerpc/platforms/pseries/pseries.h | 2 ++
arch/powerpc/platforms/pseries/setup.c | 2 +-
3 files changed, 6 insertions(+), 1 deletion(-)
--- a/arch/powerpc/platforms/pseries/mobility.c
+++ b/arch/powerpc/platforms/pseries/mobility.c
@@ -348,6 +348,9 @@ void post_mobility_fixup(void)
printk(KERN_ERR "Post-mobility device tree update "
"failed: %d\n", rc);
+ /* Possibly switch to a new RFI flush type */
+ pseries_setup_rfi_flush();
+
return;
}
--- a/arch/powerpc/platforms/pseries/pseries.h
+++ b/arch/powerpc/platforms/pseries/pseries.h
@@ -100,4 +100,6 @@ static inline unsigned long cmo_get_page
int dlpar_workqueue_init(void);
+void pseries_setup_rfi_flush(void);
+
#endif /* _PSERIES_PSERIES_H */
--- a/arch/powerpc/platforms/pseries/setup.c
+++ b/arch/powerpc/platforms/pseries/setup.c
@@ -459,7 +459,7 @@ static void __init find_and_init_phbs(vo
of_pci_check_probe_only();
}
-static void pseries_setup_rfi_flush(void)
+void pseries_setup_rfi_flush(void)
{
struct h_cpu_char_result result;
enum l1d_flush_type types;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 042/496] powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (36 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 041/496] powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 043/496] powerpc: Add security feature flags for Spectre/Meltdown Greg Kroah-Hartman
` (431 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel, greg; +Cc: Greg Kroah-Hartman, stable, Michael Ellerman
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Ellerman <mpe@ellerman.id.au>
commit c4bc36628d7f8b664657d8bd6ad1c44c177880b7 upstream.
Add some additional values which have been defined for the
H_GET_CPU_CHARACTERISTICS hypercall.
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/include/asm/hvcall.h | 3 +++
1 file changed, 3 insertions(+)
--- a/arch/powerpc/include/asm/hvcall.h
+++ b/arch/powerpc/include/asm/hvcall.h
@@ -337,6 +337,9 @@
#define H_CPU_CHAR_L1D_FLUSH_ORI30 (1ull << 61) // IBM bit 2
#define H_CPU_CHAR_L1D_FLUSH_TRIG2 (1ull << 60) // IBM bit 3
#define H_CPU_CHAR_L1D_THREAD_PRIV (1ull << 59) // IBM bit 4
+#define H_CPU_CHAR_BRANCH_HINTS_HONORED (1ull << 58) // IBM bit 5
+#define H_CPU_CHAR_THREAD_RECONFIG_CTRL (1ull << 57) // IBM bit 6
+#define H_CPU_CHAR_COUNT_CACHE_DISABLED (1ull << 56) // IBM bit 7
#define H_CPU_BEHAV_FAVOUR_SECURITY (1ull << 63) // IBM bit 0
#define H_CPU_BEHAV_L1D_FLUSH_PR (1ull << 62) // IBM bit 1
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 043/496] powerpc: Add security feature flags for Spectre/Meltdown
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (37 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 042/496] powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 044/496] powerpc/pseries: Set or clear security feature flags Greg Kroah-Hartman
` (430 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel, greg; +Cc: Greg Kroah-Hartman, stable, Michael Ellerman
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Ellerman <mpe@ellerman.id.au>
commit 9a868f634349e62922c226834aa23e3d1329ae7f upstream.
This commit adds security feature flags to reflect the settings we
receive from firmware regarding Spectre/Meltdown mitigations.
The feature names reflect the names we are given by firmware on bare
metal machines. See the hostboot source for details.
Arguably these could be firmware features, but that then requires them
to be read early in boot so they're available prior to asm feature
patching, but we don't actually want to use them for patching. We may
also want to dynamically update them in future, which would be
incompatible with the way firmware features work (at the moment at
least). So for now just make them separate flags.
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/include/asm/security_features.h | 65 +++++++++++++++++++++++++++
arch/powerpc/kernel/Makefile | 2
arch/powerpc/kernel/security.c | 15 ++++++
3 files changed, 81 insertions(+), 1 deletion(-)
create mode 100644 arch/powerpc/include/asm/security_features.h
create mode 100644 arch/powerpc/kernel/security.c
--- /dev/null
+++ b/arch/powerpc/include/asm/security_features.h
@@ -0,0 +1,65 @@
+/* SPDX-License-Identifier: GPL-2.0+ */
+/*
+ * Security related feature bit definitions.
+ *
+ * Copyright 2018, Michael Ellerman, IBM Corporation.
+ */
+
+#ifndef _ASM_POWERPC_SECURITY_FEATURES_H
+#define _ASM_POWERPC_SECURITY_FEATURES_H
+
+
+extern unsigned long powerpc_security_features;
+
+static inline void security_ftr_set(unsigned long feature)
+{
+ powerpc_security_features |= feature;
+}
+
+static inline void security_ftr_clear(unsigned long feature)
+{
+ powerpc_security_features &= ~feature;
+}
+
+static inline bool security_ftr_enabled(unsigned long feature)
+{
+ return !!(powerpc_security_features & feature);
+}
+
+
+// Features indicating support for Spectre/Meltdown mitigations
+
+// The L1-D cache can be flushed with ori r30,r30,0
+#define SEC_FTR_L1D_FLUSH_ORI30 0x0000000000000001ull
+
+// The L1-D cache can be flushed with mtspr 882,r0 (aka SPRN_TRIG2)
+#define SEC_FTR_L1D_FLUSH_TRIG2 0x0000000000000002ull
+
+// ori r31,r31,0 acts as a speculation barrier
+#define SEC_FTR_SPEC_BAR_ORI31 0x0000000000000004ull
+
+// Speculation past bctr is disabled
+#define SEC_FTR_BCCTRL_SERIALISED 0x0000000000000008ull
+
+// Entries in L1-D are private to a SMT thread
+#define SEC_FTR_L1D_THREAD_PRIV 0x0000000000000010ull
+
+// Indirect branch prediction cache disabled
+#define SEC_FTR_COUNT_CACHE_DISABLED 0x0000000000000020ull
+
+
+// Features indicating need for Spectre/Meltdown mitigations
+
+// The L1-D cache should be flushed on MSR[HV] 1->0 transition (hypervisor to guest)
+#define SEC_FTR_L1D_FLUSH_HV 0x0000000000000040ull
+
+// The L1-D cache should be flushed on MSR[PR] 0->1 transition (kernel to userspace)
+#define SEC_FTR_L1D_FLUSH_PR 0x0000000000000080ull
+
+// A speculation barrier should be used for bounds checks (Spectre variant 1)
+#define SEC_FTR_BNDS_CHK_SPEC_BAR 0x0000000000000100ull
+
+// Firmware configuration indicates user favours security over performance
+#define SEC_FTR_FAVOUR_SECURITY 0x0000000000000200ull
+
+#endif /* _ASM_POWERPC_SECURITY_FEATURES_H */
--- a/arch/powerpc/kernel/Makefile
+++ b/arch/powerpc/kernel/Makefile
@@ -42,7 +42,7 @@ obj-$(CONFIG_VDSO32) += vdso32/
obj-$(CONFIG_PPC_WATCHDOG) += watchdog.o
obj-$(CONFIG_HAVE_HW_BREAKPOINT) += hw_breakpoint.o
obj-$(CONFIG_PPC_BOOK3S_64) += cpu_setup_ppc970.o cpu_setup_pa6t.o
-obj-$(CONFIG_PPC_BOOK3S_64) += cpu_setup_power.o
+obj-$(CONFIG_PPC_BOOK3S_64) += cpu_setup_power.o security.o
obj-$(CONFIG_PPC_BOOK3S_64) += mce.o mce_power.o
obj-$(CONFIG_PPC_BOOK3E_64) += exceptions-64e.o idle_book3e.o
obj-$(CONFIG_PPC64) += vdso64/
--- /dev/null
+++ b/arch/powerpc/kernel/security.c
@@ -0,0 +1,15 @@
+// SPDX-License-Identifier: GPL-2.0+
+//
+// Security related flags and so on.
+//
+// Copyright 2018, Michael Ellerman, IBM Corporation.
+
+#include <linux/kernel.h>
+#include <asm/security_features.h>
+
+
+unsigned long powerpc_security_features __read_mostly = \
+ SEC_FTR_L1D_FLUSH_HV | \
+ SEC_FTR_L1D_FLUSH_PR | \
+ SEC_FTR_BNDS_CHK_SPEC_BAR | \
+ SEC_FTR_FAVOUR_SECURITY;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 044/496] powerpc/pseries: Set or clear security feature flags
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (38 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 043/496] powerpc: Add security feature flags for Spectre/Meltdown Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 045/496] powerpc/powernv: " Greg Kroah-Hartman
` (429 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel, greg; +Cc: Greg Kroah-Hartman, stable, Michael Ellerman
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Ellerman <mpe@ellerman.id.au>
commit f636c14790ead6cc22cf62279b1f8d7e11a67116 upstream.
Now that we have feature flags for security related things, set or
clear them based on what we receive from the hypercall.
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/platforms/pseries/setup.c | 43 +++++++++++++++++++++++++++++++++
1 file changed, 43 insertions(+)
--- a/arch/powerpc/platforms/pseries/setup.c
+++ b/arch/powerpc/platforms/pseries/setup.c
@@ -68,6 +68,7 @@
#include <asm/plpar_wrappers.h>
#include <asm/kexec.h>
#include <asm/isa-bridge.h>
+#include <asm/security_features.h>
#include "pseries.h"
@@ -459,6 +460,40 @@ static void __init find_and_init_phbs(vo
of_pci_check_probe_only();
}
+static void init_cpu_char_feature_flags(struct h_cpu_char_result *result)
+{
+ if (result->character & H_CPU_CHAR_SPEC_BAR_ORI31)
+ security_ftr_set(SEC_FTR_SPEC_BAR_ORI31);
+
+ if (result->character & H_CPU_CHAR_BCCTRL_SERIALISED)
+ security_ftr_set(SEC_FTR_BCCTRL_SERIALISED);
+
+ if (result->character & H_CPU_CHAR_L1D_FLUSH_ORI30)
+ security_ftr_set(SEC_FTR_L1D_FLUSH_ORI30);
+
+ if (result->character & H_CPU_CHAR_L1D_FLUSH_TRIG2)
+ security_ftr_set(SEC_FTR_L1D_FLUSH_TRIG2);
+
+ if (result->character & H_CPU_CHAR_L1D_THREAD_PRIV)
+ security_ftr_set(SEC_FTR_L1D_THREAD_PRIV);
+
+ if (result->character & H_CPU_CHAR_COUNT_CACHE_DISABLED)
+ security_ftr_set(SEC_FTR_COUNT_CACHE_DISABLED);
+
+ /*
+ * The features below are enabled by default, so we instead look to see
+ * if firmware has *disabled* them, and clear them if so.
+ */
+ if (!(result->character & H_CPU_BEHAV_FAVOUR_SECURITY))
+ security_ftr_clear(SEC_FTR_FAVOUR_SECURITY);
+
+ if (!(result->character & H_CPU_BEHAV_L1D_FLUSH_PR))
+ security_ftr_clear(SEC_FTR_L1D_FLUSH_PR);
+
+ if (!(result->character & H_CPU_BEHAV_BNDS_CHK_SPEC_BAR))
+ security_ftr_clear(SEC_FTR_BNDS_CHK_SPEC_BAR);
+}
+
void pseries_setup_rfi_flush(void)
{
struct h_cpu_char_result result;
@@ -472,6 +507,8 @@ void pseries_setup_rfi_flush(void)
rc = plpar_get_cpu_characteristics(&result);
if (rc == H_SUCCESS) {
+ init_cpu_char_feature_flags(&result);
+
if (result.character & H_CPU_CHAR_L1D_FLUSH_TRIG2)
types |= L1D_FLUSH_MTTRIG;
if (result.character & H_CPU_CHAR_L1D_FLUSH_ORI30)
@@ -482,6 +519,12 @@ void pseries_setup_rfi_flush(void)
enable = false;
}
+ /*
+ * We're the guest so this doesn't apply to us, clear it to simplify
+ * handling of it elsewhere.
+ */
+ security_ftr_clear(SEC_FTR_L1D_FLUSH_HV);
+
setup_rfi_flush(types, enable);
}
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 045/496] powerpc/powernv: Set or clear security feature flags
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (39 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 044/496] powerpc/pseries: Set or clear security feature flags Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 046/496] powerpc/64s: Move cpu_show_meltdown() Greg Kroah-Hartman
` (428 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel, greg; +Cc: Greg Kroah-Hartman, stable, Michael Ellerman
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Ellerman <mpe@ellerman.id.au>
commit 77addf6e95c8689e478d607176b399a6242a777e upstream.
Now that we have feature flags for security related things, set or
clear them based on what we see in the device tree provided by
firmware.
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/platforms/powernv/setup.c | 56 +++++++++++++++++++++++++++++++++
1 file changed, 56 insertions(+)
--- a/arch/powerpc/platforms/powernv/setup.c
+++ b/arch/powerpc/platforms/powernv/setup.c
@@ -37,9 +37,63 @@
#include <asm/kexec.h>
#include <asm/smp.h>
#include <asm/setup.h>
+#include <asm/security_features.h>
#include "powernv.h"
+
+static bool fw_feature_is(const char *state, const char *name,
+ struct device_node *fw_features)
+{
+ struct device_node *np;
+ bool rc = false;
+
+ np = of_get_child_by_name(fw_features, name);
+ if (np) {
+ rc = of_property_read_bool(np, state);
+ of_node_put(np);
+ }
+
+ return rc;
+}
+
+static void init_fw_feat_flags(struct device_node *np)
+{
+ if (fw_feature_is("enabled", "inst-spec-barrier-ori31,31,0", np))
+ security_ftr_set(SEC_FTR_SPEC_BAR_ORI31);
+
+ if (fw_feature_is("enabled", "fw-bcctrl-serialized", np))
+ security_ftr_set(SEC_FTR_BCCTRL_SERIALISED);
+
+ if (fw_feature_is("enabled", "inst-spec-barrier-ori31,31,0", np))
+ security_ftr_set(SEC_FTR_L1D_FLUSH_ORI30);
+
+ if (fw_feature_is("enabled", "inst-l1d-flush-trig2", np))
+ security_ftr_set(SEC_FTR_L1D_FLUSH_TRIG2);
+
+ if (fw_feature_is("enabled", "fw-l1d-thread-split", np))
+ security_ftr_set(SEC_FTR_L1D_THREAD_PRIV);
+
+ if (fw_feature_is("enabled", "fw-count-cache-disabled", np))
+ security_ftr_set(SEC_FTR_COUNT_CACHE_DISABLED);
+
+ /*
+ * The features below are enabled by default, so we instead look to see
+ * if firmware has *disabled* them, and clear them if so.
+ */
+ if (fw_feature_is("disabled", "speculation-policy-favor-security", np))
+ security_ftr_clear(SEC_FTR_FAVOUR_SECURITY);
+
+ if (fw_feature_is("disabled", "needs-l1d-flush-msr-pr-0-to-1", np))
+ security_ftr_clear(SEC_FTR_L1D_FLUSH_PR);
+
+ if (fw_feature_is("disabled", "needs-l1d-flush-msr-hv-1-to-0", np))
+ security_ftr_clear(SEC_FTR_L1D_FLUSH_HV);
+
+ if (fw_feature_is("disabled", "needs-spec-barrier-for-bound-checks", np))
+ security_ftr_clear(SEC_FTR_BNDS_CHK_SPEC_BAR);
+}
+
static void pnv_setup_rfi_flush(void)
{
struct device_node *np, *fw_features;
@@ -55,6 +109,8 @@ static void pnv_setup_rfi_flush(void)
of_node_put(np);
if (fw_features) {
+ init_fw_feat_flags(fw_features);
+
np = of_get_child_by_name(fw_features, "inst-l1d-flush-trig2");
if (np && of_property_read_bool(np, "enabled"))
type = L1D_FLUSH_MTTRIG;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 046/496] powerpc/64s: Move cpu_show_meltdown()
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (40 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 045/496] powerpc/powernv: " Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 047/496] powerpc/64s: Enhance the information in cpu_show_meltdown() Greg Kroah-Hartman
` (427 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel, greg; +Cc: Greg Kroah-Hartman, stable, Michael Ellerman
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Ellerman <mpe@ellerman.id.au>
commit 8ad33041563a10b34988800c682ada14b2612533 upstream.
This landed in setup_64.c for no good reason other than we had nowhere
else to put it. Now that we have a security-related file, that is a
better place for it so move it.
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/kernel/security.c | 11 +++++++++++
arch/powerpc/kernel/setup_64.c | 8 --------
2 files changed, 11 insertions(+), 8 deletions(-)
--- a/arch/powerpc/kernel/security.c
+++ b/arch/powerpc/kernel/security.c
@@ -5,6 +5,8 @@
// Copyright 2018, Michael Ellerman, IBM Corporation.
#include <linux/kernel.h>
+#include <linux/device.h>
+
#include <asm/security_features.h>
@@ -13,3 +15,12 @@ unsigned long powerpc_security_features
SEC_FTR_L1D_FLUSH_PR | \
SEC_FTR_BNDS_CHK_SPEC_BAR | \
SEC_FTR_FAVOUR_SECURITY;
+
+
+ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, char *buf)
+{
+ if (rfi_flush)
+ return sprintf(buf, "Mitigation: RFI Flush\n");
+
+ return sprintf(buf, "Vulnerable\n");
+}
--- a/arch/powerpc/kernel/setup_64.c
+++ b/arch/powerpc/kernel/setup_64.c
@@ -910,12 +910,4 @@ static __init int rfi_flush_debugfs_init
}
device_initcall(rfi_flush_debugfs_init);
#endif
-
-ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, char *buf)
-{
- if (rfi_flush)
- return sprintf(buf, "Mitigation: RFI Flush\n");
-
- return sprintf(buf, "Vulnerable\n");
-}
#endif /* CONFIG_PPC_BOOK3S_64 */
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 047/496] powerpc/64s: Enhance the information in cpu_show_meltdown()
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (41 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 046/496] powerpc/64s: Move cpu_show_meltdown() Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 048/496] powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() Greg Kroah-Hartman
` (426 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel, greg; +Cc: Greg Kroah-Hartman, stable, Michael Ellerman
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Ellerman <mpe@ellerman.id.au>
commit ff348355e9c72493947be337bb4fae4fc1a41eba upstream.
Now that we have the security feature flags we can make the
information displayed in the "meltdown" file more informative.
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/include/asm/security_features.h | 1
arch/powerpc/kernel/security.c | 30 +++++++++++++++++++++++++--
2 files changed, 29 insertions(+), 2 deletions(-)
--- a/arch/powerpc/include/asm/security_features.h
+++ b/arch/powerpc/include/asm/security_features.h
@@ -10,6 +10,7 @@
extern unsigned long powerpc_security_features;
+extern bool rfi_flush;
static inline void security_ftr_set(unsigned long feature)
{
--- a/arch/powerpc/kernel/security.c
+++ b/arch/powerpc/kernel/security.c
@@ -6,6 +6,7 @@
#include <linux/kernel.h>
#include <linux/device.h>
+#include <linux/seq_buf.h>
#include <asm/security_features.h>
@@ -19,8 +20,33 @@ unsigned long powerpc_security_features
ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, char *buf)
{
- if (rfi_flush)
- return sprintf(buf, "Mitigation: RFI Flush\n");
+ bool thread_priv;
+
+ thread_priv = security_ftr_enabled(SEC_FTR_L1D_THREAD_PRIV);
+
+ if (rfi_flush || thread_priv) {
+ struct seq_buf s;
+ seq_buf_init(&s, buf, PAGE_SIZE - 1);
+
+ seq_buf_printf(&s, "Mitigation: ");
+
+ if (rfi_flush)
+ seq_buf_printf(&s, "RFI Flush");
+
+ if (rfi_flush && thread_priv)
+ seq_buf_printf(&s, ", ");
+
+ if (thread_priv)
+ seq_buf_printf(&s, "L1D private per thread");
+
+ seq_buf_printf(&s, "\n");
+
+ return s.len;
+ }
+
+ if (!security_ftr_enabled(SEC_FTR_L1D_FLUSH_HV) &&
+ !security_ftr_enabled(SEC_FTR_L1D_FLUSH_PR))
+ return sprintf(buf, "Not affected\n");
return sprintf(buf, "Vulnerable\n");
}
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 048/496] powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (42 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 047/496] powerpc/64s: Enhance the information in cpu_show_meltdown() Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 049/496] powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() Greg Kroah-Hartman
` (425 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel, greg; +Cc: Greg Kroah-Hartman, stable, Michael Ellerman
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Ellerman <mpe@ellerman.id.au>
commit 37c0bdd00d3ae83369ab60a6712c28e11e6458d5 upstream.
Now that we have the security flags we can significantly simplify the
code in pnv_setup_rfi_flush(), because we can use the flags instead of
checking device tree properties and because the security flags have
pessimistic defaults.
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/platforms/powernv/setup.c | 41 ++++++++-------------------------
1 file changed, 10 insertions(+), 31 deletions(-)
--- a/arch/powerpc/platforms/powernv/setup.c
+++ b/arch/powerpc/platforms/powernv/setup.c
@@ -65,7 +65,7 @@ static void init_fw_feat_flags(struct de
if (fw_feature_is("enabled", "fw-bcctrl-serialized", np))
security_ftr_set(SEC_FTR_BCCTRL_SERIALISED);
- if (fw_feature_is("enabled", "inst-spec-barrier-ori31,31,0", np))
+ if (fw_feature_is("enabled", "inst-l1d-flush-ori30,30,0", np))
security_ftr_set(SEC_FTR_L1D_FLUSH_ORI30);
if (fw_feature_is("enabled", "inst-l1d-flush-trig2", np))
@@ -98,11 +98,10 @@ static void pnv_setup_rfi_flush(void)
{
struct device_node *np, *fw_features;
enum l1d_flush_type type;
- int enable;
+ bool enable;
/* Default to fallback in case fw-features are not available */
type = L1D_FLUSH_FALLBACK;
- enable = 1;
np = of_find_node_by_name(NULL, "ibm,opal");
fw_features = of_get_child_by_name(np, "fw-features");
@@ -110,40 +109,20 @@ static void pnv_setup_rfi_flush(void)
if (fw_features) {
init_fw_feat_flags(fw_features);
+ of_node_put(fw_features);
- np = of_get_child_by_name(fw_features, "inst-l1d-flush-trig2");
- if (np && of_property_read_bool(np, "enabled"))
+ if (security_ftr_enabled(SEC_FTR_L1D_FLUSH_TRIG2))
type = L1D_FLUSH_MTTRIG;
- of_node_put(np);
-
- np = of_get_child_by_name(fw_features, "inst-l1d-flush-ori30,30,0");
- if (np && of_property_read_bool(np, "enabled"))
+ if (security_ftr_enabled(SEC_FTR_L1D_FLUSH_ORI30))
type = L1D_FLUSH_ORI;
-
- of_node_put(np);
-
- /* Enable unless firmware says NOT to */
- enable = 2;
- np = of_get_child_by_name(fw_features, "needs-l1d-flush-msr-hv-1-to-0");
- if (np && of_property_read_bool(np, "disabled"))
- enable--;
-
- of_node_put(np);
-
- np = of_get_child_by_name(fw_features, "needs-l1d-flush-msr-pr-0-to-1");
- if (np && of_property_read_bool(np, "disabled"))
- enable--;
-
- np = of_get_child_by_name(fw_features, "speculation-policy-favor-security");
- if (np && of_property_read_bool(np, "disabled"))
- enable = 0;
-
- of_node_put(np);
- of_node_put(fw_features);
}
- setup_rfi_flush(type, enable > 0);
+ enable = security_ftr_enabled(SEC_FTR_FAVOUR_SECURITY) && \
+ (security_ftr_enabled(SEC_FTR_L1D_FLUSH_PR) || \
+ security_ftr_enabled(SEC_FTR_L1D_FLUSH_HV));
+
+ setup_rfi_flush(type, enable);
}
static void __init pnv_setup_arch(void)
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 049/496] powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (43 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 048/496] powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 050/496] powerpc/64s: Wire up cpu_show_spectre_v1() Greg Kroah-Hartman
` (424 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel, greg; +Cc: Greg Kroah-Hartman, stable, Michael Ellerman
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Ellerman <mpe@ellerman.id.au>
commit 2e4a16161fcd324b1f9bf6cb6856529f7eaf0689 upstream.
Now that we have the security flags we can simplify the code in
pseries_setup_rfi_flush() because the security flags have pessimistic
defaults.
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/platforms/pseries/setup.c | 27 ++++++++++++---------------
1 file changed, 12 insertions(+), 15 deletions(-)
--- a/arch/powerpc/platforms/pseries/setup.c
+++ b/arch/powerpc/platforms/pseries/setup.c
@@ -501,30 +501,27 @@ void pseries_setup_rfi_flush(void)
bool enable;
long rc;
- /* Enable by default */
- enable = true;
- types = L1D_FLUSH_FALLBACK;
-
rc = plpar_get_cpu_characteristics(&result);
- if (rc == H_SUCCESS) {
+ if (rc == H_SUCCESS)
init_cpu_char_feature_flags(&result);
- if (result.character & H_CPU_CHAR_L1D_FLUSH_TRIG2)
- types |= L1D_FLUSH_MTTRIG;
- if (result.character & H_CPU_CHAR_L1D_FLUSH_ORI30)
- types |= L1D_FLUSH_ORI;
-
- if ((!(result.behaviour & H_CPU_BEHAV_L1D_FLUSH_PR)) ||
- (!(result.behaviour & H_CPU_BEHAV_FAVOUR_SECURITY)))
- enable = false;
- }
-
/*
* We're the guest so this doesn't apply to us, clear it to simplify
* handling of it elsewhere.
*/
security_ftr_clear(SEC_FTR_L1D_FLUSH_HV);
+ types = L1D_FLUSH_FALLBACK;
+
+ if (security_ftr_enabled(SEC_FTR_L1D_FLUSH_TRIG2))
+ types |= L1D_FLUSH_MTTRIG;
+
+ if (security_ftr_enabled(SEC_FTR_L1D_FLUSH_ORI30))
+ types |= L1D_FLUSH_ORI;
+
+ enable = security_ftr_enabled(SEC_FTR_FAVOUR_SECURITY) && \
+ security_ftr_enabled(SEC_FTR_L1D_FLUSH_PR);
+
setup_rfi_flush(types, enable);
}
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 050/496] powerpc/64s: Wire up cpu_show_spectre_v1()
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (44 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 049/496] powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 051/496] powerpc/64s: Wire up cpu_show_spectre_v2() Greg Kroah-Hartman
` (423 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel, greg; +Cc: Greg Kroah-Hartman, stable, Michael Ellerman
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Ellerman <mpe@ellerman.id.au>
commit 56986016cb8cd9050e601831fe89f332b4e3c46e upstream.
Add a definition for cpu_show_spectre_v1() to override the generic
version. Currently this just prints "Not affected" or "Vulnerable"
based on the firmware flag.
Although the kernel does have array_index_nospec() in a few places, we
haven't yet audited all the powerpc code to see where it's necessary,
so for now we don't list that as a mitigation.
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/kernel/security.c | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/arch/powerpc/kernel/security.c
+++ b/arch/powerpc/kernel/security.c
@@ -50,3 +50,11 @@ ssize_t cpu_show_meltdown(struct device
return sprintf(buf, "Vulnerable\n");
}
+
+ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, char *buf)
+{
+ if (!security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR))
+ return sprintf(buf, "Not affected\n");
+
+ return sprintf(buf, "Vulnerable\n");
+}
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 051/496] powerpc/64s: Wire up cpu_show_spectre_v2()
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (45 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 050/496] powerpc/64s: Wire up cpu_show_spectre_v1() Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 052/496] powerpc/pseries: Fix clearing of security feature flags Greg Kroah-Hartman
` (422 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel, greg; +Cc: Greg Kroah-Hartman, stable, Michael Ellerman
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Ellerman <mpe@ellerman.id.au>
commit d6fbe1c55c55c6937cbea3531af7da84ab7473c3 upstream.
Add a definition for cpu_show_spectre_v2() to override the generic
version. This has several permuations, though in practice some may not
occur we cater for any combination.
The most verbose is:
Mitigation: Indirect branch serialisation (kernel only), Indirect
branch cache disabled, ori31 speculation barrier enabled
We don't treat the ori31 speculation barrier as a mitigation on its
own, because it has to be *used* by code in order to be a mitigation
and we don't know if userspace is doing that. So if that's all we see
we say:
Vulnerable, ori31 speculation barrier enabled
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/kernel/security.c | 33 +++++++++++++++++++++++++++++++++
1 file changed, 33 insertions(+)
--- a/arch/powerpc/kernel/security.c
+++ b/arch/powerpc/kernel/security.c
@@ -58,3 +58,36 @@ ssize_t cpu_show_spectre_v1(struct devic
return sprintf(buf, "Vulnerable\n");
}
+
+ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, char *buf)
+{
+ bool bcs, ccd, ori;
+ struct seq_buf s;
+
+ seq_buf_init(&s, buf, PAGE_SIZE - 1);
+
+ bcs = security_ftr_enabled(SEC_FTR_BCCTRL_SERIALISED);
+ ccd = security_ftr_enabled(SEC_FTR_COUNT_CACHE_DISABLED);
+ ori = security_ftr_enabled(SEC_FTR_SPEC_BAR_ORI31);
+
+ if (bcs || ccd) {
+ seq_buf_printf(&s, "Mitigation: ");
+
+ if (bcs)
+ seq_buf_printf(&s, "Indirect branch serialisation (kernel only)");
+
+ if (bcs && ccd)
+ seq_buf_printf(&s, ", ");
+
+ if (ccd)
+ seq_buf_printf(&s, "Indirect branch cache disabled");
+ } else
+ seq_buf_printf(&s, "Vulnerable");
+
+ if (ori)
+ seq_buf_printf(&s, ", ori31 speculation barrier enabled");
+
+ seq_buf_printf(&s, "\n");
+
+ return s.len;
+}
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 052/496] powerpc/pseries: Fix clearing of security feature flags
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (46 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 051/496] powerpc/64s: Wire up cpu_show_spectre_v2() Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 053/496] powerpc: Move default " Greg Kroah-Hartman
` (421 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel, greg
Cc: Greg Kroah-Hartman, stable, Mauricio Faria de Oliveira, Michael Ellerman
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>
commit 0f9bdfe3c77091e8704d2e510eb7c2c2c6cde524 upstream.
The H_CPU_BEHAV_* flags should be checked for in the 'behaviour' field
of 'struct h_cpu_char_result' -- 'character' is for H_CPU_CHAR_*
flags.
Found by playing around with QEMU's implementation of the hypercall:
H_CPU_CHAR=0xf000000000000000
H_CPU_BEHAV=0x0000000000000000
This clears H_CPU_BEHAV_FAVOUR_SECURITY and H_CPU_BEHAV_L1D_FLUSH_PR
so pseries_setup_rfi_flush() disables 'rfi_flush'; and it also
clears H_CPU_CHAR_L1D_THREAD_PRIV flag. So there is no RFI flush
mitigation at all for cpu_show_meltdown() to report; but currently
it does:
Original kernel:
# cat /sys/devices/system/cpu/vulnerabilities/meltdown
Mitigation: RFI Flush
Patched kernel:
# cat /sys/devices/system/cpu/vulnerabilities/meltdown
Not affected
H_CPU_CHAR=0x0000000000000000
H_CPU_BEHAV=0xf000000000000000
This sets H_CPU_BEHAV_BNDS_CHK_SPEC_BAR so cpu_show_spectre_v1() should
report vulnerable; but currently it doesn't:
Original kernel:
# cat /sys/devices/system/cpu/vulnerabilities/spectre_v1
Not affected
Patched kernel:
# cat /sys/devices/system/cpu/vulnerabilities/spectre_v1
Vulnerable
Brown-paper-bag-by: Michael Ellerman <mpe@ellerman.id.au>
Fixes: f636c14790ea ("powerpc/pseries: Set or clear security feature flags")
Signed-off-by: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/platforms/pseries/setup.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/arch/powerpc/platforms/pseries/setup.c
+++ b/arch/powerpc/platforms/pseries/setup.c
@@ -484,13 +484,13 @@ static void init_cpu_char_feature_flags(
* The features below are enabled by default, so we instead look to see
* if firmware has *disabled* them, and clear them if so.
*/
- if (!(result->character & H_CPU_BEHAV_FAVOUR_SECURITY))
+ if (!(result->behaviour & H_CPU_BEHAV_FAVOUR_SECURITY))
security_ftr_clear(SEC_FTR_FAVOUR_SECURITY);
- if (!(result->character & H_CPU_BEHAV_L1D_FLUSH_PR))
+ if (!(result->behaviour & H_CPU_BEHAV_L1D_FLUSH_PR))
security_ftr_clear(SEC_FTR_L1D_FLUSH_PR);
- if (!(result->character & H_CPU_BEHAV_BNDS_CHK_SPEC_BAR))
+ if (!(result->behaviour & H_CPU_BEHAV_BNDS_CHK_SPEC_BAR))
security_ftr_clear(SEC_FTR_BNDS_CHK_SPEC_BAR);
}
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 053/496] powerpc: Move default security feature flags
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (47 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 052/496] powerpc/pseries: Fix clearing of security feature flags Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 054/496] powerpc/pseries: Restore default security feature flags on setup Greg Kroah-Hartman
` (420 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel, greg
Cc: Greg Kroah-Hartman, stable, Mauricio Faria de Oliveira, Michael Ellerman
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>
commit e7347a86830f38dc3e40c8f7e28c04412b12a2e7 upstream.
This moves the definition of the default security feature flags
(i.e., enabled by default) closer to the security feature flags.
This can be used to restore current flags to the default flags.
Signed-off-by: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/include/asm/security_features.h | 8 ++++++++
arch/powerpc/kernel/security.c | 7 +------
2 files changed, 9 insertions(+), 6 deletions(-)
--- a/arch/powerpc/include/asm/security_features.h
+++ b/arch/powerpc/include/asm/security_features.h
@@ -63,4 +63,12 @@ static inline bool security_ftr_enabled(
// Firmware configuration indicates user favours security over performance
#define SEC_FTR_FAVOUR_SECURITY 0x0000000000000200ull
+
+// Features enabled by default
+#define SEC_FTR_DEFAULT \
+ (SEC_FTR_L1D_FLUSH_HV | \
+ SEC_FTR_L1D_FLUSH_PR | \
+ SEC_FTR_BNDS_CHK_SPEC_BAR | \
+ SEC_FTR_FAVOUR_SECURITY)
+
#endif /* _ASM_POWERPC_SECURITY_FEATURES_H */
--- a/arch/powerpc/kernel/security.c
+++ b/arch/powerpc/kernel/security.c
@@ -11,12 +11,7 @@
#include <asm/security_features.h>
-unsigned long powerpc_security_features __read_mostly = \
- SEC_FTR_L1D_FLUSH_HV | \
- SEC_FTR_L1D_FLUSH_PR | \
- SEC_FTR_BNDS_CHK_SPEC_BAR | \
- SEC_FTR_FAVOUR_SECURITY;
-
+unsigned long powerpc_security_features __read_mostly = SEC_FTR_DEFAULT;
ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, char *buf)
{
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 054/496] powerpc/pseries: Restore default security feature flags on setup
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (48 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 053/496] powerpc: Move default " Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 055/496] powerpc/64s: Fix section mismatch warnings from setup_rfi_flush() Greg Kroah-Hartman
` (419 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel, greg
Cc: Greg Kroah-Hartman, stable, Mauricio Faria de Oliveira, Michael Ellerman
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>
commit 6232774f1599028a15418179d17f7df47ede770a upstream.
After migration the security feature flags might have changed (e.g.,
destination system with unpatched firmware), but some flags are not
set/clear again in init_cpu_char_feature_flags() because it assumes
the security flags to be the defaults.
Additionally, if the H_GET_CPU_CHARACTERISTICS hypercall fails then
init_cpu_char_feature_flags() does not run again, which potentially
might leave the system in an insecure or sub-optimal configuration.
So, just restore the security feature flags to the defaults assumed
by init_cpu_char_feature_flags() so it can set/clear them correctly,
and to ensure safe settings are in place in case the hypercall fail.
Fixes: f636c14790ea ("powerpc/pseries: Set or clear security feature flags")
Depends-on: 19887d6a28e2 ("powerpc: Move default security feature flags")
Signed-off-by: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/platforms/pseries/setup.c | 11 +++++++++++
1 file changed, 11 insertions(+)
--- a/arch/powerpc/platforms/pseries/setup.c
+++ b/arch/powerpc/platforms/pseries/setup.c
@@ -462,6 +462,10 @@ static void __init find_and_init_phbs(vo
static void init_cpu_char_feature_flags(struct h_cpu_char_result *result)
{
+ /*
+ * The features below are disabled by default, so we instead look to see
+ * if firmware has *enabled* them, and set them if so.
+ */
if (result->character & H_CPU_CHAR_SPEC_BAR_ORI31)
security_ftr_set(SEC_FTR_SPEC_BAR_ORI31);
@@ -501,6 +505,13 @@ void pseries_setup_rfi_flush(void)
bool enable;
long rc;
+ /*
+ * Set features to the defaults assumed by init_cpu_char_feature_flags()
+ * so it can set/clear again any features that might have changed after
+ * migration, and in case the hypercall fails and it is not even called.
+ */
+ powerpc_security_features = SEC_FTR_DEFAULT;
+
rc = plpar_get_cpu_characteristics(&result);
if (rc == H_SUCCESS)
init_cpu_char_feature_flags(&result);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 055/496] powerpc/64s: Fix section mismatch warnings from setup_rfi_flush()
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (49 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 054/496] powerpc/pseries: Restore default security feature flags on setup Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 057/496] MIPS: generic: Fix machine compatible matching Greg Kroah-Hartman
` (418 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel, greg; +Cc: Greg Kroah-Hartman, stable, Michael Ellerman
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Ellerman <mpe@ellerman.id.au>
commit 501a78cbc17c329fabf8e9750a1e9ab810c88a0e upstream.
The recent LPM changes to setup_rfi_flush() are causing some section
mismatch warnings because we removed the __init annotation on
setup_rfi_flush():
The function setup_rfi_flush() references
the function __init ppc64_bolted_size().
the function __init memblock_alloc_base().
The references are actually in init_fallback_flush(), but that is
inlined into setup_rfi_flush().
These references are safe because:
- only pseries calls setup_rfi_flush() at runtime
- pseries always passes L1D_FLUSH_FALLBACK at boot
- so the fallback flush area will always be allocated
- so the check in init_fallback_flush() will always return early:
/* Only allocate the fallback flush area once (at boot time). */
if (l1d_flush_fallback_area)
return;
- and therefore we won't actually call the freed init routines.
We should rework the code to make it safer by default rather than
relying on the above, but for now as a quick-fix just add a __ref
annotation to squash the warning.
Fixes: abf110f3e1ce ("powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again")
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/kernel/setup_64.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/powerpc/kernel/setup_64.c
+++ b/arch/powerpc/kernel/setup_64.c
@@ -831,7 +831,7 @@ void rfi_flush_enable(bool enable)
rfi_flush = enable;
}
-static void init_fallback_flush(void)
+static void __ref init_fallback_flush(void)
{
u64 l1d_size, limit;
int cpu;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 057/496] MIPS: generic: Fix machine compatible matching
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (50 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 055/496] powerpc/64s: Fix section mismatch warnings from setup_rfi_flush() Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 058/496] mac80211: mesh: fix wrong mesh TTL offset calculation Greg Kroah-Hartman
` (417 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, James Hogan, Paul Burton,
Matt Redfearn, Ralf Baechle, linux-mips, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: James Hogan <jhogan@kernel.org>
[ Upstream commit 9a9ab3078e2744a1a55163cfaec73a5798aae33e ]
We now have a platform (Ranchu) in the "generic" platform which matches
based on the FDT compatible string using mips_machine_is_compatible(),
however that function doesn't stop at a blank struct
of_device_id::compatible as that is an array in the struct, not a
pointer to a string.
Fix the loop completion to check the first byte of the compatible array
rather than the address of the compatible array in the struct.
Fixes: eed0eabd12ef ("MIPS: generic: Introduce generic DT-based board support")
Signed-off-by: James Hogan <jhogan@kernel.org>
Reviewed-by: Paul Burton <paul.burton@mips.com>
Reviewed-by: Matt Redfearn <matt.redfearn@mips.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/18580/
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/include/asm/machine.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/mips/include/asm/machine.h
+++ b/arch/mips/include/asm/machine.h
@@ -52,7 +52,7 @@ mips_machine_is_compatible(const struct
if (!mach->matches)
return NULL;
- for (match = mach->matches; match->compatible; match++) {
+ for (match = mach->matches; match->compatible[0]; match++) {
if (fdt_node_check_compatible(fdt, 0, match->compatible) == 0)
return match;
}
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 058/496] mac80211: mesh: fix wrong mesh TTL offset calculation
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (51 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 057/496] MIPS: generic: Fix machine compatible matching Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 059/496] ARC: Fix malformed ARC_EMUL_UNALIGNED default Greg Kroah-Hartman
` (416 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peter Oh, Johannes Berg, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Peter Oh <peter.oh@bowerswilkins.com>
[ Upstream commit c4de37ee2b55deac7d6aeac33e02e3d6be243898 ]
mesh TTL offset in Mesh Channel Switch Parameters element depends on
not only Secondary Channel Offset element, but also affected by
HT Control field and Wide Bandwidth Channel Switch element.
So use element structure to manipulate mesh channel swich param IE
after removing its constant attribution to correct the miscalculation.
Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/mac80211/ieee80211_i.h | 2 +-
net/mac80211/mesh.c | 17 ++++++-----------
2 files changed, 7 insertions(+), 12 deletions(-)
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -1466,7 +1466,7 @@ struct ieee802_11_elems {
const struct ieee80211_timeout_interval_ie *timeout_int;
const u8 *opmode_notif;
const struct ieee80211_sec_chan_offs_ie *sec_chan_offs;
- const struct ieee80211_mesh_chansw_params_ie *mesh_chansw_params_ie;
+ struct ieee80211_mesh_chansw_params_ie *mesh_chansw_params_ie;
const struct ieee80211_bss_max_idle_period_ie *max_idle_period_ie;
/* length of them, respectively */
--- a/net/mac80211/mesh.c
+++ b/net/mac80211/mesh.c
@@ -1253,13 +1253,12 @@ int ieee80211_mesh_csa_beacon(struct iee
}
static int mesh_fwd_csa_frame(struct ieee80211_sub_if_data *sdata,
- struct ieee80211_mgmt *mgmt, size_t len)
+ struct ieee80211_mgmt *mgmt, size_t len,
+ struct ieee802_11_elems *elems)
{
struct ieee80211_mgmt *mgmt_fwd;
struct sk_buff *skb;
struct ieee80211_local *local = sdata->local;
- u8 *pos = mgmt->u.action.u.chan_switch.variable;
- size_t offset_ttl;
skb = dev_alloc_skb(local->tx_headroom + len);
if (!skb)
@@ -1267,13 +1266,9 @@ static int mesh_fwd_csa_frame(struct iee
skb_reserve(skb, local->tx_headroom);
mgmt_fwd = skb_put(skb, len);
- /* offset_ttl is based on whether the secondary channel
- * offset is available or not. Subtract 1 from the mesh TTL
- * and disable the initiator flag before forwarding.
- */
- offset_ttl = (len < 42) ? 7 : 10;
- *(pos + offset_ttl) -= 1;
- *(pos + offset_ttl + 1) &= ~WLAN_EID_CHAN_SWITCH_PARAM_INITIATOR;
+ elems->mesh_chansw_params_ie->mesh_ttl--;
+ elems->mesh_chansw_params_ie->mesh_flags &=
+ ~WLAN_EID_CHAN_SWITCH_PARAM_INITIATOR;
memcpy(mgmt_fwd, mgmt, len);
eth_broadcast_addr(mgmt_fwd->da);
@@ -1321,7 +1316,7 @@ static void mesh_rx_csa_frame(struct iee
/* forward or re-broadcast the CSA frame */
if (fwd_csa) {
- if (mesh_fwd_csa_frame(sdata, mgmt, len) < 0)
+ if (mesh_fwd_csa_frame(sdata, mgmt, len, &elems) < 0)
mcsa_dbg(sdata, "Failed to forward the CSA frame");
}
}
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 059/496] ARC: Fix malformed ARC_EMUL_UNALIGNED default
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (52 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 058/496] mac80211: mesh: fix wrong mesh TTL offset calculation Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 060/496] ptr_ring: prevent integer overflow when calculating size Greg Kroah-Hartman
` (415 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ulf Magnusson, Vineet Gupta, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ulf Magnusson <ulfalizer@gmail.com>
[ Upstream commit 827cc2fa024dd6517d62de7a44c7b42f32af371b ]
'default N' should be 'default n', though they happen to have the same
effect here, due to undefined symbols (N in this case) evaluating to n
in a tristate sense.
Remove the default from ARC_EMUL_UNALIGNED instead of changing it. bool
and tristate symbols implicitly default to n.
Discovered with the
https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_ulfalizer_Kconfiglib_blob_master_examples_list-5Fundefined.py&d=DwIBAg&c=DPL6_X_6JkXFx7AXWqB0tg&r=c14YS-cH-kdhTOW89KozFhBtBJgs1zXscZojEZQ0THs&m=WxxD8ozR7QQUVzNCBksiznaisBGO_crN7PBOvAoju8s&s=1LmxsNqxwT-7wcInVpZ6Z1J27duZKSoyKxHIJclXU_M&e=
script.
Signed-off-by: Ulf Magnusson <ulfalizer@gmail.com>
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arc/Kconfig | 1 -
1 file changed, 1 deletion(-)
--- a/arch/arc/Kconfig
+++ b/arch/arc/Kconfig
@@ -487,7 +487,6 @@ config ARC_CURR_IN_REG
config ARC_EMUL_UNALIGNED
bool "Emulate unaligned memory access (userspace only)"
- default N
select SYSCTL_ARCH_UNALIGN_NO_WARN
select SYSCTL_ARCH_UNALIGN_ALLOW
depends on ISA_ARCOMPACT
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 060/496] ptr_ring: prevent integer overflow when calculating size
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (53 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 059/496] ARC: Fix malformed ARC_EMUL_UNALIGNED default Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 062/496] arm64: dts: rockchip: correct ep-gpios for rk3399-sapphire Greg Kroah-Hartman
` (414 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Biggers, Jason Wang,
Michael S. Tsirkin, David S. Miller, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jason Wang <jasowang@redhat.com>
[ Upstream commit 54e02162d4454a99227f520948bf4494c3d972d0 ]
Switch to use dividing to prevent integer overflow when size is too
big to calculate allocation size properly.
Reported-by: Eric Biggers <ebiggers3@gmail.com>
Fixes: 6e6e41c31122 ("ptr_ring: fail early if queue occupies more than KMALLOC_MAX_SIZE")
Signed-off-by: Jason Wang <jasowang@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/ptr_ring.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/include/linux/ptr_ring.h
+++ b/include/linux/ptr_ring.h
@@ -450,7 +450,7 @@ static inline int ptr_ring_consume_batch
*/
static inline void **__ptr_ring_init_queue_alloc(unsigned int size, gfp_t gfp)
{
- if (size * sizeof(void *) > KMALLOC_MAX_SIZE)
+ if (size > KMALLOC_MAX_SIZE / sizeof(void *))
return NULL;
return kvmalloc_array(size, sizeof(void *), gfp | __GFP_ZERO);
}
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 062/496] arm64: dts: rockchip: correct ep-gpios for rk3399-sapphire
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (54 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 060/496] ptr_ring: prevent integer overflow when calculating size Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 063/496] libata: Fix compile warning with ATA_DEBUG enabled Greg Kroah-Hartman
` (413 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Shawn Lin, Heiko Stuebner, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Shawn Lin <shawn.lin@rock-chips.com>
[ Upstream commit 2b7d2ed1af2e2c0c90a1a8b97926b7b6c6cb03ed ]
The endpoint control gpio for rk3399-sapphire boards is gpio2_a4,
so correct it now.
Signed-off-by: Shawn Lin <shawn.lin@rock-chips.com>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/boot/dts/rockchip/rk3399-sapphire.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm64/boot/dts/rockchip/rk3399-sapphire.dtsi
+++ b/arch/arm64/boot/dts/rockchip/rk3399-sapphire.dtsi
@@ -457,7 +457,7 @@
assigned-clocks = <&cru SCLK_PCIEPHY_REF>;
assigned-clock-parents = <&cru SCLK_PCIEPHY_REF100M>;
assigned-clock-rates = <100000000>;
- ep-gpios = <&gpio3 RK_PB5 GPIO_ACTIVE_HIGH>;
+ ep-gpios = <&gpio2 RK_PA4 GPIO_ACTIVE_HIGH>;
num-lanes = <4>;
pinctrl-names = "default";
pinctrl-0 = <&pcie_clkreqn_cpm>;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 063/496] libata: Fix compile warning with ATA_DEBUG enabled
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (55 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 062/496] arm64: dts: rockchip: correct ep-gpios for rk3399-sapphire Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 065/496] selftest/vDSO: fix O= Greg Kroah-Hartman
` (412 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Dong Bo, Tejun Heo, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dong Bo <dongbo4@huawei.com>
[ Upstream commit 0d3e45bc6507bd1f8728bf586ebd16c2d9e40613 ]
This fixs the following comile warnings with ATA_DEBUG enabled,
which detected by Linaro GCC 5.2-2015.11:
drivers/ata/libata-scsi.c: In function 'ata_scsi_dump_cdb':
./include/linux/kern_levels.h:5:18: warning: format '%d' expects
argument of type 'int', but argument 6 has type 'u64 {aka long
long unsigned int}' [-Wformat=]
tj: Patch hand-applied and description trimmed.
Signed-off-by: Dong Bo <dongbo4@huawei.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/ata/libata-scsi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/ata/libata-scsi.c
+++ b/drivers/ata/libata-scsi.c
@@ -4287,7 +4287,7 @@ static inline void ata_scsi_dump_cdb(str
#ifdef ATA_DEBUG
struct scsi_device *scsidev = cmd->device;
- DPRINTK("CDB (%u:%d,%d,%d) %9ph\n",
+ DPRINTK("CDB (%u:%d,%d,%lld) %9ph\n",
ap->print_id,
scsidev->channel, scsidev->id, scsidev->lun,
cmd->cmnd);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 065/496] selftest/vDSO: fix O=
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (56 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 063/496] libata: Fix compile warning with ATA_DEBUG enabled Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 066/496] selftests: pstore: Adding config fragment CONFIG_PSTORE_RAM=m Greg Kroah-Hartman
` (411 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dominik Brodowski, Shuah Khan, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dominik Brodowski <linux@dominikbrodowski.net>
[ Upstream commit 70b574e7d719bdf96d26528cb289f3e782e83979 ]
The vDSO selftests ignored the O= or KBUILD_OUTPUT= parameters. Fix it.
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/testing/selftests/vDSO/Makefile | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
--- a/tools/testing/selftests/vDSO/Makefile
+++ b/tools/testing/selftests/vDSO/Makefile
@@ -1,4 +1,6 @@
# SPDX-License-Identifier: GPL-2.0
+include ../lib.mk
+
ifndef CROSS_COMPILE
CFLAGS := -std=gnu99
CFLAGS_vdso_standalone_test_x86 := -nostdlib -fno-asynchronous-unwind-tables -fno-stack-protector
@@ -6,16 +8,14 @@ ifeq ($(CONFIG_X86_32),y)
LDLIBS += -lgcc_s
endif
-TEST_PROGS := vdso_test vdso_standalone_test_x86
+TEST_PROGS := $(OUTPUT)/vdso_test $(OUTPUT)/vdso_standalone_test_x86
all: $(TEST_PROGS)
-vdso_test: parse_vdso.c vdso_test.c
-vdso_standalone_test_x86: vdso_standalone_test_x86.c parse_vdso.c
+$(OUTPUT)/vdso_test: parse_vdso.c vdso_test.c
+$(OUTPUT)/vdso_standalone_test_x86: vdso_standalone_test_x86.c parse_vdso.c
$(CC) $(CFLAGS) $(CFLAGS_vdso_standalone_test_x86) \
vdso_standalone_test_x86.c parse_vdso.c \
- -o vdso_standalone_test_x86
+ -o $@
-include ../lib.mk
-clean:
- rm -fr $(TEST_PROGS)
+EXTRA_CLEAN := $(TEST_PROGS)
endif
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 066/496] selftests: pstore: Adding config fragment CONFIG_PSTORE_RAM=m
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (57 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 065/496] selftest/vDSO: fix O= Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 068/496] ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt Greg Kroah-Hartman
` (410 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Naresh Kamboju, Kees Cook,
Shuah Khan, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Naresh Kamboju <naresh.kamboju@linaro.org>
[ Upstream commit 9a379e77033f02c4a071891afdf0f0a01eff8ccb ]
pstore_tests and pstore_post_reboot_tests need CONFIG_PSTORE_RAM=m
Signed-off-by: Naresh Kamboju <naresh.kamboju@linaro.org>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/testing/selftests/pstore/config | 1 +
1 file changed, 1 insertion(+)
--- a/tools/testing/selftests/pstore/config
+++ b/tools/testing/selftests/pstore/config
@@ -2,3 +2,4 @@ CONFIG_MISC_FILESYSTEMS=y
CONFIG_PSTORE=y
CONFIG_PSTORE_PMSG=y
CONFIG_PSTORE_CONSOLE=y
+CONFIG_PSTORE_RAM=m
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 068/496] ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (58 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 066/496] selftests: pstore: Adding config fragment CONFIG_PSTORE_RAM=m Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 069/496] ARM: OMAP3: Fix prm wake interrupt for resume Greg Kroah-Hartman
` (409 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Qi Hou, Tony Lindgren, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Qi Hou <qi.hou@windriver.com>
[ Upstream commit db35340c536f1af0108ec9a0b2126a05d358d14a ]
When more than one GP timers are used as kernel system timers and the
corresponding nodes in device-tree are marked with the same "disabled"
property, then the "attr" field of the property will be initialized
more than once as the property being added to sys file system via
__of_add_property_sysfs().
In __of_add_property_sysfs(), the "name" field of pp->attr.attr is set
directly to the return value of safe_name(), without taking care of
whether it's already a valid pointer to a memory block. If it is, its
old value will always be overwritten by the new one and the memory block
allocated before will a "ghost", then a kmemleak happened.
That the same "disabled" property being added to different nodes of device
tree would cause that kind of kmemleak overhead, at least once.
To fix it, allocate the property dynamically, and delete static one.
Signed-off-by: Qi Hou <qi.hou@windriver.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/mach-omap2/timer.c | 19 +++++++++++--------
1 file changed, 11 insertions(+), 8 deletions(-)
--- a/arch/arm/mach-omap2/timer.c
+++ b/arch/arm/mach-omap2/timer.c
@@ -156,12 +156,6 @@ static struct clock_event_device clockev
.tick_resume = omap2_gp_timer_shutdown,
};
-static struct property device_disabled = {
- .name = "status",
- .length = sizeof("disabled"),
- .value = "disabled",
-};
-
static const struct of_device_id omap_timer_match[] __initconst = {
{ .compatible = "ti,omap2420-timer", },
{ .compatible = "ti,omap3430-timer", },
@@ -203,8 +197,17 @@ static struct device_node * __init omap_
of_get_property(np, "ti,timer-secure", NULL)))
continue;
- if (!of_device_is_compatible(np, "ti,omap-counter32k"))
- of_add_property(np, &device_disabled);
+ if (!of_device_is_compatible(np, "ti,omap-counter32k")) {
+ struct property *prop;
+
+ prop = kzalloc(sizeof(*prop), GFP_KERNEL);
+ if (!prop)
+ return NULL;
+ prop->name = "status";
+ prop->value = "disabled";
+ prop->length = strlen(prop->value);
+ of_add_property(np, prop);
+ }
return np;
}
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 069/496] ARM: OMAP3: Fix prm wake interrupt for resume
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (59 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 068/496] ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 070/496] ARM: OMAP2+: Fix sar_base inititalization for HS omaps Greg Kroah-Hartman
` (408 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Grygorii Strashko, Tero Kristo,
Tony Lindgren, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tony Lindgren <tony@atomide.com>
[ Upstream commit d3be6d2a08bd26580562d9714d3d97ea9ba22c73 ]
For platform_suspend_ops, the finish call is too late to re-enable wake
irqs and we need re-enable wake irqs on wake call instead.
Otherwise noirq resume for devices has already happened. And then
dev_pm_disarm_wake_irq() has already disabled the dedicated wake irqs
when the interrupt triggers and the wake irq is never handled.
For devices that are already in PM runtime suspended state when we
enter suspend this means that a possible wake irq will never trigger.
And this can lead into a situation where a device has a pending padconf
wake irq, and the device will stay unresponsive to any further wake
irqs.
This issue can be easily reproduced by setting serial console log level
to zero, letting the serial console idle, and suspend the system from
an ssh terminal. Then try to wake up the system by typing to the serial
console.
Note that this affects only omap3 PRM interrupt as that's currently
the only omap variant that does anything in omap_pm_wake().
In general, for the wake irqs to work, the interrupt must have either
IRQF_NO_SUSPEND or IRQF_EARLY_RESUME set for it to trigger before
dev_pm_disarm_wake_irq() disables the wake irqs.
Reported-by: Grygorii Strashko <grygorii.strashko@ti.com>
Cc: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/mach-omap2/pm.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/arch/arm/mach-omap2/pm.c
+++ b/arch/arm/mach-omap2/pm.c
@@ -186,7 +186,7 @@ static void omap_pm_end(void)
cpu_idle_poll_ctrl(false);
}
-static void omap_pm_finish(void)
+static void omap_pm_wake(void)
{
if (soc_is_omap34xx())
omap_prcm_irq_complete();
@@ -196,7 +196,7 @@ static const struct platform_suspend_ops
.begin = omap_pm_begin,
.end = omap_pm_end,
.enter = omap_pm_enter,
- .finish = omap_pm_finish,
+ .wake = omap_pm_wake,
.valid = suspend_valid_only_mem,
};
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 070/496] ARM: OMAP2+: Fix sar_base inititalization for HS omaps
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (60 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 069/496] ARM: OMAP3: Fix prm wake interrupt for resume Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 071/496] ARM: OMAP1: clock: Fix debugfs_create_*() usage Greg Kroah-Hartman
` (407 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andrew F. Davis, Dave Gerlach,
Keerthy, Santosh Shilimkar, Tero Kristo, Tony Lindgren,
Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tony Lindgren <tony@atomide.com>
[ Upstream commit fe27f16794f313f5fc16f6d2f42d8c2b2f4d70cc ]
HS omaps use irq_save_secure_context() instead of irq_save_context()
so sar_base will never get initialized and irq_sar_clear() gets called
with a wrong address for HS omaps from irq_restore_context().
