-
Notifications
You must be signed in to change notification settings - Fork 24
Working android hikey linaro 4.4 #187
base: hikey-mainline-rebase
Are you sure you want to change the base?
Working android hikey linaro 4.4 #187
Commits on Mar 18, 2017
-
MIPS: Netlogic: Fix CP0_EBASE redefinition warnings
am: 1276510 Change-Id: Ib7ca5ebf52d798a057a0d509226b59116da302e9
James Hogan authored and android-build-merger committedMar 18, 2017 Configuration menu - View commit details
-
Copy full SHA for de761c1 - Browse repository at this point
Copy the full SHA de761c1View commit details -
tracing: Add #undef to fix compile error
am: 0748934 Change-Id: I20f387e74bc1cdd5c4a11d55b65e443b85606c0b
Rik van Riel authored and android-build-merger committedMar 18, 2017 Configuration menu - View commit details
-
Copy full SHA for 7528839 - Browse repository at this point
Copy the full SHA 7528839View commit details -
powerpc: Emulation support for load/store instructions on LE
am: 2ca39d1 Change-Id: I4db441c5727a8caef2b50f3a385197a1076ab55d
Ravi Bangoria authored and android-build-merger committedMar 18, 2017 Configuration menu - View commit details
-
Copy full SHA for 699ec83 - Browse repository at this point
Copy the full SHA 699ec83View commit details -
usb: gadget: dummy_hcd: clear usb_gadget region before registration
am: f47b97f Change-Id: Ifad25d5604ef1bc2c10cc4c5414348c23f37beb0
Peter Chen authored and android-build-merger committedMar 18, 2017 Configuration menu - View commit details
-
Copy full SHA for 2b7b5c5 - Browse repository at this point
Copy the full SHA 2b7b5c5View commit details -
usb: dwc3: gadget: make Set Endpoint Configuration macros safe
am: 10af248 Change-Id: I5c852ac4d0fbe9276986df1a57e93979ec8f6cf9
Felipe Balbi authored and android-build-merger committedMar 18, 2017 Configuration menu - View commit details
-
Copy full SHA for 49e4836 - Browse repository at this point
Copy the full SHA 49e4836View commit details -
usb: gadget: function: f_fs: pass companion descriptor along
am: 4a1a3bb Change-Id: I7b29e1d8050144b745f4885566e37d2bbca122a3
Felipe Balbi authored and android-build-merger committedMar 18, 2017 Configuration menu - View commit details
-
Copy full SHA for 5bfd45c - Browse repository at this point
Copy the full SHA 5bfd45cView commit details -
usb: host: xhci-dbg: HCIVERSION should be a binary number
am: 40c5634 Change-Id: I41ed67d92ce661cb607ae65e297856b34e6a05d5
Peter Chen authored and android-build-merger committedMar 18, 2017 Configuration menu - View commit details
-
Copy full SHA for 7badd91 - Browse repository at this point
Copy the full SHA 7badd91View commit details -
usb: host: xhci-plat: Fix timeout on removal of hot pluggable xhci co…
…ntrollers am: cf09c7d Change-Id: I5cab1e3af61dd148ff737ba1dc68935407342983
Configuration menu - View commit details
-
Copy full SHA for 33451f0 - Browse repository at this point
Copy the full SHA 33451f0View commit details -
USB: serial: safe_serial: fix information leak in completion handler
am: 3cdc946 Change-Id: I2a29b5d7a753bd94d320bda52427bd62ab042787
Configuration menu - View commit details
-
Copy full SHA for a94cfa2 - Browse repository at this point
Copy the full SHA a94cfa2View commit details -
USB: serial: omninet: fix reference leaks at open
am: 54f11a9 Change-Id: If2605f1daf506ae915776138b6268d0769a39487
Configuration menu - View commit details
-
Copy full SHA for c98a41c - Browse repository at this point
Copy the full SHA c98a41cView commit details -
USB: iowarrior: fix NULL-deref at probe
am: 179295c Change-Id: If8771741f6228ec6af891a160d5af5f6789f5409
Configuration menu - View commit details
-
Copy full SHA for bf25908 - Browse repository at this point
Copy the full SHA bf25908View commit details -
USB: iowarrior: fix NULL-deref in write
am: 6498086 Change-Id: Ib6ec11fa0bef224af9368ee4aba48d8d4663da50
Configuration menu - View commit details
-
Copy full SHA for f675398 - Browse repository at this point
Copy the full SHA f675398View commit details -
USB: serial: io_ti: fix NULL-deref in interrupt callback
am: e71c7ba Change-Id: I865b297bdb9d8c9eb69e7548ceef6e640f9061e6
Configuration menu - View commit details
-
Copy full SHA for 946f628 - Browse repository at this point
Copy the full SHA 946f628View commit details -
USB: serial: io_ti: fix information leak in completion handler
am: 72bb2b9 Change-Id: Ie1079bef9c43dce4ccecb52acbee12b4dd044e3f
Configuration menu - View commit details
-
Copy full SHA for 5b62446 - Browse repository at this point
Copy the full SHA 5b62446View commit details -
serial: samsung: Continue to work if DMA request fails
am: 72ca0ab Change-Id: I6b2c536ac7ea2371badb4b8080d2806a001a44d1
Configuration menu - View commit details
-
Copy full SHA for 5aac664 - Browse repository at this point
Copy the full SHA 5aac664View commit details -
mvsas: fix misleading indentation
am: 61fbad6 Change-Id: I5422457ab66bd8a08f22fae79351dc7133d4f225
Configuration menu - View commit details
-
Copy full SHA for 03c7b93 - Browse repository at this point
Copy the full SHA 03c7b93View commit details -
KVM: s390: Fix guest migration for huge guests resulting in panic
am: b0e8570 Change-Id: I12bd03d14c3bf2c1e5d2c70e1765eba1d6d202b9
Janosch Frank authored and android-build-merger committedMar 18, 2017 Configuration menu - View commit details
-
Copy full SHA for d73e472 - Browse repository at this point
Copy the full SHA d73e472View commit details -
s390/kdump: Use "LINUX" ELF note name instead of "CORE"
am: a084aee Change-Id: I0bc63ef6143c3bbe7e50c89ece98ab39a93d0082
Michael Holzheu authored and android-build-merger committedMar 18, 2017 Configuration menu - View commit details
-
Copy full SHA for 4a44b75 - Browse repository at this point
Copy the full SHA 4a44b75View commit details -
nfit, libnvdimm: fix interleave set cookie calculation
am: 66dd58f Change-Id: If1b31bbd5fe6a404d167a6b207bef928b998fba0
Configuration menu - View commit details
-
Copy full SHA for 14671ac - Browse repository at this point
Copy the full SHA 14671acView commit details -
dm: flush queued bios when process blocks to avoid deadlock
am: cd8ad4d Change-Id: I3348df4146daa436541af94224776d3cbc6f45b2
Mikulas Patocka authored and android-build-merger committedMar 18, 2017 Configuration menu - View commit details
-
Copy full SHA for 83193f9 - Browse repository at this point
Copy the full SHA 83193f9View commit details
Commits on Mar 20, 2017
-
resolve merge conflicts of 1c5265b to android-4.4
Change-Id: Idd5f2956c09b193b2a6ba02410e90b52aa2284d7
Configuration menu - View commit details
-
Copy full SHA for 77e4e5b - Browse repository at this point
Copy the full SHA 77e4e5bView commit details -
ANDROID: android-verity: do not compile as independent module
dm-android-verity depends on optional kernel command line parameters. When compiled as module the __setup macro ends up being a no-op resulting in the following warnings: /work/build/batch/drivers/md/dm-android-verity.c:91:19: warning: 'verity_buildvariant' defined but not used [-Wunused-function] static int __init verity_buildvariant(char *line) ^~~~~~~~~~~~~~~~~~~ /work/build/batch/drivers/md/dm-android-verity.c:83:19: warning: 'verity_keyid_param' defined but not used [-Wunused-function] static int __init verity_keyid_param(char *line) ^~~~~~~~~~~~~~~~~~ /work/build/batch/drivers/md/dm-android-verity.c:75:19: warning: 'verity_mode_param' defined but not used [-Wunused-function] static int __init verity_mode_param(char *line) ^~~~~~~~~~~~~~~~~ /work/build/batch/drivers/md/dm-android-verity.c:67:19: warning: 'verified_boot_state_param' defined but not used [-Wunused-function] static int __init verified_boot_state_param(char *line) ^~~~~~~~~~~~~~~~~~~~~~~~~ Tested with allmodconfig. Change-Id: Idfe0c97b216bb620cc7264e968b494eb3a765157 Signed-off-by: Badhri Jagan Sridharan <[email protected]>
Badhri Jagan Sridharan authored and Dmitry Shmidt committedMar 20, 2017 Configuration menu - View commit details
-
Copy full SHA for b631d8c - Browse repository at this point
Copy the full SHA b631d8cView commit details -
BACKPORT: mmc: core: Export device lifetime information through sysfs
In the eMMC 5.0 version of the spec, several EXT_CSD fields about device lifetime are added. - Two types of estimated indications reflected by averaged wear out of memory - An indication reflected by average reserved blocks Export the information through sysfs. Signed-off-by: Jungseung Lee <[email protected]> Reviewed-by: Jaehoon Chung <[email protected]> Reviewed-by: Shawn Lin <[email protected]> Signed-off-by: Ulf Hansson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for bc5b6dd - Browse repository at this point
Copy the full SHA bc5b6ddView commit details
Commits on Mar 22, 2017
-
ANDROID: mmc: core: export emmc revision
Change-Id: If23bc838327ef751ee65baadc429e218eaa2a848 Signed-off-by: Jin Qian <[email protected]>
Jin Qian committedMar 22, 2017 Configuration menu - View commit details
-
Copy full SHA for 659da09 - Browse repository at this point
Copy the full SHA 659da09View commit details -
clk: hisilicon: hi3660: correct stub clock id
In the old code base it uses clock name to access clock nodes. When change to use cpufreq-dt driver, we need support to use clock Id to access these clock nodes, but current stub clock driver wrongly to assign clock id and finally GPU clock overwrites other clocks, so finally cpufreq cannot work. This patch is to fix this issue to register clock nodes properly with correct clock id. Signed-off-by: Leo Yan <[email protected]>
Leo Yan committedMar 22, 2017 Configuration menu - View commit details
-
Copy full SHA for e330525 - Browse repository at this point
Copy the full SHA e330525View commit details -
dts: hi3660: enable cluster0 idle state
Hisilicon releases new MCU firmware, which can resolve hang issue after enable cluster level low power state. This dependency patch is included in the repo: github.com/96boards-hikey/tools-images-hikey960; the commit id is 9891e5c9ed9a ("fastboot.img: lpm3: sec_xloader: updated to fix graphics performance issue"). So make sure the Hisilicon firmware has been updated to latest version. Signed-off-by: Leo Yan <[email protected]>
Leo Yan committedMar 22, 2017 Configuration menu - View commit details
-
Copy full SHA for c801478 - Browse repository at this point
Copy the full SHA c801478View commit details -
netlink: remove mmapped netlink support
commit d1b4c68 upstream. mmapped netlink has a number of unresolved issues: - TX zerocopy support had to be disabled more than a year ago via commit 4682a03 ("netlink: Always copy on mmap TX.") because the content of the mmapped area can change after netlink attribute validation but before message processing. - RX support was implemented mainly to speed up nfqueue dumping packet payload to userspace. However, since commit ae08ce0 ("netfilter: nfnetlink_queue: zero copy support") we avoid one copy with the socket-based interface too (via the skb_zerocopy helper). The other problem is that skbs attached to mmaped netlink socket behave different from normal skbs: - they don't have a shinfo area, so all functions that use skb_shinfo() (e.g. skb_clone) cannot be used. - reserving headroom prevents userspace from seeing the content as it expects message to start at skb->head. See for instance commit aa3a022 ("netlink: not trim skb for mmaped socket when dump"). - skbs handed e.g. to netlink_ack must have non-NULL skb->sk, else we crash because it needs the sk to check if a tx ring is attached. Also not obvious, leads to non-intuitive bug fixes such as 7c7bdf3 ("netfilter: nfnetlink: use original skbuff when acking batches"). mmaped netlink also didn't play nicely with the skb_zerocopy helper used by nfqueue and openvswitch. Daniel Borkmann fixed this via commit 6bb0fef ("netlink, mmap: fix edge-case leakages in nf queue zero-copy")' but at the cost of also needing to provide remaining length to the allocation function. nfqueue also has problems when used with mmaped rx netlink: - mmaped netlink doesn't allow use of nfqueue batch verdict messages. Problem is that in the mmap case, the allocation time also determines the ordering in which the frame will be seen by userspace (A allocating before B means that A is located in earlier ring slot, but this also means that B might get a lower sequence number then A since seqno is decided later. To fix this we would need to extend the spinlocked region to also cover the allocation and message setup which isn't desirable. - nfqueue can now be configured to queue large (GSO) skbs to userspace. Queing GSO packets is faster than having to force a software segmentation in the kernel, so this is a desirable option. However, with a mmap based ring one has to use 64kb per ring slot element, else mmap has to fall back to the socket path (NL_MMAP_STATUS_COPY) for all large packets. To use the mmap interface, userspace not only has to probe for mmap netlink support, it also has to implement a recv/socket receive path in order to handle messages that exceed the size of an rx ring element. Cc: Daniel Borkmann <[email protected]> Cc: Ken-ichirou MATSUZAWA <[email protected]> Cc: Pablo Neira Ayuso <[email protected]> Cc: Patrick McHardy <[email protected]> Cc: Thomas Graf <[email protected]> Signed-off-by: Florian Westphal <[email protected]> Signed-off-by: David S. Miller <[email protected]> Cc: Shi Yuejie <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 0c0be31 - Browse repository at this point
Copy the full SHA 0c0be31View commit details -
vxlan: correctly validate VXLAN ID against VXLAN_N_VID
[ Upstream commit 4e37d69 ] The incorrect check caused an off-by-one error: the maximum VID 0xffffff was unusable. Fixes: d342894 ("vxlan: virtual extensible lan") Signed-off-by: Matthias Schiffer <[email protected]> Acked-by: Jiri Benc <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 51a219a - Browse repository at this point
Copy the full SHA 51a219aView commit details -
[ Upstream commit 7dcdf94 ] Align vti6 with vti by returning GRE_KEY flag. This enables iproute2 to display tunnel keys on "ip -6 tunnel show" Signed-off-by: David Forster <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for f1b3aae - Browse repository at this point
Copy the full SHA f1b3aaeView commit details -
ipv4: mask tos for input route
[ Upstream commit 6e28099 ] Restore the lost masking of TOS in input route code to allow ip rules to match it properly. Problem [1] noticed by Shmulik Ladkani <[email protected]> [1] http://marc.info/?t=137331755300040&r=1&w=2 Fixes: 89aef89 ("ipv4: Delete routing cache.") Signed-off-by: Julian Anastasov <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 354f791 - Browse repository at this point
Copy the full SHA 354f791View commit details -
l2tp: avoid use-after-free caused by l2tp_ip_backlog_recv
[ Upstream commit 51fb60e ] l2tp_ip_backlog_recv may not return -1 if the packet gets dropped. The return value is passed up to ip_local_deliver_finish, which treats negative values as an IP protocol number for resubmission. Signed-off-by: Paul Hüber <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2cd0afc - Browse repository at this point
Copy the full SHA 2cd0afcView commit details -
net: don't call strlen() on the user buffer in packet_bind_spkt()
[ Upstream commit 540e289 ] KMSAN (KernelMemorySanitizer, a new error detection tool) reports use of uninitialized memory in packet_bind_spkt(): Acked-by: Eric Dumazet <[email protected]> ================================================================== BUG: KMSAN: use of unitialized memory CPU: 0 PID: 1074 Comm: packet Not tainted 4.8.0-rc6+ #1891 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 0000000000000000 ffff88006b6dfc08 ffffffff82559ae8 ffff88006b6dfb48 ffffffff818a7c91 ffffffff85b9c870 0000000000000092 ffffffff85b9c550 0000000000000000 0000000000000092 00000000ec400911 0000000000000002 Call Trace: [< inline >] __dump_stack lib/dump_stack.c:15 [<ffffffff82559ae8>] dump_stack+0x238/0x290 lib/dump_stack.c:51 [<ffffffff818a6626>] kmsan_report+0x276/0x2e0 mm/kmsan/kmsan.c:1003 [<ffffffff818a783b>] __msan_warning+0x5b/0xb0 mm/kmsan/kmsan_instr.c:424 [< inline >] strlen lib/string.c:484 [<ffffffff8259b58d>] strlcpy+0x9d/0x200 lib/string.c:144 [<ffffffff84b2eca4>] packet_bind_spkt+0x144/0x230 net/packet/af_packet.c:3132 [<ffffffff84242e4d>] SYSC_bind+0x40d/0x5f0 net/socket.c:1370 [<ffffffff84242a22>] SyS_bind+0x82/0xa0 net/socket.c:1356 [<ffffffff8515991b>] entry_SYSCALL_64_fastpath+0x13/0x8f arch/x86/entry/entry_64.o:? chained origin: 00000000eba00911 [<ffffffff810bb787>] save_stack_trace+0x27/0x50 arch/x86/kernel/stacktrace.c:67 [< inline >] kmsan_save_stack_with_flags mm/kmsan/kmsan.c:322 [< inline >] kmsan_save_stack mm/kmsan/kmsan.c:334 [<ffffffff818a59f8>] kmsan_internal_chain_origin+0x118/0x1e0 mm/kmsan/kmsan.c:527 [<ffffffff818a7773>] __msan_set_alloca_origin4+0xc3/0x130 mm/kmsan/kmsan_instr.c:380 [<ffffffff84242b69>] SYSC_bind+0x129/0x5f0 net/socket.c:1356 [<ffffffff84242a22>] SyS_bind+0x82/0xa0 net/socket.c:1356 [<ffffffff8515991b>] entry_SYSCALL_64_fastpath+0x13/0x8f arch/x86/entry/entry_64.o:? origin description: ----address@SYSC_bind (origin=00000000eb400911) ================================================================== (the line numbers are relative to 4.8-rc6, but the bug persists upstream) , when I run the following program as root: ===================================== #include <string.h> #include <sys/socket.h> #include <netpacket/packet.h> #include <net/ethernet.h> int main() { struct sockaddr addr; memset(&addr, 0xff, sizeof(addr)); addr.sa_family = AF_PACKET; int fd = socket(PF_PACKET, SOCK_PACKET, htons(ETH_P_ALL)); bind(fd, &addr, sizeof(addr)); return 0; } ===================================== This happens because addr.sa_data copied from the userspace is not zero-terminated, and copying it with strlcpy() in packet_bind_spkt() results in calling strlen() on the kernel copy of that non-terminated buffer. Signed-off-by: Alexander Potapenko <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for f331d64 - Browse repository at this point
Copy the full SHA f331d64View commit details -
net: net_enable_timestamp() can be called from irq contexts
[ Upstream commit 13baa00 ] It is now very clear that silly TCP listeners might play with enabling/disabling timestamping while new children are added to their accept queue. Meaning net_enable_timestamp() can be called from BH context while current state of the static key is not enabled. Lets play safe and allow all contexts. The work queue is scheduled only under the problematic cases, which are the static key enable/disable transition, to not slow down critical paths. This extends and improves what we did in commit 5fa8bbd ("net: use a work queue to defer net_disable_timestamp() work") Fixes: b90e579 ("net: dont call jump_label_dec from irq context") Signed-off-by: Eric Dumazet <[email protected]> Reported-by: Dmitry Vyukov <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for a70c328 - Browse repository at this point
Copy the full SHA a70c328View commit details -
dccp: Unlock sock before calling sk_free()
[ Upstream commit d5afb6f ] The code where sk_clone() came from created a new socket and locked it, but then, on the error path didn't unlock it. This problem stayed there for a long while, till b0691c8 ("net: Unlock sock before calling sk_free()") fixed it, but unfortunately the callers of sk_clone() (now sk_clone_locked()) were not audited and the one in dccp_create_openreq_child() remained. Now in the age of the syskaller fuzzer, this was finally uncovered, as reported by Dmitry: ---- 8< ---- I've got the following report while running syzkaller fuzzer on 86292b3 ("Merge branch 'akpm' (patches from Andrew)") [ BUG: held lock freed! ] 4.10.0+ torvalds#234 Not tainted ------------------------- syz-executor6/6898 is freeing memory ffff88006286cac0-ffff88006286d3b7, with a lock still held there! (slock-AF_INET6){+.-...}, at: [<ffffffff8362c2c9>] spin_lock include/linux/spinlock.h:299 [inline] (slock-AF_INET6){+.-...}, at: [<ffffffff8362c2c9>] sk_clone_lock+0x3d9/0x12c0 net/core/sock.c:1504 5 locks held by syz-executor6/6898: #0: (sk_lock-AF_INET6){+.+.+.}, at: [<ffffffff839a34b4>] lock_sock include/net/sock.h:1460 [inline] #0: (sk_lock-AF_INET6){+.+.+.}, at: [<ffffffff839a34b4>] inet_stream_connect+0x44/0xa0 net/ipv4/af_inet.c:681 #1: (rcu_read_lock){......}, at: [<ffffffff83bc1c2a>] inet6_csk_xmit+0x12a/0x5d0 net/ipv6/inet6_connection_sock.c:126 #2: (rcu_read_lock){......}, at: [<ffffffff8369b424>] __skb_unlink include/linux/skbuff.h:1767 [inline] #2: (rcu_read_lock){......}, at: [<ffffffff8369b424>] __skb_dequeue include/linux/skbuff.h:1783 [inline] #2: (rcu_read_lock){......}, at: [<ffffffff8369b424>] process_backlog+0x264/0x730 net/core/dev.c:4835 #3: (rcu_read_lock){......}, at: [<ffffffff83aeb5c0>] ip6_input_finish+0x0/0x1700 net/ipv6/ip6_input.c:59 #4: (slock-AF_INET6){+.-...}, at: [<ffffffff8362c2c9>] spin_lock include/linux/spinlock.h:299 [inline] #4: (slock-AF_INET6){+.-...}, at: [<ffffffff8362c2c9>] sk_clone_lock+0x3d9/0x12c0 net/core/sock.c:1504 Fix it just like was done by b0691c8 ("net: Unlock sock before calling sk_free()"). Reported-by: Dmitry Vyukov <[email protected]> Cc: Cong Wang <[email protected]> Cc: Eric Dumazet <[email protected]> Cc: Gerrit Renker <[email protected]> Cc: Thomas Gleixner <[email protected]> Link: http://lkml.kernel.org/r/[email protected] Signed-off-by: Arnaldo Carvalho de Melo <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 9216632 - Browse repository at this point
Copy the full SHA 9216632View commit details -
