| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
When the device descriptor is closed, the `substream->runtime` pointer
is freed. But another thread may be in the ioctl handler, case
SNDRV_CTL_IOCTL_PCM_INFO. This case calls snd_pcm_info_user() which
calls snd_pcm_info() which accesses the now freed `substream->runtime`.
Note: this fixes CVE-2017-0861
Signed-off-by: Robb Glasser <[email protected]>
Signed-off-by: Nick Desaulniers <[email protected]>
Cc: <[email protected]>
Signed-off-by: Takashi Iwai <[email protected]>
|
|
Default value of pcc_subspace_idx is -1.
Make sure to check pcc_subspace_idx before using the same as array index.
This will avoid following KASAN warnings too.
[ 15.113449] ==================================================================
[ 15.116983] BUG: KASAN: global-out-of-bounds in cppc_get_perf_caps+0xf3/0x3b0
[ 15.116983] Read of size 8 at addr ffffffffb9a5c0d8 by task swapper/0/1
[ 15.116983] CPU: 3 PID: 1 Comm: swapper/0 Not tainted 4.15.0-rc2+ #2
[ 15.116983] Hardware name: Dell Inc. OptiPlex 7040/0Y7WYT, BIOS 1.2.8 01/26/2016
[ 15.116983] Call Trace:
[ 15.116983] dump_stack+0x7c/0xbb
[ 15.116983] print_address_description+0x1df/0x290
[ 15.116983] kasan_report+0x28a/0x370
[ 15.116983] ? cppc_get_perf_caps+0xf3/0x3b0
[ 15.116983] cppc_get_perf_caps+0xf3/0x3b0
[ 15.116983] ? cpc_read+0x210/0x210
[ 15.116983] ? __rdmsr_on_cpu+0x90/0x90
[ 15.116983] ? rdmsrl_on_cpu+0xa9/0xe0
[ 15.116983] ? rdmsr_on_cpu+0x100/0x100
[ 15.116983] ? wrmsrl_on_cpu+0x9c/0xd0
[ 15.116983] ? wrmsrl_on_cpu+0x9c/0xd0
[ 15.116983] ? wrmsr_on_cpu+0xe0/0xe0
[ 15.116983] __intel_pstate_cpu_init.part.16+0x3a2/0x530
[ 15.116983] ? intel_pstate_init_cpu+0x197/0x390
[ 15.116983] ? show_no_turbo+0xe0/0xe0
[ 15.116983] ? __lockdep_init_map+0xa0/0x290
[ 15.116983] intel_pstate_cpu_init+0x30/0x60
[ 15.116983] cpufreq_online+0x155/0xac0
[ 15.116983] cpufreq_add_dev+0x9b/0xb0
[ 15.116983] subsys_interface_register+0x1ae/0x290
[ 15.116983] ? bus_unregister_notifier+0x40/0x40
[ 15.116983] ? mark_held_locks+0x83/0xb0
[ 15.116983] ? _raw_write_unlock_irqrestore+0x32/0x60
[ 15.116983] ? intel_pstate_setup+0xc/0x104
[ 15.116983] ? intel_pstate_setup+0xc/0x104
[ 15.116983] ? cpufreq_register_driver+0x1ce/0x2b0
[ 15.116983] cpufreq_register_driver+0x1ce/0x2b0
[ 15.116983] ? intel_pstate_setup+0x104/0x104
[ 15.116983] intel_pstate_register_driver+0x3a/0xa0
[ 15.116983] intel_pstate_init+0x3c4/0x434
[ 15.116983] ? intel_pstate_setup+0x104/0x104
[ 15.116983] ? intel_pstate_setup+0x104/0x104
[ 15.116983] do_one_initcall+0x9c/0x206
[ 15.116983] ? parameq+0xa0/0xa0
[ 15.116983] ? initcall_blacklisted+0x150/0x150
[ 15.116983] ? lock_downgrade+0x2c0/0x2c0
[ 15.116983] kernel_init_freeable+0x327/0x3f0
[ 15.116983] ? start_kernel+0x612/0x612
[ 15.116983] ? _raw_spin_unlock_irq+0x29/0x40
[ 15.116983] ? finish_task_switch+0xdd/0x320
[ 15.116983] ? finish_task_switch+0x8e/0x320
[ 15.116983] ? rest_init+0xd0/0xd0
[ 15.116983] kernel_init+0xf/0x11a
[ 15.116983] ? rest_init+0xd0/0xd0
[ 15.116983] ret_from_fork+0x24/0x30
[ 15.116983] The buggy address belongs to the variable:
[ 15.116983] __key.36299+0x38/0x40
[ 15.116983] Memory state around the buggy address:
[ 15.116983] ffffffffb9a5bf80: fa fa fa fa 00 fa fa fa fa fa fa fa 00 fa fa fa
[ 15.116983] ffffffffb9a5c000: fa fa fa fa 00 fa fa fa fa fa fa fa 00 fa fa fa
[ 15.116983] >ffffffffb9a5c080: fa fa fa fa 00 fa fa fa fa fa fa fa 00 00 00 00
[ 15.116983] ^
[ 15.116983] ffffffffb9a5c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 15.116983] ffffffffb9a5c180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 15.116983] ==================================================================
Fixes: 85b1407bf6d2 (ACPI / CPPC: Make CPPC ACPI driver aware of PCC subspace IDs)
Reported-by: Changbin Du <[email protected]>
Signed-off-by: George Cherian <[email protected]>
Signed-off-by: Rafael J. Wysocki <[email protected]>
|
|
vmx_io_bitmap_b should not be allocated twice.