Starting with commit f4b9f40ae95b ("ARM: OMAP4+: Initialize SAR RAM
base early for proper CPU1 reset for kexec") we have it available,
and this ideally would been fixed with that commit already.
Fixes: f4b9f40ae95b ("ARM: OMAP4+: Initialize SAR RAM base early for
proper CPU1 reset for kexec")
Cc: Andrew F. Davis <afd@ti.com>
Cc: Dave Gerlach <d-gerlach@ti.com>
Cc: Keerthy <j-keerthy@ti.com>
Cc: Santosh Shilimkar <ssantosh@kernel.org>
Cc: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/mach-omap2/omap-wakeupgen.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/arch/arm/mach-omap2/omap-wakeupgen.c
+++ b/arch/arm/mach-omap2/omap-wakeupgen.c
@@ -299,8 +299,6 @@ static void irq_save_context(void)
if (soc_is_dra7xx())
return;
- if (!sar_base)
- sar_base = omap4_get_sar_ram_base();
if (wakeupgen_ops && wakeupgen_ops->save_context)
wakeupgen_ops->save_context();
}
@@ -598,6 +596,8 @@ static int __init wakeupgen_init(struct
irq_hotplug_init();
irq_pm_init();
+ sar_base = omap4_get_sar_ram_base();
+
return 0;
}
IRQCHIP_DECLARE(ti_wakeupgen, "ti,omap4-wugen-mpu", wakeupgen_init);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 071/496] ARM: OMAP1: clock: Fix debugfs_create_*() usage
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (61 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 070/496] ARM: OMAP2+: Fix sar_base inititalization for HS omaps Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 072/496] ibmvnic: Wait until reset is complete to set carrier on Greg Kroah-Hartman
` (406 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Geert Uytterhoeven, Aaro Koskinen,
Tony Lindgren, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Geert Uytterhoeven <geert+renesas@glider.be>
[ Upstream commit 8cbbf1745dcde7ba7e423dc70619d223de90fd43 ]
When exposing data access through debugfs, the correct
debugfs_create_*() functions must be used, depending on data type.
Remove all casts from data pointers passed to debugfs_create_*()
functions, as such casts prevent the compiler from flagging bugs.
Correct all wrong usage:
- clk.rate is unsigned long, not u32,
- clk.flags is u8, not u32, which exposed the successive
clk.rate_offset and clk.src_offset fields.
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Acked-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/mach-omap1/clock.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/arch/arm/mach-omap1/clock.c
+++ b/arch/arm/mach-omap1/clock.c
@@ -1011,17 +1011,17 @@ static int clk_debugfs_register_one(stru
return -ENOMEM;
c->dent = d;
- d = debugfs_create_u8("usecount", S_IRUGO, c->dent, (u8 *)&c->usecount);
+ d = debugfs_create_u8("usecount", S_IRUGO, c->dent, &c->usecount);
if (!d) {
err = -ENOMEM;
goto err_out;
}
- d = debugfs_create_u32("rate", S_IRUGO, c->dent, (u32 *)&c->rate);
+ d = debugfs_create_ulong("rate", S_IRUGO, c->dent, &c->rate);
if (!d) {
err = -ENOMEM;
goto err_out;
}
- d = debugfs_create_x32("flags", S_IRUGO, c->dent, (u32 *)&c->flags);
+ d = debugfs_create_x8("flags", S_IRUGO, c->dent, &c->flags);
if (!d) {
err = -ENOMEM;
goto err_out;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 072/496] ibmvnic: Wait until reset is complete to set carrier on
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (62 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 071/496] ARM: OMAP1: clock: Fix debugfs_create_*() usage Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 073/496] ibmvnic: Free RX socket buffer in case of adapter error Greg Kroah-Hartman
` (405 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thomas Falcon, David S. Miller, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Falcon <tlfalcon@linux.vnet.ibm.com>
[ Upstream commit cc85c02edfe48a34865ae00f7d22298a3fdd17aa ]
Pushes back setting the carrier on until the end of the reset
code. This resolves a bug where a watchdog timer was detecting
that a TX queue had stalled before the adapter reset was complete.
Signed-off-by: Thomas Falcon <tlfalcon@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/ibm/ibmvnic.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/net/ethernet/ibm/ibmvnic.c
+++ b/drivers/net/ethernet/ibm/ibmvnic.c
@@ -1460,8 +1460,6 @@ static int do_reset(struct ibmvnic_adapt
return 0;
}
- netif_carrier_on(netdev);
-
/* kick napi */
for (i = 0; i < adapter->req_rx_queues; i++)
napi_schedule(&adapter->napi[i]);
@@ -1469,6 +1467,8 @@ static int do_reset(struct ibmvnic_adapt
if (adapter->reset_reason != VNIC_RESET_FAILOVER)
netdev_notify_peers(netdev);
+ netif_carrier_on(netdev);
+
return 0;
}
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 073/496] ibmvnic: Free RX socket buffer in case of adapter error
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (63 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 072/496] ibmvnic: Wait until reset is complete to set carrier on Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 074/496] ibmvnic: Clean RX pool buffers during device close Greg Kroah-Hartman
` (404 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thomas Falcon, David S. Miller, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Falcon <tlfalcon@linux.vnet.ibm.com>
[ Upstream commit 4b9b0f01350500173f17e2b2e65beb4df4ef99c7 ]
If a RX buffer is returned to the client driver with an error, free the
corresponding socket buffer before continuing.
Signed-off-by: Thomas Falcon <tlfalcon@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/ibm/ibmvnic.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/net/ethernet/ibm/ibmvnic.c
+++ b/drivers/net/ethernet/ibm/ibmvnic.c
@@ -1636,6 +1636,7 @@ restart_poll:
be16_to_cpu(next->rx_comp.rc));
/* free the entry */
next->rx_comp.first = 0;
+ dev_kfree_skb_any(rx_buff->skb);
remove_buff_from_pool(adapter, rx_buff);
continue;
}
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 074/496] ibmvnic: Clean RX pool buffers during device close
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (64 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 073/496] ibmvnic: Free RX socket buffer in case of adapter error Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 075/496] tls: retrun the correct IV in getsockopt Greg Kroah-Hartman
` (403 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thomas Falcon, David S. Miller, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Falcon <tlfalcon@linux.vnet.ibm.com>
[ Upstream commit d0869c0071e40c4407d1a4d7c9497653cf47253b ]
During device close or reset, there were some cases of outstanding
RX socket buffers not being freed. Include a function similar to the
one that already exists to clean TX socket buffers in this case.
Signed-off-by: Thomas Falcon <tlfalcon@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/ibm/ibmvnic.c | 31 ++++++++++++++++++++++++++++++-
1 file changed, 30 insertions(+), 1 deletion(-)
--- a/drivers/net/ethernet/ibm/ibmvnic.c
+++ b/drivers/net/ethernet/ibm/ibmvnic.c
@@ -933,6 +933,35 @@ static int ibmvnic_open(struct net_devic
return rc;
}
+static void clean_rx_pools(struct ibmvnic_adapter *adapter)
+{
+ struct ibmvnic_rx_pool *rx_pool;
+ u64 rx_entries;
+ int rx_scrqs;
+ int i, j;
+
+ if (!adapter->rx_pool)
+ return;
+
+ rx_scrqs = be32_to_cpu(adapter->login_rsp_buf->num_rxadd_subcrqs);
+ rx_entries = adapter->req_rx_add_entries_per_subcrq;
+
+ /* Free any remaining skbs in the rx buffer pools */
+ for (i = 0; i < rx_scrqs; i++) {
+ rx_pool = &adapter->rx_pool[i];
+ if (!rx_pool)
+ continue;
+
+ netdev_dbg(adapter->netdev, "Cleaning rx_pool[%d]\n", i);
+ for (j = 0; j < rx_entries; j++) {
+ if (rx_pool->rx_buff[j].skb) {
+ dev_kfree_skb_any(rx_pool->rx_buff[j].skb);
+ rx_pool->rx_buff[j].skb = NULL;
+ }
+ }
+ }
+}
+
static void clean_tx_pools(struct ibmvnic_adapter *adapter)
{
struct ibmvnic_tx_pool *tx_pool;
@@ -1010,7 +1039,7 @@ static int __ibmvnic_close(struct net_de
}
}
}
-
+ clean_rx_pools(adapter);
clean_tx_pools(adapter);
adapter->state = VNIC_CLOSED;
return rc;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 075/496] tls: retrun the correct IV in getsockopt
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (65 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 074/496] ibmvnic: Clean RX pool buffers during device close Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 076/496] xhci: workaround for AMD Promontory disabled ports wakeup Greg Kroah-Hartman
` (402 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Boris Pismenny, David S. Miller, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Boris Pismenny <borisp@mellanox.com>
[ Upstream commit a1dfa6812b682eef750412dd5a90e7d38d7af068 ]
Current code returns four bytes of salt followed by four bytes of IV.
This patch returns all eight bytes of IV.
fixes: 3c4d7559159b ("tls: kernel TLS support")
Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/tls/tls_main.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -299,7 +299,8 @@ static int do_tls_getsockopt_tx(struct s
goto out;
}
lock_sock(sk);
- memcpy(crypto_info_aes_gcm_128->iv, ctx->iv,
+ memcpy(crypto_info_aes_gcm_128->iv,
+ ctx->iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE,
TLS_CIPHER_AES_GCM_128_IV_SIZE);
release_sock(sk);
if (copy_to_user(optval,
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 076/496] xhci: workaround for AMD Promontory disabled ports wakeup
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (66 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 075/496] tls: retrun the correct IV in getsockopt Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 077/496] IB/uverbs: Fix method merging in uverbs_ioctl_merge Greg Kroah-Hartman
` (401 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Joe Lee, Mathias Nyman, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Joe Lee <asmt.swfae@gmail.com>
[ Upstream commit bde0716d1f076e4c913c7946bcc858f71243c7a0 ]
For AMD Promontory xHCI host, although you can disable USB ports in
BIOS settings, those ports will be enabled anyway after you remove a
device on that port and re-plug it in again. It's a known limitation of
the chip. As a workaround we can clear the PORT_WAKE_BITS.
[commit and code comment rephrasing -Mathias]
Signed-off-by: Joe Lee <asmt.swfae@gmail.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/pci-quirks.c | 109 ++++++++++++++++++++++++++++++++++++++++++
drivers/usb/host/pci-quirks.h | 5 +
drivers/usb/host/xhci-hub.c | 7 ++
drivers/usb/host/xhci-pci.c | 11 ++++
drivers/usb/host/xhci.h | 2
5 files changed, 133 insertions(+), 1 deletion(-)
--- a/drivers/usb/host/pci-quirks.c
+++ b/drivers/usb/host/pci-quirks.c
@@ -65,6 +65,23 @@
#define AX_INDXC 0x30
#define AX_DATAC 0x34
+#define PT_ADDR_INDX 0xE8
+#define PT_READ_INDX 0xE4
+#define PT_SIG_1_ADDR 0xA520
+#define PT_SIG_2_ADDR 0xA521
+#define PT_SIG_3_ADDR 0xA522
+#define PT_SIG_4_ADDR 0xA523
+#define PT_SIG_1_DATA 0x78
+#define PT_SIG_2_DATA 0x56
+#define PT_SIG_3_DATA 0x34
+#define PT_SIG_4_DATA 0x12
+#define PT4_P1_REG 0xB521
+#define PT4_P2_REG 0xB522
+#define PT2_P1_REG 0xD520
+#define PT2_P2_REG 0xD521
+#define PT1_P1_REG 0xD522
+#define PT1_P2_REG 0xD523
+
#define NB_PCIE_INDX_ADDR 0xe0
#define NB_PCIE_INDX_DATA 0xe4
#define PCIE_P_CNTL 0x10040
@@ -512,6 +529,98 @@ void usb_amd_dev_put(void)
EXPORT_SYMBOL_GPL(usb_amd_dev_put);
/*
+ * Check if port is disabled in BIOS on AMD Promontory host.
+ * BIOS Disabled ports may wake on connect/disconnect and need
+ * driver workaround to keep them disabled.
+ * Returns true if port is marked disabled.
+ */
+bool usb_amd_pt_check_port(struct device *device, int port)
+{
+ unsigned char value, port_shift;
+ struct pci_dev *pdev;
+ u16 reg;
+
+ pdev = to_pci_dev(device);
+ pci_write_config_word(pdev, PT_ADDR_INDX, PT_SIG_1_ADDR);
+
+ pci_read_config_byte(pdev, PT_READ_INDX, &value);
+ if (value != PT_SIG_1_DATA)
+ return false;
+
+ pci_write_config_word(pdev, PT_ADDR_INDX, PT_SIG_2_ADDR);
+
+ pci_read_config_byte(pdev, PT_READ_INDX, &value);
+ if (value != PT_SIG_2_DATA)
+ return false;
+
+ pci_write_config_word(pdev, PT_ADDR_INDX, PT_SIG_3_ADDR);
+
+ pci_read_config_byte(pdev, PT_READ_INDX, &value);
+ if (value != PT_SIG_3_DATA)
+ return false;
+
+ pci_write_config_word(pdev, PT_ADDR_INDX, PT_SIG_4_ADDR);
+
+ pci_read_config_byte(pdev, PT_READ_INDX, &value);
+ if (value != PT_SIG_4_DATA)
+ return false;
+
+ /* Check disabled port setting, if bit is set port is enabled */
+ switch (pdev->device) {
+ case 0x43b9:
+ case 0x43ba:
+ /*
+ * device is AMD_PROMONTORYA_4(0x43b9) or PROMONTORYA_3(0x43ba)
+ * PT4_P1_REG bits[7..1] represents USB2.0 ports 6 to 0
+ * PT4_P2_REG bits[6..0] represents ports 13 to 7
+ */
+ if (port > 6) {
+ reg = PT4_P2_REG;
+ port_shift = port - 7;
+ } else {
+ reg = PT4_P1_REG;
+ port_shift = port + 1;
+ }
+ break;
+ case 0x43bb:
+ /*
+ * device is AMD_PROMONTORYA_2(0x43bb)
+ * PT2_P1_REG bits[7..5] represents USB2.0 ports 2 to 0
+ * PT2_P2_REG bits[5..0] represents ports 9 to 3
+ */
+ if (port > 2) {
+ reg = PT2_P2_REG;
+ port_shift = port - 3;
+ } else {
+ reg = PT2_P1_REG;
+ port_shift = port + 5;
+ }
+ break;
+ case 0x43bc:
+ /*
+ * device is AMD_PROMONTORYA_1(0x43bc)
+ * PT1_P1_REG[7..4] represents USB2.0 ports 3 to 0
+ * PT1_P2_REG[5..0] represents ports 9 to 4
+ */
+ if (port > 3) {
+ reg = PT1_P2_REG;
+ port_shift = port - 4;
+ } else {
+ reg = PT1_P1_REG;
+ port_shift = port + 4;
+ }
+ break;
+ default:
+ return false;
+ }
+ pci_write_config_word(pdev, PT_ADDR_INDX, reg);
+ pci_read_config_byte(pdev, PT_READ_INDX, &value);
+
+ return !(value & BIT(port_shift));
+}
+EXPORT_SYMBOL_GPL(usb_amd_pt_check_port);
+
+/*
* Make sure the controller is completely inactive, unable to
* generate interrupts or do DMA.
*/
--- a/drivers/usb/host/pci-quirks.h
+++ b/drivers/usb/host/pci-quirks.h
@@ -17,6 +17,7 @@ void usb_enable_intel_xhci_ports(struct
void usb_disable_xhci_ports(struct pci_dev *xhci_pdev);
void sb800_prefetch(struct device *dev, int on);
bool usb_xhci_needs_pci_reset(struct pci_dev *pdev);
+bool usb_amd_pt_check_port(struct device *device, int port);
#else
struct pci_dev;
static inline void usb_amd_quirk_pll_disable(void) {}
@@ -25,6 +26,10 @@ static inline void usb_asmedia_modifyflo
static inline void usb_amd_dev_put(void) {}
static inline void usb_disable_xhci_ports(struct pci_dev *xhci_pdev) {}
static inline void sb800_prefetch(struct device *dev, int on) {}
+static inline bool usb_amd_pt_check_port(struct device *device, int port)
+{
+ return false;
+}
#endif /* CONFIG_USB_PCI */
#endif /* __LINUX_USB_PCI_QUIRKS_H */
--- a/drivers/usb/host/xhci-hub.c
+++ b/drivers/usb/host/xhci-hub.c
@@ -1531,6 +1531,13 @@ int xhci_bus_suspend(struct usb_hcd *hcd
t2 |= PORT_WKOC_E | PORT_WKCONN_E;
t2 &= ~PORT_WKDISC_E;
}
+
+ if ((xhci->quirks & XHCI_U2_DISABLE_WAKE) &&
+ (hcd->speed < HCD_USB3)) {
+ if (usb_amd_pt_check_port(hcd->self.controller,
+ port_index))
+ t2 &= ~PORT_WAKE_BITS;
+ }
} else
t2 &= ~PORT_WAKE_BITS;
--- a/drivers/usb/host/xhci-pci.c
+++ b/drivers/usb/host/xhci-pci.c
@@ -54,6 +54,10 @@
#define PCI_DEVICE_ID_INTEL_APL_XHCI 0x5aa8
#define PCI_DEVICE_ID_INTEL_DNV_XHCI 0x19d0
+#define PCI_DEVICE_ID_AMD_PROMONTORYA_4 0x43b9
+#define PCI_DEVICE_ID_AMD_PROMONTORYA_3 0x43ba
+#define PCI_DEVICE_ID_AMD_PROMONTORYA_2 0x43bb
+#define PCI_DEVICE_ID_AMD_PROMONTORYA_1 0x43bc
#define PCI_DEVICE_ID_ASMEDIA_1042A_XHCI 0x1142
static const char hcd_name[] = "xhci_hcd";
@@ -143,6 +147,13 @@ static void xhci_pci_quirks(struct devic
if (pdev->vendor == PCI_VENDOR_ID_AMD)
xhci->quirks |= XHCI_TRUST_TX_LENGTH;
+ if ((pdev->vendor == PCI_VENDOR_ID_AMD) &&
+ ((pdev->device == PCI_DEVICE_ID_AMD_PROMONTORYA_4) ||
+ (pdev->device == PCI_DEVICE_ID_AMD_PROMONTORYA_3) ||
+ (pdev->device == PCI_DEVICE_ID_AMD_PROMONTORYA_2) ||
+ (pdev->device == PCI_DEVICE_ID_AMD_PROMONTORYA_1)))
+ xhci->quirks |= XHCI_U2_DISABLE_WAKE;
+
if (pdev->vendor == PCI_VENDOR_ID_INTEL) {
xhci->quirks |= XHCI_LPM_SUPPORT;
xhci->quirks |= XHCI_INTEL_HOST;
--- a/drivers/usb/host/xhci.h
+++ b/drivers/usb/host/xhci.h
@@ -1829,7 +1829,7 @@ struct xhci_hcd {
/* For controller with a broken Port Disable implementation */
#define XHCI_BROKEN_PORT_PED (1 << 25)
#define XHCI_LIMIT_ENDPOINT_INTERVAL_7 (1 << 26)
-/* Reserved. It was XHCI_U2_DISABLE_WAKE */
+#define XHCI_U2_DISABLE_WAKE (1 << 27)
#define XHCI_ASMEDIA_MODIFY_FLOWCONTROL (1 << 28)
#define XHCI_SUSPEND_DELAY (1 << 30)
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 077/496] IB/uverbs: Fix method merging in uverbs_ioctl_merge
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (67 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 076/496] xhci: workaround for AMD Promontory disabled ports wakeup Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 078/496] IB/uverbs: Fix possible oops with duplicate ioctl attributes Greg Kroah-Hartman
` (400 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Matan Barak, Leon Romanovsky,
Jason Gunthorpe, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Matan Barak <matanb@mellanox.com>
[ Upstream commit 3d89459e2ef92cc0e5a50dde868780ccda9786c1 ]
Fix a bug in uverbs_ioctl_merge that looked at the object's iterator
number instead of the method's iterator number when merging methods.
While we're at it, make the uverbs_ioctl_merge code a bit more clear
and faster.
Fixes: 118620d3686b ('IB/core: Add uverbs merge trees functionality')
Signed-off-by: Matan Barak <matanb@mellanox.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/core/uverbs_ioctl_merge.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
--- a/drivers/infiniband/core/uverbs_ioctl_merge.c
+++ b/drivers/infiniband/core/uverbs_ioctl_merge.c
@@ -114,6 +114,7 @@ static size_t get_elements_above_id(cons
short min = SHRT_MAX;
const void *elem;
int i, j, last_stored = -1;
+ unsigned int equal_min = 0;
for_each_element(elem, i, j, elements, num_elements, num_offset,
data_offset) {
@@ -136,6 +137,10 @@ static size_t get_elements_above_id(cons
*/
iters[last_stored == i ? num_iters - 1 : num_iters++] = elem;
last_stored = i;
+ if (min == GET_ID(id))
+ equal_min++;
+ else
+ equal_min = 1;
min = GET_ID(id);
}
@@ -146,15 +151,10 @@ static size_t get_elements_above_id(cons
* Therefore, we need to clean the beginning of the array to make sure
* all ids of final elements are equal to min.
*/
- for (i = num_iters - 1; i >= 0 &&
- GET_ID(*(u16 *)(iters[i] + id_offset)) == min; i--)
- ;
-
- num_iters -= i + 1;
- memmove(iters, iters + i + 1, sizeof(*iters) * num_iters);
+ memmove(iters, iters + num_iters - equal_min, sizeof(*iters) * equal_min);
*min_id = min;
- return num_iters;
+ return equal_min;
}
#define find_max_element_entry_id(num_elements, elements, num_objects_fld, \
@@ -322,7 +322,7 @@ static struct uverbs_method_spec *build_
hash = kzalloc(sizeof(*hash) +
ALIGN(sizeof(*hash->attrs) * (attr_max_bucket + 1),
sizeof(long)) +
- BITS_TO_LONGS(attr_max_bucket) * sizeof(long),
+ BITS_TO_LONGS(attr_max_bucket + 1) * sizeof(long),
GFP_KERNEL);
if (!hash) {
res = -ENOMEM;
@@ -509,7 +509,7 @@ static struct uverbs_object_spec *build_
* first handler which != NULL. This also defines the
* set of flags used for this handler.
*/
- for (i = num_object_defs - 1;
+ for (i = num_method_defs - 1;
i >= 0 && !method_defs[i]->handler; i--)
;
hash->methods[min_id++] = method;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 078/496] IB/uverbs: Fix possible oops with duplicate ioctl attributes
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (68 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 077/496] IB/uverbs: Fix method merging in uverbs_ioctl_merge Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 079/496] IB/uverbs: Fix unbalanced unlock on error path for rdma_explicit_destroy Greg Kroah-Hartman
` (399 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Matan Barak, Leon Romanovsky,
Jason Gunthorpe, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Matan Barak <matanb@mellanox.com>
[ Upstream commit 4d39a959bc1f3d164b5a54147fdeb19f84b1ed58 ]
If the same attribute is listed twice by the user in the ioctl attribute
list then error unwind can cause the kernel to deref garbage.
This happens when an object with WRITE access is sent twice. The second
parse properly fails but corrupts the state required for the error unwind
it triggers.
Fixing this by making duplicates in the attribute list invalid. This is
not something we need to support.
The ioctl interface is currently recommended to be disabled in kConfig.
Signed-off-by: Matan Barak <matanb@mellanox.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/core/uverbs_ioctl.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/infiniband/core/uverbs_ioctl.c
+++ b/drivers/infiniband/core/uverbs_ioctl.c
@@ -59,6 +59,9 @@ static int uverbs_process_attr(struct ib
return 0;
}
+ if (test_bit(attr_id, attr_bundle_h->valid_bitmap))
+ return -EINVAL;
+
spec = &attr_spec_bucket->attrs[attr_id];
e = &elements[attr_id];
e->uattr = uattr_ptr;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 079/496] IB/uverbs: Fix unbalanced unlock on error path for rdma_explicit_destroy
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (69 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 078/496] IB/uverbs: Fix possible oops with duplicate ioctl attributes Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 080/496] arm64: dts: rockchip: Fix DWMMC clocks Greg Kroah-Hartman
` (398 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Leon Romanovsky, Dennis Dalessandro,
Jason Gunthorpe, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jason Gunthorpe <jgg@mellanox.com>
[ Upstream commit ec6f8401c48a86809237e86878a6fac6b281118f ]
If remove_commit fails then the lock is left locked while the uobj still
exists. Eventually the kernel will deadlock.
lockdep detects this and says:
test/4221 is leaving the kernel with locks still held!
1 lock held by test/4221:
#0: (&ucontext->cleanup_rwsem){.+.+}, at: [<000000001e5c7523>] rdma_explicit_destroy+0x37/0x120 [ib_uverbs]
Fixes: 4da70da23e9b ("IB/core: Explicitly destroy an object while keeping uobject")
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Reviewed-by: Dennis Dalessandro <dennis.dalessandro@intel.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/core/rdma_core.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/drivers/infiniband/core/rdma_core.c
+++ b/drivers/infiniband/core/rdma_core.c
@@ -486,12 +486,13 @@ int rdma_explicit_destroy(struct ib_uobj
ret = uobject->type->type_class->remove_commit(uobject,
RDMA_REMOVE_DESTROY);
if (ret)
- return ret;
+ goto out;
uobject->type = &null_obj_type;
+out:
up_read(&ucontext->cleanup_rwsem);
- return 0;
+ return ret;
}
static void alloc_commit_idr_uobject(struct ib_uobject *uobj)
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 080/496] arm64: dts: rockchip: Fix DWMMC clocks
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (70 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 079/496] IB/uverbs: Fix unbalanced unlock on error path for rdma_explicit_destroy Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 081/496] ARM: " Greg Kroah-Hartman
` (397 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Robin Murphy, Heiko Stuebner, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Robin Murphy <robin.murphy@arm.com>
[ Upstream commit ca9eee95a2decc6f60bed65b5b836a26bff825c1 ]
Trying to boot an RK3328 box with an HS200-capable eMMC, I see said eMMC
fail to initialise as it can't run its tuning procedure, because the
sample clock is missing. Upon closer inspection, whilst the clock is
present in the DT, its name is subtly incorrect per the binding, so
__of_clk_get_by_name() never finds it. By inspection, the drive clock
suffers from a similar problem, so has never worked properly either.
Fix up all instances of the incorrect clock names across the 64-bit DTs.
Fixes: d717f7352ec6 ("arm64: dts: rockchip: add sdmmc/sdio/emmc nodes for RK3328 SoCs")
Fixes: b790c2cab5ca ("arm64: dts: add Rockchip rk3368 core dtsi and board dts for the r88 board")
Signed-off-by: Robin Murphy <robin.murphy@arm.com>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/boot/dts/rockchip/rk3328.dtsi | 6 +++---
arch/arm64/boot/dts/rockchip/rk3368.dtsi | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
--- a/arch/arm64/boot/dts/rockchip/rk3328.dtsi
+++ b/arch/arm64/boot/dts/rockchip/rk3328.dtsi
@@ -683,7 +683,7 @@
interrupts = <GIC_SPI 12 IRQ_TYPE_LEVEL_HIGH>;
clocks = <&cru HCLK_SDMMC>, <&cru SCLK_SDMMC>,
<&cru SCLK_SDMMC_DRV>, <&cru SCLK_SDMMC_SAMPLE>;
- clock-names = "biu", "ciu", "ciu_drv", "ciu_sample";
+ clock-names = "biu", "ciu", "ciu-drive", "ciu-sample";
fifo-depth = <0x100>;
status = "disabled";
};
@@ -694,7 +694,7 @@
interrupts = <GIC_SPI 13 IRQ_TYPE_LEVEL_HIGH>;
clocks = <&cru HCLK_SDIO>, <&cru SCLK_SDIO>,
<&cru SCLK_SDIO_DRV>, <&cru SCLK_SDIO_SAMPLE>;
- clock-names = "biu", "ciu", "ciu_drv", "ciu_sample";
+ clock-names = "biu", "ciu", "ciu-drive", "ciu-sample";
fifo-depth = <0x100>;
status = "disabled";
};
@@ -705,7 +705,7 @@
interrupts = <GIC_SPI 14 IRQ_TYPE_LEVEL_HIGH>;
clocks = <&cru HCLK_EMMC>, <&cru SCLK_EMMC>,
<&cru SCLK_EMMC_DRV>, <&cru SCLK_EMMC_SAMPLE>;
- clock-names = "biu", "ciu", "ciu_drv", "ciu_sample";
+ clock-names = "biu", "ciu", "ciu-drive", "ciu-sample";
fifo-depth = <0x100>;
status = "disabled";
};
--- a/arch/arm64/boot/dts/rockchip/rk3368.dtsi
+++ b/arch/arm64/boot/dts/rockchip/rk3368.dtsi
@@ -257,7 +257,7 @@
max-frequency = <150000000>;
clocks = <&cru HCLK_SDIO0>, <&cru SCLK_SDIO0>,
<&cru SCLK_SDIO0_DRV>, <&cru SCLK_SDIO0_SAMPLE>;
- clock-names = "biu", "ciu", "ciu_drv", "ciu_sample";
+ clock-names = "biu", "ciu", "ciu-drive", "ciu-sample";
fifo-depth = <0x100>;
interrupts = <GIC_SPI 33 IRQ_TYPE_LEVEL_HIGH>;
resets = <&cru SRST_SDIO0>;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 081/496] ARM: dts: rockchip: Fix DWMMC clocks
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (71 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 080/496] arm64: dts: rockchip: Fix DWMMC clocks Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 082/496] iwlwifi: mvm: fix security bug in PN checking Greg Kroah-Hartman
` (396 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Robin Murphy, Heiko Stuebner, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Robin Murphy <robin.murphy@arm.com>
[ Upstream commit e78c637127ee7683d606737f2e62b5da6fd7b1c3 ]
Trying to boot an RK3328 box with an HS200-capable eMMC, I see said eMMC
fail to initialise as it can't run its tuning procedure, because the
sample clock is missing. Upon closer inspection, whilst the clock is
present in the DT, its name is subtly incorrect per the binding, so
__of_clk_get_by_name() never finds it. By inspection, the drive clock
suffers from a similar problem, so has never worked properly either.
This error has propagated across the 32-bit DTs too, so fix those up.
Fixes: 187d7967a5ee ("ARM: dts: rockchip: add the sdio/sdmmc node for rk3036")
Fixes: faea098e1808 ("ARM: dts: rockchip: add core rk3036 dtsi")
Fixes: 9848ebeb952d ("ARM: dts: rockchip: add core rk3228 dtsi")
Signed-off-by: Robin Murphy <robin.murphy@arm.com>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/boot/dts/rk3036.dtsi | 4 ++--
arch/arm/boot/dts/rk322x.dtsi | 6 +++---
2 files changed, 5 insertions(+), 5 deletions(-)
--- a/arch/arm/boot/dts/rk3036.dtsi
+++ b/arch/arm/boot/dts/rk3036.dtsi
@@ -261,7 +261,7 @@
max-frequency = <37500000>;
clocks = <&cru HCLK_SDIO>, <&cru SCLK_SDIO>,
<&cru SCLK_SDIO_DRV>, <&cru SCLK_SDIO_SAMPLE>;
- clock-names = "biu", "ciu", "ciu_drv", "ciu_sample";
+ clock-names = "biu", "ciu", "ciu-drive", "ciu-sample";
fifo-depth = <0x100>;
interrupts = <GIC_SPI 15 IRQ_TYPE_LEVEL_HIGH>;
resets = <&cru SRST_SDIO>;
@@ -279,7 +279,7 @@
max-frequency = <37500000>;
clocks = <&cru HCLK_EMMC>, <&cru SCLK_EMMC>,
<&cru SCLK_EMMC_DRV>, <&cru SCLK_EMMC_SAMPLE>;
- clock-names = "biu", "ciu", "ciu_drv", "ciu_sample";
+ clock-names = "biu", "ciu", "ciu-drive", "ciu-sample";
default-sample-phase = <158>;
disable-wp;
dmas = <&pdma 12>;
--- a/arch/arm/boot/dts/rk322x.dtsi
+++ b/arch/arm/boot/dts/rk322x.dtsi
@@ -600,7 +600,7 @@
interrupts = <GIC_SPI 12 IRQ_TYPE_LEVEL_HIGH>;
clocks = <&cru HCLK_SDMMC>, <&cru SCLK_SDMMC>,
<&cru SCLK_SDMMC_DRV>, <&cru SCLK_SDMMC_SAMPLE>;
- clock-names = "biu", "ciu", "ciu_drv", "ciu_sample";
+ clock-names = "biu", "ciu", "ciu-drive", "ciu-sample";
fifo-depth = <0x100>;
pinctrl-names = "default";
pinctrl-0 = <&sdmmc_clk &sdmmc_cmd &sdmmc_bus4>;
@@ -613,7 +613,7 @@
interrupts = <GIC_SPI 13 IRQ_TYPE_LEVEL_HIGH>;
clocks = <&cru HCLK_SDIO>, <&cru SCLK_SDIO>,
<&cru SCLK_SDIO_DRV>, <&cru SCLK_SDIO_SAMPLE>;
- clock-names = "biu", "ciu", "ciu_drv", "ciu_sample";
+ clock-names = "biu", "ciu", "ciu-drive", "ciu-sample";
fifo-depth = <0x100>;
pinctrl-names = "default";
pinctrl-0 = <&sdio_clk &sdio_cmd &sdio_bus4>;
@@ -628,7 +628,7 @@
max-frequency = <37500000>;
clocks = <&cru HCLK_EMMC>, <&cru SCLK_EMMC>,
<&cru SCLK_EMMC_DRV>, <&cru SCLK_EMMC_SAMPLE>;
- clock-names = "biu", "ciu", "ciu_drv", "ciu_sample";
+ clock-names = "biu", "ciu", "ciu-drive", "ciu-sample";
bus-width = <8>;
default-sample-phase = <158>;
fifo-depth = <0x100>;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 082/496] iwlwifi: mvm: fix security bug in PN checking
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (72 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 081/496] ARM: " Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 083/496] iwlwifi: mvm: fix IBSS for devices that support station type API Greg Kroah-Hartman
` (395 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sara Sharon, Luca Coelho, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sara Sharon <sara.sharon@intel.com>
[ Upstream commit 5ab2ba931255d8bf03009c06d58dce97de32797c ]
A previous patch allowed the same PN for packets originating from the
same AMSDU by copying PN only for the last packet in the series.
This however is bogus since we cannot assume the last frame will be
received on the same queue, and if it is received on a different ueue
we will end up not incrementing the PN and possibly let the next
packet to have the same PN and pass through.
Change the logic instead to driver explicitly indicate for the second
sub frame and on to be allowed to have the same PN as the first
subframe. Indicate it to mac80211 as well for the fallback queue.
Fixes: f1ae02b186d9 ("iwlwifi: mvm: allow same PN for de-aggregated AMSDU")
Signed-off-by: Sara Sharon <sara.sharon@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 39 +++++++++++++-------------
1 file changed, 20 insertions(+), 19 deletions(-)
--- a/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c
@@ -71,6 +71,7 @@ static inline int iwl_mvm_check_pn(struc
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
struct ieee80211_rx_status *stats = IEEE80211_SKB_RXCB(skb);
struct iwl_mvm_key_pn *ptk_pn;
+ int res;
u8 tid, keyidx;
u8 pn[IEEE80211_CCMP_PN_LEN];
u8 *extiv;
@@ -127,12 +128,13 @@ static inline int iwl_mvm_check_pn(struc
pn[4] = extiv[1];
pn[5] = extiv[0];
- if (memcmp(pn, ptk_pn->q[queue].pn[tid],
- IEEE80211_CCMP_PN_LEN) <= 0)
+ res = memcmp(pn, ptk_pn->q[queue].pn[tid], IEEE80211_CCMP_PN_LEN);
+ if (res < 0)
+ return -1;
+ if (!res && !(stats->flag & RX_FLAG_ALLOW_SAME_PN))
return -1;
- if (!(stats->flag & RX_FLAG_AMSDU_MORE))
- memcpy(ptk_pn->q[queue].pn[tid], pn, IEEE80211_CCMP_PN_LEN);
+ memcpy(ptk_pn->q[queue].pn[tid], pn, IEEE80211_CCMP_PN_LEN);
stats->flag |= RX_FLAG_PN_VALIDATED;
return 0;
@@ -310,28 +312,21 @@ static void iwl_mvm_rx_csum(struct ieee8
}
/*
- * returns true if a packet outside BA session is a duplicate and
- * should be dropped
+ * returns true if a packet is a duplicate and should be dropped.
+ * Updates AMSDU PN tracking info
*/
-static bool iwl_mvm_is_nonagg_dup(struct ieee80211_sta *sta, int queue,
- struct ieee80211_rx_status *rx_status,
- struct ieee80211_hdr *hdr,
- struct iwl_rx_mpdu_desc *desc)
+static bool iwl_mvm_is_dup(struct ieee80211_sta *sta, int queue,
+ struct ieee80211_rx_status *rx_status,
+ struct ieee80211_hdr *hdr,
+ struct iwl_rx_mpdu_desc *desc)
{
struct iwl_mvm_sta *mvm_sta;
struct iwl_mvm_rxq_dup_data *dup_data;
- u8 baid, tid, sub_frame_idx;
+ u8 tid, sub_frame_idx;
if (WARN_ON(IS_ERR_OR_NULL(sta)))
return false;
- baid = (le32_to_cpu(desc->reorder_data) &
- IWL_RX_MPDU_REORDER_BAID_MASK) >>
- IWL_RX_MPDU_REORDER_BAID_SHIFT;
-
- if (baid != IWL_RX_REORDER_DATA_INVALID_BAID)
- return false;
-
mvm_sta = iwl_mvm_sta_from_mac80211(sta);
dup_data = &mvm_sta->dup_data[queue];
@@ -361,6 +356,12 @@ static bool iwl_mvm_is_nonagg_dup(struct
dup_data->last_sub_frame[tid] >= sub_frame_idx))
return true;
+ /* Allow same PN as the first subframe for following sub frames */
+ if (dup_data->last_seq[tid] == hdr->seq_ctrl &&
+ sub_frame_idx > dup_data->last_sub_frame[tid] &&
+ desc->mac_flags2 & IWL_RX_MPDU_MFLG2_AMSDU)
+ rx_status->flag |= RX_FLAG_ALLOW_SAME_PN;
+
dup_data->last_seq[tid] = hdr->seq_ctrl;
dup_data->last_sub_frame[tid] = sub_frame_idx;
@@ -929,7 +930,7 @@ void iwl_mvm_rx_mpdu_mq(struct iwl_mvm *
if (ieee80211_is_data(hdr->frame_control))
iwl_mvm_rx_csum(sta, skb, desc);
- if (iwl_mvm_is_nonagg_dup(sta, queue, rx_status, hdr, desc)) {
+ if (iwl_mvm_is_dup(sta, queue, rx_status, hdr, desc)) {
kfree_skb(skb);
goto out;
}
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 083/496] iwlwifi: mvm: fix IBSS for devices that support station type API
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (73 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 082/496] iwlwifi: mvm: fix security bug in PN checking Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 084/496] iwlwifi: mvm: always init rs with 20mhz bandwidth rates Greg Kroah-Hartman
` (394 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sara Sharon, Luca Coelho, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sara Sharon <sara.sharon@intel.com>
[ Upstream commit fc07bd8ce19bff9e7479c04077ddb5957d1a27be ]
In IBSS, the mac80211 sets the cab_queue to be invalid.
However, the multicast station uses it, so we need to override it.
A previous patch did it, but it was nested inside the if's and was
applied only for legacy FWs that don't support the new station type
API, instead of being applied for all paths.
In addition, add a missing NL80211_IFTYPE_ADHOC to the initialization
of the queues in iwl_mvm_mac_ctxt_init()
Fixes: ee48b72211f8 ("iwlwifi: mvm: support ibss in dqa mode")
Signed-off-by: Sara Sharon <sara.sharon@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c | 3 +-
drivers/net/wireless/intel/iwlwifi/mvm/sta.c | 24 +++++++++++-----------
2 files changed, 14 insertions(+), 13 deletions(-)
--- a/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c
@@ -438,7 +438,8 @@ int iwl_mvm_mac_ctxt_init(struct iwl_mvm
}
/* Allocate the CAB queue for softAP and GO interfaces */
- if (vif->type == NL80211_IFTYPE_AP) {
+ if (vif->type == NL80211_IFTYPE_AP ||
+ vif->type == NL80211_IFTYPE_ADHOC) {
/*
* For TVQM this will be overwritten later with the FW assigned
* queue value (when queue is enabled).
--- a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
@@ -2037,6 +2037,17 @@ int iwl_mvm_add_mcast_sta(struct iwl_mvm
return -ENOTSUPP;
/*
+ * In IBSS, ieee80211_check_queues() sets the cab_queue to be
+ * invalid, so make sure we use the queue we want.
+ * Note that this is done here as we want to avoid making DQA
+ * changes in mac80211 layer.
+ */
+ if (vif->type == NL80211_IFTYPE_ADHOC) {
+ vif->cab_queue = IWL_MVM_DQA_GCAST_QUEUE;
+ mvmvif->cab_queue = vif->cab_queue;
+ }
+
+ /*
* While in previous FWs we had to exclude cab queue from TFD queue
* mask, now it is needed as any other queue.
*/
@@ -2067,20 +2078,9 @@ int iwl_mvm_add_mcast_sta(struct iwl_mvm
timeout);
mvmvif->cab_queue = queue;
} else if (!fw_has_api(&mvm->fw->ucode_capa,
- IWL_UCODE_TLV_API_STA_TYPE)) {
- /*
- * In IBSS, ieee80211_check_queues() sets the cab_queue to be
- * invalid, so make sure we use the queue we want.
- * Note that this is done here as we want to avoid making DQA
- * changes in mac80211 layer.
- */
- if (vif->type == NL80211_IFTYPE_ADHOC) {
- vif->cab_queue = IWL_MVM_DQA_GCAST_QUEUE;
- mvmvif->cab_queue = vif->cab_queue;
- }
+ IWL_UCODE_TLV_API_STA_TYPE))
iwl_mvm_enable_txq(mvm, vif->cab_queue, vif->cab_queue, 0,
&cfg, timeout);
- }
return 0;
}
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 084/496] iwlwifi: mvm: always init rs with 20mhz bandwidth rates
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (74 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 083/496] iwlwifi: mvm: fix IBSS for devices that support station type API Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 085/496] NFC: llcp: Limit size of SDP URI Greg Kroah-Hartman
` (393 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Naftali Goldstein, Luca Coelho, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Naftali Goldstein <naftali.goldstein@intel.com>
[ Upstream commit 6b7a5aea71b342ec0593d23b08383e1f33da4c9a ]
In AP mode, when a new station associates, rs is initialized immediately
upon association completion, before the phy context is updated with the
association parameters, so the sta bandwidth might be wider than the phy
context allows.
To avoid this issue, always initialize rs with 20mhz bandwidth rate, and
after authorization, when the phy context is already up-to-date, re-init
rs with the correct bw.
Signed-off-by: Naftali Goldstein <naftali.goldstein@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 4 +++
drivers/net/wireless/intel/iwlwifi/mvm/rs.c | 28 +++++++++++++++-------
2 files changed, 24 insertions(+), 8 deletions(-)
--- a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
@@ -2703,6 +2703,10 @@ static int iwl_mvm_mac_sta_state(struct
/* enable beacon filtering */
WARN_ON(iwl_mvm_enable_beacon_filter(mvm, vif, 0));
+
+ iwl_mvm_rs_rate_init(mvm, sta, mvmvif->phy_ctxt->channel->band,
+ false);
+
ret = 0;
} else if (old_state == IEEE80211_STA_AUTHORIZED &&
new_state == IEEE80211_STA_ASSOC) {
--- a/drivers/net/wireless/intel/iwlwifi/mvm/rs.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/rs.c
@@ -2690,7 +2690,8 @@ static void rs_get_initial_rate(struct i
struct ieee80211_sta *sta,
struct iwl_lq_sta *lq_sta,
enum nl80211_band band,
- struct rs_rate *rate)
+ struct rs_rate *rate,
+ bool init)
{
int i, nentries;
unsigned long active_rate;
@@ -2744,14 +2745,25 @@ static void rs_get_initial_rate(struct i
*/
if (sta->vht_cap.vht_supported &&
best_rssi > IWL_RS_LOW_RSSI_THRESHOLD) {
- switch (sta->bandwidth) {
- case IEEE80211_STA_RX_BW_160:
- case IEEE80211_STA_RX_BW_80:
- case IEEE80211_STA_RX_BW_40:
+ /*
+ * In AP mode, when a new station associates, rs is initialized
+ * immediately upon association completion, before the phy
+ * context is updated with the association parameters, so the
+ * sta bandwidth might be wider than the phy context allows.
+ * To avoid this issue, always initialize rs with 20mhz
+ * bandwidth rate, and after authorization, when the phy context
+ * is already up-to-date, re-init rs with the correct bw.
+ */
+ u32 bw = init ? RATE_MCS_CHAN_WIDTH_20 : rs_bw_from_sta_bw(sta);
+
+ switch (bw) {
+ case RATE_MCS_CHAN_WIDTH_40:
+ case RATE_MCS_CHAN_WIDTH_80:
+ case RATE_MCS_CHAN_WIDTH_160:
initial_rates = rs_optimal_rates_vht;
nentries = ARRAY_SIZE(rs_optimal_rates_vht);
break;
- case IEEE80211_STA_RX_BW_20:
+ case RATE_MCS_CHAN_WIDTH_20:
initial_rates = rs_optimal_rates_vht_20mhz;
nentries = ARRAY_SIZE(rs_optimal_rates_vht_20mhz);
break;
@@ -2762,7 +2774,7 @@ static void rs_get_initial_rate(struct i
active_rate = lq_sta->active_siso_rate;
rate->type = LQ_VHT_SISO;
- rate->bw = rs_bw_from_sta_bw(sta);
+ rate->bw = bw;
} else if (sta->ht_cap.ht_supported &&
best_rssi > IWL_RS_LOW_RSSI_THRESHOLD) {
initial_rates = rs_optimal_rates_ht;
@@ -2844,7 +2856,7 @@ static void rs_initialize_lq(struct iwl_
tbl = &(lq_sta->lq_info[active_tbl]);
rate = &tbl->rate;
- rs_get_initial_rate(mvm, sta, lq_sta, band, rate);
+ rs_get_initial_rate(mvm, sta, lq_sta, band, rate, init);
rs_init_optimal_rate(mvm, sta, lq_sta);
WARN_ONCE(rate->ant != ANT_A && rate->ant != ANT_B,
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 085/496] NFC: llcp: Limit size of SDP URI
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (75 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 084/496] iwlwifi: mvm: always init rs with 20mhz bandwidth rates Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 086/496] rxrpc: Work around usercopy check Greg Kroah-Hartman
` (392 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kees Cook, David S. Miller, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kees Cook <keescook@chromium.org>
[ Upstream commit fe9c842695e26d8116b61b80bfb905356f07834b ]
The tlv_len is u8, so we need to limit the size of the SDP URI. Enforce
this both in the NLA policy and in the code that performs the allocation
and copy, to avoid writing past the end of the allocated buffer.
Fixes: d9b8d8e19b073 ("NFC: llcp: Service Name Lookup netlink interface")
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/nfc/llcp_commands.c | 4 ++++
net/nfc/netlink.c | 3 ++-
2 files changed, 6 insertions(+), 1 deletion(-)
--- a/net/nfc/llcp_commands.c
+++ b/net/nfc/llcp_commands.c
@@ -149,6 +149,10 @@ struct nfc_llcp_sdp_tlv *nfc_llcp_build_
pr_debug("uri: %s, len: %zu\n", uri, uri_len);
+ /* sdreq->tlv_len is u8, takes uri_len, + 3 for header, + 1 for NULL */
+ if (WARN_ON_ONCE(uri_len > U8_MAX - 4))
+ return NULL;
+
sdreq = kzalloc(sizeof(struct nfc_llcp_sdp_tlv), GFP_KERNEL);
if (sdreq == NULL)
return NULL;
--- a/net/nfc/netlink.c
+++ b/net/nfc/netlink.c
@@ -61,7 +61,8 @@ static const struct nla_policy nfc_genl_
};
static const struct nla_policy nfc_sdp_genl_policy[NFC_SDP_ATTR_MAX + 1] = {
- [NFC_SDP_ATTR_URI] = { .type = NLA_STRING },
+ [NFC_SDP_ATTR_URI] = { .type = NLA_STRING,
+ .len = U8_MAX - 4 },
[NFC_SDP_ATTR_SAP] = { .type = NLA_U8 },
};
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 086/496] rxrpc: Work around usercopy check
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (76 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 085/496] NFC: llcp: Limit size of SDP URI Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 087/496] MD: Free bioset when md_run fails Greg Kroah-Hartman
` (391 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jonathan Billings, David Howells,
Kees Cook, David S. Miller, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Howells <dhowells@redhat.com>
[ Upstream commit a16b8d0cf2ec1e626d24bc2a7b9e64ace6f7501d ]
Due to a check recently added to copy_to_user(), it's now not permitted to
copy from slab-held data to userspace unless the slab is whitelisted. This
affects rxrpc_recvmsg() when it attempts to place an RXRPC_USER_CALL_ID
control message in the userspace control message buffer. A warning is
generated by usercopy_warn() because the source is the copy of the
user_call_ID retained in the rxrpc_call struct.
Work around the issue by copying the user_call_ID to a variable on the
stack and passing that to put_cmsg().
The warning generated looks like:
Bad or missing usercopy whitelist? Kernel memory exposure attempt detected from SLUB object 'dmaengine-unmap-128' (offset 680, size 8)!
WARNING: CPU: 0 PID: 1401 at mm/usercopy.c:81 usercopy_warn+0x7e/0xa0
...
RIP: 0010:usercopy_warn+0x7e/0xa0
...
Call Trace:
__check_object_size+0x9c/0x1a0
put_cmsg+0x98/0x120
rxrpc_recvmsg+0x6fc/0x1010 [rxrpc]
? finish_wait+0x80/0x80
___sys_recvmsg+0xf8/0x240
? __clear_rsb+0x25/0x3d
? __clear_rsb+0x15/0x3d
? __clear_rsb+0x25/0x3d
? __clear_rsb+0x15/0x3d
? __clear_rsb+0x25/0x3d
? __clear_rsb+0x15/0x3d
? __clear_rsb+0x25/0x3d
? __clear_rsb+0x15/0x3d
? finish_task_switch+0xa6/0x2b0
? trace_hardirqs_on_caller+0xed/0x180
? _raw_spin_unlock_irq+0x29/0x40
? __sys_recvmsg+0x4e/0x90
__sys_recvmsg+0x4e/0x90
do_syscall_64+0x7a/0x220
entry_SYSCALL_64_after_hwframe+0x26/0x9b
Reported-by: Jonathan Billings <jsbillings@jsbillings.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Kees Cook <keescook@chromium.org>
Tested-by: Jonathan Billings <jsbillings@jsbillings.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/rxrpc/recvmsg.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/net/rxrpc/recvmsg.c
+++ b/net/rxrpc/recvmsg.c
@@ -513,9 +513,10 @@ try_again:
ret = put_cmsg(msg, SOL_RXRPC, RXRPC_USER_CALL_ID,
sizeof(unsigned int), &id32);
} else {
+ unsigned long idl = call->user_call_ID;
+
ret = put_cmsg(msg, SOL_RXRPC, RXRPC_USER_CALL_ID,
- sizeof(unsigned long),
- &call->user_call_ID);
+ sizeof(unsigned long), &idl);
}
if (ret < 0)
goto error_unlock_call;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 087/496] MD: Free bioset when md_run fails
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (77 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 086/496] rxrpc: Work around usercopy check Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 088/496] md: fix md_write_start() deadlock w/o metadata devices Greg Kroah-Hartman
` (390 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xiao Ni, Guoqing Jiang, Shaohua Li,
Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Xiao Ni <xni@redhat.com>
[ Upstream commit b126194cbb799f9980b92a77e58db6ad794c8082 ]
Signed-off-by: Xiao Ni <xni@redhat.com>
Acked-by: Guoqing Jiang <gqjiang@suse.com>
Signed-off-by: Shaohua Li <sh.li@alibaba-inc.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/md.c | 26 +++++++++++++++++++++-----
1 file changed, 21 insertions(+), 5 deletions(-)
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -5479,8 +5479,10 @@ int md_run(struct mddev *mddev)
}
if (mddev->sync_set == NULL) {
mddev->sync_set = bioset_create(BIO_POOL_SIZE, 0, BIOSET_NEED_BVECS);
- if (!mddev->sync_set)
- return -ENOMEM;
+ if (!mddev->sync_set) {
+ err = -ENOMEM;
+ goto abort;
+ }
}
spin_lock(&pers_lock);
@@ -5493,7 +5495,8 @@ int md_run(struct mddev *mddev)
else
pr_warn("md: personality for level %s is not loaded!\n",
mddev->clevel);
- return -EINVAL;
+ err = -EINVAL;
+ goto abort;
}
spin_unlock(&pers_lock);
if (mddev->level != pers->level) {
@@ -5506,7 +5509,8 @@ int md_run(struct mddev *mddev)
pers->start_reshape == NULL) {
/* This personality cannot handle reshaping... */
module_put(pers->owner);
- return -EINVAL;
+ err = -EINVAL;
+ goto abort;
}
if (pers->sync_request) {
@@ -5580,7 +5584,7 @@ int md_run(struct mddev *mddev)
mddev->private = NULL;
module_put(pers->owner);
bitmap_destroy(mddev);
- return err;
+ goto abort;
}
if (mddev->queue) {
bool nonrot = true;
@@ -5642,6 +5646,18 @@ int md_run(struct mddev *mddev)
sysfs_notify_dirent_safe(mddev->sysfs_action);
sysfs_notify(&mddev->kobj, NULL, "degraded");
return 0;
+
+abort:
+ if (mddev->bio_set) {
+ bioset_free(mddev->bio_set);
+ mddev->bio_set = NULL;
+ }
+ if (mddev->sync_set) {
+ bioset_free(mddev->sync_set);
+ mddev->sync_set = NULL;
+ }
+
+ return err;
}
EXPORT_SYMBOL_GPL(md_run);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 088/496] md: fix md_write_start() deadlock w/o metadata devices
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (78 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 087/496] MD: Free bioset when md_run fails Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 089/496] s390/dasd: fix handling of internal requests Greg Kroah-Hartman
` (389 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Heinz Mauelshagen, Shaohua Li, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Heinz Mauelshagen <heinzm@redhat.com>
[ Upstream commit 4b6c1060eaa6495aa5b0032e8f2d51dd936b1257 ]
If no metadata devices are configured on raid1/4/5/6/10
(e.g. via dm-raid), md_write_start() unconditionally waits
for superblocks to be written thus deadlocking.
Fix introduces mddev->has_superblocks bool, defines it in md_run()
and checks for it in md_write_start() to conditionally avoid waiting.
Once on it, check for non-existing superblocks in md_super_write().
Link: https://bugzilla.kernel.org/show_bug.cgi?id=198647
Fixes: cc27b0c78c796 ("md: fix deadlock between mddev_suspend() and md_write_start()")
Signed-off-by: Heinz Mauelshagen <heinzm@redhat.com>
Signed-off-by: Shaohua Li <sh.li@alibaba-inc.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/md.c | 10 ++++++++++
drivers/md/md.h | 2 ++
2 files changed, 12 insertions(+)
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -779,6 +779,9 @@ void md_super_write(struct mddev *mddev,
struct bio *bio;
int ff = 0;
+ if (!page)
+ return;
+
if (test_bit(Faulty, &rdev->flags))
return;
@@ -5434,6 +5437,7 @@ int md_run(struct mddev *mddev)
* the only valid external interface is through the md
* device.
*/
+ mddev->has_superblocks = false;
rdev_for_each(rdev, mddev) {
if (test_bit(Faulty, &rdev->flags))
continue;
@@ -5447,6 +5451,9 @@ int md_run(struct mddev *mddev)
set_disk_ro(mddev->gendisk, 1);
}
+ if (rdev->sb_page)
+ mddev->has_superblocks = true;
+
/* perform some consistency tests on the device.
* We don't want the data to overlap the metadata,
* Internal Bitmap issues have been handled elsewhere.
@@ -8022,6 +8029,7 @@ EXPORT_SYMBOL(md_done_sync);
bool md_write_start(struct mddev *mddev, struct bio *bi)
{
int did_change = 0;
+
if (bio_data_dir(bi) != WRITE)
return true;
@@ -8054,6 +8062,8 @@ bool md_write_start(struct mddev *mddev,
rcu_read_unlock();
if (did_change)
sysfs_notify_dirent_safe(mddev->sysfs_state);
+ if (!mddev->has_superblocks)
+ return true;
wait_event(mddev->sb_wait,
!test_bit(MD_SB_CHANGE_PENDING, &mddev->sb_flags) ||
mddev->suspended);
--- a/drivers/md/md.h
+++ b/drivers/md/md.h
@@ -462,6 +462,8 @@ struct mddev {
void (*sync_super)(struct mddev *mddev, struct md_rdev *rdev);
struct md_cluster_info *cluster_info;
unsigned int good_device_nr; /* good device num within cluster raid */
+
+ bool has_superblocks:1;
};
enum recovery_flags {
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 089/496] s390/dasd: fix handling of internal requests
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (79 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 088/496] md: fix md_write_start() deadlock w/o metadata devices Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 090/496] xfrm: do not call rcu_read_unlock when afinfo is NULL in xfrm_get_tos Greg Kroah-Hartman
` (388 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stefan Haberland, Jan Hoeppner,
Martin Schwidefsky, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stefan Haberland <sth@linux.vnet.ibm.com>
[ Upstream commit 9487cfd3430d07366801886bdf185799a2b6f066 ]
Internal DASD device driver I/O such as query host access count or
path verification is started using the _sleep_on() function.
To mark a request as started or ended the callback_data is set to either
DASD_SLEEPON_START_TAG or DASD_SLEEPON_END_TAG.
In cases where the request has to be stopped unconditionally the status is
set to DASD_SLEEPON_END_TAG as well which leads to immediate clearing of
the request.
But the request might still be on a device request queue for normal
operation which might lead to a panic because of a BUG() statement in
__dasd_device_process_final_queue() or a list corruption of the device
request queue.
Fix by removing the setting of DASD_SLEEPON_END_TAG in the
dasd_cancel_req() and dasd_generic_requeue_all_requests() functions and
ensure that the request is not deleted in the requeue function.