tcp: fix various issues for sockets morphing to listen state
[ Upstream commit 02b2faa ] Dmitry Vyukov reported a divide by 0 triggered by syzkaller, exploiting tcp_disconnect() path that was never really considered and/or used before syzkaller ;) I was not able to reproduce the bug, but it seems issues here are the three possible actions that assumed they would never trigger on a listener. 1) tcp_write_timer_handler 2) tcp_delack_timer_handler 3) MTU reduction Only IPv6 MTU reduction was properly testing TCP_CLOSE and TCP_LISTEN states from tcp_v6_mtu_reduced() Signed-off-by: Eric Dumazet <[email protected]> Reported-by: Dmitry Vyukov <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2681a78 - Browse repository at this point
Copy the full SHA 2681a78View commit details -
net: fix socket refcounting in skb_complete_wifi_ack()
[ Upstream commit dd4f107 ] TX skbs do not necessarily hold a reference on skb->sk->sk_refcnt By the time TX completion happens, sk_refcnt might be already 0. sock_hold()/sock_put() would then corrupt critical state, like sk_wmem_alloc. Fixes: bf7fa55 ("mac80211: Resolve sk_refcnt/sk_wmem_alloc issue in wifi ack path") Signed-off-by: Eric Dumazet <[email protected]> Cc: Alexander Duyck <[email protected]> Cc: Johannes Berg <[email protected]> Cc: Soheil Hassas Yeganeh <[email protected]> Cc: Willem de Bruijn <[email protected]> Acked-by: Soheil Hassas Yeganeh <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 9e76833 - Browse repository at this point
Copy the full SHA 9e76833View commit details -
net: fix socket refcounting in skb_complete_tx_timestamp()
[ Upstream commit 9ac25fc ] TX skbs do not necessarily hold a reference on skb->sk->sk_refcnt By the time TX completion happens, sk_refcnt might be already 0. sock_hold()/sock_put() would then corrupt critical state, like sk_wmem_alloc and lead to leaks or use after free. Fixes: 62bccb8 ("net-timestamp: Make the clone operation stand-alone from phy timestamping") Signed-off-by: Eric Dumazet <[email protected]> Cc: Alexander Duyck <[email protected]> Cc: Johannes Berg <[email protected]> Cc: Soheil Hassas Yeganeh <[email protected]> Cc: Willem de Bruijn <[email protected]> Acked-by: Soheil Hassas Yeganeh <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ec4d869 - Browse repository at this point
Copy the full SHA ec4d869View commit details -
dccp: fix use-after-free in dccp_feat_activate_values
[ Upstream commit 62f8f4d ] Dmitry reported crashes in DCCP stack [1] Problem here is that when I got rid of listener spinlock, I missed the fact that DCCP stores a complex state in struct dccp_request_sock, while TCP does not. Since multiple cpus could access it at the same time, we need to add protection. [1] BUG: KASAN: use-after-free in dccp_feat_activate_values+0x967/0xab0 net/dccp/feat.c:1541 at addr ffff88003713be68 Read of size 8 by task syz-executor2/8457 CPU: 2 PID: 8457 Comm: syz-executor2 Not tainted 4.10.0-rc7+ 96boards#127 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:15 [inline] dump_stack+0x292/0x398 lib/dump_stack.c:51 kasan_object_err+0x1c/0x70 mm/kasan/report.c:162 print_address_description mm/kasan/report.c:200 [inline] kasan_report_error mm/kasan/report.c:289 [inline] kasan_report.part.1+0x20e/0x4e0 mm/kasan/report.c:311 kasan_report mm/kasan/report.c:332 [inline] __asan_report_load8_noabort+0x29/0x30 mm/kasan/report.c:332 dccp_feat_activate_values+0x967/0xab0 net/dccp/feat.c:1541 dccp_create_openreq_child+0x464/0x610 net/dccp/minisocks.c:121 dccp_v6_request_recv_sock+0x1f6/0x1960 net/dccp/ipv6.c:457 dccp_check_req+0x335/0x5a0 net/dccp/minisocks.c:186 dccp_v6_rcv+0x69e/0x1d00 net/dccp/ipv6.c:711 ip6_input_finish+0x46d/0x17a0 net/ipv6/ip6_input.c:279 NF_HOOK include/linux/netfilter.h:257 [inline] ip6_input+0xdb/0x590 net/ipv6/ip6_input.c:322 dst_input include/net/dst.h:507 [inline] ip6_rcv_finish+0x289/0x890 net/ipv6/ip6_input.c:69 NF_HOOK include/linux/netfilter.h:257 [inline] ipv6_rcv+0x12ec/0x23d0 net/ipv6/ip6_input.c:203 __netif_receive_skb_core+0x1ae5/0x3400 net/core/dev.c:4190 __netif_receive_skb+0x2a/0x170 net/core/dev.c:4228 process_backlog+0xe5/0x6c0 net/core/dev.c:4839 napi_poll net/core/dev.c:5202 [inline] net_rx_action+0xe70/0x1900 net/core/dev.c:5267 __do_softirq+0x2fb/0xb7d kernel/softirq.c:284 do_softirq_own_stack+0x1c/0x30 arch/x86/entry/entry_64.S:902 </IRQ> do_softirq.part.17+0x1e8/0x230 kernel/softirq.c:328 do_softirq kernel/softirq.c:176 [inline] __local_bh_enable_ip+0x1f2/0x200 kernel/softirq.c:181 local_bh_enable include/linux/bottom_half.h:31 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:971 [inline] ip6_finish_output2+0xbb0/0x23d0 net/ipv6/ip6_output.c:123 ip6_finish_output+0x302/0x960 net/ipv6/ip6_output.c:148 NF_HOOK_COND include/linux/netfilter.h:246 [inline] ip6_output+0x1cb/0x8d0 net/ipv6/ip6_output.c:162 ip6_xmit+0xcdf/0x20d0 include/net/dst.h:501 inet6_csk_xmit+0x320/0x5f0 net/ipv6/inet6_connection_sock.c:179 dccp_transmit_skb+0xb09/0x1120 net/dccp/output.c:141 dccp_xmit_packet+0x215/0x760 net/dccp/output.c:280 dccp_write_xmit+0x168/0x1d0 net/dccp/output.c:362 dccp_sendmsg+0x79c/0xb10 net/dccp/proto.c:796 inet_sendmsg+0x164/0x5b0 net/ipv4/af_inet.c:744 sock_sendmsg_nosec net/socket.c:635 [inline] sock_sendmsg+0xca/0x110 net/socket.c:645 SYSC_sendto+0x660/0x810 net/socket.c:1687 SyS_sendto+0x40/0x50 net/socket.c:1655 entry_SYSCALL_64_fastpath+0x1f/0xc2 RIP: 0033:0x4458b9 RSP: 002b:00007f8ceb77bb58 EFLAGS: 00000282 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 0000000000000017 RCX: 00000000004458b9 RDX: 0000000000000023 RSI: 0000000020e60000 RDI: 0000000000000017 RBP: 00000000006e1b90 R08: 00000000200f9fe1 R09: 0000000000000020 R10: 0000000000008010 R11: 0000000000000282 R12: 00000000007080a8 R13: 0000000000000000 R14: 00007f8ceb77c9c0 R15: 00007f8ceb77c700 Object at ffff88003713be50, in cache kmalloc-64 size: 64 Allocated: PID = 8446 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 save_stack+0x43/0xd0 mm/kasan/kasan.c:502 set_track mm/kasan/kasan.c:514 [inline] kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:605 kmem_cache_alloc_trace+0x82/0x270 mm/slub.c:2738 kmalloc include/linux/slab.h:490 [inline] dccp_feat_entry_new+0x214/0x410 net/dccp/feat.c:467 dccp_feat_push_change+0x38/0x220 net/dccp/feat.c:487 __feat_register_sp+0x223/0x2f0 net/dccp/feat.c:741 dccp_feat_propagate_ccid+0x22b/0x2b0 net/dccp/feat.c:949 dccp_feat_server_ccid_dependencies+0x1b3/0x250 net/dccp/feat.c:1012 dccp_make_response+0x1f1/0xc90 net/dccp/output.c:423 dccp_v6_send_response+0x4ec/0xc20 net/dccp/ipv6.c:217 dccp_v6_conn_request+0xaba/0x11b0 net/dccp/ipv6.c:377 dccp_rcv_state_process+0x51e/0x1650 net/dccp/input.c:606 dccp_v6_do_rcv+0x213/0x350 net/dccp/ipv6.c:632 sk_backlog_rcv include/net/sock.h:893 [inline] __sk_receive_skb+0x36f/0xcc0 net/core/sock.c:479 dccp_v6_rcv+0xba5/0x1d00 net/dccp/ipv6.c:742 ip6_input_finish+0x46d/0x17a0 net/ipv6/ip6_input.c:279 NF_HOOK include/linux/netfilter.h:257 [inline] ip6_input+0xdb/0x590 net/ipv6/ip6_input.c:322 dst_input include/net/dst.h:507 [inline] ip6_rcv_finish+0x289/0x890 net/ipv6/ip6_input.c:69 NF_HOOK include/linux/netfilter.h:257 [inline] ipv6_rcv+0x12ec/0x23d0 net/ipv6/ip6_input.c:203 __netif_receive_skb_core+0x1ae5/0x3400 net/core/dev.c:4190 __netif_receive_skb+0x2a/0x170 net/core/dev.c:4228 process_backlog+0xe5/0x6c0 net/core/dev.c:4839 napi_poll net/core/dev.c:5202 [inline] net_rx_action+0xe70/0x1900 net/core/dev.c:5267 __do_softirq+0x2fb/0xb7d kernel/softirq.c:284 Freed: PID = 15 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 save_stack+0x43/0xd0 mm/kasan/kasan.c:502 set_track mm/kasan/kasan.c:514 [inline] kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:578 slab_free_hook mm/slub.c:1355 [inline] slab_free_freelist_hook mm/slub.c:1377 [inline] slab_free mm/slub.c:2954 [inline] kfree+0xe8/0x2b0 mm/slub.c:3874 dccp_feat_entry_destructor.part.4+0x48/0x60 net/dccp/feat.c:418 dccp_feat_entry_destructor net/dccp/feat.c:416 [inline] dccp_feat_list_pop net/dccp/feat.c:541 [inline] dccp_feat_activate_values+0x57f/0xab0 net/dccp/feat.c:1543 dccp_create_openreq_child+0x464/0x610 net/dccp/minisocks.c:121 dccp_v6_request_recv_sock+0x1f6/0x1960 net/dccp/ipv6.c:457 dccp_check_req+0x335/0x5a0 net/dccp/minisocks.c:186 dccp_v6_rcv+0x69e/0x1d00 net/dccp/ipv6.c:711 ip6_input_finish+0x46d/0x17a0 net/ipv6/ip6_input.c:279 NF_HOOK include/linux/netfilter.h:257 [inline] ip6_input+0xdb/0x590 net/ipv6/ip6_input.c:322 dst_input include/net/dst.h:507 [inline] ip6_rcv_finish+0x289/0x890 net/ipv6/ip6_input.c:69 NF_HOOK include/linux/netfilter.h:257 [inline] ipv6_rcv+0x12ec/0x23d0 net/ipv6/ip6_input.c:203 __netif_receive_skb_core+0x1ae5/0x3400 net/core/dev.c:4190 __netif_receive_skb+0x2a/0x170 net/core/dev.c:4228 process_backlog+0xe5/0x6c0 net/core/dev.c:4839 napi_poll net/core/dev.c:5202 [inline] net_rx_action+0xe70/0x1900 net/core/dev.c:5267 __do_softirq+0x2fb/0xb7d kernel/softirq.c:284 Memory state around the buggy address: ffff88003713bd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff88003713bd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff88003713be00: fc fc fc fc fc fc fc fc fc fc fb fb fb fb fb fb ^ Fixes: 079096f ("tcp/dccp: install syn_recv requests into ehash table") Signed-off-by: Eric Dumazet <[email protected]> Reported-by: Dmitry Vyukov <[email protected]> Tested-by: Dmitry Vyukov <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for d0ebde9 - Browse repository at this point
Copy the full SHA d0ebde9View commit details -
vrf: Fix use-after-free in vrf_xmit
[ Upstream commit f7887d4 ] KASAN detected a use-after-free: [ 269.467067] BUG: KASAN: use-after-free in vrf_xmit+0x7f1/0x827 [vrf] at addr ffff8800350a21c0 [ 269.467067] Read of size 4 by task ssh/1879 [ 269.467067] CPU: 1 PID: 1879 Comm: ssh Not tainted 4.10.0+ torvalds#249 [ 269.467067] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014 [ 269.467067] Call Trace: [ 269.467067] dump_stack+0x81/0xb6 [ 269.467067] kasan_object_err+0x21/0x78 [ 269.467067] kasan_report+0x2f7/0x450 [ 269.467067] ? vrf_xmit+0x7f1/0x827 [vrf] [ 269.467067] ? ip_output+0xa4/0xdb [ 269.467067] __asan_load4+0x6b/0x6d [ 269.467067] vrf_xmit+0x7f1/0x827 [vrf] ... Which corresponds to the skb access after xmit handling. Fix by saving skb->len and using the saved value to update stats. Fixes: 193125d ("net: Introduce VRF device driver") Signed-off-by: David Ahern <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for e671f1c - Browse repository at this point
Copy the full SHA e671f1cView commit details -
uapi: fix linux/packet_diag.h userspace compilation error
[ Upstream commit 745cb7f ] Replace MAX_ADDR_LEN with its numeric value to fix the following linux/packet_diag.h userspace compilation error: /usr/include/linux/packet_diag.h:67:17: error: 'MAX_ADDR_LEN' undeclared here (not in a function) __u8 pdmc_addr[MAX_ADDR_LEN]; This is not the first case in the UAPI where the numeric value of MAX_ADDR_LEN is used instead of symbolic one, uapi/linux/if_link.h already does the same: $ grep MAX_ADDR_LEN include/uapi/linux/if_link.h __u8 mac[32]; /* MAX_ADDR_LEN */ There are no UAPI headers besides these two that use MAX_ADDR_LEN. Signed-off-by: Dmitry V. Levin <[email protected]> Acked-by: Pavel Emelyanov <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6c72458 - Browse repository at this point
Copy the full SHA 6c72458View commit details -
act_connmark: avoid crashing on malformed nlattrs with null parms
[ Upstream commit 52491c7 ] tcf_connmark_init does not check in its configuration if TCA_CONNMARK_PARMS is set, resulting in a null pointer dereference when trying to access it. [501099.043007] BUG: unable to handle kernel NULL pointer dereference at 0000000000000004 [501099.043039] IP: [<ffffffffc10c60fb>] tcf_connmark_init+0x8b/0x180 [act_connmark] ... [501099.044334] Call Trace: [501099.044345] [<ffffffffa47270e8>] ? tcf_action_init_1+0x198/0x1b0 [501099.044363] [<ffffffffa47271b0>] ? tcf_action_init+0xb0/0x120 [501099.044380] [<ffffffffa47250a4>] ? tcf_exts_validate+0xc4/0x110 [501099.044398] [<ffffffffc0f5fa97>] ? u32_set_parms+0xa7/0x270 [cls_u32] [501099.044417] [<ffffffffc0f60bf0>] ? u32_change+0x680/0x87b [cls_u32] [501099.044436] [<ffffffffa4725d1d>] ? tc_ctl_tfilter+0x4dd/0x8a0 [501099.044454] [<ffffffffa44a23a1>] ? security_capable+0x41/0x60 [501099.044471] [<ffffffffa470ca01>] ? rtnetlink_rcv_msg+0xe1/0x220 [501099.044490] [<ffffffffa470c920>] ? rtnl_newlink+0x870/0x870 [501099.044507] [<ffffffffa472cc61>] ? netlink_rcv_skb+0xa1/0xc0 [501099.044524] [<ffffffffa47073f4>] ? rtnetlink_rcv+0x24/0x30 [501099.044541] [<ffffffffa472c634>] ? netlink_unicast+0x184/0x230 [501099.044558] [<ffffffffa472c9d8>] ? netlink_sendmsg+0x2f8/0x3b0 [501099.044576] [<ffffffffa46d8880>] ? sock_sendmsg+0x30/0x40 [501099.044592] [<ffffffffa46d8e03>] ? SYSC_sendto+0xd3/0x150 [501099.044608] [<ffffffffa425fda1>] ? __do_page_fault+0x2d1/0x510 [501099.044626] [<ffffffffa47fbd7b>] ? system_call_fast_compare_end+0xc/0x9b Fixes: 22a5dc0 ("net: sched: Introduce connmark action") Signed-off-by: Étienne Noss <[email protected]> Signed-off-by: Victorien Molle <[email protected]> Acked-by: Cong Wang <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 710fbeb - Browse repository at this point
Copy the full SHA 710fbebView commit details -
mpls: Send route delete notifications when router module is unloaded
[ Upstream commit e37791e ] When the mpls_router module is unloaded, mpls routes are deleted but notifications are not sent to userspace leaving userspace caches out of sync. Add the call to mpls_notify_route in mpls_net_exit as routes are freed. Fixes: 0189197 ("mpls: Basic routing support") Signed-off-by: David Ahern <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b57955e - Browse repository at this point
Copy the full SHA b57955eView commit details -
ipv6: make ECMP route replacement less greedy
[ Upstream commit 67e1940 ] Commit 2759647 ("ipv6: fix ECMP route replacement") introduced a loop that removes all siblings of an ECMP route that is being replaced. However, this loop doesn't stop when it has replaced siblings, and keeps removing other routes with a higher metric. We also end up triggering the WARN_ON after the loop, because after this nsiblings < 0. Instead, stop the loop when we have taken care of all routes with the same metric as the route being replaced. Reproducer: =========== #!/bin/sh ip netns add ns1 ip netns add ns2 ip -net ns1 link set lo up for x in 0 1 2 ; do ip link add veth$x netns ns2 type veth peer name eth$x netns ns1 ip -net ns1 link set eth$x up ip -net ns2 link set veth$x up done ip -net ns1 -6 r a 2000::/64 nexthop via fe80::0 dev eth0 \ nexthop via fe80::1 dev eth1 nexthop via fe80::2 dev eth2 ip -net ns1 -6 r a 2000::/64 via fe80::42 dev eth0 metric 256 ip -net ns1 -6 r a 2000::/64 via fe80::43 dev eth0 metric 2048 echo "before replace, 3 routes" ip -net ns1 -6 r | grep -v '^fe80\|^ff00' echo ip -net ns1 -6 r c 2000::/64 nexthop via fe80::4 dev eth0 \ nexthop via fe80::5 dev eth1 nexthop via fe80::6 dev eth2 echo "after replace, only 2 routes, metric 2048 is gone" ip -net ns1 -6 r | grep -v '^fe80\|^ff00' Fixes: 2759647 ("ipv6: fix ECMP route replacement") Signed-off-by: Sabrina Dubroca <[email protected]> Acked-by: Nicolas Dichtel <[email protected]> Reviewed-by: Xin Long <[email protected]> Reviewed-by: Michal Kubecek <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 5f8bc38 - Browse repository at this point
Copy the full SHA 5f8bc38View commit details -
ipv6: avoid write to a possibly cloned skb
[ Upstream commit 79e4950 ] ip6_fragment, in case skb has a fraglist, checks if the skb is cloned. If it is, it will move to the 'slow path' and allocates new skbs for each fragment. However, right before entering the slowpath loop, it updates the nexthdr value of the last ipv6 extension header to NEXTHDR_FRAGMENT, to account for the fragment header that will be inserted in the new ipv6-fragment skbs. In case original skb is cloned this munges nexthdr value of another skb. Avoid this by doing the nexthdr update for each of the new fragment skbs separately. This was observed with tcpdump on a bridge device where netfilter ipv6 reassembly is active: tcpdump shows malformed fragment headers as the l4 header (icmpv6, tcp, etc). is decoded as a fragment header. Cc: Hannes Frederic Sowa <[email protected]> Reported-by: Andreas Karis <[email protected]> Signed-off-by: Florian Westphal <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for aed728c - Browse repository at this point
Copy the full SHA aed728cView commit details -
bridge: drop netfilter fake rtable unconditionally
[ Upstream commit a13b208 ] Andreas reports kernel oops during rmmod of the br_netfilter module. Hannes debugged the oops down to a NULL rt6info->rt6i_indev. Problem is that br_netfilter has the nasty concept of adding a fake rtable to skb->dst; this happens in a br_netfilter prerouting hook. A second hook (in bridge LOCAL_IN) is supposed to remove these again before the skb is handed up the stack. However, on module unload hooks get unregistered which means an skb could traverse the prerouting hook that attaches the fake_rtable, while the 'fake rtable remove' hook gets removed from the hooklist immediately after. Fixes: 34666d4 ("netfilter: bridge: move br_netfilter out of the core") Reported-by: Andreas Karis <[email protected]> Debugged-by: Hannes Frederic Sowa <[email protected]> Signed-off-by: Florian Westphal <[email protected]> Acked-by: Pablo Neira Ayuso <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 56f9b95 - Browse repository at this point
Copy the full SHA 56f9b95View commit details -
dccp/tcp: fix routing redirect race
[ Upstream commit 45caeaa ] As Eric Dumazet pointed out this also needs to be fixed in IPv6. v2: Contains the IPv6 tcp/Ipv6 dccp patches as well. We have seen a few incidents lately where a dst_enty has been freed with a dangling TCP socket reference (sk->sk_dst_cache) pointing to that dst_entry. If the conditions/timings are right a crash then ensues when the freed dst_entry is referenced later on. A Common crashing back trace is: #8 [] page_fault at ffffffff8163e648 [exception RIP: __tcp_ack_snd_check+74] . . #9 [] tcp_rcv_established at ffffffff81580b64 #10 [] tcp_v4_do_rcv at ffffffff8158b54a #11 [] tcp_v4_rcv at ffffffff8158cd02 #12 [] ip_local_deliver_finish at ffffffff815668f4 #13 [] ip_local_deliver at ffffffff81566bd9 #14 [] ip_rcv_finish at ffffffff8156656d #15 [] ip_rcv at ffffffff81566f06 #16 [] __netif_receive_skb_core at ffffffff8152b3a2 #17 [] __netif_receive_skb at ffffffff8152b608 #18 [] netif_receive_skb at ffffffff8152b690 #19 [] vmxnet3_rq_rx_complete at ffffffffa015eeaf [vmxnet3] #20 [] vmxnet3_poll_rx_only at ffffffffa015f32a [vmxnet3] #21 [] net_rx_action at ffffffff8152bac2 #22 [] __do_softirq at ffffffff81084b4f #23 [] call_softirq at ffffffff8164845c #24 [] do_softirq at ffffffff81016fc5 #25 [] irq_exit at ffffffff81084ee5 #26 [] do_IRQ at ffffffff81648ff8 Of course it may happen with other NIC drivers as well. It's found the freed dst_entry here: 224 static bool tcp_in_quickack_mode(struct sock *sk)↩ 225 {↩ 226 ▹ const struct inet_connection_sock *icsk = inet_csk(sk);↩ 227 ▹ const struct dst_entry *dst = __sk_dst_get(sk);↩ 228 ↩ 229 ▹ return (dst && dst_metric(dst, RTAX_QUICKACK)) ||↩ 230 ▹ ▹ (icsk->icsk_ack.quick && !icsk->icsk_ack.pingpong);↩ 231 }↩ But there are other backtraces attributed to the same freed dst_entry in netfilter code as well. All the vmcores showed 2 significant clues: - Remote hosts behind the default gateway had always been redirected to a different gateway. A rtable/dst_entry will be added for that host. Making more dst_entrys with lower reference counts. Making this more probable. - All vmcores showed a postitive LockDroppedIcmps value, e.g: LockDroppedIcmps 267 A closer look at the tcp_v4_err() handler revealed that do_redirect() will run regardless of whether user space has the socket locked. This can result in a race condition where the same dst_entry cached in sk->sk_dst_entry can be decremented twice for the same socket via: do_redirect()->__sk_dst_check()-> dst_release(). Which leads to the dst_entry being prematurely freed with another socket pointing to it via sk->sk_dst_cache and a subsequent crash. To fix this skip do_redirect() if usespace has the socket locked. Instead let the redirect take place later when user space does not have the socket locked. The dccp/IPv6 code is very similar in this respect, so fixing it there too. As Eric Garver pointed out the following commit now invalidates routes. Which can set the dst->obsolete flag so that ipv4_dst_check() returns null and triggers the dst_release(). Fixes: ceb3320 ("ipv4: Kill routes during PMTU/redirect updates.") Cc: Eric Garver <[email protected]> Cc: Hannes Sowa <[email protected]> Signed-off-by: Jon Maxwell <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 4ab956b - Browse repository at this point
Copy the full SHA 4ab956bView commit details -
dccp: fix memory leak during tear-down of unsuccessful connection req…
…uest [ Upstream commit 72ef9c4 ] This patch fixes a memory leak, which happens if the connection request is not fulfilled between parsing the DCCP options and handling the SYN (because e.g. the backlog is full), because we forgot to free the list of ack vectors. Reported-by: Jianwen Ji <[email protected]> Signed-off-by: Hannes Frederic Sowa <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 676fe97 - Browse repository at this point
Copy the full SHA 676fe97View commit details -
net sched actions: decrement module reference count after table flush.