Fixes: 23611332938d ("KVM: VMX: refactor setup of global page-sized bitmaps")
Signed-off-by: Jim Mattson <[email protected]>
Reviewed-by: Krish Sadhukhan <[email protected]>
Reviewed-by: David Hildenbrand <[email protected]>
Signed-off-by: Radim Krčmář <[email protected]>
|
|
This fixes CVE-2017-1000407.
KVM allows guests to directly access I/O port 0x80 on Intel hosts. If
the guest floods this port with writes it generates exceptions and
instability in the host kernel, leading to a crash. With this change
guest writes to port 0x80 on Intel will behave the same as they
currently behave on AMD systems.
Prevent the flooding by removing the code that sets port 0x80 as a
passthrough port. This is essentially the same as upstream patch
99f85a28a78e96d28907fe036e1671a218fee597, except that patch was
for AMD chipsets and this patch is for Intel.
Signed-off-by: Andrew Honig <[email protected]>
Signed-off-by: Jim Mattson <[email protected]>
Fixes: fdef3ad1b386 ("KVM: VMX: Enable io bitmaps to avoid IO port 0x80 VMEXITs")
Cc: <[email protected]>
Signed-off-by: Radim Krčmář <[email protected]>
|
|
Now that get_fpu and put_fpu do nothing, because the scheduler will
automatically load and restore the guest FPU context for us while we
are in this code (deep inside the vcpu_run main loop), we can get rid
of the get_fpu and put_fpu hooks.
Signed-off-by: Rik van Riel <[email protected]>
Suggested-by: David Hildenbrand <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
|
|
Currently, every time a VCPU is scheduled out, the host kernel will
first save the guest FPU/xstate context, then load the qemu userspace
FPU context, only to then immediately save the qemu userspace FPU
context back to memory. When scheduling in a VCPU, the same extraneous
FPU loads and saves are done.
This could be avoided by moving from a model where the guest FPU is
loaded and stored with preemption disabled, to a model where the
qemu userspace FPU is swapped out for the guest FPU context for
the duration of the KVM_RUN ioctl.
This is done under the VCPU mutex, which is also taken when other
tasks inspect the VCPU FPU context, so the code should already be
safe for this change. That should come as no surprise, given that
s390 already has this optimization.
This can fix a bug where KVM calls get_user_pages while owning the
FPU, and the file system ends up requesting the FPU again:
[258270.527947] __warn+0xcb/0xf0
[258270.527948] warn_slowpath_null+0x1d/0x20
[258270.527951] kernel_fpu_disable+0x3f/0x50
[258270.527953] __kernel_fpu_begin+0x49/0x100
[258270.527955] kernel_fpu_begin+0xe/0x10
[258270.527958] crc32c_pcl_intel_update+0x84/0xb0
[258270.527961] crypto_shash_update+0x3f/0x110
[258270.527968] crc32c+0x63/0x8a [libcrc32c]
[258270.527975] dm_bm_checksum+0x1b/0x20 [dm_persistent_data]
[258270.527978] node_prepare_for_write+0x44/0x70 [dm_persistent_data]
[258270.527985] dm_block_manager_write_callback+0x41/0x50 [dm_persistent_data]
[258270.527988] submit_io+0x170/0x1b0 [dm_bufio]
[258270.527992] __write_dirty_buffer+0x89/0x90 [dm_bufio]
[258270.527994] __make_buffer_clean+0x4f/0x80 [dm_bufio]
[258270.527996] __try_evict_buffer+0x42/0x60 [dm_bufio]
[258270.527998] dm_bufio_shrink_scan+0xc0/0x130 [dm_bufio]
[258270.528002] shrink_slab.part.40+0x1f5/0x420
[258270.528004] shrink_node+0x22c/0x320
[258270.528006] do_try_to_free_pages+0xf5/0x330
[258270.528008] try_to_free_pages+0xe9/0x190
[258270.528009] __alloc_pages_slowpath+0x40f/0xba0
[258270.528011] __alloc_pages_nodemask+0x209/0x260
[258270.528014] alloc_pages_vma+0x1f1/0x250
[258270.528017] do_huge_pmd_anonymous_page+0x123/0x660
[258270.528021] handle_mm_fault+0xfd3/0x1330
[258270.528025] __get_user_pages+0x113/0x640
[258270.528027] get_user_pages+0x4f/0x60
[258270.528063] __gfn_to_pfn_memslot+0x120/0x3f0 [kvm]
[258270.528108] try_async_pf+0x66/0x230 [kvm]
[258270.528135] tdp_page_fault+0x130/0x280 [kvm]
[258270.528149] kvm_mmu_page_fault+0x60/0x120 [kvm]
[258270.528158] handle_ept_violation+0x91/0x170 [kvm_intel]
[258270.528162] vmx_handle_exit+0x1ca/0x1400 [kvm_intel]
No performance changes were detected in quick ping-pong tests on
my 4 socket system, which is expected since an FPU+xstate load is
on the order of 0.1us, while ping-ponging between CPUs is on the
order of 20us, and somewhat noisy.