Trigger the device tasklet in the requeue function and let the normal
processing cleanup the request.
Signed-off-by: Stefan Haberland <sth@linux.vnet.ibm.com>
Reviewed-by: Jan Hoeppner <hoeppner@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/s390/block/dasd.c | 21 +++++++--------------
1 file changed, 7 insertions(+), 14 deletions(-)
--- a/drivers/s390/block/dasd.c
+++ b/drivers/s390/block/dasd.c
@@ -2596,8 +2596,6 @@ int dasd_cancel_req(struct dasd_ccw_req
case DASD_CQR_QUEUED:
/* request was not started - just set to cleared */
cqr->status = DASD_CQR_CLEARED;
- if (cqr->callback_data == DASD_SLEEPON_START_TAG)
- cqr->callback_data = DASD_SLEEPON_END_TAG;
break;
case DASD_CQR_IN_IO:
/* request in IO - terminate IO and release again */
@@ -3917,9 +3915,12 @@ static int dasd_generic_requeue_all_requ
wait_event(dasd_flush_wq,
(cqr->status != DASD_CQR_CLEAR_PENDING));
- /* mark sleepon requests as ended */
- if (cqr->callback_data == DASD_SLEEPON_START_TAG)
- cqr->callback_data = DASD_SLEEPON_END_TAG;
+ /*
+ * requeue requests to blocklayer will only work
+ * for block device requests
+ */
+ if (_dasd_requeue_request(cqr))
+ continue;
/* remove requests from device and block queue */
list_del_init(&cqr->devlist);
@@ -3932,13 +3933,6 @@ static int dasd_generic_requeue_all_requ
cqr = refers;
}
- /*
- * requeue requests to blocklayer will only work
- * for block device requests
- */
- if (_dasd_requeue_request(cqr))
- continue;
-
if (cqr->block)
list_del_init(&cqr->blocklist);
cqr->block->base->discipline->free_cp(
@@ -3955,8 +3949,7 @@ static int dasd_generic_requeue_all_requ
list_splice_tail(&requeue_queue, &device->ccw_queue);
spin_unlock_irq(get_ccwdev_lock(device->cdev));
}
- /* wake up generic waitqueue for eventually ended sleepon requests */
- wake_up(&generic_waitq);
+ dasd_schedule_device_bh(device);
return rc;
}
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 090/496] xfrm: do not call rcu_read_unlock when afinfo is NULL in xfrm_get_tos
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (80 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 089/496] s390/dasd: fix handling of internal requests Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 091/496] mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4 Greg Kroah-Hartman
` (387 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xin Long, Steffen Klassert, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Xin Long <lucien.xin@gmail.com>
[ Upstream commit 143a4454daaf0e80a2b9f37159a0d6d2b61e64ed ]
When xfrm_policy_get_afinfo returns NULL, it will not hold rcu
read lock. In this case, rcu_read_unlock should not be called
in xfrm_get_tos, just like other places where it's calling
xfrm_policy_get_afinfo.
Fixes: f5e2bb4f5b22 ("xfrm: policy: xfrm_get_tos cannot fail")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/xfrm/xfrm_policy.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -1459,10 +1459,13 @@ xfrm_tmpl_resolve(struct xfrm_policy **p
static int xfrm_get_tos(const struct flowi *fl, int family)
{
const struct xfrm_policy_afinfo *afinfo;
- int tos = 0;
+ int tos;
afinfo = xfrm_policy_get_afinfo(family);
- tos = afinfo ? afinfo->get_tos(fl) : 0;
+ if (!afinfo)
+ return 0;
+
+ tos = afinfo->get_tos(fl);
rcu_read_unlock();
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 091/496] mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (81 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 090/496] xfrm: do not call rcu_read_unlock when afinfo is NULL in xfrm_get_tos Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 092/496] mac80211: fix a possible leak of station stats Greg Kroah-Hartman
` (386 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Felix Fietkau, Johannes Berg, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Felix Fietkau <nbd@nbd.name>
[ Upstream commit 651b9920d7a694ffb1f885aef2bbb068a25d9d66 ]
This ensures that mac80211 allocated management frames are properly
aligned, which makes copying them more efficient.
For instance, mt76 uses iowrite32_copy to copy beacon frames to beacon
template memory on the chip.
Misaligned 32-bit accesses cause CPU exceptions on MIPS and should be
avoided.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/net/mac80211.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/include/net/mac80211.h
+++ b/include/net/mac80211.h
@@ -4141,7 +4141,7 @@ void ieee80211_sta_uapsd_trigger(struct
* The TX headroom reserved by mac80211 for its own tx_status functions.
* This is enough for the radiotap header.
*/
-#define IEEE80211_TX_STATUS_HEADROOM 14
+#define IEEE80211_TX_STATUS_HEADROOM ALIGN(14, 4)
/**
* ieee80211_sta_set_buffered - inform mac80211 about driver-buffered frames
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 092/496] mac80211: fix a possible leak of station stats
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (82 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 091/496] mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4 Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 093/496] mac80211: fix calling sleeping function in atomic context Greg Kroah-Hartman
` (385 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sara Sharon, Luca Coelho,
Johannes Berg, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sara Sharon <sara.sharon@intel.com>
[ Upstream commit d78d9ee9d40aca4781d2c5334972544601a4c3a2 ]
If sta_info_alloc fails after allocating the per CPU statistics,
they are not properly freed.
Fixes: c9c5962b56c1 ("mac80211: enable collecting station statistics per-CPU")
Signed-off-by: Sara Sharon <sara.sharon@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/mac80211/sta_info.c | 1 +
1 file changed, 1 insertion(+)
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -439,6 +439,7 @@ free_txq:
if (sta->sta.txq[0])
kfree(to_txq_info(sta->sta.txq[0]));
free:
+ free_percpu(sta->pcpu_rx_stats);
#ifdef CONFIG_MAC80211_MESH
kfree(sta->mesh);
#endif
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 093/496] mac80211: fix calling sleeping function in atomic context
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (83 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 092/496] mac80211: fix a possible leak of station stats Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:57 ` [PATCH 4.14 094/496] cfg80211: clear wep keys after disconnection Greg Kroah-Hartman
` (384 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sara Sharon, Luca Coelho,
Johannes Berg, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sara Sharon <sara.sharon@intel.com>
[ Upstream commit 95f3ce6a77893ac828ba841df44421620de4314b ]
sta_info_alloc can be called from atomic paths (such as RX path)
so we need to call pcpu_alloc with the correct gfp.
Fixes: c9c5962b56c1 ("mac80211: enable collecting station statistics per-CPU")
Signed-off-by: Sara Sharon <sara.sharon@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/mac80211/sta_info.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -314,7 +314,7 @@ struct sta_info *sta_info_alloc(struct i
if (ieee80211_hw_check(hw, USES_RSS)) {
sta->pcpu_rx_stats =
- alloc_percpu(struct ieee80211_sta_rx_stats);
+ alloc_percpu_gfp(struct ieee80211_sta_rx_stats, gfp);
if (!sta->pcpu_rx_stats)
goto free;
}
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 094/496] cfg80211: clear wep keys after disconnection
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (84 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 093/496] mac80211: fix calling sleeping function in atomic context Greg Kroah-Hartman
@ 2018-05-28 9:57 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 095/496] mac80211: Do not disconnect on invalid operating class Greg Kroah-Hartman
` (383 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Avraham Stern, Luca Coelho,
Johannes Berg, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Avraham Stern <avraham.stern@intel.com>
[ Upstream commit 3027a8e799b20fc922496a12f8ad2f9f36a8a696 ]
When a low level driver calls cfg80211_disconnected(), wep keys are
not cleared. As a result, following connection requests will fail
since cfg80211 internal state shows a connection is still in progress.
Fix this by clearing the wep keys when disconnecting.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/wireless/sme.c | 2 ++
1 file changed, 2 insertions(+)
--- a/net/wireless/sme.c
+++ b/net/wireless/sme.c
@@ -989,6 +989,8 @@ void __cfg80211_disconnected(struct net_
wdev->current_bss = NULL;
wdev->ssid_len = 0;
wdev->conn_owner_nlportid = 0;
+ kzfree(wdev->connect_keys);
+ wdev->connect_keys = NULL;
nl80211_send_disconnected(rdev, dev, reason, ie, ie_len, from_ap);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 095/496] mac80211: Do not disconnect on invalid operating class
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (85 preceding siblings ...)
2018-05-28 9:57 ` [PATCH 4.14 094/496] cfg80211: clear wep keys after disconnection Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 096/496] mac80211: Fix sending ADDBA response for an ongoing session Greg Kroah-Hartman
` (382 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ilan Peer, Luca Coelho,
Johannes Berg, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ilan Peer <ilan.peer@intel.com>
[ Upstream commit 191da271ac260700db3e5b4bb982a17ca78769d6 ]
Some APs include a non global operating class in their extended channel
switch information element. In such a case, as the operating class is not
known, mac80211 would decide to disconnect.
However the specification states that the operating class needs to be
taken from Annex E, but it does not specify from which table it should be
taken, so it is valid for an AP to use a non global operating class.
To avoid possibly unneeded disconnection, in such a case ignore the
operating class and assume that the current band is used, and if the
resulting channel and band configuration is invalid disconnect.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/mac80211/spectmgmt.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
--- a/net/mac80211/spectmgmt.c
+++ b/net/mac80211/spectmgmt.c
@@ -8,6 +8,7 @@
* Copyright 2007, Michael Wu <flamingice@sourmilk.net>
* Copyright 2007-2008, Intel Corporation
* Copyright 2008, Johannes Berg <johannes@sipsolutions.net>
+ * Copyright (C) 2018 Intel Corporation
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -27,7 +28,7 @@ int ieee80211_parse_ch_switch_ie(struct
u32 sta_flags, u8 *bssid,
struct ieee80211_csa_ie *csa_ie)
{
- enum nl80211_band new_band;
+ enum nl80211_band new_band = current_band;
int new_freq;
u8 new_chan_no;
struct ieee80211_channel *new_chan;
@@ -55,15 +56,13 @@ int ieee80211_parse_ch_switch_ie(struct
elems->ext_chansw_ie->new_operating_class,
&new_band)) {
sdata_info(sdata,
- "cannot understand ECSA IE operating class %d, disconnecting\n",
+ "cannot understand ECSA IE operating class, %d, ignoring\n",
elems->ext_chansw_ie->new_operating_class);
- return -EINVAL;
}
new_chan_no = elems->ext_chansw_ie->new_ch_num;
csa_ie->count = elems->ext_chansw_ie->count;
csa_ie->mode = elems->ext_chansw_ie->mode;
} else if (elems->ch_switch_ie) {
- new_band = current_band;
new_chan_no = elems->ch_switch_ie->new_ch_num;
csa_ie->count = elems->ch_switch_ie->count;
csa_ie->mode = elems->ch_switch_ie->mode;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 096/496] mac80211: Fix sending ADDBA response for an ongoing session
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (86 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 095/496] mac80211: Do not disconnect on invalid operating class Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 097/496] gpu: ipu-v3: pre: fix device node leak in ipu_pre_lookup_by_phandle Greg Kroah-Hartman
` (381 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ilan Peer, Luca Coelho,
Johannes Berg, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ilan Peer <ilan.peer@intel.com>
[ Upstream commit 3b07029729e347f288c70227cfe3c66b085d6b0b ]
In case an ADDBA request is received while there is already
an ongoing BA sessions with the same parameters, i.e., update
flow, an ADBBA response with decline status was sent twice. Fix it.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/mac80211/agg-rx.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
--- a/net/mac80211/agg-rx.c
+++ b/net/mac80211/agg-rx.c
@@ -8,6 +8,7 @@
* Copyright 2007, Michael Wu <flamingice@sourmilk.net>
* Copyright 2007-2010, Intel Corporation
* Copyright(c) 2015-2017 Intel Deutschland GmbH
+ * Copyright (C) 2018 Intel Corporation
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -322,9 +323,6 @@ void ___ieee80211_start_rx_ba_session(st
* driver so reject the timeout update.
*/
status = WLAN_STATUS_REQUEST_DECLINED;
- ieee80211_send_addba_resp(sta->sdata, sta->sta.addr,
- tid, dialog_token, status,
- 1, buf_size, timeout);
goto end;
}
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 097/496] gpu: ipu-v3: pre: fix device node leak in ipu_pre_lookup_by_phandle
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (87 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 096/496] mac80211: Fix sending ADDBA response for an ongoing session Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 098/496] gpu: ipu-v3: prg: fix device node leak in ipu_prg_lookup_by_phandle Greg Kroah-Hartman
` (380 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tobias Jordan, Philipp Zabel, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tobias Jordan <Tobias.Jordan@elektrobit.com>
[ Upstream commit c795f3052b60b01e80485fad98c53e5e67d093c9 ]
Before returning, call of_node_put() for the device node returned by
of_parse_phandle().
Fixes: d2a34232580a ("gpu: ipu-v3: add driver for Prefetch Resolve Engine")
Signed-off-by: Tobias Jordan <Tobias.Jordan@elektrobit.com>
Signed-off-by: Philipp Zabel <p.zabel@pengutronix.de>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/ipu-v3/ipu-pre.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/gpu/ipu-v3/ipu-pre.c
+++ b/drivers/gpu/ipu-v3/ipu-pre.c
@@ -125,11 +125,14 @@ ipu_pre_lookup_by_phandle(struct device
if (pre_node == pre->dev->of_node) {
mutex_unlock(&ipu_pre_list_mutex);
device_link_add(dev, pre->dev, DL_FLAG_AUTOREMOVE);
+ of_node_put(pre_node);
return pre;
}
}
mutex_unlock(&ipu_pre_list_mutex);
+ of_node_put(pre_node);
+
return NULL;
}
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 098/496] gpu: ipu-v3: prg: fix device node leak in ipu_prg_lookup_by_phandle
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (88 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 097/496] gpu: ipu-v3: pre: fix device node leak in ipu_pre_lookup_by_phandle Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 099/496] md raid10: fix NULL deference in handle_write_completed() Greg Kroah-Hartman
` (379 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tobias Jordan, Philipp Zabel, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tobias Jordan <Tobias.Jordan@elektrobit.com>
[ Upstream commit 3addaba8141bc6a4f649a48f46e552af32922147 ]
Before returning, call of_node_put() for the device node returned by
of_parse_phandle().
Fixes: ea9c260514c1 ("gpu: ipu-v3: add driver for Prefetch Resolve Gasket")
Signed-off-by: Tobias Jordan <Tobias.Jordan@elektrobit.com>
Signed-off-by: Philipp Zabel <p.zabel@pengutronix.de>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/ipu-v3/ipu-prg.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/gpu/ipu-v3/ipu-prg.c
+++ b/drivers/gpu/ipu-v3/ipu-prg.c
@@ -101,11 +101,14 @@ ipu_prg_lookup_by_phandle(struct device
mutex_unlock(&ipu_prg_list_mutex);
device_link_add(dev, prg->dev, DL_FLAG_AUTOREMOVE);
prg->id = ipu_id;
+ of_node_put(prg_node);
return prg;
}
}
mutex_unlock(&ipu_prg_list_mutex);
+ of_node_put(prg_node);
+
return NULL;
}
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 099/496] md raid10: fix NULL deference in handle_write_completed()
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (89 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 098/496] gpu: ipu-v3: prg: fix device node leak in ipu_prg_lookup_by_phandle Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 100/496] drm/exynos: g2d: use monotonic timestamps Greg Kroah-Hartman
` (378 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, NeilBrown, Yufen Yu, Shaohua Li, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yufen Yu <yuyufen@huawei.com>
[ Upstream commit 01a69cab01c184d3786af09e9339311123d63d22 ]
In the case of 'recover', an r10bio with R10BIO_WriteError &
R10BIO_IsRecover will be progressed by handle_write_completed().
This function traverses all r10bio->devs[copies].
If devs[m].repl_bio != NULL, it thinks conf->mirrors[dev].replacement
is also not NULL. However, this is not always true.
When there is an rdev of raid10 has replacement, then each r10bio
->devs[m].repl_bio != NULL in conf->r10buf_pool. However, in 'recover',
even if corresponded replacement is NULL, it doesn't clear r10bio
->devs[m].repl_bio, resulting in replacement NULL deference.
This bug was introduced when replacement support for raid10 was
added in Linux 3.3.
As NeilBrown suggested:
Elsewhere the determination of "is this device part of the
resync/recovery" is made by resting bio->bi_end_io.
If this is end_sync_write, then we tried to write here.
If it is NULL, then we didn't try to write.
Fixes: 9ad1aefc8ae8 ("md/raid10: Handle replacement devices during resync.")
Cc: stable (V3.3+)
Suggested-by: NeilBrown <neilb@suse.com>
Signed-off-by: Yufen Yu <yuyufen@huawei.com>
Signed-off-by: Shaohua Li <sh.li@alibaba-inc.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/raid10.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/drivers/md/raid10.c
+++ b/drivers/md/raid10.c
@@ -2625,7 +2625,8 @@ static void handle_write_completed(struc
for (m = 0; m < conf->copies; m++) {
int dev = r10_bio->devs[m].devnum;
rdev = conf->mirrors[dev].rdev;
- if (r10_bio->devs[m].bio == NULL)
+ if (r10_bio->devs[m].bio == NULL ||
+ r10_bio->devs[m].bio->bi_end_io == NULL)
continue;
if (!r10_bio->devs[m].bio->bi_status) {
rdev_clear_badblocks(
@@ -2640,7 +2641,8 @@ static void handle_write_completed(struc
md_error(conf->mddev, rdev);
}
rdev = conf->mirrors[dev].replacement;
- if (r10_bio->devs[m].repl_bio == NULL)
+ if (r10_bio->devs[m].repl_bio == NULL ||
+ r10_bio->devs[m].repl_bio->bi_end_io == NULL)
continue;
if (!r10_bio->devs[m].repl_bio->bi_status) {
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 100/496] drm/exynos: g2d: use monotonic timestamps
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (90 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 099/496] md raid10: fix NULL deference in handle_write_completed() Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 101/496] drm/exynos: fix comparison to bitshift when dealing with a mask Greg Kroah-Hartman
` (377 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tobias Jakobi, Arnd Bergmann,
Inki Dae, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arnd Bergmann <arnd@arndb.de>
[ Upstream commit a588a8bb7b25a3fb4f7fed00feb7aec541fc2632 ]
The exynos DRM driver uses real-time 'struct timeval' values
for exporting its timestamps to user space. This has multiple
problems:
1. signed seconds overflow in y2038
2. the 'struct timeval' definition is deprecated in the kernel
3. time may jump or go backwards after a 'settimeofday()' syscall
4. other DRM timestamps are in CLOCK_MONOTONIC domain, so they
can't be compared
5. exporting microseconds requires a division by 1000, which may
be slow on some architectures.
The code existed in two places before, but the IPP portion was
removed in 8ded59413ccc ("drm/exynos: ipp: Remove Exynos DRM
IPP subsystem"), so we no longer need to worry about it.
Ideally timestamps should just use 64-bit nanoseconds instead, but
of course we can't change that now. Instead, this tries to address
the first four points above by using monotonic 'timespec' values.
According to Tobias Jakobi, user space doesn't care about the
timestamp at the moment, so we can change the format. Even if
there is something looking at them, it will work just fine with
monotonic times as long as the application only looks at the
relative values between two events.
Link: https://patchwork.kernel.org/patch/10038593/
Cc: Tobias Jakobi <tjakobi@math.uni-bielefeld.de>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Tobias Jakobi <tjakobi@math.uni-bielefeld.de>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/exynos/exynos_drm_g2d.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/gpu/drm/exynos/exynos_drm_g2d.c
+++ b/drivers/gpu/drm/exynos/exynos_drm_g2d.c
@@ -926,7 +926,7 @@ static void g2d_finish_event(struct g2d_
struct drm_device *drm_dev = g2d->subdrv.drm_dev;
struct g2d_runqueue_node *runqueue_node = g2d->runqueue_node;
struct drm_exynos_pending_g2d_event *e;
- struct timeval now;
+ struct timespec64 now;
if (list_empty(&runqueue_node->event_list))
return;
@@ -934,9 +934,9 @@ static void g2d_finish_event(struct g2d_
e = list_first_entry(&runqueue_node->event_list,
struct drm_exynos_pending_g2d_event, base.link);
- do_gettimeofday(&now);
+ ktime_get_ts64(&now);
e->event.tv_sec = now.tv_sec;
- e->event.tv_usec = now.tv_usec;
+ e->event.tv_usec = now.tv_nsec / NSEC_PER_USEC;
e->event.cmdlist_no = cmdlist_no;
drm_send_event(drm_dev, &e->base);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 101/496] drm/exynos: fix comparison to bitshift when dealing with a mask
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (91 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 100/496] drm/exynos: g2d: use monotonic timestamps Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 102/496] drm/exynos: g2d: Delete an error message for a failed memory allocation in two functions Greg Kroah-Hartman
` (376 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wolfram Sang, Inki Dae, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Wolfram Sang <wsa+renesas@sang-engineering.com>
[ Upstream commit 1293b6191010672c0c9dacae8f71c6f3e4d70cbe ]
Due to a typo, the mask was destroyed by a comparison instead of a bit
shift.
Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/exynos/regs-fimc.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/gpu/drm/exynos/regs-fimc.h
+++ b/drivers/gpu/drm/exynos/regs-fimc.h
@@ -569,7 +569,7 @@
#define EXYNOS_CIIMGEFF_FIN_EMBOSSING (4 << 26)
#define EXYNOS_CIIMGEFF_FIN_SILHOUETTE (5 << 26)
#define EXYNOS_CIIMGEFF_FIN_MASK (7 << 26)
-#define EXYNOS_CIIMGEFF_PAT_CBCR_MASK ((0xff < 13) | (0xff < 0))
+#define EXYNOS_CIIMGEFF_PAT_CBCR_MASK ((0xff << 13) | (0xff << 0))
/* Real input DMA size register */
#define EXYNOS_CIREAL_ISIZE_AUTOLOAD_ENABLE (1 << 31)
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 102/496] drm/exynos: g2d: Delete an error message for a failed memory allocation in two functions
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (92 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 101/496] drm/exynos: fix comparison to bitshift when dealing with a mask Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 15:24 ` Joe Perches
2018-05-28 9:58 ` [PATCH 4.14 103/496] drm/meson: fix vsync buffer update Greg Kroah-Hartman
` (375 subsequent siblings)
469 siblings, 1 reply; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Markus Elfring, Inki Dae, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Markus Elfring <elfring@users.sourceforge.net>
[ Upstream commit 6f0a60298bbbea43ab5e3955913ab19c153076f3 ]
Omit an extra message for a memory allocation failure in these functions.
This issue was detected by using the Coccinelle software.
Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/exynos/exynos_drm_g2d.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
--- a/drivers/gpu/drm/exynos/exynos_drm_g2d.c
+++ b/drivers/gpu/drm/exynos/exynos_drm_g2d.c
@@ -286,7 +286,6 @@ static int g2d_init_cmdlist(struct g2d_d
node = kcalloc(G2D_CMDLIST_NUM, sizeof(*node), GFP_KERNEL);
if (!node) {
- dev_err(dev, "failed to allocate memory\n");
ret = -ENOMEM;
goto err;
}
@@ -1358,10 +1357,9 @@ int exynos_g2d_exec_ioctl(struct drm_dev
return -EFAULT;
runqueue_node = kmem_cache_alloc(g2d->runqueue_slab, GFP_KERNEL);
- if (!runqueue_node) {
- dev_err(dev, "failed to allocate memory\n");
+ if (!runqueue_node)
return -ENOMEM;
- }
+
run_cmdlist = &runqueue_node->run_cmdlist;
event_list = &runqueue_node->event_list;
INIT_LIST_HEAD(run_cmdlist);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 103/496] drm/meson: fix vsync buffer update
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (93 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 102/496] drm/exynos: g2d: Delete an error message for a failed memory allocation in two functions Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 104/496] arm64: perf: correct PMUVer probing Greg Kroah-Hartman
` (374 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michal Lazo, Neil Armstrong,
Daniel Vetter, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Neil Armstrong <narmstrong@baylibre.com>
[ Upstream commit e88230a3744a71a0b5ecfb45e08ddfe1c884e50d ]
The plane buffer address/stride/height was incorrectly updated in the
plane_atomic_update operation instead of the vsync irq.
This patch delays this operation in the vsync irq along with the
other plane delayed setup.
This issue was masked using legacy framebuffer and X11 modesetting, but
is clearly visible using gbm rendering when buffer is submitted late after
vblank, like using software decoding and OpenGL rendering in Kodi.
With this patch, tearing and other artifacts disappears completely.
Cc: Michal Lazo <michal.lazo@gmail.com>
Fixes: bbbe775ec5b5 ("drm: Add support for Amlogic Meson Graphic Controller")
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Acked-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: https://patchwork.freedesktop.org/patch/msgid/1518689976-23292-1-git-send-email-narmstrong@baylibre.com
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/meson/meson_crtc.c | 6 ++++++
drivers/gpu/drm/meson/meson_drv.h | 3 +++
drivers/gpu/drm/meson/meson_plane.c | 7 +++----
3 files changed, 12 insertions(+), 4 deletions(-)
--- a/drivers/gpu/drm/meson/meson_crtc.c
+++ b/drivers/gpu/drm/meson/meson_crtc.c
@@ -36,6 +36,7 @@
#include "meson_venc.h"
#include "meson_vpp.h"
#include "meson_viu.h"
+#include "meson_canvas.h"
#include "meson_registers.h"
/* CRTC definition */
@@ -192,6 +193,11 @@ void meson_crtc_irq(struct meson_drm *pr
} else
meson_vpp_disable_interlace_vscaler_osd1(priv);
+ meson_canvas_setup(priv, MESON_CANVAS_ID_OSD1,
+ priv->viu.osd1_addr, priv->viu.osd1_stride,
+ priv->viu.osd1_height, MESON_CANVAS_WRAP_NONE,
+ MESON_CANVAS_BLKMODE_LINEAR);
+
/* Enable OSD1 */
writel_bits_relaxed(VPP_OSD1_POSTBLEND, VPP_OSD1_POSTBLEND,
priv->io_base + _REG(VPP_MISC));
--- a/drivers/gpu/drm/meson/meson_drv.h
+++ b/drivers/gpu/drm/meson/meson_drv.h
@@ -43,6 +43,9 @@ struct meson_drm {
bool osd1_commit;
uint32_t osd1_ctrl_stat;
uint32_t osd1_blk0_cfg[5];
+ uint32_t osd1_addr;
+ uint32_t osd1_stride;
+ uint32_t osd1_height;
} viu;
struct {
--- a/drivers/gpu/drm/meson/meson_plane.c
+++ b/drivers/gpu/drm/meson/meson_plane.c
@@ -164,10 +164,9 @@ static void meson_plane_atomic_update(st
/* Update Canvas with buffer address */
gem = drm_fb_cma_get_gem_obj(fb, 0);
- meson_canvas_setup(priv, MESON_CANVAS_ID_OSD1,
- gem->paddr, fb->pitches[0],
- fb->height, MESON_CANVAS_WRAP_NONE,
- MESON_CANVAS_BLKMODE_LINEAR);
+ priv->viu.osd1_addr = gem->paddr;
+ priv->viu.osd1_stride = fb->pitches[0];
+ priv->viu.osd1_height = fb->height;
spin_unlock_irqrestore(&priv->drm->event_lock, flags);
}
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 104/496] arm64: perf: correct PMUVer probing
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (94 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 103/496] drm/meson: fix vsync buffer update Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 105/496] RDMA/bnxt_re: Unpin SQ and RQ memory if QP create fails Greg Kroah-Hartman
` (373 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mark Rutland, Robin Murphy,
Will Deacon, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mark Rutland <mark.rutland@arm.com>
[ Upstream commit 0331365edb1d6ccd6ae68b1038111da85d4c68d1 ]
The ID_AA64DFR0_EL1.PMUVer field doesn't follow the usual ID registers
scheme. While value 0xf indicates a non-architected PMU is implemented,
values 0x1 to 0xe indicate an increasingly featureful architected PMU,
as if the field were unsigned.
For more details, see ARM DDI 0487C.a, D10.1.4, "Alternative ID scheme
used for the Performance Monitors Extension version".
Currently, we treat the field as signed, and erroneously bail out for
values 0x8 to 0xe. Let's correct that.
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Reviewed-by: Robin Murphy <robin.murphy@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/kernel/perf_event.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/arch/arm64/kernel/perf_event.c
+++ b/arch/arm64/kernel/perf_event.c
@@ -914,9 +914,9 @@ static void __armv8pmu_probe_pmu(void *i
int pmuver;
dfr0 = read_sysreg(id_aa64dfr0_el1);
- pmuver = cpuid_feature_extract_signed_field(dfr0,
+ pmuver = cpuid_feature_extract_unsigned_field(dfr0,
ID_AA64DFR0_PMUVER_SHIFT);
- if (pmuver < 1)
+ if (pmuver == 0xf || pmuver == 0)
return;
probe->present = true;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 105/496] RDMA/bnxt_re: Unpin SQ and RQ memory if QP create fails
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (95 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 104/496] arm64: perf: correct PMUVer probing Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 106/496] RDMA/bnxt_re: Fix system crash during load/unload Greg Kroah-Hartman
` (372 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Devesh Sharma, Selvin Xavier,
Doug Ledford, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Devesh Sharma <devesh.sharma@broadcom.com>
[ Upstream commit 6b4521f5174c26020ae0deb3ef7f2c28557cf445 ]
Driver leaves the QP memory pinned if QP create command
fails from the FW. Avoids this scenario by adding a proper
exit path if the FW command fails.
Signed-off-by: Devesh Sharma <devesh.sharma@broadcom.com>
Signed-off-by: Selvin Xavier <selvin.xavier@broadcom.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/hw/bnxt_re/ib_verbs.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
--- a/drivers/infiniband/hw/bnxt_re/ib_verbs.c
+++ b/drivers/infiniband/hw/bnxt_re/ib_verbs.c
@@ -1180,7 +1180,7 @@ struct ib_qp *bnxt_re_create_qp(struct i
rc = bnxt_qplib_create_qp(&rdev->qplib_res, &qp->qplib_qp);
if (rc) {
dev_err(rdev_to_dev(rdev), "Failed to create HW QP");
- goto fail;
+ goto free_umem;
}
}
@@ -1208,6 +1208,13 @@ struct ib_qp *bnxt_re_create_qp(struct i
return &qp->ib_qp;
qp_destroy:
bnxt_qplib_destroy_qp(&rdev->qplib_res, &qp->qplib_qp);
+free_umem:
+ if (udata) {
+ if (qp->rumem)
+ ib_umem_release(qp->rumem);
+ if (qp->sumem)
+ ib_umem_release(qp->sumem);
+ }
fail:
kfree(qp);
return ERR_PTR(rc);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 106/496] RDMA/bnxt_re: Fix system crash during load/unload
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (96 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 105/496] RDMA/bnxt_re: Unpin SQ and RQ memory if QP create fails Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 107/496] ibmvnic: Check for NULL skbs in NAPI poll routine Greg Kroah-Hartman
` (371 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Selvin Xavier, Doug Ledford, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Selvin Xavier <selvin.xavier@broadcom.com>
[ Upstream commit dcdaba08062b4726500b9456f8664bfda896c664 ]
During driver unload, the driver proceeds with cleanup
without waiting for the scheduled events. So the device
pointers get freed up and driver crashes when the events
are scheduled later.
Flush the bnxt_re_task work queue before starting
device removal.
Signed-off-by: Selvin Xavier <selvin.xavier@broadcom.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/hw/bnxt_re/main.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/infiniband/hw/bnxt_re/main.c
+++ b/drivers/infiniband/hw/bnxt_re/main.c
@@ -1398,6 +1398,11 @@ static void __exit bnxt_re_mod_exit(void
list_for_each_entry(rdev, &to_be_deleted, list) {
dev_info(rdev_to_dev(rdev), "Unregistering Device");
+ /*
+ * Flush out any scheduled tasks before destroying the
+ * resources
+ */
+ flush_workqueue(bnxt_re_wq);
bnxt_re_dev_stop(rdev);
bnxt_re_ib_unreg(rdev, true);
bnxt_re_remove_one(rdev);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 107/496] ibmvnic: Check for NULL skbs in NAPI poll routine
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (97 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 106/496] RDMA/bnxt_re: Fix system crash during load/unload Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 108/496] net/mlx5e: Return error if prio is specified when offloading eswitch vlan push Greg Kroah-Hartman
` (370 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thomas Falcon, David S. Miller, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Falcon <tlfalcon@linux.vnet.ibm.com>
[ Upstream commit abe27a885d9e6575e663a16176dabc58ce9d7188 ]
After introduction of commit d0869c0071e4, there were some instances of
RX queue entries from a previous session (before the device was closed
and reopened) returned to the NAPI polling routine. Since the corresponding
socket buffers were freed, this resulted in a panic on reopen. Include
a check for a NULL skb here to avoid this.
Fixes: d0869c0071e4 ("ibmvnic: Clean RX pool buffers during device close")
Signed-off-by: Thomas Falcon <tlfalcon@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/ibm/ibmvnic.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/net/ethernet/ibm/ibmvnic.c
+++ b/drivers/net/ethernet/ibm/ibmvnic.c
@@ -1668,6 +1668,11 @@ restart_poll:
dev_kfree_skb_any(rx_buff->skb);
remove_buff_from_pool(adapter, rx_buff);
continue;
+ } else if (!rx_buff->skb) {
+ /* free the entry */
+ next->rx_comp.first = 0;
+ remove_buff_from_pool(adapter, rx_buff);
+ continue;
}
length = be32_to_cpu(next->rx_comp.len);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 108/496] net/mlx5e: Return error if prio is specified when offloading eswitch vlan push
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (98 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 107/496] ibmvnic: Check for NULL skbs in NAPI poll routine Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 109/496] locking/xchg/alpha: Add unconditional memory barrier to cmpxchg() Greg Kroah-Hartman
` (369 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Or Gerlitz, Mark Bloch,
Saeed Mahameed, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Or Gerlitz <ogerlitz@mellanox.com>
[ Upstream commit 001a2fc0c8cc29241305e44ffbce52d1daf8782b ]
This isn't supported when we emulate eswitch vlan push action which
is the current state of things.
Fixes: 8b32580df1cb ('net/mlx5e: Add TC vlan action for SRIOV offloads')
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Reviewed-by: Mark Bloch <markb@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
@@ -2018,7 +2018,8 @@ static int parse_tc_fdb_actions(struct m
if (tcf_vlan_action(a) == TCA_VLAN_ACT_POP) {
attr->action |= MLX5_FLOW_CONTEXT_ACTION_VLAN_POP;
} else if (tcf_vlan_action(a) == TCA_VLAN_ACT_PUSH) {
- if (tcf_vlan_push_proto(a) != htons(ETH_P_8021Q))
+ if (tcf_vlan_push_proto(a) != htons(ETH_P_8021Q) ||
+ tcf_vlan_push_prio(a))
return -EOPNOTSUPP;
attr->action |= MLX5_FLOW_CONTEXT_ACTION_VLAN_PUSH;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 109/496] locking/xchg/alpha: Add unconditional memory barrier to cmpxchg()
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (99 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 108/496] net/mlx5e: Return error if prio is specified when offloading eswitch vlan push Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 110/496] md: raid5: avoid string overflow warning Greg Kroah-Hartman
` (368 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andrea Parri, Peter Zijlstra,
Paul E. McKenney, Alan Stern, Ivan Kokshaysky, Linus Torvalds,
Matt Turner, Richard Henderson, Thomas Gleixner, Will Deacon,
linux-alpha, Ingo Molnar, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andrea Parri <parri.andrea@gmail.com>
[ Upstream commit cb13b424e986aed68d74cbaec3449ea23c50e167 ]
Continuing along with the fight against smp_read_barrier_depends() [1]
(or rather, against its improper use), add an unconditional barrier to
cmpxchg. This guarantees that dependency ordering is preserved when a
dependency is headed by an unsuccessful cmpxchg. As it turns out, the
change could enable further simplification of LKMM as proposed in [2].
[1] https://marc.info/?l=linux-kernel&m=150884953419377&w=2
https://marc.info/?l=linux-kernel&m=150884946319353&w=2
https://marc.info/?l=linux-kernel&m=151215810824468&w=2
https://marc.info/?l=linux-kernel&m=151215816324484&w=2
[2] https://marc.info/?l=linux-kernel&m=151881978314872&w=2
Signed-off-by: Andrea Parri <parri.andrea@gmail.com>
Acked-by: Peter Zijlstra <peterz@infradead.org>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Cc: Alan Stern <stern@rowland.harvard.edu>
Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Matt Turner <mattst88@gmail.com>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Will Deacon <will.deacon@arm.com>
Cc: linux-alpha@vger.kernel.org
Link: http://lkml.kernel.org/r/1519152356-4804-1-git-send-email-parri.andrea@gmail.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/alpha/include/asm/xchg.h | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
--- a/arch/alpha/include/asm/xchg.h
+++ b/arch/alpha/include/asm/xchg.h
@@ -128,10 +128,9 @@ ____xchg(, volatile void *ptr, unsigned
* store NEW in MEM. Return the initial value in MEM. Success is
* indicated by comparing RETURN with OLD.
*
- * The memory barrier should be placed in SMP only when we actually
- * make the change. If we don't change anything (so if the returned
- * prev is equal to old) then we aren't acquiring anything new and
- * we don't need any memory barrier as far I can tell.
+ * The memory barrier is placed in SMP unconditionally, in order to
+ * guarantee that dependency ordering is preserved when a dependency
+ * is headed by an unsuccessful operation.
*/
static inline unsigned long
@@ -150,8 +149,8 @@ ____cmpxchg(_u8, volatile char *m, unsig
" or %1,%2,%2\n"
" stq_c %2,0(%4)\n"
" beq %2,3f\n"
- __ASM__MB
"2:\n"
+ __ASM__MB
".subsection 2\n"
"3: br 1b\n"
".previous"
@@ -177,8 +176,8 @@ ____cmpxchg(_u16, volatile short *m, uns
" or %1,%2,%2\n"
" stq_c %2,0(%4)\n"
" beq %2,3f\n"
- __ASM__MB
"2:\n"
+ __ASM__MB
".subsection 2\n"
"3: br 1b\n"
".previous"
@@ -200,8 +199,8 @@ ____cmpxchg(_u32, volatile int *m, int o
" mov %4,%1\n"
" stl_c %1,%2\n"
" beq %1,3f\n"
- __ASM__MB
"2:\n"
+ __ASM__MB
".subsection 2\n"
"3: br 1b\n"
".previous"
@@ -223,8 +222,8 @@ ____cmpxchg(_u64, volatile long *m, unsi
" mov %4,%1\n"
" stq_c %1,%2\n"
" beq %1,3f\n"
- __ASM__MB
"2:\n"
+ __ASM__MB
".subsection 2\n"
"3: br 1b\n"
".previous"
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 110/496] md: raid5: avoid string overflow warning
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (100 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 109/496] locking/xchg/alpha: Add unconditional memory barrier to cmpxchg() Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 111/496] virtio_net: fix XDP code path in receive_small() Greg Kroah-Hartman
` (367 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Shaohua Li, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arnd Bergmann <arnd@arndb.de>
[ Upstream commit 53b8d89ddbdbb0e4625a46d2cdbb6f106c52f801 ]
gcc warns about a possible overflow of the kmem_cache string, when adding
four characters to a string of the same length:
drivers/md/raid5.c: In function 'setup_conf':
drivers/md/raid5.c:2207:34: error: '-alt' directive writing 4 bytes into a region of size between 1 and 32 [-Werror=format-overflow=]
sprintf(conf->cache_name[1], "%s-alt", conf->cache_name[0]);
^~~~
drivers/md/raid5.c:2207:2: note: 'sprintf' output between 5 and 36 bytes into a destination of size 32
sprintf(conf->cache_name[1], "%s-alt", conf->cache_name[0]);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If I'm counting correctly, we need 11 characters for the fixed part
of the string and 18 characters for a 64-bit pointer (when no gendisk
is used), so that leaves three characters for conf->level, which should
always be sufficient.
This makes the code use snprintf() with the correct length, to
make the code more robust against changes, and to get the compiler
to shut up.
In commit f4be6b43f1ac ("md/raid5: ensure we create a unique name for
kmem_cache when mddev has no gendisk") from 2010, Neil said that
the pointer could be removed "shortly" once devices without gendisk
are disallowed. I have no idea if that happened, but if it did, that
should probably be changed as well.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Shaohua Li <sh.li@alibaba-inc.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/raid5.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
--- a/drivers/md/raid5.c
+++ b/drivers/md/raid5.c
@@ -2197,15 +2197,16 @@ static int grow_one_stripe(struct r5conf
static int grow_stripes(struct r5conf *conf, int num)
{
struct kmem_cache *sc;
+ size_t namelen = sizeof(conf->cache_name[0]);
int devs = max(conf->raid_disks, conf->previous_raid_disks);
if (conf->mddev->gendisk)
- sprintf(conf->cache_name[0],
+ snprintf(conf->cache_name[0], namelen,
"raid%d-%s", conf->level, mdname(conf->mddev));
else
- sprintf(conf->cache_name[0],
+ snprintf(conf->cache_name[0], namelen,
"raid%d-%p", conf->level, conf->mddev);
- sprintf(conf->cache_name[1], "%s-alt", conf->cache_name[0]);
+ snprintf(conf->cache_name[1], namelen, "%.27s-alt", conf->cache_name[0]);
conf->active_name = 0;
sc = kmem_cache_create(conf->cache_name[conf->active_name],
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 111/496] virtio_net: fix XDP code path in receive_small()
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (101 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 110/496] md: raid5: avoid string overflow warning Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 112/496] kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE Greg Kroah-Hartman
` (366 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jesper Dangaard Brouer,
John Fastabend, David S. Miller, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jesper Dangaard Brouer <brouer@redhat.com>
[ Upstream commit 95dbe9e7b3720efa5cf83d21f44f6d953f7cf4a2 ]
When configuring virtio_net to use the code path 'receive_small()',
in-order to get correct XDP_REDIRECT support, I discovered TCP packets
would get silently dropped when loading an XDP program action XDP_PASS.
The bug seems to be that receive_small() when XDP is loaded check that
hdr->hdr.flags is zero, which seems wrong as hdr.flags contains the
flags VIRTIO_NET_HDR_F_* :
#define VIRTIO_NET_HDR_F_NEEDS_CSUM 1 /* Use csum_start, csum_offset */
#define VIRTIO_NET_HDR_F_DATA_VALID 2 /* Csum is valid */
TCP got dropped as it had the VIRTIO_NET_HDR_F_DATA_VALID flag set.
The flags that are relevant here are the VIRTIO_NET_HDR_GSO_* flags
stored in hdr->hdr.gso_type. Thus, the fix is just check that none of
the gso_type flags have been set.
Fixes: bb91accf2733 ("virtio-net: XDP support for small buffers")
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/virtio_net.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/virtio_net.c
+++ b/drivers/net/virtio_net.c
@@ -513,7 +513,7 @@ static struct sk_buff *receive_small(str
void *orig_data;
u32 act;
- if (unlikely(hdr->hdr.gso_type || hdr->hdr.flags))
+ if (unlikely(hdr->hdr.gso_type))
goto err_xdp;
if (unlikely(xdp_headroom < virtnet_get_headroom(vi))) {
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 112/496] kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (102 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 111/496] virtio_net: fix XDP code path in receive_small() Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 113/496] bug.h: work around GCC PR82365 in BUG() Greg Kroah-Hartman
` (365 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David Rientjes, Andrew Morton,
Jens Axboe, Dave Jiang, Al Viro, Dan Carpenter, Linus Torvalds,
Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Rientjes <rientjes@google.com>
[ Upstream commit 88913bd8ea2a75d7e460a4bed5f75e1c32660d7e ]
chan->n_subbufs is set by the user and relay_create_buf() does a kmalloc()
of chan->n_subbufs * sizeof(size_t *).
kmalloc_slab() will generate a warning when this fails if
chan->subbufs * sizeof(size_t *) > KMALLOC_MAX_SIZE.
Limit chan->n_subbufs to the maximum allowed kmalloc() size.
Link: http://lkml.kernel.org/r/alpine.DEB.2.10.1802061216100.122576@chino.kir.corp.google.com
Fixes: f6302f1bcd75 ("relay: prevent integer overflow in relay_open()")
Signed-off-by: David Rientjes <rientjes@google.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Dave Jiang <dave.jiang@intel.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/relay.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/kernel/relay.c
+++ b/kernel/relay.c
@@ -163,7 +163,7 @@ static struct rchan_buf *relay_create_bu
{
struct rchan_buf *buf;
- if (chan->n_subbufs > UINT_MAX / sizeof(size_t *))
+ if (chan->n_subbufs > KMALLOC_MAX_SIZE / sizeof(size_t *))
return NULL;
buf = kzalloc(sizeof(struct rchan_buf), GFP_KERNEL);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 113/496] bug.h: work around GCC PR82365 in BUG()
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (103 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 112/496] kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 115/496] seccomp: add a selftest for get_metadata Greg Kroah-Hartman
` (364 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Mikael Starvik,
Jesper Nilsson, Tony Luck, Fenghua Yu, Geert Uytterhoeven,
David S. Miller, Christopher Li, Thomas Gleixner, Peter Zijlstra,
Kees Cook, Ingo Molnar, Josh Poimboeuf, Will Deacon,
Steven Rostedt (VMware),
Mark Rutland, Andrew Morton, Linus Torvalds, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arnd Bergmann <arnd@arndb.de>
[ Upstream commit 173a3efd3edb2ef6ef07471397c5f542a360e9c1 ]
Looking at functions with large stack frames across all architectures
led me discovering that BUG() suffers from the same problem as
fortify_panic(), which I've added a workaround for already.
In short, variables that go out of scope by calling a noreturn function
or __builtin_unreachable() keep using stack space in functions
afterwards.
A workaround that was identified is to insert an empty assembler
statement just before calling the function that doesn't return. I'm
adding a macro "barrier_before_unreachable()" to document this, and
insert calls to that in all instances of BUG() that currently suffer
from this problem.
The files that saw the largest change from this had these frame sizes
before, and much less with my patch:
fs/ext4/inode.c:82:1: warning: the frame size of 1672 bytes is larger than 800 bytes [-Wframe-larger-than=]
fs/ext4/namei.c:434:1: warning: the frame size of 904 bytes is larger than 800 bytes [-Wframe-larger-than=]
fs/ext4/super.c:2279:1: warning: the frame size of 1160 bytes is larger than 800 bytes [-Wframe-larger-than=]
fs/ext4/xattr.c:146:1: warning: the frame size of 1168 bytes is larger than 800 bytes [-Wframe-larger-than=]
fs/f2fs/inode.c:152:1: warning: the frame size of 1424 bytes is larger than 800 bytes [-Wframe-larger-than=]
net/netfilter/ipvs/ip_vs_core.c:1195:1: warning: the frame size of 1068 bytes is larger than 800 bytes [-Wframe-larger-than=]
net/netfilter/ipvs/ip_vs_core.c:395:1: warning: the frame size of 1084 bytes is larger than 800 bytes [-Wframe-larger-than=]
net/netfilter/ipvs/ip_vs_ftp.c:298:1: warning: the frame size of 928 bytes is larger than 800 bytes [-Wframe-larger-than=]
net/netfilter/ipvs/ip_vs_ftp.c:418:1: warning: the frame size of 908 bytes is larger than 800 bytes [-Wframe-larger-than=]
net/netfilter/ipvs/ip_vs_lblcr.c:718:1: warning: the frame size of 960 bytes is larger than 800 bytes [-Wframe-larger-than=]
drivers/net/xen-netback/netback.c:1500:1: warning: the frame size of 1088 bytes is larger than 800 bytes [-Wframe-larger-than=]
In case of ARC and CRIS, it turns out that the BUG() implementation
actually does return (or at least the compiler thinks it does),
resulting in lots of warnings about uninitialized variable use and
leaving noreturn functions, such as:
block/cfq-iosched.c: In function 'cfq_async_queue_prio':
block/cfq-iosched.c:3804:1: error: control reaches end of non-void function [-Werror=return-type]
include/linux/dmaengine.h: In function 'dma_maxpq':
include/linux/dmaengine.h:1123:1: error: control reaches end of non-void function [-Werror=return-type]
This makes them call __builtin_trap() instead, which should normally
dump the stack and kill the current process, like some of the other
architectures already do.
I tried adding barrier_before_unreachable() to panic() and
fortify_panic() as well, but that had very little effect, so I'm not
submitting that patch.
Vineet said:
: For ARC, it is double win.
:
: 1. Fixes 3 -Wreturn-type warnings
:
: | ../net/core/ethtool.c:311:1: warning: control reaches end of non-void function
: [-Wreturn-type]
: | ../kernel/sched/core.c:3246:1: warning: control reaches end of non-void function
: [-Wreturn-type]
: | ../include/linux/sunrpc/svc_xprt.h:180:1: warning: control reaches end of
: non-void function [-Wreturn-type]
:
: 2. bloat-o-meter reports code size improvements as gcc elides the
: generated code for stack return.
Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82365
Link: http://lkml.kernel.org/r/20171219114112.939391-1-arnd@arndb.de
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Vineet Gupta <vgupta@synopsys.com> [arch/arc]
Tested-by: Vineet Gupta <vgupta@synopsys.com> [arch/arc]
Cc: Mikael Starvik <starvik@axis.com>
Cc: Jesper Nilsson <jesper.nilsson@axis.com>
Cc: Tony Luck <tony.luck@intel.com>
Cc: Fenghua Yu <fenghua.yu@intel.com>
Cc: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Christopher Li <sparse@chrisli.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Kees Cook <keescook@chromium.org>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: "Steven Rostedt (VMware)" <rostedt@goodmis.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arc/include/asm/bug.h | 3 ++-
arch/cris/include/arch-v10/arch/bug.h | 11 +++++++++--
arch/ia64/include/asm/bug.h | 6 +++++-
arch/m68k/include/asm/bug.h | 3 +++
arch/sparc/include/asm/bug.h | 6 +++++-
include/asm-generic/bug.h | 1 +
include/linux/compiler-gcc.h | 15 ++++++++++++++-
include/linux/compiler.h | 5 +++++
8 files changed, 44 insertions(+), 6 deletions(-)
--- a/arch/arc/include/asm/bug.h
+++ b/arch/arc/include/asm/bug.h
@@ -23,7 +23,8 @@ void die(const char *str, struct pt_regs
#define BUG() do { \
pr_warn("BUG: failure at %s:%d/%s()!\n", __FILE__, __LINE__, __func__); \
- dump_stack(); \
+ barrier_before_unreachable(); \
+ __builtin_trap(); \
} while (0)
#define HAVE_ARCH_BUG
--- a/arch/cris/include/arch-v10/arch/bug.h
+++ b/arch/cris/include/arch-v10/arch/bug.h
@@ -44,18 +44,25 @@ struct bug_frame {
* not be used like this with newer versions of gcc.
*/
#define BUG() \
+do { \
__asm__ __volatile__ ("clear.d [" __stringify(BUG_MAGIC) "]\n\t"\
"movu.w " __stringify(__LINE__) ",$r0\n\t"\
"jump 0f\n\t" \
".section .rodata\n" \
"0:\t.string \"" __FILE__ "\"\n\t" \
- ".previous")
+ ".previous"); \
+ unreachable(); \
+} while (0)
#endif
#else
/* This just causes an oops. */
-#define BUG() (*(int *)0 = 0)
+#define BUG() \
+do { \
+ barrier_before_unreachable(); \
+ __builtin_trap(); \
+} while (0)
#endif
--- a/arch/ia64/include/asm/bug.h
+++ b/arch/ia64/include/asm/bug.h
@@ -4,7 +4,11 @@
#ifdef CONFIG_BUG
#define ia64_abort() __builtin_trap()
-#define BUG() do { printk("kernel BUG at %s:%d!\n", __FILE__, __LINE__); ia64_abort(); } while (0)
+#define BUG() do { \
+ printk("kernel BUG at %s:%d!\n", __FILE__, __LINE__); \
+ barrier_before_unreachable(); \
+ ia64_abort(); \
+} while (0)
/* should this BUG be made generic? */
#define HAVE_ARCH_BUG
--- a/arch/m68k/include/asm/bug.h
+++ b/arch/m68k/include/asm/bug.h
@@ -8,16 +8,19 @@
#ifndef CONFIG_SUN3
#define BUG() do { \
pr_crit("kernel BUG at %s:%d!\n", __FILE__, __LINE__); \
+ barrier_before_unreachable(); \
__builtin_trap(); \
} while (0)
#else
#define BUG() do { \
pr_crit("kernel BUG at %s:%d!\n", __FILE__, __LINE__); \
+ barrier_before_unreachable(); \
panic("BUG!"); \
} while (0)
#endif
#else
#define BUG() do { \
+ barrier_before_unreachable(); \
__builtin_trap(); \
} while (0)
#endif
--- a/arch/sparc/include/asm/bug.h
+++ b/arch/sparc/include/asm/bug.h
@@ -9,10 +9,14 @@
void do_BUG(const char *file, int line);
#define BUG() do { \
do_BUG(__FILE__, __LINE__); \
+ barrier_before_unreachable(); \
__builtin_trap(); \
} while (0)
#else
-#define BUG() __builtin_trap()
+#define BUG() do { \
+ barrier_before_unreachable(); \
+ __builtin_trap(); \
+} while (0)
#endif
#define HAVE_ARCH_BUG
--- a/include/asm-generic/bug.h
+++ b/include/asm-generic/bug.h
@@ -50,6 +50,7 @@ struct bug_entry {
#ifndef HAVE_ARCH_BUG
#define BUG() do { \
printk("BUG: failure at %s:%d/%s()!\n", __FILE__, __LINE__, __func__); \
+ barrier_before_unreachable(); \
panic("BUG!"); \
} while (0)
#endif
--- a/include/linux/compiler-gcc.h
+++ b/include/linux/compiler-gcc.h
@@ -212,6 +212,15 @@
#endif
/*
+ * calling noreturn functions, __builtin_unreachable() and __builtin_trap()
+ * confuse the stack allocation in gcc, leading to overly large stack
+ * frames, see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82365
+ *
+ * Adding an empty inline assembly before it works around the problem
+ */
+#define barrier_before_unreachable() asm volatile("")
+
+/*
* Mark a position in code as unreachable. This can be used to
* suppress control flow warnings after asm blocks that transfer
* control elsewhere.
@@ -221,7 +230,11 @@
* unreleased. Really, we need to have autoconf for the kernel.
*/
#define unreachable() \
- do { annotate_unreachable(); __builtin_unreachable(); } while (0)
+ do { \
+ annotate_unreachable(); \
+ barrier_before_unreachable(); \
+ __builtin_unreachable(); \
+ } while (0)
/* Mark a function definition as prohibited from being cloned. */
#define __noclone __attribute__((__noclone__, __optimize__("no-tracer")))
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h
@@ -86,6 +86,11 @@ void ftrace_likely_update(struct ftrace_
# define barrier_data(ptr) barrier()
#endif
+/* workaround for GCC PR82365 if needed */
+#ifndef barrier_before_unreachable
+# define barrier_before_unreachable() do { } while (0)
+#endif
+
/* Unreachable code */
#ifdef CONFIG_STACK_VALIDATION
#define annotate_reachable() ({ \
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 115/496] seccomp: add a selftest for get_metadata
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (104 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 113/496] bug.h: work around GCC PR82365 in BUG() Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 116/496] soc: imx: gpc: de-register power domains only if initialized Greg Kroah-Hartman
` (363 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tycho Andersen, Kees Cook, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tycho Andersen <tycho@tycho.ws>
[ Upstream commit d057dc4e35e16050befa3dda943876dab39cbf80 ]
Let's test that we get the flags correctly, and that we preserve the filter
index across the ptrace(PTRACE_SECCOMP_GET_METADATA) correctly.
Signed-off-by: Tycho Andersen <tycho@tycho.ws>
CC: Kees Cook <keescook@chromium.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/testing/selftests/seccomp/seccomp_bpf.c | 61 ++++++++++++++++++++++++++
1 file changed, 61 insertions(+)
--- a/tools/testing/selftests/seccomp/seccomp_bpf.c
+++ b/tools/testing/selftests/seccomp/seccomp_bpf.c
@@ -145,6 +145,15 @@ struct seccomp_data {
#define SECCOMP_FILTER_FLAG_SPEC_ALLOW (1UL << 2)
#endif
+#ifndef PTRACE_SECCOMP_GET_METADATA
+#define PTRACE_SECCOMP_GET_METADATA 0x420d
+
+struct seccomp_metadata {
+ __u64 filter_off; /* Input: which filter */
+ __u64 flags; /* Output: filter's flags */
+};
+#endif
+
#ifndef seccomp
int seccomp(unsigned int op, unsigned int flags, void *args)
{
@@ -2861,6 +2870,58 @@ TEST(get_action_avail)
EXPECT_EQ(errno, EOPNOTSUPP);
}
+TEST(get_metadata)
+{
+ pid_t pid;
+ int pipefd[2];
+ char buf;
+ struct seccomp_metadata md;
+
+ ASSERT_EQ(0, pipe(pipefd));
+
+ pid = fork();
+ ASSERT_GE(pid, 0);
+ if (pid == 0) {
+ struct sock_filter filter[] = {
+ BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW),
+ };
+ struct sock_fprog prog = {
+ .len = (unsigned short)ARRAY_SIZE(filter),
+ .filter = filter,
+ };
+
+ /* one with log, one without */
+ ASSERT_EQ(0, seccomp(SECCOMP_SET_MODE_FILTER,
+ SECCOMP_FILTER_FLAG_LOG, &prog));
+ ASSERT_EQ(0, seccomp(SECCOMP_SET_MODE_FILTER, 0, &prog));
+
+ ASSERT_EQ(0, close(pipefd[0]));
+ ASSERT_EQ(1, write(pipefd[1], "1", 1));
+ ASSERT_EQ(0, close(pipefd[1]));
+
+ while (1)
+ sleep(100);
+ }
+
+ ASSERT_EQ(0, close(pipefd[1]));
+ ASSERT_EQ(1, read(pipefd[0], &buf, 1));
+
+ ASSERT_EQ(0, ptrace(PTRACE_ATTACH, pid));
+ ASSERT_EQ(pid, waitpid(pid, NULL, 0));
+
+ md.filter_off = 0;
+ ASSERT_EQ(sizeof(md), ptrace(PTRACE_SECCOMP_GET_METADATA, pid, sizeof(md), &md));
+ EXPECT_EQ(md.flags, SECCOMP_FILTER_FLAG_LOG);
+ EXPECT_EQ(md.filter_off, 0);
+
+ md.filter_off = 1;
+ ASSERT_EQ(sizeof(md), ptrace(PTRACE_SECCOMP_GET_METADATA, pid, sizeof(md), &md));
+ EXPECT_EQ(md.flags, 0);
+ EXPECT_EQ(md.filter_off, 1);
+
+ ASSERT_EQ(0, kill(pid, SIGKILL));
+}
+
/*
* TODO:
* - add microbenchmarks
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 116/496] soc: imx: gpc: de-register power domains only if initialized
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (105 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 115/496] seccomp: add a selftest for get_metadata Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 117/496] powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access Greg Kroah-Hartman
` (362 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stefan Agner, Lucas Stach,
Fabio Estevam, Shawn Guo, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stefan Agner <stefan@agner.ch>
[ Upstream commit 7801c545e706674aeed40256eb806ad37b18ad71 ]
If power domain information are missing in the device tree, no
power domains get initialized. However, imx_gpc_remove tries to
remove power domains always in the old DT binding case. Only
remove power domains when imx_gpc_probe initialized them in
first place.