[ Upstream commit edb9d1b ] When tc actions are loaded as a module and no actions have been installed, flushing them would result in actions removed from the memory, but modules reference count not being decremented, so that the modules would not be unloaded. Following is example with GACT action: % sudo modprobe act_gact % lsmod Module Size Used by act_gact 16384 0 % % sudo tc actions ls action gact % % sudo tc actions flush action gact % lsmod Module Size Used by act_gact 16384 1 % sudo tc actions flush action gact % lsmod Module Size Used by act_gact 16384 2 % sudo rmmod act_gact rmmod: ERROR: Module act_gact is in use .... After the fix: % lsmod Module Size Used by act_gact 16384 0 % % sudo tc actions add action pass index 1 % sudo tc actions add action pass index 2 % sudo tc actions add action pass index 3 % lsmod Module Size Used by act_gact 16384 3 % % sudo tc actions flush action gact % lsmod Module Size Used by act_gact 16384 0 % % sudo tc actions flush action gact % lsmod Module Size Used by act_gact 16384 0 % sudo rmmod act_gact % lsmod Module Size Used by % Fixes: f97017c ("net-sched: Fix actions flushing") Signed-off-by: Roman Mashak <[email protected]> Signed-off-by: Jamal Hadi Salim <[email protected]> Acked-by: Cong Wang <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c10ffe9 - Browse repository at this point
Copy the full SHA c10ffe9View commit details -
fscrypt: fix renaming and linking special files
commit 42d97eb upstream. Attempting to link a device node, named pipe, or socket file into an encrypted directory through rename(2) or link(2) always failed with EPERM. This happened because fscrypt_has_permitted_context() saw that the file was unencrypted and forbid creating the link. This behavior was unexpected because such files are never encrypted; only regular files, directories, and symlinks can be encrypted. To fix this, make fscrypt_has_permitted_context() always return true on special files. This will be covered by a test in my encryption xfstests patchset. Fixes: 9bd8212 ("ext4 crypto: add encryption policy and password salt support") Signed-off-by: Eric Biggers <[email protected]> Reviewed-by: Richard Weinberger <[email protected]> Signed-off-by: Theodore Ts'o <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for fd74e8d - Browse repository at this point
Copy the full SHA fd74e8dView commit details -
fscrypto: lock inode while setting encryption policy
commit 8906a82 upstream. i_rwsem needs to be acquired while setting an encryption policy so that concurrent calls to FS_IOC_SET_ENCRYPTION_POLICY are correctly serialized (especially the ->get_context() + ->set_context() pair), and so that new files cannot be created in the directory during or after the ->empty_dir() check. Signed-off-by: Eric Biggers <[email protected]> Signed-off-by: Theodore Ts'o <[email protected]> Reviewed-by: Richard Weinberger <[email protected]> Cc: [email protected] Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 3a19419 - Browse repository at this point
Copy the full SHA 3a19419View commit details -
x86/kasan: Fix boot with KASAN=y and PROFILE_ANNOTATED_BRANCHES=y
commit be3606f upstream. The kernel doesn't boot with both PROFILE_ANNOTATED_BRANCHES=y and KASAN=y options selected. With branch profiling enabled we end up calling ftrace_likely_update() before kasan_early_init(). ftrace_likely_update() is built with KASAN instrumentation, so calling it before kasan has been initialized leads to crash. Use DISABLE_BRANCH_PROFILING define to make sure that we don't call ftrace_likely_update() from early code before kasan_early_init(). Fixes: ef7f0d6 ("x86_64: add KASan support") Reported-by: Fengguang Wu <[email protected]> Signed-off-by: Andrey Ryabinin <[email protected]> Cc: [email protected] Cc: Alexander Potapenko <[email protected]> Cc: Andrew Morton <[email protected]> Cc: [email protected] Cc: Dmitry Vyukov <[email protected]> Link: http://lkml.kernel.org/r/[email protected] Signed-off-by: Thomas Gleixner <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8e0ec20 - Browse repository at this point
Copy the full SHA 8e0ec20View commit details -
x86/perf: Fix CR4.PCE propagation to use active_mm instead of mm
commit 5dc855d upstream. If one thread mmaps a perf event while another thread in the same mm is in some context where active_mm != mm (which can happen in the scheduler, for example), refresh_pce() would write the wrong value to CR4.PCE. This broke some PAPI tests. Reported-and-tested-by: Vince Weaver <[email protected]> Signed-off-by: Andy Lutomirski <[email protected]> Cc: Alexander Shishkin <[email protected]> Cc: Arnaldo Carvalho de Melo <[email protected]> Cc: Borislav Petkov <[email protected]> Cc: H. Peter Anvin <[email protected]> Cc: Jiri Olsa <[email protected]> Cc: Linus Torvalds <[email protected]> Cc: Peter Zijlstra <[email protected]> Cc: Stephane Eranian <[email protected]> Cc: Thomas Gleixner <[email protected]> Cc: [email protected] Fixes: 7911d3f ("perf/x86: Only allow rdpmc if a perf_event is mapped") Link: http://lkml.kernel.org/r/0c5b38a76ea50e405f9abe07a13dfaef87c173a1.1489694270.git.luto@kernel.org Signed-off-by: Ingo Molnar <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 62f5704 - Browse repository at this point
Copy the full SHA 62f5704View commit details -
futex: Fix potential use-after-free in FUTEX_REQUEUE_PI
commit c236c8e upstream. While working on the futex code, I stumbled over this potential use-after-free scenario. Dmitry triggered it later with syzkaller. pi_mutex is a pointer into pi_state, which we drop the reference on in unqueue_me_pi(). So any access to that pointer after that is bad. Since other sites already do rt_mutex_unlock() with hb->lock held, see for example futex_lock_pi(), simply move the unlock before unqueue_me_pi(). Reported-by: Dmitry Vyukov <[email protected]> Signed-off-by: Peter Zijlstra (Intel) <[email protected]> Reviewed-by: Darren Hart <[email protected]> Cc: [email protected] Cc: [email protected] Cc: [email protected] Cc: [email protected] Cc: [email protected] Cc: [email protected] Cc: [email protected] Cc: [email protected] Link: http://lkml.kernel.org/r/[email protected] Signed-off-by: Thomas Gleixner <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 44854c1 - Browse repository at this point
Copy the full SHA 44854c1View commit details -
futex: Add missing error handling to FUTEX_REQUEUE_PI
commit 9bbb25a upstream. Thomas spotted that fixup_pi_state_owner() can return errors and we fail to unlock the rt_mutex in that case. Reported-by: Thomas Gleixner <[email protected]> Signed-off-by: Peter Zijlstra (Intel) <[email protected]> Reviewed-by: Darren Hart <[email protected]> Cc: [email protected] Cc: [email protected] Cc: [email protected] Cc: [email protected] Cc: [email protected] Cc: [email protected] Cc: [email protected] Cc: [email protected] Link: http://lkml.kernel.org/r/[email protected] Signed-off-by: Thomas Gleixner <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 99d403f - Browse repository at this point
Copy the full SHA 99d403fView commit details -
Configuration menu - View commit details
-
Copy full SHA for 0136bca - Browse repository at this point
Copy the full SHA 0136bcaView commit details -
netlink: remove mmapped netlink support
am: 0c0be31 Change-Id: I85d714d9cc491fd7cb3d1af553864f22c4f1e8fb
Florian Westphal authored and android-build-merger committedMar 22, 2017 Configuration menu - View commit details
-
Copy full SHA for 560f3ea - Browse repository at this point
Copy the full SHA 560f3eaView commit details -
vxlan: correctly validate VXLAN ID against VXLAN_N_VID
am: 51a219a Change-Id: Ibe33b8e55a3c7625b7b985260b38b443ffbfadc9
Configuration menu - View commit details
-
Copy full SHA for 4c8e89b - Browse repository at this point
Copy the full SHA 4c8e89bView commit details -
am: f1b3aae Change-Id: I62e249897c31124ca45296c2563c9e3d665e49fb
David Forster authored and android-build-merger committedMar 22, 2017 Configuration menu - View commit details
-
Copy full SHA for c298010 - Browse repository at this point
Copy the full SHA c298010View commit details -
ipv4: mask tos for input route
am: 354f791 Change-Id: I39b7ce23fe7319187421d3e6f0cdd91b16d1fb8c
Julian Anastasov authored and android-build-merger committedMar 22, 2017 Configuration menu - View commit details
-
Copy full SHA for 0a41717 - Browse repository at this point
Copy the full SHA 0a41717View commit details -
l2tp: avoid use-after-free caused by l2tp_ip_backlog_recv
am: 2cd0afc Change-Id: Ib7bcb274c63e13807b1e25f74b6018866e2d8eb1
Configuration menu - View commit details
-
Copy full SHA for bde4ebb - Browse repository at this point
Copy the full SHA bde4ebbView commit details -
net: don't call strlen() on the user buffer in packet_bind_spkt()
am: f331d64 Change-Id: If72ad0b49abc6132a8e67dede206504aa3985da9
Configuration menu - View commit details
-
Copy full SHA for 0582590 - Browse repository at this point
Copy the full SHA 0582590View commit details -
net: net_enable_timestamp() can be called from irq contexts
am: a70c328 Change-Id: I79a15d07b95126c554366c5b9c266cdb73e8f823
Eric Dumazet authored and android-build-merger committedMar 22, 2017 Configuration menu - View commit details
-
Copy full SHA for 3f5e697 - Browse repository at this point
Copy the full SHA 3f5e697View commit details -
dccp: Unlock sock before calling sk_free()
am: 9216632 Change-Id: Id3dda6def7939123cc232d10fefcd0bb2b020ccc
Configuration menu - View commit details
-
Copy full SHA for 3c8e4a1 - Browse repository at this point
Copy the full SHA 3c8e4a1View commit details -
tcp: fix various issues for sockets morphing to listen state
am: 2681a78 Change-Id: I9dd8b9c075e54c8b5fbff08ff06dcd74c7e56d4a
Eric Dumazet authored and android-build-merger committedMar 22, 2017 Configuration menu - View commit details
-
Copy full SHA for 95bec76 - Browse repository at this point
Copy the full SHA 95bec76View commit details -
net: fix socket refcounting in skb_complete_wifi_ack()
am: 9e76833 Change-Id: I00fea5d105075ad526ca753b463f91bcd5db30d0
Eric Dumazet authored and android-build-merger committedMar 22, 2017 Configuration menu - View commit details
-
Copy full SHA for 50aba0e - Browse repository at this point
Copy the full SHA 50aba0eView commit details -
net: fix socket refcounting in skb_complete_tx_timestamp()
am: ec4d869 Change-Id: Idc05607ffe99175575d7f07e3138e2f4496a5110
Eric Dumazet authored and android-build-merger committedMar 22, 2017 Configuration menu - View commit details
-
Copy full SHA for 9cf061b - Browse repository at this point
Copy the full SHA 9cf061bView commit details -
dccp: fix use-after-free in dccp_feat_activate_values
am: d0ebde9 Change-Id: I80863cbb814b1486069ee311e3f8543c7d34b74a
Eric Dumazet authored and android-build-merger committedMar 22, 2017 Configuration menu - View commit details
-
Copy full SHA for f0a80cb - Browse repository at this point
Copy the full SHA f0a80cbView commit details -
vrf: Fix use-after-free in vrf_xmit
am: e671f1c Change-Id: I9252af147439040890edc2f612d4868806c2324a
David Ahern authored and android-build-merger committedMar 22, 2017 Configuration menu - View commit details
-
Copy full SHA for 0bf865e - Browse repository at this point
Copy the full SHA 0bf865eView commit details -
uapi: fix linux/packet_diag.h userspace compilation error
am: 6c72458 Change-Id: I107c3b445b4f92b52be422542062a0d6e147cc3d
Configuration menu - View commit details
-
Copy full SHA for 16b8db4 - Browse repository at this point
Copy the full SHA 16b8db4View commit details -
act_connmark: avoid crashing on malformed nlattrs with null parms
am: 710fbeb Change-Id: Ie14c5fad2baf06f9d7669ef68b16023bd165af17
Configuration menu - View commit details
-
Copy full SHA for 2e755cd - Browse repository at this point
Copy the full SHA 2e755cdView commit details -
mpls: Send route delete notifications when router module is unloaded
am: b57955e Change-Id: Ica14abfb917ddcf236459f3e6886234a9daac40b
David Ahern authored and android-build-merger committedMar 22, 2017 Configuration menu - View commit details
-
Copy full SHA for 02e2cf1 - Browse repository at this point
Copy the full SHA 02e2cf1View commit details -
ipv6: make ECMP route replacement less greedy
am: 5f8bc38 Change-Id: I6abea1ee369e3ae901dbb615991a112621da03f9
Configuration menu - View commit details
-
Copy full SHA for e8f6f65 - Browse repository at this point
Copy the full SHA e8f6f65View commit details -
ipv6: avoid write to a possibly cloned skb
am: aed728c Change-Id: I7bbff2dcff94ea2804d3f21cd0341379332a47e6
Florian Westphal authored and android-build-merger committedMar 22, 2017 Configuration menu - View commit details
-
Copy full SHA for 2a862f5 - Browse repository at this point
Copy the full SHA 2a862f5View commit details -
bridge: drop netfilter fake rtable unconditionally
am: 56f9b95 Change-Id: I286db307416cce649790533419ec6a735bbcbb3d
Florian Westphal authored and android-build-merger committedMar 22, 2017 Configuration menu - View commit details
-
Copy full SHA for 857b945 - Browse repository at this point
Copy the full SHA 857b945View commit details -
dccp/tcp: fix routing redirect race
am: 4ab956b Change-Id: I9cb352108500198e4d94eb8e08b53065e29e31d4
Jon Maxwell authored and android-build-merger committedMar 22, 2017 Configuration menu - View commit details
-
Copy full SHA for daa1fae - Browse repository at this point
Copy the full SHA daa1faeView commit details -
dccp: fix memory leak during tear-down of unsuccessful connection req…
…uest am: 676fe97 Change-Id: Ibf191dd00ac72ee187beff00a46be207778ea912
Configuration menu - View commit details
-
Copy full SHA for a171079 - Browse repository at this point
Copy the full SHA a171079View commit details -
net sched actions: decrement module reference count after table flush.
am: c10ffe9 Change-Id: Ie90a3e257c06baeb2c1e8b190da986990a5c2e7c
Roman Mashak authored and android-build-merger committedMar 22, 2017 Configuration menu - View commit details
-
Copy full SHA for 0fa013e - Browse repository at this point
Copy the full SHA 0fa013eView commit details -
fscrypt: fix renaming and linking special files
am: fd74e8d Change-Id: I899984b06cce168a62c3ca6f2df05a6c19fdfc28
Configuration menu - View commit details
-
Copy full SHA for 9d0a150 - Browse repository at this point
Copy the full SHA 9d0a150View commit details -
fscrypto: lock inode while setting encryption policy
am: 3a19419 Change-Id: I3926f8d43c5d7f4c3648460bc103f24d05b6f3ee
Configuration menu - View commit details
-
Copy full SHA for 2bc9e95 - Browse repository at this point
Copy the full SHA 2bc9e95View commit details -
x86/kasan: Fix boot with KASAN=y and PROFILE_ANNOTATED_BRANCHES=y
am: 8e0ec20 Change-Id: I232544f0d96384f70c58b37f41f524ff4bc808fe
Configuration menu - View commit details
-
Copy full SHA for 3c2c3fc - Browse repository at this point
Copy the full SHA 3c2c3fcView commit details -
x86/perf: Fix CR4.PCE propagation to use active_mm instead of mm
am: 62f5704 Change-Id: I49a7e668ab62da72a19802ed047bb925a7fb14f0
Configuration menu - View commit details
-
Copy full SHA for fff3058 - Browse repository at this point
Copy the full SHA fff3058View commit details -
futex: Fix potential use-after-free in FUTEX_REQUEUE_PI
am: 44854c1 Change-Id: I361f387f34ccb2a497290c3f1f33803cc899b7da
Peter Zijlstra authored and android-build-merger committedMar 22, 2017 Configuration menu - View commit details
-
Copy full SHA for 2b31ed1 - Browse repository at this point
Copy the full SHA 2b31ed1View commit details -
futex: Add missing error handling to FUTEX_REQUEUE_PI
am: 99d403f Change-Id: I7d99bd76a3d1cd329295b157eb179fc194029c5d
Peter Zijlstra authored and android-build-merger committedMar 22, 2017 Configuration menu - View commit details
-
Copy full SHA for c3b4839 - Browse repository at this point
Copy the full SHA c3b4839View commit details -
am: 0136bca Change-Id: I222649f657066fe86bc7f8380b869e5e9c8a23f3
Configuration menu - View commit details
-
Copy full SHA for 22ff4ae - Browse repository at this point
Copy the full SHA 22ff4aeView commit details
Commits on Mar 23, 2017
-
net: ipv6: Add sysctl for minimum prefix len acceptable in RIOs.
This commit adds a new sysctl accept_ra_rt_info_min_plen that defines the minimum acceptable prefix length of Route Information Options. The new sysctl is intended to be used together with accept_ra_rt_info_max_plen to configure a range of acceptable prefix lengths. It is useful to prevent misconfigurations from unintentionally blackholing too much of the IPv6 address space (e.g., home routers announcing RIOs for fc00::/7, which is incorrect). [backport of net-next bbea124] Bug: 33333670 Test: net_test passes Signed-off-by: Joel Scherpelz <[email protected]> Acked-by: Lorenzo Colitti <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Joel Scherpelz committedMar 23, 2017 Configuration menu - View commit details
-
Copy full SHA for e953f89 - Browse repository at this point
Copy the full SHA e953f89View commit details -
fix the deadlock in xt_qtaguid when enable DDEBUG
When DDEBUG is enabled, the prdebug_full_state() function will try to recursively aquire the spinlock of sock_tag_list and causing deadlock. A check statement is added before it aquire the spinlock to differentiate the behavior depend on the caller of the function. Bug: 36559739 Test: Compile and run test under system/extra/test/iptables/ Change-Id: Ie3397fbaa207e14fe214d47aaf5e8ca1f4a712ee Signed-off-by: Chenbo Feng <[email protected]>
Chenbo Feng committedMar 23, 2017 Configuration menu - View commit details
-
Copy full SHA for f0faedd - Browse repository at this point
Copy the full SHA f0faeddView commit details
Commits on Mar 24, 2017
-
ANDROID: sdcardfs: correct order of descriptors
Signed-off-by: Daniel Rosenberg <[email protected]> Bug: 35331000 Change-Id: Ia6d16b19c8c911f41231d2a12be0740057edfacf
Configuration menu - View commit details
-
Copy full SHA for 93a520c - Browse repository at this point
Copy the full SHA 93a520cView commit details -
ANDROID: sdcardfs: Fix formatting
This fixes various spacing and bracket related issues pointed out by checkpatch. Signed-off-by: Daniel Rosenberg <[email protected]> Bug: 35331000 Change-Id: I6e248833a7a04e3899f3ae9462d765cfcaa70c96
Configuration menu - View commit details
-
Copy full SHA for dfdaa95 - Browse repository at this point
Copy the full SHA dfdaa95View commit details -
ANDROID: sdcardfs: Fix style issues with comments
Signed-off-by: Daniel Rosenberg <[email protected]> Bug: 35331000 Change-Id: I8791ef7eac527645ecb9407908e7e5ece35b8f80
Configuration menu - View commit details
-
Copy full SHA for 9eb0b8b - Browse repository at this point
Copy the full SHA 9eb0b8bView commit details -
ANDROID: sdcardfs: remove unneeded null check
As pointed out by checkpatch, these functions already handle null inputs, so the checks are not needed. Signed-off-by: Daniel Rosenberg <[email protected]> Bug: 35331000 Change-Id: I189342f032dfcefee36b27648bb512488ad61d20
Configuration menu - View commit details
-
Copy full SHA for 1ed9910 - Browse repository at this point
Copy the full SHA 1ed9910View commit details -
ANDROID: sdcardfs: Use pr_[...] instead of printk
Signed-off-by: Daniel Rosenberg <[email protected]> Bug: 35331000 Change-Id: Ibc635ec865750530d32b87067779f681fe58a003
Configuration menu - View commit details
-
Copy full SHA for b7dbda1 - Browse repository at this point
Copy the full SHA b7dbda1View commit details -
ANDROID: sdcardfs: Use to kstrout
Switch from deprecated simple_strtoul to kstrout Signed-off-by: Daniel Rosenberg <[email protected]> Bug: 35331000 Change-Id: If18bd133b4d2877f71e58b58fc31371ff6613ed5
Configuration menu - View commit details
-
Copy full SHA for a9a3f48 - Browse repository at this point
Copy the full SHA a9a3f48View commit details -
ANDROID: sdcardfs: Use seq_puts over seq_printf
Signed-off-by: Daniel Rosenberg <[email protected]> Bug: 35331000 Change-Id: I3795ec61ce61e324738815b1ce3b0e09b25d723f
Configuration menu - View commit details
-
Copy full SHA for 2b37dac - Browse repository at this point
Copy the full SHA 2b37dacView commit details -
ANDROID: sdcardfs: Fix style issues in macros
Signed-off-by: Daniel Rosenberg <[email protected]> Bug: 35331000 Change-Id: I89c4035029dc2236081a7685c55cac595d9e7ebf
Configuration menu - View commit details
-
Copy full SHA for ff9fa56 - Browse repository at this point
Copy the full SHA ff9fa56View commit details
Commits on Mar 26, 2017
-
usb: core: hub: hub_port_init lock controller instead of bus
commit feb26ac upstream. The XHCI controller presents two USB buses to the system - one for USB2 and one for USB3. The hub init code (hub_port_init) is reentrant but only locks one bus per thread, leading to a race condition failure when two threads attempt to simultaneously initialise a USB2 and USB3 device: [ 8.034843] xhci_hcd 0000:00:14.0: Timeout while waiting for setup device command [ 13.183701] usb 3-3: device descriptor read/all, error -110 On a test system this failure occurred on 6% of all boots. The call traces at the point of failure are: Call Trace: [<ffffffff81b9bab7>] schedule+0x37/0x90 [<ffffffff817da7cd>] usb_kill_urb+0x8d/0xd0 [<ffffffff8111e5e0>] ? wake_up_atomic_t+0x30/0x30 [<ffffffff817dafbe>] usb_start_wait_urb+0xbe/0x150 [<ffffffff817db10c>] usb_control_msg+0xbc/0xf0 [<ffffffff817d07de>] hub_port_init+0x51e/0xb70 [<ffffffff817d4697>] hub_event+0x817/0x1570 [<ffffffff810f3e6f>] process_one_work+0x1ff/0x620 [<ffffffff810f3dcf>] ? process_one_work+0x15f/0x620 [<ffffffff810f4684>] worker_thread+0x64/0x4b0 [<ffffffff810f4620>] ? rescuer_thread+0x390/0x390 [<ffffffff810fa7f5>] kthread+0x105/0x120 [<ffffffff810fa6f0>] ? kthread_create_on_node+0x200/0x200 [<ffffffff81ba183f>] ret_from_fork+0x3f/0x70 [<ffffffff810fa6f0>] ? kthread_create_on_node+0x200/0x200 Call Trace: [<ffffffff817fd36d>] xhci_setup_device+0x53d/0xa40 [<ffffffff817fd87e>] xhci_address_device+0xe/0x10 [<ffffffff817d047f>] hub_port_init+0x1bf/0xb70 [<ffffffff811247ed>] ? trace_hardirqs_on+0xd/0x10 [<ffffffff817d4697>] hub_event+0x817/0x1570 [<ffffffff810f3e6f>] process_one_work+0x1ff/0x620 [<ffffffff810f3dcf>] ? process_one_work+0x15f/0x620 [<ffffffff810f4684>] worker_thread+0x64/0x4b0 [<ffffffff810f4620>] ? rescuer_thread+0x390/0x390 [<ffffffff810fa7f5>] kthread+0x105/0x120 [<ffffffff810fa6f0>] ? kthread_create_on_node+0x200/0x200 [<ffffffff81ba183f>] ret_from_fork+0x3f/0x70 [<ffffffff810fa6f0>] ? kthread_create_on_node+0x200/0x200 Which results from the two call chains: hub_port_init usb_get_device_descriptor usb_get_descriptor usb_control_msg usb_internal_control_msg usb_start_wait_urb usb_submit_urb / wait_for_completion_timeout / usb_kill_urb hub_port_init hub_set_address xhci_address_device xhci_setup_device Mathias Nyman explains the current behaviour violates the XHCI spec: hub_port_reset() will end up moving the corresponding xhci device slot to default state. As hub_port_reset() is called several times in hub_port_init() it sounds reasonable that we could end up with two threads having their xhci device slots in default state at the same time, which according to xhci 4.5.3 specs still is a big no no: "Note: Software shall not transition more than one Device Slot to the Default State at a time" So both threads fail at their next task after this. One fails to read the descriptor, and the other fails addressing the device. Fix this in hub_port_init by locking the USB controller (instead of an individual bus) to prevent simultaneous initialisation of both buses. Fixes: 638139e ("usb: hub: allow to process more usb hub events in parallel") Link: https://lkml.org/lkml/2016/2/8/312 Link: https://lkml.org/lkml/2016/2/4/748 Signed-off-by: Chris Bainbridge <[email protected]> Cc: stable <[email protected]> Acked-by: Mathias Nyman <[email protected]> Signed-off-by: Sumit Semwal <[email protected]> [sumits: minor merge conflict resolution for linux-4.4.y] Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ac1a97d - Browse repository at this point
Copy the full SHA ac1a97dView commit details -
USB: don't free bandwidth_mutex too early
commit ab2a4bf upstream. The USB core contains a bug that can show up when a USB-3 host controller is removed. If the primary (USB-2) hcd structure is released before the shared (USB-3) hcd, the core will try to do a double-free of the common bandwidth_mutex. The problem was described in graphical form by Chung-Geol Kim, who first reported it: ================================================= At *remove USB(3.0) Storage sequence <1> --> <5> ((Problem Case)) ================================================= VOLD ------------------------------------|------------ (uevent) ________|_________ |<1> | |dwc3_otg_sm_work | |usb_put_hcd | |peer_hcd(kref=2)| |__________________| ________|_________ |<2> | |New USB BUS #2 | | | |peer_hcd(kref=1) | | | --(Link)-bandXX_mutex| | |__________________| | ___________________ | |<3> | | |dwc3_otg_sm_work | | |usb_put_hcd | | |primary_hcd(kref=1)| | |___________________| | _________|_________ | |<4> | | |New USB BUS #1 | | |hcd_release | | |primary_hcd(kref=0)| | | | | |bandXX_mutex(free) |<- |___________________| (( VOLD )) ______|___________ |<5> | | SCSI | |usb_put_hcd | |peer_hcd(kref=0) | |*hcd_release | |bandXX_mutex(free*)|<- double free |__________________| ================================================= This happens because hcd_release() frees the bandwidth_mutex whenever it sees a primary hcd being released (which is not a very good idea in any case), but in the course of releasing the primary hcd, it changes the pointers in the shared hcd in such a way that the shared hcd will appear to be primary when it gets released. This patch fixes the problem by changing hcd_release() so that it deallocates the bandwidth_mutex only when the _last_ hcd structure referencing it is released. The patch also removes an unnecessary test, so that when an hcd is released, both the shared_hcd and primary_hcd pointers in the hcd's peer will be cleared. Signed-off-by: Alan Stern <[email protected]> Reported-by: Chung-Geol Kim <[email protected]> Tested-by: Chung-Geol Kim <[email protected]> Cc: Sumit Semwal <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 45d9558 - Browse repository at this point
Copy the full SHA 45d9558View commit details -
crypto: ghash-clmulni - Fix load failure
commit 3a020a7 upstream. ghash_clmulni_intel fails to load on Linux 4.3+ with the following message: "modprobe: ERROR: could not insert 'ghash_clmulni_intel': Invalid argument" After 8996eaf ("crypto: ahash - ensure statesize is non-zero") all ahash drivers are required to implement import()/export(), and must have a non- zero statesize. This patch has been tested with the algif_hash interface. The calculated digest values, after several rounds of import()s and export()s, match those calculated by tcrypt. Signed-off-by: Rui Wang <[email protected]> Signed-off-by: Herbert Xu <[email protected]> Cc: Sumit Semwal <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c78c337 - Browse repository at this point
Copy the full SHA c78c337View commit details -
crypto: cryptd - Assign statesize properly