Cc: [email protected]
Signed-off-by: Rik van Riel <[email protected]>
Suggested-by: Christian Borntraeger <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
[Fixed a bug where reset_vcpu called put_fpu without preceding load_fpu,
which happened inside from KVM_CREATE_VCPU ioctl. - Radim]
Signed-off-by: Radim Krčmář <[email protected]>
|
|
Since commit 3b4477d2dcf2709d0be89e2a8dced3d0f4a017f2 ("VSOCK: use TCP
state constants for sk_state") VSOCK has used TCP_* constants for
sk_state.
Commit b4562ca7925a3bedada87a3dd072dd5bad043288 ("hv_sock: add locking
in the open/close/release code paths") reintroduced the SS_DISCONNECTING
constant.
This patch replaces the old SS_DISCONNECTING with the new TCP_CLOSING
constant.
CC: Dexuan Cui <[email protected]>
CC: Cathy Avery <[email protected]>
Signed-off-by: Stefan Hajnoczi <[email protected]>
Reviewed-by: Jorgen Hansen <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
When the function tipc_accept_from_sock() fails to create an instance of
struct tipc_subscriber it omits to free the already created instance of
struct tipc_conn instance before it returns.
We fix that with this commit.
Reported-by: David S. Miller <[email protected]>
Signed-off-by: Jon Maloy <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
In tipc_topsrv_kern_subscr() when s->tipc_conn_new() fails
we call tipc_close_conn() to clean up, but in this case
calling conn_put() is just enough.
This fixes the folllowing crash:
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 3085 Comm: syzkaller064164 Not tainted 4.15.0-rc1+ #137
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: 00000000c24413a5 task.stack: 000000005e8160b5
RIP: 0010:__lock_acquire+0xd55/0x47f0 kernel/locking/lockdep.c:3378
RSP: 0018:ffff8801cb5474a8 EFLAGS: 00010002
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000004 RSI: 0000000000000000 RDI: ffffffff85ecb400
RBP: ffff8801cb547830 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: ffffffff87489d60 R12: ffff8801cd2980c0
R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000020
FS: 00000000014ee880(0000) GS:ffff8801db400000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffee2426e40 CR3: 00000001cb85a000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
_raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:175
spin_lock_bh include/linux/spinlock.h:320 [inline]
tipc_subscrb_subscrp_delete+0x8f/0x470 net/tipc/subscr.c:201
tipc_subscrb_delete net/tipc/subscr.c:238 [inline]
tipc_subscrb_release_cb+0x17/0x30 net/tipc/subscr.c:316
tipc_close_conn+0x171/0x270 net/tipc/server.c:204
tipc_topsrv_kern_subscr+0x724/0x810 net/tipc/server.c:514
tipc_group_create+0x702/0x9c0 net/tipc/group.c:184
tipc_sk_join net/tipc/socket.c:2747 [inline]
tipc_setsockopt+0x249/0xc10 net/tipc/socket.c:2861
SYSC_setsockopt net/socket.c:1851 [inline]
SyS_setsockopt+0x189/0x360 net/socket.c:1830
entry_SYSCALL_64_fastpath+0x1f/0x96
Fixes: 14c04493cb77 ("tipc: add ability to order and receive topology events in driver")
Reported-by: syzbot <[email protected]>
Cc: Jon Maloy <[email protected]>
Cc: Ying Xue <[email protected]>
Signed-off-by: Cong Wang <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Thomas Petazzoni says:
====================
net: sh_eth: DMA mapping API fixes
Here are two patches that fix how the sh_eth driver is using the DMA
mapping API: a bogus struct device is used in some places, or a NULL
struct device is used.
====================
Signed-off-by: David S. Miller <[email protected]>
|
|
Using NULL as argument for the DMA mapping API is bogus, as the DMA
mapping API may use information from the "struct device" to perform
the DMA mapping operation. Therefore, pass the appropriate "struct
device".
Signed-off-by: Thomas Petazzoni <[email protected]>
Acked-by: Sergei Shtylyov <[email protected]>
Reviewed-by: Geert Uytterhoeven <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
There are two types of "struct device": the one representing the
physical device on its physical bus (platform, SPI, PCI, etc.), and
the one representing the logical device in its device class (net,
etc.).