Fixes: 721cabf6c660 ("soc: imx: move PGC handling to a new GPC driver")
Signed-off-by: Stefan Agner <stefan@agner.ch>
Reviewed-by: Lucas Stach <l.stach@pengutronix.de>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/soc/imx/gpc.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
--- a/drivers/soc/imx/gpc.c
+++ b/drivers/soc/imx/gpc.c
@@ -456,13 +456,21 @@ static int imx_gpc_probe(struct platform
static int imx_gpc_remove(struct platform_device *pdev)
{
+ struct device_node *pgc_node;
int ret;
+ pgc_node = of_get_child_by_name(pdev->dev.of_node, "pgc");
+
+ /* bail out if DT too old and doesn't provide the necessary info */
+ if (!of_property_read_bool(pdev->dev.of_node, "#power-domain-cells") &&
+ !pgc_node)
+ return 0;
+
/*
* If the old DT binding is used the toplevel driver needs to
* de-register the power domains
*/
- if (!of_get_child_by_name(pdev->dev.of_node, "pgc")) {
+ if (!pgc_node) {
of_genpd_del_provider(pdev->dev.of_node);
ret = pm_genpd_remove(&imx_gpc_domains[GPC_PGC_DOMAIN_PU].base);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 117/496] powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (106 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 116/496] soc: imx: gpc: de-register power domains only if initialized Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 118/496] s390/cio: fix ccw_device_start_timeout API Greg Kroah-Hartman
` (361 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mark Lord, Naveen N. Rao,
Michael Ellerman, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mark Lord <mlord@pobox.com>
[ Upstream commit 083b20907185b076f21c265b30fe5b5f24c03d8c ]
I am using SECCOMP to filter syscalls on a ppc32 platform, and noticed
that the JIT compiler was failing on the BPF even though the
interpreter was working fine.
The issue was that the compiler was missing one of the instructions
used by SECCOMP, so here is a patch to enable JIT for that
instruction.
Fixes: eb84bab0fb38 ("ppc: Kconfig: Enable BPF JIT on ppc32")
Signed-off-by: Mark Lord <mlord@pobox.com>
Acked-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/net/bpf_jit_comp.c | 3 +++
1 file changed, 3 insertions(+)
--- a/arch/powerpc/net/bpf_jit_comp.c
+++ b/arch/powerpc/net/bpf_jit_comp.c
@@ -329,6 +329,9 @@ static int bpf_jit_build_body(struct bpf
BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, len) != 4);
PPC_LWZ_OFFS(r_A, r_skb, offsetof(struct sk_buff, len));
break;
+ case BPF_LDX | BPF_W | BPF_ABS: /* A = *((u32 *)(seccomp_data + K)); */
+ PPC_LWZ_OFFS(r_A, r_skb, K);
+ break;
case BPF_LDX | BPF_W | BPF_LEN: /* X = skb->len; */
PPC_LWZ_OFFS(r_X, r_skb, offsetof(struct sk_buff, len));
break;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 118/496] s390/cio: fix ccw_device_start_timeout API
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (107 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 117/496] powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 119/496] s390/cio: fix return code after missing interrupt Greg Kroah-Hartman
` (360 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sebastian Ott, Martin Schwidefsky,
Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sebastian Ott <sebott@linux.vnet.ibm.com>
[ Upstream commit f97a6b6c47d2f329a24f92cc0ca3c6df5727ba73 ]
There are cases a device driver can't start IO because the device is
currently in use by cio. In this case the device driver is notified
when the device is usable again.
Using ccw_device_start_timeout we would set the timeout (and change
an existing timeout) before we test for internal usage. Worst case
this could lead to an unexpected timer deletion.
Fix this by setting the timeout after we test for internal usage.
Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/s390/cio/device_ops.c | 72 ++++++++++++++++++------------------------
1 file changed, 32 insertions(+), 40 deletions(-)
--- a/drivers/s390/cio/device_ops.c
+++ b/drivers/s390/cio/device_ops.c
@@ -160,7 +160,7 @@ int ccw_device_clear(struct ccw_device *
}
/**
- * ccw_device_start_key() - start a s390 channel program with key
+ * ccw_device_start_timeout_key() - start a s390 channel program with timeout and key
* @cdev: target ccw device
* @cpa: logical start address of channel program
* @intparm: user specific interruption parameter; will be presented back to
@@ -171,10 +171,15 @@ int ccw_device_clear(struct ccw_device *
* @key: storage key to be used for the I/O
* @flags: additional flags; defines the action to be performed for I/O
* processing.
+ * @expires: timeout value in jiffies
*
* Start a S/390 channel program. When the interrupt arrives, the
* IRQ handler is called, either immediately, delayed (dev-end missing,
* or sense required) or never (no IRQ handler registered).
+ * This function notifies the device driver if the channel program has not
+ * completed during the time specified by @expires. If a timeout occurs, the
+ * channel program is terminated via xsch, hsch or csch, and the device's
+ * interrupt handler will be called with an irb containing ERR_PTR(-%ETIMEDOUT).
* Returns:
* %0, if the operation was successful;
* -%EBUSY, if the device is busy, or status pending;
@@ -183,9 +188,9 @@ int ccw_device_clear(struct ccw_device *
* Context:
* Interrupts disabled, ccw device lock held
*/
-int ccw_device_start_key(struct ccw_device *cdev, struct ccw1 *cpa,
- unsigned long intparm, __u8 lpm, __u8 key,
- unsigned long flags)
+int ccw_device_start_timeout_key(struct ccw_device *cdev, struct ccw1 *cpa,
+ unsigned long intparm, __u8 lpm, __u8 key,
+ unsigned long flags, int expires)
{
struct subchannel *sch;
int ret;
@@ -225,6 +230,8 @@ int ccw_device_start_key(struct ccw_devi
switch (ret) {
case 0:
cdev->private->intparm = intparm;
+ if (expires)
+ ccw_device_set_timeout(cdev, expires);
break;
case -EACCES:
case -ENODEV:
@@ -235,7 +242,7 @@ int ccw_device_start_key(struct ccw_devi
}
/**
- * ccw_device_start_timeout_key() - start a s390 channel program with timeout and key
+ * ccw_device_start_key() - start a s390 channel program with key
* @cdev: target ccw device
* @cpa: logical start address of channel program
* @intparm: user specific interruption parameter; will be presented back to
@@ -246,15 +253,10 @@ int ccw_device_start_key(struct ccw_devi
* @key: storage key to be used for the I/O
* @flags: additional flags; defines the action to be performed for I/O
* processing.
- * @expires: timeout value in jiffies
*
* Start a S/390 channel program. When the interrupt arrives, the
* IRQ handler is called, either immediately, delayed (dev-end missing,
* or sense required) or never (no IRQ handler registered).
- * This function notifies the device driver if the channel program has not
- * completed during the time specified by @expires. If a timeout occurs, the
- * channel program is terminated via xsch, hsch or csch, and the device's
- * interrupt handler will be called with an irb containing ERR_PTR(-%ETIMEDOUT).
* Returns:
* %0, if the operation was successful;
* -%EBUSY, if the device is busy, or status pending;
@@ -263,19 +265,12 @@ int ccw_device_start_key(struct ccw_devi
* Context:
* Interrupts disabled, ccw device lock held
*/
-int ccw_device_start_timeout_key(struct ccw_device *cdev, struct ccw1 *cpa,
- unsigned long intparm, __u8 lpm, __u8 key,
- unsigned long flags, int expires)
+int ccw_device_start_key(struct ccw_device *cdev, struct ccw1 *cpa,
+ unsigned long intparm, __u8 lpm, __u8 key,
+ unsigned long flags)
{
- int ret;
-
- if (!cdev)
- return -ENODEV;
- ccw_device_set_timeout(cdev, expires);
- ret = ccw_device_start_key(cdev, cpa, intparm, lpm, key, flags);
- if (ret != 0)
- ccw_device_set_timeout(cdev, 0);
- return ret;
+ return ccw_device_start_timeout_key(cdev, cpa, intparm, lpm, key,
+ flags, 0);
}
/**
@@ -490,18 +485,20 @@ void ccw_device_get_id(struct ccw_device
EXPORT_SYMBOL(ccw_device_get_id);
/**
- * ccw_device_tm_start_key() - perform start function
+ * ccw_device_tm_start_timeout_key() - perform start function
* @cdev: ccw device on which to perform the start function
* @tcw: transport-command word to be started
* @intparm: user defined parameter to be passed to the interrupt handler
* @lpm: mask of paths to use
* @key: storage key to use for storage access
+ * @expires: time span in jiffies after which to abort request
*
* Start the tcw on the given ccw device. Return zero on success, non-zero
* otherwise.
*/
-int ccw_device_tm_start_key(struct ccw_device *cdev, struct tcw *tcw,
- unsigned long intparm, u8 lpm, u8 key)
+int ccw_device_tm_start_timeout_key(struct ccw_device *cdev, struct tcw *tcw,
+ unsigned long intparm, u8 lpm, u8 key,
+ int expires)
{
struct subchannel *sch;
int rc;
@@ -528,37 +525,32 @@ int ccw_device_tm_start_key(struct ccw_d
return -EACCES;
}
rc = cio_tm_start_key(sch, tcw, lpm, key);
- if (rc == 0)
+ if (rc == 0) {
cdev->private->intparm = intparm;
+ if (expires)
+ ccw_device_set_timeout(cdev, expires);
+ }
return rc;
}
-EXPORT_SYMBOL(ccw_device_tm_start_key);
+EXPORT_SYMBOL(ccw_device_tm_start_timeout_key);
/**
- * ccw_device_tm_start_timeout_key() - perform start function
+ * ccw_device_tm_start_key() - perform start function
* @cdev: ccw device on which to perform the start function
* @tcw: transport-command word to be started
* @intparm: user defined parameter to be passed to the interrupt handler
* @lpm: mask of paths to use
* @key: storage key to use for storage access
- * @expires: time span in jiffies after which to abort request
*
* Start the tcw on the given ccw device. Return zero on success, non-zero
* otherwise.
*/
-int ccw_device_tm_start_timeout_key(struct ccw_device *cdev, struct tcw *tcw,
- unsigned long intparm, u8 lpm, u8 key,
- int expires)
+int ccw_device_tm_start_key(struct ccw_device *cdev, struct tcw *tcw,
+ unsigned long intparm, u8 lpm, u8 key)
{
- int ret;
-
- ccw_device_set_timeout(cdev, expires);
- ret = ccw_device_tm_start_key(cdev, tcw, intparm, lpm, key);
- if (ret != 0)
- ccw_device_set_timeout(cdev, 0);
- return ret;
+ return ccw_device_tm_start_timeout_key(cdev, tcw, intparm, lpm, key, 0);
}
-EXPORT_SYMBOL(ccw_device_tm_start_timeout_key);
+EXPORT_SYMBOL(ccw_device_tm_start_key);
/**
* ccw_device_tm_start() - perform start function
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 119/496] s390/cio: fix return code after missing interrupt
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (108 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 118/496] s390/cio: fix ccw_device_start_timeout API Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 120/496] s390/cio: clear timer when terminating driver I/O Greg Kroah-Hartman
` (359 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Julian Wiedmann, Sebastian Ott,
Martin Schwidefsky, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sebastian Ott <sebott@linux.vnet.ibm.com>
[ Upstream commit 770b55c995d171f026a9efb85e71e3b1ea47b93d ]
When a timeout occurs for users of ccw_device_start_timeout
we will stop the IO and call the drivers int handler with
the irb pointer set to ERR_PTR(-ETIMEDOUT). Sometimes
however we'd set the irb pointer to ERR_PTR(-EIO) which is
not intended. Just set the correct value in all codepaths.
Reported-by: Julian Wiedmann <jwi@linux.vnet.ibm.com>
Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/s390/cio/device_fsm.c | 6 ++++--
drivers/s390/cio/io_sch.h | 1 +
2 files changed, 5 insertions(+), 2 deletions(-)
--- a/drivers/s390/cio/device_fsm.c
+++ b/drivers/s390/cio/device_fsm.c
@@ -796,6 +796,7 @@ ccw_device_online_timeout(struct ccw_dev
ccw_device_set_timeout(cdev, 0);
cdev->private->iretry = 255;
+ cdev->private->async_kill_io_rc = -ETIMEDOUT;
ret = ccw_device_cancel_halt_clear(cdev);
if (ret == -EBUSY) {
ccw_device_set_timeout(cdev, 3*HZ);
@@ -872,7 +873,7 @@ ccw_device_killing_irq(struct ccw_device
/* OK, i/o is dead now. Call interrupt handler. */
if (cdev->handler)
cdev->handler(cdev, cdev->private->intparm,
- ERR_PTR(-EIO));
+ ERR_PTR(cdev->private->async_kill_io_rc));
}
static void
@@ -889,7 +890,7 @@ ccw_device_killing_timeout(struct ccw_de
ccw_device_online_verify(cdev, 0);
if (cdev->handler)
cdev->handler(cdev, cdev->private->intparm,
- ERR_PTR(-EIO));
+ ERR_PTR(cdev->private->async_kill_io_rc));
}
void ccw_device_kill_io(struct ccw_device *cdev)
@@ -897,6 +898,7 @@ void ccw_device_kill_io(struct ccw_devic
int ret;
cdev->private->iretry = 255;
+ cdev->private->async_kill_io_rc = -EIO;
ret = ccw_device_cancel_halt_clear(cdev);
if (ret == -EBUSY) {
ccw_device_set_timeout(cdev, 3*HZ);
--- a/drivers/s390/cio/io_sch.h
+++ b/drivers/s390/cio/io_sch.h
@@ -157,6 +157,7 @@ struct ccw_device_private {
unsigned long intparm; /* user interruption parameter */
struct qdio_irq *qdio_data;
struct irb irb; /* device status */
+ int async_kill_io_rc;
struct senseid senseid; /* SenseID info */
struct pgid pgid[8]; /* path group IDs per chpid*/
struct ccw1 iccws[2]; /* ccws for SNID/SID/SPGID commands */
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 120/496] s390/cio: clear timer when terminating driver I/O
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (109 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 119/496] s390/cio: fix return code after missing interrupt Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 121/496] selftests/bpf/test_maps: exit child process without error in ENOMEM case Greg Kroah-Hartman
` (358 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sebastian Ott, Martin Schwidefsky,
Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sebastian Ott <sebott@linux.vnet.ibm.com>
[ Upstream commit 410d5e13e7638bc146321671e223d56495fbf3c7 ]
When we terminate driver I/O (because we need to stop using a certain
channel path) we also need to ensure that a timer (which may have been
set up using ccw_device_start_timeout) is cleared.
Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/s390/cio/device_fsm.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/s390/cio/device_fsm.c
+++ b/drivers/s390/cio/device_fsm.c
@@ -897,6 +897,7 @@ void ccw_device_kill_io(struct ccw_devic
{
int ret;
+ ccw_device_set_timeout(cdev, 0);
cdev->private->iretry = 255;
cdev->private->async_kill_io_rc = -EIO;
ret = ccw_device_cancel_halt_clear(cdev);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 121/496] selftests/bpf/test_maps: exit child process without error in ENOMEM case
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (110 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 120/496] s390/cio: clear timer when terminating driver I/O Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 122/496] PKCS#7: fix direct verification of SignerInfo signature Greg Kroah-Hartman
` (357 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexei Starovoitov, Philip Li,
Daniel Borkmann, Li Zhijian, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Li Zhijian <zhijianx.li@intel.com>
[ Upstream commit 80475c48c6a8a65171e035e0915dc7996b5a0a65 ]
test_maps contains a series of stress tests, and previously it will break the
rest tests when it failed to alloc memory.
-----------------------
Failed to create hashmap key=8 value=262144 'Cannot allocate memory'
Failed to create hashmap key=16 value=262144 'Cannot allocate memory'
Failed to create hashmap key=8 value=262144 'Cannot allocate memory'
Failed to create hashmap key=8 value=262144 'Cannot allocate memory'
test_maps: test_maps.c:955: run_parallel: Assertion `status == 0' failed.
Aborted
not ok 1..3 selftests: test_maps [FAIL]
-----------------------
after this patch, the rest tests will be continue when it occurs an ENOMEM failure
CC: Alexei Starovoitov <alexei.starovoitov@gmail.com>
CC: Philip Li <philip.li@intel.com>
Suggested-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Li Zhijian <zhijianx.li@intel.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/testing/selftests/bpf/test_maps.c | 2 ++
1 file changed, 2 insertions(+)
--- a/tools/testing/selftests/bpf/test_maps.c
+++ b/tools/testing/selftests/bpf/test_maps.c
@@ -126,6 +126,8 @@ static void test_hashmap_sizes(int task,
fd = bpf_create_map(BPF_MAP_TYPE_HASH, i, j,
2, map_flags);
if (fd < 0) {
+ if (errno == ENOMEM)
+ return;
printf("Failed to create hashmap key=%d value=%d '%s'\n",
i, j, strerror(errno));
exit(1);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 122/496] PKCS#7: fix direct verification of SignerInfo signature
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (111 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 121/496] selftests/bpf/test_maps: exit child process without error in ENOMEM case Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 123/496] arm64: dts: cavium: fix PCI bus dtc warnings Greg Kroah-Hartman
` (356 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Biggers, David Howells, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Biggers <ebiggers@google.com>
[ Upstream commit 6459ae386699a5fe0dc52cf30255f75274fa43a4 ]
If none of the certificates in a SignerInfo's certificate chain match a
trusted key, nor is the last certificate signed by a trusted key, then
pkcs7_validate_trust_one() tries to check whether the SignerInfo's
signature was made directly by a trusted key. But, it actually fails to
set the 'sig' variable correctly, so it actually verifies the last
signature seen. That will only be the SignerInfo's signature if the
certificate chain is empty; otherwise it will actually be the last
certificate's signature.
This is not by itself a security problem, since verifying any of the
certificates in the chain should be sufficient to verify the SignerInfo.
Still, it's not working as intended so it should be fixed.
Fix it by setting 'sig' correctly for the direct verification case.
Fixes: 757932e6da6d ("PKCS#7: Handle PKCS#7 messages that contain no X.509 certs")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
crypto/asymmetric_keys/pkcs7_trust.c | 1 +
1 file changed, 1 insertion(+)
--- a/crypto/asymmetric_keys/pkcs7_trust.c
+++ b/crypto/asymmetric_keys/pkcs7_trust.c
@@ -106,6 +106,7 @@ static int pkcs7_validate_trust_one(stru
pr_devel("sinfo %u: Direct signer is key %x\n",
sinfo->index, key_serial(key));
x509 = NULL;
+ sig = sinfo->sig;
goto matched;
}
if (PTR_ERR(key) != -ENOKEY)
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 123/496] arm64: dts: cavium: fix PCI bus dtc warnings
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (112 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 122/496] PKCS#7: fix direct verification of SignerInfo signature Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 124/496] nfs: system crashes after NFS4ERR_MOVED recovery Greg Kroah-Hartman
` (355 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rob Herring, Jayachandran C,
Arnd Bergmann, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Rob Herring <robh@kernel.org>
[ Upstream commit e2c8d283c4e2f468bed1bcfedb80b670b1bc8ab1 ]
dtc recently added PCI bus checks. Fix these warnings:
arch/arm64/boot/dts/cavium/thunder2-99xx.dtb: Warning (pci_bridge): Node /pci missing bus-range for PCI bridge
arch/arm64/boot/dts/cavium/thunder2-99xx.dtb: Warning (unit_address_vs_reg): Node /pci has a reg or ranges property, but no unit name
Signed-off-by: Rob Herring <robh@kernel.org>
Cc: Jayachandran C <jnair@caviumnetworks.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/boot/dts/cavium/thunder2-99xx.dtsi | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/arch/arm64/boot/dts/cavium/thunder2-99xx.dtsi
+++ b/arch/arm64/boot/dts/cavium/thunder2-99xx.dtsi
@@ -98,7 +98,7 @@
clock-output-names = "clk125mhz";
};
- pci {
+ pcie@30000000 {
compatible = "pci-host-ecam-generic";
device_type = "pci";
#interrupt-cells = <1>;
@@ -118,6 +118,7 @@
ranges =
<0x02000000 0 0x40000000 0 0x40000000 0 0x20000000
0x43000000 0x40 0x00000000 0x40 0x00000000 0x20 0x00000000>;
+ bus-range = <0 0xff>;
interrupt-map-mask = <0 0 0 7>;
interrupt-map =
/* addr pin ic icaddr icintr */
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 124/496] nfs: system crashes after NFS4ERR_MOVED recovery
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (113 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 123/496] arm64: dts: cavium: fix PCI bus dtc warnings Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 125/496] ARM: OMAP: Fix dmtimer init for omap1 Greg Kroah-Hartman
` (354 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Helen Chao, Bill Baker, Chuck Lever,
Trond Myklebust, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Bill.Baker@oracle.com" <Bill.Baker@oracle.com>
[ Upstream commit ad86f605c59500da82d196ac312cfbac3daba31d ]
nfs4_update_server unconditionally releases the nfs_client for the
source server. If migration fails, this can cause the source server's
nfs_client struct to be left with a low reference count, resulting in
use-after-free. Also, adjust reference count handling for ELOOP.
NFS: state manager: migration failed on NFSv4 server nfsvmu10 with error 6
WARNING: CPU: 16 PID: 17960 at fs/nfs/client.c:281 nfs_put_client+0xfa/0x110 [nfs]()
nfs_put_client+0xfa/0x110 [nfs]
nfs4_run_state_manager+0x30/0x40 [nfsv4]
kthread+0xd8/0xf0
BUG: unable to handle kernel NULL pointer dereference at 00000000000002a8
nfs4_xdr_enc_write+0x6b/0x160 [nfsv4]
rpcauth_wrap_req+0xac/0xf0 [sunrpc]
call_transmit+0x18c/0x2c0 [sunrpc]
__rpc_execute+0xa6/0x490 [sunrpc]
rpc_async_schedule+0x15/0x20 [sunrpc]
process_one_work+0x160/0x470
worker_thread+0x112/0x540
? rescuer_thread+0x3f0/0x3f0
kthread+0xd8/0xf0
This bug was introduced by 32e62b7c ("NFS: Add nfs4_update_server"),
but the fix applies cleanly to 52442f9b ("NFS4: Avoid migration loops")
Reported-by: Helen Chao <helen.chao@oracle.com>
Fixes: 52442f9b11b7 ("NFS4: Avoid migration loops")
Signed-off-by: Bill Baker <bill.baker@oracle.com>
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfs/nfs4client.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/fs/nfs/nfs4client.c
+++ b/fs/nfs/nfs4client.c
@@ -858,8 +858,10 @@ static int nfs4_set_client(struct nfs_se
if (IS_ERR(clp))
return PTR_ERR(clp);
- if (server->nfs_client == clp)
+ if (server->nfs_client == clp) {
+ nfs_put_client(clp);
return -ELOOP;
+ }
/*
* Query for the lease time on clientid setup or renewal
@@ -1217,11 +1219,11 @@ int nfs4_update_server(struct nfs_server
clp->cl_proto, clnt->cl_timeout,
clp->cl_minorversion, net);
clear_bit(NFS_MIG_TSM_POSSIBLE, &server->mig_status);
- nfs_put_client(clp);
if (error != 0) {
nfs_server_insert_lists(server);
return error;
}
+ nfs_put_client(clp);
if (server->nfs_client->cl_hostname == NULL)
server->nfs_client->cl_hostname = kstrdup(hostname, GFP_KERNEL);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 125/496] ARM: OMAP: Fix dmtimer init for omap1
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (114 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 124/496] nfs: system crashes after NFS4ERR_MOVED recovery Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 126/496] smsc75xx: fix smsc75xx_set_features() Greg Kroah-Hartman
` (353 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Aaro Koskinen, Keerthy,
Ladislav Michl, Tony Lindgren, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tony Lindgren <tony@atomide.com>
[ Upstream commit ba6887836178d43b3665b9da075c2c5dfe1d207c ]
We need to enable PM runtime on omap1 also as otherwise we
will get errors:
omap_timer omap_timer.1: omap_dm_timer_probe: pm_runtime_get_sync failed!
omap_timer: probe of omap_timer.1 failed with error -13
...
We are checking for OMAP_TIMER_NEEDS_RESET flag elsewhere so this is
safe to do.
Cc: Aaro Koskinen <aaro.koskinen@iki.fi>
Cc: Keerthy <j-keerthy@ti.com>
Cc: Ladislav Michl <ladis@linux-mips.org>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/plat-omap/dmtimer.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
--- a/arch/arm/plat-omap/dmtimer.c
+++ b/arch/arm/plat-omap/dmtimer.c
@@ -890,11 +890,8 @@ static int omap_dm_timer_probe(struct pl
timer->irq = irq->start;
timer->pdev = pdev;
- /* Skip pm_runtime_enable for OMAP1 */
- if (!(timer->capability & OMAP_TIMER_NEEDS_RESET)) {
- pm_runtime_enable(dev);
- pm_runtime_irq_safe(dev);
- }
+ pm_runtime_enable(dev);
+ pm_runtime_irq_safe(dev);
if (!timer->reserved) {
ret = pm_runtime_get_sync(dev);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 126/496] smsc75xx: fix smsc75xx_set_features()
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (115 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 125/496] ARM: OMAP: Fix dmtimer init for omap1 Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 127/496] regulatory: add NUL to request alpha2 Greg Kroah-Hartman
` (352 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet, Steve Glendinning,
David S. Miller, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 88e80c62671ceecdbb77c902731ec95a4bfa62f9 ]
If an attempt is made to disable RX checksums, USB adapter is changed
but netdev->features is not, because smsc75xx_set_features() returns a
non zero value.
This throws errors from netdev_rx_csum_fault() :
<devname>: hw csum failure
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Steve Glendinning <steve.glendinning@shawell.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/usb/smsc75xx.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
--- a/drivers/net/usb/smsc75xx.c
+++ b/drivers/net/usb/smsc75xx.c
@@ -954,10 +954,11 @@ static int smsc75xx_set_features(struct
/* it's racing here! */
ret = smsc75xx_write_reg(dev, RFE_CTL, pdata->rfe_ctl);
- if (ret < 0)
+ if (ret < 0) {
netdev_warn(dev->net, "Error writing RFE_CTL\n");
-
- return ret;
+ return ret;
+ }
+ return 0;
}
static int smsc75xx_wait_ready(struct usbnet *dev, int in_pm)
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 127/496] regulatory: add NUL to request alpha2
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (116 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 126/496] smsc75xx: fix smsc75xx_set_features() Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 128/496] integrity/security: fix digsig.c build error with header file Greg Kroah-Hartman
` (351 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kees Cook, Johannes Berg, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johannes Berg <johannes.berg@intel.com>
[ Upstream commit 657308f73e674e86b60509a430a46e569bf02846 ]
Similar to the ancient commit a5fe8e7695dc ("regulatory: add NUL
to alpha2"), add another byte to alpha2 in the request struct so
that when we use nla_put_string(), we don't overrun anything.
Fixes: 73d54c9e74c4 ("cfg80211: add regulatory netlink multicast group")
Reported-by: Kees Cook <keescook@google.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/net/regulatory.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/include/net/regulatory.h
+++ b/include/net/regulatory.h
@@ -78,7 +78,7 @@ struct regulatory_request {
int wiphy_idx;
enum nl80211_reg_initiator initiator;
enum nl80211_user_reg_hint_type user_reg_hint_type;
- char alpha2[2];
+ char alpha2[3];
enum nl80211_dfs_regions dfs_region;
bool intersect;
bool processed;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 128/496] integrity/security: fix digsig.c build error with header file
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (117 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 127/496] regulatory: add NUL to request alpha2 Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 130/496] locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs Greg Kroah-Hartman
` (350 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michael Ellerman, Randy Dunlap,
Mimi Zohar, linux-integrity, James Morris, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 120f3b11ef88fc38ce1d0ff9c9a4b37860ad3140 ]
security/integrity/digsig.c has build errors on some $ARCH due to a
missing header file, so add it.
security/integrity/digsig.c:146:2: error: implicit declaration of function 'vfree' [-Werror=implicit-function-declaration]
Reported-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: linux-integrity@vger.kernel.org
Link: http://kisskb.ellerman.id.au/kisskb/head/13396/
Signed-off-by: James Morris <james.morris@microsoft.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
security/integrity/digsig.c | 1 +
1 file changed, 1 insertion(+)
--- a/security/integrity/digsig.c
+++ b/security/integrity/digsig.c
@@ -18,6 +18,7 @@
#include <linux/cred.h>
#include <linux/key-type.h>
#include <linux/digsig.h>
+#include <linux/vmalloc.h>
#include <crypto/public_key.h>
#include <keys/system_keyring.h>
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 130/496] locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (118 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 128/496] integrity/security: fix digsig.c build error with header file Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 131/496] x86/topology: Update the cpu cores field in /proc/cpuinfo correctly across CPU hotplug operations Greg Kroah-Hartman
` (349 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Will Deacon, Andrea Parri,
Paul E. McKenney, Alan Stern, Andrew Morton, Ivan Kokshaysky,
Linus Torvalds, Matt Turner, Peter Zijlstra, Richard Henderson,
Thomas Gleixner, linux-alpha, Ingo Molnar, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andrea Parri <parri.andrea@gmail.com>
[ Upstream commit 472e8c55cf6622d1c112dc2bc777f68bbd4189db ]
Successful RMW operations are supposed to be fully ordered, but
Alpha's xchg() and cmpxchg() do not meet this requirement.
Will Deacon noticed the bug:
> So MP using xchg:
>
> WRITE_ONCE(x, 1)
> xchg(y, 1)
>
> smp_load_acquire(y) == 1
> READ_ONCE(x) == 0
>
> would be allowed.
... which thus violates the above requirement.
Fix it by adding a leading smp_mb() to the xchg() and cmpxchg() implementations.
Reported-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Andrea Parri <parri.andrea@gmail.com>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Cc: Alan Stern <stern@rowland.harvard.edu>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Matt Turner <mattst88@gmail.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-alpha@vger.kernel.org
Link: http://lkml.kernel.org/r/1519291488-5752-1-git-send-email-parri.andrea@gmail.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/alpha/include/asm/xchg.h | 21 ++++++++++++++++++---
1 file changed, 18 insertions(+), 3 deletions(-)
--- a/arch/alpha/include/asm/xchg.h
+++ b/arch/alpha/include/asm/xchg.h
@@ -12,6 +12,10 @@
* Atomic exchange.
* Since it can be used to implement critical sections
* it must clobber "memory" (also for interrupts in UP).
+ *
+ * The leading and the trailing memory barriers guarantee that these
+ * operations are fully ordered.
+ *
*/
static inline unsigned long
@@ -19,6 +23,7 @@ ____xchg(_u8, volatile char *m, unsigned
{
unsigned long ret, tmp, addr64;
+ smp_mb();
__asm__ __volatile__(
" andnot %4,7,%3\n"
" insbl %1,%4,%1\n"
@@ -43,6 +48,7 @@ ____xchg(_u16, volatile short *m, unsign
{
unsigned long ret, tmp, addr64;
+ smp_mb();
__asm__ __volatile__(
" andnot %4,7,%3\n"
" inswl %1,%4,%1\n"
@@ -67,6 +73,7 @@ ____xchg(_u32, volatile int *m, unsigned
{
unsigned long dummy;
+ smp_mb();
__asm__ __volatile__(
"1: ldl_l %0,%4\n"
" bis $31,%3,%1\n"
@@ -87,6 +94,7 @@ ____xchg(_u64, volatile long *m, unsigne
{
unsigned long dummy;
+ smp_mb();
__asm__ __volatile__(
"1: ldq_l %0,%4\n"
" bis $31,%3,%1\n"
@@ -128,9 +136,12 @@ ____xchg(, volatile void *ptr, unsigned
* store NEW in MEM. Return the initial value in MEM. Success is
* indicated by comparing RETURN with OLD.
*
- * The memory barrier is placed in SMP unconditionally, in order to
- * guarantee that dependency ordering is preserved when a dependency
- * is headed by an unsuccessful operation.
+ * The leading and the trailing memory barriers guarantee that these
+ * operations are fully ordered.
+ *
+ * The trailing memory barrier is placed in SMP unconditionally, in
+ * order to guarantee that dependency ordering is preserved when a
+ * dependency is headed by an unsuccessful operation.
*/
static inline unsigned long
@@ -138,6 +149,7 @@ ____cmpxchg(_u8, volatile char *m, unsig
{
unsigned long prev, tmp, cmp, addr64;
+ smp_mb();
__asm__ __volatile__(
" andnot %5,7,%4\n"
" insbl %1,%5,%1\n"
@@ -165,6 +177,7 @@ ____cmpxchg(_u16, volatile short *m, uns
{
unsigned long prev, tmp, cmp, addr64;
+ smp_mb();
__asm__ __volatile__(
" andnot %5,7,%4\n"
" inswl %1,%5,%1\n"
@@ -192,6 +205,7 @@ ____cmpxchg(_u32, volatile int *m, int o
{
unsigned long prev, cmp;
+ smp_mb();
__asm__ __volatile__(
"1: ldl_l %0,%5\n"
" cmpeq %0,%3,%1\n"
@@ -215,6 +229,7 @@ ____cmpxchg(_u64, volatile long *m, unsi
{
unsigned long prev, cmp;
+ smp_mb();
__asm__ __volatile__(
"1: ldq_l %0,%5\n"
" cmpeq %0,%3,%1\n"
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 131/496] x86/topology: Update the cpu cores field in /proc/cpuinfo correctly across CPU hotplug operations
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (119 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 130/496] locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 132/496] mac80211: drop frames with unexpected DS bits from fast-rx to slow path Greg Kroah-Hartman
` (348 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dou Liyang, Samuel Neves,
Linus Torvalds, Peter Zijlstra, Thomas Gleixner, jgross, luto,
prarit, vkuznets, Ingo Molnar, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Samuel Neves <sneves@dei.uc.pt>
[ Upstream commit 4596749339e06dc7a424fc08a15eded850ed78b7 ]
Without this fix, /proc/cpuinfo will display an incorrect amount
of CPU cores, after bringing them offline and online again, as
exemplified below:
$ cat /proc/cpuinfo | grep cores
cpu cores : 4
cpu cores : 8
cpu cores : 8
cpu cores : 20
cpu cores : 4
cpu cores : 3
cpu cores : 2
cpu cores : 2
This patch fixes this by always zeroing the booted_cores variable
upon turning off a logical CPU.
Tested-by: Dou Liyang <douly.fnst@cn.fujitsu.com>
Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: jgross@suse.com
Cc: luto@kernel.org
Cc: prarit@redhat.com
Cc: vkuznets@redhat.com
Link: http://lkml.kernel.org/r/20180221205036.5244-1-sneves@dei.uc.pt
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/smpboot.c | 1 +
1 file changed, 1 insertion(+)
--- a/arch/x86/kernel/smpboot.c
+++ b/arch/x86/kernel/smpboot.c
@@ -1521,6 +1521,7 @@ static void remove_siblinginfo(int cpu)
cpumask_clear(topology_core_cpumask(cpu));
c->phys_proc_id = 0;
c->cpu_core_id = 0;
+ c->booted_cores = 0;
cpumask_clear_cpu(cpu, cpu_sibling_setup_mask);
recompute_smt_state();
}
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 132/496] mac80211: drop frames with unexpected DS bits from fast-rx to slow path
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (120 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 131/496] x86/topology: Update the cpu cores field in /proc/cpuinfo correctly across CPU hotplug operations Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 133/496] arm64: fix unwind_frame() for filtered out fn for function graph tracing Greg Kroah-Hartman
` (347 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Felix Fietkau, Johannes Berg, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Felix Fietkau <nbd@nbd.name>
[ Upstream commit b323ac19b7734a1c464b2785a082ee50bccd3b91 ]
Fixes rx for 4-addr packets in AP mode. These may be used for setting
up a 4-addr link for stations that are allowed to do so.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/mac80211/rx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -3928,7 +3928,7 @@ static bool ieee80211_invoke_fast_rx(str
if ((hdr->frame_control & cpu_to_le16(IEEE80211_FCTL_FROMDS |
IEEE80211_FCTL_TODS)) !=
fast_rx->expected_ds_bits)
- goto drop;
+ return false;
/* assign the key to drop unencrypted frames (later)
* and strip the IV/MIC if necessary
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 133/496] arm64: fix unwind_frame() for filtered out fn for function graph tracing
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (121 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 132/496] mac80211: drop frames with unexpected DS bits from fast-rx to slow path Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 134/496] macvlan: fix use-after-free in macvlan_common_newlink() Greg Kroah-Hartman
` (346 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pratyush Anand, Jerome Marchand,
Catalin Marinas, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Pratyush Anand <panand@redhat.com>
[ Upstream commit 9f416319f40cd857d2bb517630e5855a905ef3fb ]
do_task_stat() calls get_wchan(), which further does unwind_frame().
unwind_frame() restores frame->pc to original value in case function
graph tracer has modified a return address (LR) in a stack frame to hook
a function return. However, if function graph tracer has hit a filtered
function, then we can't unwind it as ftrace_push_return_trace() has
biased the index(frame->graph) with a 'huge negative'
offset(-FTRACE_NOTRACE_DEPTH).
Moreover, arm64 stack walker defines index(frame->graph) as unsigned
int, which can not compare a -ve number.
Similar problem we can have with calling of walk_stackframe() from
save_stack_trace_tsk() or dump_backtrace().
This patch fixes unwind_frame() to test the index for -ve value and
restore index accordingly before we can restore frame->pc.
Reproducer:
cd /sys/kernel/debug/tracing/
echo schedule > set_graph_notrace
echo 1 > options/display-graph
echo wakeup > current_tracer
ps -ef | grep -i agent
Above commands result in:
Unable to handle kernel paging request at virtual address ffff801bd3d1e000
pgd = ffff8003cbe97c00
[ffff801bd3d1e000] *pgd=0000000000000000, *pud=0000000000000000
Internal error: Oops: 96000006 [#1] SMP
[...]
CPU: 5 PID: 11696 Comm: ps Not tainted 4.11.0+ #33
[...]
task: ffff8003c21ba000 task.stack: ffff8003cc6c0000
PC is at unwind_frame+0x12c/0x180
LR is at get_wchan+0xd4/0x134
pc : [<ffff00000808892c>] lr : [<ffff0000080860b8>] pstate: 60000145
sp : ffff8003cc6c3ab0
x29: ffff8003cc6c3ab0 x28: 0000000000000001
x27: 0000000000000026 x26: 0000000000000026
x25: 00000000000012d8 x24: 0000000000000000
x23: ffff8003c1c04000 x22: ffff000008c83000
x21: ffff8003c1c00000 x20: 000000000000000f
x19: ffff8003c1bc0000 x18: 0000fffffc593690
x17: 0000000000000000 x16: 0000000000000001
x15: 0000b855670e2b60 x14: 0003e97f22cf1d0f
x13: 0000000000000001 x12: 0000000000000000
x11: 00000000e8f4883e x10: 0000000154f47ec8
x9 : 0000000070f367c0 x8 : 0000000000000000
x7 : 00008003f7290000 x6 : 0000000000000018
x5 : 0000000000000000 x4 : ffff8003c1c03cb0
x3 : ffff8003c1c03ca0 x2 : 00000017ffe80000
x1 : ffff8003cc6c3af8 x0 : ffff8003d3e9e000
Process ps (pid: 11696, stack limit = 0xffff8003cc6c0000)
Stack: (0xffff8003cc6c3ab0 to 0xffff8003cc6c4000)
[...]
[<ffff00000808892c>] unwind_frame+0x12c/0x180
[<ffff000008305008>] do_task_stat+0x864/0x870
[<ffff000008305c44>] proc_tgid_stat+0x3c/0x48
[<ffff0000082fde0c>] proc_single_show+0x5c/0xb8
[<ffff0000082b27e0>] seq_read+0x160/0x414
[<ffff000008289e6c>] __vfs_read+0x58/0x164
[<ffff00000828b164>] vfs_read+0x88/0x144
[<ffff00000828c2e8>] SyS_read+0x60/0xc0
[<ffff0000080834a0>] __sys_trace_return+0x0/0x4
Fixes: 20380bb390a4 (arm64: ftrace: fix a stack tracer's output under function graph tracer)
Signed-off-by: Pratyush Anand <panand@redhat.com>
Signed-off-by: Jerome Marchand <jmarchan@redhat.com>
[catalin.marinas@arm.com: replace WARN_ON with WARN_ON_ONCE]
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/include/asm/stacktrace.h | 2 +-
arch/arm64/kernel/stacktrace.c | 5 +++++
arch/arm64/kernel/time.c | 2 +-
3 files changed, 7 insertions(+), 2 deletions(-)
--- a/arch/arm64/include/asm/stacktrace.h
+++ b/arch/arm64/include/asm/stacktrace.h
@@ -27,7 +27,7 @@ struct stackframe {
unsigned long fp;
unsigned long pc;
#ifdef CONFIG_FUNCTION_GRAPH_TRACER
- unsigned int graph;
+ int graph;
#endif
};
--- a/arch/arm64/kernel/stacktrace.c
+++ b/arch/arm64/kernel/stacktrace.c
@@ -59,6 +59,11 @@ int notrace unwind_frame(struct task_str
#ifdef CONFIG_FUNCTION_GRAPH_TRACER
if (tsk->ret_stack &&
(frame->pc == (unsigned long)return_to_handler)) {
+ if (WARN_ON_ONCE(frame->graph == -1))
+ return -EINVAL;
+ if (frame->graph < -1)
+ frame->graph += FTRACE_NOTRACE_DEPTH;
+
/*
* This is a case where function graph tracer has
* modified a return address (LR) in a stack frame
--- a/arch/arm64/kernel/time.c
+++ b/arch/arm64/kernel/time.c
@@ -52,7 +52,7 @@ unsigned long profile_pc(struct pt_regs
frame.fp = regs->regs[29];
frame.pc = regs->pc;
#ifdef CONFIG_FUNCTION_GRAPH_TRACER
- frame.graph = -1; /* no task info */
+ frame.graph = current->curr_ret_stack;
#endif
do {
int ret = unwind_frame(NULL, &frame);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 134/496] macvlan: fix use-after-free in macvlan_common_newlink()
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (122 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 133/496] arm64: fix unwind_frame() for filtered out fn for function graph tracing Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 135/496] KVM: nVMX: Dont halt vcpu when L1 is injecting events to L2 Greg Kroah-Hartman
` (345 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexey Kodanev, David S. Miller, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexey Kodanev <alexey.kodanev@oracle.com>
[ Upstream commit 4e14bf4236490306004782813b8b4494b18f5e60 ]
The following use-after-free was reported by KASan when running
LTP macvtap01 test on 4.16-rc2:
[10642.528443] BUG: KASAN: use-after-free in
macvlan_common_newlink+0x12ef/0x14a0 [macvlan]
[10642.626607] Read of size 8 at addr ffff880ba49f2100 by task ip/18450
...
[10642.963873] Call Trace:
[10642.994352] dump_stack+0x5c/0x7c
[10643.035325] print_address_description+0x75/0x290
[10643.092938] kasan_report+0x28d/0x390
[10643.137971] ? macvlan_common_newlink+0x12ef/0x14a0 [macvlan]
[10643.207963] macvlan_common_newlink+0x12ef/0x14a0 [macvlan]
[10643.275978] macvtap_newlink+0x171/0x260 [macvtap]
[10643.334532] rtnl_newlink+0xd4f/0x1300
...
[10646.256176] Allocated by task 18450:
[10646.299964] kasan_kmalloc+0xa6/0xd0
[10646.343746] kmem_cache_alloc_trace+0xf1/0x210
[10646.397826] macvlan_common_newlink+0x6de/0x14a0 [macvlan]
[10646.464386] macvtap_newlink+0x171/0x260 [macvtap]
[10646.522728] rtnl_newlink+0xd4f/0x1300
...
[10647.022028] Freed by task 18450:
[10647.061549] __kasan_slab_free+0x138/0x180
[10647.111468] kfree+0x9e/0x1c0
[10647.147869] macvlan_port_destroy+0x3db/0x650 [macvlan]
[10647.211411] rollback_registered_many+0x5b9/0xb10
[10647.268715] rollback_registered+0xd9/0x190
[10647.319675] register_netdevice+0x8eb/0xc70
[10647.370635] macvlan_common_newlink+0xe58/0x14a0 [macvlan]
[10647.437195] macvtap_newlink+0x171/0x260 [macvtap]
Commit d02fd6e7d293 ("macvlan: Fix one possible double free") handles
the case when register_netdevice() invokes ndo_uninit() on error and
as a result free the port. But 'macvlan_port_get_rtnl(dev))' check
(returns dev->rx_handler_data), which was added by this commit in order
to prevent double free, is not quite correct:
* for macvlan it always returns NULL because 'lowerdev' is the one that
was used to register rx handler (port) in macvlan_port_create() as
well as to unregister it in macvlan_port_destroy().
* for macvtap it always returns a valid pointer because macvtap registers
its own rx handler before macvlan_common_newlink().
Fixes: d02fd6e7d293 ("macvlan: Fix one possible double free")
Signed-off-by: Alexey Kodanev <alexey.kodanev@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/macvlan.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/macvlan.c
+++ b/drivers/net/macvlan.c
@@ -1448,7 +1448,7 @@ destroy_macvlan_port:
/* the macvlan port may be freed by macvlan_uninit when fail to register.
* so we destroy the macvlan port only when it's valid.
*/
- if (create && macvlan_port_get_rtnl(dev))
+ if (create && macvlan_port_get_rtnl(lowerdev))
macvlan_port_destroy(port->dev);
return err;
}
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 135/496] KVM: nVMX: Dont halt vcpu when L1 is injecting events to L2
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (123 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 134/496] macvlan: fix use-after-free in macvlan_common_newlink() Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 136/496] kvm: fix warning for CONFIG_HAVE_KVM_EVENTFD builds Greg Kroah-Hartman
` (344 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liran Alon, Chao Gao, Paolo Bonzini,
Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chao Gao <chao.gao@intel.com>
[ Upstream commit 135a06c3a515bbd17729eb04f4f26316d48363d7 ]
Although L2 is in halt state, it will be in the active state after
VM entry if the VM entry is vectoring according to SDM 26.6.2 Activity
State. Halting the vcpu here means the event won't be injected to L2
and this decision isn't reported to L1. Thus L0 drops an event that
should be injected to L2.
Cc: Liran Alon <liran.alon@oracle.com>
Reviewed-by: Liran Alon <liran.alon@oracle.com>
Signed-off-by: Chao Gao <chao.gao@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/vmx.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -11174,7 +11174,12 @@ static int nested_vmx_run(struct kvm_vcp
if (ret)
return ret;
- if (vmcs12->guest_activity_state == GUEST_ACTIVITY_HLT)
+ /*
+ * If we're entering a halted L2 vcpu and the L2 vcpu won't be woken
+ * by event injection, halt vcpu.
+ */
+ if ((vmcs12->guest_activity_state == GUEST_ACTIVITY_HLT) &&
+ !(vmcs12->vm_entry_intr_info_field & INTR_INFO_VALID_MASK))
return kvm_vcpu_halt(vcpu);
vmx->nested.nested_run_pending = 1;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 136/496] kvm: fix warning for CONFIG_HAVE_KVM_EVENTFD builds
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (124 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 135/496] KVM: nVMX: Dont halt vcpu when L1 is injecting events to L2 Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 137/496] ARM: dts: imx6dl: Include correct dtsi file for Engicam i.CoreM6 DualLite/Solo RQS Greg Kroah-Hartman
` (343 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sebastian Ott, Christian Borntraeger,
Paolo Bonzini, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sebastian Ott <sebott@linux.vnet.ibm.com>
[ Upstream commit 076467490b8176eb96eddc548a14d4135c7b5852 ]
Move the kvm_arch_irq_routing_update() prototype outside of
ifdef CONFIG_HAVE_KVM_EVENTFD guards to fix the following sparse warning:
arch/s390/kvm/../../../virt/kvm/irqchip.c:171:28: warning: symbol 'kvm_arch_irq_routing_update' was not declared. Should it be static?
Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/kvm_host.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -1104,7 +1104,6 @@ static inline void kvm_irq_routing_updat
{
}
#endif
-void kvm_arch_irq_routing_update(struct kvm *kvm);
static inline int kvm_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args)
{
@@ -1113,6 +1112,8 @@ static inline int kvm_ioeventfd(struct k
#endif /* CONFIG_HAVE_KVM_EVENTFD */
+void kvm_arch_irq_routing_update(struct kvm *kvm);
+
static inline void kvm_make_request(int req, struct kvm_vcpu *vcpu)
{
/*
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 137/496] ARM: dts: imx6dl: Include correct dtsi file for Engicam i.CoreM6 DualLite/Solo RQS
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (125 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 136/496] kvm: fix warning for CONFIG_HAVE_KVM_EVENTFD builds Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 138/496] fs: dcache: Avoid livelock between d_alloc_parallel and __d_add Greg Kroah-Hartman
` (342 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michael Trimarchi, Jagan Teki,
Shyam Saini, Fabio Estevam, Shawn Guo, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Shyam Saini <shyam@amarulasolutions.com>
[ Upstream commit c0c6bb2322964bd264b4ddedaa5776f40c709f0c ]
This patch fixes the wrongly included dtsi file which
was breaking mainline support for Engicam i.CoreM6 DualLite/Solo RQS.
As per the board name, the correct file should be imx6dl.dtsi instead
of imx6q.dtsi
Reported-by: Michael Trimarchi <michael@amarulasolutions.com>
Suggested-by: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Shyam Saini <shyam@amarulasolutions.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Fixes: 7a9caba55a61 ("ARM: dts: imx6dl: Add Engicam i.CoreM6 DualLite/Solo RQS initial support")
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/boot/dts/imx6dl-icore-rqs.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm/boot/dts/imx6dl-icore-rqs.dts
+++ b/arch/arm/boot/dts/imx6dl-icore-rqs.dts
@@ -42,7 +42,7 @@
/dts-v1/;
-#include "imx6q.dtsi"
+#include "imx6dl.dtsi"
#include "imx6qdl-icore-rqs.dtsi"
/ {
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 138/496] fs: dcache: Avoid livelock between d_alloc_parallel and __d_add
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (126 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 137/496] ARM: dts: imx6dl: Include correct dtsi file for Engicam i.CoreM6 DualLite/Solo RQS Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 139/496] fs: dcache: Use READ_ONCE when accessing i_dir_seq Greg Kroah-Hartman
` (341 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peter Zijlstra, Al Viro,
Naresh Madhusudana, Matthew Wilcox, Will Deacon, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Will Deacon <will.deacon@arm.com>
[ Upstream commit 015555fd4d2930bc0c86952c46ad88b3392f66e4 ]
If d_alloc_parallel runs concurrently with __d_add, it is possible for
d_alloc_parallel to continuously retry whilst i_dir_seq has been
incremented to an odd value by __d_add:
CPU0:
__d_add
n = start_dir_add(dir);
cmpxchg(&dir->i_dir_seq, n, n + 1) == n
CPU1:
d_alloc_parallel
retry:
seq = smp_load_acquire(&parent->d_inode->i_dir_seq) & ~1;
hlist_bl_lock(b);
bit_spin_lock(0, (unsigned long *)b); // Always succeeds
CPU0:
__d_lookup_done(dentry)
hlist_bl_lock
bit_spin_lock(0, (unsigned long *)b); // Never succeeds
CPU1:
if (unlikely(parent->d_inode->i_dir_seq != seq)) {
hlist_bl_unlock(b);
goto retry;
}
Since the simple bit_spin_lock used to implement hlist_bl_lock does not
provide any fairness guarantees, then CPU1 can starve CPU0 of the lock
and prevent it from reaching end_dir_add(dir), therefore CPU1 cannot
exit its retry loop because the sequence number always has the bottom
bit set.
This patch resolves the livelock by not taking hlist_bl_lock in
d_alloc_parallel if the sequence counter is odd, since any subsequent
masked comparison with i_dir_seq will fail anyway.
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Reported-by: Naresh Madhusudana <naresh.madhusudana@arm.com>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Matthew Wilcox <mawilcox@microsoft.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/dcache.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -2482,7 +2482,7 @@ struct dentry *d_alloc_parallel(struct d
retry:
rcu_read_lock();
- seq = smp_load_acquire(&parent->d_inode->i_dir_seq) & ~1;
+ seq = smp_load_acquire(&parent->d_inode->i_dir_seq);
r_seq = read_seqbegin(&rename_lock);
dentry = __d_lookup_rcu(parent, name, &d_seq);
if (unlikely(dentry)) {
@@ -2503,6 +2503,12 @@ retry:
rcu_read_unlock();
goto retry;
}
+
+ if (unlikely(seq & 1)) {
+ rcu_read_unlock();
+ goto retry;
+ }
+
hlist_bl_lock(b);
if (unlikely(parent->d_inode->i_dir_seq != seq)) {
hlist_bl_unlock(b);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 139/496] fs: dcache: Use READ_ONCE when accessing i_dir_seq
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (127 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 138/496] fs: dcache: Avoid livelock between d_alloc_parallel and __d_add Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 140/496] md: fix a potential deadlock of raid5/raid10 reshape Greg Kroah-Hartman
` (340 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peter Zijlstra, Will Deacon, Al Viro,
Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Will Deacon <will.deacon@arm.com>
[ Upstream commit 8cc07c808c9d595e81cbe5aad419b7769eb2e5c9 ]
i_dir_seq is subject to concurrent modification by a cmpxchg or
store-release operation, so ensure that the relaxed access in
d_alloc_parallel uses READ_ONCE.
Reported-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/dcache.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -2510,7 +2510,7 @@ retry:
}
hlist_bl_lock(b);
- if (unlikely(parent->d_inode->i_dir_seq != seq)) {
+ if (unlikely(READ_ONCE(parent->d_inode->i_dir_seq) != seq)) {
hlist_bl_unlock(b);
rcu_read_unlock();
goto retry;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 140/496] md: fix a potential deadlock of raid5/raid10 reshape
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (128 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 139/496] fs: dcache: Use READ_ONCE when accessing i_dir_seq Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 141/496] md/raid1: fix NULL pointer dereference Greg Kroah-Hartman
` (339 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alex Wu, Chung-Chiang Cheng,
BingJing Chang, Shaohua Li, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: BingJing Chang <bingjingc@synology.com>
[ Upstream commit 8876391e440ba615b10eef729576e111f0315f87 ]
There is a potential deadlock if mount/umount happens when
raid5_finish_reshape() tries to grow the size of emulated disk.
How the deadlock happens?
1) The raid5 resync thread finished reshape (expanding array).
2) The mount or umount thread holds VFS sb->s_umount lock and tries to
write through critical data into raid5 emulated block device. So it
waits for raid5 kernel thread handling stripes in order to finish it
I/Os.
3) In the routine of raid5 kernel thread, md_check_recovery() will be
called first in order to reap the raid5 resync thread. That is,
raid5_finish_reshape() will be called. In this function, it will try
to update conf and call VFS revalidate_disk() to grow the raid5
emulated block device. It will try to acquire VFS sb->s_umount lock.
The raid5 kernel thread cannot continue, so no one can handle mount/
umount I/Os (stripes). Once the write-through I/Os cannot be finished,
mount/umount will not release sb->s_umount lock. The deadlock happens.
The raid5 kernel thread is an emulated block device. It is responible to
handle I/Os (stripes) from upper layers. The emulated block device
should not request any I/Os on itself. That is, it should not call VFS
layer functions. (If it did, it will try to acquire VFS locks to
guarantee the I/Os sequence.) So we have the resync thread to send
resync I/O requests and to wait for the results.
For solving this potential deadlock, we can put the size growth of the
emulated block device as the final step of reshape thread.
2017/12/29:
Thanks to Guoqing Jiang <gqjiang@suse.com>,
we confirmed that there is the same deadlock issue in raid10. It's
reproducible and can be fixed by this patch. For raid10.c, we can remove
the similar code to prevent deadlock as well since they has been called
before.
Reported-by: Alex Wu <alexwu@synology.com>
Reviewed-by: Alex Wu <alexwu@synology.com>
Reviewed-by: Chung-Chiang Cheng <cccheng@synology.com>
Signed-off-by: BingJing Chang <bingjingc@synology.com>
Signed-off-by: Shaohua Li <sh.li@alibaba-inc.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/md.c | 13 +++++++++++++
drivers/md/raid10.c | 8 +-------
drivers/md/raid5.c | 8 +-------
3 files changed, 15 insertions(+), 14 deletions(-)
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -8522,6 +8522,19 @@ void md_do_sync(struct md_thread *thread
set_mask_bits(&mddev->sb_flags, 0,
BIT(MD_SB_CHANGE_PENDING) | BIT(MD_SB_CHANGE_DEVS));
+ if (test_bit(MD_RECOVERY_RESHAPE, &mddev->recovery) &&
+ !test_bit(MD_RECOVERY_INTR, &mddev->recovery) &&
+ mddev->delta_disks > 0 &&
+ mddev->pers->finish_reshape &&
+ mddev->pers->size &&
+ mddev->queue) {
+ mddev_lock_nointr(mddev);
+ md_set_array_sectors(mddev, mddev->pers->size(mddev, 0, 0));
+ mddev_unlock(mddev);
+ set_capacity(mddev->gendisk, mddev->array_sectors);
+ revalidate_disk(mddev->gendisk);
+ }
+
spin_lock(&mddev->lock);
if (!test_bit(MD_RECOVERY_INTR, &mddev->recovery)) {
/* We completed so min/max setting can be forgotten if used. */
--- a/drivers/md/raid10.c
+++ b/drivers/md/raid10.c
@@ -4693,17 +4693,11 @@ static void raid10_finish_reshape(struct
return;
if (mddev->delta_disks > 0) {
- sector_t size = raid10_size(mddev, 0, 0);
- md_set_array_sectors(mddev, size);
if (mddev->recovery_cp > mddev->resync_max_sectors) {
mddev->recovery_cp = mddev->resync_max_sectors;
set_bit(MD_RECOVERY_NEEDED, &mddev->recovery);
}
- mddev->resync_max_sectors = size;
- if (mddev->queue) {
- set_capacity(mddev->gendisk, mddev->array_sectors);
- revalidate_disk(mddev->gendisk);
- }
+ mddev->resync_max_sectors = mddev->array_sectors;
} else {
int d;
rcu_read_lock();
--- a/drivers/md/raid5.c
+++ b/drivers/md/raid5.c
@@ -8001,13 +8001,7 @@ static void raid5_finish_reshape(struct
if (!test_bit(MD_RECOVERY_INTR, &mddev->recovery)) {
- if (mddev->delta_disks > 0) {
- md_set_array_sectors(mddev, raid5_size(mddev, 0, 0));
- if (mddev->queue) {
- set_capacity(mddev->gendisk, mddev->array_sectors);
- revalidate_disk(mddev->gendisk);
- }
- } else {
+ if (mddev->delta_disks <= 0) {
int d;
spin_lock_irq(&conf->device_lock);
mddev->degraded = raid5_calc_degraded(conf);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 141/496] md/raid1: fix NULL pointer dereference
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (129 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 140/496] md: fix a potential deadlock of raid5/raid10 reshape Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 142/496] batman-adv: fix packet checksum in receive path Greg Kroah-Hartman
` (338 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, NeilBrown, Yufen Yu, Shaohua Li, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yufen Yu <yuyufen@huawei.com>
[ Upstream commit 3de59bb9d551428cbdc76a9ea57883f82e350b4d ]
In handle_write_finished(), if r1_bio->bios[m] != NULL, it thinks
the corresponding conf->mirrors[m].rdev is also not NULL. But, it
is not always true.