commit 1a07834 upstream. cryptd_create_hash() fails by returning -EINVAL. It is because after 8996eaf ("crypto: ahash - ensure statesize is non-zero") all ahash drivers must have a non-zero statesize. This patch fixes the problem by properly assigning the statesize. Signed-off-by: Rui Wang <[email protected]> Signed-off-by: Herbert Xu <[email protected]> Cc: Sumit Semwal <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 10659b8 - Browse repository at this point
Copy the full SHA 10659b8View commit details -
crypto: mcryptd - Fix load failure
commit ddef482 upstream. mcryptd_create_hash() fails by returning -EINVAL, causing any driver using mcryptd to fail to load. It is because it needs to set its statesize properly. Signed-off-by: Rui Wang <[email protected]> Signed-off-by: Herbert Xu <[email protected]> Cc: Sumit Semwal <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for f8c07cb - Browse repository at this point
Copy the full SHA f8c07cbView commit details -
cxlflash: Increase cmd_per_lun for better throughput
commit 8343083 upstream. With the current value of cmd_per_lun at 16, the throughput over a single adapter is limited to around 150kIOPS. Increase the value of cmd_per_lun to 256 to improve throughput. With this change a single adapter is able to attain close to the maximum throughput (380kIOPS). Also change the number of RRQ entries that can be queued. Signed-off-by: Manoj N. Kumar <[email protected]> Acked-by: Matthew R. Ochs <[email protected]> Reviewed-by: Uma Krishnan <[email protected]> Signed-off-by: Martin K. Petersen <[email protected]> Cc: Sumit Semwal <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 12e1a3c - Browse repository at this point
Copy the full SHA 12e1a3cView commit details -
ACPI / video: skip evaluating _DOD when it does not exist
commit e34fbba upstream. Some system supports hybrid graphics and its discrete VGA does not have any connectors and therefore has no _DOD method. Signed-off-by: Alex Hung <[email protected]> Reviewed-by: Aaron Lu <[email protected]> Signed-off-by: Rafael J. Wysocki <[email protected]> Cc: Sumit Semwal <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 962c66c - Browse repository at this point
Copy the full SHA 962c66cView commit details -
pinctrl: cherryview: Do not mask all interrupts in probe
commit bcb48cc upstream. The Cherryview GPIO controller has 8 or 16 wires connected to the I/O-APIC which can be used directly by the platform/BIOS or drivers. One such wire is used as SCI (System Control Interrupt) which ACPI depends on to be able to trigger GPEs (General Purpose Events). The pinctrl driver itself uses another IRQ resource which is wire OR of all the 8 (or 16) wires and follows what BIOS has programmed to the IntSel register of each pin. Currently the driver masks all interrupts at probe time and this prevents these direct interrupts from working as expected. The reason for this is that some early stage prototypes had some pins misconfigured causing lots of spurious interrupts. We fix this by leaving the interrupt mask untouched. This allows SCI and other direct interrupts work properly. What comes to the possible spurious interrupts we switch the default handler to be handle_bad_irq() instead of handle_simple_irq() (which was not correct anyway). Reported-by: Yu C Chen <[email protected]> Reported-by: Anisse Astier <[email protected]> Signed-off-by: Mika Westerberg <[email protected]> Signed-off-by: Linus Walleij <[email protected]> Cc: Sumit Semwal <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 3787a07 - Browse repository at this point
Copy the full SHA 3787a07View commit details -
Drivers: hv: balloon: don't crash when memory is added in non-sorted …
…order commit 77c0c97 upstream. When we iterate through all HA regions in handle_pg_range() we have an assumption that all these regions are sorted in the list and the 'start_pfn >= has->end_pfn' check is enough to find the proper region. Unfortunately it's not the case with WS2016 where host can hot-add regions in a different order. We end up modifying the wrong HA region and crashing later on pages online. Modify the check to make sure we found the region we were searching for while iterating. Fix the same check in pfn_covered() as well. Signed-off-by: Vitaly Kuznetsov <[email protected]> Signed-off-by: K. Y. Srinivasan <[email protected]> Cc: Sumit Semwal <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 0a25127 - Browse repository at this point
Copy the full SHA 0a25127View commit details -
Drivers: hv: avoid vfree() on crash
commit a9f61ca upstream. When we crash from NMI context (e.g. after NMI injection from host when 'sysctl -w kernel.unknown_nmi_panic=1' is set) we hit kernel BUG at mm/vmalloc.c:1530! as vfree() is denied. While the issue could be solved with in_nmi() check instead I opted for skipping vfree on all sorts of crashes to reduce the amount of work which can cause consequent crashes. We don't really need to free anything on crash. Signed-off-by: Vitaly Kuznetsov <[email protected]> Signed-off-by: K. Y. Srinivasan <[email protected]> Cc: Sumit Semwal <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b1a0f74 - Browse repository at this point
Copy the full SHA b1a0f74View commit details -
xen/qspinlock: Don't kick CPU if IRQ is not initialized
commit 707e59b upstream. The following commit: 1fb3a8b ("xen/spinlock: Fix locking path engaging too soon under PVHVM.") ... moved the initalization of the kicker interrupt until after native_cpu_up() is called. However, when using qspinlocks, a CPU may try to kick another CPU that is spinning (because it has not yet initialized its kicker interrupt), resulting in the following crash during boot: kernel BUG at /build/linux-Ay7j_C/linux-4.4.0/drivers/xen/events/events_base.c:1210! invalid opcode: 0000 [#1] SMP ... RIP: 0010:[<ffffffff814c97c9>] [<ffffffff814c97c9>] xen_send_IPI_one+0x59/0x60 ... Call Trace: [<ffffffff8102be9e>] xen_qlock_kick+0xe/0x10 [<ffffffff810cabc2>] __pv_queued_spin_unlock+0xb2/0xf0 [<ffffffff810ca6d1>] ? __raw_callee_save___pv_queued_spin_unlock+0x11/0x20 [<ffffffff81052936>] ? check_tsc_warp+0x76/0x150 [<ffffffff81052aa6>] check_tsc_sync_source+0x96/0x160 [<ffffffff81051e28>] native_cpu_up+0x3d8/0x9f0 [<ffffffff8102b315>] xen_hvm_cpu_up+0x35/0x80 [<ffffffff8108198c>] _cpu_up+0x13c/0x180 [<ffffffff81081a4a>] cpu_up+0x7a/0xa0 [<ffffffff81f80dfc>] smp_init+0x7f/0x81 [<ffffffff81f5a121>] kernel_init_freeable+0xef/0x212 [<ffffffff81817f30>] ? rest_init+0x80/0x80 [<ffffffff81817f3e>] kernel_init+0xe/0xe0 [<ffffffff8182488f>] ret_from_fork+0x3f/0x70 [<ffffffff81817f30>] ? rest_init+0x80/0x80 To fix this, only send the kick if the target CPU's interrupt has been initialized. This check isn't racy, because the target is waiting for the spinlock, so it won't have initialized the interrupt in the meantime. Signed-off-by: Ross Lagerwall <[email protected]> Reviewed-by: Boris Ostrovsky <[email protected]> Cc: David Vrabel <[email protected]> Cc: Juergen Gross <[email protected]> Cc: Konrad Rzeszutek Wilk <[email protected]> Cc: Linus Torvalds <[email protected]> Cc: Peter Zijlstra <[email protected]> Cc: Thomas Gleixner <[email protected]> Cc: [email protected] Cc: [email protected] Signed-off-by: Ingo Molnar <[email protected]> Cc: Sumit Semwal <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for e2d9577 - Browse repository at this point
Copy the full SHA e2d9577View commit details -
KVM: PPC: Book3S PR: Fix illegal opcode emulation
commit 708e75a upstream. If kvmppc_handle_exit_pr() calls kvmppc_emulate_instruction() to emulate one instruction (in the BOOK3S_INTERRUPT_H_EMUL_ASSIST case), it calls kvmppc_core_queue_program() afterwards if kvmppc_emulate_instruction() returned EMULATE_FAIL, so the guest gets an program interrupt for the illegal opcode. However, the kvmppc_emulate_instruction() also tried to inject a program exception for this already, so the program interrupt gets injected twice and the return address in srr0 gets destroyed. All other callers of kvmppc_emulate_instruction() are also injecting a program interrupt, and since the callers have the right knowledge about the srr1 flags that should be used, it is the function kvmppc_emulate_instruction() that should _not_ inject program interrupts, so remove the kvmppc_core_queue_program() here. This fixes the issue discovered by Laurent Vivier with kvm-unit-tests where the logs are filled with these messages when the test tries to execute an illegal instruction: Couldn't emulate instruction 0x00000000 (op 0 xop 0) kvmppc_handle_exit_pr: emulation at 700 failed (00000000) Signed-off-by: Thomas Huth <[email protected]> Reviewed-by: Alexander Graf <[email protected]> Tested-by: Laurent Vivier <[email protected]> Signed-off-by: Paul Mackerras <[email protected]> Cc: Sumit Semwal <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 50730d7 - Browse repository at this point
Copy the full SHA 50730d7View commit details -
s390/pci: fix use after free in dma_init
commit dba5990 upstream. After a failure during registration of the dma_table (because of the function being in error state) we free its memory but don't reset the associated pointer to zero. When we then receive a notification from firmware (about the function being in error state) we'll try to walk and free the dma_table again. Fix this by resetting the dma_table pointer. In addition to that make sure that we free the iommu_bitmap when appropriate. Signed-off-by: Sebastian Ott <[email protected]> Reviewed-by: Gerald Schaefer <[email protected]> Signed-off-by: Martin Schwidefsky <[email protected]> Cc: Sumit Semwal <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 68ea394 - Browse repository at this point
Copy the full SHA 68ea394View commit details -
drm/amdgpu: add missing irq.h include
commit e9c5e74 upstream. this fixes the build on arm. Signed-off-by: Dave Airlie <[email protected]> Cc: Sumit Semwal <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 13a2688 - Browse repository at this point
Copy the full SHA 13a2688View commit details -
tpm_tis: Use devm_free_irq not free_irq
commit 727f28b upstream. The interrupt is always allocated with devm_request_irq so it must always be freed with devm_free_irq. Fixes: 448e9c5 ("tpm_tis: verify interrupt during init") Signed-off-by: Jason Gunthorpe <[email protected]> Acked-by: Jarkko Sakkinen <[email protected]> Tested-by: Jarkko Sakkinen <[email protected]> Tested-by: Martin Wilck <[email protected]> Signed-off-by: Jarkko Sakkinen <[email protected]> Acked-by: Peter Huewe <[email protected]> Cc: Sumit Semwal <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for cea0501 - Browse repository at this point
Copy the full SHA cea0501View commit details -
hv_netvsc: use skb_get_hash() instead of a homegrown implementation
commit 757647e upstream. Recent changes to 'struct flow_keys' (e.g commit d34af82 ("net: Add VLAN ID to flow_keys")) introduced a performance regression in netvsc driver. Is problem is, however, not the above mentioned commit but the fact that netvsc_set_hash() function did some assumptions on the struct flow_keys data layout and this is wrong. Get rid of netvsc_set_hash() by switching to skb_get_hash(). This change will also imply switching to Jenkins hash from the currently used Toeplitz but it seems there is no good excuse for Toeplitz to stay. Signed-off-by: Vitaly Kuznetsov <[email protected]> Acked-by: Eric Dumazet <[email protected]> Signed-off-by: David S. Miller <[email protected]> Cc: Sumit Semwal <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6cc5b73 - Browse repository at this point
Copy the full SHA 6cc5b73View commit details -
kernek/fork.c: allocate idle task for a CPU always on its local node
commit 725fc62 upstream. Linux preallocates the task structs of the idle tasks for all possible CPUs. This currently means they all end up on node 0. This also implies that the cache line of MWAIT, which is around the flags field in the task struct, are all located in node 0. We see a noticeable performance improvement on Knights Landing CPUs when the cache lines used for MWAIT are located in the local nodes of the CPUs using them. I would expect this to give a (likely slight) improvement on other systems too. The patch implements placing the idle task in the node of its CPUs, by passing the right target node to copy_process() [[email protected]: use NUMA_NO_NODE, not a bare -1] Link: http://lkml.kernel.org/r/[email protected] Signed-off-by: Andi Kleen <[email protected]> Cc: Thomas Gleixner <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]> Cc: Sumit Semwal <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6052eb8 - Browse repository at this point
Copy the full SHA 6052eb8View commit details -
give up on gcc ilog2() constant optimizations
commit 474c901 upstream. gcc-7 has an "optimization" pass that completely screws up, and generates the code expansion for the (impossible) case of calling ilog2() with a zero constant, even when the code gcc compiles does not actually have a zero constant. And we try to generate a compile-time error for anybody doing ilog2() on a constant where that doesn't make sense (be it zero or negative). So now gcc7 will fail the build due to our sanity checking, because it created that constant-zero case that didn't actually exist in the source code. There's a whole long discussion on the kernel mailing about how to work around this gcc bug. The gcc people themselevs have discussed their "feature" in https://gcc.gnu.org/bugzilla/show_bug.cgi?id=72785 but it's all water under the bridge, because while it looked at one point like it would be solved by the time gcc7 was released, that was not to be. So now we have to deal with this compiler braindamage. And the only simple approach seems to be to just delete the code that tries to warn about bad uses of ilog2(). So now "ilog2()" will just return 0 not just for the value 1, but for any non-positive value too. It's not like I can recall anybody having ever actually tried to use this function on any invalid value, but maybe the sanity check just meant that such code never made it out in public. Reported-by: Laura Abbott <[email protected]> Cc: John Stultz <[email protected]>, Cc: Thomas Gleixner <[email protected]> Cc: Ard Biesheuvel <[email protected]> Signed-off-by: Linus Torvalds <[email protected]> Cc: Jiri Slaby <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 4cb0c0b - Browse repository at this point
Copy the full SHA 4cb0c0bView commit details -
perf/core: Fix event inheritance on fork()
commit e7cc486 upstream. While hunting for clues to a use-after-free, Oleg spotted that perf_event_init_context() can loose an error value with the result that fork() can succeed even though we did not fully inherit the perf event context. Spotted-by: Oleg Nesterov <[email protected]> Signed-off-by: Peter Zijlstra (Intel) <[email protected]> Cc: Alexander Shishkin <[email protected]> Cc: Arnaldo Carvalho de Melo <[email protected]> Cc: Arnaldo Carvalho de Melo <[email protected]> Cc: Dmitry Vyukov <[email protected]> Cc: Frederic Weisbecker <[email protected]> Cc: Jiri Olsa <[email protected]> Cc: Linus Torvalds <[email protected]> Cc: Mathieu Desnoyers <[email protected]> Cc: Peter Zijlstra <[email protected]> Cc: Stephane Eranian <[email protected]> Cc: Thomas Gleixner <[email protected]> Cc: Vince Weaver <[email protected]> Cc: [email protected] Fixes: 889ff01 ("perf/core: Split context's event group list into pinned and non-pinned lists") Link: http://lkml.kernel.org/r/[email protected] Signed-off-by: Ingo Molnar <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for f02729f - Browse repository at this point
Copy the full SHA f02729fView commit details -
cpufreq: Fix and clean up show_cpuinfo_cur_freq()
commit 9b4f603 upstream. There is a missing newline in show_cpuinfo_cur_freq(), so add it, but while at it clean that function up somewhat too. Signed-off-by: Rafael J. Wysocki <[email protected]> Acked-by: Viresh Kumar <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 09875d1 - Browse repository at this point
Copy the full SHA 09875d1View commit details -
powerpc/boot: Fix zImage TOC alignment
commit 97ee351 upstream. Recent toolchains force the TOC to be 256 byte aligned. We need to enforce this alignment in the zImage linker script, otherwise pointers to our TOC variables (__toc_start) could be incorrect. If the actual start of the TOC and __toc_start don't have the same value we crash early in the zImage wrapper. Suggested-by: Alan Modra <[email protected]> Signed-off-by: Michael Ellerman <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b244739 - Browse repository at this point
Copy the full SHA b244739View commit details -
md/raid1/10: fix potential deadlock
commit 61eb2b4 upstream. Neil Brown pointed out a potential deadlock in raid 10 code with bio_split/chain. The raid1 code could have the same issue, but recent barrier rework makes it less likely to happen. The deadlock happens in below sequence: 1. generic_make_request(bio), this will set current->bio_list 2. raid10_make_request will split bio to bio1 and bio2 3. __make_request(bio1), wait_barrer, add underlayer disk bio to current->bio_list 4. __make_request(bio2), wait_barrer If raise_barrier happens between 3 & 4, since wait_barrier runs at 3, raise_barrier waits for IO completion from 3. And since raise_barrier sets barrier, 4 waits for raise_barrier. But IO from 3 can't be dispatched because raid10_make_request() doesn't finished yet. The solution is to adjust the IO ordering. Quotes from Neil: " It is much safer to: if (need to split) { split = bio_split(bio, ...) bio_chain(...) make_request_fn(split); generic_make_request(bio); } else make_request_fn(mddev, bio); This way we first process the initial section of the bio (in 'split') which will queue some requests to the underlying devices. These requests will be queued in generic_make_request. Then we queue the remainder of the bio, which will be added to the end of the generic_make_request queue. Then we return. generic_make_request() will pop the lower-level device requests off the queue and handle them first. Then it will process the remainder of the original bio once the first section has been fully processed. " Note, this only happens in read path. In write path, the bio is flushed to underlaying disks either by blk flush (from schedule) or offladed to raid1/10d. It's queued in current->bio_list. Cc: Coly Li <[email protected]> Suggested-by: NeilBrown <[email protected]> Reviewed-by: Jack Wang <[email protected]> Signed-off-by: Shaohua Li <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 582f548 - Browse repository at this point
Copy the full SHA 582f548View commit details -
target/pscsi: Fix TYPE_TAPE + TYPE_MEDIMUM_CHANGER export
commit a04e54f upstream. The following fixes a divide by zero OOPs with TYPE_TAPE due to pscsi_tape_read_blocksize() failing causing a zero sd->sector_size being propigated up via dev_attrib.hw_block_size. It also fixes another long-standing bug where TYPE_TAPE and TYPE_MEDIMUM_CHANGER where using pscsi_create_type_other(), which does not call scsi_device_get() to take the device reference. Instead, rename pscsi_create_type_rom() to pscsi_create_type_nondisk() and use it for all cases. Finally, also drop a dump_stack() in pscsi_get_blocks() for non TYPE_DISK, which in modern target-core can get invoked via target_sense_desc_format() during CHECK_CONDITION. Reported-by: Malcolm Haak <[email protected]> Signed-off-by: Nicholas Bellinger <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 0a62163 - Browse repository at this point
Copy the full SHA 0a62163View commit details -
scsi: lpfc: Add shutdown method for kexec
commit 85e8a23 upstream. We see lpfc devices regularly fail during kexec. Fix this by adding a shutdown method which mirrors the remove method. Signed-off-by: Anton Blanchard <[email protected]> Reviewed-by: Mauricio Faria de Oliveira <[email protected]> Tested-by: Mauricio Faria de Oliveira <[email protected]> Signed-off-by: Martin K. Petersen <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 82bd06a - Browse repository at this point
Copy the full SHA 82bd06aView commit details -
scsi: libiscsi: add lock around task lists to fix list corruption reg…
…ression commit 6f8830f upstream. There's a rather long standing regression from the commit "libiscsi: Reduce locking contention in fast path" Depending on iSCSI target behavior, it's possible to hit the case in iscsi_complete_task where the task is still on a pending list (!list_empty(&task->running)). When that happens the task is removed from the list while holding the session back_lock, but other task list modification occur under the frwd_lock. That leads to linked list corruption and eventually a panicked system. Rather than back out the session lock split entirely, in order to try and keep some of the performance gains this patch adds another lock to maintain the task lists integrity. Major enterprise supported kernels have been backing out the lock split for while now, thanks to the efforts at IBM where a lab setup has the most reliable reproducer I've seen on this issue. This patch has been tested there successfully. Signed-off-by: Chris Leech <[email protected]> Fixes: 659743b ("[SCSI] libiscsi: Reduce locking contention in fast path") Reported-by: Prashantha Subbarao <[email protected]> Reviewed-by: Guilherme G. Piccoli <[email protected]> Signed-off-by: Martin K. Petersen <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 246760c - Browse repository at this point
Copy the full SHA 246760cView commit details -
target: Fix VERIFY_16 handling in sbc_parse_cdb
commit 1360368 upstream. As reported by Max, the Windows 2008 R2 chkdsk utility expects VERIFY_16 to be supported, and does not handle the returned CHECK_CONDITION properly, resulting in an infinite loop. The kernel will log huge amounts of this error: kernel: TARGET_CORE[iSCSI]: Unsupported SCSI Opcode 0x8f, sending CHECK_CONDITION. Signed-off-by: Max Lohrmann <[email protected]> Signed-off-by: Nicholas Bellinger <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for d267ecb - Browse repository at this point
Copy the full SHA d267ecbView commit details -
isdn/gigaset: fix NULL-deref at probe
commit 68c32f9 upstream. Make sure to check the number of endpoints to avoid dereferencing a NULL-pointer should a malicious device lack endpoints. Fixes: cf7776d ("[PATCH] isdn4linux: Siemens Gigaset drivers - direct USB connection") Cc: Hansjoerg Lipp <[email protected]> Signed-off-by: Johan Hovold <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 4f47ca4 - Browse repository at this point
Copy the full SHA 4f47ca4View commit details -
gfs2: Avoid alignment hole in struct lm_lockname
commit 28ea06c upstream. Commit 88ffbf3 switches to using rhashtables for glocks, hashing over the entire struct lm_lockname instead of its individual fields. On some architectures, struct lm_lockname contains a hole of uninitialized memory due to alignment rules, which now leads to incorrect hash values. Get rid of that hole. Signed-off-by: Andreas Gruenbacher <[email protected]> Signed-off-by: Bob Peterson <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for e08f608 - Browse repository at this point
Copy the full SHA e08f608View commit details -
percpu: acquire pcpu_lock when updating pcpu_nr_empty_pop_pages
commit 320661b upstream. Update to pcpu_nr_empty_pop_pages in pcpu_alloc() is currently done without holding pcpu_lock. This can lead to bad updates to the variable. Add missing lock calls. Fixes: b539b87 ("percpu: implmeent pcpu_nr_empty_pop_pages and chunk->nr_populated") Signed-off-by: Tahsin Erdogan <[email protected]> Signed-off-by: Tejun Heo <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for d88b83e - Browse repository at this point
Copy the full SHA d88b83eView commit details -
ext4: fix fencepost in s_first_meta_bg validation
commit 2ba3e6e upstream. It is OK for s_first_meta_bg to be equal to the number of block group descriptor blocks. (It rarely happens, but it shouldn't cause any problems.) https://bugzilla.kernel.org/show_bug.cgi?id=194567 Fixes: 3a4b77c Signed-off-by: Theodore Ts'o <[email protected]> Cc: Jiri Slaby <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 5fa513c - Browse repository at this point
Copy the full SHA 5fa513cView commit details -
Configuration menu - View commit details
-
Copy full SHA for a5c3f39 - Browse repository at this point
Copy the full SHA a5c3f39View commit details
Commits on Mar 29, 2017
-
Changes in 4.4.57: usb: core: hub: hub_port_init lock controller instead of bus USB: don't free bandwidth_mutex too early crypto: ghash-clmulni - Fix load failure crypto: cryptd - Assign statesize properly crypto: mcryptd - Fix load failure cxlflash: Increase cmd_per_lun for better throughput ACPI / video: skip evaluating _DOD when it does not exist pinctrl: cherryview: Do not mask all interrupts in probe Drivers: hv: balloon: don't crash when memory is added in non-sorted order Drivers: hv: avoid vfree() on crash xen/qspinlock: Don't kick CPU if IRQ is not initialized KVM: PPC: Book3S PR: Fix illegal opcode emulation s390/pci: fix use after free in dma_init drm/amdgpu: add missing irq.h include tpm_tis: Use devm_free_irq not free_irq hv_netvsc: use skb_get_hash() instead of a homegrown implementation kernek/fork.c: allocate idle task for a CPU always on its local node give up on gcc ilog2() constant optimizations perf/core: Fix event inheritance on fork() cpufreq: Fix and clean up show_cpuinfo_cur_freq() powerpc/boot: Fix zImage TOC alignment md/raid1/10: fix potential deadlock target/pscsi: Fix TYPE_TAPE + TYPE_MEDIMUM_CHANGER export scsi: lpfc: Add shutdown method for kexec scsi: libiscsi: add lock around task lists to fix list corruption regression target: Fix VERIFY_16 handling in sbc_parse_cdb isdn/gigaset: fix NULL-deref at probe gfs2: Avoid alignment hole in struct lm_lockname percpu: acquire pcpu_lock when updating pcpu_nr_empty_pop_pages ext4: fix fencepost in s_first_meta_bg validation Linux 4.4.57 Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 373a68c - Browse repository at this point
Copy the full SHA 373a68cView commit details
Commits on Mar 30, 2017
-
net/openvswitch: Set the ipv6 source tunnel key address attribute cor…
…rectly [ Upstream commit 3d20f1f ] When dealing with ipv6 source tunnel key address attribute (OVS_TUNNEL_KEY_ATTR_IPV6_SRC) we are wrongly setting the tunnel dst ip, fix that. Fixes: 6b26ba3 ('openvswitch: netlink attributes for IPv6 tunneling') Signed-off-by: Or Gerlitz <[email protected]> Reported-by: Paul Blakey <[email protected]> Acked-by: Jiri Benc <[email protected]> Acked-by: Joe Stringer <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b362d67 - Browse repository at this point
Copy the full SHA b362d67View commit details -
net: bcmgenet: Do not suspend PHY if Wake-on-LAN is enabled
[ Upstream commit 5371bbf ] Suspending the PHY would be putting it in a low power state where it may no longer allow us to do Wake-on-LAN. Fixes: cc013fb ("net: bcmgenet: correctly suspend and resume PHY device") Signed-off-by: Florian Fainelli <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 12f0bff - Browse repository at this point