The DMA mapping API expects to receive as argument a "struct device"
representing the physical device, as the "struct device" contains
information about the bus that the DMA API needs.
However, the sh_eth driver mistakenly uses the "struct device"
representing the logical device (embedded in "struct net_device")
rather than the "struct device" representing the physical device on
its bus.
This commit fixes that by adjusting all calls to the DMA mapping API.
Signed-off-by: Thomas Petazzoni <[email protected]>
Acked-by: Sergei Shtylyov <[email protected]>
Reviewed-by: Geert Uytterhoeven <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Nogah Frankel says:
====================
RED qdisc fixes
Add some input validation checks to RED qdisc.
====================
Signed-off-by: David S. Miller <[email protected]>
|
|
Check the qmin & qmax values doesn't overflow for the given Wlog value.
Check that qmin <= qmax.
Fixes: a783474591f2 ("[PKT_SCHED]: Generic RED layer")
Signed-off-by: Nogah Frankel <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Do not allow delta value to be zero since it is used as a divisor.
Fixes: 8af2a218de38 ("sch_red: Adaptative RED AQM")
Signed-off-by: Nogah Frankel <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
When we detect consecutive allocation of pages swap them to avoid
accidentally freeing them as huge page.
v2: use swap
v3: check if it's really the first allocated page
Signed-off-by: Christian König <[email protected]>
Reviewed-by: Roger He <[email protected]>
Reviewed-by: Michel Dänzer <[email protected]>
Signed-off-by: Alex Deucher <[email protected]>
|
|
e.g. shrink reqeust is less than 512, the logic will skip huge pool
Reviewed-by: Chunming Zhou <[email protected]>
Reviewed-by: Christian König <[email protected]>
Signed-off-by: Roger He <[email protected]>
Signed-off-by: Alex Deucher <[email protected]>
|
|
Reviewed-by: Chunming Zhou <[email protected]>
Reviewed-by: Christian König <[email protected]>
Signed-off-by: Roger He <[email protected]>
Signed-off-by: Alex Deucher <[email protected]>
|
|
Reviewed-by: Chunming Zhou <[email protected]>
Reviewed-by: Christian König <[email protected]>
Signed-off-by: Roger He <[email protected]>
Signed-off-by: Alex Deucher <[email protected]>
|
|
to indicate page order for each element in the pool
Reviewed-by: Christian König <[email protected]>
Signed-off-by: Roger He <[email protected]>
Signed-off-by: Alex Deucher <[email protected]>
|
|
Reviewed-by: Christian König <[email protected]>
Signed-off-by: Roger He <[email protected]>
Signed-off-by: Alex Deucher <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
Pull SCSI fixes from James Bottomley:
"A bunch of fixes for aacraid, a set of coherency fixes that only
affect non-coherent platforms and one coccinelle detected null check
after use"
* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
scsi: libsas: align sata_device's rps_resp on a cacheline
scsi: use dma_get_cache_alignment() as minimum DMA alignment
scsi: dma-mapping: always provide dma_get_cache_alignment
scsi: ufs: ufshcd: fix potential NULL pointer dereference in ufshcd_config_vreg
scsi: aacraid: Prevent crash in case of free interrupt during scsi EH path
scsi: aacraid: Perform initialization reset only once
scsi: aacraid: Check for PCI state of device in a generic way
|
|
Pull rdma fixes from Jason Gunthorpe:
"Here is the first rc pull request for RDMA. This includes an important
core fix for a regression in iWarp if SELinux is enabled, a fix for a
compilation regression introduced in this merge window, and one
obscure kconfig combination that oops's the kernel.
For drivers, we have hns fixes needed to make their devices work on
certain ARM IOMMU configurations, a stack data leak for hfi1, and
various testing discovered -rc bug fixes for i40iw.
This cycle we pushed back on the driver maintainers to have better
commit messages for -rc material"
* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma:
IB/core: Only enforce security for InfiniBand
RDMA/hns: Get rid of page operation after dma_alloc_coherent
RDMA/hns: Get rid of virt_to_page and vmap calls after dma_alloc_coherent
RDMA/hns: Fix the issue of IOVA not page continuous in hip08
IB/core: Init subsys if compiled to vmlinuz-core
RDMA/cma: Make sure that PSN is not over max allowed
i40iw: Notify user of established connection after QP in RTS
i40iw: Move MPA request event for loopback after connect
i40iw: Correct ARP index mask
i40iw: Do not free sqbuf when event is I40IW_TIMER_TYPE_CLOSE
i40iw: Allocate a sdbuf per CQP WQE
IB: INFINIBAND should depend on HAS_DMA
IB/hfi1: Initialize bth1 in 16B rc ack builder
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
Pull char/misc fixes from Greg KH:
"Here are some small misc driver fixes for 4.15-rc3 to resolve reported
issues. Specifically these are:
- binder fix for a memory leak
- vpd driver fixes for a number of reported problems
- hyperv driver fix for memory accesses where it shouldn't be.