Even if some io hold replacement rdev(i.e. rdev->nr_pending.count > 0),
raid1_remove_disk() can also set the rdev as NULL. That means,
bios[m] != NULL, but mirrors[m].rdev is NULL, resulting in NULL
pointer dereference in handle_write_finished and sync_request_write.
This patch can fix BUGs as follows:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000140
IP: [<ffffffff815bbbbd>] raid1d+0x2bd/0xfc0
PGD 12ab52067 PUD 12f587067 PMD 0
Oops: 0000 [#1] SMP
CPU: 1 PID: 2008 Comm: md3_raid1 Not tainted 4.1.44+ #130
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1.fc26 04/01/2014
Call Trace:
? schedule+0x37/0x90
? prepare_to_wait_event+0x83/0xf0
md_thread+0x144/0x150
? wake_atomic_t_function+0x70/0x70
? md_start_sync+0xf0/0xf0
kthread+0xd8/0xf0
? kthread_worker_fn+0x160/0x160
ret_from_fork+0x42/0x70
? kthread_worker_fn+0x160/0x160
BUG: unable to handle kernel NULL pointer dereference at 00000000000000b8
IP: sync_request_write+0x9e/0x980
PGD 800000007c518067 P4D 800000007c518067 PUD 8002b067 PMD 0
Oops: 0000 [#1] SMP PTI
CPU: 24 PID: 2549 Comm: md3_raid1 Not tainted 4.15.0+ #118
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1.fc26 04/01/2014
Call Trace:
? sched_clock+0x5/0x10
? sched_clock_cpu+0xc/0xb0
? flush_pending_writes+0x3a/0xd0
? pick_next_task_fair+0x4d5/0x5f0
? __switch_to+0xa2/0x430
raid1d+0x65a/0x870
? find_pers+0x70/0x70
? find_pers+0x70/0x70
? md_thread+0x11c/0x160
md_thread+0x11c/0x160
? finish_wait+0x80/0x80
kthread+0x111/0x130
? kthread_create_worker_on_cpu+0x70/0x70
? do_syscall_64+0x6f/0x190
? SyS_exit_group+0x10/0x10
ret_from_fork+0x35/0x40
Reviewed-by: NeilBrown <neilb@suse.com>
Signed-off-by: Yufen Yu <yuyufen@huawei.com>
Signed-off-by: Shaohua Li <sh.li@alibaba-inc.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/raid1.c | 11 +++++++++++
1 file changed, 11 insertions(+)
--- a/drivers/md/raid1.c
+++ b/drivers/md/raid1.c
@@ -1813,6 +1813,17 @@ static int raid1_remove_disk(struct mdde
struct md_rdev *repl =
conf->mirrors[conf->raid_disks + number].rdev;
freeze_array(conf, 0);
+ if (atomic_read(&repl->nr_pending)) {
+ /* It means that some queued IO of retry_list
+ * hold repl. Thus, we cannot set replacement
+ * as NULL, avoiding rdev NULL pointer
+ * dereference in sync_request_write and
+ * handle_write_finished.
+ */
+ err = -EBUSY;
+ unfreeze_array(conf);
+ goto abort;
+ }
clear_bit(Replacement, &repl->flags);
p->rdev = repl;
conf->mirrors[conf->raid_disks + number].rdev = NULL;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 142/496] batman-adv: fix packet checksum in receive path
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (130 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 141/496] md/raid1: fix NULL pointer dereference Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 143/496] batman-adv: invalidate checksum on fragment reassembly Greg Kroah-Hartman
` (337 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maximilian Wilhelm,
Matthias Schiffer, Sven Eckelmann, Simon Wunderlich, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Matthias Schiffer <mschiffer@universe-factory.net>
[ Upstream commit abd6360591d3f8259f41c34e31ac4826dfe621b8 ]
eth_type_trans() internally calls skb_pull(), which does not adjust the
skb checksum; skb_postpull_rcsum() is necessary to avoid log spam of the
form "bat0: hw csum failure" when packets with CHECKSUM_COMPLETE are
received.
Note that in usual setups, packets don't reach batman-adv with
CHECKSUM_COMPLETE (I assume NICs bail out of checksumming when they see
batadv's ethtype?), which is why the log messages do not occur on every
system using batman-adv. I could reproduce this issue by stacking
batman-adv on top of a VXLAN interface.
Fixes: c6c8fea29769 ("net: Add batman-adv meshing protocol")
Tested-by: Maximilian Wilhelm <max@sdn.clinic>
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/batman-adv/soft-interface.c | 8 +-------
1 file changed, 1 insertion(+), 7 deletions(-)
--- a/net/batman-adv/soft-interface.c
+++ b/net/batman-adv/soft-interface.c
@@ -451,13 +451,7 @@ void batadv_interface_rx(struct net_devi
/* skb->dev & skb->pkt_type are set here */
skb->protocol = eth_type_trans(skb, soft_iface);
-
- /* should not be necessary anymore as we use skb_pull_rcsum()
- * TODO: please verify this and remove this TODO
- * -- Dec 21st 2009, Simon Wunderlich
- */
-
- /* skb->ip_summed = CHECKSUM_UNNECESSARY; */
+ skb_postpull_rcsum(skb, eth_hdr(skb), ETH_HLEN);
batadv_inc_counter(bat_priv, BATADV_CNT_RX);
batadv_add_counter(bat_priv, BATADV_CNT_RX_BYTES,
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 143/496] batman-adv: invalidate checksum on fragment reassembly
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (131 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 142/496] batman-adv: fix packet checksum in receive path Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 144/496] netfilter: ipt_CLUSTERIP: put config struct if we cant increment ct refcount Greg Kroah-Hartman
` (336 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maximilian Wilhelm,
Matthias Schiffer, Sven Eckelmann, Simon Wunderlich, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Matthias Schiffer <mschiffer@universe-factory.net>
[ Upstream commit 3bf2a09da956b43ecfaa630a2ef9a477f991a46a ]
A more sophisticated implementation could try to combine fragment checksums
when all fragments have CHECKSUM_COMPLETE and are split at even offsets.
For now, we just set ip_summed to CHECKSUM_NONE to avoid "hw csum failure"
warnings in the kernel log when fragmented frames are received. In
consequence, skb_pull_rcsum() can be replaced with skb_pull().
Note that in usual setups, packets don't reach batman-adv with
CHECKSUM_COMPLETE (I assume NICs bail out of checksumming when they see
batadv's ethtype?), which is why the log messages do not occur on every
system using batman-adv. I could reproduce this issue by stacking
batman-adv on top of a VXLAN interface.
Fixes: 610bfc6bc99b ("batman-adv: Receive fragmented packets and merge")
Tested-by: Maximilian Wilhelm <max@sdn.clinic>
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/batman-adv/fragmentation.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/net/batman-adv/fragmentation.c
+++ b/net/batman-adv/fragmentation.c
@@ -287,7 +287,8 @@ batadv_frag_merge_packets(struct hlist_h
/* Move the existing MAC header to just before the payload. (Override
* the fragment header.)
*/
- skb_pull_rcsum(skb_out, hdr_size);
+ skb_pull(skb_out, hdr_size);
+ skb_out->ip_summed = CHECKSUM_NONE;
memmove(skb_out->data - ETH_HLEN, skb_mac_header(skb_out), ETH_HLEN);
skb_set_mac_header(skb_out, -ETH_HLEN);
skb_reset_network_header(skb_out);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 144/496] netfilter: ipt_CLUSTERIP: put config struct if we cant increment ct refcount
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (132 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 143/496] batman-adv: invalidate checksum on fragment reassembly Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 145/496] netfilter: ipt_CLUSTERIP: put config instead of freeing it Greg Kroah-Hartman
` (335 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Florian Westphal, Pablo Neira Ayuso,
Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Florian Westphal <fw@strlen.de>
[ Upstream commit 8ae56822812ddedc26a152ab1916eb30120b4748 ]
This needs to put() the entry to avoid a resource leak in error path.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/netfilter/ipt_CLUSTERIP.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -492,12 +492,15 @@ static int clusterip_tg_check(const stru
return PTR_ERR(config);
}
}
- cipinfo->config = config;
ret = nf_ct_netns_get(par->net, par->family);
- if (ret < 0)
+ if (ret < 0) {
pr_info("cannot load conntrack support for proto=%u\n",
par->family);
+ clusterip_config_entry_put(par->net, config);
+ clusterip_config_put(config);
+ return ret;
+ }
if (!par->net->xt.clusterip_deprecated_warning) {
pr_info("ipt_CLUSTERIP is deprecated and it will removed soon, "
@@ -505,6 +508,7 @@ static int clusterip_tg_check(const stru
par->net->xt.clusterip_deprecated_warning = true;
}
+ cipinfo->config = config;
return ret;
}
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 145/496] netfilter: ipt_CLUSTERIP: put config instead of freeing it
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (133 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 144/496] netfilter: ipt_CLUSTERIP: put config struct if we cant increment ct refcount Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 146/496] netfilter: ebtables: convert BUG_ONs to WARN_ONs Greg Kroah-Hartman
` (334 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Florian Westphal, Pablo Neira Ayuso,
Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Florian Westphal <fw@strlen.de>
[ Upstream commit 1a9da5937386dbe553ffcf6c65d985bd48c347c5 ]
Once struct is added to per-netns list it becomes visible to other cpus,
so we cannot use kfree().
Also delay setting entries refcount to 1 until after everything is
initialised so that when we call clusterip_config_put() in this spot
entries is still zero.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/netfilter/ipt_CLUSTERIP.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -228,7 +228,6 @@ clusterip_config_init(struct net *net, c
c->hash_mode = i->hash_mode;
c->hash_initval = i->hash_initval;
refcount_set(&c->refcount, 1);
- refcount_set(&c->entries, 1);
spin_lock_bh(&cn->lock);
if (__clusterip_config_find(net, ip)) {
@@ -259,8 +258,10 @@ clusterip_config_init(struct net *net, c
c->notifier.notifier_call = clusterip_netdev_event;
err = register_netdevice_notifier(&c->notifier);
- if (!err)
+ if (!err) {
+ refcount_set(&c->entries, 1);
return c;
+ }
#ifdef CONFIG_PROC_FS
proc_remove(c->pde);
@@ -269,7 +270,7 @@ err:
spin_lock_bh(&cn->lock);
list_del_rcu(&c->list);
spin_unlock_bh(&cn->lock);
- kfree(c);
+ clusterip_config_put(c);
return ERR_PTR(err);
}
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 146/496] netfilter: ebtables: convert BUG_ONs to WARN_ONs
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (134 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 145/496] netfilter: ipt_CLUSTERIP: put config instead of freeing it Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 147/496] batman-adv: Ignore invalid batadv_iv_gw during netlink send Greg Kroah-Hartman
` (333 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Florian Westphal, Pablo Neira Ayuso,
Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Florian Westphal <fw@strlen.de>
[ Upstream commit fc6a5d0601c5ac1d02f283a46f60b87b2033e5ca ]
All of these conditions are not fatal and should have
been WARN_ONs from the get-go.
Convert them to WARN_ONs and bail out.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/bridge/netfilter/ebtables.c | 27 ++++++++++++++++++---------
1 file changed, 18 insertions(+), 9 deletions(-)
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -1641,7 +1641,8 @@ static int compat_match_to_user(struct e
int off = ebt_compat_match_offset(match, m->match_size);
compat_uint_t msize = m->match_size - off;
- BUG_ON(off >= m->match_size);
+ if (WARN_ON(off >= m->match_size))
+ return -EINVAL;
if (copy_to_user(cm->u.name, match->name,
strlen(match->name) + 1) || put_user(msize, &cm->match_size))
@@ -1671,7 +1672,8 @@ static int compat_target_to_user(struct
int off = xt_compat_target_offset(target);
compat_uint_t tsize = t->target_size - off;
- BUG_ON(off >= t->target_size);
+ if (WARN_ON(off >= t->target_size))
+ return -EINVAL;
if (copy_to_user(cm->u.name, target->name,
strlen(target->name) + 1) || put_user(tsize, &cm->match_size))
@@ -1907,7 +1909,8 @@ static int ebt_buf_add(struct ebt_entrie
if (state->buf_kern_start == NULL)
goto count_only;
- BUG_ON(state->buf_kern_offset + sz > state->buf_kern_len);
+ if (WARN_ON(state->buf_kern_offset + sz > state->buf_kern_len))
+ return -EINVAL;
memcpy(state->buf_kern_start + state->buf_kern_offset, data, sz);
@@ -1920,7 +1923,8 @@ static int ebt_buf_add_pad(struct ebt_en
{
char *b = state->buf_kern_start;
- BUG_ON(b && state->buf_kern_offset > state->buf_kern_len);
+ if (WARN_ON(b && state->buf_kern_offset > state->buf_kern_len))
+ return -EINVAL;
if (b != NULL && sz > 0)
memset(b + state->buf_kern_offset, 0, sz);
@@ -1997,8 +2001,10 @@ static int compat_mtw_from_user(struct c
pad = XT_ALIGN(size_kern) - size_kern;
if (pad > 0 && dst) {
- BUG_ON(state->buf_kern_len <= pad);
- BUG_ON(state->buf_kern_offset - (match_size + off) + size_kern > state->buf_kern_len - pad);
+ if (WARN_ON(state->buf_kern_len <= pad))
+ return -EINVAL;
+ if (WARN_ON(state->buf_kern_offset - (match_size + off) + size_kern > state->buf_kern_len - pad))
+ return -EINVAL;
memset(dst + size_kern, 0, pad);
}
return off + match_size;
@@ -2048,7 +2054,8 @@ static int ebt_size_mwt(struct compat_eb
if (ret < 0)
return ret;
- BUG_ON(ret < match32->match_size);
+ if (WARN_ON(ret < match32->match_size))
+ return -EINVAL;
growth += ret - match32->match_size;
growth += ebt_compat_entry_padsize();
@@ -2157,7 +2164,8 @@ static int size_entry_mwt(struct ebt_ent
startoff = state->buf_user_offset - startoff;
- BUG_ON(*total < startoff);
+ if (WARN_ON(*total < startoff))
+ return -EINVAL;
*total -= startoff;
return 0;
}
@@ -2286,7 +2294,8 @@ static int compat_do_replace(struct net
state.buf_kern_len = size64;
ret = compat_copy_entries(entries_tmp, tmp.entries_size, &state);
- BUG_ON(ret < 0); /* parses same data again */
+ if (WARN_ON(ret < 0))
+ goto out_unlock;
vfree(entries_tmp);
tmp.entries_size = size64;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 147/496] batman-adv: Ignore invalid batadv_iv_gw during netlink send
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (135 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 146/496] netfilter: ebtables: convert BUG_ONs to WARN_ONs Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 148/496] batman-adv: Ignore invalid batadv_v_gw " Greg Kroah-Hartman
` (332 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sven Eckelmann, Simon Wunderlich,
Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sven Eckelmann <sven.eckelmann@openmesh.com>
[ Upstream commit 10d570284258a30dc104c50787c5289ec49f3d23 ]
The function batadv_iv_gw_dump stops the processing loop when
batadv_iv_gw_dump_entry returns a non-0 return code. This should only
happen when the buffer is full. Otherwise, an empty message may be
returned by batadv_gw_dump. This empty message will then stop the netlink
dumping of gateway entries. At worst, not a single entry is returned to
userspace even when plenty of possible gateways exist.
Fixes: efb766af06e3 ("batman-adv: add B.A.T.M.A.N. IV bat_gw_dump implementations")
Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/batman-adv/bat_iv_ogm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/batman-adv/bat_iv_ogm.c
+++ b/net/batman-adv/bat_iv_ogm.c
@@ -2719,7 +2719,7 @@ static int batadv_iv_gw_dump_entry(struc
struct batadv_neigh_ifinfo *router_ifinfo = NULL;
struct batadv_neigh_node *router;
struct batadv_gw_node *curr_gw;
- int ret = -EINVAL;
+ int ret = 0;
void *hdr;
router = batadv_orig_router_get(gw_node->orig_node, BATADV_IF_DEFAULT);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 148/496] batman-adv: Ignore invalid batadv_v_gw during netlink send
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (136 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 147/496] batman-adv: Ignore invalid batadv_iv_gw during netlink send Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 151/496] nvme-pci: Fix nvme queue cleanup if IRQ setup fails Greg Kroah-Hartman
` (331 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sven Eckelmann, Simon Wunderlich,
Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sven Eckelmann <sven.eckelmann@openmesh.com>
[ Upstream commit 011c935fceae5252619ef730baa610c655281dda ]
The function batadv_v_gw_dump stops the processing loop when
batadv_v_gw_dump_entry returns a non-0 return code. This should only
happen when the buffer is full. Otherwise, an empty message may be
returned by batadv_gw_dump. This empty message will then stop the netlink
dumping of gateway entries. At worst, not a single entry is returned to
userspace even when plenty of possible gateways exist.
Fixes: b71bb6f924fe ("batman-adv: add B.A.T.M.A.N. V bat_gw_dump implementations")
Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/batman-adv/bat_v.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/batman-adv/bat_v.c
+++ b/net/batman-adv/bat_v.c
@@ -930,7 +930,7 @@ static int batadv_v_gw_dump_entry(struct
struct batadv_neigh_ifinfo *router_ifinfo = NULL;
struct batadv_neigh_node *router;
struct batadv_gw_node *curr_gw;
- int ret = -EINVAL;
+ int ret = 0;
void *hdr;
router = batadv_orig_router_get(gw_node->orig_node, BATADV_IF_DEFAULT);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 151/496] nvme-pci: Fix nvme queue cleanup if IRQ setup fails
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (137 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 148/496] batman-adv: Ignore invalid batadv_v_gw " Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 152/496] clocksource/drivers/fsl_ftm_timer: Fix error return checking Greg Kroah-Hartman
` (330 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jianchao Wang, Keith Busch, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jianchao Wang <jianchao.w.wang@oracle.com>
[ Upstream commit f25a2dfc20e3a3ed8fe6618c331799dd7bd01190 ]
This patch fixes nvme queue cleanup if requesting an IRQ handler for
the queue's vector fails. It does this by resetting the cq_vector to
the uninitialized value of -1 so it is ignored for a controller reset.
Signed-off-by: Jianchao Wang <jianchao.w.wang@oracle.com>
[changelog updates, removed misc whitespace changes]
Signed-off-by: Keith Busch <keith.busch@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/nvme/host/pci.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/drivers/nvme/host/pci.c
+++ b/drivers/nvme/host/pci.c
@@ -1322,7 +1322,7 @@ static int nvme_create_queue(struct nvme
nvmeq->cq_vector = qid - 1;
result = adapter_alloc_cq(dev, qid, nvmeq);
if (result < 0)
- return result;
+ goto release_vector;
result = adapter_alloc_sq(dev, qid, nvmeq);
if (result < 0)
@@ -1336,9 +1336,12 @@ static int nvme_create_queue(struct nvme
return result;
release_sq:
+ dev->online_queues--;
adapter_delete_sq(dev, qid);
release_cq:
adapter_delete_cq(dev, qid);
+ release_vector:
+ nvmeq->cq_vector = -1;
return result;
}
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 152/496] clocksource/drivers/fsl_ftm_timer: Fix error return checking
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (138 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 151/496] nvme-pci: Fix nvme queue cleanup if IRQ setup fails Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 153/496] libceph, ceph: avoid memory leak when specifying same option several times Greg Kroah-Hartman
` (329 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Colin Ian King, Thomas Gleixner,
Daniel Lezcano, kernel-janitors, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Colin Ian King <colin.king@canonical.com>
[ Upstream commit f287eb9013ccf199cbfa4eabd80c36fedfc15a73 ]
The error checks on freq for a negative error return always fails because
freq is unsigned and can never be negative. Fix this by making freq a
signed long.
Detected with Coccinelle:
drivers/clocksource/fsl_ftm_timer.c:287:5-9: WARNING: Unsigned expression
compared with zero: freq <= 0
drivers/clocksource/fsl_ftm_timer.c:291:5-9: WARNING: Unsigned expression
compared with zero: freq <= 0
Fixes: 2529c3a33079 ("clocksource: Add Freescale FlexTimer Module (FTM) timer support")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Daniel Lezcano <daniel.lezcano@linaro.org>
Cc: kernel-janitors@vger.kernel.org
Link: https://lkml.kernel.org/r/20180226113614.3092-1-colin.king@canonical.com
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/clocksource/fsl_ftm_timer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/clocksource/fsl_ftm_timer.c
+++ b/drivers/clocksource/fsl_ftm_timer.c
@@ -281,7 +281,7 @@ static int __init __ftm_clk_init(struct
static unsigned long __init ftm_clk_init(struct device_node *np)
{
- unsigned long freq;
+ long freq;
freq = __ftm_clk_init(np, "ftm-evt-counter-en", "ftm-evt");
if (freq <= 0)
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 153/496] libceph, ceph: avoid memory leak when specifying same option several times
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (139 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 152/496] clocksource/drivers/fsl_ftm_timer: Fix error return checking Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.14 154/496] ceph: fix dentry leak when failing to init debugfs Greg Kroah-Hartman
` (328 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chengguang Xu, Ilya Dryomov, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chengguang Xu <cgxu519@icloud.com>
[ Upstream commit 937441f3a3158d5510ca8cc78a82453f57a96365 ]
When parsing string option, in order to avoid memory leak we need to
carefully free it first in case of specifying same option several times.
Signed-off-by: Chengguang Xu <cgxu519@icloud.com>
Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ceph/super.c | 2 ++
net/ceph/ceph_common.c | 7 +++++++
2 files changed, 9 insertions(+)
--- a/fs/ceph/super.c
+++ b/fs/ceph/super.c
@@ -224,6 +224,7 @@ static int parse_fsopt_token(char *c, vo
return -ENOMEM;
break;
case Opt_mds_namespace:
+ kfree(fsopt->mds_namespace);
fsopt->mds_namespace = kstrndup(argstr[0].from,
argstr[0].to-argstr[0].from,
GFP_KERNEL);
@@ -231,6 +232,7 @@ static int parse_fsopt_token(char *c, vo
return -ENOMEM;
break;
case Opt_fscache_uniq:
+ kfree(fsopt->fscache_uniq);
fsopt->fscache_uniq = kstrndup(argstr[0].from,
argstr[0].to-argstr[0].from,
GFP_KERNEL);
--- a/net/ceph/ceph_common.c
+++ b/net/ceph/ceph_common.c
@@ -418,11 +418,15 @@ ceph_parse_options(char *options, const
opt->flags |= CEPH_OPT_FSID;
break;
case Opt_name:
+ kfree(opt->name);
opt->name = kstrndup(argstr[0].from,
argstr[0].to-argstr[0].from,
GFP_KERNEL);
break;
case Opt_secret:
+ ceph_crypto_key_destroy(opt->key);
+ kfree(opt->key);
+
opt->key = kzalloc(sizeof(*opt->key), GFP_KERNEL);
if (!opt->key) {
err = -ENOMEM;
@@ -433,6 +437,9 @@ ceph_parse_options(char *options, const
goto out;
break;
case Opt_key:
+ ceph_crypto_key_destroy(opt->key);
+ kfree(opt->key);
+
opt->key = kzalloc(sizeof(*opt->key), GFP_KERNEL);
if (!opt->key) {
err = -ENOMEM;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 154/496] ceph: fix dentry leak when failing to init debugfs
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (140 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 153/496] libceph, ceph: avoid memory leak when specifying same option several times Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 155/496] xen/pvcalls: fix null pointer dereference on map->sock Greg Kroah-Hartman
` (327 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chengguang Xu, Yan, Zheng,
Ilya Dryomov, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chengguang Xu <cgxu519@icloud.com>
[ Upstream commit 18106734b512664a8541026519ce4b862498b6c3 ]
When failing from ceph_fs_debugfs_init() in ceph_real_mount(),
there is lack of dput of root_dentry and it causes slab errors,
so change the calling order of ceph_fs_debugfs_init() and
open_root_dentry() and do some cleanups to avoid this issue.
Signed-off-by: Chengguang Xu <cgxu519@icloud.com>
Reviewed-by: "Yan, Zheng" <zyan@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ceph/super.c | 16 +++++-----------
1 file changed, 5 insertions(+), 11 deletions(-)
--- a/fs/ceph/super.c
+++ b/fs/ceph/super.c
@@ -837,7 +837,6 @@ static struct dentry *ceph_real_mount(st
int err;
unsigned long started = jiffies; /* note the start time */
struct dentry *root;
- int first = 0; /* first vfsmount for this super_block */
dout("mount start %p\n", fsc);
mutex_lock(&fsc->client->mount_mutex);
@@ -862,17 +861,17 @@ static struct dentry *ceph_real_mount(st
path = fsc->mount_options->server_path + 1;
dout("mount opening path %s\n", path);
}
+
+ err = ceph_fs_debugfs_init(fsc);
+ if (err < 0)
+ goto out;
+
root = open_root_dentry(fsc, path, started);
if (IS_ERR(root)) {
err = PTR_ERR(root);
goto out;
}
fsc->sb->s_root = dget(root);
- first = 1;
-
- err = ceph_fs_debugfs_init(fsc);
- if (err < 0)
- goto fail;
} else {
root = dget(fsc->sb->s_root);
}
@@ -882,11 +881,6 @@ static struct dentry *ceph_real_mount(st
mutex_unlock(&fsc->client->mount_mutex);
return root;
-fail:
- if (first) {
- dput(fsc->sb->s_root);
- fsc->sb->s_root = NULL;
- }
out:
mutex_unlock(&fsc->client->mount_mutex);
return ERR_PTR(err);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 155/496] xen/pvcalls: fix null pointer dereference on map->sock
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (141 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.14 154/496] ceph: fix dentry leak when failing to init debugfs Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 156/496] ARM: orion5x: Revert commit 4904dbda41c8 Greg Kroah-Hartman
` (326 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Colin Ian King, Juergen Gross, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Colin Ian King <colin.king@canonical.com>
[ Upstream commit 68d2059be660944152ba667e43c3b4ec225974bc ]
Currently if map is null then a potential null pointer deference
occurs when calling sock_release on map->sock. I believe the
actual intention was to call sock_release on sock instead. Fix
this.
Fixes: 5db4d286a8ef ("xen/pvcalls: implement connect command")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/xen/pvcalls-back.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/xen/pvcalls-back.c
+++ b/drivers/xen/pvcalls-back.c
@@ -424,7 +424,7 @@ static int pvcalls_back_connect(struct x
sock);
if (!map) {
ret = -EFAULT;
- sock_release(map->sock);
+ sock_release(sock);
}
out:
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 156/496] ARM: orion5x: Revert commit 4904dbda41c8.
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (142 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 155/496] xen/pvcalls: fix null pointer dereference on map->sock Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 157/496] qrtr: add MODULE_ALIAS macro to smd Greg Kroah-Hartman
` (325 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, David S. Miller, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: "David S. Miller" <davem@davemloft.net>
[ Upstream commit 13a55372b64e00e564a08d785ca87bd9d454ba30 ]
It is not valid for orion5x to use mac_pton().
First of all, the orion5x buffer is not NULL terminated. mac_pton()
has no business operating on non-NULL terminated buffers because
only the caller can know that this is valid and in what manner it
is ok to parse this NULL'less buffer.
Second of all, orion5x operates on an __iomem pointer, which cannot
be dereferenced using normal C pointer operations. Accesses to
such areas much be performed with the proper iomem accessors.
Fixes: 4904dbda41c8 ("ARM: orion5x: use mac_pton() helper")
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/mach-orion5x/Kconfig | 3 -
arch/arm/mach-orion5x/dns323-setup.c | 53 +++++++++++++++++++++++++++++++++--
arch/arm/mach-orion5x/tsx09-common.c | 49 +++++++++++++++++++++++++++++---
3 files changed, 95 insertions(+), 10 deletions(-)
--- a/arch/arm/mach-orion5x/Kconfig
+++ b/arch/arm/mach-orion5x/Kconfig
@@ -58,7 +58,6 @@ config MACH_KUROBOX_PRO
config MACH_DNS323
bool "D-Link DNS-323"
- select GENERIC_NET_UTILS
select I2C_BOARDINFO if I2C
help
Say 'Y' here if you want your kernel to support the
@@ -66,7 +65,6 @@ config MACH_DNS323
config MACH_TS209
bool "QNAP TS-109/TS-209"
- select GENERIC_NET_UTILS
help
Say 'Y' here if you want your kernel to support the
QNAP TS-109/TS-209 platform.
@@ -101,7 +99,6 @@ config MACH_LINKSTATION_LS_HGL
config MACH_TS409
bool "QNAP TS-409"
- select GENERIC_NET_UTILS
help
Say 'Y' here if you want your kernel to support the
QNAP TS-409 platform.
--- a/arch/arm/mach-orion5x/dns323-setup.c
+++ b/arch/arm/mach-orion5x/dns323-setup.c
@@ -173,10 +173,42 @@ static struct mv643xx_eth_platform_data
.phy_addr = MV643XX_ETH_PHY_ADDR(8),
};
+/* dns323_parse_hex_*() taken from tsx09-common.c; should a common copy of these
+ * functions be kept somewhere?
+ */
+static int __init dns323_parse_hex_nibble(char n)
+{
+ if (n >= '0' && n <= '9')
+ return n - '0';
+
+ if (n >= 'A' && n <= 'F')
+ return n - 'A' + 10;
+
+ if (n >= 'a' && n <= 'f')
+ return n - 'a' + 10;
+
+ return -1;
+}
+
+static int __init dns323_parse_hex_byte(const char *b)
+{
+ int hi;
+ int lo;
+
+ hi = dns323_parse_hex_nibble(b[0]);
+ lo = dns323_parse_hex_nibble(b[1]);
+
+ if (hi < 0 || lo < 0)
+ return -1;
+
+ return (hi << 4) | lo;
+}
+
static int __init dns323_read_mac_addr(void)
{
u_int8_t addr[6];
- void __iomem *mac_page;
+ int i;
+ char *mac_page;
/* MAC address is stored as a regular ol' string in /dev/mtdblock4
* (0x007d0000-0x00800000) starting at offset 196480 (0x2ff80).
@@ -185,8 +217,23 @@ static int __init dns323_read_mac_addr(v
if (!mac_page)
return -ENOMEM;
- if (!mac_pton((__force const char *) mac_page, addr))
- goto error_fail;
+ /* Sanity check the string we're looking at */
+ for (i = 0; i < 5; i++) {
+ if (*(mac_page + (i * 3) + 2) != ':') {
+ goto error_fail;
+ }
+ }
+
+ for (i = 0; i < 6; i++) {
+ int byte;
+
+ byte = dns323_parse_hex_byte(mac_page + (i * 3));
+ if (byte < 0) {
+ goto error_fail;
+ }
+
+ addr[i] = byte;
+ }
iounmap(mac_page);
printk("DNS-323: Found ethernet MAC address: %pM\n", addr);
--- a/arch/arm/mach-orion5x/tsx09-common.c
+++ b/arch/arm/mach-orion5x/tsx09-common.c
@@ -53,12 +53,53 @@ struct mv643xx_eth_platform_data qnap_ts
.phy_addr = MV643XX_ETH_PHY_ADDR(8),
};
+static int __init qnap_tsx09_parse_hex_nibble(char n)
+{
+ if (n >= '0' && n <= '9')
+ return n - '0';
+
+ if (n >= 'A' && n <= 'F')
+ return n - 'A' + 10;
+
+ if (n >= 'a' && n <= 'f')
+ return n - 'a' + 10;
+
+ return -1;
+}
+
+static int __init qnap_tsx09_parse_hex_byte(const char *b)
+{
+ int hi;
+ int lo;
+
+ hi = qnap_tsx09_parse_hex_nibble(b[0]);
+ lo = qnap_tsx09_parse_hex_nibble(b[1]);
+
+ if (hi < 0 || lo < 0)
+ return -1;
+
+ return (hi << 4) | lo;
+}
+
static int __init qnap_tsx09_check_mac_addr(const char *addr_str)
{
u_int8_t addr[6];
+ int i;
- if (!mac_pton(addr_str, addr))
- return -1;
+ for (i = 0; i < 6; i++) {
+ int byte;
+
+ /*
+ * Enforce "xx:xx:xx:xx:xx:xx\n" format.
+ */
+ if (addr_str[(i * 3) + 2] != ((i < 5) ? ':' : '\n'))
+ return -1;
+
+ byte = qnap_tsx09_parse_hex_byte(addr_str + (i * 3));
+ if (byte < 0)
+ return -1;
+ addr[i] = byte;
+ }
printk(KERN_INFO "tsx09: found ethernet mac address %pM\n", addr);
@@ -77,12 +118,12 @@ void __init qnap_tsx09_find_mac_addr(u32
unsigned long addr;
for (addr = mem_base; addr < (mem_base + size); addr += 1024) {
- void __iomem *nor_page;
+ char *nor_page;
int ret = 0;
nor_page = ioremap(addr, 1024);
if (nor_page != NULL) {
- ret = qnap_tsx09_check_mac_addr((__force const char *)nor_page);
+ ret = qnap_tsx09_check_mac_addr(nor_page);
iounmap(nor_page);
}
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 157/496] qrtr: add MODULE_ALIAS macro to smd
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (143 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 156/496] ARM: orion5x: Revert commit 4904dbda41c8 Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 159/496] r8152: fix tx packets accounting Greg Kroah-Hartman
` (324 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ramon Fried, David S. Miller, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ramon Fried <rfried@codeaurora.org>
[ Upstream commit c77f5fbbefc04612755117775e8555c2a7006cac ]
Added MODULE_ALIAS("rpmsg:IPCRTR") to ensure qrtr-smd and qrtr will load
when IPCRTR channel is detected.
Signed-off-by: Ramon Fried <rfried@codeaurora.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/qrtr/smd.c | 1 +
1 file changed, 1 insertion(+)
--- a/net/qrtr/smd.c
+++ b/net/qrtr/smd.c
@@ -114,5 +114,6 @@ static struct rpmsg_driver qcom_smd_qrtr
module_rpmsg_driver(qcom_smd_qrtr_driver);
+MODULE_ALIAS("rpmsg:IPCRTR");
MODULE_DESCRIPTION("Qualcomm IPC-Router SMD interface driver");
MODULE_LICENSE("GPL v2");
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 159/496] r8152: fix tx packets accounting
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (144 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 157/496] qrtr: add MODULE_ALIAS macro to smd Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 160/496] virtio-gpu: fix ioctl and expose the fixed status to userspace Greg Kroah-Hartman
` (323 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet, David S. Miller, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 4c27bf3c5b7434ccb9ab962301da661c26b467a4 ]
r8152 driver handles TSO packets (limited to ~16KB) quite well,
but pretends each TSO logical packet is a single packet on the wire.
There is also some error since headers are accounted once, but
error rate is small enough that we do not care.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/usb/r8152.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/usb/r8152.c
+++ b/drivers/net/usb/r8152.c
@@ -1793,7 +1793,7 @@ static int r8152_tx_agg_fill(struct r815
tx_data += len;
agg->skb_len += len;
- agg->skb_num++;
+ agg->skb_num += skb_shinfo(skb)->gso_segs ?: 1;
dev_kfree_skb_any(skb);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 160/496] virtio-gpu: fix ioctl and expose the fixed status to userspace.
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (145 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 159/496] r8152: fix tx packets accounting Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 161/496] dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3 Greg Kroah-Hartman
` (322 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dave Airlie, Gerd Hoffmann, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dave Airlie <airlied@redhat.com>
[ Upstream commit 9a191b114906457c4b2494c474f58ae4142d4e67 ]
This exposes to mesa that it can use the fixed ioctl for querying
later cap sets, cap set 1 is forever frozen in time.
Signed-off-by: Dave Airlie <airlied@redhat.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20180221015003.22884-1-airlied@gmail.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/virtio/virtgpu_ioctl.c | 17 +++++++++++------
include/uapi/drm/virtgpu_drm.h | 1 +
2 files changed, 12 insertions(+), 6 deletions(-)
--- a/drivers/gpu/drm/virtio/virtgpu_ioctl.c
+++ b/drivers/gpu/drm/virtio/virtgpu_ioctl.c
@@ -196,6 +196,9 @@ static int virtio_gpu_getparam_ioctl(str
case VIRTGPU_PARAM_3D_FEATURES:
value = vgdev->has_virgl_3d == true ? 1 : 0;
break;
+ case VIRTGPU_PARAM_CAPSET_QUERY_FIX:
+ value = 1;
+ break;
default:
return -EINVAL;
}
@@ -471,7 +474,7 @@ static int virtio_gpu_get_caps_ioctl(str
{
struct virtio_gpu_device *vgdev = dev->dev_private;
struct drm_virtgpu_get_caps *args = data;
- int size;
+ unsigned size, host_caps_size;
int i;
int found_valid = -1;
int ret;
@@ -480,6 +483,10 @@ static int virtio_gpu_get_caps_ioctl(str
if (vgdev->num_capsets == 0)
return -ENOSYS;
+ /* don't allow userspace to pass 0 */
+ if (args->size == 0)
+ return -EINVAL;
+
spin_lock(&vgdev->display_info_lock);
for (i = 0; i < vgdev->num_capsets; i++) {
if (vgdev->capsets[i].id == args->cap_set_id) {
@@ -495,11 +502,9 @@ static int virtio_gpu_get_caps_ioctl(str
return -EINVAL;
}
- size = vgdev->capsets[found_valid].max_size;
- if (args->size > size) {
- spin_unlock(&vgdev->display_info_lock);
- return -EINVAL;
- }
+ host_caps_size = vgdev->capsets[found_valid].max_size;
+ /* only copy to user the minimum of the host caps size or the guest caps size */
+ size = min(args->size, host_caps_size);
list_for_each_entry(cache_ent, &vgdev->cap_cache, head) {
if (cache_ent->id == args->cap_set_id &&
--- a/include/uapi/drm/virtgpu_drm.h
+++ b/include/uapi/drm/virtgpu_drm.h
@@ -63,6 +63,7 @@ struct drm_virtgpu_execbuffer {
};
#define VIRTGPU_PARAM_3D_FEATURES 1 /* do we have 3D features in the hw */
+#define VIRTGPU_PARAM_CAPSET_QUERY_FIX 2 /* do we have the capset fix */
struct drm_virtgpu_getparam {
__u64 param;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 161/496] dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (146 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 160/496] virtio-gpu: fix ioctl and expose the fixed status to userspace Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 162/496] bcache: fix kcrashes with fio in RAID5 backend dev Greg Kroah-Hartman
` (321 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yoshihiro Shimoda, Simon Horman,
Vinod Koul, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
[ Upstream commit d716d9b702bb759dd6fb50804f10a174bd156d71 ]
According to R-Car Gen3 Rev.0.80 manual, the DMATCR can be set to
16,777,215 as maximum. So, this patch fixes the max_chunk_size for
safety on all of SoCs. Otherwise, a system may hang if the DMATCR
is set to 0 on R-Car Gen3.
Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
Reviewed-by: Simon Horman <horms+renesas@verge.net.au>
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/dma/sh/rcar-dmac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/dma/sh/rcar-dmac.c
+++ b/drivers/dma/sh/rcar-dmac.c
@@ -880,7 +880,7 @@ rcar_dmac_chan_prep_sg(struct rcar_dmac_
rcar_dmac_chan_configure_desc(chan, desc);
- max_chunk_size = (RCAR_DMATCR_MASK + 1) << desc->xfer_shift;
+ max_chunk_size = RCAR_DMATCR_MASK << desc->xfer_shift;
/*
* Allocate and fill the transfer chunk descriptors. We own the only
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 162/496] bcache: fix kcrashes with fio in RAID5 backend dev
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (147 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 161/496] dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3 Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 163/496] ip_gre: fix IFLA_MTU ignored on NEWLINK Greg Kroah-Hartman
` (320 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Matthias Ferdinand, Tang Junhui,
Michael Lyle, Jens Axboe, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tang Junhui <tang.junhui@zte.com.cn>
[ Upstream commit 60eb34ec5526e264c2bbaea4f7512d714d791caf ]
Kernel crashed when run fio in a RAID5 backend bcache device, the call
trace is bellow:
[ 440.012034] kernel BUG at block/blk-ioc.c:146!
[ 440.012696] invalid opcode: 0000 [#1] SMP NOPTI
[ 440.026537] CPU: 2 PID: 2205 Comm: md127_raid5 Not tainted 4.15.0 #8
[ 440.027441] Hardware name: HP ProLiant MicroServer Gen8, BIOS J06 07/16
/2015
[ 440.028615] RIP: 0010:put_io_context+0x8b/0x90
[ 440.029246] RSP: 0018:ffffa8c882b43af8 EFLAGS: 00010246
[ 440.029990] RAX: 0000000000000000 RBX: ffffa8c88294fca0 RCX: 0000000000
0f4240
[ 440.031006] RDX: 0000000000000004 RSI: 0000000000000286 RDI: ffffa8c882
94fca0
[ 440.032030] RBP: ffffa8c882b43b10 R08: 0000000000000003 R09: ffff949cb8
0c1700
[ 440.033206] R10: 0000000000000104 R11: 000000000000b71c R12: 00000000000
01000
[ 440.034222] R13: 0000000000000000 R14: ffff949cad84db70 R15: ffff949cb11
bd1e0
[ 440.035239] FS: 0000000000000000(0000) GS:ffff949cba280000(0000) knlGS:
0000000000000000
[ 440.060190] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 440.084967] CR2: 00007ff0493ef000 CR3: 00000002f1e0a002 CR4: 00000000001
606e0
[ 440.110498] Call Trace:
[ 440.135443] bio_disassociate_task+0x1b/0x60
[ 440.160355] bio_free+0x1b/0x60
[ 440.184666] bio_put+0x23/0x30
[ 440.208272] search_free+0x23/0x40 [bcache]
[ 440.231448] cached_dev_write_complete+0x31/0x70 [bcache]
[ 440.254468] closure_put+0xb6/0xd0 [bcache]
[ 440.277087] request_endio+0x30/0x40 [bcache]
[ 440.298703] bio_endio+0xa1/0x120
[ 440.319644] handle_stripe+0x418/0x2270 [raid456]
[ 440.340614] ? load_balance+0x17b/0x9c0
[ 440.360506] handle_active_stripes.isra.58+0x387/0x5a0 [raid456]
[ 440.380675] ? __release_stripe+0x15/0x20 [raid456]
[ 440.400132] raid5d+0x3ed/0x5d0 [raid456]
[ 440.419193] ? schedule+0x36/0x80
[ 440.437932] ? schedule_timeout+0x1d2/0x2f0
[ 440.456136] md_thread+0x122/0x150
[ 440.473687] ? wait_woken+0x80/0x80
[ 440.491411] kthread+0x102/0x140
[ 440.508636] ? find_pers+0x70/0x70
[ 440.524927] ? kthread_associate_blkcg+0xa0/0xa0
[ 440.541791] ret_from_fork+0x35/0x40
[ 440.558020] Code: c2 48 00 5b 41 5c 41 5d 5d c3 48 89 c6 4c 89 e7 e8 bb c2
48 00 48 8b 3d bc 36 4b 01 48 89 de e8 7c f7 e0 ff 5b 41 5c 41 5d 5d c3 <0f> 0b
0f 1f 00 0f 1f 44 00 00 55 48 8d 47 b8 48 89 e5 41 57 41
[ 440.610020] RIP: put_io_context+0x8b/0x90 RSP: ffffa8c882b43af8
[ 440.628575] ---[ end trace a1fd79d85643a73e ]--
All the crash issue happened when a bypass IO coming, in such scenario
s->iop.bio is pointed to the s->orig_bio. In search_free(), it finishes the
s->orig_bio by calling bio_complete(), and after that, s->iop.bio became
invalid, then kernel would crash when calling bio_put(). Maybe its upper
layer's faulty, since bio should not be freed before we calling bio_put(),
but we'd better calling bio_put() first before calling bio_complete() to
notify upper layer ending this bio.
This patch moves bio_complete() under bio_put() to avoid kernel crash.
[mlyle: fixed commit subject for character limits]
Reported-by: Matthias Ferdinand <bcache@mfedv.net>
Tested-by: Matthias Ferdinand <bcache@mfedv.net>
Signed-off-by: Tang Junhui <tang.junhui@zte.com.cn>
Reviewed-by: Michael Lyle <mlyle@lyle.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/bcache/request.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/md/bcache/request.c
+++ b/drivers/md/bcache/request.c
@@ -651,11 +651,11 @@ static void do_bio_hook(struct search *s
static void search_free(struct closure *cl)
{
struct search *s = container_of(cl, struct search, cl);
- bio_complete(s);
if (s->iop.bio)
bio_put(s->iop.bio);
+ bio_complete(s);
closure_debug_destroy(cl);
mempool_free(s, s->d->c->search);
}
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 163/496] ip_gre: fix IFLA_MTU ignored on NEWLINK
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (148 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 162/496] bcache: fix kcrashes with fio in RAID5 backend dev Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 164/496] ip6_tunnel: " Greg Kroah-Hartman
` (319 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Garver, Xin Long,
David S. Miller, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Xin Long <lucien.xin@gmail.com>
[ Upstream commit ffc2b6ee417435605ee8bb1eb4c8f02e9ff4b4a5 ]
It's safe to remove the setting of dev's needed_headroom and mtu in
__gre_tunnel_init, as discussed in [1], ip_tunnel_newlink can do it
properly.
Now Eric noticed that it could cover the mtu value set in do_setlink
when creating a ip_gre dev. It makes IFLA_MTU param not take effect.
So this patch is to remove them to make IFLA_MTU work, as in other
ipv4 tunnels.
[1]: https://patchwork.ozlabs.org/patch/823504/
Fixes: c54419321455 ("GRE: Refactor GRE tunneling code.")
Reported-by: Eric Garver <e@erig.me>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/ip_gre.c | 5 -----
1 file changed, 5 deletions(-)
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -951,9 +951,6 @@ static void __gre_tunnel_init(struct net
t_hlen = tunnel->hlen + sizeof(struct iphdr);
- dev->needed_headroom = LL_MAX_HEADER + t_hlen + 4;
- dev->mtu = ETH_DATA_LEN - t_hlen - 4;
-
dev->features |= GRE_FEATURES;
dev->hw_features |= GRE_FEATURES;
@@ -1253,8 +1250,6 @@ static int erspan_tunnel_init(struct net
sizeof(struct erspanhdr);
t_hlen = tunnel->hlen + sizeof(struct iphdr);
- dev->needed_headroom = LL_MAX_HEADER + t_hlen + 4;
- dev->mtu = ETH_DATA_LEN - t_hlen - 4;
dev->features |= GRE_FEATURES;
dev->hw_features |= GRE_FEATURES;
dev->priv_flags |= IFF_LIVE_ADDR_CHANGE;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 164/496] ip6_tunnel: fix IFLA_MTU ignored on NEWLINK
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (149 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 163/496] ip_gre: fix IFLA_MTU ignored on NEWLINK Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 165/496] sit: " Greg Kroah-Hartman
` (318 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jianlin Shi, Xin Long,
David S. Miller, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Xin Long <lucien.xin@gmail.com>
[ Upstream commit a6aa80446234ec0ad38eecdb8efc59e91daae565 ]
Commit 128bb975dc3c ("ip6_gre: init dev->mtu and dev->hard_header_len
correctly") fixed IFLA_MTU ignored on NEWLINK for ip6_gre. The same
mtu fix is also needed for ip6_tunnel.
Note that dev->hard_header_len setting for ip6_tunnel works fine,
no need to fix it.
Reported-by: Jianlin Shi <jishi@redhat.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv6/ip6_tunnel.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -1990,14 +1990,14 @@ static int ip6_tnl_newlink(struct net *s
{
struct net *net = dev_net(dev);
struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
- struct ip6_tnl *nt, *t;
struct ip_tunnel_encap ipencap;
+ struct ip6_tnl *nt, *t;
+ int err;
nt = netdev_priv(dev);
if (ip6_tnl_netlink_encap_parms(data, &ipencap)) {
- int err = ip6_tnl_encap_setup(nt, &ipencap);
-
+ err = ip6_tnl_encap_setup(nt, &ipencap);
if (err < 0)
return err;
}
@@ -2013,7 +2013,11 @@ static int ip6_tnl_newlink(struct net *s
return -EEXIST;
}
- return ip6_tnl_create2(dev);
+ err = ip6_tnl_create2(dev);
+ if (!err && tb[IFLA_MTU])
+ ip6_tnl_change_mtu(dev, nla_get_u32(tb[IFLA_MTU]));
+
+ return err;
}
static int ip6_tnl_changelink(struct net_device *dev, struct nlattr *tb[],
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 165/496] sit: fix IFLA_MTU ignored on NEWLINK
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (150 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 164/496] ip6_tunnel: " Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 166/496] nbd: fix return value in error handling path Greg Kroah-Hartman
` (317 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jianlin Shi, Xin Long,
David S. Miller, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Xin Long <lucien.xin@gmail.com>
[ Upstream commit 2b3957c34b6d7f03544b12ebbf875eee430745db ]
Commit 128bb975dc3c ("ip6_gre: init dev->mtu and dev->hard_header_len
correctly") fixed IFLA_MTU ignored on NEWLINK for ip6_gre. The same
mtu fix is also needed for sit.
Note that dev->hard_header_len setting for sit works fine, no need to
fix it. sit is actually ipv4 tunnel, it can't call ip6_tnl_change_mtu
to set mtu.
Reported-by: Jianlin Shi <jishi@redhat.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv6/sit.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/net/ipv6/sit.c
+++ b/net/ipv6/sit.c
@@ -1569,6 +1569,13 @@ static int ipip6_newlink(struct net *src
if (err < 0)
return err;
+ if (tb[IFLA_MTU]) {
+ u32 mtu = nla_get_u32(tb[IFLA_MTU]);
+
+ if (mtu >= IPV6_MIN_MTU && mtu <= 0xFFF8 - dev->hard_header_len)
+ dev->mtu = mtu;
+ }
+
#ifdef CONFIG_IPV6_SIT_6RD
if (ipip6_netlink_6rd_parms(data, &ip6rd))
err = ipip6_tunnel_update_6rd(nt, &ip6rd);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 166/496] nbd: fix return value in error handling path
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (151 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 165/496] sit: " Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 167/496] ARM: dts: NSP: Fix amount of RAM on BCM958625HR Greg Kroah-Hartman
` (316 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Omar Sandoval, Gustavo A. R. Silva,
Jens Axboe, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Gustavo A. R. Silva" <gustavo@embeddedor.com>
[ Upstream commit 0979962f5490abe75b3e2befb07a564fa0cf631b ]
It seems that the proper value to return in this particular case is the
one contained into variable new_index instead of ret.
Addresses-Coverity-ID: 1465148 ("Copy-paste error")
Fixes: e46c7287b1c2 ("nbd: add a basic netlink interface")
Reviewed-by: Omar Sandoval <osandov@fb.com>
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/block/nbd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/block/nbd.c
+++ b/drivers/block/nbd.c
@@ -1591,7 +1591,7 @@ again:
if (new_index < 0) {
mutex_unlock(&nbd_index_mutex);
printk(KERN_ERR "nbd: failed to add new device\n");
- return ret;
+ return new_index;
}
nbd = idr_find(&nbd_index_idr, new_index);
}
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 167/496] ARM: dts: NSP: Fix amount of RAM on BCM958625HR
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (152 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 166/496] nbd: fix return value in error handling path Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 168/496] ARM: dts: bcm283x: Fix unit address of local_intc Greg Kroah-Hartman
` (315 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jon Mason, Florian Fainelli, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Florian Fainelli <f.fainelli@gmail.com>
[ Upstream commit 0a5aff64f20d92c5a6e9aeed7b5950b0b817bcd9 ]
Jon attempted to fix the amount of RAM on the BCM958625HR in commit
c53beb47f621 ("ARM: dts: NSP: Correct RAM amount for BCM958625HR board")
but it seems like we tripped over some poorly documented schematics.
The top-level page of the schematics says the board has 2GB, but when
you end-up scrolling to page 6, you see two chips of 4GBit (512MB) but
what the bootloader really initializes only 512MB, any attempt to use
more than that results in data aborts. Fix this again back to 512MB.
Fixes: c53beb47f621 ("ARM: dts: NSP: Correct RAM amount for BCM958625HR board")
Acked-by: Jon Mason <jon.mason@broadcom.com>
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/boot/dts/bcm958625hr.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm/boot/dts/bcm958625hr.dts
+++ b/arch/arm/boot/dts/bcm958625hr.dts
@@ -49,7 +49,7 @@
memory {
device_type = "memory";
- reg = <0x60000000 0x80000000>;
+ reg = <0x60000000 0x20000000>;
};
gpio-restart {
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 168/496] ARM: dts: bcm283x: Fix unit address of local_intc
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (153 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 167/496] ARM: dts: NSP: Fix amount of RAM on BCM958625HR Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 169/496] powerpc/boot: Fix random libfdt related build errors Greg Kroah-Hartman
` (314 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stefan Wahren, Eric Anholt,
Florian Fainelli, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stefan Wahren <stefan.wahren@i2se.com>
[ Upstream commit 808b7de86a0c19582a7efce4c80d6b4e1da7f370 ]
This patch fixes the following DTC warning (requires W=1):
Node /soc/local_intc simple-bus unit address format error, expected "40000000"
Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com>
Reviewed-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/boot/dts/bcm2836.dtsi | 2 +-
arch/arm/boot/dts/bcm2837.dtsi | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
--- a/arch/arm/boot/dts/bcm2836.dtsi
+++ b/arch/arm/boot/dts/bcm2836.dtsi
@@ -9,7 +9,7 @@
<0x40000000 0x40000000 0x00001000>;
dma-ranges = <0xc0000000 0x00000000 0x3f000000>;
- local_intc: local_intc {
+ local_intc: local_intc@40000000 {
compatible = "brcm,bcm2836-l1-intc";
reg = <0x40000000 0x100>;
interrupt-controller;
--- a/arch/arm/boot/dts/bcm2837.dtsi
+++ b/arch/arm/boot/dts/bcm2837.dtsi
@@ -8,7 +8,7 @@
<0x40000000 0x40000000 0x00001000>;
dma-ranges = <0xc0000000 0x00000000 0x3f000000>;
- local_intc: local_intc {
+ local_intc: local_intc@40000000 {
compatible = "brcm,bcm2836-l1-intc";
reg = <0x40000000 0x100>;
interrupt-controller;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 169/496] powerpc/boot: Fix random libfdt related build errors
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (154 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 168/496] ARM: dts: bcm283x: Fix unit address of local_intc Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 170/496] clocksource/drivers/mips-gic-timer: Use correct shift count to extract data Greg Kroah-Hartman
` (313 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Guenter Roeck, Michael Ellerman, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Guenter Roeck <linux@roeck-us.net>
[ Upstream commit 64c3f648c25d108f346fdc96c15180c6b7d250e9 ]
Once in a while I see build errors similar to the following
when building images from a clean tree.
Building powerpc:virtex-ml507:44x/virtex5_defconfig ... failed
------------
Error log:
arch/powerpc/boot/treeboot-akebono.c:37:20: fatal error:
libfdt.h: No such file or directory
Building powerpc:bamboo:smpdev:44x/bamboo_defconfig ... failed
------------
Error log:
arch/powerpc/boot/treeboot-akebono.c:37:20: fatal error:
libfdt.h: No such file or directory
arch/powerpc/boot/treeboot-currituck.c:35:20: fatal error:
libfdt.h: No such file or directory
Rebuilds will succeed.
Turns out that several source files in arch/powerpc/boot/ include
libfdt.h, but Makefile dependencies are incomplete. Let's fix that.
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/boot/Makefile | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/arch/powerpc/boot/Makefile
+++ b/arch/powerpc/boot/Makefile
@@ -101,7 +101,8 @@ $(addprefix $(obj)/,$(zlib-y)): \
libfdt := fdt.c fdt_ro.c fdt_wip.c fdt_sw.c fdt_rw.c fdt_strerror.c
libfdtheader := fdt.h libfdt.h libfdt_internal.h
-$(addprefix $(obj)/,$(libfdt) libfdt-wrapper.o simpleboot.o epapr.o opal.o): \
+$(addprefix $(obj)/,$(libfdt) libfdt-wrapper.o simpleboot.o epapr.o opal.o \
+ treeboot-akebono.o treeboot-currituck.o treeboot-iss4xx.o): \
$(addprefix $(obj)/,$(libfdtheader))
src-wlib-y := string.S crt0.S stdio.c decompress.c main.c \
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 170/496] clocksource/drivers/mips-gic-timer: Use correct shift count to extract data
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (155 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 169/496] powerpc/boot: Fix random libfdt related build errors Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 171/496] gianfar: Fix Rx byte accounting for ndev stats Greg Kroah-Hartman
` (312 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Felix Fietkau, Thomas Gleixner,
daniel.lezcano, paul.burton, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Felix Fietkau <nbd@nbd.name>
[ Upstream commit 5753405e27f8fe4c42c1537d3ddbd9e058e54cdc ]
__gic_clocksource_init() extracts the GIC_CONFIG_COUNTBITS field from
read_gic_config() by right shifting the register value. The shift count is
determined by the most significant bit (__fls) of the bitmask which is
wrong as it shifts out the complete bitfield.