Copy the full SHA 12f0bffView commit details -
net: properly release sk_frag.page
[ Upstream commit 22a0e18 ] I mistakenly added the code to release sk->sk_frag in sk_common_release() instead of sk_destruct() TCP sockets using sk->sk_allocation == GFP_ATOMIC do no call sk_common_release() at close time, thus leaking one (order-3) page. iSCSI is using such sockets. Fixes: 5640f76 ("net: use a per task frag allocator") Signed-off-by: Eric Dumazet <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for f312672 - Browse repository at this point
Copy the full SHA f312672View commit details -
amd-xgbe: Fix jumbo MTU processing on newer hardware
[ Upstream commit 622c36f ] Newer hardware does not provide a cumulative payload length when multiple descriptors are needed to handle the data. Once the MTU increases beyond the size that can be handled by a single descriptor, the SKB does not get built properly by the driver. The driver will now calculate the size of the data buffers used by the hardware. The first buffer of the first descriptor is for packet headers or packet headers and data when the headers can't be split. Subsequent descriptors in a multi-descriptor chain will not use the first buffer. The second buffer is used by all the descriptors in the chain for payload data. Based on whether the driver is processing the first, intermediate, or last descriptor it can calculate the buffer usage and build the SKB properly. Tested and verified on both old and new hardware. Signed-off-by: Tom Lendacky <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ae43f93 - Browse repository at this point
Copy the full SHA ae43f93View commit details -
net: unix: properly re-increment inflight counter of GC discarded can…
…didates [ Upstream commit 7df9c24 ] Dmitry has reported that a BUG_ON() condition in unix_notinflight() may be triggered by a simple code that forwards unix socket in an SCM_RIGHTS message. That is caused by incorrect unix socket GC implementation in unix_gc(). The GC first collects list of candidates, then (a) decrements their "children's" inflight counter, (b) checks which inflight counters are now 0, and then (c) increments all inflight counters back. (a) and (c) are done by calling scan_children() with inc_inflight or dec_inflight as the second argument. Commit 6209344 ("net: unix: fix inflight counting bug in garbage collector") changed scan_children() such that it no longer considers sockets that do not have UNIX_GC_CANDIDATE flag. It also added a block of code that that unsets this flag _before_ invoking scan_children(, dec_iflight, ). This may lead to incorrect inflight counters for some sockets. This change fixes this bug by changing order of operations: UNIX_GC_CANDIDATE is now unset only after all inflight counters are restored to the original state. kernel BUG at net/unix/garbage.c:149! RIP: 0010:[<ffffffff8717ebf4>] [<ffffffff8717ebf4>] unix_notinflight+0x3b4/0x490 net/unix/garbage.c:149 Call Trace: [<ffffffff8716cfbf>] unix_detach_fds.isra.19+0xff/0x170 net/unix/af_unix.c:1487 [<ffffffff8716f6a9>] unix_destruct_scm+0xf9/0x210 net/unix/af_unix.c:1496 [<ffffffff86a90a01>] skb_release_head_state+0x101/0x200 net/core/skbuff.c:655 [<ffffffff86a9808a>] skb_release_all+0x1a/0x60 net/core/skbuff.c:668 [<ffffffff86a980ea>] __kfree_skb+0x1a/0x30 net/core/skbuff.c:684 [<ffffffff86a98284>] kfree_skb+0x184/0x570 net/core/skbuff.c:705 [<ffffffff871789d5>] unix_release_sock+0x5b5/0xbd0 net/unix/af_unix.c:559 [<ffffffff87179039>] unix_release+0x49/0x90 net/unix/af_unix.c:836 [<ffffffff86a694b2>] sock_release+0x92/0x1f0 net/socket.c:570 [<ffffffff86a6962b>] sock_close+0x1b/0x20 net/socket.c:1017 [<ffffffff81a76b8e>] __fput+0x34e/0x910 fs/file_table.c:208 [<ffffffff81a771da>] ____fput+0x1a/0x20 fs/file_table.c:244 [<ffffffff81483ab0>] task_work_run+0x1a0/0x280 kernel/task_work.c:116 [< inline >] exit_task_work include/linux/task_work.h:21 [<ffffffff8141287a>] do_exit+0x183a/0x2640 kernel/exit.c:828 [<ffffffff8141383e>] do_group_exit+0x14e/0x420 kernel/exit.c:931 [<ffffffff814429d3>] get_signal+0x663/0x1880 kernel/signal.c:2307 [<ffffffff81239b45>] do_signal+0xc5/0x2190 arch/x86/kernel/signal.c:807 [<ffffffff8100666a>] exit_to_usermode_loop+0x1ea/0x2d0 arch/x86/entry/common.c:156 [< inline >] prepare_exit_to_usermode arch/x86/entry/common.c:190 [<ffffffff81009693>] syscall_return_slowpath+0x4d3/0x570 arch/x86/entry/common.c:259 [<ffffffff881478e6>] entry_SYSCALL_64_fastpath+0xc4/0xc6 Link: https://lkml.org/lkml/2017/3/6/252 Signed-off-by: Andrey Ulanov <[email protected]> Reported-by: Dmitry Vyukov <[email protected]> Fixes: 6209344 ("net: unix: fix inflight counting bug in garbage collector") Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 610c6bc - Browse repository at this point
Copy the full SHA 610c6bcView commit details -
net/mlx5: Increase number of max QPs in default profile
[ Upstream commit 5f40b4e ] With ConnectX-4 sharing SRQs from the same space as QPs, we hit a limit preventing some applications to allocate needed QPs amount. Double the size to 256K. Fixes: e126ba9 ('mlx5: Add driver for Mellanox Connect-IB adapters') Signed-off-by: Maor Gottlieb <[email protected]> Signed-off-by: Saeed Mahameed <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 9d1894c - Browse repository at this point
Copy the full SHA 9d1894cView commit details -
net/mlx5e: Count LRO packets correctly
[ Upstream commit 8ab7e2a ] RX packets statistics ('rx_packets' counter) used to count LRO packets as one, even though it contains multiple segments. This patch will increment the counter by the number of segments, and align the driver with the behavior of other drivers in the stack. Note that no information is lost in this patch due to 'rx_lro_packets' counter existence. Before, ethtool showed: $ ethtool -S ens6 | egrep "rx_packets|rx_lro_packets" rx_packets: 435277 rx_lro_packets: 35847 rx_packets_phy: 1935066 Now, we will see the more logical statistics: $ ethtool -S ens6 | egrep "rx_packets|rx_lro_packets" rx_packets: 1935066 rx_lro_packets: 35847 rx_packets_phy: 1935066 Fixes: e586b3b ("net/mlx5: Ethernet Datapath files") Signed-off-by: Gal Pressman <[email protected]> Cc: [email protected] Signed-off-by: Saeed Mahameed <[email protected]> Acked-by: Alexei Starovoitov <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for fdcee7c - Browse repository at this point
Copy the full SHA fdcee7cView commit details -
net: bcmgenet: remove bcmgenet_internal_phy_setup()
[ Upstream commit 31739ea ] Commit 6ac3ce8 ("net: bcmgenet: Remove excessive PHY reset") removed the bcmgenet_mii_reset() function from bcmgenet_power_up() and bcmgenet_internal_phy_setup() functions. In so doing it broke the reset of the internal PHY devices used by the GENETv1-GENETv3 which required this reset before the UniMAC was enabled. It also broke the internal GPHY devices used by the GENETv4 because the config_init that installed the AFE workaround was no longer occurring after the reset of the GPHY performed by bcmgenet_phy_power_set() in bcmgenet_internal_phy_setup(). In addition the code in bcmgenet_internal_phy_setup() related to the "enable APD" comment goes with the bcmgenet_mii_reset() so it should have also been removed. Commit bd4060a ("net: bcmgenet: Power on integrated GPHY in bcmgenet_power_up()") moved the bcmgenet_phy_power_set() call to the bcmgenet_power_up() function, but failed to remove it from the bcmgenet_internal_phy_setup() function. Had it done so, the bcmgenet_internal_phy_setup() function would have been empty and could have been removed at that time. Commit 5dbebbb ("net: bcmgenet: Software reset EPHY after power on") was submitted to correct the functional problems introduced by commit 6ac3ce8 ("net: bcmgenet: Remove excessive PHY reset"). It was included in v4.4 and made available on 4.3-stable. Unfortunately, it didn't fully revert the commit because this bcmgenet_mii_reset() doesn't apply the soft reset to the internal GPHY used by GENETv4 like the previous one did. This prevents the restoration of the AFE work- arounds for internal GPHY devices after the bcmgenet_phy_power_set() in bcmgenet_internal_phy_setup(). This commit takes the alternate approach of removing the unnecessary bcmgenet_internal_phy_setup() function which shouldn't have been in v4.3 so that when bcmgenet_mii_reset() was restored it should have only gone into bcmgenet_power_up(). This will avoid the problems while also removing the redundancy (and hopefully some of the confusion). Fixes: 6ac3ce8 ("net: bcmgenet: Remove excessive PHY reset") Signed-off-by: Doug Berger <[email protected]> Reviewed-by: Florian Fainelli <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 85f00da - Browse repository at this point
Copy the full SHA 85f00daView commit details -
ipv4: provide stronger user input validation in nl_fib_input()
[ Upstream commit c64c0b3 ] Alexander reported a KMSAN splat caused by reads of uninitialized field (tb_id_in) from user provided struct fib_result_nl It turns out nl_fib_input() sanity tests on user input is a bit wrong : User can pretend nlh->nlmsg_len is big enough, but provide at sendmsg() time a too small buffer. Reported-by: Alexander Potapenko <[email protected]> Signed-off-by: Eric Dumazet <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 38dece4 - Browse repository at this point
Copy the full SHA 38dece4View commit details -
socket, bpf: fix sk_filter use after free in sk_clone_lock
[ Upstream commit a97e50c ] In sk_clone_lock(), we create a new socket and inherit most of the parent's members via sock_copy() which memcpy()'s various sections. Now, in case the parent socket had a BPF socket filter attached, then newsk->sk_filter points to the same instance as the original sk->sk_filter. sk_filter_charge() is then called on the newsk->sk_filter to take a reference and should that fail due to hitting max optmem, we bail out and release the newsk instance. The issue is that commit 278571b ("net: filter: simplify socket charging") wrongly combined the dismantle path with the failure path of xfrm_sk_clone_policy(). This means, even when charging failed, we call sk_free_unlock_clone() on the newsk, which then still points to the same sk_filter as the original sk. Thus, sk_free_unlock_clone() calls into __sk_destruct() eventually where it tests for present sk_filter and calls sk_filter_uncharge() on it, which potentially lets sk_omem_alloc wrap around and releases the eBPF prog and sk_filter structure from the (still intact) parent. Fix it by making sure that when sk_filter_charge() failed, we reset newsk->sk_filter back to NULL before passing to sk_free_unlock_clone(), so that we don't mess with the parents sk_filter. Only if xfrm_sk_clone_policy() fails, we did reach the point where either the parent's filter was NULL and as a result newsk's as well or where we previously had a successful sk_filter_charge(), thus for that case, we do need sk_filter_uncharge() to release the prior taken reference on sk_filter. Fixes: 278571b ("net: filter: simplify socket charging") Signed-off-by: Daniel Borkmann <[email protected]> Acked-by: Alexei Starovoitov <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 95aa915 - Browse repository at this point
Copy the full SHA 95aa915View commit details -
tcp: initialize icsk_ack.lrcvtime at session start time
[ Upstream commit 15bb774 ] icsk_ack.lrcvtime has a 0 value at socket creation time. tcpi_last_data_recv can have bogus value if no payload is ever received. This patch initializes icsk_ack.lrcvtime for active sessions in tcp_finish_connect(), and for passive sessions in tcp_create_openreq_child() Signed-off-by: Eric Dumazet <[email protected]> Acked-by: Neal Cardwell <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for afaed24 - Browse repository at this point
Copy the full SHA afaed24View commit details -
Input: elan_i2c - add ASUS EeeBook X205TA special touchpad fw
commit 92ef6f9 upstream. EeeBook X205TA is yet another ASUS device with a special touchpad firmware that needs to be accounted for during initialization, or else the touchpad will go into an invalid state upon suspend/resume. Adding the appropriate ic_type and product_id check fixes the problem. Signed-off-by: Matjaz Hegedic <[email protected]> Acked-by: KT Liao <[email protected]> Signed-off-by: Dmitry Torokhov <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 9ac7bd1 - Browse repository at this point
Copy the full SHA 9ac7bd1View commit details -
Input: i8042 - add noloop quirk for Dell Embedded Box PC 3000
commit 4583866 upstream. The aux port does not get detected without noloop quirk, so external PS/2 mouse cannot work as result. The PS/2 mouse can work with this quirk. BugLink: https://bugs.launchpad.net/bugs/1591053 Signed-off-by: Kai-Heng Feng <[email protected]> Reviewed-by: Marcos Paulo de Souza <[email protected]> Signed-off-by: Dmitry Torokhov <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 5f9243e - Browse repository at this point
Copy the full SHA 5f9243eView commit details -
Input: iforce - validate number of endpoints before using them
commit 59cf8be upstream. Make sure to check the number of endpoints to avoid dereferencing a NULL-pointer or accessing memory that lie beyond the end of the endpoint array should a malicious device lack the expected endpoints. Signed-off-by: Johan Hovold <[email protected]> Signed-off-by: Dmitry Torokhov <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for a07d366 - Browse repository at this point
Copy the full SHA a07d366View commit details -
Input: ims-pcu - validate number of endpoints before using them
commit 1916d31 upstream. Make sure to check the number of endpoints to avoid dereferencing a NULL-pointer should a malicious device lack control-interface endpoints. Fixes: 628329d ("Input: add IMS Passenger Control Unit driver") Signed-off-by: Johan Hovold <[email protected]> Signed-off-by: Dmitry Torokhov <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6bed7c1 - Browse repository at this point
Copy the full SHA 6bed7c1View commit details -
Input: hanwang - validate number of endpoints before using them
commit ba340d7 upstream. Make sure to check the number of endpoints to avoid dereferencing a NULL-pointer should a malicious device lack endpoints. Fixes: bba5394 ("Input: add support for Hanwang tablets") Signed-off-by: Johan Hovold <[email protected]> Signed-off-by: Dmitry Torokhov <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 0812c68 - Browse repository at this point
Copy the full SHA 0812c68View commit details -
Input: yealink - validate number of endpoints before using them
commit 5cc4a1a upstream. Make sure to check the number of endpoints to avoid dereferencing a NULL-pointer should a malicious device lack endpoints. Fixes: aca951a ("[PATCH] input-driver-yealink-P1K-usb-phone") Signed-off-by: Johan Hovold <[email protected]> Signed-off-by: Dmitry Torokhov <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for e916f1d - Browse repository at this point
Copy the full SHA e916f1dView commit details -
Input: cm109 - validate number of endpoints before using them
commit ac2ee9b upstream. Make sure to check the number of endpoints to avoid dereferencing a NULL-pointer should a malicious device lack endpoints. Fixes: c04148f ("Input: add driver for USB VoIP phones with CM109...") Signed-off-by: Johan Hovold <[email protected]> Signed-off-by: Dmitry Torokhov <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c054906 - Browse repository at this point
Copy the full SHA c054906View commit details -
Input: kbtab - validate number of endpoints before using them
commit cb1b494 upstream. Make sure to check the number of endpoints to avoid dereferencing a NULL-pointer should a malicious device lack endpoints. Signed-off-by: Johan Hovold <[email protected]> Signed-off-by: Dmitry Torokhov <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b3c4c0c - Browse repository at this point
Copy the full SHA b3c4c0cView commit details -
Input: sur40 - validate number of endpoints before using them
commit 92461f5 upstream. Make sure to check the number of endpoints to avoid dereferencing a NULL-pointer or accessing memory that lie beyond the end of the endpoint array should a malicious device lack the expected endpoints. Fixes: bdb5c57 ("Input: add sur40 driver for Samsung SUR40... ") Signed-off-by: Johan Hovold <[email protected]> Signed-off-by: Dmitry Torokhov <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 5499930 - Browse repository at this point
Copy the full SHA 5499930View commit details -
ALSA: seq: Fix racy cell insertions during snd_seq_pool_done()
commit c520ff3 upstream. When snd_seq_pool_done() is called, it marks the closing flag to refuse the further cell insertions. But snd_seq_pool_done() itself doesn't clear the cells but just waits until all cells are cleared by the caller side. That is, it's racy, and this leads to the endless stall as syzkaller spotted. This patch addresses the racy by splitting the setup of pool->closing flag out of snd_seq_pool_done(), and calling it properly before snd_seq_pool_done(). BugLink: http://lkml.kernel.org/r/CACT4Y+aqqy8bZA1fFieifNxR2fAfFQQABcBHj801+u5ePV0URw@mail.gmail.com Reported-and-tested-by: Dmitry Vyukov <[email protected]> Signed-off-by: Takashi Iwai <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b55ffcb - Browse repository at this point
Copy the full SHA b55ffcbView commit details -
ALSA: ctxfi: Fix the incorrect check of dma_set_mask() call
commit f363a06 upstream. In the commit [15c75b0: ALSA: ctxfi: Fallback DMA mask to 32bit], I forgot to put "!" at dam_set_mask() call check in cthw20k1.c (while cthw20k2.c is OK). This patch fixes that obvious bug. (As a side note: although the original commit was completely wrong, it's still working for most of machines, as it sets to 32bit DMA mask in the end. So the bug severity is low.) Fixes: 15c75b0 ("ALSA: ctxfi: Fallback DMA mask to 32bit") Signed-off-by: Takashi Iwai <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ed00b61 - Browse repository at this point
Copy the full SHA ed00b61View commit details -
ALSA: hda - Adding a group of pin definition to fix headset problem
commit 3f30783 upstream. A new Dell laptop needs to apply ALC269_FIXUP_DELL1_MIC_NO_PRESENCE to fix the headset problem, and the pin definiton of this machine is not in the pin quirk table yet, now adding it to the table. Signed-off-by: Hui Wang <[email protected]> Signed-off-by: Takashi Iwai <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 1ea551e - Browse repository at this point
Copy the full SHA 1ea551eView commit details -
USB: serial: option: add Quectel UC15, UC20, EC21, and EC25 modems
commit 6e9f44e upstream. Add Quectel UC15, UC20, EC21, and EC25. The EC20 is handled by qcserial due to a USB VID/PID conflict with an existing Acer device. Signed-off-by: Dan Williams <[email protected]> Signed-off-by: Johan Hovold <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8f0f081 - Browse repository at this point
Copy the full SHA 8f0f081View commit details -
USB: serial: qcserial: add Dell DW5811e
commit 436ecf5 upstream. This is a Dell branded Sierra Wireless EM7455. Signed-off-by: Bjørn Mork <[email protected]> Signed-off-by: Johan Hovold <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 9218793 - Browse repository at this point
Copy the full SHA 9218793View commit details -
ACM gadget: fix endianness in notifications
commit cdd7928 upstream. The gadget code exports the bitfield for serial status changes over the wire in its internal endianness. The fix is to convert to little endian before sending it over the wire. Signed-off-by: Oliver Neukum <[email protected]> Tested-by: 家瑋 <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 19f0fe6 - Browse repository at this point
Copy the full SHA 19f0fe6View commit details -
usb: gadget: f_uvc: Fix SuperSpeed companion descriptor's wBytesPerIn…
…terval commit 09424c5 upstream. The streaming_maxburst module parameter is 0 offset (0..15) so we must add 1 while using it for wBytesPerInterval calculation for the SuperSpeed companion descriptor. Without this host uvcvideo driver will always see the wrong wBytesPerInterval for SuperSpeed uvc gadget and may not find a suitable video interface endpoint. e.g. for streaming_maxburst = 0 case it will always fail as wBytePerInterval was evaluating to 0. Reviewed-by: Laurent Pinchart <[email protected]> Signed-off-by: Roger Quadros <[email protected]> Signed-off-by: Felipe Balbi <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8a8a800 - Browse repository at this point
Copy the full SHA 8a8a800View commit details -
usb-core: Add LINEAR_FRAME_INTR_BINTERVAL USB quirk
commit 3243367 upstream. Some USB 2.0 devices erroneously report millisecond values in bInterval. The generic config code manages to catch most of them, but in some cases it's not completely enough. The case at stake here is a USB 2.0 braille device, which wants to announce 10ms and thus sets bInterval to 10, but with the USB 2.0 computation that yields to 64ms. It happens that one can type fast enough to reach this interval and get the device buffers overflown, leading to problematic latencies. The generic config code does not catch this case because the 64ms is considered a sane enough value. This change thus adds a USB_QUIRK_LINEAR_FRAME_INTR_BINTERVAL quirk to mark devices which actually report milliseconds in bInterval, and marks Vario Ultra devices as needing it. Signed-off-by: Samuel Thibault <[email protected]> Acked-by: Alan Stern <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2c929ea - Browse repository at this point
Copy the full SHA 2c929eaView commit details -
USB: uss720: fix NULL-deref at probe
commit f259ca3 upstream. Make sure to check the number of endpoints to avoid dereferencing a NULL-pointer or accessing memory beyond the endpoint array should a malicious device lack the expected endpoints. Note that the endpoint access that causes the NULL-deref is currently only used for debugging purposes during probe so the oops only happens when dynamic debugging is enabled. This means the driver could be rewritten to continue to accept device with only two endpoints, should such devices exist. Fixes: 1da177e ("Linux-2.6.12-rc2") Signed-off-by: Johan Hovold <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 73490ab - Browse repository at this point
Copy the full SHA 73490abView commit details -
USB: lvtest: fix NULL-deref at probe
commit 1dc56c5 upstream. Make sure to check the number of endpoints to avoid dereferencing a NULL-pointer should the probed device lack endpoints. Note that this driver does not bind to any devices by default. Fixes: ce21bfe ("USB: Add LVS Test device driver") Cc: Pratyush Anand <[email protected]> Signed-off-by: Johan Hovold <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for a771286 - Browse repository at this point
Copy the full SHA a771286View commit details -
USB: idmouse: fix NULL-deref at probe
commit b0addd3 upstream. Make sure to check the number of endpoints to avoid dereferencing a NULL-pointer should a malicious device lack endpoints. Fixes: 1da177e ("Linux-2.6.12-rc2") Signed-off-by: Johan Hovold <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for d6389d6 - Browse repository at this point
Copy the full SHA d6389d6View commit details -
USB: wusbcore: fix NULL-deref at probe
commit 03ace94 upstream. Make sure to check the number of endpoints to avoid dereferencing a NULL-pointer or accessing memory beyond the endpoint array should a malicious device lack the expected endpoints. This specifically fixes the NULL-pointer dereference when probing HWA HC devices. Fixes: df36542 ("wusb: add the Wire Adapter (WA) core") Cc: Inaky Perez-Gonzalez <[email protected]> Cc: David Vrabel <[email protected]> Signed-off-by: Johan Hovold <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for a7cb1fa - Browse repository at this point
Copy the full SHA a7cb1faView commit details -
usb: musb: cppi41: don't check early-TX-interrupt for Isoch transfer
commit 0090114 upstream. The CPPI 4.1 driver polls register to workaround the premature TX interrupt issue, but it causes audio playback underrun when triggered in Isoch transfers. Isoch doesn't do back-to-back transfers, the TX should be done by the time the next transfer is scheduled. So skip this polling workaround for Isoch transfer. Fixes: a655f48 ("usb: musb: musb_cppi41: handle pre-mature TX complete interrupt") Reported-by: Alexandre Bailon <[email protected]> Acked-by: Sebastian Andrzej Siewior <[email protected]> Tested-by: Alexandre Bailon <[email protected]> Signed-off-by: Bin Liu <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 47285be - Browse repository at this point
Copy the full SHA 47285beView commit details -
usb: hub: Fix crash after failure to read BOS descriptor
commit 7b2db29 upstream. If usb_get_bos_descriptor() returns an error, usb->bos will be NULL. Nevertheless, it is dereferenced unconditionally in hub_set_initial_usb2_lpm_policy() if usb2_hw_lpm_capable is set. This results in a crash. usb 5-1: unable to get BOS descriptor ... Unable to handle kernel NULL pointer dereference at virtual address 00000008 pgd = ffffffc00165f000 [00000008] *pgd=000000000174f003, *pud=000000000174f003, *pmd=0000000001750003, *pte=00e8000001751713 Internal error: Oops: 96000005 [#1] PREEMPT SMP Modules linked in: uinput uvcvideo videobuf2_vmalloc cmac [ ... ] CPU: 5 PID: 3353 Comm: kworker/5:3 Tainted: G B 4.4.52 torvalds#480 Hardware name: Google Kevin (DT) Workqueue: events driver_set_config_work task: ffffffc0c3690000 ti: ffffffc0ae9a8000 task.ti: ffffffc0ae9a8000 PC is at hub_port_init+0xc3c/0xd10 LR is at hub_port_init+0xc3c/0xd10 ... Call trace: [<ffffffc0007fbbfc>] hub_port_init+0xc3c/0xd10 [<ffffffc0007fbe2c>] usb_reset_and_verify_device+0x15c/0x82c [<ffffffc0007fc5e0>] usb_reset_device+0xe4/0x298 [<ffffffbffc0e3fcc>] rtl8152_probe+0x84/0x9b0 [r8152] [<ffffffc00080ca8c>] usb_probe_interface+0x244/0x2f8 [<ffffffc000774a24>] driver_probe_device+0x180/0x3b4 [<ffffffc000774e48>] __device_attach_driver+0xb4/0xe0 [<ffffffc000772168>] bus_for_each_drv+0xb4/0xe4 [<ffffffc0007747ec>] __device_attach+0xd0/0x158 [<ffffffc000775080>] device_initial_probe+0x24/0x30 [<ffffffc0007739d4>] bus_probe_device+0x50/0xe4 [<ffffffc000770bd0>] device_add+0x414/0x738 [<ffffffc000809fe8>] usb_set_configuration+0x89c/0x914 [<ffffffc00080a120>] driver_set_config_work+0xc0/0xf0 [<ffffffc000249bb8>] process_one_work+0x390/0x6b8 [<ffffffc00024abcc>] worker_thread+0x480/0x610 [<ffffffc000251a80>] kthread+0x164/0x178 [<ffffffc0002045d0>] ret_from_fork+0x10/0x40 Since we don't know anything about LPM capabilities without BOS descriptor, don't attempt to enable LPM if it is not available. Fixes: 890dae8 ("xhci: Enable LPM support only for hardwired ...") Cc: Mathias Nyman <[email protected]> Signed-off-by: Guenter Roeck <[email protected]> Acked-by: Mathias Nyman <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 14a2032 - Browse repository at this point
Copy the full SHA 14a2032View commit details -
uwb: i1480-dfu: fix NULL-deref at probe