All of these have been in linux-next for a while. There's also one
more MAINTAINERS file update that came in today to get the Android
developer's emails correct, which is also in this pull request, that
was not in linux-next, but should not be an issue"
* tag 'char-misc-4.15-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
MAINTAINERS: update Android driver maintainers.
firmware: vpd: Fix platform driver and device registration/unregistration
firmware: vpd: Tie firmware kobject to device lifetime
firmware: vpd: Destroy vpd sections in remove function
hv: kvp: Avoid reading past allocated blocks from KVP file
Drivers: hv: vmbus: Fix a rescind issue
ANDROID: binder: fix transaction leak.
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
Pull driver core fixes from Greg KH:
"Here are 3 small fixes for some reported issues:
- a debugfs build error that lots of people have reported
- a Kconfig help text cleanup now that the firmware is not in the
kernel tree
- an ISA bus bug fix for a reported issue that has been there since
2.6.18.
All of these have been in linux-next with no reported issues"
* tag 'driver-core-4.15-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
firmware: cleanup FIRMWARE_IN_KERNEL message
isa: Prevent NULL dereference in isa_bus driver callbacks
debugfs: fix debugfs_real_fops() build error
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging
Pull staging and iio driver fixes from Greg KH:
"Here are a number of small staging and iio driver fixes for reported
issues for 4.15-rc3. Nothing major here, the majority is IIO issues,
like normal, but there are also some small bugfixes for a few staging
drivers as well.
Full details are in the shortlog.
All of these have been in linux-next for a while with no reported
issues"
* tag 'staging-4.15-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
iio: stm32: fix adc/trigger link error
iio: health: max30102: Temperature should be in milli Celsius
iio: fix kernel-doc build errors
iio: adc: meson-saradc: Meson8 and Meson8b do not have REG11 and REG13
iio: adc: meson-saradc: initialize the bandgap correctly on older SoCs
iio: adc: meson-saradc: fix the bit_idx of the adc_en clock
iio: proximity: sx9500: Assign interrupt from GpioIo()
iio: adc: cpcap: fix incorrect validation
staging: octeon-usb: use __delay() instead of cvmx_wait()
staging: rtl8188eu: Fix incorrect response to SIOCGIWESSID
staging: ccree: fix leak of import() after init()
staging: comedi: ni_atmio: fix license warning.
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty
Pull tty/serial driver fixes from Greg KH:
"Here are some small serdev and serial fixes for 4.15-rc3. They resolve
some reported problems:
- a number of serdev fixes to resolve crashes
- MIPS build fixes for their serial port
- a new 8250 device id
All of these have been in linux-next for a while with no reported
issues"
* tag 'tty-4.15-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
MIPS: Add custom serial.h with BASE_BAUD override for generic kernel
serdev: ttyport: fix tty locking in close
serdev: ttyport: fix NULL-deref on hangup
serdev: fix receive_buf return value when no callback
serdev: ttyport: add missing receive_buf sanity checks
serial: 8250_early: Only set divisor if valid clk & baud
serial: 8250_pci: Add Amazon PCI serial device ID
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm
KVM/ARM Fixes for v4.15.
Fixes:
- A number of issues in the vgic discovered using SMATCH
- A bit one-off calculation in out stage base address mask (32-bit and
64-bit)
- Fixes to single-step debugging instructions that trap for other
reasons such as MMMIO aborts
- Printing unavailable hyp mode as error
- Potential spinlock deadlock in the vgic
- Avoid calling vgic vcpu free more than once
- Broken bit calculation for big endian systems
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb
Pull USB fixes from Greg KH:
"Here are a few minor USB fixes for 4.15-rc3.
The largest here is the Kconfig text and configuration changes for the
USB TypeC build options that you reported during the -rc1 merge
window. The others are all just small fixes for reported issues, as
well as some new device ids.
The most "interesting" of anything here is the usbip fixes as it seems
lots of people are starting to pay attention to that driver at the
moment. These fixes should resolve all of the reported problems as of
now.
Of course there are the usual xhci and gadget fixes as well, can't go
a pull request without those...
All of these have been in linux-next for a while with no reported
issues"
* tag 'usb-4.15-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (22 commits)
usb: xhci: fix panic in xhci_free_virt_devices_depth_first
xhci: Don't show incorrect WARN message about events for empty rings
usbip: fix usbip attach to find a port that matches the requested speed
usbip: Fix USB device hang due to wrong enabling of scatter-gather
uas: Always apply US_FL_NO_ATA_1X quirk to Seagate devices
usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub
usb: build drivers/usb/common/ when USB_SUPPORT is set
usb: hub: Cycle HUB power when initialization fails
USB: core: Add type-specific length check of BOS descriptors
usb: host: fix incorrect updating of offset
USB: ulpi: fix bus-node lookup
USB: usbfs: Filter flags passed in from user space
usb: add user selectable option for the whole USB Type-C Support
usb: f_fs: Force Reserved1=1 in OS_DESC_EXT_COMPAT
usb: gadget: core: Fix ->udc_set_speed() speed handling
usb: gadget: allow to enable legacy drivers without USB_ETH
usb: gadget: udc: renesas_usb3: fix number of the pipes
usb: gadget: don't dereference g until after it has been null checked
USB: serial: usb_debug: add new USB device id
usb: bdc: fix platform_no_drv_owner.cocci warnings
...
|
|
According to LS1021A RM, the value of PAL can be set so that the start of the
IP header in the receive data buffer is aligned to a 32-bit boundary. Normally,
setting PAL = 2 provides minimal padding to ensure such alignment of the IP
header.