Use the least significant bit (__ffs) instead to shift the bitfield down to
bit 0.
Fixes: e07127a077c7 ("clocksource: mips-gic-timer: Use new GIC accessor functions")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: daniel.lezcano@linaro.org
Cc: paul.burton@imgtec.com
Link: https://lkml.kernel.org/r/20180228095610.50341-1-nbd@nbd.name
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/clocksource/mips-gic-timer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/clocksource/mips-gic-timer.c
+++ b/drivers/clocksource/mips-gic-timer.c
@@ -164,7 +164,7 @@ static int __init __gic_clocksource_init
/* Set clocksource mask. */
count_width = read_gic_config() & GIC_CONFIG_COUNTBITS;
- count_width >>= __fls(GIC_CONFIG_COUNTBITS);
+ count_width >>= __ffs(GIC_CONFIG_COUNTBITS);
count_width *= 4;
count_width += 32;
gic_clocksource.mask = CLOCKSOURCE_MASK(count_width);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 171/496] gianfar: Fix Rx byte accounting for ndev stats
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (156 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 170/496] clocksource/drivers/mips-gic-timer: Use correct shift count to extract data Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 172/496] net/tcp/illinois: replace broken algorithm reference link Greg Kroah-Hartman
` (311 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Claudiu Manoil, David S. Miller, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Claudiu Manoil <claudiu.manoil@nxp.com>
[ Upstream commit 590399ddf9561f2ed0839311c8ae1be21597ba68 ]
Don't include in the Rx bytecount of the packet sent up the stack:
the FCB (frame control block), and the padding bytes inserted by
the controller into the frame payload, nor the FCS. All these are
being pulled out of the skb by gfar_process_frame().
This issue is old, likely from the driver's beginnings, however
it was amplified by recent:
commit d903ec77118c ("gianfar: simplify FCS handling and fix memory leak")
which basically added the FCS to the Rx bytecount, and so brought
this to my attention.
Signed-off-by: Claudiu Manoil <claudiu.manoil@nxp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/freescale/gianfar.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
--- a/drivers/net/ethernet/freescale/gianfar.c
+++ b/drivers/net/ethernet/freescale/gianfar.c
@@ -3072,9 +3072,6 @@ static void gfar_process_frame(struct ne
if (ndev->features & NETIF_F_RXCSUM)
gfar_rx_checksum(skb, fcb);
- /* Tell the skb what kind of packet this is */
- skb->protocol = eth_type_trans(skb, ndev);
-
/* There's need to check for NETIF_F_HW_VLAN_CTAG_RX here.
* Even if vlan rx accel is disabled, on some chips
* RXFCB_VLN is pseudo randomly set.
@@ -3145,13 +3142,15 @@ int gfar_clean_rx_ring(struct gfar_priv_
continue;
}
+ gfar_process_frame(ndev, skb);
+
/* Increment the number of packets */
total_pkts++;
total_bytes += skb->len;
skb_record_rx_queue(skb, rx_queue->qindex);
- gfar_process_frame(ndev, skb);
+ skb->protocol = eth_type_trans(skb, ndev);
/* Send the packet up the stack */
napi_gro_receive(&rx_queue->grp->napi_rx, skb);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 172/496] net/tcp/illinois: replace broken algorithm reference link
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (157 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 171/496] gianfar: Fix Rx byte accounting for ndev stats Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 173/496] nvmet: fix PSDT field check in command format Greg Kroah-Hartman
` (310 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Joey Pabalinas, David S. Miller, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Joey Pabalinas <joeypabalinas@gmail.com>
[ Upstream commit ecc832758a654e375924ebf06a4ac971acb5ce60 ]
The link to the pdf containing the algorithm description is now a
dead link; it seems http://www.ifp.illinois.edu/~srikant/ has been
moved to https://sites.google.com/a/illinois.edu/srikant/ and none of
the original papers can be found there...
I have replaced it with the only working copy I was able to find.
n.b. there is also a copy available at:
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.296.6350&rep=rep1&type=pdf
However, this seems to only be a *cached* version, so I am unsure
exactly how reliable that link can be expected to remain over time
and have decided against using that one.
Signed-off-by: Joey Pabalinas <joeypabalinas@gmail.com>
net/ipv4/tcp_illinois.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/tcp_illinois.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/ipv4/tcp_illinois.c
+++ b/net/ipv4/tcp_illinois.c
@@ -6,7 +6,7 @@
* The algorithm is described in:
* "TCP-Illinois: A Loss and Delay-Based Congestion Control Algorithm
* for High-Speed Networks"
- * http://www.ifp.illinois.edu/~srikant/Papers/liubassri06perf.pdf
+ * http://tamerbasar.csl.illinois.edu/LiuBasarSrikantPerfEvalArtJun2008.pdf
*
* Implemented from description in paper and ns-2 simulation.
* Copyright (C) 2007 Stephen Hemminger <shemminger@linux-foundation.org>
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 173/496] nvmet: fix PSDT field check in command format
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (158 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 172/496] net/tcp/illinois: replace broken algorithm reference link Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 174/496] net/smc: use link_id of server in confirm link reply Greg Kroah-Hartman
` (309 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Idan Burstein, Max Gurtovoy,
Christoph Hellwig, Keith Busch, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Max Gurtovoy <maxg@mellanox.com>
[ Upstream commit bffd2b61670feef18d2535e9b53364d270a1c991 ]
PSDT field section according to NVM_Express-1.3:
"This field specifies whether PRPs or SGLs are used for any data
transfer associated with the command. PRPs shall be used for all
Admin commands for NVMe over PCIe. SGLs shall be used for all Admin
and I/O commands for NVMe over Fabrics. This field shall be set to
01b for NVMe over Fabrics 1.0 implementations.
Suggested-by: Idan Burstein <idanb@mellanox.com>
Signed-off-by: Max Gurtovoy <maxg@mellanox.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Keith Busch <keith.busch@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/nvme/target/core.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
--- a/drivers/nvme/target/core.c
+++ b/drivers/nvme/target/core.c
@@ -505,9 +505,12 @@ bool nvmet_req_init(struct nvmet_req *re
goto fail;
}
- /* either variant of SGLs is fine, as we don't support metadata */
- if (unlikely((flags & NVME_CMD_SGL_ALL) != NVME_CMD_SGL_METABUF &&
- (flags & NVME_CMD_SGL_ALL) != NVME_CMD_SGL_METASEG)) {
+ /*
+ * For fabrics, PSDT field shall describe metadata pointer (MPTR) that
+ * contains an address of a single contiguous physical buffer that is
+ * byte aligned.
+ */
+ if (unlikely((flags & NVME_CMD_SGL_ALL) != NVME_CMD_SGL_METABUF)) {
status = NVME_SC_INVALID_FIELD | NVME_SC_DNR;
goto fail;
}
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 174/496] net/smc: use link_id of server in confirm link reply
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (159 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 173/496] nvmet: fix PSDT field check in command format Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 175/496] mlxsw: core: Fix flex keys scratchpad offset conflict Greg Kroah-Hartman
` (308 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Karsten Graul, Ursula Braun,
David S. Miller, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Karsten Graul <kgraul@linux.vnet.ibm.com>
[ Upstream commit 2be922f31606f114119f48de3207d122a90e7357 ]
The CONFIRM LINK reply message must contain the link_id sent
by the server. And set the link_id explicitly when
initializing the link.
Signed-off-by: Karsten Graul <kgraul@linux.vnet.ibm.com>
Signed-off-by: Ursula Braun <ubraun@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/smc/smc_core.c | 1 +
net/smc/smc_llc.c | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
--- a/net/smc/smc_core.c
+++ b/net/smc/smc_core.c
@@ -174,6 +174,7 @@ static int smc_lgr_create(struct smc_soc
lnk = &lgr->lnk[SMC_SINGLE_LINK];
/* initialize link */
+ lnk->link_id = SMC_SINGLE_LINK;
lnk->smcibdev = smcibdev;
lnk->ibport = ibport;
lnk->path_mtu = smcibdev->pattr[ibport - 1].active_mtu;
--- a/net/smc/smc_llc.c
+++ b/net/smc/smc_llc.c
@@ -92,7 +92,7 @@ int smc_llc_send_confirm_link(struct smc
memcpy(confllc->sender_mac, mac, ETH_ALEN);
memcpy(confllc->sender_gid, gid, SMC_GID_SIZE);
hton24(confllc->sender_qp_num, link->roce_qp->qp_num);
- /* confllc->link_num = SMC_SINGLE_LINK; already done by memset above */
+ confllc->link_num = link->link_id;
memcpy(confllc->link_uid, lgr->id, SMC_LGR_ID_SIZE);
confllc->max_links = SMC_LINKS_PER_LGR_MAX;
/* send llc message */
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 175/496] mlxsw: core: Fix flex keys scratchpad offset conflict
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (160 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 174/496] net/smc: use link_id of server in confirm link reply Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 176/496] mlxsw: spectrum: Treat IPv6 unregistered multicast as broadcast Greg Kroah-Hartman
` (307 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiri Pirko, David S. Miller, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiri Pirko <jiri@mellanox.com>
[ Upstream commit 2ddc94c76cc4ccaf51b478315912b38dfdde1afc ]
IP_TTL, IP_ECN and IP_DSCP are using the same offset within the
scratchpad as L4 ports. Fix this by shifting all up.
Fixes: 5f57e0909136 ("mlxsw: acl: Add ip ttl acl element")
Fixes: i80d0fe4710c ("mlxsw: acl: Add ip tos acl element")
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_keys.h | 20 +++++++--------
1 file changed, 10 insertions(+), 10 deletions(-)
--- a/drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_keys.h
+++ b/drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_keys.h
@@ -107,20 +107,20 @@ static const struct mlxsw_afk_element_in
MLXSW_AFK_ELEMENT_INFO_U32(VID, 0x10, 8, 12),
MLXSW_AFK_ELEMENT_INFO_U32(PCP, 0x10, 20, 3),
MLXSW_AFK_ELEMENT_INFO_U32(TCP_FLAGS, 0x10, 23, 9),
- MLXSW_AFK_ELEMENT_INFO_U32(IP_TTL_, 0x14, 0, 8),
- MLXSW_AFK_ELEMENT_INFO_U32(IP_ECN, 0x14, 9, 2),
- MLXSW_AFK_ELEMENT_INFO_U32(IP_DSCP, 0x14, 11, 6),
- MLXSW_AFK_ELEMENT_INFO_U32(SRC_IP4, 0x18, 0, 32),
- MLXSW_AFK_ELEMENT_INFO_U32(DST_IP4, 0x1C, 0, 32),
- MLXSW_AFK_ELEMENT_INFO_BUF(SRC_IP6_HI, 0x18, 8),
- MLXSW_AFK_ELEMENT_INFO_BUF(SRC_IP6_LO, 0x20, 8),
- MLXSW_AFK_ELEMENT_INFO_BUF(DST_IP6_HI, 0x28, 8),
- MLXSW_AFK_ELEMENT_INFO_BUF(DST_IP6_LO, 0x30, 8),
MLXSW_AFK_ELEMENT_INFO_U32(DST_L4_PORT, 0x14, 0, 16),
MLXSW_AFK_ELEMENT_INFO_U32(SRC_L4_PORT, 0x14, 16, 16),
+ MLXSW_AFK_ELEMENT_INFO_U32(IP_TTL_, 0x18, 0, 8),
+ MLXSW_AFK_ELEMENT_INFO_U32(IP_ECN, 0x18, 9, 2),
+ MLXSW_AFK_ELEMENT_INFO_U32(IP_DSCP, 0x18, 11, 6),
+ MLXSW_AFK_ELEMENT_INFO_U32(SRC_IP4, 0x20, 0, 32),
+ MLXSW_AFK_ELEMENT_INFO_U32(DST_IP4, 0x24, 0, 32),
+ MLXSW_AFK_ELEMENT_INFO_BUF(SRC_IP6_HI, 0x20, 8),
+ MLXSW_AFK_ELEMENT_INFO_BUF(SRC_IP6_LO, 0x28, 8),
+ MLXSW_AFK_ELEMENT_INFO_BUF(DST_IP6_HI, 0x30, 8),
+ MLXSW_AFK_ELEMENT_INFO_BUF(DST_IP6_LO, 0x38, 8),
};
-#define MLXSW_AFK_ELEMENT_STORAGE_SIZE 0x38
+#define MLXSW_AFK_ELEMENT_STORAGE_SIZE 0x40
struct mlxsw_afk_element_inst { /* element instance in actual block */
const struct mlxsw_afk_element_info *info;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 176/496] mlxsw: spectrum: Treat IPv6 unregistered multicast as broadcast
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (161 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 175/496] mlxsw: core: Fix flex keys scratchpad offset conflict Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 177/496] spectrum: Reference count VLAN entries Greg Kroah-Hartman
` (306 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ido Schimmel, David Ahern,
Jiri Pirko, David S. Miller, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ido Schimmel <idosch@mellanox.com>
[ Upstream commit 9d45deb04c59b628b21fc5014aff4f9a1d38f969 ]
When multicast snooping is enabled, the Linux bridge resorts to flooding
unregistered multicast packets to all ports only in case it did not
detect a querier in the network.
The above condition is not reflected to underlying drivers, which is
especially problematic in IPv6 environments, as multicast snooping is
enabled by default and since neighbour solicitation packets might be
treated as unregistered multicast packets in case there is no
corresponding MDB entry.
Until the Linux bridge reflects its querier state to underlying drivers,
simply treat unregistered multicast packets as broadcast and allow them
to reach their destination.
Fixes: 9df552ef3e21 ("mlxsw: spectrum: Improve IPv6 unregistered multicast flooding")
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Reported-by: David Ahern <dsahern@gmail.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/mellanox/mlxsw/spectrum_fid.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_fid.c
+++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_fid.c
@@ -112,11 +112,11 @@ static const int mlxsw_sp_sfgc_bc_packet
[MLXSW_REG_SFGC_TYPE_UNREGISTERED_MULTICAST_NON_IP] = 1,
[MLXSW_REG_SFGC_TYPE_IPV4_LINK_LOCAL] = 1,
[MLXSW_REG_SFGC_TYPE_IPV6_ALL_HOST] = 1,
+ [MLXSW_REG_SFGC_TYPE_UNREGISTERED_MULTICAST_IPV6] = 1,
};
static const int mlxsw_sp_sfgc_mc_packet_types[MLXSW_REG_SFGC_TYPE_MAX] = {
[MLXSW_REG_SFGC_TYPE_UNREGISTERED_MULTICAST_IPV4] = 1,
- [MLXSW_REG_SFGC_TYPE_UNREGISTERED_MULTICAST_IPV6] = 1,
};
static const int *mlxsw_sp_packet_type_sfgc_types[] = {
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 177/496] spectrum: Reference count VLAN entries
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (162 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 176/496] mlxsw: spectrum: Treat IPv6 unregistered multicast as broadcast Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 178/496] ARC: mcip: halt GFRC counter when ARC cores halt Greg Kroah-Hartman
` (305 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tal Bar, Ido Schimmel, Jiri Pirko,
David S. Miller, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ido Schimmel <idosch@mellanox.com>
[ Upstream commit b3529af6bb0d4fe72defdd539712ceffaa054fb3 ]
One of the basic construct in the device is a port-VLAN pair, which can
be bound to a FID or a RIF in order to direct packets to the bridge or
the router, respectively.
Since not all the netdevs are configured with a VLAN (e.g., sw1p1 vs.
sw1p1.10), VID 1 is used to represent these and thus this VID can be
used by both upper devices of mlxsw ports and by the driver itself.
However, this VID is not reference counted and therefore might be freed
prematurely, which can result in various WARNINGs. For example:
$ ip link add name br0 type bridge vlan_filtering 1
$ teamd -t team0 -d -c '{"runner": {"name": "lacp"}}'
$ ip link set dev team0 master br0
$ ip link set dev enp1s0np1 master team0
$ ip address add 192.0.2.1/24 dev enp1s0np1
The enslavement to team0 will fail because team0 already has an upper
and thus vlan_vids_del_by_dev() will be executed as part of team's error
path which will delete VID 1 from enp1s0np1 (added by br0 as PVID). The
WARNING will be generated when the driver will realize it can't find VID
1 on the port and bind it to a RIF.
Fix this by adding a reference count to the VLAN entries on the port, in
a similar fashion to the reference counting used by the corresponding
'vlan_vid_info' structure in the 8021q driver.
Fixes: c57529e1d5d8 ("mlxsw: spectrum: Replace vPorts with Port-VLAN")
Reported-by: Tal Bar <talb@mellanox.com>
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Tested-by: Tal Bar <talb@mellanox.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 8 +++++++-
drivers/net/ethernet/mellanox/mlxsw/spectrum.h | 1 +
2 files changed, 8 insertions(+), 1 deletion(-)
--- a/drivers/net/ethernet/mellanox/mlxsw/spectrum.c
+++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum.c
@@ -1417,6 +1417,7 @@ mlxsw_sp_port_vlan_create(struct mlxsw_s
}
mlxsw_sp_port_vlan->mlxsw_sp_port = mlxsw_sp_port;
+ mlxsw_sp_port_vlan->ref_count = 1;
mlxsw_sp_port_vlan->vid = vid;
list_add(&mlxsw_sp_port_vlan->list, &mlxsw_sp_port->vlans_list);
@@ -1444,8 +1445,10 @@ mlxsw_sp_port_vlan_get(struct mlxsw_sp_p
struct mlxsw_sp_port_vlan *mlxsw_sp_port_vlan;
mlxsw_sp_port_vlan = mlxsw_sp_port_vlan_find_by_vid(mlxsw_sp_port, vid);
- if (mlxsw_sp_port_vlan)
+ if (mlxsw_sp_port_vlan) {
+ mlxsw_sp_port_vlan->ref_count++;
return mlxsw_sp_port_vlan;
+ }
return mlxsw_sp_port_vlan_create(mlxsw_sp_port, vid);
}
@@ -1454,6 +1457,9 @@ void mlxsw_sp_port_vlan_put(struct mlxsw
{
struct mlxsw_sp_fid *fid = mlxsw_sp_port_vlan->fid;
+ if (--mlxsw_sp_port_vlan->ref_count != 0)
+ return;
+
if (mlxsw_sp_port_vlan->bridge_port)
mlxsw_sp_port_vlan_bridge_leave(mlxsw_sp_port_vlan);
else if (fid)
--- a/drivers/net/ethernet/mellanox/mlxsw/spectrum.h
+++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum.h
@@ -194,6 +194,7 @@ struct mlxsw_sp_port_vlan {
struct list_head list;
struct mlxsw_sp_port *mlxsw_sp_port;
struct mlxsw_sp_fid *fid;
+ unsigned int ref_count;
u16 vid;
struct mlxsw_sp_bridge_port *bridge_port;
struct list_head bridge_vlan_node;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 178/496] ARC: mcip: halt GFRC counter when ARC cores halt
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (163 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 177/496] spectrum: Reference count VLAN entries Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 179/496] ARC: mcip: update MCIP debug mask when the new cpu came online Greg Kroah-Hartman
` (304 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexey Brodkin, Eugeniy Paltsev,
Vineet Gupta, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
[ Upstream commit 07423d00a2b2a71a97e4287d9262cb83c4c4c89f ]
In SMP systems, GFRC is used for clocksource. However by default the
counter keeps running even when core is halted (say when debugging via a
JTAG debugger). This confuses Linux timekeeping and triggers flase RCU stall
splat such as below:
| [ARCLinux]# while true; do ./shm_open_23-1.run-test ; done
| Running with 1000 processes for 1000 objects
| hrtimer: interrupt took 485060 ns
|
| create_cnt: 1000
| Running with 1000 processes for 1000 objects
| [ARCLinux]# INFO: rcu_preempt self-detected stall on CPU
| 2-...: (1 GPs behind) idle=a01/1/0 softirq=135770/135773 fqs=0
| INFO: rcu_preempt detected stalls on CPUs/tasks:
| 0-...: (1 GPs behind) idle=71e/0/0 softirq=135264/135264 fqs=0
| 2-...: (1 GPs behind) idle=a01/1/0 softirq=135770/135773 fqs=0
| 3-...: (1 GPs behind) idle=4e0/0/0 softirq=134304/134304 fqs=0
| (detected by 1, t=13648 jiffies, g=31493, c=31492, q=1)
Starting from ARC HS v3.0 it's possible to tie GFRC to state of up-to 4
ARC cores with help of GFRC's CORE register where we set a mask for
cores which state we need to rely on.
We update cpu mask every time new cpu came online instead of using
hardcoded one or using mask generated from "possible_cpus" as we
want it set correctly even if we run kernel on HW which has fewer cores
than expected (or we launch kernel via debugger and kick fever cores
than HW has)
Note that GFRC halts when all cores have halted and thus relies on
programming of Inter-Core-dEbug register to halt all cores when one
halts.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Signed-off-by: Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
[vgupta: rewrote changelog]
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arc/kernel/mcip.c | 37 +++++++++++++++++++++++++++++++++++++
include/soc/arc/mcip.h | 3 +++
2 files changed, 40 insertions(+)
--- a/arch/arc/kernel/mcip.c
+++ b/arch/arc/kernel/mcip.c
@@ -22,10 +22,47 @@ static DEFINE_RAW_SPINLOCK(mcip_lock);
static char smp_cpuinfo_buf[128];
+/*
+ * Set mask to halt GFRC if any online core in SMP cluster is halted.
+ * Only works for ARC HS v3.0+, on earlier versions has no effect.
+ */
+static void mcip_update_gfrc_halt_mask(int cpu)
+{
+ struct bcr_generic gfrc;
+ unsigned long flags;
+ u32 gfrc_halt_mask;
+
+ READ_BCR(ARC_REG_GFRC_BUILD, gfrc);
+
+ /*
+ * CMD_GFRC_SET_CORE and CMD_GFRC_READ_CORE commands were added in
+ * GFRC 0x3 version.
+ */
+ if (gfrc.ver < 0x3)
+ return;
+
+ raw_spin_lock_irqsave(&mcip_lock, flags);
+
+ __mcip_cmd(CMD_GFRC_READ_CORE, 0);
+ gfrc_halt_mask = read_aux_reg(ARC_REG_MCIP_READBACK);
+ gfrc_halt_mask |= BIT(cpu);
+ __mcip_cmd_data(CMD_GFRC_SET_CORE, 0, gfrc_halt_mask);
+
+ raw_spin_unlock_irqrestore(&mcip_lock, flags);
+}
+
static void mcip_setup_per_cpu(int cpu)
{
+ struct mcip_bcr mp;
+
+ READ_BCR(ARC_REG_MCIP_BCR, mp);
+
smp_ipi_irq_setup(cpu, IPI_IRQ);
smp_ipi_irq_setup(cpu, SOFTIRQ_IRQ);
+
+ /* Update GFRC halt mask as new CPU came online */
+ if (mp.gfrc)
+ mcip_update_gfrc_halt_mask(cpu);
}
static void mcip_ipi_send(int cpu)
--- a/include/soc/arc/mcip.h
+++ b/include/soc/arc/mcip.h
@@ -15,6 +15,7 @@
#define ARC_REG_MCIP_BCR 0x0d0
#define ARC_REG_MCIP_IDU_BCR 0x0D5
+#define ARC_REG_GFRC_BUILD 0x0D6
#define ARC_REG_MCIP_CMD 0x600
#define ARC_REG_MCIP_WDATA 0x601
#define ARC_REG_MCIP_READBACK 0x602
@@ -40,6 +41,8 @@ struct mcip_cmd {
#define CMD_GFRC_READ_LO 0x42
#define CMD_GFRC_READ_HI 0x43
+#define CMD_GFRC_SET_CORE 0x47
+#define CMD_GFRC_READ_CORE 0x48
#define CMD_IDU_ENABLE 0x71
#define CMD_IDU_DISABLE 0x72
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 179/496] ARC: mcip: update MCIP debug mask when the new cpu came online
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (164 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 178/496] ARC: mcip: halt GFRC counter when ARC cores halt Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 180/496] ARC: setup cpu possible mask according to possible-cpus dts property Greg Kroah-Hartman
` (303 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eugeniy Paltsev, Vineet Gupta, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
[ Upstream commit f3205de98db2fc8083796dd5ad81b191e436fab8 ]
As of today we use hardcoded MCIP debug mask, so if we launch
kernel via debugger and kick fever cores than HW has all cpus
hang at the momemt of setup MCIP debug mask.
So update MCIP debug mask when the new cpu came online, instead of
use hardcoded MCIP debug mask.
Signed-off-by: Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arc/kernel/mcip.c | 37 ++++++++++++++++++++++++++++++++-----
include/soc/arc/mcip.h | 2 ++
2 files changed, 34 insertions(+), 5 deletions(-)
--- a/arch/arc/kernel/mcip.c
+++ b/arch/arc/kernel/mcip.c
@@ -51,6 +51,34 @@ static void mcip_update_gfrc_halt_mask(i
raw_spin_unlock_irqrestore(&mcip_lock, flags);
}
+static void mcip_update_debug_halt_mask(int cpu)
+{
+ u32 mcip_mask = 0;
+ unsigned long flags;
+
+ raw_spin_lock_irqsave(&mcip_lock, flags);
+
+ /*
+ * mcip_mask is same for CMD_DEBUG_SET_SELECT and CMD_DEBUG_SET_MASK
+ * commands. So read it once instead of reading both CMD_DEBUG_READ_MASK
+ * and CMD_DEBUG_READ_SELECT.
+ */
+ __mcip_cmd(CMD_DEBUG_READ_SELECT, 0);
+ mcip_mask = read_aux_reg(ARC_REG_MCIP_READBACK);
+
+ mcip_mask |= BIT(cpu);
+
+ __mcip_cmd_data(CMD_DEBUG_SET_SELECT, 0, mcip_mask);
+ /*
+ * Parameter specified halt cause:
+ * STATUS32[H]/actionpoint/breakpoint/self-halt
+ * We choose all of them (0xF).
+ */
+ __mcip_cmd_data(CMD_DEBUG_SET_MASK, 0xF, mcip_mask);
+
+ raw_spin_unlock_irqrestore(&mcip_lock, flags);
+}
+
static void mcip_setup_per_cpu(int cpu)
{
struct mcip_bcr mp;
@@ -63,6 +91,10 @@ static void mcip_setup_per_cpu(int cpu)
/* Update GFRC halt mask as new CPU came online */
if (mp.gfrc)
mcip_update_gfrc_halt_mask(cpu);
+
+ /* Update MCIP debug mask as new CPU came online */
+ if (mp.dbg)
+ mcip_update_debug_halt_mask(cpu);
}
static void mcip_ipi_send(int cpu)
@@ -138,11 +170,6 @@ static void mcip_probe_n_setup(void)
IS_AVAIL1(mp.gfrc, "GFRC"));
cpuinfo_arc700[0].extn.gfrc = mp.gfrc;
-
- if (mp.dbg) {
- __mcip_cmd_data(CMD_DEBUG_SET_SELECT, 0, 0xf);
- __mcip_cmd_data(CMD_DEBUG_SET_MASK, 0xf, 0xf);
- }
}
struct plat_smp_ops plat_smp_ops = {
--- a/include/soc/arc/mcip.h
+++ b/include/soc/arc/mcip.h
@@ -37,7 +37,9 @@ struct mcip_cmd {
#define CMD_SEMA_RELEASE 0x12
#define CMD_DEBUG_SET_MASK 0x34
+#define CMD_DEBUG_READ_MASK 0x35
#define CMD_DEBUG_SET_SELECT 0x36
+#define CMD_DEBUG_READ_SELECT 0x37
#define CMD_GFRC_READ_LO 0x42
#define CMD_GFRC_READ_HI 0x43
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 180/496] ARC: setup cpu possible mask according to possible-cpus dts property
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (165 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 179/496] ARC: mcip: update MCIP debug mask when the new cpu came online Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 181/496] ipvs: remove IPS_NAT_MASK check to fix passive FTP Greg Kroah-Hartman
` (302 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eugeniy Paltsev, Vineet Gupta, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
[ Upstream commit a29a25275452c97fe35815f1eb9564f2a07a1965 ]
As we have option in u-boot to set CPU mask for running linux,
we want to pass information to kernel about CPU cores should
be brought up. So we patch kernel dtb in u-boot to set
possible-cpus property.
This also allows us to have correctly setuped MCIP debug mask.
Signed-off-by: Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arc/kernel/smp.c | 50 ++++++++++++++++++++++++++++++++++++++++----------
1 file changed, 40 insertions(+), 10 deletions(-)
--- a/arch/arc/kernel/smp.c
+++ b/arch/arc/kernel/smp.c
@@ -24,6 +24,7 @@
#include <linux/reboot.h>
#include <linux/irqdomain.h>
#include <linux/export.h>
+#include <linux/of_fdt.h>
#include <asm/processor.h>
#include <asm/setup.h>
@@ -47,6 +48,42 @@ void __init smp_prepare_boot_cpu(void)
{
}
+static int __init arc_get_cpu_map(const char *name, struct cpumask *cpumask)
+{
+ unsigned long dt_root = of_get_flat_dt_root();
+ const char *buf;
+
+ buf = of_get_flat_dt_prop(dt_root, name, NULL);
+ if (!buf)
+ return -EINVAL;
+
+ if (cpulist_parse(buf, cpumask))
+ return -EINVAL;
+
+ return 0;
+}
+
+/*
+ * Read from DeviceTree and setup cpu possible mask. If there is no
+ * "possible-cpus" property in DeviceTree pretend all [0..NR_CPUS-1] exist.
+ */
+static void __init arc_init_cpu_possible(void)
+{
+ struct cpumask cpumask;
+
+ if (arc_get_cpu_map("possible-cpus", &cpumask)) {
+ pr_warn("Failed to get possible-cpus from dtb, pretending all %u cpus exist\n",
+ NR_CPUS);
+
+ cpumask_setall(&cpumask);
+ }
+
+ if (!cpumask_test_cpu(0, &cpumask))
+ panic("Master cpu (cpu[0]) is missed in cpu possible mask!");
+
+ init_cpu_possible(&cpumask);
+}
+
/*
* Called from setup_arch() before calling setup_processor()
*
@@ -58,10 +95,7 @@ void __init smp_prepare_boot_cpu(void)
*/
void __init smp_init_cpus(void)
{
- unsigned int i;
-
- for (i = 0; i < NR_CPUS; i++)
- set_cpu_possible(i, true);
+ arc_init_cpu_possible();
if (plat_smp_ops.init_early_smp)
plat_smp_ops.init_early_smp();
@@ -70,16 +104,12 @@ void __init smp_init_cpus(void)
/* called from init ( ) => process 1 */
void __init smp_prepare_cpus(unsigned int max_cpus)
{
- int i;
-
/*
* if platform didn't set the present map already, do it now
* boot cpu is set to present already by init/main.c
*/
- if (num_present_cpus() <= 1) {
- for (i = 0; i < max_cpus; i++)
- set_cpu_present(i, true);
- }
+ if (num_present_cpus() <= 1)
+ init_cpu_present(cpu_possible_mask);
}
void __init smp_cpus_done(unsigned int max_cpus)
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 181/496] ipvs: remove IPS_NAT_MASK check to fix passive FTP
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (166 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 180/496] ARC: setup cpu possible mask according to possible-cpus dts property Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 182/496] IB/mlx: Set slid to zero in Ethernet completion struct Greg Kroah-Hartman
` (301 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Li Shuang, Julian Anastasov,
Simon Horman, Pablo Neira Ayuso, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Julian Anastasov <ja@ssi.bg>
[ Upstream commit 8a949fff0302b50063f74bb345a66190015528d0 ]
The IPS_NAT_MASK check in 4.12 replaced previous check for nfct_nat()
which was needed to fix a crash in 2.6.36-rc, see
commit 7bcbf81a2296 ("ipvs: avoid oops for passive FTP").
But as IPVS does not set the IPS_SRC_NAT and IPS_DST_NAT bits,
checking for IPS_NAT_MASK prevents PASV response to be properly
mangled and blocks the transfer. Remove the check as it is not
needed after 3.12 commit 41d73ec053d2 ("netfilter: nf_conntrack:
make sequence number adjustments usuable without NAT") which
changes nfct_nat() with nfct_seqadj() and especially after 3.13
commit b25adce16064 ("ipvs: correct usage/allocation of seqadj
ext in ipvs").
Thanks to Li Shuang and Florian Westphal for reporting the problem!
Reported-by: Li Shuang <shuali@redhat.com>
Fixes: be7be6e161a2 ("netfilter: ipvs: fix incorrect conflict resolution")
Signed-off-by: Julian Anastasov <ja@ssi.bg>
Acked-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/ipvs/ip_vs_ftp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/netfilter/ipvs/ip_vs_ftp.c
+++ b/net/netfilter/ipvs/ip_vs_ftp.c
@@ -260,7 +260,7 @@ static int ip_vs_ftp_out(struct ip_vs_ap
buf_len = strlen(buf);
ct = nf_ct_get(skb, &ctinfo);
- if (ct && (ct->status & IPS_NAT_MASK)) {
+ if (ct) {
bool mangled;
/* If mangling fails this function will return 0
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 182/496] IB/mlx: Set slid to zero in Ethernet completion struct
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (167 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 181/496] ipvs: remove IPS_NAT_MASK check to fix passive FTP Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 183/496] RDMA/bnxt_re: Unconditionly fence non wire memory operations Greg Kroah-Hartman
` (300 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Majd Dibbiny, Moni Shoua,
Leon Romanovsky, Jason Gunthorpe, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Moni Shoua <monis@mellanox.com>
[ Upstream commit 65389322b28f81cc137b60a41044c2d958a7b950 ]
IB spec says that a lid should be ignored when link layer is Ethernet,
for example when building or parsing a CM request message (CA17-34).
However, since ib_lid_be16() and ib_lid_cpu16() validates the slid,
not only when link layer is IB, we set the slid to zero to prevent
false warnings in the kernel log.
Fixes: 62ede7779904 ("Add OPA extended LID support")
Reviewed-by: Majd Dibbiny <majd@mellanox.com>
Signed-off-by: Moni Shoua <monis@mellanox.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/hw/mlx4/cq.c | 4 +++-
drivers/infiniband/hw/mlx5/cq.c | 3 ++-
2 files changed, 5 insertions(+), 2 deletions(-)
--- a/drivers/infiniband/hw/mlx4/cq.c
+++ b/drivers/infiniband/hw/mlx4/cq.c
@@ -597,6 +597,7 @@ static void use_tunnel_data(struct mlx4_
wc->dlid_path_bits = 0;
if (is_eth) {
+ wc->slid = 0;
wc->vlan_id = be16_to_cpu(hdr->tun.sl_vid);
memcpy(&(wc->smac[0]), (char *)&hdr->tun.mac_31_0, 4);
memcpy(&(wc->smac[4]), (char *)&hdr->tun.slid_mac_47_32, 2);
@@ -845,7 +846,6 @@ repoll:
}
}
- wc->slid = be16_to_cpu(cqe->rlid);
g_mlpath_rqpn = be32_to_cpu(cqe->g_mlpath_rqpn);
wc->src_qp = g_mlpath_rqpn & 0xffffff;
wc->dlid_path_bits = (g_mlpath_rqpn >> 24) & 0x7f;
@@ -854,6 +854,7 @@ repoll:
wc->wc_flags |= mlx4_ib_ipoib_csum_ok(cqe->status,
cqe->checksum) ? IB_WC_IP_CSUM_OK : 0;
if (is_eth) {
+ wc->slid = 0;
wc->sl = be16_to_cpu(cqe->sl_vid) >> 13;
if (be32_to_cpu(cqe->vlan_my_qpn) &
MLX4_CQE_CVLAN_PRESENT_MASK) {
@@ -865,6 +866,7 @@ repoll:
memcpy(wc->smac, cqe->smac, ETH_ALEN);
wc->wc_flags |= (IB_WC_WITH_VLAN | IB_WC_WITH_SMAC);
} else {
+ wc->slid = be16_to_cpu(cqe->rlid);
wc->sl = be16_to_cpu(cqe->sl_vid) >> 12;
wc->vlan_id = 0xffff;
}
--- a/drivers/infiniband/hw/mlx5/cq.c
+++ b/drivers/infiniband/hw/mlx5/cq.c
@@ -224,7 +224,6 @@ static void handle_responder(struct ib_w
wc->ex.invalidate_rkey = be32_to_cpu(cqe->imm_inval_pkey);
break;
}
- wc->slid = be16_to_cpu(cqe->slid);
wc->src_qp = be32_to_cpu(cqe->flags_rqpn) & 0xffffff;
wc->dlid_path_bits = cqe->ml_path;
g = (be32_to_cpu(cqe->flags_rqpn) >> 28) & 3;
@@ -239,10 +238,12 @@ static void handle_responder(struct ib_w
}
if (ll != IB_LINK_LAYER_ETHERNET) {
+ wc->slid = be16_to_cpu(cqe->slid);
wc->sl = (be32_to_cpu(cqe->flags_rqpn) >> 24) & 0xf;
return;
}
+ wc->slid = 0;
vlan_present = cqe->l4_l3_hdr_type & 0x1;
roce_packet_type = (be32_to_cpu(cqe->flags_rqpn) >> 24) & 0x3;
if (vlan_present) {
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 183/496] RDMA/bnxt_re: Unconditionly fence non wire memory operations
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (168 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 182/496] IB/mlx: Set slid to zero in Ethernet completion struct Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 184/496] RDMA/bnxt_re: Fix incorrect DB offset calculation Greg Kroah-Hartman
` (299 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Devesh Sharma, Selvin Xavier,
Jason Gunthorpe, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Devesh Sharma <devesh.sharma@broadcom.com>
[ Upstream commit a45bc17b360d75fac9ced85e99fda14bf38b4dc3 ]
HW requires an unconditonal fence for all non-wire memory operations
through SQ. This guarantees the completions of these memory operations.
Signed-off-by: Devesh Sharma <devesh.sharma@broadcom.com>
Signed-off-by: Selvin Xavier <selvin.xavier@broadcom.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/hw/bnxt_re/ib_verbs.c | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
--- a/drivers/infiniband/hw/bnxt_re/ib_verbs.c
+++ b/drivers/infiniband/hw/bnxt_re/ib_verbs.c
@@ -1963,10 +1963,13 @@ static int bnxt_re_build_inv_wqe(struct
wqe->type = BNXT_QPLIB_SWQE_TYPE_LOCAL_INV;
wqe->local_inv.inv_l_key = wr->ex.invalidate_rkey;
+ /* Need unconditional fence for local invalidate
+ * opcode to work as expected.
+ */
+ wqe->flags |= BNXT_QPLIB_SWQE_FLAGS_UC_FENCE;
+
if (wr->send_flags & IB_SEND_SIGNALED)
wqe->flags |= BNXT_QPLIB_SWQE_FLAGS_SIGNAL_COMP;
- if (wr->send_flags & IB_SEND_FENCE)
- wqe->flags |= BNXT_QPLIB_SWQE_FLAGS_UC_FENCE;
if (wr->send_flags & IB_SEND_SOLICITED)
wqe->flags |= BNXT_QPLIB_SWQE_FLAGS_SOLICIT_EVENT;
@@ -1987,8 +1990,12 @@ static int bnxt_re_build_reg_wqe(struct
wqe->frmr.levels = qplib_frpl->hwq.level + 1;
wqe->type = BNXT_QPLIB_SWQE_TYPE_REG_MR;
- if (wr->wr.send_flags & IB_SEND_FENCE)
- wqe->flags |= BNXT_QPLIB_SWQE_FLAGS_UC_FENCE;
+ /* Need unconditional fence for reg_mr
+ * opcode to function as expected.
+ */
+
+ wqe->flags |= BNXT_QPLIB_SWQE_FLAGS_UC_FENCE;
+
if (wr->wr.send_flags & IB_SEND_SIGNALED)
wqe->flags |= BNXT_QPLIB_SWQE_FLAGS_SIGNAL_COMP;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 184/496] RDMA/bnxt_re: Fix incorrect DB offset calculation
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (169 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 183/496] RDMA/bnxt_re: Unconditionly fence non wire memory operations Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 185/496] RDMA/bnxt_re: Fix the ib_reg failure cleanup Greg Kroah-Hartman
` (298 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Devesh Sharma, Selvin Xavier,
Jason Gunthorpe, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Devesh Sharma <devesh.sharma@broadcom.com>
[ Upstream commit c354dff00db8df80f271418d8392065e10ffffb6 ]
To support host systems with non 4K page size, l2_db_size shall be
calculated with 4096 instead of PAGE_SIZE. Also, supply the host page size
to FW during initialization.
Signed-off-by: Devesh Sharma <devesh.sharma@broadcom.com>
Signed-off-by: Selvin Xavier <selvin.xavier@broadcom.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/hw/bnxt_re/qplib_rcfw.c | 6 +++++-
drivers/infiniband/hw/bnxt_re/qplib_rcfw.h | 1 +
drivers/infiniband/hw/bnxt_re/qplib_sp.c | 3 ++-
drivers/infiniband/hw/bnxt_re/roce_hsi.h | 25 ++++++++++++++++++++++++-
4 files changed, 32 insertions(+), 3 deletions(-)
--- a/drivers/infiniband/hw/bnxt_re/qplib_rcfw.c
+++ b/drivers/infiniband/hw/bnxt_re/qplib_rcfw.c
@@ -457,7 +457,11 @@ int bnxt_qplib_init_rcfw(struct bnxt_qpl
int rc;
RCFW_CMD_PREP(req, INITIALIZE_FW, cmd_flags);
-
+ /* Supply (log-base-2-of-host-page-size - base-page-shift)
+ * to bono to adjust the doorbell page sizes.
+ */
+ req.log2_dbr_pg_size = cpu_to_le16(PAGE_SHIFT -
+ RCFW_DBR_BASE_PAGE_SHIFT);
/*
* VFs need not setup the HW context area, PF
* shall setup this area for VF. Skipping the
--- a/drivers/infiniband/hw/bnxt_re/qplib_rcfw.h
+++ b/drivers/infiniband/hw/bnxt_re/qplib_rcfw.h
@@ -49,6 +49,7 @@
#define RCFW_COMM_SIZE 0x104
#define RCFW_DBR_PCI_BAR_REGION 2
+#define RCFW_DBR_BASE_PAGE_SHIFT 12
#define RCFW_CMD_PREP(req, CMD, cmd_flags) \
do { \
--- a/drivers/infiniband/hw/bnxt_re/qplib_sp.c
+++ b/drivers/infiniband/hw/bnxt_re/qplib_sp.c
@@ -130,7 +130,8 @@ int bnxt_qplib_get_dev_attr(struct bnxt_
attr->max_pkey = le32_to_cpu(sb->max_pkeys);
attr->max_inline_data = le32_to_cpu(sb->max_inline_data);
- attr->l2_db_size = (sb->l2_db_space_size + 1) * PAGE_SIZE;
+ attr->l2_db_size = (sb->l2_db_space_size + 1) *
+ (0x01 << RCFW_DBR_BASE_PAGE_SHIFT);
attr->max_sgid = le32_to_cpu(sb->max_gid);
strlcpy(attr->fw_ver, "20.6.28.0", sizeof(attr->fw_ver));
--- a/drivers/infiniband/hw/bnxt_re/roce_hsi.h
+++ b/drivers/infiniband/hw/bnxt_re/roce_hsi.h
@@ -1734,7 +1734,30 @@ struct cmdq_initialize_fw {
#define CMDQ_INITIALIZE_FW_TIM_PG_SIZE_PG_2M (0x3UL << 4)
#define CMDQ_INITIALIZE_FW_TIM_PG_SIZE_PG_8M (0x4UL << 4)
#define CMDQ_INITIALIZE_FW_TIM_PG_SIZE_PG_1G (0x5UL << 4)
- __le16 reserved16;
+ /* This value is (log-base-2-of-DBR-page-size - 12).
+ * 0 for 4KB. HW supported values are enumerated below.
+ */
+ __le16 log2_dbr_pg_size;
+ #define CMDQ_INITIALIZE_FW_LOG2_DBR_PG_SIZE_MASK 0xfUL
+ #define CMDQ_INITIALIZE_FW_LOG2_DBR_PG_SIZE_SFT 0
+ #define CMDQ_INITIALIZE_FW_LOG2_DBR_PG_SIZE_PG_4K 0x0UL
+ #define CMDQ_INITIALIZE_FW_LOG2_DBR_PG_SIZE_PG_8K 0x1UL
+ #define CMDQ_INITIALIZE_FW_LOG2_DBR_PG_SIZE_PG_16K 0x2UL
+ #define CMDQ_INITIALIZE_FW_LOG2_DBR_PG_SIZE_PG_32K 0x3UL
+ #define CMDQ_INITIALIZE_FW_LOG2_DBR_PG_SIZE_PG_64K 0x4UL
+ #define CMDQ_INITIALIZE_FW_LOG2_DBR_PG_SIZE_PG_128K 0x5UL
+ #define CMDQ_INITIALIZE_FW_LOG2_DBR_PG_SIZE_PG_256K 0x6UL
+ #define CMDQ_INITIALIZE_FW_LOG2_DBR_PG_SIZE_PG_512K 0x7UL
+ #define CMDQ_INITIALIZE_FW_LOG2_DBR_PG_SIZE_PG_1M 0x8UL
+ #define CMDQ_INITIALIZE_FW_LOG2_DBR_PG_SIZE_PG_2M 0x9UL
+ #define CMDQ_INITIALIZE_FW_LOG2_DBR_PG_SIZE_PG_4M 0xaUL
+ #define CMDQ_INITIALIZE_FW_LOG2_DBR_PG_SIZE_PG_8M 0xbUL
+ #define CMDQ_INITIALIZE_FW_LOG2_DBR_PG_SIZE_PG_16M 0xcUL
+ #define CMDQ_INITIALIZE_FW_LOG2_DBR_PG_SIZE_PG_32M 0xdUL
+ #define CMDQ_INITIALIZE_FW_LOG2_DBR_PG_SIZE_PG_64M 0xeUL
+ #define CMDQ_INITIALIZE_FW_LOG2_DBR_PG_SIZE_PG_128M 0xfUL
+ #define CMDQ_INITIALIZE_FW_LOG2_DBR_PG_SIZE_LAST \
+ CMDQ_INITIALIZE_FW_LOG2_DBR_PG_SIZE_PG_128M
__le64 qpc_page_dir;
__le64 mrw_page_dir;
__le64 srq_page_dir;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 185/496] RDMA/bnxt_re: Fix the ib_reg failure cleanup
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (170 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 184/496] RDMA/bnxt_re: Fix incorrect DB offset calculation Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 187/496] drm/amd/amdgpu: Correct VRAM width for APUs with GMC9 Greg Kroah-Hartman
` (297 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Selvin Xavier, Jason Gunthorpe, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Selvin Xavier <selvin.xavier@broadcom.com>
[ Upstream commit 497158aa5f520db50452ef928c0f955cb42f2e77 ]
Release the netdev references in the cleanup path. Invokes the cleanup
routines if bnxt_re_ib_reg fails.
Signed-off-by: Selvin Xavier <selvin.xavier@broadcom.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/hw/bnxt_re/main.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/drivers/infiniband/hw/bnxt_re/main.c
+++ b/drivers/infiniband/hw/bnxt_re/main.c
@@ -1240,9 +1240,12 @@ static void bnxt_re_task(struct work_str
switch (re_work->event) {
case NETDEV_REGISTER:
rc = bnxt_re_ib_reg(rdev);
- if (rc)
+ if (rc) {
dev_err(rdev_to_dev(rdev),
"Failed to register with IB: %#x", rc);
+ bnxt_re_remove_one(rdev);
+ bnxt_re_dev_unreg(rdev);
+ }
break;
case NETDEV_UP:
bnxt_re_dispatch_event(&rdev->ibdev, NULL, 1,
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 187/496] drm/amd/amdgpu: Correct VRAM width for APUs with GMC9
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (171 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 185/496] RDMA/bnxt_re: Fix the ib_reg failure cleanup Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 188/496] xfrm: Fix ESN sequence number handling for IPsec GSO packets Greg Kroah-Hartman
` (296 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tom St Denis, Alex Deucher, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tom St Denis <tom.stdenis@amd.com>
[ Upstream commit 585b7f161c85bd5ca675b97580faf21c506541e3 ]
DDR4 has a 64-bit width not 128-bits. It was reporting
twice the width. Tested with my Ryzen 2400G.
Signed-off-by: Tom St Denis <tom.stdenis@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c
+++ b/drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c
@@ -456,7 +456,10 @@ static int gmc_v9_0_mc_init(struct amdgp
adev->mc.vram_width = amdgpu_atomfirmware_get_vram_width(adev);
if (!adev->mc.vram_width) {
/* hbm memory channel size */
- chansize = 128;
+ if (adev->flags & AMD_IS_APU)
+ chansize = 64;
+ else
+ chansize = 128;
tmp = RREG32_SOC15(DF, 0, mmDF_CS_AON0_DramBaseAddress0);
tmp &= DF_CS_AON0_DramBaseAddress0__IntLvNumChan_MASK;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 188/496] xfrm: Fix ESN sequence number handling for IPsec GSO packets.
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (172 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 187/496] drm/amd/amdgpu: Correct VRAM width for APUs with GMC9 Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 189/496] arm64: dts: rockchip: Fix rk3399-gru-* s2r (pinctrl hogs, wifi reset) Greg Kroah-Hartman
` (295 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Steffen Klassert, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Steffen Klassert <steffen.klassert@secunet.com>
[ Upstream commit b8b549eec8187ac1b12075d69a2d84d89b5e811a ]
When IPsec offloading was introduced, we accidentally incremented
the sequence number counter on the xfrm_state by one packet
too much in the ESN case. This leads to a sequence number gap of
one packet after each GSO packet. Fix this by setting the sequence
number to the correct value.
Fixes: d7dbefc45cf5 ("xfrm: Add xfrm_replay_overflow functions for offloading")
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/xfrm/xfrm_replay.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/xfrm/xfrm_replay.c
+++ b/net/xfrm/xfrm_replay.c
@@ -658,7 +658,7 @@ static int xfrm_replay_overflow_offload_
} else {
XFRM_SKB_CB(skb)->seq.output.low = oseq + 1;
XFRM_SKB_CB(skb)->seq.output.hi = oseq_hi;
- xo->seq.low = oseq = oseq + 1;
+ xo->seq.low = oseq + 1;
xo->seq.hi = oseq_hi;
oseq += skb_shinfo(skb)->gso_segs;
}
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 189/496] arm64: dts: rockchip: Fix rk3399-gru-* s2r (pinctrl hogs, wifi reset)
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (173 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 188/496] xfrm: Fix ESN sequence number handling for IPsec GSO packets Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 190/496] drm/sun4i: Fix dclk_set_phase Greg Kroah-Hartman
` (294 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marc Zyngier, Douglas Anderson,
Enric Balletbo i Serra, Heiko Stuebner, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Douglas Anderson <dianders@chromium.org>
[ Upstream commit 2560da49de5d0cfec22e9564023aebfffa094732 ]
Back in the early days when gru devices were still under development
we found an issue where the WiFi reset line needed to be configured as
early as possible during the boot process to avoid the WiFi module
being in a bad state.
We found that the way to get the kernel to do this in the earliest
possible place was to configure this line in the pinctrl hogs, so
that's what we did. For some history here you can see
<http://crosreview.com/368770>. After the time that change landed in
the kernel, we landed a firmware change to configure this line even
earlier. See <http://crosreview.com/399919>. However, even after the
firmware change landed we kept the kernel change to deal with the fact
that some people working on devices might take a little while to
update their firmware.
At this there are definitely zero devices out in the wild that have
firmware without the fix in it. Specifically looking in the firmware
branch several critically important fixes for memory stability landed
after the patch in coreboot and I know we didn't ship without those.
Thus, by now, everyone should have the new firmware and it's safe to
not have the kernel set this up in a pinctrl hog.
Historically, even though it wasn't needed to have this in a pinctrl
hog, we still kept it since it didn't hurt. Pinctrl would apply the
default hog at bootup and then would never touch things again. That
all changed with commit 981ed1bfbc6c ("pinctrl: Really force states
during suspend/resume"). After that commit then we'll re-apply the
default hog at resume time and that can screw up the reset state of
WiFi. ...and on rk3399 if you touch a device on PCIe in the wrong way
then the whole system can go haywire. That's what was happening.
Specifically you'd resume a rk3399-gru-* device and it would mostly
resume, then would crash with some crazy weird crash.
One could say, perhaps, that the recent pinctrl change was at fault
(and should be fixed) since it changed behavior. ...but that's not
really true. The device tree for rk3399-gru is really to blame.
Specifically since the pinctrl is defined in the hog and not in the
"wlan-pd-n" node then the actual user of this pin doesn't have a
pinctrl entry for it. That's bad.
Let's fix our problems by just moving the control of
"wlan_module_reset_l pinctrl" out of the hog and put them in the
proper place.
NOTE: in theory, I think it should actually be possible to have a pin
controlled _both_ by the hog and by an actual device. Once the device
claims the pin I think the hog is supposed to let go. I'm not 100%
sure that this works and in any case this solution would be more
complex than is necessary.
Reported-by: Marc Zyngier <marc.zyngier@arm.com>
Fixes: 48f4d9796d99 ("arm64: dts: rockchip: add Gru/Kevin DTS")
Fixes: 981ed1bfbc6c ("pinctrl: Really force states during suspend/resume")
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Tested-by: Enric Balletbo i Serra <enric.balletbo@collabora.com>
Tested-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/boot/dts/rockchip/rk3399-gru.dtsi | 16 +++-------------
1 file changed, 3 insertions(+), 13 deletions(-)
--- a/arch/arm64/boot/dts/rockchip/rk3399-gru.dtsi
+++ b/arch/arm64/boot/dts/rockchip/rk3399-gru.dtsi
@@ -406,8 +406,9 @@
wlan_pd_n: wlan-pd-n {
compatible = "regulator-fixed";
regulator-name = "wlan_pd_n";
+ pinctrl-names = "default";
+ pinctrl-0 = <&wlan_module_reset_l>;
- /* Note the wlan_module_reset_l pinctrl */
enable-active-high;
gpio = <&gpio1 11 GPIO_ACTIVE_HIGH>;
@@ -940,12 +941,6 @@ ap_i2c_audio: &i2c8 {
pinctrl-0 = <
&ap_pwroff /* AP will auto-assert this when in S3 */
&clk_32k /* This pin is always 32k on gru boards */
-
- /*
- * We want this driven low ASAP; firmware should help us, but
- * we can help ourselves too.
- */
- &wlan_module_reset_l
>;
pcfg_output_low: pcfg-output-low {
@@ -1125,12 +1120,7 @@ ap_i2c_audio: &i2c8 {
};
wlan_module_reset_l: wlan-module-reset-l {
- /*
- * We want this driven low ASAP (As {Soon,Strongly} As
- * Possible), to avoid leakage through the powered-down
- * WiFi.
- */
- rockchip,pins = <1 11 RK_FUNC_GPIO &pcfg_output_low>;
+ rockchip,pins = <1 11 RK_FUNC_GPIO &pcfg_pull_none>;
};
bt_host_wake_l: bt-host-wake-l {
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 190/496] drm/sun4i: Fix dclk_set_phase
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (174 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 189/496] arm64: dts: rockchip: Fix rk3399-gru-* s2r (pinctrl hogs, wifi reset) Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 191/496] btrfs: use kvzalloc to allocate btrfs_fs_info Greg Kroah-Hartman
` (293 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Giulio Benetti, Maxime Ripard, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Giulio Benetti <giulio.benetti@micronovasrl.com>
[ Upstream commit e64b6afa98f3629d0c0c46233bbdbe8acdb56f06 ]
Phase value is not shifted before writing.
Shift left of 28 bits to fit right bits
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Maxime Ripard <maxime.ripard@bootlin.com>
Link: https://patchwork.freedesktop.org/patch/msgid/1519836413-35023-1-git-send-email-giulio.benetti@micronovasrl.com
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/sun4i/sun4i_dotclock.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/drivers/gpu/drm/sun4i/sun4i_dotclock.c
+++ b/drivers/gpu/drm/sun4i/sun4i_dotclock.c
@@ -129,10 +129,13 @@ static int sun4i_dclk_get_phase(struct c
static int sun4i_dclk_set_phase(struct clk_hw *hw, int degrees)
{
struct sun4i_dclk *dclk = hw_to_dclk(hw);
+ u32 val = degrees / 120;
+
+ val <<= 28;
regmap_update_bits(dclk->regmap, SUN4I_TCON0_IO_POL_REG,
GENMASK(29, 28),
- degrees / 120);
+ val);
return 0;
}
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 191/496] btrfs: use kvzalloc to allocate btrfs_fs_info
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (175 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 190/496] drm/sun4i: Fix dclk_set_phase Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 192/496] Btrfs: send, fix issuing write op when processing hole in no data mode Greg Kroah-Hartman
` (292 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jeff Mahoney, David Sterba, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jeff Mahoney <jeffm@suse.com>
[ Upstream commit a8fd1f71749387c9a1053a83ff1c16287499a4e7 ]
The srcu_struct in btrfs_fs_info scales in size with NR_CPUS. On
kernels built with NR_CPUS=8192, this can result in kmalloc failures
that prevent mounting.
There is work in progress to try to resolve this for every user of
srcu_struct but using kvzalloc will work around the failures until
that is complete.
As an example with NR_CPUS=512 on x86_64: the overall size of
subvol_srcu is 3460 bytes, fs_info is 6496.
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/ctree.h | 2 +-
fs/btrfs/super.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
--- a/fs/btrfs/ctree.h
+++ b/fs/btrfs/ctree.h
@@ -2969,7 +2969,7 @@ static inline void free_fs_info(struct b
kfree(fs_info->super_copy);
kfree(fs_info->super_for_commit);
security_free_mnt_opts(&fs_info->security_opts);
- kfree(fs_info);
+ kvfree(fs_info);
}
/* tree mod log functions from ctree.c */
--- a/fs/btrfs/super.c
+++ b/fs/btrfs/super.c
@@ -1581,7 +1581,7 @@ static struct dentry *btrfs_mount(struct
* it for searching for existing supers, so this lets us do that and
* then open_ctree will properly initialize everything later.
*/
- fs_info = kzalloc(sizeof(struct btrfs_fs_info), GFP_KERNEL);
+ fs_info = kvzalloc(sizeof(struct btrfs_fs_info), GFP_KERNEL);
if (!fs_info) {
error = -ENOMEM;
goto error_sec_opts;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 192/496] Btrfs: send, fix issuing write op when processing hole in no data mode
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (176 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 191/496] btrfs: use kvzalloc to allocate btrfs_fs_info Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 193/496] Btrfs: fix log replay failure after linking special file and fsync Greg Kroah-Hartman
` (291 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Filipe Manana, David Sterba, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Filipe Manana <fdmanana@suse.com>
[ Upstream commit d4dfc0f4d39475ccbbac947880b5464a74c30b99 ]
When doing an incremental send of a filesystem with the no-holes feature
enabled, we end up issuing a write operation when using the no data mode
send flag, instead of issuing an update extent operation. Fix this by
issuing the update extent operation instead.