commit 4ce3627 upstream. Make sure to check the number of endpoints to avoid dereferencing a NULL-pointer should a malicious device lack endpoints. Note that the dereference happens in the cmd and wait_init_done callbacks which are called during probe. Fixes: 1ba47da ("uwb: add the i1480 DFU driver") Cc: Inaky Perez-Gonzalez <[email protected]> Cc: David Vrabel <[email protected]> Signed-off-by: Johan Hovold <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 815321d - Browse repository at this point
Copy the full SHA 815321dView commit details -
uwb: hwa-rc: fix NULL-deref at probe
commit daf229b upstream. Make sure to check the number of endpoints to avoid dereferencing a NULL-pointer should a malicious device lack endpoints. Note that the dereference happens in the start callback which is called during probe. Fixes: de520b8 ("uwb: add HWA radio controller driver") Cc: Inaky Perez-Gonzalez <[email protected]> Cc: David Vrabel <[email protected]> Signed-off-by: Johan Hovold <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2c251e5 - Browse repository at this point
Copy the full SHA 2c251e5View commit details -
mmc: ushc: fix NULL-deref at probe
commit 181302d upstream. Make sure to check the number of endpoints to avoid dereferencing a NULL-pointer should a malicious device lack endpoints. Fixes: 53f3a9e ("mmc: USB SD Host Controller (USHC) driver") Cc: David Vrabel <[email protected]> Signed-off-by: Johan Hovold <[email protected]> Signed-off-by: Ulf Hansson <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for dcf879c - Browse repository at this point
Copy the full SHA dcf879cView commit details -
iio: adc: ti_am335x_adc: fix fifo overrun recovery
commit e83bb3e upstream. The tiadc_irq_h(int irq, void *private) function is handling FIFO overruns by clearing flags, disabling and enabling the ADC to recover. If the ADC is running in continuous mode a FIFO overrun happens regularly. If the disabling of the ADC happens concurrently with a new conversion. It might happen that the enabling of the ADC is ignored by the hardware. This stops the ADC permanently. No more interrupts are triggered. According to the AM335x Reference Manual (SPRUH73H October 2011 - Revised April 2013 - Chapter 12.4 and 12.5) it is necessary to check the ADC FSM bits in REG_ADCFSM before enabling the ADC again. Because the disabling of the ADC is done right after the current conversion has been finished. To trigger this bug it is necessary to run the ADC in continuous mode. The ADC values of all channels need to be read in an endless loop. The bug appears within the first 6 hours (~5.4 million handled FIFO overruns). The user space application will hang on reading new values from the character device. Fixes: ca9a563 ("iio: ti_am335x_adc: Add continuous sampling support") Signed-off-by: Michael Engl <[email protected]> Signed-off-by: Jonathan Cameron <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8f189e1 - Browse repository at this point
Copy the full SHA 8f189e1View commit details -
iio: hid-sensor-trigger: Change get poll value function order to avoi…
…d sensor properties losing after resume from S3 commit 3bec247 upstream. In function _hid_sensor_power_state(), when hid_sensor_read_poll_value() is called, sensor's all properties will be updated by the value from sensor hardware/firmware. In some implementation, sensor hardware/firmware will do a power cycle during S3. In this case, after resume, once hid_sensor_read_poll_value() is called, sensor's all properties which are kept by driver during S3 will be changed to default value. But instead, if a set feature function is called first, sensor hardware/firmware will be recovered to the last status. So change the sensor_hub_set_feature() calling order to behind of set feature function to avoid sensor properties lose. Signed-off-by: Song Hongyan <[email protected]> Acked-by: Srinivas Pandruvada <[email protected]> Signed-off-by: Jonathan Cameron <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 7413d1f - Browse repository at this point
Copy the full SHA 7413d1fView commit details -
parport: fix attempt to write duplicate procfiles
commit 03270c6 upstream. Usually every parallel port will have a single pardev registered with it. But ppdev driver is an exception. This userspace parallel port driver allows to create multiple parrallel port devices for a single parallel port. And as a result we were having a nice warning like: "sysctl table check failed: /dev/parport/parport0/devices/ppdev0/timeslice Sysctl already exists" Use the same logic as used in parport_register_device() and register the proc files only once for each parallel port. Fixes: 6fa45a2 ("parport: add device-model to parport subsystem") Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1414656 Bugzilla: https://bugs.archlinux.org/task/52322 Tested-by: James Feeney <[email protected]> Signed-off-by: Sudip Mukherjee <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c7d1545 - Browse repository at this point
Copy the full SHA c7d1545View commit details -
ext4: mark inode dirty after converting inline directory
commit b9cf625 upstream. If ext4_convert_inline_data() was called on a directory with inline data, the filesystem was left in an inconsistent state (as considered by e2fsck) because the file size was not increased to cover the new block. This happened because the inode was not marked dirty after i_disksize was updated. Fix this by marking the inode dirty at the end of ext4_finish_convert_inline_dir(). This bug was probably not noticed before because most users mark the inode dirty afterwards for other reasons. But if userspace executed FS_IOC_SET_ENCRYPTION_POLICY with invalid parameters, as exercised by 'kvm-xfstests -c adv generic/396', then the inode was never marked dirty after updating i_disksize. Fixes: 3c47d54 Signed-off-by: Eric Biggers <[email protected]> Signed-off-by: Theodore Ts'o <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 27d9bf0 - Browse repository at this point
Copy the full SHA 27d9bf0View commit details -
mmc: sdhci: Do not disable interrupts while waiting for clock
commit e2ebfb2 upstream. Disabling interrupts for even a millisecond can cause problems for some devices. That can happen when sdhci changes clock frequency because it waits for the clock to become stable under a spin lock. The spin lock is not necessary here. Anything that is racing with changes to the I/O state is already broken. The mmc core already provides synchronization via "claiming" the host. Although the spin lock probably should be removed from the code paths that lead to this point, such a patch would touch too much code to be suitable for stable trees. Consequently, for this patch, just drop the spin lock while waiting. Signed-off-by: Adrian Hunter <[email protected]> Signed-off-by: Ulf Hansson <[email protected]> Tested-by: Ludovic Desroches <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 52e40a2 - Browse repository at this point
Copy the full SHA 52e40a2View commit details -
xen/acpi: upload PM state from init-domain to Xen
commit 1914f0c upstream. This was broken in commit cd97988 ("xen/acpi-processor: fix enabling interrupts on syscore_resume"). do_suspend (from xen/manage.c) and thus xen_resume_notifier never get called on the initial-domain at resume (it is if running as guest.) The rationale for the breaking change was that upload_pm_data() potentially does blocking work in syscore_resume(). This patch addresses the original issue by scheduling upload_pm_data() to execute in workqueue context. Cc: Stanislaw Gruszka <[email protected]> Based-on-patch-by: Konrad Wilk <[email protected]> Reviewed-by: Konrad Rzeszutek Wilk <[email protected]> Reviewed-by: Stanislaw Gruszka <[email protected]> Signed-off-by: Ankur Arora <[email protected]> Signed-off-by: Boris Ostrovsky <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c856b66 - Browse repository at this point
Copy the full SHA c856b66View commit details -
iommu/vt-d: Fix NULL pointer dereference in device_to_iommu
commit 5003ae1 upstream. The function device_to_iommu() in the Intel VT-d driver lacks a NULL-ptr check, resulting in this oops at boot on some platforms: BUG: unable to handle kernel NULL pointer dereference at 00000000000007ab IP: [<ffffffff8132234a>] device_to_iommu+0x11a/0x1a0 PGD 0 [...] Call Trace: ? find_or_alloc_domain.constprop.29+0x1a/0x300 ? dw_dma_probe+0x561/0x580 [dw_dmac_core] ? __get_valid_domain_for_dev+0x39/0x120 ? __intel_map_single+0x138/0x180 ? intel_alloc_coherent+0xb6/0x120 ? sst_hsw_dsp_init+0x173/0x420 [snd_soc_sst_haswell_pcm] ? mutex_lock+0x9/0x30 ? kernfs_add_one+0xdb/0x130 ? devres_add+0x19/0x60 ? hsw_pcm_dev_probe+0x46/0xd0 [snd_soc_sst_haswell_pcm] ? platform_drv_probe+0x30/0x90 ? driver_probe_device+0x1ed/0x2b0 ? __driver_attach+0x8f/0xa0 ? driver_probe_device+0x2b0/0x2b0 ? bus_for_each_dev+0x55/0x90 ? bus_add_driver+0x110/0x210 ? 0xffffffffa11ea000 ? driver_register+0x52/0xc0 ? 0xffffffffa11ea000 ? do_one_initcall+0x32/0x130 ? free_vmap_area_noflush+0x37/0x70 ? kmem_cache_alloc+0x88/0xd0 ? do_init_module+0x51/0x1c4 ? load_module+0x1ee9/0x2430 ? show_taint+0x20/0x20 ? kernel_read_file+0xfd/0x190 ? SyS_finit_module+0xa3/0xb0 ? do_syscall_64+0x4a/0xb0 ? entry_SYSCALL64_slow_path+0x25/0x25 Code: 78 ff ff ff 4d 85 c0 74 ee 49 8b 5a 10 0f b6 9b e0 00 00 00 41 38 98 e0 00 00 00 77 da 0f b6 eb 49 39 a8 88 00 00 00 72 ce eb 8f <41> f6 82 ab 07 00 00 04 0f 85 76 ff ff ff 0f b6 4d 08 88 0e 49 RIP [<ffffffff8132234a>] device_to_iommu+0x11a/0x1a0 RSP <ffffc90001457a78> CR2: 00000000000007ab ---[ end trace 16f974b6d58d0aad ]--- Add the missing pointer check. Fixes: 1c38718 ("iommu/vt-d: Fix IOMMU lookup for SR-IOV Virtual Functions") Signed-off-by: Koos Vriezen <[email protected]> Signed-off-by: Joerg Roedel <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 55b6c18 - Browse repository at this point
Copy the full SHA 55b6c18View commit details -
ARM: at91: pm: cpu_idle: switch DDR to power-down mode
commit 60b89f1 upstream. On some DDR controllers, compatible with the sama5d3 one, the sequence to enter/exit/re-enter the self-refresh mode adds more constrains than what is currently written in the at91_idle driver. An actual access to the DDR chip is needed between exit and re-enter of this mode which is somehow difficult to implement. This sequence can completely hang the SoC. It is particularly experienced on parts which embed a L2 cache if the code run between IDLE calls fits in it... Moreover, as the intention is to enter and exit pretty rapidly from IDLE, the power-down mode is a good candidate. So now we use power-down instead of self-refresh. As we can simplify the code for sama5d3 compatible DDR controllers, we instantiate a new sama5d3_ddr_standby() function. Signed-off-by: Nicolas Ferre <[email protected]> Fixes: 017b552 ("ARM: at91: Add new binding for sama5d3-ddramc") Signed-off-by: Alexandre Belloni <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2705b18 - Browse repository at this point
Copy the full SHA 2705b18View commit details -
ARM: dts: at91: sama5d2: add dma properties to UART nodes
commit b1708b7 upstream. The dmas/dma-names properties are added to the UART nodes. Note that additional properties are needed to enable them at the board level: check bindings for details. Signed-off-by: Nicolas Ferre <[email protected]> Signed-off-by: Alexandre Belloni <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for e1af444 - Browse repository at this point
Copy the full SHA e1af444View commit details -
cpufreq: Restore policy min/max limits on CPU online
commit ff01047 upstream. On CPU online the cpufreq core restores the previous governor (or the previous "policy" setting for ->setpolicy drivers), but it does not restore the min/max limits at the same time, which is confusing, inconsistent and real pain for users who set the limits and then suspend/resume the system (using full suspend), in which case the limits are reset on all CPUs except for the boot one. Fix this by making cpufreq_online() restore the limits when an inactive policy is brought online. The commit log and patch are inspired from Rafael's earlier work. Reported-by: Rafael J. Wysocki <[email protected]> Signed-off-by: Viresh Kumar <[email protected]> Signed-off-by: Rafael J. Wysocki <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 1750396 - Browse repository at this point
Copy the full SHA 1750396View commit details -
raid10: increment write counter after bio is split
commit 9b622e2 upstream. md pending write counter must be incremented after bio is split, otherwise it gets decremented too many times in end bio callback and becomes negative. Signed-off-by: Tomasz Majchrzak <[email protected]> Reviewed-by: Artur Paszkiewicz <[email protected]> Signed-off-by: Shaohua Li <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 73dd1ed - Browse repository at this point
Copy the full SHA 73dd1edView commit details -
libceph: don't set weight to IN when OSD is destroyed
commit b581a58 upstream. Since ceph.git commit 4e28f9e ("osd/OSDMap: clear osd_info, osd_xinfo on osd deletion"), weight is set to IN when OSD is deleted. This changes the result of applying an incremental for clients, not just OSDs. Because CRUSH computations are obviously affected, pre-4e28f9e63644 servers disagree with post-4e28f9e63644 clients on object placement, resulting in misdirected requests. Mirrors ceph.git commit a6009d1. Fixes: 930c532 ("libceph: apply new_state before new_up_client on incrementals") Link: http://tracker.ceph.com/issues/19122 Signed-off-by: Ilya Dryomov <[email protected]> Reviewed-by: Sage Weil <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 48da8f8 - Browse repository at this point
Copy the full SHA 48da8f8View commit details -
xfs: don't allow di_size with high bit set
commit ef388e2 upstream. The on-disk field di_size is used to set i_size, which is a signed integer of loff_t. If the high bit of di_size is set, we'll end up with a negative i_size, which will cause all sorts of problems. Since the VFS won't let us create a file with such length, we should catch them here in the verifier too. Signed-off-by: Darrick J. Wong <[email protected]> Reviewed-by: Dave Chinner <[email protected]> Signed-off-by: Dave Chinner <[email protected]> Cc: Nikolay Borisov <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c4cf86f - Browse repository at this point
Copy the full SHA c4cf86fView commit details -
xfs: fix up xfs_swap_extent_forks inline extent handling
commit 4dfce57 upstream. There have been several reports over the years of NULL pointer dereferences in xfs_trans_log_inode during xfs_fsr processes, when the process is doing an fput and tearing down extents on the temporary inode, something like: BUG: unable to handle kernel NULL pointer dereference at 0000000000000018 PID: 29439 TASK: ffff880550584fa0 CPU: 6 COMMAND: "xfs_fsr" [exception RIP: xfs_trans_log_inode+0x10] #9 [ffff8800a57bbbe0] xfs_bunmapi at ffffffffa037398e [xfs] #10 [ffff8800a57bbce8] xfs_itruncate_extents at ffffffffa0391b29 [xfs] #11 [ffff8800a57bbd88] xfs_inactive_truncate at ffffffffa0391d0c [xfs] #12 [ffff8800a57bbdb8] xfs_inactive at ffffffffa0392508 [xfs] #13 [ffff8800a57bbdd8] xfs_fs_evict_inode at ffffffffa035907e [xfs] #14 [ffff8800a57bbe00] evict at ffffffff811e1b67 #15 [ffff8800a57bbe28] iput at ffffffff811e23a5 #16 [ffff8800a57bbe58] dentry_kill at ffffffff811dcfc8 #17 [ffff8800a57bbe88] dput at ffffffff811dd06c #18 [ffff8800a57bbea8] __fput at ffffffff811c823b #19 [ffff8800a57bbef0] ____fput at ffffffff811c846e #20 [ffff8800a57bbf00] task_work_run at ffffffff81093b27 #21 [ffff8800a57bbf30] do_notify_resume at ffffffff81013b0c #22 [ffff8800a57bbf50] int_signal at ffffffff8161405d As it turns out, this is because the i_itemp pointer, along with the d_ops pointer, has been overwritten with zeros when we tear down the extents during truncate. When the in-core inode fork on the temporary inode used by xfs_fsr was originally set up during the extent swap, we mistakenly looked at di_nextents to determine whether all extents fit inline, but this misses extents generated by speculative preallocation; we should be using if_bytes instead. This mistake corrupts the in-memory inode, and code in xfs_iext_remove_inline eventually gets bad inputs, causing it to memmove and memset incorrect ranges; this became apparent because the two values in ifp->if_u2.if_inline_ext[1] contained what should have been in d_ops and i_itemp; they were memmoved due to incorrect array indexing and then the original locations were zeroed with memset, again due to an array overrun. Fix this by properly using i_df.if_bytes to determine the number of extents, not di_nextents. Thanks to dchinner for looking at this with me and spotting the root cause. [nborisov: backported to 4.4] Cc: [email protected] Signed-off-by: Eric Sandeen <[email protected]> Reviewed-by: Brian Foster <[email protected]> Signed-off-by: Dave Chinner <[email protected]> Signed-off-by: Nikolay Borisov <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> -- fs/xfs/xfs_bmap_util.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-)
Configuration menu - View commit details
-
Copy full SHA for 7922c1b - Browse repository at this point
Copy the full SHA 7922c1bView commit details -
nl80211: fix dumpit error path RTNL deadlocks
commit ea90e0d upstream. Sowmini pointed out Dmitry's RTNL deadlock report to me, and it turns out to be perfectly accurate - there are various error paths that miss unlock of the RTNL. To fix those, change the locking a bit to not be conditional in all those nl80211_prepare_*_dump() functions, but make those require the RTNL to start with, and fix the buggy error paths. This also let me use sparse (by appropriately overriding the rtnl_lock/rtnl_unlock functions) to validate the changes. Reported-by: Sowmini Varadhan <[email protected]> Reported-by: Dmitry Vyukov <[email protected]> Signed-off-by: Johannes Berg <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 74c8dd0 - Browse repository at this point
Copy the full SHA 74c8dd0View commit details -
USB: usbtmc: add missing endpoint sanity check
commit 687e068 upstream. USBTMC devices are required to have a bulk-in and a bulk-out endpoint, but the driver failed to verify this, something which could lead to the endpoint addresses being taken from uninitialised memory. Make sure to zero all private data as part of allocation, and add the missing endpoint sanity check. Note that this also addresses a more recently introduced issue, where the interrupt-in-presence flag would also be uninitialised whenever the optional interrupt-in endpoint is not present. This in turn could lead to an interrupt urb being allocated, initialised and submitted based on uninitialised values. Fixes: dbf3e7f ("Implement an ioctl to support the USMTMC-USB488 READ_STATUS_BYTE operation.") Fixes: 5b775f6 ("USB: add USB test and measurement class driver") Signed-off-by: Johan Hovold <[email protected]> [ johan: backport to v4.4 ] Signed-off-by: Johan Hovold <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for f154de0 - Browse repository at this point
Copy the full SHA f154de0View commit details -
xfs: clear _XBF_PAGES from buffers when readahead page
commit 2aa6ba7 upstream. If we try to allocate memory pages to back an xfs_buf that we're trying to read, it's possible that we'll be so short on memory that the page allocation fails. For a blocking read we'll just wait, but for readahead we simply dump all the pages we've collected so far. Unfortunately, after dumping the pages we neglect to clear the _XBF_PAGES state, which means that the subsequent call to xfs_buf_free thinks that b_pages still points to pages we own. It then double-frees the b_pages pages. This results in screaming about negative page refcounts from the memory manager, which xfs oughtn't be triggering. To reproduce this case, mount a filesystem where the size of the inodes far outweighs the availalble memory (a ~500M inode filesystem on a VM with 300MB memory did the trick here) and run bulkstat in parallel with other memory eating processes to put a huge load on the system. The "check summary" phase of xfs_scrub also works for this purpose. Signed-off-by: Darrick J. Wong <[email protected]> Reviewed-by: Eric Sandeen <[email protected]> Cc: Ivan Kozik <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6d43e48 - Browse repository at this point
Copy the full SHA 6d43e48View commit details -
xen: do not re-use pirq number cached in pci device msi msg data
From: Dan Streetman <[email protected]> [ Upstream commit c74fd80 ] Revert the main part of commit: af42b8d ("xen: fix MSI setup and teardown for PV on HVM guests") That commit introduced reading the pci device's msi message data to see if a pirq was previously configured for the device's msi/msix, and re-use that pirq. At the time, that was the correct behavior. However, a later change to Qemu caused it to call into the Xen hypervisor to unmap all pirqs for a pci device, when the pci device disables its MSI/MSIX vectors; specifically the Qemu commit: c976437 ("qemu-xen: free all the pirqs for msi/msix when driver unload") Once Qemu added this pirq unmapping, it was no longer correct for the kernel to re-use the pirq number cached in the pci device msi message data. All Qemu releases since 2.1.0 contain the patch that unmaps the pirqs when the pci device disables its MSI/MSIX vectors. This bug is causing failures to initialize multiple NVMe controllers under Xen, because the NVMe driver sets up a single MSIX vector for each controller (concurrently), and then after using that to talk to the controller for some configuration data, it disables the single MSIX vector and re-configures all the MSIX vectors it needs. So the MSIX setup code tries to re-use the cached pirq from the first vector for each controller, but the hypervisor has already given away that pirq to another controller, and its initialization fails. This is discussed in more detail at: https://lists.xen.org/archives/html/xen-devel/2017-01/msg00447.html Fixes: af42b8d ("xen: fix MSI setup and teardown for PV on HVM guests") Signed-off-by: Dan Streetman <[email protected]> Reviewed-by: Stefano Stabellini <[email protected]> Acked-by: Konrad Rzeszutek Wilk <[email protected]> Signed-off-by: Boris Ostrovsky <[email protected]> Signed-off-by: Sasha Levin <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> Signed-off-by: Sumit Semwal <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ec52364 - Browse repository at this point
Copy the full SHA ec52364View commit details -
igb: Workaround for igb i210 firmware issue
From: Chris J Arges <[email protected]> [ Upstream commit 4e684f5 ] Sometimes firmware may not properly initialize I347AT4_PAGE_SELECT causing the probe of an igb i210 NIC to fail. This patch adds an addition zeroing of this register during igb_get_phy_id to workaround this issue. Thanks for Jochen Henneberg for the idea and original patch. Signed-off-by: Chris J Arges <[email protected]> Tested-by: Aaron Brown <[email protected]> Signed-off-by: Jeff Kirsher <[email protected]> Signed-off-by: Sasha Levin <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> Signed-off-by: Sumit Semwal <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 4db313d - Browse repository at this point
Copy the full SHA 4db313dView commit details -
igb: add i211 to i210 PHY workaround
From: Todd Fujinaka <[email protected]> [ Upstream commit 5bc8c23 ] i210 and i211 share the same PHY but have different PCI IDs. Don't forget i211 for any i210 workarounds. Signed-off-by: Todd Fujinaka <[email protected]> Tested-by: Aaron Brown <[email protected]> Signed-off-by: Jeff Kirsher <[email protected]> Signed-off-by: Sasha Levin <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> Signed-off-by: Sumit Semwal <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ca7e3bd - Browse repository at this point
Copy the full SHA ca7e3bdView commit details -
x86/hyperv: Handle unknown NMIs on one CPU when unknown_nmi_panic
From: Vitaly Kuznetsov <[email protected]> [ Upstream commit 59107e2 ] There is a feature in Hyper-V ('Debug-VM --InjectNonMaskableInterrupt') which injects NMI to the guest. We may want to crash the guest and do kdump on this NMI by enabling unknown_nmi_panic. To make kdump succeed we need to allow the kdump kernel to re-establish VMBus connection so it will see VMBus devices (storage, network,..). To properly unload VMBus making it possible to start over during kdump we need to do the following: - Send an 'unload' message to the hypervisor. This can be done on any CPU so we do this the crashing CPU. - Receive the 'unload finished' reply message. WS2012R2 delivers this message to the CPU which was used to establish VMBus connection during module load and this CPU may differ from the CPU sending 'unload'. Receiving a VMBus message means the following: - There is a per-CPU slot in memory for one message. This slot can in theory be accessed by any CPU. - We get an interrupt on the CPU when a message was placed into the slot. - When we read the message we need to clear the slot and signal the fact to the hypervisor. In case there are more messages to this CPU pending the hypervisor will deliver the next message. The signaling is done by writing to an MSR so this can only be done on the appropriate CPU. To avoid doing cross-CPU work on crash we have vmbus_wait_for_unload() function which checks message slots for all CPUs in a loop waiting for the 'unload finished' messages. However, there is an issue which arises when these conditions are met: - We're crashing on a CPU which is different from the one which was used to initially contact the hypervisor. - The CPU which was used for the initial contact is blocked with interrupts disabled and there is a message pending in the message slot. In this case we won't be able to read the 'unload finished' message on the crashing CPU. This is reproducible when we receive unknown NMIs on all CPUs simultaneously: the first CPU entering panic() will proceed to crash and all other CPUs will stop themselves with interrupts disabled. The suggested solution is to handle unknown NMIs for Hyper-V guests on the first CPU which gets them only. This will allow us to rely on VMBus interrupt handler being able to receive the 'unload finish' message in case it is delivered to a different CPU. The issue is not reproducible on WS2016 as Debug-VM delivers NMI to the boot CPU only, WS2012R2 and earlier Hyper-V versions are affected. Signed-off-by: Vitaly Kuznetsov <[email protected]> Acked-by: K. Y. Srinivasan <[email protected]> Cc: [email protected] Cc: Haiyang Zhang <[email protected]> Link: http://lkml.kernel.org/r/[email protected] Signed-off-by: Thomas Gleixner <[email protected]> Signed-off-by: Ingo Molnar <[email protected]> Signed-off-by: Sasha Levin <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> Signed-off-by: Sumit Semwal <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for e4ce31c - Browse repository at this point
Copy the full SHA e4ce31cView commit details -
PCI: Separate VF BAR updates from standard BAR updates
From: Bjorn Helgaas <[email protected]> [ Upstream commit 6ffa248 ] Previously pci_update_resource() used the same code path for updating standard BARs and VF BARs in SR-IOV capabilities. Split the VF BAR update into a new pci_iov_update_resource() internal interface, which makes it simpler to compute the BAR address (we can get rid of pci_resource_bar() and pci_iov_resource_bar()). This patch: - Renames pci_update_resource() to pci_std_update_resource(), - Adds pci_iov_update_resource(), - Makes pci_update_resource() a wrapper that calls the appropriate one, No functional change intended. Signed-off-by: Bjorn Helgaas <[email protected]> Reviewed-by: Gavin Shan <[email protected]> Signed-off-by: Sasha Levin <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> Signed-off-by: Sumit Semwal <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for a87693e - Browse repository at this point
Copy the full SHA a87693eView commit details -
PCI: Remove pci_resource_bar() and pci_iov_resource_bar()
From: Bjorn Helgaas <[email protected]> [ Upstream commit 286c237 ] pci_std_update_resource() only deals with standard BARs, so we don't have to worry about the complications of VF BARs in an SR-IOV capability. Compute the BAR address inline and remove pci_resource_bar(). That makes pci_iov_resource_bar() unused, so remove that as well. Signed-off-by: Bjorn Helgaas <[email protected]> Reviewed-by: Gavin Shan <[email protected]> Signed-off-by: Sasha Levin <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> Signed-off-by: Sumit Semwal <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for cef498a - Browse repository at this point
Copy the full SHA cef498aView commit details -
PCI: Add comments about ROM BAR updating
From: Bjorn Helgaas <[email protected]> [ Upstream commit 0b457dd ] pci_update_resource() updates a hardware BAR so its address matches the kernel's struct resource UNLESS it's a disabled ROM BAR. We only update those when we enable the ROM. It's not obvious from the code why ROM BARs should be handled specially. Apparently there are Matrox devices with defective ROM BARs that read as zero when disabled. That means that if pci_enable_rom() reads the disabled BAR, sets PCI_ROM_ADDRESS_ENABLE (without re-inserting the address), and writes it back, it would enable the ROM at address zero. Add comments and references to explain why we can't make the code look more rational. The code changes are from 755528c ("Ignore disabled ROM resources at setup") and 8085ce0 ("[PATCH] Fix PCI ROM mapping"). Link: https://lkml.org/lkml/2005/8/30/138 Signed-off-by: Bjorn Helgaas <[email protected]> Reviewed-by: Gavin Shan <[email protected]> Signed-off-by: Sasha Levin <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> [sumits: minor fixup in rom.c for 4.4.y] Signed-off-by: Sumit Semwal <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 1278c9f - Browse repository at this point
Copy the full SHA 1278c9fView commit details -
PCI: Decouple IORESOURCE_ROM_ENABLE and PCI_ROM_ADDRESS_ENABLE
From: Bjorn Helgaas <[email protected]> [ Upstream commit 7a6d312 ] Remove the assumption that IORESOURCE_ROM_ENABLE == PCI_ROM_ADDRESS_ENABLE. PCI_ROM_ADDRESS_ENABLE is the ROM enable bit defined by the PCI spec, so if we're reading or writing a BAR register value, that's what we should use. IORESOURCE_ROM_ENABLE is a corresponding bit in struct resource flags. Signed-off-by: Bjorn Helgaas <[email protected]> Reviewed-by: Gavin Shan <[email protected]> Signed-off-by: Sasha Levin <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> Signed-off-by: Sumit Semwal <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 40a85d6 - Browse repository at this point
Copy the full SHA 40a85d6View commit details -
PCI: Don't update VF BARs while VF memory space is enabled
From: Bjorn Helgaas <[email protected]> [ Upstream commit 546ba9f ] If we update a VF BAR while it's enabled, there are two potential problems: 1) Any driver that's using the VF has a cached BAR value that is stale after the update, and 2) We can't update 64-bit BARs atomically, so the intermediate state (new lower dword with old upper dword) may conflict with another device, and an access by a driver unrelated to the VF may cause a bus error. Warn about attempts to update VF BARs while they are enabled. This is a programming error, so use dev_WARN() to get a backtrace. Signed-off-by: Bjorn Helgaas <[email protected]> Reviewed-by: Gavin Shan <[email protected]> Signed-off-by: Sasha Levin <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> Signed-off-by: Sumit Semwal <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 131f796 - Browse repository at this point
Copy the full SHA 131f796View commit details -
PCI: Update BARs using property bits appropriate for type
From: Bjorn Helgaas <[email protected]> [ Upstream commit 45d004f ] The BAR property bits (0-3 for memory BARs, 0-1 for I/O BARs) are supposed to be read-only, but we do save them in res->flags and include them when updating the BAR. Mask the I/O property bits with ~PCI_BASE_ADDRESS_IO_MASK (0x3) instead of PCI_REGION_FLAG_MASK (0xf) to make it obvious that we can't corrupt bits 2-3 of I/O addresses. Use PCI_ROM_ADDRESS_MASK for ROM BARs. This means we'll only check the top 21 bits (instead of the 28 bits we used to check) of a ROM BAR to see if the update was successful. Signed-off-by: Bjorn Helgaas <[email protected]> Signed-off-by: Sasha Levin <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> Signed-off-by: Sumit Semwal <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for d4f09ea - Browse repository at this point
Copy the full SHA d4f09eaView commit details -
PCI: Ignore BAR updates on virtual functions
From: Bjorn Helgaas <[email protected]> [ Upstream commit 63880b2 ] VF BARs are read-only zero, so updating VF BARs will not have any effect. See the SR-IOV spec r1.1, sec 3.4.1.11. We already ignore these updates because of 70675e0 ("PCI: Don't try to restore VF BARs"); this merely restructures it slightly to make it easier to split updates for standard and SR-IOV BARs. Signed-off-by: Bjorn Helgaas <[email protected]> Reviewed-by: Gavin Shan <[email protected]> Signed-off-by: Sasha Levin <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> Signed-off-by: Sumit Semwal <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for bcbdcf4 - Browse repository at this point
Copy the full SHA bcbdcf4View commit details -
PCI: Do any VF BAR updates before enabling the BARs
From: Gavin Shan <[email protected]> [ Upstream commit f40ec3c ] Previously we enabled VFs and enable their memory space before calling pcibios_sriov_enable(). But pcibios_sriov_enable() may update the VF BARs: for example, on PPC PowerNV we may change them to manage the association of VFs to PEs. Because 64-bit BARs cannot be updated atomically, it's unsafe to update them while they're enabled. The half-updated state may conflict with other devices in the system. Call pcibios_sriov_enable() before enabling the VFs so any BAR updates happen while the VF BARs are disabled. [bhelgaas: changelog] Tested-by: Carol Soto <[email protected]> Signed-off-by: Gavin Shan <[email protected]> Signed-off-by: Bjorn Helgaas <[email protected]> Signed-off-by: Sasha Levin <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> Signed-off-by: Sumit Semwal <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 4110080 - Browse repository at this point
Copy the full SHA 4110080View commit details -
vfio/spapr: Postpone allocation of userspace version of TCE table
From: Alexey Kardashevskiy <[email protected]> [ Upstream commit 39701e5 ] The iommu_table struct manages a hardware TCE table and a vmalloc'd table with corresponding userspace addresses. Both are allocated when the default DMA window is created and this happens when the very first group is attached to a container. As we are going to allow the userspace to configure container in one memory context and pas container fd to another, we have to postpones such allocations till a container fd is passed to the destination user process so we would account locked memory limit against the actual container user constrainsts. This postpones the it_userspace array allocation till it is used first time for mapping. The unmapping patch already checks if the array is allocated. Signed-off-by: Alexey Kardashevskiy <[email protected]> Reviewed-by: David Gibson <[email protected]> Acked-by: Alex Williamson <[email protected]> Signed-off-by: Michael Ellerman <[email protected]> Signed-off-by: Sasha Levin <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> Signed-off-by: Sumit Semwal <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 9fd9e14 - Browse repository at this point
Copy the full SHA 9fd9e14View commit details -
block: allow WRITE_SAME commands with the SG_IO ioctl
From: Mauricio Faria de Oliveira <[email protected]> [ Upstream commit 25cdb64 ] The WRITE_SAME commands are not present in the blk_default_cmd_filter write_ok list, and thus are failed with -EPERM when the SG_IO ioctl() is executed without CAP_SYS_RAWIO capability (e.g., unprivileged users). [ sg_io() -> blk_fill_sghdr_rq() > blk_verify_command() -> -EPERM ] The problem can be reproduced with the sg_write_same command # sg_write_same --num 1 --xferlen 512 /dev/sda # # capsh --drop=cap_sys_rawio -- -c \ 'sg_write_same --num 1 --xferlen 512 /dev/sda' Write same: pass through os error: Operation not permitted # For comparison, the WRITE_VERIFY command does not observe this problem, since it is in that list: # capsh --drop=cap_sys_rawio -- -c \ 'sg_write_verify --num 1 --ilen 512 --lba 0 /dev/sda' # So, this patch adds the WRITE_SAME commands to the list, in order for the SG_IO ioctl to finish successfully: # capsh --drop=cap_sys_rawio -- -c \ 'sg_write_same --num 1 --xferlen 512 /dev/sda' # That case happens to be exercised by QEMU KVM guests with 'scsi-block' devices (qemu "-device scsi-block" [1], libvirt "<disk type='block' device='lun'>" [2]), which employs the SG_IO ioctl() and runs as an unprivileged user (libvirt-qemu). In that scenario, when a filesystem (e.g., ext4) performs its zero-out calls, which are translated to write-same calls in the guest kernel, and then into SG_IO ioctls to the host kernel, SCSI I/O errors may be observed in the guest: [...] sd 0:0:0:0: [sda] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE [...] sd 0:0:0:0: [sda] tag#0 Sense Key : Aborted Command [current] [...] sd 0:0:0:0: [sda] tag#0 Add. Sense: I/O process terminated [...] sd 0:0:0:0: [sda] tag#0 CDB: Write Same(10) 41 00 01 04 e0 78 00 00 08 00 [...] blk_update_request: I/O error, dev sda, sector 17096824 Links: [1] http://git.qemu.org/?p=qemu.git;a=commit;h=336a6915bc7089fb20fea4ba99972ad9a97c5f52 [2] https://libvirt.org/formatdomain.html#elementsDisks (see 'disk' -> 'device') Signed-off-by: Mauricio Faria de Oliveira <[email protected]> Signed-off-by: Brahadambal Srinivasan <[email protected]> Reported-by: Manjunatha H R <[email protected]> Reviewed-by: Christoph Hellwig <[email protected]> Signed-off-by: Jens Axboe <[email protected]> Signed-off-by: Sasha Levin <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> Signed-off-by: Sumit Semwal <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 7023f50 - Browse repository at this point
Copy the full SHA 7023f50View commit details -
s390/zcrypt: Introduce CEX6 toleration
From: Harald Freudenberger <[email protected]> [ Upstream commit b3e8652 ] Signed-off-by: Harald Freudenberger <[email protected]> Signed-off-by: Martin Schwidefsky <[email protected]> Signed-off-by: Sasha Levin <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> Signed-off-by: Sumit Semwal <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ce54941 - Browse repository at this point
Copy the full SHA ce54941View commit details -
uvcvideo: uvc_scan_fallback() for webcams with broken chain
From: Henrik Ingo <[email protected]> [ Upstream commit e950267 ] Some devices have invalid baSourceID references, causing uvc_scan_chain() to fail, but if we just take the entities we can find and put them together in the most sensible chain we can think of, turns out they do work anyway. Note: This heuristic assumes there is a single chain. At the time of writing, devices known to have such a broken chain are - Acer Integrated Camera (5986:055a) - Realtek rtl157a7 (0bda:57a7) Signed-off-by: Henrik Ingo <[email protected]> Signed-off-by: Laurent Pinchart <[email protected]> Signed-off-by: Mauro Carvalho Chehab <[email protected]> Signed-off-by: Sasha Levin <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> Signed-off-by: Sumit Semwal <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 4e2c66b - Browse repository at this point
Copy the full SHA 4e2c66bView commit details -
ACPI / blacklist: add _REV quirks for Dell Precision 5520 and 3520
From: Alex Hung <[email protected]> [ Upstream commit 9523b9b ] Precision 5520 and 3520 either hang at login and during suspend or reboot. It turns out that that adding them to acpi_rev_dmi_table[] helps to work around those issues. Signed-off-by: Alex Hung <[email protected]> [ rjw: Changelog ] Signed-off-by: Rafael J. Wysocki <[email protected]> Signed-off-by: Sasha Levin <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> Signed-off-by: Sumit Semwal <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for d3607fc - Browse repository at this point
Copy the full SHA d3607fcView commit details -
ACPI / blacklist: Make Dell Latitude 3350 ethernet work
From: Michael Pobega <[email protected]> [ Upstream commit 708f5dc ] The Dell Latitude 3350's ethernet card attempts to use a reserved IRQ (18), resulting in ACPI being unable to enable the ethernet. Adding it to acpi_rev_dmi_table[] helps to work around this problem. Signed-off-by: Michael Pobega <[email protected]> [ rjw: Changelog ] Signed-off-by: Rafael J. Wysocki <[email protected]> Signed-off-by: Sasha Levin <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> Signed-off-by: Sumit Semwal <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b8687d8 - Browse repository at this point
Copy the full SHA b8687d8View commit details -
serial: 8250_pci: Detach low-level driver during PCI error recovery
From: Gabriel Krisman Bertazi <[email protected]> [ Upstream commit f209fa0 ] During a PCI error recovery, like the ones provoked by EEH in the ppc64 platform, all IO to the device must be blocked while the recovery is completed. Current 8250_pci implementation only suspends the port instead of detaching it, which doesn't prevent incoming accesses like TIOCMGET and TIOCMSET calls from reaching the device. Those end up racing with the EEH recovery, crashing it. Similar races were also observed when opening the device and when shutting it down during recovery. This patch implements a more robust IO blockage for the 8250_pci recovery by unregistering the port at the beginning of the procedure and re-adding it afterwards. Since the port is detached from the uart layer, we can be sure that no request will make through to the device during recovery. This is similar to the solution used by the JSM serial driver. I thank Peter Hurley <[email protected]> for valuable input on this one over one year ago. Signed-off-by: Gabriel Krisman Bertazi <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> Signed-off-by: Sasha Levin <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> Signed-off-by: Sumit Semwal <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ac60197 - Browse repository at this point
Copy the full SHA ac60197View commit details -
commit 8aac7f3 upstream. fbcon can deal with vc_hi_font_mask (the upper 256 chars) and adjust the vc attrs dynamically when vc_hi_font_mask is changed at fbcon_init(). When the vc_hi_font_mask is set, it remaps the attrs in the existing console buffer with one bit shift up (for 9 bits), while it remaps with one bit shift down (for 8 bits) when the value is cleared. It works fine as long as the font gets updated after fbcon was initialized. However, we hit a bizarre problem when the console is switched to another fb driver (typically from vesafb or efifb to drmfb). At switching to the new fb driver, we temporarily rebind the console to the dummy console, then rebind to the new driver. During the switching, we leave the modified attrs as is. Thus, the new fbcon takes over the old buffer as if it were to contain 8 bits chars (although the attrs are still shifted for 9 bits), and effectively this results in the yellow color texts instead of the original white color, as found in the bugzilla entry below. An easy fix for this is to re-adjust the attrs before leaving the fbcon at con_deinit callback. Since the code to adjust the attrs is already present in the current fbcon code, in this patch, we simply factor out the relevant code, and call it from fbcon_deinit(). Bugzilla: https://bugzilla.suse.com/show_bug.cgi?id=1000619 Signed-off-by: Takashi Iwai <[email protected]> Signed-off-by: Bartlomiej Zolnierkiewicz <[email protected]> Cc: Arnd Bergmann <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 540d6d7 - Browse repository at this point
Copy the full SHA 540d6d7View commit details -
crypto: algif_hash - avoid zero-sized array
commit 6207119 upstream. With this reproducer: struct sockaddr_alg alg = { .salg_family = 0x26, .salg_type = "hash", .salg_feat = 0xf, .salg_mask = 0x5, .salg_name = "digest_null", }; int sock, sock2; sock = socket(AF_ALG, SOCK_SEQPACKET, 0); bind(sock, (struct sockaddr *)&alg, sizeof(alg)); sock2 = accept(sock, NULL, NULL); setsockopt(sock, SOL_ALG, ALG_SET_KEY, "\x9b\xca", 2); accept(sock2, NULL, NULL); ==== 8< ======== 8< ======== 8< ======== 8< ==== one can immediatelly see an UBSAN warning: UBSAN: Undefined behaviour in crypto/algif_hash.c:187:7 variable length array bound value 0 <= 0 CPU: 0 PID: 15949 Comm: syz-executor Tainted: G E 4.4.30-0-default #1 ... Call Trace: ... [<ffffffff81d598fd>] ? __ubsan_handle_vla_bound_not_positive+0x13d/0x188 [<ffffffff81d597c0>] ? __ubsan_handle_out_of_bounds+0x1bc/0x1bc [<ffffffffa0e2204d>] ? hash_accept+0x5bd/0x7d0 [algif_hash] [<ffffffffa0e2293f>] ? hash_accept_nokey+0x3f/0x51 [algif_hash] [<ffffffffa0e206b0>] ? hash_accept_parent_nokey+0x4a0/0x4a0 [algif_hash] [<ffffffff8235c42b>] ? SyS_accept+0x2b/0x40 It is a correct warning, as hash state is propagated to accept as zero, but creating a zero-length variable array is not allowed in C. Fix this as proposed by Herbert -- do "?: 1" on that site. No sizeof or similar happens in the code there, so we just allocate one byte even though we do not use the array. Signed-off-by: Jiri Slaby <[email protected]> Cc: Herbert Xu <[email protected]> Cc: "David S. Miller" <[email protected]> (maintainer:CRYPTO API) Reported-by: Sasha Levin <[email protected]> Signed-off-by: Herbert Xu <[email protected]> Cc: Arnd Bergmann <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for f8a62db - Browse repository at this point
Copy the full SHA f8a62dbView commit details -
Configuration menu - View commit details
-
Copy full SHA for 0a5766a - Browse repository at this point
Copy the full SHA 0a5766aView commit details -
Changes in 4.4.48: net/openvswitch: Set the ipv6 source tunnel key address attribute correctly net: bcmgenet: Do not suspend PHY if Wake-on-LAN is enabled net: properly release sk_frag.page amd-xgbe: Fix jumbo MTU processing on newer hardware net: unix: properly re-increment inflight counter of GC discarded candidates net/mlx5: Increase number of max QPs in default profile net/mlx5e: Count LRO packets correctly net: bcmgenet: remove bcmgenet_internal_phy_setup() ipv4: provide stronger user input validation in nl_fib_input() socket, bpf: fix sk_filter use after free in sk_clone_lock tcp: initialize icsk_ack.lrcvtime at session start time Input: elan_i2c - add ASUS EeeBook X205TA special touchpad fw Input: i8042 - add noloop quirk for Dell Embedded Box PC 3000 Input: iforce - validate number of endpoints before using them Input: ims-pcu - validate number of endpoints before using them Input: hanwang - validate number of endpoints before using them Input: yealink - validate number of endpoints before using them Input: cm109 - validate number of endpoints before using them Input: kbtab - validate number of endpoints before using them Input: sur40 - validate number of endpoints before using them ALSA: seq: Fix racy cell insertions during snd_seq_pool_done() ALSA: ctxfi: Fix the incorrect check of dma_set_mask() call ALSA: hda - Adding a group of pin definition to fix headset problem USB: serial: option: add Quectel UC15, UC20, EC21, and EC25 modems USB: serial: qcserial: add Dell DW5811e ACM gadget: fix endianness in notifications usb: gadget: f_uvc: Fix SuperSpeed companion descriptor's wBytesPerInterval usb-core: Add LINEAR_FRAME_INTR_BINTERVAL USB quirk USB: uss720: fix NULL-deref at probe USB: lvtest: fix NULL-deref at probe USB: idmouse: fix NULL-deref at probe USB: wusbcore: fix NULL-deref at probe usb: musb: cppi41: don't check early-TX-interrupt for Isoch transfer usb: hub: Fix crash after failure to read BOS descriptor uwb: i1480-dfu: fix NULL-deref at probe uwb: hwa-rc: fix NULL-deref at probe mmc: ushc: fix NULL-deref at probe iio: adc: ti_am335x_adc: fix fifo overrun recovery iio: hid-sensor-trigger: Change get poll value function order to avoid sensor properties losing after resume from S3 parport: fix attempt to write duplicate procfiles ext4: mark inode dirty after converting inline directory mmc: sdhci: Do not disable interrupts while waiting for clock xen/acpi: upload PM state from init-domain to Xen iommu/vt-d: Fix NULL pointer dereference in device_to_iommu ARM: at91: pm: cpu_idle: switch DDR to power-down mode ARM: dts: at91: sama5d2: add dma properties to UART nodes cpufreq: Restore policy min/max limits on CPU online raid10: increment write counter after bio is split libceph: don't set weight to IN when OSD is destroyed xfs: don't allow di_size with high bit set xfs: fix up xfs_swap_extent_forks inline extent handling nl80211: fix dumpit error path RTNL deadlocks USB: usbtmc: add missing endpoint sanity check xfs: clear _XBF_PAGES from buffers when readahead page xen: do not re-use pirq number cached in pci device msi msg data igb: Workaround for igb i210 firmware issue igb: add i211 to i210 PHY workaround x86/hyperv: Handle unknown NMIs on one CPU when unknown_nmi_panic PCI: Separate VF BAR updates from standard BAR updates PCI: Remove pci_resource_bar() and pci_iov_resource_bar() PCI: Add comments about ROM BAR updating PCI: Decouple IORESOURCE_ROM_ENABLE and PCI_ROM_ADDRESS_ENABLE PCI: Don't update VF BARs while VF memory space is enabled PCI: Update BARs using property bits appropriate for type PCI: Ignore BAR updates on virtual functions PCI: Do any VF BAR updates before enabling the BARs vfio/spapr: Postpone allocation of userspace version of TCE table block: allow WRITE_SAME commands with the SG_IO ioctl s390/zcrypt: Introduce CEX6 toleration uvcvideo: uvc_scan_fallback() for webcams with broken chain ACPI / blacklist: add _REV quirks for Dell Precision 5520 and 3520 ACPI / blacklist: Make Dell Latitude 3350 ethernet work serial: 8250_pci: Detach low-level driver during PCI error recovery fbcon: Fix vc attr at deinit crypto: algif_hash - avoid zero-sized array Linux 4.4.58 Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2995043 - Browse repository at this point
Copy the full SHA 2995043View commit details -
UPSTREAM: ARM: 8476/1: VDSO: use PTR_ERR_OR_ZERO for vma check
(cherry pick from commit 38fc2f6) Use PTR_ERR_OR_ZERO rather than if(IS_ERR(...)) + PTR_ERR Signed-off-by: Prasanna Karthik <[email protected]> Signed-off-by: Nathan Lynch <[email protected]> Signed-off-by: Russell King <[email protected]> Bug: 20045882 Bug: 19198045 Change-Id: Id4838948c19f031a66af1654a4c47668288a0037
Prasanna Karthik authored and Mark Salyzyn committedMar 30, 2017 Configuration menu - View commit details
-
Copy full SHA for e1feee0 - Browse repository at this point
Copy the full SHA e1feee0View commit details -
UPSTREAM: mm: add PHYS_PFN, use it in __phys_to_pfn()
(cherry pick from commit 8f235d1) __phys_to_pfn and __pfn_to_phys are symmetric, PHYS_PFN and PFN_PHYS are semmetric: - y = (phys_addr_t)x << PAGE_SHIFT - y >> PAGE_SHIFT = (phys_add_t)x - (unsigned long)(y >> PAGE_SHIFT) = x [[email protected]: use macro arg name `x'] [[email protected]: include linux/pfn.h for PHYS_PFN definition] Signed-off-by: Chen Gang <[email protected]> Cc: Oleg Nesterov <[email protected]> Signed-off-by: Arnd Bergmann <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]> Bug: 20045882 Bug: 19198045 Change-Id: If968d2246b381b9e5d6446e9d6d9fa45bb718e91
Chen Gang authored and Mark Salyzyn committedMar 30, 2017 Configuration menu - View commit details
-
Copy full SHA for 510b819 - Browse repository at this point
Copy the full SHA 510b819View commit details -
UPSTREAM: kbuild: drop FORCE from PHONY targets
(cherry pick from commit 2e8d696) These targets are marked as PHONY. No need to add FORCE to their dependency. Signed-off-by: Masahiro Yamada <[email protected]> Signed-off-by: Michal Marek <[email protected]> Bug: 20045882 Bug: 19198045 Change-Id: I718d46c339c99418d543cc64cabc851307e5abb7
Configuration menu - View commit details
-
Copy full SHA for f186947 - Browse repository at this point
Copy the full SHA f186947View commit details -
UPSTREAM: arm64: fix vdso-offsets.h dependency
(cherry pick from commit a66649d) arm64/kernel/{vdso,signal}.c include vdso-offsets.h, as well as any file that includes asm/vdso.h. Therefore, vdso-offsets.h must be generated before these files are compiled. The current rules in arm64/kernel/Makefile do not actually enforce this, because even though $(obj)/vdso is listed as a prerequisite for vdso-offsets.h, this does not result in the intended effect of building the vdso subdirectory (before all the other objects). As a consequence, depending on the order in which the rules are followed, vdso-offsets.h is updated or not before arm64/kernel/{vdso,signal}.o are built. The current rules also impose an unnecessary dependency on vdso-offsets.h for all arm64/kernel/*.o, resulting in unnecessary rebuilds. This is made obvious when using make -j: touch arch/arm64/kernel/vdso/gettimeofday.S && make -j$NCPUS arch/arm64/kernel will sometimes result in none of arm64/kernel/*.o being rebuilt, sometimes all of them, or even just some of them. It is quite difficult to ensure that a header is generated before it is used with recursive Makefiles by using normal rules. Instead, arch-specific generated headers are normally built in the archprepare recipe in the arch Makefile (see for instance arch/ia64/Makefile). Unfortunately, asm-offsets.h is included in gettimeofday.S, and must therefore be generated before vdso-offsets.h, which is not the case if archprepare is used. For this reason, a rule run after archprepare has to be used. This commit adds rules in arm64/Makefile to build vdso-offsets.h during the prepare step, ensuring that vdso-offsets.h is generated before building anything. It also removes the now-unnecessary dependencies on vdso-offsets.h in arm64/kernel/Makefile. Finally, it removes the duplication of asm-offsets.h between arm64/kernel/vdso/ and include/generated/ and makes include/generated/vdso-offsets.h a target in arm64/kernel/vdso/Makefile. Cc: Will Deacon <[email protected]> Cc: Michal Marek <[email protected]> Signed-off-by: Kevin Brodsky <[email protected]> Signed-off-by: Catalin Marinas <[email protected]> Bug: 20045882 Bug: 19198045 Change-Id: Iaaf1c6d3c98287617fc7f63a736752f6597bc8d0