However every incoming packet's 8-byte time stamp will be inserted into the
packet data buffer as padding alignment bytes when hardware time stamping is
enabled.
So we set the padding 8+2 here to avoid the flooded alignment faults:
root@128:~# cat /proc/cpu/alignment
User: 0
System: 17539 (inet_gro_receive+0x114/0x2c0)
Skipped: 0
Half: 0
Word: 0
DWord: 0
Multi: 17539
User faults: 2 (fixup)
Also shown when exception report enablement
CPU: 0 PID: 161 Comm: irq/66-eth1_g0_ Not tainted 4.1.21-rt13-WR8.0.0.0_preempt-rt #16
Hardware name: Freescale LS1021A
[<8001b420>] (unwind_backtrace) from [<8001476c>] (show_stack+0x20/0x24)
[<8001476c>] (show_stack) from [<807cfb48>] (dump_stack+0x94/0xac)
[<807cfb48>] (dump_stack) from [<80025d70>] (do_alignment+0x720/0x958)
[<80025d70>] (do_alignment) from [<80009224>] (do_DataAbort+0x40/0xbc)
[<80009224>] (do_DataAbort) from [<80015398>] (__dabt_svc+0x38/0x60)
Exception stack(0x86ad1cc0 to 0x86ad1d08)
1cc0: f9b3e080 86b3d072 2d78d287 00000000 866816c0 86b3d05e 86e785d0 00000000
1ce0: 00000011 0000000e 80840ab0 86ad1d3c 86ad1d08 86ad1d08 806d7fc0 806d806c
1d00: 40070013 ffffffff
[<80015398>] (__dabt_svc) from [<806d806c>] (inet_gro_receive+0x114/0x2c0)
[<806d806c>] (inet_gro_receive) from [<80660eec>] (dev_gro_receive+0x21c/0x3c0)
[<80660eec>] (dev_gro_receive) from [<8066133c>] (napi_gro_receive+0x44/0x17c)
[<8066133c>] (napi_gro_receive) from [<804f0538>] (gfar_clean_rx_ring+0x39c/0x7d4)
[<804f0538>] (gfar_clean_rx_ring) from [<804f0bf4>] (gfar_poll_rx_sq+0x58/0xe0)
[<804f0bf4>] (gfar_poll_rx_sq) from [<80660b10>] (net_rx_action+0x27c/0x43c)
[<80660b10>] (net_rx_action) from [<80033638>] (do_current_softirqs+0x1e0/0x3dc)
[<80033638>] (do_current_softirqs) from [<800338c4>] (__local_bh_enable+0x90/0xa8)
[<800338c4>] (__local_bh_enable) from [<8008025c>] (irq_forced_thread_fn+0x70/0x84)
[<8008025c>] (irq_forced_thread_fn) from [<800805e8>] (irq_thread+0x16c/0x244)
[<800805e8>] (irq_thread) from [<8004e490>] (kthread+0xe8/0x104)
[<8004e490>] (kthread) from [<8000fda8>] (ret_from_fork+0x14/0x2c)
Signed-off-by: Zumeng Chen <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl
Pull pin control fixes from Linus Walleij:
"As with GPIO not much action in pin control. All are driver fixes:
- fix the UART2 RTS pin mode on Intel Denverton
- fix the direction_output() behaviour on the Armada 37xx
- fix the groups selection per-SoC on the Gemini
- fix the interrupt pin bank on the Sunxi A80
- fix the UART mux on the Sunxi A64
- disable the strict mode on the Sunxi H5 driver"
* tag 'pinctrl-v4.15-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
pinctrl: sunxi: Disable strict mode for H5 driver
pinctrl: sunxi: Fix A64 UART mux value
pinctrl: sunxi: Fix A80 interrupt pin bank
pinctrl: gemini: Fix usage of 3512 groups
pinctrl: armada-37xx: Fix direction_output() callback behavior
pinctrl: denverton: Fix UART2 RTS pin mode
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio
Pull GPIO fixes from Linus Walleij:
"Three small fixes for GPIO. Not much, I'm surprised by the silence in
my subsystems. All driver fixes:
- fix a crash in the 74x164 driver
- fix IRQ banks in the DaVinci driver
- fix the vendor prefix in the PCA953x driver"
* tag 'gpio-v4.15-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
gpio: pca953x: fix vendor prefix for PCA9654
gpio: davinci: Assign first bank regs for unbanked case
gpio: 74x164: Fix crash during .remove()
|
|
This reverts commit d6f295e9def0; some userspace (in the case
we noticed it's wpa_supplicant), is relying on the current
error code to determine that a fixed name interface already
exists.
Reported-by: Jouni Malinen <[email protected]>
Signed-off-by: Johannes Berg <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Previously we swapped the tx_packets, tx_bytes and tx_dropped counters
with rx_packets, rx_bytes and rx_dropped counters, respectively. This
behaviour is correct and expected for VF representors but it should not
be swapped for physical port mac representors.
Fixes: eadfa4c3be99 ("nfp: add stats and xmit helpers for representors")
Signed-off-by: Pieter Jansen van Vuuren <[email protected]>
Reviewed-by: Simon Horman <[email protected]>
Reviewed-by: Jakub Kicinski <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
We have phy-cells for usb_phy0, but it's missing for usb_phy1 and we get:
Warning (phys_property): Missing property '#phy-cells' in node
/ocp/l4ls@48000000/control@140000/usb-phy@1b00 or bad phandle
(referred from /ocp/usb@47400000/usb@47401800:phys[0])
Signed-off-by: Tony Lindgren <[email protected]>
|
|
Looks like the interrupt property is missing the controller and level
information causing:
Warning (interrupts_property): interrupts size is (4), expected multiple
of 12 in /ocp/elm@48078000
Signed-off-by: Tony Lindgren <[email protected]>
|
|
We had to disable BH _before_ calling __inet_twsk_hashdance() in commit
cfac7f836a71 ("tcp/dccp: block bh before arming time_wait timer").
This means we can revert 614bdd4d6e61 ("tcp: must block bh in
__inet_twsk_hashdance()").
Signed-off-by: Eric Dumazet <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Geert Uytterhoeven reported a NFS oops, and pointed out that some of the
numbers were hashed and useless.
We could just turn them from '%p' into '%px', but those numbers are
really just legacy, and useless even when not hashed.
So just remove them entirely.
Reported-by: Geert Uytterhoeven <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|
|
Without masking out the old value, we can end up pointing the DDI to a
disabled PLL, which makes the system fall over. Mask out the previous
value before setting the PLL to DDI mapping.
This can be observed by running igt/testdisplay with both an eDP and
HDMI/DP output active.
v2: Add the Bugzilla link
Fixes: 555e38d273172 ("drm/i915/cnl: DDI - PLL mapping")
Testcase: igt/testdisplay
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=103997
Cc: Rodrigo Vivi <[email protected]>
Cc: Matt Atwood <[email protected]>
Signed-off-by: James Ausmus <[email protected]>
Reviewed-by: Rodrigo Vivi <[email protected]>
Tested-by: Rodrigo Vivi <[email protected]>
Signed-off-by: Rodrigo Vivi <[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
(cherry picked from commit 23a7068ec581fcc6fb61039448632d25987b1fae)
Signed-off-by: Joonas Lahtinen <[email protected]>
|
|
Previously I was under the impression that the scanline counter
reads 0 when the pipe is off. Turns out that's not correct, and
instead the scanline counter simply stops when the pipe stops, and
it retains it's last value until the pipe starts up again, at which
point the scanline counter jumps to vblank start.
These jumps can cause the timestamp to jump backwards by one frame.
Since we use the timestamps to guesstimage also the frame counter
value on gen2, that would cause the frame counter to also jump
backwards, which leads to a massice difference from the previous value.
The end result is that flips/vblank events don't appear to complete as
they're stuck waiting for the frame counter to catch up to that massive
difference.
Fix the problem properly by actually making sure the scanline counter
has started to move before we assume that it's safe to enable vblank
processing.
v2: Less pointless duplication in the code (Chris)
Cc: [email protected]
Cc: Daniel Vetter <[email protected]>
Cc: Chris Wilson <[email protected]>
Reviewed-by: Chris Wilson <[email protected]>
Fixes: b7792d8b54cc ("drm/i915: Wait for pipe to start before sampling vblank timestamps on gen2")
Signed-off-by: Ville Syrjälä <[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
(cherry picked from commit 8fedd64dabc86d0f31a0d1e152be3aa23c323553)
Signed-off-by: Joonas Lahtinen <[email protected]>
|
|
If the HW is already wedged, attempting to submit a request will
generate an -EIO. If we tried this during suspend, we would abort
whereas all we want to do is to go sleep and throw away the corrupt
state.
Fixes: 5ab57c702069 ("drm/i915: Flush logical context image out to memory upon suspend")
Testcase: igt/gem_eio/suspend
Signed-off-by: Chris Wilson <[email protected]>
Cc: Mika Kuoppala <[email protected]>
Cc: Joonas Lahtinen <[email protected]>
Reviewed-by: Joonas Lahtinen <[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
(cherry picked from commit ecf73eb2d27d43b2153bb80671768a06d35521f1)
Signed-off-by: Joonas Lahtinen <[email protected]>
|
|
Add Todd Kjos and myself, remove Riley (who no
longer works at Google).
Signed-off-by: Martijn Coenen <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
When RADA is active, the hardware decrypts the packets and strips off
the MIC as it is useless after decryption. Indicate that to mac80211.
Cc: [email protected] # 4.13+
[this is needed for the 9000-series HW to work properly]
Signed-off-by: Sara Sharon <[email protected]>
Signed-off-by: Luca Coelho <[email protected]>
|
|
Set the flag that indicates that ICV was stripped on if
this option was enabled in the HW.
Cc: [email protected] # 4.13+
[this is needed for the 9000-series HW to work properly]
Signed-off-by: David Spinadel <[email protected]>
Signed-off-by: Luca Coelho <[email protected]>
|
|
Before deleting a time event (remain-on-channel instance), flush
the queue so that frames cannot get stuck on it. We already flush
the AUX STA queues, but a separate station is used for the P2P
Device queue.
Cc: [email protected]
Signed-off-by: Johannes Berg <[email protected]>
Signed-off-by: Luca Coelho <[email protected]>
|
|
add 1 PCI ID for 9260 series and 1 for 22000 series.
Cc: [email protected]
Signed-off-by: Ihab Zhaika <[email protected]>
Signed-off-by: Luca Coelho <[email protected]>
|
|
Hendrik Brueckner says:
====================
Perf tool bpf selftests revealed a broken uapi for s390 and arm64.
With the BPF_PROG_TYPE_PERF_EVENT program type the bpf_perf_event
structure exports the pt_regs structure for all architectures.
This fails for s390 and arm64 because pt_regs are not part of the
user api and kept in-kernel only. To mitigate the broken uapi,
introduce a wrapper that exports pt_regs in an asm-generic way.
For arm64, export the exising user_pt_regs structure. For s390,
introduce a user_pt_regs structure that exports the beginning of
pt_regs.
Note that user_pt_regs must export from the beginning of pt_regs
as BPF_PROG_TYPE_PERF_EVENT program type is not the only type for
running BPF programs.
Some more background:
For the bpf_perf_event, there is a uapi definition that is
passed to the BPF program. For other "probe" points like
trace points, kprobes, and uprobes, there is no uapi and the
BPF program is always passed pt_regs (which is OK as the BPF
program runs in the kernel context). The perf tool can attach
BPF programs to all of these "probe" points and, optionally,
can create a BPF prologue to access particular arguments
(passed as registers). For this, it uses DWARF/CFI
information to obtain the register and calls a perf-arch
backend function, regs_query_register_offset(). This function
returns the index into (user_)pt_regs for a particular
register. Then, perf creates a BPF prologue that accesses
this register based on the passed stucture from the "probe"
point.
Part of this series, are also updates to the testing and bpf selftest
to deal with asm-specifics. To complete the bpf support in perf, the
the regs_query_register_offset function is added for s390 to support
BPF prologue creation.
Changelog v1 -> v2:
- Correct kbuild test bot issues by including
asm-generic/bpf_perf_event.h for archictectures that do not have
their own asm version.
- Added patch to clean-up whitespace and coding style issues in s390
asm/ptrace.h (#4/6) as suggested by Alexei.
====================
Signed-off-by: Daniel Borkmann <[email protected]>
|
|
The regs_query_register_offset() helper function converts
register name like "%r0" to an offset of a register in user_pt_regs
It is required by the BPF prologue generator.
The user_pt_regs structure was recently added to "asm/ptrace.h".
Hence, update tools/perf/check-headers.sh to keep the header file
in sync with kernel changes.
Suggested-by: Thomas Richter <[email protected]>
Signed-off-by: Hendrik Brueckner <[email protected]>
Reviewed-and-tested-by: Thomas Richter <[email protected]>
Acked-by: Alexei Starovoitov <[email protected]>
Cc: Arnaldo Carvalho de Melo <[email protected]>
Cc: Jiri Olsa <[email protected]>
Cc: Heiko Carstens <[email protected]>
Signed-off-by: Daniel Borkmann <[email protected]>
|
|
Synchronize the uapi kernel header files which solves the broken
uapi export of pt_regs. Because of arch-specific uapi headers,
extended the include path in the Makefile.
With this change, the test_verifier program compiles and runs successfully
on s390.
Signed-off-by: Hendrik Brueckner <[email protected]>
Reviewed-and-tested-by: Thomas Richter <[email protected]>
Acked-by: Alexei Starovoitov <[email protected]>
Cc: Daniel Borkmann <[email protected]>
Cc: Shuah Khan <[email protected]>
Signed-off-by: Daniel Borkmann <[email protected]>
|
|
Correct whitespace and coding style issues in the s390 asm/ptrace.h
uapi header file. This is preparatory work to copy it to the tools/
directory for inclusion by selftests and perf.
Signed-off-by: Hendrik Brueckner <[email protected]>
Signed-off-by: Daniel Borkmann <[email protected]>
|