Trivial reproducer:
$ mkfs.btrfs -f -O no-holes /dev/sdc
$ mkfs.btrfs -f /dev/sdd
$ mount /dev/sdc /mnt/sdc
$ mount /dev/sdd /mnt/sdd
$ xfs_io -f -c "pwrite -S 0xab 0 32K" /mnt/sdc/foobar
$ btrfs subvolume snapshot -r /mnt/sdc /mnt/sdc/snap1
$ xfs_io -c "fpunch 8K 8K" /mnt/sdc/foobar
$ btrfs subvolume snapshot -r /mnt/sdc /mnt/sdc/snap2
$ btrfs send /mnt/sdc/snap1 | btrfs receive /mnt/sdd
$ btrfs send --no-data -p /mnt/sdc/snap1 /mnt/sdc/snap2 \
| btrfs receive -vv /mnt/sdd
Before this change the output of the second receive command is:
receiving snapshot snap2 uuid=f6922049-8c22-e544-9ff9-fc6755918447...
utimes
write foobar, offset 8192, len 8192
utimes foobar
BTRFS_IOC_SET_RECEIVED_SUBVOL uuid=f6922049-8c22-e544-9ff9-...
After this change it is:
receiving snapshot snap2 uuid=564d36a3-ebc8-7343-aec9-bf6fda278e64...
utimes
update_extent foobar: offset=8192, len=8192
utimes foobar
BTRFS_IOC_SET_RECEIVED_SUBVOL uuid=564d36a3-ebc8-7343-aec9-bf6fda278e64...
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/send.c | 3 +++
1 file changed, 3 insertions(+)
--- a/fs/btrfs/send.c
+++ b/fs/btrfs/send.c
@@ -5008,6 +5008,9 @@ static int send_hole(struct send_ctx *sc
u64 len;
int ret = 0;
+ if (sctx->flags & BTRFS_SEND_FLAG_NO_FILE_DATA)
+ return send_update_extent(sctx, offset, end - offset);
+
p = fs_path_alloc();
if (!p)
return -ENOMEM;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 193/496] Btrfs: fix log replay failure after linking special file and fsync
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (177 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 192/496] Btrfs: send, fix issuing write op when processing hole in no data mode Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 194/496] ceph: fix potential memory leak in init_caches() Greg Kroah-Hartman
` (290 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Filipe Manana, David Sterba, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Filipe Manana <fdmanana@suse.com>
[ Upstream commit 9a6509c4daa91400b52a5fd541a5521c649a8fea ]
If in the same transaction we rename a special file (fifo, character/block
device or symbolic link), create a hard link for it having its old name
then sync the log, we will end up with a log that can not be replayed and
at when attempting to replay it, an EEXIST error is returned and mounting
the filesystem fails. Example scenario:
$ mkfs.btrfs -f /dev/sdc
$ mount /dev/sdc /mnt
$ mkdir /mnt/testdir
$ mkfifo /mnt/testdir/foo
# Make sure everything done so far is durably persisted.
$ sync
# Create some unrelated file and fsync it, this is just to create a log
# tree. The file must be in the same directory as our special file.
$ touch /mnt/testdir/f1
$ xfs_io -c "fsync" /mnt/testdir/f1
# Rename our special file and then create a hard link with its old name.
$ mv /mnt/testdir/foo /mnt/testdir/bar
$ ln /mnt/testdir/bar /mnt/testdir/foo
# Create some other unrelated file and fsync it, this is just to persist
# the log tree which was modified by the previous rename and link
# operations. Alternatively we could have modified file f1 and fsync it.
$ touch /mnt/f2
$ xfs_io -c "fsync" /mnt/f2
<power failure>
$ mount /dev/sdc /mnt
mount: mount /dev/sdc on /mnt failed: File exists
This happens because when both the log tree and the subvolume's tree have
an entry in the directory "testdir" with the same name, that is, there
is one key (258 INODE_REF 257) in the subvolume tree and another one in
the log tree (where 258 is the inode number of our special file and 257
is the inode for directory "testdir"). Only the data of those two keys
differs, in the subvolume tree the index field for inode reference has
a value of 3 while the log tree it has a value of 5. Because the same key
exists in both trees, but have different index, the log replay fails with
an -EEXIST error when attempting to replay the inode reference from the
log tree.
Fix this by setting the last_unlink_trans field of the inode (our special
file) to the current transaction id when a hard link is created, as this
forces logging the parent directory inode, solving the conflict at log
replay time.
A new generic test case for fstests was also submitted.
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/tree-log.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/btrfs/tree-log.c
+++ b/fs/btrfs/tree-log.c
@@ -5888,7 +5888,7 @@ int btrfs_log_new_name(struct btrfs_tran
* this will force the logging code to walk the dentry chain
* up for the file
*/
- if (S_ISREG(inode->vfs_inode.i_mode))
+ if (!S_ISDIR(inode->vfs_inode.i_mode))
inode->last_unlink_trans = trans->transid;
/*
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 194/496] ceph: fix potential memory leak in init_caches()
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (178 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 193/496] Btrfs: fix log replay failure after linking special file and fsync Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 195/496] block: display the correct diskname for bio Greg Kroah-Hartman
` (289 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chengguang Xu, Ilya Dryomov, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chengguang Xu <cgxu519@icloud.com>
[ Upstream commit 1c789249578895bb14ab62b4327306439b754857 ]
There is lack of cache destroy operation for ceph_file_cachep
when failing from fscache register.
Signed-off-by: Chengguang Xu <cgxu519@icloud.com>
Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ceph/super.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
--- a/fs/ceph/super.c
+++ b/fs/ceph/super.c
@@ -712,14 +712,17 @@ static int __init init_caches(void)
goto bad_dentry;
ceph_file_cachep = KMEM_CACHE(ceph_file_info, SLAB_MEM_SPREAD);
-
if (!ceph_file_cachep)
goto bad_file;
- if ((error = ceph_fscache_register()))
- goto bad_file;
+ error = ceph_fscache_register();
+ if (error)
+ goto bad_fscache;
return 0;
+
+bad_fscache:
+ kmem_cache_destroy(ceph_file_cachep);
bad_file:
kmem_cache_destroy(ceph_dentry_cachep);
bad_dentry:
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 195/496] block: display the correct diskname for bio
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (179 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 194/496] ceph: fix potential memory leak in init_caches() Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 196/496] nvme-pci: Fix EEH failure on ppc Greg Kroah-Hartman
` (288 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Omar Sandoval, Christoph Hellwig,
Jiufei Xue, Jens Axboe, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiufei Xue <jiufei.xue@linux.alibaba.com>
[ Upstream commit 9c0fb1e313aaf4e8edec22433c8b22dd308e466c ]
bio_devname use __bdevname to display the device name, and can
only show the major and minor of the part0,
Fix this by using disk_name to display the correct name.
Fixes: 74d46992e0d9 ("block: replace bi_bdev with a gendisk pointer and partitions index")
Reviewed-by: Omar Sandoval <osandov@fb.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jiufei Xue <jiufei.xue@linux.alibaba.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/partition-generic.c | 6 ++++++
include/linux/bio.h | 4 +---
2 files changed, 7 insertions(+), 3 deletions(-)
--- a/block/partition-generic.c
+++ b/block/partition-generic.c
@@ -51,6 +51,12 @@ const char *bdevname(struct block_device
EXPORT_SYMBOL(bdevname);
+const char *bio_devname(struct bio *bio, char *buf)
+{
+ return disk_name(bio->bi_disk, bio->bi_partno, buf);
+}
+EXPORT_SYMBOL(bio_devname);
+
/*
* There's very little reason to use this, you should really
* have a struct block_device just about everywhere and use
--- a/include/linux/bio.h
+++ b/include/linux/bio.h
@@ -501,6 +501,7 @@ void zero_fill_bio(struct bio *bio);
extern struct bio_vec *bvec_alloc(gfp_t, int, unsigned long *, mempool_t *);
extern void bvec_free(mempool_t *, struct bio_vec *, unsigned int);
extern unsigned int bvec_nr_vecs(unsigned short idx);
+extern const char *bio_devname(struct bio *bio, char *buffer);
#define bio_set_dev(bio, bdev) \
do { \
@@ -519,9 +520,6 @@ do { \
#define bio_dev(bio) \
disk_devt((bio)->bi_disk)
-#define bio_devname(bio, buf) \
- __bdevname(bio_dev(bio), (buf))
-
#ifdef CONFIG_BLK_CGROUP
int bio_associate_blkcg(struct bio *bio, struct cgroup_subsys_state *blkcg_css);
int bio_associate_current(struct bio *bio);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 196/496] nvme-pci: Fix EEH failure on ppc
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (180 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 195/496] block: display the correct diskname for bio Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 197/496] nvme: pci: pass max vectors as num_possible_cpus() to pci_alloc_irq_vectors Greg Kroah-Hartman
` (287 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wen Xiong, Keith Busch, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Wen Xiong <wenxiong@linux.vnet.ibm.com>
[ Upstream commit 651438bb0af5213f1f70d66e75bf11d08cb5537a ]
Triggering PPC EEH detection and handling requires a memory mapped read
failure. The NVMe driver removed the periodic health check MMIO, so
there's no early detection mechanism to trigger the recovery. Instead,
the detection now happens when the nvme driver handles an IO timeout
event. This takes the pci channel offline, so we do not want the driver
to proceed with escalating its own recovery efforts that may conflict
with the EEH handler.
This patch ensures the driver will observe the channel was set to offline
after a failed MMIO read and resets the IO timer so the EEH handler has
a chance to recover the device.
Signed-off-by: Wen Xiong <wenxiong@linux.vnet.ibm.com>
[updated change log]
Signed-off-by: Keith Busch <keith.busch@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/nvme/host/pci.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
--- a/drivers/nvme/host/pci.c
+++ b/drivers/nvme/host/pci.c
@@ -1013,12 +1013,6 @@ static bool nvme_should_reset(struct nvm
if (!(csts & NVME_CSTS_CFS) && !nssro)
return false;
- /* If PCI error recovery process is happening, we cannot reset or
- * the recovery mechanism will surely fail.
- */
- if (pci_channel_offline(to_pci_dev(dev->dev)))
- return false;
-
return true;
}
@@ -1049,6 +1043,13 @@ static enum blk_eh_timer_return nvme_tim
struct nvme_command cmd;
u32 csts = readl(dev->bar + NVME_REG_CSTS);
+ /* If PCI error recovery process is happening, we cannot reset or
+ * the recovery mechanism will surely fail.
+ */
+ mb();
+ if (pci_channel_offline(to_pci_dev(dev->dev)))
+ return BLK_EH_RESET_TIMER;
+
/*
* Reset immediately if the controller is failed
*/
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 197/496] nvme: pci: pass max vectors as num_possible_cpus() to pci_alloc_irq_vectors
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (181 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 196/496] nvme-pci: Fix EEH failure on ppc Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 198/496] selftests/powerpc: Skip the subpage_prot tests if the syscall is unavailable Greg Kroah-Hartman
` (286 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Keith Busch, Sagi Grimberg,
Thomas Gleixner, Christoph Hellwig, Ming Lei, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ming Lei <ming.lei@redhat.com>
[ Upstream commit 16ccfff2897613007b5eda9e29d65303c6280026 ]
84676c1f21 ("genirq/affinity: assign vectors to all possible CPUs")
has switched to do irq vectors spread among all possible CPUs, so
pass num_possible_cpus() as max vecotrs to be assigned.
For example, in a 8 cores system, 0~3 online, 4~8 offline/not present,
see 'lscpu':
[ming@box]$lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 4
On-line CPU(s) list: 0-3
Thread(s) per core: 1
Core(s) per socket: 2
Socket(s): 2
NUMA node(s): 2
...
NUMA node0 CPU(s): 0-3
NUMA node1 CPU(s):
...
1) before this patch, follows the allocated vectors and their affinity:
irq 47, cpu list 0,4
irq 48, cpu list 1,6
irq 49, cpu list 2,5
irq 50, cpu list 3,7
2) after this patch, follows the allocated vectors and their affinity:
irq 43, cpu list 0
irq 44, cpu list 1
irq 45, cpu list 2
irq 46, cpu list 3
irq 47, cpu list 4
irq 48, cpu list 6
irq 49, cpu list 5
irq 50, cpu list 7
Cc: Keith Busch <keith.busch@intel.com>
Cc: Sagi Grimberg <sagi@grimberg.me>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Keith Busch <keith.busch@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/nvme/host/pci.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/nvme/host/pci.c
+++ b/drivers/nvme/host/pci.c
@@ -1770,7 +1770,7 @@ static int nvme_setup_io_queues(struct n
int result, nr_io_queues;
unsigned long size;
- nr_io_queues = num_present_cpus();
+ nr_io_queues = num_possible_cpus();
result = nvme_set_queue_count(&dev->ctrl, &nr_io_queues);
if (result < 0)
return result;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 198/496] selftests/powerpc: Skip the subpage_prot tests if the syscall is unavailable
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (182 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 197/496] nvme: pci: pass max vectors as num_possible_cpus() to pci_alloc_irq_vectors Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 199/496] scsi: core: return BLK_STS_OK for DID_OK in __scsi_error_from_host_byte() Greg Kroah-Hartman
` (285 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Michael Ellerman, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Ellerman <mpe@ellerman.id.au>
[ Upstream commit cd4a6f3ab4d80cb919d15897eb3cbc85c2009d4b ]
The subpage_prot syscall is only functional when the system is using
the Hash MMU. Since commit 5b2b80714796 ("powerpc/mm: Invalidate
subpage_prot() system call on radix platforms") it returns ENOENT when
the Radix MMU is active. Currently this just makes the test fail.
Additionally the syscall is not available if the kernel is built with
4K pages, or if CONFIG_PPC_SUBPAGE_PROT=n, in which case it returns
ENOSYS because the syscall is missing entirely.
So check explicitly for ENOENT and ENOSYS and skip if we see either of
those.
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/testing/selftests/powerpc/mm/subpage_prot.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
--- a/tools/testing/selftests/powerpc/mm/subpage_prot.c
+++ b/tools/testing/selftests/powerpc/mm/subpage_prot.c
@@ -135,6 +135,16 @@ static int run_test(void *addr, unsigned
return 0;
}
+static int syscall_available(void)
+{
+ int rc;
+
+ errno = 0;
+ rc = syscall(__NR_subpage_prot, 0, 0, 0);
+
+ return rc == 0 || (errno != ENOENT && errno != ENOSYS);
+}
+
int test_anon(void)
{
unsigned long align;
@@ -145,6 +155,8 @@ int test_anon(void)
void *mallocblock;
unsigned long mallocsize;
+ SKIP_IF(!syscall_available());
+
if (getpagesize() != 0x10000) {
fprintf(stderr, "Kernel page size must be 64K!\n");
return 1;
@@ -180,6 +192,8 @@ int test_file(void)
off_t filesize;
int fd;
+ SKIP_IF(!syscall_available());
+
fd = open(file_name, O_RDWR);
if (fd == -1) {
perror("failed to open file");
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 199/496] scsi: core: return BLK_STS_OK for DID_OK in __scsi_error_from_host_byte()
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (183 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 198/496] selftests/powerpc: Skip the subpage_prot tests if the syscall is unavailable Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 13:59 ` Steffen Maier
2018-05-28 9:59 ` [PATCH 4.14 200/496] net: ethtool: dont ignore return from driver get_fecparam method Greg Kroah-Hartman
` (284 subsequent siblings)
469 siblings, 1 reply; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Doug Gilbert, Hannes Reinecke,
Martin K. Petersen, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hannes Reinecke <hare@suse.de>
[ Upstream commit e39a97353e5378eb46bf01679799c5704d397f32 ]
When converting __scsi_error_from_host_byte() to BLK_STS error codes the
case DID_OK was forgotten, resulting in it always returning an error.
Fixes: 2a842acab109 ("block: introduce new block status code type")
Cc: Doug Gilbert <dgilbert@interlog.com>
Signed-off-by: Hannes Reinecke <hare@suse.com>
Reviewed-by: Douglas Gilbert <dgilbert@interlog.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/scsi_lib.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/scsi/scsi_lib.c
+++ b/drivers/scsi/scsi_lib.c
@@ -720,6 +720,8 @@ static blk_status_t __scsi_error_from_ho
int result)
{
switch (host_byte(result)) {
+ case DID_OK:
+ return BLK_STS_OK;
case DID_TRANSPORT_FAILFAST:
return BLK_STS_TRANSPORT;
case DID_TARGET_FAILURE:
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 200/496] net: ethtool: dont ignore return from driver get_fecparam method
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (184 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 199/496] scsi: core: return BLK_STS_OK for DID_OK in __scsi_error_from_host_byte() Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 201/496] iwlwifi: mvm: fix TX of CCMP 256 Greg Kroah-Hartman
` (283 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Edward Cree, David S. Miller, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Edward Cree <ecree@solarflare.com>
[ Upstream commit a6d50512b4d86ecd9f5952525e454583be1c3b14 ]
If ethtool_ops->get_fecparam returns an error, pass that error on to the
user, rather than ignoring it.
Fixes: 1a5f3da20bd9 ("net: ethtool: add support for forward error correction modes")
Signed-off-by: Edward Cree <ecree@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/core/ethtool.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/net/core/ethtool.c
+++ b/net/core/ethtool.c
@@ -2505,11 +2505,14 @@ static int set_phy_tunable(struct net_de
static int ethtool_get_fecparam(struct net_device *dev, void __user *useraddr)
{
struct ethtool_fecparam fecparam = { ETHTOOL_GFECPARAM };
+ int rc;
if (!dev->ethtool_ops->get_fecparam)
return -EOPNOTSUPP;
- dev->ethtool_ops->get_fecparam(dev, &fecparam);
+ rc = dev->ethtool_ops->get_fecparam(dev, &fecparam);
+ if (rc)
+ return rc;
if (copy_to_user(useraddr, &fecparam, sizeof(fecparam)))
return -EFAULT;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 201/496] iwlwifi: mvm: fix TX of CCMP 256
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (185 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 200/496] net: ethtool: dont ignore return from driver get_fecparam method Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 202/496] iwlwifi: mvm: Fix channel switch for count 0 and 1 Greg Kroah-Hartman
` (282 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sara Sharon, Luca Coelho, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sara Sharon <sara.sharon@intel.com>
[ Upstream commit de04d4fbf87b769ab18c480e4f020c53e74bbdd2 ]
We don't have enough room in the TX command for a CCMP 256
key, and need to use key from table.
Fixes: 3264bf032bd9 ("[BUGFIX] iwlwifi: mvm: Fix CCMP IV setting")
Signed-off-by: Sara Sharon <sara.sharon@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--- a/drivers/net/wireless/intel/iwlwifi/mvm/tx.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/tx.c
@@ -419,11 +419,11 @@ static void iwl_mvm_set_tx_cmd_crypto(st
{
struct ieee80211_key_conf *keyconf = info->control.hw_key;
u8 *crypto_hdr = skb_frag->data + hdrlen;
+ enum iwl_tx_cmd_sec_ctrl type = TX_CMD_SEC_CCM;
u64 pn;
switch (keyconf->cipher) {
case WLAN_CIPHER_SUITE_CCMP:
- case WLAN_CIPHER_SUITE_CCMP_256:
iwl_mvm_set_tx_cmd_ccmp(info, tx_cmd);
iwl_mvm_set_tx_cmd_pn(info, crypto_hdr);
break;
@@ -447,13 +447,16 @@ static void iwl_mvm_set_tx_cmd_crypto(st
break;
case WLAN_CIPHER_SUITE_GCMP:
case WLAN_CIPHER_SUITE_GCMP_256:
+ type = TX_CMD_SEC_GCMP;
+ /* Fall through */
+ case WLAN_CIPHER_SUITE_CCMP_256:
/* TODO: Taking the key from the table might introduce a race
* when PTK rekeying is done, having an old packets with a PN
* based on the old key but the message encrypted with a new
* one.
* Need to handle this.
*/
- tx_cmd->sec_ctl |= TX_CMD_SEC_GCMP | TX_CMD_SEC_KEY_FROM_TABLE;
+ tx_cmd->sec_ctl |= type | TX_CMD_SEC_KEY_FROM_TABLE;
tx_cmd->key[0] = keyconf->hw_key_idx;
iwl_mvm_set_tx_cmd_pn(info, crypto_hdr);
break;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 202/496] iwlwifi: mvm: Fix channel switch for count 0 and 1
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (186 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 201/496] iwlwifi: mvm: fix TX of CCMP 256 Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 203/496] iwlwifi: mvm: fix assert 0x2B00 on older FWs Greg Kroah-Hartman
` (281 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andrei Otcheretianski, Luca Coelho,
Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
[ Upstream commit 40d53f4a60c9eb10d4fa58066c23ba1af8a59e39 ]
It was assumed that apply_time==0 implies immediate scheduling, which is
wrong. Instead, the fw expects the START_IMMEDIATELY flag to be set.
Otherwise, this resulted in 0x3063 assert.
Fix that.
While at it rename the T2_V2_START_IMMEDIATELY to
TE_V2_START_IMMEDIATELY.
Fixes: f5d8f50f271d ("iwlwifi: mvm: Fix channel switch in case of count <= 1")
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/intel/iwlwifi/fw/api/time-event.h | 4 ++--
drivers/net/wireless/intel/iwlwifi/mvm/time-event.c | 6 ++++--
2 files changed, 6 insertions(+), 4 deletions(-)
--- a/drivers/net/wireless/intel/iwlwifi/fw/api/time-event.h
+++ b/drivers/net/wireless/intel/iwlwifi/fw/api/time-event.h
@@ -211,7 +211,7 @@ enum {
* @TE_V2_NOTIF_HOST_FRAG_END:request/receive notification on frag end
* @TE_V2_NOTIF_INTERNAL_FRAG_START: internal FW use.
* @TE_V2_NOTIF_INTERNAL_FRAG_END: internal FW use.
- * @T2_V2_START_IMMEDIATELY: start time event immediately
+ * @TE_V2_START_IMMEDIATELY: start time event immediately
* @TE_V2_DEP_OTHER: depends on another time event
* @TE_V2_DEP_TSF: depends on a specific time
* @TE_V2_EVENT_SOCIOPATHIC: can't co-exist with other events of tha same MAC
@@ -230,7 +230,7 @@ enum iwl_time_event_policy {
TE_V2_NOTIF_HOST_FRAG_END = BIT(5),
TE_V2_NOTIF_INTERNAL_FRAG_START = BIT(6),
TE_V2_NOTIF_INTERNAL_FRAG_END = BIT(7),
- T2_V2_START_IMMEDIATELY = BIT(11),
+ TE_V2_START_IMMEDIATELY = BIT(11),
/* placement characteristics */
TE_V2_DEP_OTHER = BIT(TE_V2_PLACEMENT_POS),
--- a/drivers/net/wireless/intel/iwlwifi/mvm/time-event.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/time-event.c
@@ -621,7 +621,7 @@ void iwl_mvm_protect_session(struct iwl_
time_cmd.repeat = 1;
time_cmd.policy = cpu_to_le16(TE_V2_NOTIF_HOST_EVENT_START |
TE_V2_NOTIF_HOST_EVENT_END |
- T2_V2_START_IMMEDIATELY);
+ TE_V2_START_IMMEDIATELY);
if (!wait_for_notif) {
iwl_mvm_time_event_send_add(mvm, vif, te_data, &time_cmd);
@@ -814,7 +814,7 @@ int iwl_mvm_start_p2p_roc(struct iwl_mvm
time_cmd.repeat = 1;
time_cmd.policy = cpu_to_le16(TE_V2_NOTIF_HOST_EVENT_START |
TE_V2_NOTIF_HOST_EVENT_END |
- T2_V2_START_IMMEDIATELY);
+ TE_V2_START_IMMEDIATELY);
return iwl_mvm_time_event_send_add(mvm, vif, te_data, &time_cmd);
}
@@ -924,6 +924,8 @@ int iwl_mvm_schedule_csa_period(struct i
time_cmd.interval = cpu_to_le32(1);
time_cmd.policy = cpu_to_le16(TE_V2_NOTIF_HOST_EVENT_START |
TE_V2_ABSENCE);
+ if (!apply_time)
+ time_cmd.policy |= cpu_to_le16(TE_V2_START_IMMEDIATELY);
return iwl_mvm_time_event_send_add(mvm, vif, te_data, &time_cmd);
}
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 203/496] iwlwifi: mvm: fix assert 0x2B00 on older FWs
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (187 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 202/496] iwlwifi: mvm: Fix channel switch for count 0 and 1 Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 204/496] iwlwifi: avoid collecting firmware dump if not loaded Greg Kroah-Hartman
` (280 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sara Sharon, Luca Coelho, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sara Sharon <sara.sharon@intel.com>
[ Upstream commit 63dd5d022f4766e6b05ee611124afcc7cbfbb953 ]
We should add the multicast station before adding the
broadcast station.
However, in older FW, the firmware will start beaconing
when we add the multicast station, and since the broadcast
station is not added at this point so the transmission
of the beacon will fail on assert 0x2b00.
This is fixed in later firmware, so make the order
of addition depend on the TLV.
Fixes: 26d6c16bed53 ("iwlwifi: mvm: add multicast station")
Signed-off-by: Sara Sharon <sara.sharon@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 45 +++++++++++++++++-----
1 file changed, 35 insertions(+), 10 deletions(-)
--- a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
@@ -8,6 +8,7 @@
* Copyright(c) 2012 - 2014 Intel Corporation. All rights reserved.
* Copyright(c) 2013 - 2015 Intel Mobile Communications GmbH
* Copyright(c) 2016 - 2017 Intel Deutschland GmbH
+ * Copyright(c) 2018 Intel Corporation
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of version 2 of the GNU General Public License as
@@ -2127,15 +2128,40 @@ static int iwl_mvm_start_ap_ibss(struct
if (ret)
goto out_remove;
- ret = iwl_mvm_add_mcast_sta(mvm, vif);
- if (ret)
- goto out_unbind;
-
- /* Send the bcast station. At this stage the TBTT and DTIM time events
- * are added and applied to the scheduler */
- ret = iwl_mvm_send_add_bcast_sta(mvm, vif);
- if (ret)
- goto out_rm_mcast;
+ /*
+ * This is not very nice, but the simplest:
+ * For older FWs adding the mcast sta before the bcast station may
+ * cause assert 0x2b00.
+ * This is fixed in later FW so make the order of removal depend on
+ * the TLV
+ */
+ if (fw_has_api(&mvm->fw->ucode_capa, IWL_UCODE_TLV_API_STA_TYPE)) {
+ ret = iwl_mvm_add_mcast_sta(mvm, vif);
+ if (ret)
+ goto out_unbind;
+ /*
+ * Send the bcast station. At this stage the TBTT and DTIM time
+ * events are added and applied to the scheduler
+ */
+ ret = iwl_mvm_send_add_bcast_sta(mvm, vif);
+ if (ret) {
+ iwl_mvm_rm_mcast_sta(mvm, vif);
+ goto out_unbind;
+ }
+ } else {
+ /*
+ * Send the bcast station. At this stage the TBTT and DTIM time
+ * events are added and applied to the scheduler
+ */
+ iwl_mvm_send_add_bcast_sta(mvm, vif);
+ if (ret)
+ goto out_unbind;
+ iwl_mvm_add_mcast_sta(mvm, vif);
+ if (ret) {
+ iwl_mvm_send_rm_bcast_sta(mvm, vif);
+ goto out_unbind;
+ }
+ }
/* must be set before quota calculations */
mvmvif->ap_ibss_active = true;
@@ -2165,7 +2191,6 @@ out_quota_failed:
iwl_mvm_power_update_mac(mvm);
mvmvif->ap_ibss_active = false;
iwl_mvm_send_rm_bcast_sta(mvm, vif);
-out_rm_mcast:
iwl_mvm_rm_mcast_sta(mvm, vif);
out_unbind:
iwl_mvm_binding_remove_vif(mvm, vif);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 204/496] iwlwifi: avoid collecting firmware dump if not loaded
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (188 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 203/496] iwlwifi: mvm: fix assert 0x2B00 on older FWs Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 205/496] iwlwifi: mvm: fix "failed to remove key" message Greg Kroah-Hartman
` (279 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Shaul Triebitz, Luca Coelho, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Shaul Triebitz <shaul.triebitz@intel.com>
[ Upstream commit 8745f12a6600dd9d31122588621d4c8ddb332cd7 ]
Trying to collect firmware debug data while firmware
is not loaded causes various errors (e.g. failing NIC access).
This causes even a bigger issue if at that time the
HW radio is off.
In that case, when later turning the radio on, the Driver
fails to read the HW (registers contain garbage values).
(It may be that the CSR_GP_CNTRL_REG_FLAG_RFKILL_WAKE_L1A_EN
bit is cleared on faulty NIC access - since the same behavior
was seen in HW RFKILL toggling before setting that bit.)
Signed-off-by: Shaul Triebitz <shaul.triebitz@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 13 +++++++++++--
drivers/net/wireless/intel/iwlwifi/fw/dbg.h | 3 +++
drivers/net/wireless/intel/iwlwifi/fw/runtime.h | 3 +++
drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c | 5 ++---
drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 8 ++++++++
5 files changed, 27 insertions(+), 5 deletions(-)
--- a/drivers/net/wireless/intel/iwlwifi/fw/dbg.c
+++ b/drivers/net/wireless/intel/iwlwifi/fw/dbg.c
@@ -8,6 +8,7 @@
* Copyright(c) 2008 - 2014 Intel Corporation. All rights reserved.
* Copyright(c) 2013 - 2015 Intel Mobile Communications GmbH
* Copyright(c) 2015 - 2017 Intel Deutschland GmbH
+ * Copyright(c) 2018 Intel Corporation
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of version 2 of the GNU General Public License as
@@ -33,6 +34,7 @@
* Copyright(c) 2005 - 2014 Intel Corporation. All rights reserved.
* Copyright(c) 2013 - 2015 Intel Mobile Communications GmbH
* Copyright(c) 2015 - 2017 Intel Deutschland GmbH
+ * Copyright(c) 2018 Intel Corporation
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -928,7 +930,6 @@ dump_trans_data:
out:
iwl_fw_free_dump_desc(fwrt);
- fwrt->dump.trig = NULL;
clear_bit(IWL_FWRT_STATUS_DUMPING, &fwrt->status);
}
IWL_EXPORT_SYMBOL(iwl_fw_error_dump);
@@ -1084,6 +1085,14 @@ void iwl_fw_error_dump_wk(struct work_st
fwrt->ops->dump_start(fwrt->ops_ctx))
return;
+ if (fwrt->ops && fwrt->ops->fw_running &&
+ !fwrt->ops->fw_running(fwrt->ops_ctx)) {
+ IWL_ERR(fwrt, "Firmware not running - cannot dump error\n");
+ iwl_fw_free_dump_desc(fwrt);
+ clear_bit(IWL_FWRT_STATUS_DUMPING, &fwrt->status);
+ goto out;
+ }
+
if (fwrt->trans->cfg->device_family == IWL_DEVICE_FAMILY_7000) {
/* stop recording */
iwl_fw_dbg_stop_recording(fwrt);
@@ -1117,7 +1126,7 @@ void iwl_fw_error_dump_wk(struct work_st
iwl_write_prph(fwrt->trans, DBGC_OUT_CTRL, out_ctrl);
}
}
-
+out:
if (fwrt->ops && fwrt->ops->dump_end)
fwrt->ops->dump_end(fwrt->ops_ctx);
}
--- a/drivers/net/wireless/intel/iwlwifi/fw/dbg.h
+++ b/drivers/net/wireless/intel/iwlwifi/fw/dbg.h
@@ -8,6 +8,7 @@
* Copyright(c) 2008 - 2014 Intel Corporation. All rights reserved.
* Copyright(c) 2013 - 2015 Intel Mobile Communications GmbH
* Copyright(c) 2015 - 2017 Intel Deutschland GmbH
+ * Copyright(c) 2018 Intel Corporation
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of version 2 of the GNU General Public License as
@@ -33,6 +34,7 @@
* Copyright(c) 2005 - 2014 Intel Corporation. All rights reserved.
* Copyright(c) 2013 - 2015 Intel Mobile Communications GmbH
* Copyright(c) 2015 - 2017 Intel Deutschland GmbH
+ * Copyright(c) 2018 Intel Corporation
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -91,6 +93,7 @@ static inline void iwl_fw_free_dump_desc
if (fwrt->dump.desc != &iwl_dump_desc_assert)
kfree(fwrt->dump.desc);
fwrt->dump.desc = NULL;
+ fwrt->dump.trig = NULL;
}
void iwl_fw_error_dump(struct iwl_fw_runtime *fwrt);
--- a/drivers/net/wireless/intel/iwlwifi/fw/runtime.h
+++ b/drivers/net/wireless/intel/iwlwifi/fw/runtime.h
@@ -6,6 +6,7 @@
* GPL LICENSE SUMMARY
*
* Copyright(c) 2017 Intel Deutschland GmbH
+ * Copyright(c) 2018 Intel Corporation
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of version 2 of the GNU General Public License as
@@ -26,6 +27,7 @@
* BSD LICENSE
*
* Copyright(c) 2017 Intel Deutschland GmbH
+ * Copyright(c) 2018 Intel Corporation
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -68,6 +70,7 @@
struct iwl_fw_runtime_ops {
int (*dump_start)(void *ctx);
void (*dump_end)(void *ctx);
+ bool (*fw_running)(void *ctx);
};
#define MAX_NUM_LMAC 2
--- a/drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c
@@ -8,6 +8,7 @@
* Copyright(c) 2012 - 2014 Intel Corporation. All rights reserved.
* Copyright(c) 2013 - 2015 Intel Mobile Communications GmbH
* Copyright(c) 2016 - 2017 Intel Deutschland GmbH
+ * Copyright(c) 2018 Intel Corporation
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of version 2 of the GNU General Public License as
@@ -35,6 +36,7 @@
* Copyright(c) 2012 - 2014 Intel Corporation. All rights reserved.
* Copyright(c) 2013 - 2015 Intel Mobile Communications GmbH
* Copyright(c) 2016 - 2017 Intel Deutschland GmbH
+ * Copyright(c) 2018 Intel Corporation
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -1209,9 +1211,6 @@ static ssize_t iwl_dbgfs_fw_dbg_collect_
{
int ret;
- if (!iwl_mvm_firmware_running(mvm))
- return -EIO;
-
ret = iwl_mvm_ref_sync(mvm, IWL_MVM_REF_PRPH_WRITE);
if (ret)
return ret;
--- a/drivers/net/wireless/intel/iwlwifi/mvm/ops.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/ops.c
@@ -8,6 +8,7 @@
* Copyright(c) 2012 - 2014 Intel Corporation. All rights reserved.
* Copyright(c) 2013 - 2015 Intel Mobile Communications GmbH
* Copyright(c) 2016 - 2017 Intel Deutschland GmbH
+ * Copyright(c) 2018 Intel Corporation
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of version 2 of the GNU General Public License as
@@ -35,6 +36,7 @@
* Copyright(c) 2012 - 2014 Intel Corporation. All rights reserved.
* Copyright(c) 2013 - 2015 Intel Mobile Communications GmbH
* Copyright(c) 2016 - 2017 Intel Deutschland GmbH
+ * Copyright(c) 2018 Intel Corporation
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -553,9 +555,15 @@ static void iwl_mvm_fwrt_dump_end(void *
iwl_mvm_unref(mvm, IWL_MVM_REF_FW_DBG_COLLECT);
}
+static bool iwl_mvm_fwrt_fw_running(void *ctx)
+{
+ return iwl_mvm_firmware_running(ctx);
+}
+
static const struct iwl_fw_runtime_ops iwl_mvm_fwrt_ops = {
.dump_start = iwl_mvm_fwrt_dump_start,
.dump_end = iwl_mvm_fwrt_dump_end,
+ .fw_running = iwl_mvm_fwrt_fw_running,
};
static struct iwl_op_mode *
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 205/496] iwlwifi: mvm: fix "failed to remove key" message
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (189 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 204/496] iwlwifi: avoid collecting firmware dump if not loaded Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 206/496] iwlwifi: mvm: Direct multicast frames to the correct station Greg Kroah-Hartman
` (278 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sara Sharon, Luca Coelho, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sara Sharon <sara.sharon@intel.com>
[ Upstream commit e4f13ad07823b24a1537518d2163bd164292fb10 ]
When the GTK is installed, we install it to HW with the
station ID of the AP.
Mac80211 will try to remove it only after the AP sta is
removed, which will result in a failure to remove key
since we do not have any station for it.
This is a valid situation, but a previous commit removed
the early return and added a return with error value, which
resulted in an error message that is confusing to users.
Remove the error return value.
Fixes: 85aeb58cec1a ("iwlwifi: mvm: Enable security on new TX API")
Signed-off-by: Sara Sharon <sara.sharon@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/intel/iwlwifi/mvm/sta.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
@@ -3119,8 +3119,9 @@ static int __iwl_mvm_remove_sta_key(stru
int ret, size;
u32 status;
+ /* This is a valid situation for GTK removal */
if (sta_id == IWL_MVM_INVALID_STA)
- return -EINVAL;
+ return 0;
key_flags = cpu_to_le16((keyconf->keyidx << STA_KEY_FLG_KEYID_POS) &
STA_KEY_FLG_KEYID_MSK);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 206/496] iwlwifi: mvm: Direct multicast frames to the correct station
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (190 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 205/496] iwlwifi: mvm: fix "failed to remove key" message Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 207/496] iwlwifi: mvm: Correctly set the tid for mcast queue Greg Kroah-Hartman
` (277 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ilan Peer, Luca Coelho, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ilan Peer <ilan.peer@intel.com>
[ Upstream commit 7c305de2b9548ab6b65fce342c78618bbed5db73 ]
Multicast frames for NL80211_IFTYPE_AP and NL80211_IFTYPE_ADHOC were
directed to the broadcast station, however, as the broadcast station
did not have keys configured, these frames were sent unencrypted.
Fix this by using the multicast station which is the station for which
encryption keys are configured.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/drivers/net/wireless/intel/iwlwifi/mvm/tx.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/tx.c
@@ -648,7 +648,11 @@ int iwl_mvm_tx_skb_non_sta(struct iwl_mv
if (info.control.vif->type == NL80211_IFTYPE_P2P_DEVICE ||
info.control.vif->type == NL80211_IFTYPE_AP ||
info.control.vif->type == NL80211_IFTYPE_ADHOC) {
- sta_id = mvmvif->bcast_sta.sta_id;
+ if (info.control.vif->type == NL80211_IFTYPE_P2P_DEVICE)
+ sta_id = mvmvif->bcast_sta.sta_id;
+ else
+ sta_id = mvmvif->mcast_sta.sta_id;
+
queue = iwl_mvm_get_ctrl_vif_queue(mvm, &info,
hdr->frame_control);
if (queue < 0)
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 207/496] iwlwifi: mvm: Correctly set the tid for mcast queue
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (191 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 206/496] iwlwifi: mvm: Direct multicast frames to the correct station Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 208/496] rds: Incorrect reference counting in TCP socket creation Greg Kroah-Hartman
` (276 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ilan Peer, Luca Coelho, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ilan Peer <ilan.peer@intel.com>
[ Upstream commit 6508de0305d560235b366cc2cc98f7bcfb029e92 ]
In the scheduler config command, the meaning of tid == 0xf was intended
to indicate the configuration is for management frames. However,
tid == 0xf was also used for the multicast queue that was meant only
for multicast data frames, which resulted with the FW not encrypting
multicast data frames.
As multicast frames do not have a QoS header, fix this by setting
tid == 0, to indicate that this is a data queue and not management
one.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/intel/iwlwifi/mvm/sta.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
@@ -2023,7 +2023,7 @@ int iwl_mvm_add_mcast_sta(struct iwl_mvm
struct iwl_trans_txq_scd_cfg cfg = {
.fifo = IWL_MVM_TX_FIFO_MCAST,
.sta_id = msta->sta_id,
- .tid = IWL_MAX_TID_COUNT,
+ .tid = 0,
.aggregate = false,
.frame_limit = IWL_FRAME_LIMIT,
};
@@ -2074,7 +2074,7 @@ int iwl_mvm_add_mcast_sta(struct iwl_mvm
if (iwl_mvm_has_new_tx_api(mvm)) {
int queue = iwl_mvm_tvqm_enable_txq(mvm, vif->cab_queue,
msta->sta_id,
- IWL_MAX_TID_COUNT,
+ 0,
timeout);
mvmvif->cab_queue = queue;
} else if (!fw_has_api(&mvm->fw->ucode_capa,
@@ -2099,7 +2099,7 @@ int iwl_mvm_rm_mcast_sta(struct iwl_mvm
iwl_mvm_flush_sta(mvm, &mvmvif->mcast_sta, true, 0);
iwl_mvm_disable_txq(mvm, mvmvif->cab_queue, vif->cab_queue,
- IWL_MAX_TID_COUNT, 0);
+ 0, 0);
ret = iwl_mvm_rm_sta_common(mvm, mvmvif->mcast_sta.sta_id);
if (ret)
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 208/496] rds: Incorrect reference counting in TCP socket creation
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (192 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 207/496] iwlwifi: mvm: Correctly set the tid for mcast queue Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 209/496] watchdog: f71808e_wdt: Fix magic close handling Greg Kroah-Hartman
` (275 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ka-Cheong Poon, Santosh Shilimkar,
Sowmini Varadhan, David S. Miller, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ka-Cheong Poon <ka-cheong.poon@oracle.com>
[ Upstream commit 84eef2b2187ed73c0e4520cbfeb874e964a0b56a ]
Commit 0933a578cd55 ("rds: tcp: use sock_create_lite() to create the
accept socket") has a reference counting issue in TCP socket creation
when accepting a new connection. The code uses sock_create_lite() to
create a kernel socket. But it does not do __module_get() on the
socket owner. When the connection is shutdown and sock_release() is
called to free the socket, the owner's reference count is decremented
and becomes incorrect. Note that this bug only shows up when the socket
owner is configured as a kernel module.
v2: Update comments
Fixes: 0933a578cd55 ("rds: tcp: use sock_create_lite() to create the accept socket")
Signed-off-by: Ka-Cheong Poon <ka-cheong.poon@oracle.com>
Acked-by: Santosh Shilimkar <santosh.shilimkar@oracle.com>
Acked-by: Sowmini Varadhan <sowmini.varadhan@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/rds/tcp_listen.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
--- a/net/rds/tcp_listen.c
+++ b/net/rds/tcp_listen.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2006 Oracle. All rights reserved.
+ * Copyright (c) 2006, 2018 Oracle. All rights reserved.
*
* This software is available to you under a choice of one of two
* licenses. You may choose to be licensed under the terms of the GNU
@@ -142,12 +142,20 @@ int rds_tcp_accept_one(struct socket *so
if (ret)
goto out;
- new_sock->type = sock->type;
- new_sock->ops = sock->ops;
ret = sock->ops->accept(sock, new_sock, O_NONBLOCK, true);
if (ret < 0)
goto out;
+ /* sock_create_lite() does not get a hold on the owner module so we
+ * need to do it here. Note that sock_release() uses sock->ops to
+ * determine if it needs to decrement the reference count. So set
+ * sock->ops after calling accept() in case that fails. And there's
+ * no need to do try_module_get() as the listener should have a hold
+ * already.
+ */
+ new_sock->ops = sock->ops;
+ __module_get(new_sock->ops->owner);
+
ret = rds_tcp_keepalive(new_sock);
if (ret < 0)
goto out;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 209/496] watchdog: f71808e_wdt: Fix magic close handling
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (193 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 208/496] rds: Incorrect reference counting in TCP socket creation Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 210/496] watchdog: sbsa: use 32-bit read for WCV Greg Kroah-Hartman
` (274 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Igor Pylypiv, Guenter Roeck,
Wim Van Sebroeck, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Igor Pylypiv <igor.pylypiv@gmail.com>
[ Upstream commit 7bd3e7b743956afbec30fb525bc3c5e22e3d475c ]
Watchdog close is "expected" when any byte is 'V' not just the last one.
Writing "V" to the device fails because the last byte is the end of string.
$ echo V > /dev/watchdog
f71808e_wdt: Unexpected close, not stopping watchdog!
Signed-off-by: Igor Pylypiv <igor.pylypiv@gmail.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/watchdog/f71808e_wdt.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/watchdog/f71808e_wdt.c
+++ b/drivers/watchdog/f71808e_wdt.c
@@ -566,7 +566,8 @@ static ssize_t watchdog_write(struct fil
char c;
if (get_user(c, buf + i))
return -EFAULT;
- expect_close = (c == 'V');
+ if (c == 'V')
+ expect_close = true;
}
/* Properly order writes across fork()ed processes */
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 210/496] watchdog: sbsa: use 32-bit read for WCV
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (194 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 209/496] watchdog: f71808e_wdt: Fix magic close handling Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 212/496] hv_netvsc: use napi_schedule_irqoff Greg Kroah-Hartman
` (273 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jayachandran C, Guenter Roeck,
Wim Van Sebroeck, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jayachandran C <jnair@caviumnetworks.com>
[ Upstream commit 93ac3deb7c220cbcec032a967220a1f109d58431 ]
According to SBSA spec v3.1 section 5.3:
All registers are 32 bits in size and should be accessed using
32-bit reads and writes. If an access size other than 32 bits
is used then the results are IMPLEMENTATION DEFINED.
[...]
The Generic Watchdog is little-endian
The current code uses readq to read the watchdog compare register
which does a 64-bit access. This fails on ThunderX2 which does not
implement 64-bit access to this register.
Fix this by using lo_hi_readq() that does two 32-bit reads.
Signed-off-by: Jayachandran C <jnair@caviumnetworks.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/watchdog/sbsa_gwdt.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/watchdog/sbsa_gwdt.c
+++ b/drivers/watchdog/sbsa_gwdt.c
@@ -50,6 +50,7 @@
*/
#include <linux/io.h>
+#include <linux/io-64-nonatomic-lo-hi.h>
#include <linux/interrupt.h>
#include <linux/module.h>
#include <linux/moduleparam.h>
@@ -159,7 +160,7 @@ static unsigned int sbsa_gwdt_get_timele
!(readl(gwdt->control_base + SBSA_GWDT_WCS) & SBSA_GWDT_WCS_WS0))
timeleft += readl(gwdt->control_base + SBSA_GWDT_WOR);
- timeleft += readq(gwdt->control_base + SBSA_GWDT_WCV) -
+ timeleft += lo_hi_readq(gwdt->control_base + SBSA_GWDT_WCV) -
arch_counter_get_cntvct();
do_div(timeleft, gwdt->clk);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 212/496] hv_netvsc: use napi_schedule_irqoff
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (195 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 210/496] watchdog: sbsa: use 32-bit read for WCV Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 213/496] hv_netvsc: filter multicast/broadcast Greg Kroah-Hartman
` (272 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stephen Hemminger, David S. Miller,
Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stephen Hemminger <stephen@networkplumber.org>
[ Upstream commit 68633edaef655ce94e51088ecef5dd4e1d2f6f34 ]
Since the netvsc_channel_cb is already called in interrupt
context from vmbus, there is no need to do irqsave/restore.
Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/hyperv/netvsc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/hyperv/netvsc.c
+++ b/drivers/net/hyperv/netvsc.c
@@ -1261,7 +1261,7 @@ void netvsc_channel_cb(void *context)
/* disable interupts from host */
hv_begin_read(rbi);
- __napi_schedule(&nvchan->napi);
+ __napi_schedule_irqoff(&nvchan->napi);
}
}
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 213/496] hv_netvsc: filter multicast/broadcast
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (196 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 212/496] hv_netvsc: use napi_schedule_irqoff Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.14 214/496] hv_netvsc: propagate rx filters to VF Greg Kroah-Hartman
` (271 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stephen Hemminger, David S. Miller,
Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stephen Hemminger <stephen@networkplumber.org>
[ Upstream commit 009f766ca2383d8788acd65c2c36c51bbfb19470 ]
The netvsc driver was always enabling all multicast and broadcast
even if netdevice flag had not enabled it.
Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/hyperv/rndis_filter.c | 20 ++++++++++++--------
1 file changed, 12 insertions(+), 8 deletions(-)
--- a/drivers/net/hyperv/rndis_filter.c
+++ b/drivers/net/hyperv/rndis_filter.c
@@ -850,15 +850,19 @@ static void rndis_set_multicast(struct w
{
struct rndis_device *rdev
= container_of(w, struct rndis_device, mcast_work);
+ u32 filter = NDIS_PACKET_TYPE_DIRECTED;
+ unsigned int flags = rdev->ndev->flags;
- if (rdev->ndev->flags & IFF_PROMISC)
- rndis_filter_set_packet_filter(rdev,
- NDIS_PACKET_TYPE_PROMISCUOUS);
- else
- rndis_filter_set_packet_filter(rdev,
- NDIS_PACKET_TYPE_BROADCAST |
- NDIS_PACKET_TYPE_ALL_MULTICAST |
- NDIS_PACKET_TYPE_DIRECTED);
+ if (flags & IFF_PROMISC) {
+ filter = NDIS_PACKET_TYPE_PROMISCUOUS;
+ } else {
+ if (flags & IFF_ALLMULTI)
+ flags |= NDIS_PACKET_TYPE_ALL_MULTICAST;
+ if (flags & IFF_BROADCAST)
+ flags |= NDIS_PACKET_TYPE_BROADCAST;
+ }
+
+ rndis_filter_set_packet_filter(rdev, filter);
}
void rndis_filter_update(struct netvsc_device *nvdev)
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 214/496] hv_netvsc: propagate rx filters to VF
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (197 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 213/496] hv_netvsc: filter multicast/broadcast Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.14 215/496] ARM: dts: rockchip: Add missing #sound-dai-cells on rk3288 Greg Kroah-Hartman
` (270 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stephen Hemminger, David S. Miller,
Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stephen Hemminger <stephen@networkplumber.org>
[ Upstream commit bee9d41b37ea6b1f860e5bc0989cf1cf1d7e6ab3 ]
The netvsc device should propagate filters to the SR-IOV VF
device (if present). The flags also need to be propagated to the
VF device as well. This only really matters on local Hyper-V
since Azure does not support multiple addresses.
Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/hyperv/netvsc_drv.c | 40 ++++++++++++++++++++++++++++++++++++----
1 file changed, 36 insertions(+), 4 deletions(-)
--- a/drivers/net/hyperv/netvsc_drv.c
+++ b/drivers/net/hyperv/netvsc_drv.c
@@ -66,10 +66,36 @@ static int debug = -1;
module_param(debug, int, S_IRUGO);
MODULE_PARM_DESC(debug, "Debug level (0=none,...,16=all)");
-static void netvsc_set_multicast_list(struct net_device *net)
+static void netvsc_change_rx_flags(struct net_device *net, int change)
{
- struct net_device_context *net_device_ctx = netdev_priv(net);
- struct netvsc_device *nvdev = rtnl_dereference(net_device_ctx->nvdev);
+ struct net_device_context *ndev_ctx = netdev_priv(net);
+ struct net_device *vf_netdev = rtnl_dereference(ndev_ctx->vf_netdev);
+ int inc;
+
+ if (!vf_netdev)
+ return;
+
+ if (change & IFF_PROMISC) {
+ inc = (net->flags & IFF_PROMISC) ? 1 : -1;
+ dev_set_promiscuity(vf_netdev, inc);
+ }
+
+ if (change & IFF_ALLMULTI) {
+ inc = (net->flags & IFF_ALLMULTI) ? 1 : -1;
+ dev_set_allmulti(vf_netdev, inc);
+ }
+}
+
+static void netvsc_set_rx_mode(struct net_device *net)
+{
+ struct net_device_context *ndev_ctx = netdev_priv(net);
+ struct net_device *vf_netdev = rtnl_dereference(ndev_ctx->vf_netdev);
+ struct netvsc_device *nvdev = rtnl_dereference(ndev_ctx->nvdev);
+
+ if (vf_netdev) {
+ dev_uc_sync(vf_netdev, net);
+ dev_mc_sync(vf_netdev, net);
+ }
rndis_filter_update(nvdev);
}
@@ -1582,7 +1608,8 @@ static const struct net_device_ops devic
.ndo_open = netvsc_open,
.ndo_stop = netvsc_close,
.ndo_start_xmit = netvsc_start_xmit,
- .ndo_set_rx_mode = netvsc_set_multicast_list,
+ .ndo_change_rx_flags = netvsc_change_rx_flags,
+ .ndo_set_rx_mode = netvsc_set_rx_mode,
.ndo_change_mtu = netvsc_change_mtu,
.ndo_validate_addr = eth_validate_addr,
.ndo_set_mac_address = netvsc_set_mac_addr,
@@ -1814,6 +1841,11 @@ static void __netvsc_vf_setup(struct net
netdev_warn(vf_netdev,
"unable to change mtu to %u\n", ndev->mtu);
+ /* set multicast etc flags on VF */
+ dev_change_flags(vf_netdev, ndev->flags | IFF_SLAVE);
+ dev_uc_sync(vf_netdev, ndev);
+ dev_mc_sync(vf_netdev, ndev);
+
if (netif_running(ndev)) {
ret = dev_open(vf_netdev);
if (ret)
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 215/496] ARM: dts: rockchip: Add missing #sound-dai-cells on rk3288
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (198 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.14 214/496] hv_netvsc: propagate rx filters to VF Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.14 216/496] perf record: Fix crash in pipe mode Greg Kroah-Hartman
` (269 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Heiko Stuebner, linux-rockchip,
Rob Herring, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Rob Herring <robh@kernel.org>
[ Upstream commit 4e943a890cef42e90f43ce6be64728a290b97c55 ]
dtc now gives the following warning:
arch/arm/boot/dts/rk3288-tinker.dtb: Warning (sound_dai_property): /sound/simple-audio-card,codec: Missing property '#sound-dai-cells' in node /hdmi@ff980000 or bad phandle (referred from sound-dai[0])
Add the missing #sound-dai-cells property.
Cc: Heiko Stuebner <heiko@sntech.de>
Cc: linux-rockchip@lists.infradead.org
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/boot/dts/rk3288.dtsi | 2 ++
1 file changed, 2 insertions(+)
--- a/arch/arm/boot/dts/rk3288.dtsi
+++ b/arch/arm/boot/dts/rk3288.dtsi
@@ -927,6 +927,7 @@
i2s: i2s@ff890000 {
compatible = "rockchip,rk3288-i2s", "rockchip,rk3066-i2s";
reg = <0x0 0xff890000 0x0 0x10000>;
+ #sound-dai-cells = <0>;
interrupts = <GIC_SPI 53 IRQ_TYPE_LEVEL_HIGH>;
#address-cells = <1>;
#size-cells = <0>;
@@ -1122,6 +1123,7 @@
compatible = "rockchip,rk3288-dw-hdmi";
reg = <0x0 0xff980000 0x0 0x20000>;
reg-io-width = <4>;
+ #sound-dai-cells = <0>;
rockchip,grf = <&grf>;
interrupts = <GIC_SPI 103 IRQ_TYPE_LEVEL_HIGH>;
clocks = <&cru PCLK_HDMI_CTRL>, <&cru SCLK_HDMI_HDCP>;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 216/496] perf record: Fix crash in pipe mode
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (199 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.14 215/496] ARM: dts: rockchip: Add missing #sound-dai-cells on rk3288 Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.14 217/496] e1000e: Fix check_for_link return value with autoneg off Greg Kroah-Hartman
` (268 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiri Olsa, Alexander Shishkin,
David Ahern, Namhyung Kim, Peter Zijlstra,
Arnaldo Carvalho de Melo, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiri Olsa <jolsa@kernel.org>
[ Upstream commit ad46e48c65fa1f204fa29eaff1b91174d314a94b ]
Currently we can crash perf record when running in pipe mode, like:
$ perf record ls | perf report
# To display the perf.data header info, please use --header/--header-only options.
#
perf: Segmentation fault
Error:
The - file has no samples!
The callstack of the crash is:
0x0000000000515242 in perf_event__synthesize_event_update_name
3513 ev = event_update_event__new(len + 1, PERF_EVENT_UPDATE__NAME, evsel->id[0]);
(gdb) bt
#0 0x0000000000515242 in perf_event__synthesize_event_update_name
#1 0x00000000005158a4 in perf_event__synthesize_extra_attr
#2 0x0000000000443347 in record__synthesize
#3 0x00000000004438e3 in __cmd_record
#4 0x000000000044514e in cmd_record
#5 0x00000000004cbc95 in run_builtin
#6 0x00000000004cbf02 in handle_internal_command
#7 0x00000000004cc054 in run_argv
#8 0x00000000004cc422 in main
The reason of the crash is that the evsel does not have ids array
allocated and the pipe's synthesize code tries to access it.
We don't force evsel ids allocation when we have single event, because
it's not needed. However we need it when we are in pipe mode even for
single event as a key for evsel update event.
Fixing this by forcing evsel ids allocation event for single event, when
we are in pipe mode.
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: http://lkml.kernel.org/r/20180302161354.30192-1-jolsa@kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/perf/builtin-record.c | 9 +++++++++
tools/perf/perf.h | 1 +
tools/perf/util/record.c | 8 ++++++--
3 files changed, 16 insertions(+), 2 deletions(-)
--- a/tools/perf/builtin-record.c
+++ b/tools/perf/builtin-record.c
@@ -926,6 +926,15 @@ static int __cmd_record(struct record *r
}
}
+ /*
+ * If we have just single event and are sending data
+ * through pipe, we need to force the ids allocation,
+ * because we synthesize event name through the pipe
+ * and need the id for that.
+ */
+ if (data->is_pipe && rec->evlist->nr_entries == 1)
+ rec->opts.sample_id = true;
+
if (record__open(rec) != 0) {
err = -1;
goto out_child;
--- a/tools/perf/perf.h
+++ b/tools/perf/perf.h
@@ -61,6 +61,7 @@ struct record_opts {
bool tail_synthesize;
bool overwrite;
bool ignore_missing_thread;
+ bool sample_id;
unsigned int freq;
unsigned int mmap_pages;
unsigned int auxtrace_mmap_pages;
--- a/tools/perf/util/record.c
+++ b/tools/perf/util/record.c
@@ -137,6 +137,7 @@ void perf_evlist__config(struct perf_evl
struct perf_evsel *evsel;
bool use_sample_identifier = false;
bool use_comm_exec;
+ bool sample_id = opts->sample_id;
/*
* Set the evsel leader links before we configure attributes,
@@ -163,8 +164,7 @@ void perf_evlist__config(struct perf_evl
* match the id.