Configuration menu - View commit details
-
Copy full SHA for fb47dee - Browse repository at this point
Copy the full SHA fb47deeView commit details -
UPSTREAM: arm64: Refactor vDSO time functions
(cherry pick from commit b33f491) Time functions are directly implemented in assembly in arm64, and it is desirable to keep it this way for performance reasons (everything fits in registers, so that the stack is not used at all). However, the current implementation is quite difficult to read and understand (even considering it's assembly). Additionally, due to the structure of __kernel_clock_gettime, which heavily uses conditional branches to share code between the different clocks, it is difficult to support a new clock without making the branches even harder to follow. This commit completely refactors the structure of clock_gettime (and gettimeofday along the way) while keeping exactly the same algorithms. We no longer try to share code; instead, macros provide common operations. This new approach comes with a number of advantages: - In clock_gettime, clock implementations are no longer interspersed, making them much more readable. Additionally, macros only use registers passed as arguments or reserved with .req, this way it is easy to make sure that registers are properly allocated. To avoid a large number of branches in a given execution path, a jump table is used; a normal execution uses 3 unconditional branches. - __do_get_tspec has been replaced with 2 macros (get_ts_clock_mono, get_clock_shifted_nsec) and explicit loading of data from the vDSO page. Consequently, clock_gettime and gettimeofday are now leaf functions, and saving x30 (lr) is no longer necessary. - Variables protected by tb_seq_count are now loaded all at once, allowing to merge the seqcnt_read macro into seqcnt_check. - For CLOCK_REALTIME_COARSE, removed an unused load of the wall to monotonic timespec. - For CLOCK_MONOTONIC_COARSE, removed a few shift instructions. Obviously, the downside of sharing less code is an increase in code size. However since the vDSO has its own code page, this does not really matter, as long as the size of the DSO remains below 4 kB. For now this should be all right: Before After vdso.so size (B) 2776 3000 Signed-off-by: Kevin Brodsky <[email protected]> Reviewed-by: Dave Martin <[email protected]> Acked-by: Will Deacon <[email protected]> Signed-off-by: Catalin Marinas <[email protected]> Bug: 20045882 Bug: 19198045 Change-Id: I0a0036c54419ee561efe3aad97489e7748ddc59e
Configuration menu - View commit details
-
Copy full SHA for 9d2622b - Browse repository at this point
Copy the full SHA 9d2622bView commit details -
UPSTREAM: arm64: Add support for CLOCK_MONOTONIC_RAW in clock_gettime…
…() vDSO (cherry pick from commit 49eea43) So far the arm64 clock_gettime() vDSO implementation only supported the following clocks, falling back to the syscall for the others: - CLOCK_REALTIME{,_COARSE} - CLOCK_MONOTONIC{,_COARSE} This patch adds support for the CLOCK_MONOTONIC_RAW clock, taking advantage of the recent refactoring of the vDSO time functions. Like the non-_COARSE clocks, this only works when the "arch_sys_counter" clocksource is in use (allowing us to read the current time from the virtual counter register), otherwise we also have to fall back to the syscall. Most of the data is shared with CLOCK_MONOTONIC, and the algorithm is similar. The reference implementation in kernel/time/timekeeping.c shows that: - CLOCK_MONOTONIC = tk->wall_to_monotonic + tk->xtime_sec + timekeeping_get_ns(&tk->tkr_mono) - CLOCK_MONOTONIC_RAW = tk->raw_time + timekeeping_get_ns(&tk->tkr_raw) - tkr_mono and tkr_raw are identical (in particular, same clocksource), except these members: * mult (only mono's multiplier is NTP-adjusted) * xtime_nsec (always 0 for raw) Therefore, tk->raw_time and tkr_raw->mult are now also stored in the vDSO data page. Cc: Ali Saidi <[email protected]> Signed-off-by: Kevin Brodsky <[email protected]> Reviewed-by: Dave Martin <[email protected]> Acked-by: Will Deacon <[email protected]> Signed-off-by: Catalin Marinas <[email protected]> Bug: 20045882 Bug: 19198045 Change-Id: I854adcc1192757a1ac40662e85d466ca709d0682
Configuration menu - View commit details
-
Copy full SHA for c2e0fb3 - Browse repository at this point
Copy the full SHA c2e0fb3View commit details -
UPSTREAM: ARM: 8597/1: VDSO: put RO and RO after init objects into pr…
…oper sections (cherry pick from commit 92bb8d5) vdso_data_mapping is never modified, so mark it as const. vdso_total_pages, vdso_data_page, vdso_text_mapping and cntvct_ok are initialized by vdso_init(), thereafter are read only. The fact that they are read only after init makes them candidates for __ro_after_init declarations. Signed-off-by: Jisheng Zhang <[email protected]> Reviewed-by: Kees Cook <[email protected]> Acked-by: Nathan Lynch <[email protected]> Signed-off-by: Russell King <[email protected]> Bug: 20045882 Bug: 19198045 Change-Id: I0b2f9807d3cd66c5ef7457ac6fc180a41cbe05c6
Jisheng Zhang authored and Mark Salyzyn committedMar 30, 2017 Configuration menu - View commit details
-
Copy full SHA for b4b7a24 - Browse repository at this point
Copy the full SHA b4b7a24View commit details -
UPSTREAM: arm64: vdso: add __init section marker to alloc_vectors_page
(cherry pick from commit 1aed28f) It is not needed after booting, this patch moves the alloc_vectors_page function to the __init section. Acked-by: Mark Rutland <[email protected]> Signed-off-by: Jisheng Zhang <[email protected]> Signed-off-by: Will Deacon <[email protected]> Bug: 20045882 Bug: 19198045 Change-Id: I1d7b89f9e20890b18e77c8752f1eef33d721ea81
Jisheng Zhang authored and Mark Salyzyn committedMar 30, 2017 Configuration menu - View commit details
-
Copy full SHA for 30e1bf3 - Browse repository at this point
Copy the full SHA 30e1bf3View commit details -
UPSTREAM: arm64: vdso: constify vm_special_mapping used for aarch32 v…
…ectors page (cherry pick from commit b6d081b) The vm_special_mapping spec which is used for aarch32 vectors page is never modified, so mark it as const. Acked-by: Mark Rutland <[email protected]> Signed-off-by: Jisheng Zhang <[email protected]> Signed-off-by: Will Deacon <[email protected]> Bug: 20045882 Bug: 19198045 Change-Id: If1afd11bfeefee45a2b96634b18143937a773a14
Jisheng Zhang authored and Mark Salyzyn committedMar 30, 2017 Configuration menu - View commit details
-
Copy full SHA for 0c61bc7 - Browse repository at this point
Copy the full SHA 0c61bc7View commit details -
ANDROID: ARM64: Allow to choose appended kernel image
By default appended kernel image is Image.gz-dtb. New config option BUILD_ARM64_APPENDED_KERNEL_IMAGE_NAME allows to choose between Image.gz-dtb and Image-dtb. Change-Id: I1c71b85136f1beeb61782e4646820718c1ccd7e4 Signed-off-by: Dmitry Shmidt <[email protected]>
Dmitry Shmidt committedMar 30, 2017 Configuration menu - View commit details
-
Copy full SHA for a08cafa - Browse repository at this point
Copy the full SHA a08cafaView commit details
Commits on Mar 31, 2017
-
config: android: move device mapper options to recommended
CONFIG_MD is in recommended, but other dependent options like DM_CRYPT and DM_VERITY options are in base. The result is the options in base don't get enabled when applying both base and recommended fragments. Move all the options to recommended. Link: http://lkml.kernel.org/r/[email protected] Signed-off-by: Rob Herring <[email protected]> Acked-by: John Stultz <[email protected]> Cc: Amit Pundir <[email protected]> Cc: Dmitry Shmidt <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]> (cherry picked from commit f023a39) Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 55c2076 - Browse repository at this point
Copy the full SHA 55c2076View commit details -
UPSTREAM: config: android: set SELinux as default security mode
Android won't boot without SELinux enabled, so make it the default. Link: http://lkml.kernel.org/r/[email protected] Signed-off-by: Rob Herring <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]> (cherry picked from commit d90ae51) Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 312b1f8 - Browse repository at this point
Copy the full SHA 312b1f8View commit details
Commits on Apr 1, 2017
-
UPSTREAM: config/android: Remove CONFIG_IPV6_PRIVACY
Option is long gone, see commit 5d9efa7 ("ipv6: Remove privacy config option.") Link: http://lkml.kernel.org/r/[email protected] Signed-off-by: Borislav Petkov <[email protected]> Cc: Rob Herring <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]> (cherry picked from commit a2c6a23) Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b6cf5c7 - Browse repository at this point
Copy the full SHA b6cf5c7View commit details -
ANDROID: sort android-recommended.cfg
It got out-of-order, so resort it to make it easier to sync with other trees. Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6351940 - Browse repository at this point
Copy the full SHA 6351940View commit details
Commits on Apr 2, 2017
-
hikey960_defconfig: remove wext and debug in cfg80211
Remove these configs: -CONFIG_NL80211_TESTMODE=y -CONFIG_CFG80211_REG_DEBUG=y -CONFIG_CFG80211_WEXT=y CONFIG_NL80211_TESTMODE: implementing things like factory calibration or validation tools for wireless chips. No need on HiKey960 release build. CONFIG_CFG80211_REG_DEBUG: enable this if you want to debug regulatory changes. No need on HiKey960 release build.. CONFIG_CFG80211_WEXT: Enable this option if you need old userspace for wireless extensions with cfg80211-based drivers. No need on HiKey960. nl80211 is used instead. Signed-off-by: Guodong Xu <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2319703 - Browse repository at this point
Copy the full SHA 2319703View commit details
Commits on Apr 3, 2017
-
ANDROID: binder: add hwbinder,vndbinder to BINDER_DEVICES.
These will be required going forward. Change-Id: Idf0593461cef88051564ae0df495c156e31048c4 Signed-off-by: Martijn Coenen <[email protected]>
Martijn Coenen committedApr 3, 2017 Configuration menu - View commit details
-
Copy full SHA for 025b221 - Browse repository at this point
Copy the full SHA 025b221View commit details
Commits on Apr 4, 2017
-
ANDROID: android-base.cfg: properly sort the file
It somehow got out of alphabetical order, fix it to make merges and testing easier. Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 21afcf6 - Browse repository at this point
Copy the full SHA 21afcf6View commit details -
ANDROID: android-base.cfg: add CONFIG_IKCONFIG option
This adds CONFIG_IKCONFIG and CONFIG_IKCONFIG_PROC options, which are a requirement for the O release. Bug: 35803310 Signed-off-by: Greg Kroah-Hartman <[email protected]> (cherry picked from commit 7d9280f)
Configuration menu - View commit details
-
Copy full SHA for 8588d88 - Browse repository at this point
Copy the full SHA 8588d88View commit details -
ANDROID: android-base.cfg: add CONFIG_MODULES option
This adds CONFIG_MODULES, CONFIG_MODULE_UNLOAD, and CONFIG_MODVERSIONS which are required by the O release. Bug: 35803310 Signed-off-by: Greg Kroah-Hartman <[email protected]> (cherry picked from commit 56f22e6)
Configuration menu - View commit details
-
Copy full SHA for 10610ac - Browse repository at this point
Copy the full SHA 10610acView commit details -
android: base-cfg: enable CONFIG_INET_DIAG_DESTROY
As of Android N, this is required to close sockets when a network disconnects. Change-Id: I9fe81c5fc5224c17bfd8d9e236ea9e436b5971cb (cherry picked from commit 4a15cee) Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 31f9ce3 - Browse repository at this point
Copy the full SHA 31f9ce3View commit details
Commits on Apr 6, 2017
-
UPSTREAM: ipv6 addrconf: implement RFC7559 router solicitation backoff
This implements: https://tools.ietf.org/html/rfc7559 Backoff is performed according to RFC3315 section 14: https://tools.ietf.org/html/rfc3315#section-14 We allow setting /proc/sys/net/ipv6/conf/*/router_solicitations to a negative value meaning an unlimited number of retransmits, and we make this the new default (inline with the RFC). We also add a new setting: /proc/sys/net/ipv6/conf/*/router_solicitation_max_interval defaulting to 1 hour (per RFC recommendation). Signed-off-by: Maciej Żenczykowski <[email protected]> Acked-by: Erik Kline <[email protected]> Signed-off-by: David S. Miller <[email protected]> (cherry picked from commit bd11f07 in DaveM's net-next/master, should make Linus' tree in 4.9-rc1) Change-Id: Ia32cdc5c61481893ef8040734e014bf2229fc39e
Configuration menu - View commit details
-
Copy full SHA for e246a2f - Browse repository at this point
Copy the full SHA e246a2fView commit details -
Changes in 4.4.59: xfrm: policy: init locks early xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder virtio_balloon: init 1st buffer in stats vq pinctrl: qcom: Don't clear status bit on irq_unmask c6x/ptrace: Remove useless PTRACE_SETREGSET implementation h8300/ptrace: Fix incorrect register transfer count mips/ptrace: Preserve previous registers for short regset write sparc/ptrace: Preserve previous registers for short regset write metag/ptrace: Preserve previous registers for short regset write metag/ptrace: Provide default TXSTATUS for short NT_PRSTATUS metag/ptrace: Reject partial NT_METAG_RPIPE writes fscrypt: remove broken support for detecting keyring key revocation sched/rt: Add a missing rescheduling point Linux 4.4.59 Change-Id: Ifa35307b133cbf29d0a0084bb78a7b0436182b53 Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 3a75d7a - Browse repository at this point
Copy the full SHA 3a75d7aView commit details
Commits on Apr 7, 2017
-
ANDROID: sdcardfs: remove unnecessary call to do_munmap
Adapted from wrapfs commit 5be6de9ecf02 ("Wrapfs: use vm_munmap in ->mmap") commit 2c9f6014a8bb ("Wrapfs: remove unnecessary call to vm_unmap in ->mmap") Code is unnecessary and causes deadlocks in newer kernels. Signed-off-by: Erez Zadok <[email protected]> Signed-off-by: Daniel Rosenberg <[email protected]> Bug: 35766959 Change-Id: Ia252d60c60799d7e28fc5f1f0f5b5ec2430a2379
Configuration menu - View commit details
-
Copy full SHA for 5156f3e - Browse repository at this point
Copy the full SHA 5156f3eView commit details -
ANDROID: sdcardfs: copy lower inode attributes in ->ioctl
Adapted from wrapfs commit fbc9c6f83ea6 ("Wrapfs: copy lower inode attributes in ->ioctl") commit e97d8e26cc9e ("Wrapfs: use file_inode helper") Some ioctls (e.g., EXT2_IOC_SETFLAGS) can change inode attributes, so copy them from lower inode. Signed-off-by: Erez Zadok <[email protected]> Signed-off-by: Daniel Rosenberg <[email protected]> Bug: 35766959 Change-Id: I0f12684b9dbd4088b4a622c7ea9c03087f40e572
Configuration menu - View commit details
-
Copy full SHA for b2fc288 - Browse repository at this point
Copy the full SHA b2fc288View commit details -
ANDROID: sdcardfs: fix ->llseek to update upper and lower offset
Adapted from wrapfs commit 1d1d23a47baa ("Wrapfs: fix ->llseek to update upper and lower offsets") Fixes bug: xfstests generic/257. f_pos consistently is required by and only by dir_ops->wrapfs_readdir, main_ops is not affected. Signed-off-by: Erez Zadok <[email protected]> Signed-off-by: Mengyang Li <[email protected]> Signed-off-by: Daniel Rosenberg <[email protected]> Bug: 35766959 Change-Id: I360a1368ac37ea8966910a58972b81504031d437
Configuration menu - View commit details
-
Copy full SHA for c4e9b94 - Browse repository at this point
Copy the full SHA c4e9b94View commit details -
ANDROID: sdcardfs: add read_iter/write_iter opeations
Adapted from wrapfs commit f398bf6a7377 ("Wrapfs: add read_iter/write_iter opeations") Signed-off-by: Erez Zadok <[email protected]> Signed-off-by: Mengyang Li <[email protected]> Signed-off-by: Daniel Rosenberg <[email protected]> Bug: 35766959 Change-Id: I2b3de59c9682fc705bf21df0de6df81e76fd2e40
Configuration menu - View commit details
-
Copy full SHA for 9a1e24a - Browse repository at this point
Copy the full SHA 9a1e24aView commit details -
ANDROID: sdcardfs: use d_splice_alias
adapted from wrapfs commit 9671770ff8b9 ("Wrapfs: use d_splice_alias") Refactor interpose code to allow lookup to use d_splice_alias. Signed-off-by: Erez Zadok <[email protected]> Signed-off-by: Daniel Rosenberg <[email protected]> Bug: 35766959 Change-Id: Icf51db8658202c48456724275b03dc77f73f585b
Configuration menu - View commit details
-
Copy full SHA for fb12388 - Browse repository at this point
Copy the full SHA fb12388View commit details -
usb: only enable type-c vbus when device is connected
fix the bug that always-on type-c vbus cause the usb enumeration error Signed-off-by: Li Rui <[email protected]> Signed-off-by: Fan Ning <[email protected]> Reviewed-by: Chen Feng <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b6411ac - Browse repository at this point
Copy the full SHA b6411acView commit details -
arm64: dts: hi3660-hikey960: change compatible string to ti,wl1837
HiKey960 product version uses TI WL1837MOD module. It's better to change compatible string to ti,wl1837. The very first few boards (called v1) are mounted TI WL1835MOD. But drivers of wl1835 and wl1837 are the same, so this change is compatible with v1. Signed-off-by: Guodong Xu <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for f01f422 - Browse repository at this point
Copy the full SHA f01f422View commit details -
ANDROID: sdcardfs: update module info
Signed-off-by: Daniel Rosenberg <[email protected]> Change-Id: I958c7c226d4e9265fea8996803e5b004fb33d8ad
Configuration menu - View commit details
-
Copy full SHA for 24c96f7 - Browse repository at this point
Copy the full SHA 24c96f7View commit details -
Revert "HACK: ARM64: Replace default target from Image.gz-dtb to Imag…
…e-dtb" This reverts commit e5a30ce.
Dmitry Shmidt committedApr 7, 2017 Configuration menu - View commit details
-
Copy full SHA for a0ebcda - Browse repository at this point
Copy the full SHA a0ebcdaView commit details -
Merge remote-tracking branch 'common/android-4.4' into android-hikey-…
…linaro-4.4-aosp
Dmitry Shmidt committedApr 7, 2017 Configuration menu - View commit details
-
Copy full SHA for f82ac8e - Browse repository at this point
Copy the full SHA f82ac8eView commit details -
ARM: hikey: Choose CONFIG_IMG_DTB for default Image-dtb compilation
Change-Id: I02bb7b104789a85f3fde33de01900ae05f4a47d8 Signed-off-by: Dmitry Shmidt <[email protected]>
Dmitry Shmidt committedApr 7, 2017 Configuration menu - View commit details
-
Copy full SHA for aa29bf9 - Browse repository at this point
Copy the full SHA aa29bf9View commit details
Commits on Apr 10, 2017
-
Merge remote-tracking branch 'remotes/parter-aosp/mirror-aosp-android…
…-hikey-linaro-4.4' into working-android-hikey-linaro-4.4 * remotes/parter-aosp/mirror-aosp-android-hikey-linaro-4.4: (695 commits) ARM: hikey: Choose CONFIG_IMG_DTB for default Image-dtb compilation Revert "HACK: ARM64: Replace default target from Image.gz-dtb to Image-dtb" ANDROID: sdcardfs: update module info ANDROID: sdcardfs: use d_splice_alias ANDROID: sdcardfs: add read_iter/write_iter opeations ANDROID: sdcardfs: fix ->llseek to update upper and lower offset ANDROID: sdcardfs: copy lower inode attributes in ->ioctl ANDROID: sdcardfs: remove unnecessary call to do_munmap Merge 4.4.59 into android-4.4 UPSTREAM: ipv6 addrconf: implement RFC7559 router solicitation backoff android: base-cfg: enable CONFIG_INET_DIAG_DESTROY ANDROID: android-base.cfg: add CONFIG_MODULES option ANDROID: android-base.cfg: add CONFIG_IKCONFIG option ANDROID: android-base.cfg: properly sort the file ANDROID: binder: add hwbinder,vndbinder to BINDER_DEVICES. ANDROID: sort android-recommended.cfg UPSTREAM: config/android: Remove CONFIG_IPV6_PRIVACY UPSTREAM: config: android: set SELinux as default security mode config: android: move device mapper options to recommended ANDROID: ARM64: Allow to choose appended kernel image ...
Configuration menu - View commit details
-
Copy full SHA for e9799af - Browse repository at this point
Copy the full SHA e9799afView commit details -
Revert "clk: hisilicon: hi3660: correct stub clock id"
This reverts commit e330525.
Configuration menu - View commit details
-
Copy full SHA for b5acc58 - Browse repository at this point
Copy the full SHA b5acc58View commit details
Commits on Apr 11, 2017
-
arm64: dts: Fix pmctrl duplicated creation
sysfs: cannot create duplicate filename '/bus/platform/devices/e8a09000.pctrl' ------------[ cut here ]------------ WARNING: at fs/sysfs/dir.c:31 CPU: 6 PID: 1 Comm: swapper/0 Not tainted 4.4.21+ #3 Hardware name: HiKey960 (DT) task: ffffffc0b9490000 ti: ffffffc0b9474000 task.ti: ffffffc0b9474000 PC is at sysfs_warn_dup+0x60/0x84 LR is at sysfs_warn_dup+0x60/0x84 ...... Removing unused and duplicated nodes in dts fixes the warning above. Signed-off-by: Zhong Kaihua <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for f27b555 - Browse repository at this point
Copy the full SHA f27b555View commit details -
mmc: dw_mmc-k3: add DW_MCI_QUIRK_BROKEN_DTO flag
If DTO interrupt does NOT come in sending data state, we should notify the driver to terminate current transfer and report a data timeout to the core. Signed-off-by: chenjun <[email protected]> Signed-off-by: Chen Feng <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 40f8c29 - Browse repository at this point
Copy the full SHA 40f8c29View commit details
Commits on Apr 12, 2017
-
dts: hisilicon: disable framebuffer display driver and enable drm dis…
…play driver add these configs : +CONFIG_DRM_KIRIN_960=y +CONFIG_HISI_KIRIN_DW_DSI=y +CONFIG_DRM_PANEL_HIKEY960_NTE300NTS=y remove these config: -CONFIG_DRM_I2C_ADV7511=y -CONFIG_DRM_HISI_KIRIN=y -CONFIG_HISI_FB_KIRIN960=y In the old code base, framebuffer driver don't support different resolution switching. drm display driver support to add cmdline attribute (such as: "video=HDMI-A-1:1920x1080@60" "video=HDMI-A-1:1280x720@60" etc.) for switching specified resolution. This patch is used with new gralloc and new gpu library file. Signed-off-by: Chen Feng <[email protected]> Signed-off-by: Liwei Cai <[email protected]> Signed-off-by: John Stultz <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for bc56009 - Browse repository at this point
Copy the full SHA bc56009View commit details -
drm: solve display underflow at 1280x800@60fps
There is an error in dss driver of calculating dfs value. Solve it by using unsigned value type calculation. Signed-off-by: cailiwei <[email protected]> Signed-off-by: John Stultz <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for a5407ab - Browse repository at this point
Copy the full SHA a5407abView commit details -
drm: hisilicon: solve tearing issue of display
The use of synchronization mechanisms to deal with the display of buffer, to solve the problem of display tearing. Signed-off-by: Wanchun Zheng <[email protected]> Signed-off-by: Liwei Cai <[email protected]> Signed-off-by: John Stultz <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 94b5680 - Browse repository at this point
Copy the full SHA 94b5680View commit details -
drm: hisilicon: Fix kirin960 performance issue waiting for vsync
The 1ms stalls wating for vsync was causing major performance issues so this drops it down to 250us which seems to work better. Signed-off-by: John Stultz <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for e14fb3a - Browse repository at this point
Copy the full SHA e14fb3aView commit details
Commits on Apr 19, 2017
-
clk: hisilicon: fix lock assignment
In clock driver initialize phase the spinlock is missed to assignment to struct clkgate_separated, finally there have no locking to protect exclusive accessing for clock registers. This bug introduces the console has no output after enable coresight driver on 96boards Hikey; this is because console using UART3, which has shared the same register with coresight clock enabling bit. After applied this patch it can assign lock properly to protect exclusive accessing, and console can work well after enabled coresight modules. Fixes: 0aa0c95 ("clk: hisilicon: add common clock support") Signed-off-by: Leo Yan <[email protected]> Signed-off-by: Stephen Boyd <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2f6a408 - Browse repository at this point
Copy the full SHA 2f6a408View commit details
Commits on May 11, 2017
-
dts: arm64: hi3660: change CPU type for ca73
Fix device tree binding for CPU type from 'ca72' to 'ca73'. Signed-off-by: Leo Yan <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 5a74fcb - Browse repository at this point
Copy the full SHA 5a74fcbView commit details -
clk: Hi3660: fix for stub clock driver
The stub clock driver sends message to mailbox channel to change frequency. In the old code the stub clock driver use local variables to store messages, so there have some corner cases the stub clock driver has bailed out but message driver has not really finished transferring. As result, the mailbox driver will read the staled data from stack; so sometimes the CPU frequency cannot be really changed, and in serious result this will introduce MCU cannot work properly so the mailbox cannot get any ack from MCU. So this patch is to use stub clock driver structure to store messages; so the messages will be kept even the stub clock driver has bailed out, finally we can get safe data for mailbox driver. Signed-off-by: Leo Yan <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for e53fa5b - Browse repository at this point
Copy the full SHA e53fa5bView commit details
Commits on May 13, 2017
-
arm64: dts: Fix incorrect led gpio configuration
The correct gpio config on Hikey960 board should be: V1 V2 USER_LED1 gpio208 gpio150 USER_LED2 gpio209 gpio151 USER_LED3 gpio210 gpio189 USER_LED4 gpio211 gpio190 wifi_active gpio205 gpio205 bt_active gpio207 gpio207 The 'compatible' and 'status' nodes are modified to 'gpio-leds' and 'ok' according to BoardID in bootloader. Signed-off-by: Zhong Kaihua <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 4a37c68 - Browse repository at this point
Copy the full SHA 4a37c68View commit details
Commits on May 25, 2017
-
clk: hisilicon: add clks for isp driver on Hikey960
Add clocks for isp driver on Hikey960 board.
Configuration menu - View commit details
-
Copy full SHA for cd15fd1 - Browse repository at this point
Copy the full SHA cd15fd1View commit details -
Merge branch 'working-android-hikey-linaro-4.4' of github.com:96board…
…s-hikey/linux into working-android-hikey-linaro-4.4 * 'working-android-hikey-linaro-4.4' of github.com:96boards-hikey/linux: clk: Hi3660: fix for stub clock driver dts: arm64: hi3660: change CPU type for ca73
Configuration menu - View commit details
-
Copy full SHA for b242826 - Browse repository at this point
Copy the full SHA b242826View commit details