*/
use_sample_identifier = perf_can_sample_identifier();
- evlist__for_each_entry(evlist, evsel)
- perf_evsel__set_sample_id(evsel, use_sample_identifier);
+ sample_id = true;
} else if (evlist->nr_entries > 1) {
struct perf_evsel *first = perf_evlist__first(evlist);
@@ -174,6 +174,10 @@ void perf_evlist__config(struct perf_evl
use_sample_identifier = perf_can_sample_identifier();
break;
}
+ sample_id = true;
+ }
+
+ if (sample_id) {
evlist__for_each_entry(evlist, evsel)
perf_evsel__set_sample_id(evsel, use_sample_identifier);
}
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 217/496] e1000e: Fix check_for_link return value with autoneg off
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (200 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.14 216/496] perf record: Fix crash in pipe mode Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.14 218/496] e1000e: allocate ring descriptors with dma_zalloc_coherent Greg Kroah-Hartman
` (267 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Benjamin Poirier, Sasha Neftin,
Aaron Brown, Jeff Kirsher, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Benjamin Poirier <bpoirier@suse.com>
[ Upstream commit 4e7dc08e57c95673d2edaba8983c3de4dd1f65f5 ]
When autoneg is off, the .check_for_link callback functions clear the
get_link_status flag and systematically return a "pseudo-error". This means
that the link is not detected as up until the next execution of the
e1000_watchdog_task() 2 seconds later.
Fixes: 19110cfbb34d ("e1000e: Separate signaling for link check/link up")
Signed-off-by: Benjamin Poirier <bpoirier@suse.com>
Acked-by: Sasha Neftin <sasha.neftin@intel.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/intel/e1000e/ich8lan.c | 2 +-
drivers/net/ethernet/intel/e1000e/mac.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/net/ethernet/intel/e1000e/ich8lan.c
+++ b/drivers/net/ethernet/intel/e1000e/ich8lan.c
@@ -1602,7 +1602,7 @@ static s32 e1000_check_for_copper_link_i
* we have already determined whether we have link or not.
*/
if (!mac->autoneg)
- return -E1000_ERR_CONFIG;
+ return 1;
/* Auto-Neg is enabled. Auto Speed Detection takes care
* of MAC speed/duplex configuration. So we only need to
--- a/drivers/net/ethernet/intel/e1000e/mac.c
+++ b/drivers/net/ethernet/intel/e1000e/mac.c
@@ -450,7 +450,7 @@ s32 e1000e_check_for_copper_link(struct
* we have already determined whether we have link or not.
*/
if (!mac->autoneg)
- return -E1000_ERR_CONFIG;
+ return 1;
/* Auto-Neg is enabled. Auto Speed Detection takes care
* of MAC speed/duplex configuration. So we only need to
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 218/496] e1000e: allocate ring descriptors with dma_zalloc_coherent
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (201 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.14 217/496] e1000e: Fix check_for_link return value with autoneg off Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.14 219/496] ia64/err-inject: Use get_user_pages_fast() Greg Kroah-Hartman
` (266 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pierre-Yves Kerbrat, Marius Gligor,
Aaron Brown, Alexander Duyck, Jeff Kirsher, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Pierre-Yves Kerbrat <pkerbrat@kalray.eu>
[ Upstream commit aea3fca005fb45f80869f2e8d56fd4e64c1d1fdb ]
Descriptor rings were not initialized at zero when allocated
When area contained garbage data, it caused skb_over_panic in
e1000_clean_rx_irq (if data had E1000_RXD_STAT_DD bit set)
This patch makes use of dma_zalloc_coherent to make sure the
ring is memset at 0 to prevent the area from containing garbage.
Following is the signature of the panic:
IODDR0@0.0: skbuff: skb_over_panic: text:80407b20 len:64010 put:64010 head:ab46d800 data:ab46d842 tail:0xab47d24c end:0xab46df40 dev:eth0
IODDR0@0.0: BUG: failure at net/core/skbuff.c:105/skb_panic()!
IODDR0@0.0: Kernel panic - not syncing: BUG!
IODDR0@0.0:
IODDR0@0.0: Process swapper/0 (pid: 0, threadinfo=81728000, task=8173cc00 ,cpu: 0)
IODDR0@0.0: SP = <815a1c0c>
IODDR0@0.0: Stack: 00000001
IODDR0@0.0: b2d89800 815e33ac
IODDR0@0.0: ea73c040 00000001
IODDR0@0.0: 60040003 0000fa0a
IODDR0@0.0: 00000002
IODDR0@0.0:
IODDR0@0.0: 804540c0 815a1c70
IODDR0@0.0: b2744000 602ac070
IODDR0@0.0: 815a1c44 b2d89800
IODDR0@0.0: 8173cc00 815a1c08
IODDR0@0.0:
IODDR0@0.0: 00000006
IODDR0@0.0: 815a1b50 00000000
IODDR0@0.0: 80079434 00000001
IODDR0@0.0: ab46df40 b2744000
IODDR0@0.0: b2d89800
IODDR0@0.0:
IODDR0@0.0: 0000fa0a 8045745c
IODDR0@0.0: 815a1c88 0000fa0a
IODDR0@0.0: 80407b20 b2789f80
IODDR0@0.0: 00000005 80407b20
IODDR0@0.0:
IODDR0@0.0:
IODDR0@0.0: Call Trace:
IODDR0@0.0: [<804540bc>] skb_panic+0xa4/0xa8
IODDR0@0.0: [<80079430>] console_unlock+0x2f8/0x6d0
IODDR0@0.0: [<80457458>] skb_put+0xa0/0xc0
IODDR0@0.0: [<80407b1c>] e1000_clean_rx_irq+0x2dc/0x3e8
IODDR0@0.0: [<80407b1c>] e1000_clean_rx_irq+0x2dc/0x3e8
IODDR0@0.0: [<804079c8>] e1000_clean_rx_irq+0x188/0x3e8
IODDR0@0.0: [<80407b1c>] e1000_clean_rx_irq+0x2dc/0x3e8
IODDR0@0.0: [<80468b48>] __dev_kfree_skb_any+0x88/0xa8
IODDR0@0.0: [<804101ac>] e1000e_poll+0x94/0x288
IODDR0@0.0: [<8046e9d4>] net_rx_action+0x19c/0x4e8
IODDR0@0.0: ...
IODDR0@0.0: Maximum depth to print reached. Use kstack=<maximum_depth_to_print> To specify a custom value (where 0 means to display the full backtrace)
IODDR0@0.0: ---[ end Kernel panic - not syncing: BUG!
Signed-off-by: Pierre-Yves Kerbrat <pkerbrat@kalray.eu>
Signed-off-by: Marius Gligor <mgligor@kalray.eu>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Reviewed-by: Alexander Duyck <alexander.h.duyck@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/intel/e1000e/netdev.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/net/ethernet/intel/e1000e/netdev.c
+++ b/drivers/net/ethernet/intel/e1000e/netdev.c
@@ -2329,8 +2329,8 @@ static int e1000_alloc_ring_dma(struct e
{
struct pci_dev *pdev = adapter->pdev;
- ring->desc = dma_alloc_coherent(&pdev->dev, ring->size, &ring->dma,
- GFP_KERNEL);
+ ring->desc = dma_zalloc_coherent(&pdev->dev, ring->size, &ring->dma,
+ GFP_KERNEL);
if (!ring->desc)
return -ENOMEM;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 219/496] ia64/err-inject: Use get_user_pages_fast()
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (202 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.14 218/496] e1000e: allocate ring descriptors with dma_zalloc_coherent Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.14 220/496] RDMA/qedr: Fix kernel panic when running fio over NFSoRDMA Greg Kroah-Hartman
` (265 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Davidlohr Bueso, Tony Luck, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Davidlohr Bueso <dave@stgolabs.net>
[ Upstream commit 69c907022a7d9325cdc5c9dd064571e445df9a47 ]
At the point of sysfs callback, the call to gup is
done without mmap_sem (or any lock for that matter).
This is racy. As such, use the get_user_pages_fast()
alternative and safely avoid taking the lock, if possible.
Signed-off-by: Davidlohr Bueso <dbueso@suse.de>
Signed-off-by: Tony Luck <tony.luck@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/ia64/kernel/err_inject.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/ia64/kernel/err_inject.c
+++ b/arch/ia64/kernel/err_inject.c
@@ -142,7 +142,7 @@ store_virtual_to_phys(struct device *dev
u64 virt_addr=simple_strtoull(buf, NULL, 16);
int ret;
- ret = get_user_pages(virt_addr, 1, FOLL_WRITE, NULL, NULL);
+ ret = get_user_pages_fast(virt_addr, 1, FOLL_WRITE, NULL);
if (ret<=0) {
#ifdef ERR_INJ_DEBUG
printk("Virtual address %lx is not existing.\n",virt_addr);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 220/496] RDMA/qedr: Fix kernel panic when running fio over NFSoRDMA
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (203 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.14 219/496] ia64/err-inject: Use get_user_pages_fast() Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.14 221/496] RDMA/qedr: Fix iWARP write and send with immediate Greg Kroah-Hartman
` (264 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Amit Radzi, Michal Kalderon,
Ariel Elior, Jason Gunthorpe, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Kalderon, Michal" <Michal.Kalderon@cavium.com>
[ Upstream commit e3fd112cbf21d049faf64ba1471d72b93c22109a ]
Race in qedr_poll_cq, lastest_cqe wasn't protected by lock,
leading to a case where two context's accessing poll_cq at
the same time lead to one of them having a pointer to an old
latest_cqe and reading an invalid cqe element
Signed-off-by: Amit Radzi <Amit.Radzi@cavium.com>
Signed-off-by: Michal Kalderon <Michal.Kalderon@cavium.com>
Signed-off-by: Ariel Elior <Ariel.Elior@cavium.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/hw/qedr/verbs.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/infiniband/hw/qedr/verbs.c
+++ b/drivers/infiniband/hw/qedr/verbs.c
@@ -3518,7 +3518,7 @@ int qedr_poll_cq(struct ib_cq *ibcq, int
{
struct qedr_dev *dev = get_qedr_dev(ibcq->device);
struct qedr_cq *cq = get_qedr_cq(ibcq);
- union rdma_cqe *cqe = cq->latest_cqe;
+ union rdma_cqe *cqe;
u32 old_cons, new_cons;
unsigned long flags;
int update = 0;
@@ -3535,6 +3535,7 @@ int qedr_poll_cq(struct ib_cq *ibcq, int
return qedr_gsi_poll_cq(ibcq, num_entries, wc);
spin_lock_irqsave(&cq->cq_lock, flags);
+ cqe = cq->latest_cqe;
old_cons = qed_chain_get_cons_idx_u32(&cq->pbl);
while (num_entries && is_valid_cqe(cq, cqe)) {
struct qedr_qp *qp;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 221/496] RDMA/qedr: Fix iWARP write and send with immediate
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (204 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.14 220/496] RDMA/qedr: Fix kernel panic when running fio over NFSoRDMA Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.14 222/496] IB/mlx4: Fix corruption of RoCEv2 IPv4 GIDs Greg Kroah-Hartman
` (263 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michal Kalderon, Ariel Elior,
Jason Gunthorpe, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Kalderon, Michal" <Michal.Kalderon@cavium.com>
[ Upstream commit 551e1c67b4207455375a2e7a285dea1c7e8fc361 ]
iWARP does not support RDMA WRITE or SEND with immediate data.
Driver should check this before submitting to FW and return an
immediate error
Signed-off-by: Michal Kalderon <Michal.Kalderon@cavium.com>
Signed-off-by: Ariel Elior <Ariel.Elior@cavium.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/hw/qedr/verbs.c | 10 ++++++++++
1 file changed, 10 insertions(+)
--- a/drivers/infiniband/hw/qedr/verbs.c
+++ b/drivers/infiniband/hw/qedr/verbs.c
@@ -2832,6 +2832,11 @@ static int __qedr_post_send(struct ib_qp
switch (wr->opcode) {
case IB_WR_SEND_WITH_IMM:
+ if (unlikely(rdma_protocol_iwarp(&dev->ibdev, 1))) {
+ rc = -EINVAL;
+ *bad_wr = wr;
+ break;
+ }
wqe->req_type = RDMA_SQ_REQ_TYPE_SEND_WITH_IMM;
swqe = (struct rdma_sq_send_wqe_1st *)wqe;
swqe->wqe_size = 2;
@@ -2873,6 +2878,11 @@ static int __qedr_post_send(struct ib_qp
break;
case IB_WR_RDMA_WRITE_WITH_IMM:
+ if (unlikely(rdma_protocol_iwarp(&dev->ibdev, 1))) {
+ rc = -EINVAL;
+ *bad_wr = wr;
+ break;
+ }
wqe->req_type = RDMA_SQ_REQ_TYPE_RDMA_WR_WITH_IMM;
rwqe = (struct rdma_sq_rdma_wqe_1st *)wqe;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 222/496] IB/mlx4: Fix corruption of RoCEv2 IPv4 GIDs
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (205 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.14 221/496] RDMA/qedr: Fix iWARP write and send with immediate Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.14 223/496] IB/mlx4: Include GID type when deleting GIDs from HW table under RoCE Greg Kroah-Hartman
` (262 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Moni Shoua, Jack Morgenstein,
Leon Romanovsky, Jason Gunthorpe, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jack Morgenstein <jackm@dev.mellanox.co.il>
[ Upstream commit 0077416a3d529baccbe07ab3242e8db541cfadf6 ]
When using IPv4 addresses in RoCEv2, the GID format for the mapped
IPv4 address should be: ::ffff:<4-byte IPv4 address>.
In the cited commit, IPv4 mapped IPV6 addresses had the 3 upper dwords
zeroed out by memset, which resulted in deleting the ffff field.
However, since procedure ipv6_addr_v4mapped() already verifies that the
gid has format ::ffff:<ipv4 address>, no change is needed for the gid,
and the memset can simply be removed.
Fixes: 7e57b85c444c ("IB/mlx4: Add support for setting RoCEv2 gids in hardware")
Reviewed-by: Moni Shoua <monis@mellanox.com>
Signed-off-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/hw/mlx4/main.c | 2 --
1 file changed, 2 deletions(-)
--- a/drivers/infiniband/hw/mlx4/main.c
+++ b/drivers/infiniband/hw/mlx4/main.c
@@ -219,8 +219,6 @@ static int mlx4_ib_update_gids_v1_v2(str
gid_tbl[i].version = 2;
if (!ipv6_addr_v4mapped((struct in6_addr *)&gids[i].gid))
gid_tbl[i].type = 1;
- else
- memset(&gid_tbl[i].gid, 0, 12);
}
}
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 223/496] IB/mlx4: Include GID type when deleting GIDs from HW table under RoCE
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (206 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.14 222/496] IB/mlx4: Fix corruption of RoCEv2 IPv4 GIDs Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.14 224/496] IB/mlx5: Fix an error code in __mlx5_ib_modify_qp() Greg Kroah-Hartman
` (261 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Moni Shoua, Jack Morgenstein,
Leon Romanovsky, Jason Gunthorpe, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jack M <jackm@dev.mellanox.co.il>
[ Upstream commit a18177925c252da7801149abe217c05b80884798 ]
The commit cited below added a gid_type field (RoCEv1 or RoCEv2)
to GID properties.
When adding GIDs, this gid_type field was copied over to the
hardware gid table. However, when deleting GIDs, the gid_type field
was not copied over to the hardware gid table.
As a result, when running RoCEv2, all RoCEv2 gids in the
hardware gid table were set to type RoCEv1 when any gid was deleted.
This problem would persist until the next gid was added (which would again
restore the gid_type field for all the gids in the hardware gid table).
Fix this by copying over the gid_type field to the hardware gid table
when deleting gids, so that the gid_type of all remaining gids is
preserved when a gid is deleted.
Fixes: b699a859d17b ("IB/mlx4: Add gid_type to GID properties")
Reviewed-by: Moni Shoua <monis@mellanox.com>
Signed-off-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/hw/mlx4/main.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
--- a/drivers/infiniband/hw/mlx4/main.c
+++ b/drivers/infiniband/hw/mlx4/main.c
@@ -364,8 +364,13 @@ static int mlx4_ib_del_gid(struct ib_dev
if (!gids) {
ret = -ENOMEM;
} else {
- for (i = 0; i < MLX4_MAX_PORT_GIDS; i++)
- memcpy(&gids[i].gid, &port_gid_table->gids[i].gid, sizeof(union ib_gid));
+ for (i = 0; i < MLX4_MAX_PORT_GIDS; i++) {
+ memcpy(&gids[i].gid,
+ &port_gid_table->gids[i].gid,
+ sizeof(union ib_gid));
+ gids[i].gid_type =
+ port_gid_table->gids[i].gid_type;
+ }
}
}
spin_unlock_bh(&iboe->lock);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 224/496] IB/mlx5: Fix an error code in __mlx5_ib_modify_qp()
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (207 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.14 223/496] IB/mlx4: Include GID type when deleting GIDs from HW table under RoCE Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.14 225/496] fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper() Greg Kroah-Hartman
` (260 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Leon Romanovsky,
Jason Gunthorpe, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 5d414b178e950ce9685c253994cc730893d5d887 ]
"err" is either zero or possibly uninitialized here. It should be
-EINVAL.
Fixes: 427c1e7bcd7e ("{IB, net}/mlx5: Move the modify QP operation table to mlx5_ib")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/hw/mlx5/qp.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/infiniband/hw/mlx5/qp.c
+++ b/drivers/infiniband/hw/mlx5/qp.c
@@ -2881,8 +2881,10 @@ static int __mlx5_ib_modify_qp(struct ib
goto out;
if (mlx5_cur >= MLX5_QP_NUM_STATE || mlx5_new >= MLX5_QP_NUM_STATE ||
- !optab[mlx5_cur][mlx5_new])
+ !optab[mlx5_cur][mlx5_new]) {
+ err = -EINVAL;
goto out;
+ }
op = optab[mlx5_cur][mlx5_new];
optpar = ib_mask_to_mlx5_opt(attr_mask);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 225/496] fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper().
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (208 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.14 224/496] IB/mlx5: Fix an error code in __mlx5_ib_modify_qp() Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.14 226/496] fsl/fman: avoid sleeping in atomic context while adding an address Greg Kroah-Hartman
` (259 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peter Malone, Mathieu Malaterre,
Bartlomiej Zolnierkiewicz, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Peter Malone <peter.malone@gmail.com>
[ Upstream commit 250c6c49e3b68756b14983c076183568636e2bde ]
Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in
sbusfb_ioctl_helper().
'index' is defined as an int in sbusfb_ioctl_helper().
We retrieve this from the user:
if (get_user(index, &c->index) ||
__get_user(count, &c->count) ||
__get_user(ured, &c->red) ||
__get_user(ugreen, &c->green) ||
__get_user(ublue, &c->blue))
return -EFAULT;
and then we use 'index' in the following way:
red = cmap->red[index + i] >> 8;
green = cmap->green[index + i] >> 8;
blue = cmap->blue[index + i] >> 8;
This is a classic information leak vulnerability. 'index' should be
an unsigned int, given its usage above.
This patch is straight-forward; it changes 'index' to unsigned int
in two switch-cases: FBIOGETCMAP_SPARC && FBIOPUTCMAP_SPARC.
This patch fixes CVE-2018-6412.
Signed-off-by: Peter Malone <peter.malone@gmail.com>
Acked-by: Mathieu Malaterre <malat@debian.org>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/video/fbdev/sbuslib.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/video/fbdev/sbuslib.c
+++ b/drivers/video/fbdev/sbuslib.c
@@ -122,7 +122,7 @@ int sbusfb_ioctl_helper(unsigned long cm
unsigned char __user *ured;
unsigned char __user *ugreen;
unsigned char __user *ublue;
- int index, count, i;
+ unsigned int index, count, i;
if (get_user(index, &c->index) ||
__get_user(count, &c->count) ||
@@ -161,7 +161,7 @@ int sbusfb_ioctl_helper(unsigned long cm
unsigned char __user *ugreen;
unsigned char __user *ublue;
struct fb_cmap *cmap = &info->cmap;
- int index, count, i;
+ unsigned int index, count, i;
u8 red, green, blue;
if (get_user(index, &c->index) ||
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 226/496] fsl/fman: avoid sleeping in atomic context while adding an address
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (209 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.14 225/496] fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper() Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.14 227/496] qed: Free RoCE ILT Memory on rmmod qedr Greg Kroah-Hartman
` (258 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Denis Kirjanov, Madalin Bucur,
David S. Miller, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Denis Kirjanov <kda@linux-powerpc.org>
[ Upstream commit 803fafbe0cd522fa6b9e41ca3b96cfb2e2a2222d ]
__dev_mc_add grabs an adress spinlock so use
atomic context in kmalloc.
/ # ifconfig eth0 inet 192.168.0.111
[ 89.331622] BUG: sleeping function called from invalid context at mm/slab.h:420
[ 89.339002] in_atomic(): 1, irqs_disabled(): 0, pid: 1035, name: ifconfig
[ 89.345799] 2 locks held by ifconfig/1035:
[ 89.349908] #0: (rtnl_mutex){+.+.}, at: [<(ptrval)>] devinet_ioctl+0xc0/0x8a0
[ 89.357258] #1: (_xmit_ETHER){+...}, at: [<(ptrval)>] __dev_mc_add+0x28/0x80
[ 89.364520] CPU: 1 PID: 1035 Comm: ifconfig Not tainted 4.16.0-rc3-dirty #8
[ 89.371464] Call Trace:
[ 89.373908] [e959db60] [c066f948] dump_stack+0xa4/0xfc (unreliable)
[ 89.380177] [e959db80] [c00671d8] ___might_sleep+0x248/0x280
[ 89.385833] [e959dba0] [c01aec34] kmem_cache_alloc_trace+0x174/0x320
[ 89.392179] [e959dbd0] [c04ab920] dtsec_add_hash_mac_address+0x130/0x240
[ 89.398874] [e959dc00] [c04a9d74] set_multi+0x174/0x1b0
[ 89.404093] [e959dc30] [c04afb68] dpaa_set_rx_mode+0x68/0xe0
[ 89.409745] [e959dc40] [c057baf8] __dev_mc_add+0x58/0x80
[ 89.415052] [e959dc60] [c060fd64] igmp_group_added+0x164/0x190
[ 89.420878] [e959dca0] [c060ffa8] ip_mc_inc_group+0x218/0x460
[ 89.426617] [e959dce0] [c06120fc] ip_mc_up+0x3c/0x190
[ 89.431662] [e959dd10] [c0607270] inetdev_event+0x250/0x620
[ 89.437227] [e959dd50] [c005f190] notifier_call_chain+0x80/0xf0
[ 89.443138] [e959dd80] [c0573a74] __dev_notify_flags+0x54/0xf0
[ 89.448964] [e959dda0] [c05743f8] dev_change_flags+0x48/0x60
[ 89.454615] [e959ddc0] [c0606744] devinet_ioctl+0x544/0x8a0
[ 89.460180] [e959de10] [c060987c] inet_ioctl+0x9c/0x1f0
[ 89.465400] [e959de80] [c05479a8] sock_ioctl+0x168/0x460
[ 89.470708] [e959ded0] [c01cf3ec] do_vfs_ioctl+0xac/0x8c0
[ 89.476099] [e959df20] [c01cfc40] SyS_ioctl+0x40/0xc0
[ 89.481147] [e959df40] [c0011318] ret_from_syscall+0x0/0x3c
[ 89.486715] --- interrupt: c01 at 0x1006943c
[ 89.486715] LR = 0x100c45ec
Signed-off-by: Denis Kirjanov <kda@linux-powerpc.org>
Acked-by: Madalin Bucur <madalin.bucur@nxp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/freescale/fman/fman_dtsec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/ethernet/freescale/fman/fman_dtsec.c
+++ b/drivers/net/ethernet/freescale/fman/fman_dtsec.c
@@ -1100,7 +1100,7 @@ int dtsec_add_hash_mac_address(struct fm
set_bucket(dtsec->regs, bucket, true);
/* Create element to be added to the driver hash table */
- hash_entry = kmalloc(sizeof(*hash_entry), GFP_KERNEL);
+ hash_entry = kmalloc(sizeof(*hash_entry), GFP_ATOMIC);
if (!hash_entry)
return -ENOMEM;
hash_entry->addr = addr;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 227/496] qed: Free RoCE ILT Memory on rmmod qedr
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (210 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.14 226/496] fsl/fman: avoid sleeping in atomic context while adding an address Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.14 228/496] net: qcom/emac: Use proper free methods during TX Greg Kroah-Hartman
` (257 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michal Kalderon, Ariel Elior,
David S. Miller, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michal Kalderon <Michal.Kalderon@cavium.com>
[ Upstream commit 9de506a547c0d172d13a91d69b1a399e6a2c0efa ]
Rdma requires ILT Memory to be allocated for it's QPs.
Each ILT entry points to a page used by several Rdma QPs.
To avoid allocating all the memory in advance, the rdma
implementation dynamically allocates memory as more QPs are
added, however it does not dynamically free the memory.
The memory should have been freed on rmmod qedr, but isn't.
This patch adds the memory freeing on rmmod qedr (currently
it will be freed with qed is removed).
An outcome of this bug, is that if qedr is unloaded and loaded
without unloaded qed, there will be no more RoCE traffic.
The reason these are related, is that the logic of detecting the
first QP ever opened is by asking whether ILT memory for RoCE has
been allocated.
In addition, this patch modifies freeing of the Task context to
always use the PROTOCOLID_ROCE and not the protocol passed,
this is because task context for iWARP and ROCE both use the
ROCE protocol id, as opposed to the connection context.
Fixes: dbb799c39717 ("qed: Initialize hardware for new protocols")
Signed-off-by: Michal Kalderon <Michal.Kalderon@cavium.com>
Signed-off-by: Ariel Elior <Ariel.Elior@cavium.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/qlogic/qed/qed_cxt.c | 5 ++++-
drivers/net/ethernet/qlogic/qed/qed_rdma.c | 1 +
2 files changed, 5 insertions(+), 1 deletion(-)
--- a/drivers/net/ethernet/qlogic/qed/qed_cxt.c
+++ b/drivers/net/ethernet/qlogic/qed/qed_cxt.c
@@ -2471,7 +2471,10 @@ int qed_cxt_free_proto_ilt(struct qed_hw
if (rc)
return rc;
- /* Free Task CXT */
+ /* Free Task CXT ( Intentionally RoCE as task-id is shared between
+ * RoCE and iWARP )
+ */
+ proto = PROTOCOLID_ROCE;
rc = qed_cxt_free_ilt_range(p_hwfn, QED_ELEM_TASK, 0,
qed_cxt_get_proto_tid_count(p_hwfn, proto));
if (rc)
--- a/drivers/net/ethernet/qlogic/qed/qed_rdma.c
+++ b/drivers/net/ethernet/qlogic/qed/qed_rdma.c
@@ -360,6 +360,7 @@ static void qed_rdma_free(struct qed_hwf
DP_VERBOSE(p_hwfn, QED_MSG_RDMA, "Freeing RDMA\n");
qed_rdma_resc_free(p_hwfn);
+ qed_cxt_free_proto_ilt(p_hwfn, p_hwfn->p_rdma_info->proto);
}
static void qed_rdma_get_guid(struct qed_hwfn *p_hwfn, u8 *guid)
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 228/496] net: qcom/emac: Use proper free methods during TX
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (211 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.14 227/496] qed: Free RoCE ILT Memory on rmmod qedr Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.14 229/496] net: smsc911x: Fix unload crash when link is up Greg Kroah-Hartman
` (256 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hemanth Puranik, Timur Tabi,
David S. Miller, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hemanth Puranik <hpuranik@codeaurora.org>
[ Upstream commit cc5db3150e87fe7f7e947bf333b6c1c97f848ecb ]
This patch fixes the warning messages/call traces seen if DMA debug is
enabled, In case of fragmented skb's memory was allocated using
dma_map_page but freed using dma_unmap_single. This patch modifies buffer
allocations in TX path to use dma_map_page in all the places and
dma_unmap_page while freeing the buffers.
Signed-off-by: Hemanth Puranik <hpuranik@codeaurora.org>
Acked-by: Timur Tabi <timur@codeaurora.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/qualcomm/emac/emac-mac.c | 23 ++++++++++++++---------
1 file changed, 14 insertions(+), 9 deletions(-)
--- a/drivers/net/ethernet/qualcomm/emac/emac-mac.c
+++ b/drivers/net/ethernet/qualcomm/emac/emac-mac.c
@@ -1204,9 +1204,9 @@ void emac_mac_tx_process(struct emac_ada
while (tx_q->tpd.consume_idx != hw_consume_idx) {
tpbuf = GET_TPD_BUFFER(tx_q, tx_q->tpd.consume_idx);
if (tpbuf->dma_addr) {
- dma_unmap_single(adpt->netdev->dev.parent,
- tpbuf->dma_addr, tpbuf->length,
- DMA_TO_DEVICE);
+ dma_unmap_page(adpt->netdev->dev.parent,
+ tpbuf->dma_addr, tpbuf->length,
+ DMA_TO_DEVICE);
tpbuf->dma_addr = 0;
}
@@ -1363,9 +1363,11 @@ static void emac_tx_fill_tpd(struct emac
tpbuf = GET_TPD_BUFFER(tx_q, tx_q->tpd.produce_idx);
tpbuf->length = mapped_len;
- tpbuf->dma_addr = dma_map_single(adpt->netdev->dev.parent,
- skb->data, tpbuf->length,
- DMA_TO_DEVICE);
+ tpbuf->dma_addr = dma_map_page(adpt->netdev->dev.parent,
+ virt_to_page(skb->data),
+ offset_in_page(skb->data),
+ tpbuf->length,
+ DMA_TO_DEVICE);
ret = dma_mapping_error(adpt->netdev->dev.parent,
tpbuf->dma_addr);
if (ret)
@@ -1381,9 +1383,12 @@ static void emac_tx_fill_tpd(struct emac
if (mapped_len < len) {
tpbuf = GET_TPD_BUFFER(tx_q, tx_q->tpd.produce_idx);
tpbuf->length = len - mapped_len;
- tpbuf->dma_addr = dma_map_single(adpt->netdev->dev.parent,
- skb->data + mapped_len,
- tpbuf->length, DMA_TO_DEVICE);
+ tpbuf->dma_addr = dma_map_page(adpt->netdev->dev.parent,
+ virt_to_page(skb->data +
+ mapped_len),
+ offset_in_page(skb->data +
+ mapped_len),
+ tpbuf->length, DMA_TO_DEVICE);
ret = dma_mapping_error(adpt->netdev->dev.parent,
tpbuf->dma_addr);
if (ret)
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 229/496] net: smsc911x: Fix unload crash when link is up
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (212 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.14 228/496] net: qcom/emac: Use proper free methods during TX Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.14 230/496] IB/core: Fix possible crash to access NULL netdev Greg Kroah-Hartman
` (255 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Matt Sealey, Jeremy Linton,
Andrew Lunn, David S. Miller, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jeremy Linton <jeremy.linton@arm.com>
[ Upstream commit e06513d78d54e6c7026c9043a39e2c01ee25bdbe ]
The smsc911x driver will crash if it is rmmod'ed while the netdev
is up like:
Call trace:
phy_detach+0x94/0x150
phy_disconnect+0x40/0x50
smsc911x_stop+0x104/0x128 [smsc911x]
__dev_close_many+0xb4/0x138
dev_close_many+0xbc/0x190
rollback_registered_many+0x140/0x460
rollback_registered+0x68/0xb0
unregister_netdevice_queue+0x100/0x118
unregister_netdev+0x28/0x38
smsc911x_drv_remove+0x58/0x130 [smsc911x]
platform_drv_remove+0x30/0x50
device_release_driver_internal+0x15c/0x1f8
driver_detach+0x54/0x98
bus_remove_driver+0x64/0xe8
driver_unregister+0x34/0x60
platform_driver_unregister+0x20/0x30
smsc911x_cleanup_module+0x14/0xbca8 [smsc911x]
SyS_delete_module+0x1e8/0x238
__sys_trace_return+0x0/0x4
This is caused by the mdiobus being unregistered/free'd
and the code in phy_detach() attempting to manipulate mdio
related structures from unregister_netdev() calling close()
To fix this, we delay the mdiobus teardown until after
the netdev is deregistered.
Reported-by: Matt Sealey <matt.sealey@arm.com>
Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/smsc/smsc911x.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/net/ethernet/smsc/smsc911x.c
+++ b/drivers/net/ethernet/smsc/smsc911x.c
@@ -2335,14 +2335,14 @@ static int smsc911x_drv_remove(struct pl
pdata = netdev_priv(dev);
BUG_ON(!pdata);
BUG_ON(!pdata->ioaddr);
- WARN_ON(dev->phydev);
SMSC_TRACE(pdata, ifdown, "Stopping driver");
+ unregister_netdev(dev);
+
mdiobus_unregister(pdata->mii_bus);
mdiobus_free(pdata->mii_bus);
- unregister_netdev(dev);
res = platform_get_resource_byname(pdev, IORESOURCE_MEM,
"smsc911x-memory");
if (!res)
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 230/496] IB/core: Fix possible crash to access NULL netdev
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (213 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.14 229/496] net: smsc911x: Fix unload crash when link is up Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.14 231/496] cxgb4: do not set needs_free_netdev for mgmt devs Greg Kroah-Hartman
` (254 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Daniel Jurgens, Parav Pandit,
Leon Romanovsky, Doug Ledford, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Parav Pandit <parav@mellanox.com>
[ Upstream commit bb7f8f199c354c4cf155b1d6d55f86eaaed7fa5a ]
resolved_dev returned might be NULL as ifindex is transient number.
Ignoring NULL check of resolved_dev might crash the kernel.
Therefore perform NULL check before accessing resolved_dev.
Additionally rdma_resolve_ip_route() invokes addr_resolve() which
performs check and address translation for loopback ifindex.
Therefore, checking it again in rdma_resolve_ip_route() is not helpful.
Therefore, the code is simplified to avoid IFF_LOOPBACK check.
Fixes: 200298326b27 ("IB/core: Validate route when we init ah")
Reviewed-by: Daniel Jurgens <danielj@mellanox.com>
Signed-off-by: Parav Pandit <parav@mellanox.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/core/sa_query.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
--- a/drivers/infiniband/core/sa_query.c
+++ b/drivers/infiniband/core/sa_query.c
@@ -1291,10 +1291,9 @@ int ib_init_ah_from_path(struct ib_devic
resolved_dev = dev_get_by_index(dev_addr.net,
dev_addr.bound_dev_if);
- if (resolved_dev->flags & IFF_LOOPBACK) {
- dev_put(resolved_dev);
- resolved_dev = idev;
- dev_hold(resolved_dev);
+ if (!resolved_dev) {
+ dev_put(idev);
+ return -ENODEV;
}
ndev = ib_get_ndev_from_path(rec);
rcu_read_lock();
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 231/496] cxgb4: do not set needs_free_netdev for mgmt devs
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (214 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.14 230/496] IB/core: Fix possible crash to access NULL netdev Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.14 232/496] xen-blkfront: move negotiate_mq to cover all cases of new VBDs Greg Kroah-Hartman
` (253 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ganesh Goudar, David S. Miller, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ganesh Goudar <ganeshgr@chelsio.com>
[ Upstream commit b06ef18a4c255609388ed6e068a1c69c797545e0 ]
Do not set 'needs_free_netdev' as we do call free_netdev
for mgmt net devices, doing both hits BUG_ON.
Signed-off-by: Ganesh Goudar <ganeshgr@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 1 -
1 file changed, 1 deletion(-)
--- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
+++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
@@ -4679,7 +4679,6 @@ static void dummy_setup(struct net_devic
/* Initialize the device structure. */
dev->netdev_ops = &cxgb4_mgmt_netdev_ops;
dev->ethtool_ops = &cxgb4_mgmt_ethtool_ops;
- dev->needs_free_netdev = true;
}
static int config_mgmt_dev(struct pci_dev *pdev)
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 232/496] xen-blkfront: move negotiate_mq to cover all cases of new VBDs
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (215 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.14 231/496] cxgb4: do not set needs_free_netdev for mgmt devs Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.14 233/496] xen: xenbus: use put_device() instead of kfree() Greg Kroah-Hartman
` (252 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bhavesh Davda, Konrad Rzeszutek Wilk,
Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bhavesh Davda <bhavesh.davda@oracle.com>
[ Upstream commit 7ed8ce1c5fc7cf25b3602c73bef897a3466a6645 ]
negotiate_mq should happen in all cases of a new VBD being discovered by
xen-blkfront, whether called through _probe() or a hot-attached new VBD
from dom-0 via xenstore. Otherwise, hot-attached new VBDs are left
configured without multi-queue.
Signed-off-by: Bhavesh Davda <bhavesh.davda@oracle.com>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/block/xen-blkfront.c | 17 ++++++++---------
1 file changed, 8 insertions(+), 9 deletions(-)
--- a/drivers/block/xen-blkfront.c
+++ b/drivers/block/xen-blkfront.c
@@ -262,6 +262,7 @@ static DEFINE_SPINLOCK(minor_lock);
static int blkfront_setup_indirect(struct blkfront_ring_info *rinfo);
static void blkfront_gather_backend_features(struct blkfront_info *info);
+static int negotiate_mq(struct blkfront_info *info);
static int get_id_from_freelist(struct blkfront_ring_info *rinfo)
{
@@ -1774,11 +1775,18 @@ static int talk_to_blkback(struct xenbus
unsigned int i, max_page_order;
unsigned int ring_page_order;
+ if (!info)
+ return -ENODEV;
+
max_page_order = xenbus_read_unsigned(info->xbdev->otherend,
"max-ring-page-order", 0);
ring_page_order = min(xen_blkif_max_ring_order, max_page_order);
info->nr_ring_pages = 1 << ring_page_order;
+ err = negotiate_mq(info);
+ if (err)
+ goto destroy_blkring;
+
for (i = 0; i < info->nr_rings; i++) {
struct blkfront_ring_info *rinfo = &info->rinfo[i];
@@ -1978,11 +1986,6 @@ static int blkfront_probe(struct xenbus_
}
info->xbdev = dev;
- err = negotiate_mq(info);
- if (err) {
- kfree(info);
- return err;
- }
mutex_init(&info->mutex);
info->vdevice = vdevice;
@@ -2099,10 +2102,6 @@ static int blkfront_resume(struct xenbus
blkif_free(info, info->connected == BLKIF_STATE_CONNECTED);
- err = negotiate_mq(info);
- if (err)
- return err;
-
err = talk_to_blkback(dev, info);
if (!err)
blk_mq_update_nr_hw_queues(&info->tag_set, info->nr_rings);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 233/496] xen: xenbus: use put_device() instead of kfree()
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (216 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.14 232/496] xen-blkfront: move negotiate_mq to cover all cases of new VBDs Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.14 234/496] hv_netvsc: fix filter flags Greg Kroah-Hartman
` (251 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arvind Yadav, Juergen Gross, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arvind Yadav <arvind.yadav.cs@gmail.com>
[ Upstream commit 351b2bccede1cb673ec7957b35ea997ea24c8884 ]
Never directly free @dev after calling device_register(), even
if it returned an error! Always use put_device() to give up the
reference initialized.
Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/xen/xenbus/xenbus_probe.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/drivers/xen/xenbus/xenbus_probe.c
+++ b/drivers/xen/xenbus/xenbus_probe.c
@@ -466,8 +466,11 @@ int xenbus_probe_node(struct xen_bus_typ
/* Register with generic device framework. */
err = device_register(&xendev->dev);
- if (err)
+ if (err) {
+ put_device(&xendev->dev);
+ xendev = NULL;
goto fail;
+ }
return 0;
fail:
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 234/496] hv_netvsc: fix filter flags
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (217 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.14 233/496] xen: xenbus: use put_device() instead of kfree() Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.14 235/496] hv_netvsc: fix locking for rx_mode Greg Kroah-Hartman
` (250 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stephen Hemminger, David S. Miller,
Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stephen Hemminger <stephen@networkplumber.org>
[ Upstream commit de3d50aadd40bf68614db9fd157b275ce9c2d467 ]
The recent change to not always enable all multicast and broadcast
was broken; meant to set filter, not change flags.
Fixes: 009f766ca238 ("hv_netvsc: filter multicast/broadcast")
Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/hyperv/rndis_filter.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/net/hyperv/rndis_filter.c
+++ b/drivers/net/hyperv/rndis_filter.c
@@ -857,9 +857,9 @@ static void rndis_set_multicast(struct w
filter = NDIS_PACKET_TYPE_PROMISCUOUS;
} else {
if (flags & IFF_ALLMULTI)
- flags |= NDIS_PACKET_TYPE_ALL_MULTICAST;
+ filter |= NDIS_PACKET_TYPE_ALL_MULTICAST;
if (flags & IFF_BROADCAST)
- flags |= NDIS_PACKET_TYPE_BROADCAST;
+ filter |= NDIS_PACKET_TYPE_BROADCAST;
}
rndis_filter_set_packet_filter(rdev, filter);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 235/496] hv_netvsc: fix locking for rx_mode
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (218 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.14 234/496] hv_netvsc: fix filter flags Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.14 236/496] hv_netvsc: fix locking during VF setup Greg Kroah-Hartman
` (249 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stephen Hemminger, David S. Miller,
Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stephen Hemminger <stephen@networkplumber.org>
[ Upstream commit 35a57b7fef136fa3d5b735ba773f191b95110fa0 ]
The rx_mode operation handler is different than other callbacks
in that is not always called with rtnl held. Therefore use
RCU to ensure that references are valid.
Fixes: bee9d41b37ea ("hv_netvsc: propagate rx filters to VF")
Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/hyperv/netvsc_drv.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
--- a/drivers/net/hyperv/netvsc_drv.c
+++ b/drivers/net/hyperv/netvsc_drv.c
@@ -89,15 +89,20 @@ static void netvsc_change_rx_flags(struc
static void netvsc_set_rx_mode(struct net_device *net)
{
struct net_device_context *ndev_ctx = netdev_priv(net);
- struct net_device *vf_netdev = rtnl_dereference(ndev_ctx->vf_netdev);
- struct netvsc_device *nvdev = rtnl_dereference(ndev_ctx->nvdev);
+ struct net_device *vf_netdev;
+ struct netvsc_device *nvdev;
+ rcu_read_lock();
+ vf_netdev = rcu_dereference(ndev_ctx->vf_netdev);
if (vf_netdev) {
dev_uc_sync(vf_netdev, net);
dev_mc_sync(vf_netdev, net);
}
- rndis_filter_update(nvdev);
+ nvdev = rcu_dereference(ndev_ctx->nvdev);
+ if (nvdev)
+ rndis_filter_update(nvdev);
+ rcu_read_unlock();
}
static int netvsc_open(struct net_device *net)
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 236/496] hv_netvsc: fix locking during VF setup
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (219 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.14 235/496] hv_netvsc: fix locking for rx_mode Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.14 237/496] ARM: davinci: fix the GPIO lookup for omapl138-hawk Greg Kroah-Hartman
` (248 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stephen Hemminger, David S. Miller,
Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stephen Hemminger <stephen@networkplumber.org>
[ Upstream commit b0dee7910317f41f398838992516af6a3b981d86 ]
The dev_uc/mc_sync calls need to have the device address list
locked. This was spotted by running with lockdep enabled.
Fixes: bee9d41b37ea ("hv_netvsc: propagate rx filters to VF")
Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/hyperv/netvsc_drv.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/net/hyperv/netvsc_drv.c
+++ b/drivers/net/hyperv/netvsc_drv.c
@@ -1848,8 +1848,12 @@ static void __netvsc_vf_setup(struct net
/* set multicast etc flags on VF */
dev_change_flags(vf_netdev, ndev->flags | IFF_SLAVE);
+
+ /* sync address list from ndev to VF */
+ netif_addr_lock_bh(ndev);
dev_uc_sync(vf_netdev, ndev);
dev_mc_sync(vf_netdev, ndev);
+ netif_addr_unlock_bh(ndev);
if (netif_running(ndev)) {
ret = dev_open(vf_netdev);
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 237/496] ARM: davinci: fix the GPIO lookup for omapl138-hawk
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (220 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.14 236/496] hv_netvsc: fix locking during VF setup Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.14 238/496] arm64: Relax ARM_SMCCC_ARCH_WORKAROUND_1 discovery Greg Kroah-Hartman
` (247 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bartosz Golaszewski, Sekhar Nori,
Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bartosz Golaszewski <bgolaszewski@baylibre.com>
[ Upstream commit c4dc56be7e26040bfc60ce73425353516a356955 ]
The GPIO chip is called davinci_gpio.0 in legacy mode. Fix it, so that
mmc can correctly lookup the wp and cp gpios.
Note that it is the gpio-davinci driver that sets the gpiochip label to
davinci_gpio.0.
Fixes: c69f43fb4f26 ("ARM: davinci: hawk: use gpio descriptor for mmc pins")
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
[nsekhar@ti.com: add a note on where the chip label is set]
Signed-off-by: Sekhar Nori <nsekhar@ti.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/mach-davinci/board-omapl138-hawk.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/arch/arm/mach-davinci/board-omapl138-hawk.c
+++ b/arch/arm/mach-davinci/board-omapl138-hawk.c
@@ -127,8 +127,8 @@ static struct gpiod_lookup_table mmc_gpi
.dev_id = "da830-mmc.0",
.table = {
/* CD: gpio3_12: gpio60: chip 1 contains gpio range 32-63*/
- GPIO_LOOKUP("davinci_gpio.1", 28, "cd", GPIO_ACTIVE_LOW),
- GPIO_LOOKUP("davinci_gpio.1", 29, "wp", GPIO_ACTIVE_LOW),
+ GPIO_LOOKUP("davinci_gpio.0", 28, "cd", GPIO_ACTIVE_LOW),
+ GPIO_LOOKUP("davinci_gpio.0", 29, "wp", GPIO_ACTIVE_LOW),
},
};
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 238/496] arm64: Relax ARM_SMCCC_ARCH_WORKAROUND_1 discovery
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (221 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.14 237/496] ARM: davinci: fix the GPIO lookup for omapl138-hawk Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.14 239/496] selftests/vm/run_vmtests: adjust hugetlb size according to nr_cpus Greg Kroah-Hartman
` (246 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marc Zyngier, Catalin Marinas, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Marc Zyngier <marc.zyngier@arm.com>
[ Upstream commit e21da1c992007594d391e7b301779cf30f438691 ]
A recent update to the ARM SMCCC ARCH_WORKAROUND_1 specification
allows firmware to return a non zero, positive value to describe
that although the mitigation is implemented at the higher exception
level, the CPU on which the call is made is not affected.
Let's relax the check on the return value from ARCH_WORKAROUND_1
so that we only error out if the returned value is negative.
Fixes: b092201e0020 ("arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support")
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/kernel/cpu_errata.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/arch/arm64/kernel/cpu_errata.c
+++ b/arch/arm64/kernel/cpu_errata.c
@@ -178,7 +178,7 @@ static int enable_smccc_arch_workaround_
case PSCI_CONDUIT_HVC:
arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID,
ARM_SMCCC_ARCH_WORKAROUND_1, &res);
- if (res.a0)
+ if ((int)res.a0 < 0)
return 0;
cb = call_hvc_arch_workaround_1;
smccc_start = __smccc_workaround_1_hvc_start;
@@ -188,7 +188,7 @@ static int enable_smccc_arch_workaround_
case PSCI_CONDUIT_SMC:
arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID,
ARM_SMCCC_ARCH_WORKAROUND_1, &res);
- if (res.a0)
+ if ((int)res.a0 < 0)
return 0;
cb = call_smc_arch_workaround_1;
smccc_start = __smccc_workaround_1_smc_start;
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 239/496] selftests/vm/run_vmtests: adjust hugetlb size according to nr_cpus
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (222 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.14 238/496] arm64: Relax ARM_SMCCC_ARCH_WORKAROUND_1 discovery Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.14 240/496] lib/test_kmod.c: fix limit check on number of test devices created Greg Kroah-Hartman
` (245 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Li Zhijian, Shuah Khan,
SeongJae Park, Philippe Ombredanne, Aneesh Kumar K.V,
Mike Kravetz, Andrew Morton, Linus Torvalds, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Li Zhijian <zhijianx.li@intel.com>
[ Upstream commit 0627be7d3c871035364923559543c9b2ff5357f2 ]
Fix userfaultfd_hugetlb on hosts which have more than 64 cpus.
---------------------------
running userfaultfd_hugetlb
---------------------------
invalid MiB
Usage: <MiB> <bounces>
[FAIL]
Via userfaultfd.c we can know, hugetlb_size needs to meet hugetlb_size
>= nr_cpus * hugepage_size. hugepage_size is often 2M, so when host
cpus > 64, it requires more than 128M.
[zhijianx.li@intel.com: update changelog/comments and variable name]
Link: http://lkml.kernel.org/r/20180302024356.83359-1-zhijianx.li@intel.com
Link: http://lkml.kernel.org/r/20180303125027.81638-1-zhijianx.li@intel.com
Link: http://lkml.kernel.org/r/20180302024356.83359-1-zhijianx.li@intel.com
Signed-off-by: Li Zhijian <zhijianx.li@intel.com>
Cc: Shuah Khan <shuah@kernel.org>
Cc: SeongJae Park <sj38.park@gmail.com>
Cc: Philippe Ombredanne <pombredanne@nexb.com>
Cc: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Cc: Mike Kravetz <mike.kravetz@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/testing/selftests/vm/run_vmtests | 25 +++++++++++++++++--------
1 file changed, 17 insertions(+), 8 deletions(-)
--- a/tools/testing/selftests/vm/run_vmtests
+++ b/tools/testing/selftests/vm/run_vmtests
@@ -2,25 +2,33 @@
# SPDX-License-Identifier: GPL-2.0
#please run as root
-#we need 256M, below is the size in kB
-needmem=262144
mnt=./huge
exitcode=0
-#get pagesize and freepages from /proc/meminfo
+#get huge pagesize and freepages from /proc/meminfo
while read name size unit; do
if [ "$name" = "HugePages_Free:" ]; then
freepgs=$size
fi
if [ "$name" = "Hugepagesize:" ]; then
- pgsize=$size
+ hpgsize_KB=$size
fi
done < /proc/meminfo
+# Simple hugetlbfs tests have a hardcoded minimum requirement of
+# huge pages totaling 256MB (262144KB) in size. The userfaultfd
+# hugetlb test requires a minimum of 2 * nr_cpus huge pages. Take
+# both of these requirements into account and attempt to increase
+# number of huge pages available.
+nr_cpus=$(nproc)
+hpgsize_MB=$((hpgsize_KB / 1024))
+half_ufd_size_MB=$((((nr_cpus * hpgsize_MB + 127) / 128) * 128))
+needmem_KB=$((half_ufd_size_MB * 2 * 1024))
+
#set proper nr_hugepages
-if [ -n "$freepgs" ] && [ -n "$pgsize" ]; then
+if [ -n "$freepgs" ] && [ -n "$hpgsize_KB" ]; then
nr_hugepgs=`cat /proc/sys/vm/nr_hugepages`
- needpgs=`expr $needmem / $pgsize`
+ needpgs=$((needmem_KB / hpgsize_KB))
tries=2
while [ $tries -gt 0 ] && [ $freepgs -lt $needpgs ]; do
lackpgs=$(( $needpgs - $freepgs ))
@@ -107,8 +115,9 @@ fi
echo "---------------------------"
echo "running userfaultfd_hugetlb"
echo "---------------------------"
-# 256MB total huge pages == 128MB src and 128MB dst
-./userfaultfd hugetlb 128 32 $mnt/ufd_test_file
+# Test requires source and destination huge pages. Size of source
+# (half_ufd_size_MB) is passed as argument to test.
+./userfaultfd hugetlb $half_ufd_size_MB 32 $mnt/ufd_test_file
if [ $? -ne 0 ]; then
echo "[FAIL]"
exitcode=1
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 240/496] lib/test_kmod.c: fix limit check on number of test devices created
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (223 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.14 239/496] selftests/vm/run_vmtests: adjust hugetlb size according to nr_cpus Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.14 241/496] dmaengine: mv_xor_v2: Fix clock resource by adding a register clock Greg Kroah-Hartman
` (244 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Luis R. Rodriguez,
Kees Cook, Andrew Morton, Linus Torvalds, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Luis R. Rodriguez" <mcgrof@kernel.org>
[ Upstream commit ac68b1b3b9c73e652dc7ce0585672e23c5a2dca4 ]
As reported by Dan the parentheses is in the wrong place, and since
unlikely() call returns either 0 or 1 it's never less than zero. The
second issue is that signed integer overflows like "INT_MAX + 1" are
undefined behavior.
Since num_test_devs represents the number of devices, we want to stop
prior to hitting the max, and not rely on the wrap arround at all. So
just cap at num_test_devs + 1, prior to assigning a new device.
Link: http://lkml.kernel.org/r/20180224030046.24238-1-mcgrof@kernel.org
Fixes: d9c6a72d6fa2 ("kmod: add test driver to stress test the module loader")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Luis R. Rodriguez <mcgrof@kernel.org>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
lib/test_kmod.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/lib/test_kmod.c
+++ b/lib/test_kmod.c
@@ -1149,7 +1149,7 @@ static struct kmod_test_device *register
mutex_lock(®_dev_mutex);
/* int should suffice for number of devices, test for wrap */
- if (unlikely(num_test_devs + 1) < 0) {
+ if (num_test_devs + 1 == INT_MAX) {
pr_err("reached limit of number of test devices\n");
goto out;
}
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 241/496] dmaengine: mv_xor_v2: Fix clock resource by adding a register clock
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (224 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.14 240/496] lib/test_kmod.c: fix limit check on number of test devices created Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.14 242/496] netfilter: ebtables: fix erroneous reject of last rule Greg Kroah-Hartman
` (243 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rob Herring, Vinod Koul, Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gregory CLEMENT <gregory.clement@bootlin.com>
[ Upstream commit 3cd2c313f1d618f92d1294addc6c685c17065761 ]
On the CP110 components which are present on the Armada 7K/8K SoC we need
to explicitly enable the clock for the registers. However it is not
needed for the AP8xx component, that's why this clock is optional.
With this patch both clock have now a name, but in order to be backward
compatible, the name of the first clock is not used. It allows to still
use this clock with a device tree using the old binding.
Reviewed-by: Rob Herring <robh@kernel.org>
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Documentation/devicetree/bindings/dma/mv-xor-v2.txt | 6 ++++
drivers/dma/mv_xor_v2.c | 25 ++++++++++++++++----
2 files changed, 25 insertions(+), 6 deletions(-)
--- a/Documentation/devicetree/bindings/dma/mv-xor-v2.txt
+++ b/Documentation/devicetree/bindings/dma/mv-xor-v2.txt
@@ -11,7 +11,11 @@ Required properties:
interrupts.
Optional properties:
-- clocks: Optional reference to the clock used by the XOR engine.
+- clocks: Optional reference to the clocks used by the XOR engine.
+- clock-names: mandatory if there is a second clock, in this case the
+ name must be "core" for the first clock and "reg" for the second
+ one
+
Example:
--- a/drivers/dma/mv_xor_v2.c
+++ b/drivers/dma/mv_xor_v2.c
@@ -163,6 +163,7 @@ struct mv_xor_v2_device {
void __iomem *dma_base;
void __iomem *glob_base;
struct clk *clk;
+ struct clk *reg_clk;
struct tasklet_struct irq_tasklet;
struct list_head free_sw_desc;
struct dma_device dmadev;
@@ -749,13 +750,26 @@ static int mv_xor_v2_probe(struct platfo
if (ret)
return ret;
+ xor_dev->reg_clk = devm_clk_get(&pdev->dev, "reg");
+ if (PTR_ERR(xor_dev->reg_clk) != -ENOENT) {
+ if (!IS_ERR(xor_dev->reg_clk)) {
+ ret = clk_prepare_enable(xor_dev->reg_clk);
+ if (ret)
+ return ret;
+ } else {
+ return PTR_ERR(xor_dev->reg_clk);
+ }
+ }
+
xor_dev->clk = devm_clk_get(&pdev->dev, NULL);
- if (IS_ERR(xor_dev->clk) && PTR_ERR(xor_dev->clk) == -EPROBE_DEFER)
- return -EPROBE_DEFER;
+ if (IS_ERR(xor_dev->clk) && PTR_ERR(xor_dev->clk) == -EPROBE_DEFER) {
+ ret = EPROBE_DEFER;
+ goto disable_reg_clk;
+ }
if (!IS_ERR(xor_dev->clk)) {
ret = clk_prepare_enable(xor_dev->clk);
if (ret)
- return ret;
+ goto disable_reg_clk;
}
ret = platform_msi_domain_alloc_irqs(&pdev->dev, 1,
@@ -866,8 +880,9 @@ free_hw_desq:
free_msi_irqs:
platform_msi_domain_free_irqs(&pdev->dev);
disable_clk:
- if (!IS_ERR(xor_dev->clk))
- clk_disable_unprepare(xor_dev->clk);
+ clk_disable_unprepare(xor_dev->clk);
+disable_reg_clk:
+ clk_disable_unprepare(xor_dev->reg_clk);
return ret;
}
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 242/496] netfilter: ebtables: fix erroneous reject of last rule
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (225 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.14 241/496] dmaengine: mv_xor_v2: Fix clock resource by adding a register clock Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.14 243/496] can: m_can: change comparison to bitshift when dealing with a mask Greg Kroah-Hartman
` (242 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Florian Westphal, Pablo Neira Ayuso,
Sasha Levin
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Florian Westphal <fw@strlen.de>
[ Upstream commit 932909d9b28d27e807ff8eecb68c7748f6701628 ]
The last rule in the blob has next_entry offset that is same as total size.
This made "ebtables32 -A OUTPUT -d de:ad:be:ef:01:02" fail on 64 bit kernel.
Fixes: b71812168571fa ("netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/bridge/netfilter/ebtables.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -2124,8 +2124,12 @@ static int size_entry_mwt(struct ebt_ent
* offsets are relative to beginning of struct ebt_entry (i.e., 0).
*/
for (i = 0; i < 4 ; ++i) {
- if (offsets[i] >= *total)
+ if (offsets[i] > *total)
return -EINVAL;
+
+ if (i < 3 && offsets[i] == *total)
+ return -EINVAL;
+
if (i == 0)
continue;
if (offsets[i-1] > offsets[i])
^ permalink raw reply [flat|nested] 478+ messages in thread
* [PATCH 4.14 243/496] can: m_can: change comparison to bitshift when dealing with a mask
2018-05-28 9:56 [PATCH 4.14 000/496] 4.14.45-stable review Greg Kroah-Hartman
` (226 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.14 242/496] netfilter: ebtables: fix erroneous reject of last rule Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.14 244/496] can: m_can: select pinctrl state in each suspend/resume function Greg Kroah-Hartman
` (241 subsequent siblings)
469 siblings, 0 replies; 478+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalin