-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update from base #19
Update from base #19
Commits on Mar 13, 2018
-
net: dsa: Fix dsa_is_user_port() test inversion
During the conversion to dsa_is_user_port(), a condition ended up being reversed, which would prevent the creation of any user port when using the legacy binding and/or platform data, fix that. Fixes: 4a5b85f ("net: dsa: use dsa_is_user_port everywhere") Signed-off-by: Florian Fainelli <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 5a9f8df - Browse repository at this point
Copy the full SHA 5a9f8dfView commit details -
scsi: libsas: defer ata device eh commands to libata
When ata device doing EH, some commands still attached with tasks are not passed to libata when abort failed or recover failed, so libata did not handle these commands. After these commands done, sas task is freed, but ata qc is not freed. This will cause ata qc leak and trigger a warning like below: WARNING: CPU: 0 PID: 28512 at drivers/ata/libata-eh.c:4037 ata_eh_finish+0xb4/0xcc CPU: 0 PID: 28512 Comm: kworker/u32:2 Tainted: G W OE 4.14.0#1 ...... Call trace: [<ffff0000088b7bd0>] ata_eh_finish+0xb4/0xcc [<ffff0000088b8420>] ata_do_eh+0xc4/0xd8 [<ffff0000088b8478>] ata_std_error_handler+0x44/0x8c [<ffff0000088b8068>] ata_scsi_port_error_handler+0x480/0x694 [<ffff000008875fc4>] async_sas_ata_eh+0x4c/0x80 [<ffff0000080f6be8>] async_run_entry_fn+0x4c/0x170 [<ffff0000080ebd70>] process_one_work+0x144/0x390 [<ffff0000080ec100>] worker_thread+0x144/0x418 [<ffff0000080f2c98>] kthread+0x10c/0x138 [<ffff0000080855dc>] ret_from_fork+0x10/0x18 If ata qc leaked too many, ata tag allocation will fail and io blocked for ever. As suggested by Dan Williams, defer ata device commands to libata and merge sas_eh_finish_cmd() with sas_eh_defer_cmd(). libata will handle ata qcs correctly after this. Signed-off-by: Jason Yan <[email protected]> CC: Xiaofei Tan <[email protected]> CC: John Garry <[email protected]> CC: Dan Williams <[email protected]> Reviewed-by: Dan Williams <[email protected]> Signed-off-by: Martin K. Petersen <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 318aaf3 - Browse repository at this point
Copy the full SHA 318aaf3View commit details -
scsi: qla2xxx: Remove FC_NO_LOOP_ID for FCP and FC-NVMe Discovery
Commit 7d64c39 fixed regression of FCP discovery when Nport Handle is in-use and relogin is triggered. However, during FCP and FC-NVMe discovery this resulted into only discovering NVMe LUNs. This patch fixes issue where FCP and FC-NVMe protocol is used on same port where assigning FC_NO_LOOP_ID will result into discovery failure for FCP LUNs. Fixes: a084fd6 ("scsi: qla2xxx: Fix re-login for Nport Handle in use") Signed-off-by: Himanshu Madhani <[email protected]> Reviewed-by: Hannes Reinecke <[email protected]> Signed-off-by: Martin K. Petersen <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 14bc1df - Browse repository at this point
Copy the full SHA 14bc1dfView commit details -
net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms()
f7c83bc ("net: xfrm: use __this_cpu_read per-cpu helper") added a __this_cpu_read() call inside ipcomp_alloc_tfms(). At the time, __this_cpu_read() required the caller to either not care about races or to handle preemption/interrupt issues. 3.15 tightened the rules around some per-cpu operations, and now __this_cpu_read() should never be used in a preemptible context. On 3.15 and later, we need to use this_cpu_read() instead. syzkaller reported this leading to the following kernel BUG while fuzzing sendmsg: BUG: using __this_cpu_read() in preemptible [00000000] code: repro/3101 caller is ipcomp_init_state+0x185/0x990 CPU: 3 PID: 3101 Comm: repro Not tainted 4.16.0-rc4-00123-g86f84779d8e9 #154 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 Call Trace: dump_stack+0xb9/0x115 check_preemption_disabled+0x1cb/0x1f0 ipcomp_init_state+0x185/0x990 ? __xfrm_init_state+0x876/0xc20 ? lock_downgrade+0x5e0/0x5e0 ipcomp4_init_state+0xaa/0x7c0 __xfrm_init_state+0x3eb/0xc20 xfrm_init_state+0x19/0x60 pfkey_add+0x20df/0x36f0 ? pfkey_broadcast+0x3dd/0x600 ? pfkey_sock_destruct+0x340/0x340 ? pfkey_seq_stop+0x80/0x80 ? __skb_clone+0x236/0x750 ? kmem_cache_alloc+0x1f6/0x260 ? pfkey_sock_destruct+0x340/0x340 ? pfkey_process+0x62a/0x6f0 pfkey_process+0x62a/0x6f0 ? pfkey_send_new_mapping+0x11c0/0x11c0 ? mutex_lock_io_nested+0x1390/0x1390 pfkey_sendmsg+0x383/0x750 ? dump_sp+0x430/0x430 sock_sendmsg+0xc0/0x100 ___sys_sendmsg+0x6c8/0x8b0 ? copy_msghdr_from_user+0x3b0/0x3b0 ? pagevec_lru_move_fn+0x144/0x1f0 ? find_held_lock+0x32/0x1c0 ? do_huge_pmd_anonymous_page+0xc43/0x11e0 ? lock_downgrade+0x5e0/0x5e0 ? get_kernel_page+0xb0/0xb0 ? _raw_spin_unlock+0x29/0x40 ? do_huge_pmd_anonymous_page+0x400/0x11e0 ? __handle_mm_fault+0x553/0x2460 ? __fget_light+0x163/0x1f0 ? __sys_sendmsg+0xc7/0x170 __sys_sendmsg+0xc7/0x170 ? SyS_shutdown+0x1a0/0x1a0 ? __do_page_fault+0x5a0/0xca0 ? lock_downgrade+0x5e0/0x5e0 SyS_sendmsg+0x27/0x40 ? __sys_sendmsg+0x170/0x170 do_syscall_64+0x19f/0x640 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x7f0ee73dfb79 RSP: 002b:00007ffe14fc15a8 EFLAGS: 00000207 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0ee73dfb79 RDX: 0000000000000000 RSI: 00000000208befc8 RDI: 0000000000000004 RBP: 00007ffe14fc15b0 R08: 00007ffe14fc15c0 R09: 00007ffe14fc15c0 R10: 0000000000000000 R11: 0000000000000207 R12: 0000000000400440 R13: 00007ffe14fc16b0 R14: 0000000000000000 R15: 0000000000000000 Signed-off-by: Greg Hackmann <[email protected]> Signed-off-by: Steffen Klassert <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 0dcd787 - Browse repository at this point
Copy the full SHA 0dcd787View commit details -
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/gi…
…t/klassert/ipsec Steffen Klassert says: ==================== pull request (net): ipsec 2018-03-13 1) Refuse to insert 32 bit userspace socket policies on 64 bit systems like we do it for standard policies. We don't have a compat layer, so inserting socket policies from 32 bit userspace will lead to a broken configuration. 2) Make the policy hold queue work without the flowcache. Dummy bundles are not chached anymore, so we need to generate a new one on each lookup as long as the SAs are not yet in place. 3) Fix the validation of the esn replay attribute. The The sanity check in verify_replay() is bypassed if the XFRM_STATE_ESN flag is not set. Fix this by doing the sanity check uncoditionally. From Florian Westphal. 4) After most of the dst_entry garbage collection code is removed, we may leak xfrm_dst entries as they are neither cached nor tracked somewhere. Fix this by reusing the 'uncached_list' to track xfrm_dst entries too. From Xin Long. 5) Fix a rcu_read_lock/rcu_read_unlock imbalance in xfrm_get_tos() From Xin Long. 6) Fix an infinite loop in xfrm_get_dst_nexthop. On transport mode we fetch the child dst_entry after we continue, so this pointer is never updated. Fix this by fetching it before we continue. 7) Fix ESN sequence number gap after IPsec GSO packets. We accidentally increment the sequence number counter on the xfrm_state by one packet too much in the ESN case. Fix this by setting the sequence number to the correct value. 8) Reset the ethernet protocol after decapsulation only if a mac header was set. Otherwise it breaks configurations with TUN devices. From Yossi Kuperman. 9) Fix __this_cpu_read() usage in preemptible code. Use this_cpu_read() instead in ipcomp_alloc_tfms(). From Greg Hackmann. Please pull or let me know if there are problems. ==================== Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for d2ddf62 - Browse repository at this point
Copy the full SHA d2ddf62View commit details -
qed: Use after free in qed_rdma_free()
We're dereferencing "p_hwfn->p_rdma_info" but that is freed on the line before in qed_rdma_resc_free(p_hwfn). Fixes: 9de506a ("qed: Free RoCE ILT Memory on rmmod qedr") Signed-off-by: Dan Carpenter <[email protected]> Acked-by: Michal Kalderon <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for f89782c - Browse repository at this point
Copy the full SHA f89782cView commit details -
workqueue: use put_device() instead of kfree()
Never directly free @dev after calling device_register(), even if it returned an error! Always use put_device() to give up the reference initialized in this function instead. Signed-off-by: Arvind Yadav <[email protected]> Signed-off-by: Tejun Heo <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 537f414 - Browse repository at this point
Copy the full SHA 537f414View commit details -
IB/mlx5: Fix out-of-bounds read in create_raw_packet_qp_rq
Add a check for the length of the qpin structure to prevent out-of-bounds reads BUG: KASAN: slab-out-of-bounds in create_raw_packet_qp+0x114c/0x15e2 Read of size 8192 at addr ffff880066b99290 by task syz-executor3/549 CPU: 3 PID: 549 Comm: syz-executor3 Not tainted 4.15.0-rc2+ #27 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.7.5-0-ge51488c-20140602_164612-nilsson.home.kraxel.org 04/01/2014 Call Trace: dump_stack+0x8d/0xd4 print_address_description+0x73/0x290 kasan_report+0x25c/0x370 ? create_raw_packet_qp+0x114c/0x15e2 memcpy+0x1f/0x50 create_raw_packet_qp+0x114c/0x15e2 ? create_raw_packet_qp_tis.isra.28+0x13d/0x13d ? lock_acquire+0x370/0x370 create_qp_common+0x2245/0x3b50 ? destroy_qp_user.isra.47+0x100/0x100 ? kasan_kmalloc+0x13d/0x170 ? sched_clock_cpu+0x18/0x180 ? fs_reclaim_acquire.part.15+0x5/0x30 ? __lock_acquire+0xa11/0x1da0 ? sched_clock_cpu+0x18/0x180 ? kmem_cache_alloc_trace+0x17e/0x310 ? mlx5_ib_create_qp+0x30e/0x17b0 mlx5_ib_create_qp+0x33d/0x17b0 ? sched_clock_cpu+0x18/0x180 ? create_qp_common+0x3b50/0x3b50 ? lock_acquire+0x370/0x370 ? __radix_tree_lookup+0x180/0x220 ? uverbs_try_lock_object+0x68/0xc0 ? rdma_lookup_get_uobject+0x114/0x240 create_qp.isra.5+0xce4/0x1e20 ? ib_uverbs_ex_create_cq_cb+0xa0/0xa0 ? copy_ah_attr_from_uverbs.isra.2+0xa00/0xa00 ? ib_uverbs_cq_event_handler+0x160/0x160 ? __might_fault+0x17c/0x1c0 ib_uverbs_create_qp+0x21b/0x2a0 ? ib_uverbs_destroy_cq+0x2e0/0x2e0 ib_uverbs_write+0x55a/0xad0 ? ib_uverbs_destroy_cq+0x2e0/0x2e0 ? ib_uverbs_destroy_cq+0x2e0/0x2e0 ? ib_uverbs_open+0x760/0x760 ? futex_wake+0x147/0x410 ? check_prev_add+0x1680/0x1680 ? do_futex+0x3d3/0xa60 ? sched_clock_cpu+0x18/0x180 __vfs_write+0xf7/0x5c0 ? ib_uverbs_open+0x760/0x760 ? kernel_read+0x110/0x110 ? lock_acquire+0x370/0x370 ? __fget+0x264/0x3b0 vfs_write+0x18a/0x460 SyS_write+0xc7/0x1a0 ? SyS_read+0x1a0/0x1a0 ? trace_hardirqs_on_thunk+0x1a/0x1c entry_SYSCALL_64_fastpath+0x18/0x85 RIP: 0033:0x4477b9 RSP: 002b:00007f1822cadc18 EFLAGS: 00000292 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004477b9 RDX: 0000000000000070 RSI: 000000002000a000 RDI: 0000000000000005 RBP: 0000000000708000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000292 R12: 00000000ffffffff R13: 0000000000005d70 R14: 00000000006e6e30 R15: 0000000020010ff0 Allocated by task 549: __kmalloc+0x15e/0x340 kvmalloc_node+0xa1/0xd0 create_user_qp.isra.46+0xd42/0x1610 create_qp_common+0x2e63/0x3b50 mlx5_ib_create_qp+0x33d/0x17b0 create_qp.isra.5+0xce4/0x1e20 ib_uverbs_create_qp+0x21b/0x2a0 ib_uverbs_write+0x55a/0xad0 __vfs_write+0xf7/0x5c0 vfs_write+0x18a/0x460 SyS_write+0xc7/0x1a0 entry_SYSCALL_64_fastpath+0x18/0x85 Freed by task 368: kfree+0xeb/0x2f0 kernfs_fop_release+0x140/0x180 __fput+0x266/0x700 task_work_run+0x104/0x180 exit_to_usermode_loop+0xf7/0x110 syscall_return_slowpath+0x298/0x370 entry_SYSCALL_64_fastpath+0x83/0x85 The buggy address belongs to the object at ffff880066b99180 which belongs to the cache kmalloc-512 of size 512 The buggy address is located 272 bytes inside of 512-byte region [ffff880066b99180, ffff880066b99380) The buggy address belongs to the page: page:000000006040eedd count:1 mapcount:0 mapping: (null) index:0x0 compound_mapcount: 0 flags: 0x4000000000008100(slab|head) raw: 4000000000008100 0000000000000000 0000000000000000 0000000180190019 raw: ffffea00019a7500 0000000b0000000b ffff88006c403080 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff880066b99180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff880066b99200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff880066b99280: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff880066b99300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff880066b99380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc Cc: syzkaller <[email protected]> Fixes: 0fb2ed6 ("IB/mlx5: Add create and destroy functionality for Raw Packet QP") Signed-off-by: Boris Pismenny <[email protected]> Signed-off-by: Leon Romanovsky <[email protected]> Signed-off-by: Doug Ledford <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2c292db - Browse repository at this point
Copy the full SHA 2c292dbView commit details -
IB/mlx5: Fix integer overflows in mlx5_ib_create_srq
This patch validates user provided input to prevent integer overflow due to integer manipulation in the mlx5_ib_create_srq function. Cc: syzkaller <[email protected]> Fixes: e126ba9 ("mlx5: Add driver for Mellanox Connect-IB adapters") Signed-off-by: Boris Pismenny <[email protected]> Signed-off-by: Leon Romanovsky <[email protected]> Signed-off-by: Doug Ledford <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c2b37f7 - Browse repository at this point
Copy the full SHA c2b37f7View commit details -
workqueue: remove unused cancel_work()
Found this by accident. There are no usages of bare cancel_work() in current kernel source. Signed-off-by: Stephen Hemminger <[email protected]> Signed-off-by: Tejun Heo <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6417250 - Browse repository at this point
Copy the full SHA 6417250View commit details
Commits on Mar 14, 2018
-
libnvdimm: remove redundant assignment to pointer 'dev'
Pointer dev is being assigned a value that is never read, it is being re-assigned the same value later on, hence the initialization is redundant and can be removed. Cleans up clang warning: drivers/nvdimm/pfn_devs.c:307:17: warning: Value stored to 'dev' during its initialization is never read Signed-off-by: Colin Ian King <[email protected]> Reviewed-by: Ross Zwisler <[email protected]> Signed-off-by: Dan Williams <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 0cbfeef - Browse repository at this point
Copy the full SHA 0cbfeefView commit details -
can: cc770: Fix stalls on rt-linux, remove redundant IRQ ack
This has been reported to cause stalls on rt-linux. Suggested-by: Richard Weinberger <[email protected]> Tested-by: Richard Weinberger <[email protected]> Signed-off-by: Andri Yngvason <[email protected]> Cc: linux-stable <[email protected]> Signed-off-by: Marc Kleine-Budde <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for f4353da - Browse repository at this point
Copy the full SHA f4353daView commit details -
can: cc770: Fix queue stall & dropped RTR reply
While waiting for the TX object to send an RTR, an external message with a matching id can overwrite the TX data. In this case we must call the rx routine and then try transmitting the message that was overwritten again. The queue was being stalled because the RX event did not generate an interrupt to wake up the queue again and the TX event did not happen because the TXRQST flag is reset by the chip when new data is received. According to the CC770 datasheet the id of a message object should not be changed while the MSGVAL bit is set. This has been fixed by resetting the MSGVAL bit before modifying the object in the transmit function and setting it after. It is not enough to set & reset CPUUPD. It is important to keep the MSGVAL bit reset while the message object is being modified. Otherwise, during RTR transmission, a frame with matching id could trigger an rx-interrupt, which would cause a race condition between the interrupt routine and the transmit function. Signed-off-by: Andri Yngvason <[email protected]> Tested-by: Richard Weinberger <[email protected]> Cc: linux-stable <[email protected]> Signed-off-by: Marc Kleine-Budde <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 7462012 - Browse repository at this point
Copy the full SHA 7462012View commit details -
libata: Enable queued TRIM for Samsung SSD 860
Samsung explicitly states that queued TRIM is supported for Linux with 860 PRO and 860 EVO. Make the previous blacklist to cover only 840 and 850 series. Signed-off-by: Park Ju Hyung <[email protected]> Reviewed-by: Martin K. Petersen <[email protected]> Signed-off-by: Tejun Heo <[email protected]> Cc: [email protected]
Configuration menu - View commit details
-
Copy full SHA for ca6bfcb - Browse repository at this point
Copy the full SHA ca6bfcbView commit details -
net: use skb_to_full_sk() in skb_update_prio()
Andrei Vagin reported a KASAN: slab-out-of-bounds error in skb_update_prio() Since SYNACK might be attached to a request socket, we need to get back to the listener socket. Since this listener is manipulated without locks, add const qualifiers to sock_cgroup_prioidx() so that the const can also be used in skb_update_prio() Also add the const qualifier to sock_cgroup_classid() for consistency. Fixes: ca6fb06 ("tcp: attach SYNACK messages to request sockets instead of listener") Signed-off-by: Eric Dumazet <[email protected]> Reported-by: Andrei Vagin <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 4dcb31d - Browse repository at this point
Copy the full SHA 4dcb31dView commit details -
soc/fsl/qbman: fix issue in qman_delete_cgr_safe()
The wait_for_completion() call in qman_delete_cgr_safe() was triggering a scheduling while atomic bug, replacing the kthread with a smp_call_function_single() call to fix it. Signed-off-by: Madalin Bucur <[email protected]> Signed-off-by: Roy Pledge <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 96f413f - Browse repository at this point
Copy the full SHA 96f413fView commit details -
dpaa_eth: fix error in dpaa_remove()
The recent changes that make the driver probing compatible with DSA were not propagated in the dpa_remove() function, breaking the module unload function. Using the proper device to address the issue. Signed-off-by: Madalin Bucur <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8807525 - Browse repository at this point
Copy the full SHA 8807525View commit details -
dpaa_eth: remove duplicate initialization
The fd_format has already been initialized at this point. Signed-off-by: Camelia Groza <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 5651863 - Browse repository at this point
Copy the full SHA 5651863View commit details -
dpaa_eth: increment the RX dropped counter when needed
Signed-off-by: Camelia Groza <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for e4d1b37 - Browse repository at this point
Copy the full SHA e4d1b37View commit details -
dpaa_eth: remove duplicate increment of the tx_errors counter
The tx_errors counter is incremented by the dpaa_xmit caller. Signed-off-by: Camelia Groza <[email protected]> Signed-off-by: Madalin Bucur <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 82d141c - Browse repository at this point
Copy the full SHA 82d141cView commit details -
Merge branch 'DPAA-Ethernet-fixes'
Madalin Bucur says: ==================== DPAA Ethernet fixes This patch set is addressing several issues in the DPAA Ethernet driver suite: - module unload crash caused by wrong reference to device being left in the cleanup code after the DSA related changes - scheduling wile atomic bug in QMan code revealed during dpaa_eth module unload - a couple of error counter fixes, a duplicated init in dpaa_eth. ==================== Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 16c2e4d - Browse repository at this point
Copy the full SHA 16c2e4dView commit details -
ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu
Prior to the rework of PMTU information storage in commit 2c8cec5 ("ipv4: Cache learned PMTU information in inetpeer."), when a PMTU event advertising a PMTU smaller than net.ipv4.route.min_pmtu was received, we would disable setting the DF flag on packets by locking the MTU metric, and set the PMTU to net.ipv4.route.min_pmtu. Since then, we don't disable DF, and set PMTU to net.ipv4.route.min_pmtu, so the intermediate router that has this link with a small MTU will have to drop the packets. This patch reestablishes pre-2.6.39 behavior by splitting rtable->rt_pmtu into a bitfield with rt_mtu_locked and rt_pmtu. rt_mtu_locked indicates that we shouldn't set the DF bit on that path, and is checked in ip_dont_fragment(). One possible workaround is to set net.ipv4.route.min_pmtu to a value low enough to accommodate the lowest MTU encountered. Fixes: 2c8cec5 ("ipv4: Cache learned PMTU information in inetpeer.") Signed-off-by: Sabrina Dubroca <[email protected]> Reviewed-by: Stefano Brivio <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for d52e5a7 - Browse repository at this point
Copy the full SHA d52e5a7View commit details -
tg3: prevent scheduling while atomic splat
The problem was introduced in commit 506b0a3 ("[netdrv] tg3: APE heartbeat changes"). The bug occurs because tp->lock spinlock is held which is obtained in tg3_start by way of tg3_full_lock(), line 11571. The documentation for usleep_range() specifically states it cannot be used inside a spinlock. Fixes: 506b0a3 ("[netdrv] tg3: APE heartbeat changes") Signed-off-by: Jonathan Toppins <[email protected]> Acked-by: Michael Chan <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ea91df6 - Browse repository at this point
Copy the full SHA ea91df6View commit details -
Merge tag 'linux-can-fixes-for-4.16-20180314' of ssh://gitolite.kerne…
…l.org/pub/scm/linux/kernel/git/mkl/linux-can Marc Kleine-Budde says: ==================== pull-request: can 2018-03-14 this is a pull request of two patches for net/master. Both patches are by Andri Yngvason and fix problems in the cc770 driver, that show up quite fast on RT systems, but also on non RT setups. ==================== Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 4ea41f8 - Browse repository at this point
Copy the full SHA 4ea41f8View commit details -
sunvnet: does not support GSO for sctp
The NETIF_F_GSO_SOFTWARE implies support for GSO on SCTP, but the sunvnet driver does not support GSO for sctp. Here we remove the NETIF_F_GSO_SOFTWARE feature flag and only report NETIF_F_ALL_TSO instead. Signed-off-by: Cathy Zhou <[email protected]> Signed-off-by: Shannon Nelson <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for cf55612 - Browse repository at this point
Copy the full SHA cf55612View commit details -
RDMA/mlx5: Fix crash while accessing garbage pointer and freed memory
The failure in rereg_mr flow caused to set garbage value (error value) into mr->umem pointer. This pointer is accessed at the release stage and it causes to the following crash. There is not enough to simply change umem to point to NULL, because the MR struct is needed to be accessed during MR deregistration phase, so delay kfree too. [ 6.237617] BUG: unable to handle kernel NULL pointer dereference a 0000000000000228 [ 6.238756] IP: ib_dereg_mr+0xd/0x30 [ 6.239264] PGD 80000000167eb067 P4D 80000000167eb067 PUD 167f9067 PMD 0 [ 6.240320] Oops: 0000 [#1] SMP PTI [ 6.240782] CPU: 0 PID: 367 Comm: dereg Not tainted 4.16.0-rc1-00029-gc198fafe0453 #183 [ 6.242120] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.7.5-0-ge51488c-20140602_164612-nilsson.home.kraxel.org 04/01/2014 [ 6.244504] RIP: 0010:ib_dereg_mr+0xd/0x30 [ 6.245253] RSP: 0018:ffffaf5d001d7d68 EFLAGS: 00010246 [ 6.246100] RAX: 0000000000000000 RBX: ffff95d4172daf00 RCX: 0000000000000000 [ 6.247414] RDX: 00000000ffffffff RSI: 0000000000000001 RDI: ffff95d41a317600 [ 6.248591] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 6.249810] R10: ffff95d417033c10 R11: 0000000000000000 R12: ffff95d4172c3a80 [ 6.251121] R13: ffff95d4172c3720 R14: ffff95d4172c3a98 R15: 00000000ffffffff [ 6.252437] FS: 0000000000000000(0000) GS:ffff95d41fc00000(0000) knlGS:0000000000000000 [ 6.253887] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 6.254814] CR2: 0000000000000228 CR3: 00000000172b4000 CR4: 00000000000006b0 [ 6.255943] Call Trace: [ 6.256368] remove_commit_idr_uobject+0x1b/0x80 [ 6.257118] uverbs_cleanup_ucontext+0xe4/0x190 [ 6.257855] ib_uverbs_cleanup_ucontext.constprop.14+0x19/0x40 [ 6.258857] ib_uverbs_close+0x2a/0x100 [ 6.259494] __fput+0xca/0x1c0 [ 6.259938] task_work_run+0x84/0xa0 [ 6.260519] do_exit+0x312/0xb40 [ 6.261023] ? __do_page_fault+0x24d/0x490 [ 6.261707] do_group_exit+0x3a/0xa0 [ 6.262267] SyS_exit_group+0x10/0x10 [ 6.262802] do_syscall_64+0x75/0x180 [ 6.263391] entry_SYSCALL_64_after_hwframe+0x21/0x86 [ 6.264253] RIP: 0033:0x7f1b39c49488 [ 6.264827] RSP: 002b:00007ffe2de05b68 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 6.266049] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1b39c49488 [ 6.267187] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 6.268377] RBP: 00007f1b39f258e0 R08: 00000000000000e7 R09: ffffffffffffff98 [ 6.269640] R10: 00007f1b3a147260 R11: 0000000000000246 R12: 00007f1b39f258e0 [ 6.270783] R13: 00007f1b39f2ac20 R14: 0000000000000000 R15: 0000000000000000 [ 6.271943] Code: 74 07 31 d2 e9 25 d8 6c 00 b8 da ff ff ff c3 0f 1f 44 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 8b 07 53 48 8b 5f 08 <48> 8b 80 28 02 00 00 e8 f7 d7 6c 00 85 c0 75 04 3e ff 4b 18 5b [ 6.274927] RIP: ib_dereg_mr+0xd/0x30 RSP: ffffaf5d001d7d68 [ 6.275760] CR2: 0000000000000228 [ 6.276200] ---[ end trace a35641f1c474bd20 ]--- Fixes: e126ba9 ("mlx5: Add driver for Mellanox Connect-IB adapters") Cc: syzkaller <[email protected]> Cc: <[email protected]> Reported-by: Noa Osherovich <[email protected]> Signed-off-by: Leon Romanovsky <[email protected]> Signed-off-by: Doug Ledford <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for f3f134f - Browse repository at this point
Copy the full SHA f3f134fView commit details -
RDMA/core: Do not use invalid destination in determining port reuse
cma_port_is_unique() allows local port reuse if the quad (source address and port, destination address and port) for this connection is unique. However, if the destination info is zero or unspecified, it can't make a correct decision but still allows port reuse. For example, sometimes rdma_bind_addr() is called with unspecified destination and reusing the port can lead to creating a connection with a duplicate quad, after the destination is resolved. The issue manifests when MPI scale-up tests hang after the duplicate quad is used. Set the destination address family and add checks for zero destination address and port to prevent source port reuse based on invalid destination. Fixes: 19b752a ("IB/cma: Allow port reuse for rdma_id") Reviewed-by: Sean Hefty <[email protected]> Signed-off-by: Tatyana Nikolova <[email protected]> Signed-off-by: Shiraz Saleem <[email protected]> Signed-off-by: Doug Ledford <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 9dea9a2 - Browse repository at this point
Copy the full SHA 9dea9a2View commit details -
RDMA/ucma: Fix access to non-initialized CM_ID object
The attempt to join multicast group without ensuring that CMA device exists will lead to the following crash reported by syzkaller. [ 64.076794] BUG: KASAN: null-ptr-deref in rdma_join_multicast+0x26e/0x12c0 [ 64.076797] Read of size 8 at addr 00000000000000b0 by task join/691 [ 64.076797] [ 64.076800] CPU: 1 PID: 691 Comm: join Not tainted 4.16.0-rc1-00219-gb97853b65b93 #23 [ 64.076802] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.11.0-0-g63451fca13-prebuilt.qemu-proj4 [ 64.076803] Call Trace: [ 64.076809] dump_stack+0x5c/0x77 [ 64.076817] kasan_report+0x163/0x380 [ 64.085859] ? rdma_join_multicast+0x26e/0x12c0 [ 64.086634] rdma_join_multicast+0x26e/0x12c0 [ 64.087370] ? rdma_disconnect+0xf0/0xf0 [ 64.088579] ? __radix_tree_replace+0xc3/0x110 [ 64.089132] ? node_tag_clear+0x81/0xb0 [ 64.089606] ? idr_alloc_u32+0x12e/0x1a0 [ 64.090517] ? __fprop_inc_percpu_max+0x150/0x150 [ 64.091768] ? tracing_record_taskinfo+0x10/0xc0 [ 64.092340] ? idr_alloc+0x76/0xc0 [ 64.092951] ? idr_alloc_u32+0x1a0/0x1a0 [ 64.093632] ? ucma_process_join+0x23d/0x460 [ 64.094510] ucma_process_join+0x23d/0x460 [ 64.095199] ? ucma_migrate_id+0x440/0x440 [ 64.095696] ? futex_wake+0x10b/0x2a0 [ 64.096159] ucma_join_multicast+0x88/0xe0 [ 64.096660] ? ucma_process_join+0x460/0x460 [ 64.097540] ? _copy_from_user+0x5e/0x90 [ 64.098017] ucma_write+0x174/0x1f0 [ 64.098640] ? ucma_resolve_route+0xf0/0xf0 [ 64.099343] ? rb_erase_cached+0x6c7/0x7f0 [ 64.099839] __vfs_write+0xc4/0x350 [ 64.100622] ? perf_syscall_enter+0xe4/0x5f0 [ 64.101335] ? kernel_read+0xa0/0xa0 [ 64.103525] ? perf_sched_cb_inc+0xc0/0xc0 [ 64.105510] ? syscall_exit_register+0x2a0/0x2a0 [ 64.107359] ? __switch_to+0x351/0x640 [ 64.109285] ? fsnotify+0x899/0x8f0 [ 64.111610] ? fsnotify_unmount_inodes+0x170/0x170 [ 64.113876] ? __fsnotify_update_child_dentry_flags+0x30/0x30 [ 64.115813] ? ring_buffer_record_is_on+0xd/0x20 [ 64.117824] ? __fget+0xa8/0xf0 [ 64.119869] vfs_write+0xf7/0x280 [ 64.122001] SyS_write+0xa1/0x120 [ 64.124213] ? SyS_read+0x120/0x120 [ 64.126644] ? SyS_read+0x120/0x120 [ 64.128563] do_syscall_64+0xeb/0x250 [ 64.130732] entry_SYSCALL_64_after_hwframe+0x21/0x86 [ 64.132984] RIP: 0033:0x7f5c994ade99 [ 64.135699] RSP: 002b:00007f5c99b97d98 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 64.138740] RAX: ffffffffffffffda RBX: 00000000200001e4 RCX: 00007f5c994ade99 [ 64.141056] RDX: 00000000000000a0 RSI: 00000000200001c0 RDI: 0000000000000015 [ 64.143536] RBP: 00007f5c99b97ec0 R08: 0000000000000000 R09: 0000000000000000 [ 64.146017] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5c99b97fc0 [ 64.148608] R13: 0000000000000000 R14: 00007fff660e1c40 R15: 00007f5c99b989c0 [ 64.151060] [ 64.153703] Disabling lock debugging due to kernel taint [ 64.156032] BUG: unable to handle kernel NULL pointer dereference at 00000000000000b0 [ 64.159066] IP: rdma_join_multicast+0x26e/0x12c0 [ 64.161451] PGD 80000001d0298067 P4D 80000001d0298067 PUD 1dea39067 PMD 0 [ 64.164442] Oops: 0000 [#1] SMP KASAN PTI [ 64.166817] CPU: 1 PID: 691 Comm: join Tainted: G B 4.16.0-rc1-00219-gb97853b65b93 #23 [ 64.170004] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.11.0-0-g63451fca13-prebuilt.qemu-proj4 [ 64.174985] RIP: 0010:rdma_join_multicast+0x26e/0x12c0 [ 64.177246] RSP: 0018:ffff8801c8207860 EFLAGS: 00010282 [ 64.179901] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff94789522 [ 64.183344] RDX: 1ffffffff2d50fa5 RSI: 0000000000000297 RDI: 0000000000000297 [ 64.186237] RBP: ffff8801c8207a50 R08: 0000000000000000 R09: ffffed0039040ea7 [ 64.189328] R10: 0000000000000001 R11: ffffed0039040ea6 R12: 0000000000000000 [ 64.192634] R13: 0000000000000000 R14: ffff8801e2022800 R15: ffff8801d4ac2400 [ 64.196105] FS: 00007f5c99b98700(0000) GS:ffff8801e5d00000(0000) knlGS:0000000000000000 [ 64.199211] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 64.202046] CR2: 00000000000000b0 CR3: 00000001d1c48004 CR4: 00000000003606a0 [ 64.205032] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 64.208221] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 64.211554] Call Trace: [ 64.213464] ? rdma_disconnect+0xf0/0xf0 [ 64.216124] ? __radix_tree_replace+0xc3/0x110 [ 64.219337] ? node_tag_clear+0x81/0xb0 [ 64.222140] ? idr_alloc_u32+0x12e/0x1a0 [ 64.224422] ? __fprop_inc_percpu_max+0x150/0x150 [ 64.226588] ? tracing_record_taskinfo+0x10/0xc0 [ 64.229763] ? idr_alloc+0x76/0xc0 [ 64.232186] ? idr_alloc_u32+0x1a0/0x1a0 [ 64.234505] ? ucma_process_join+0x23d/0x460 [ 64.237024] ucma_process_join+0x23d/0x460 [ 64.240076] ? ucma_migrate_id+0x440/0x440 [ 64.243284] ? futex_wake+0x10b/0x2a0 [ 64.245302] ucma_join_multicast+0x88/0xe0 [ 64.247783] ? ucma_process_join+0x460/0x460 [ 64.250841] ? _copy_from_user+0x5e/0x90 [ 64.253878] ucma_write+0x174/0x1f0 [ 64.257008] ? ucma_resolve_route+0xf0/0xf0 [ 64.259877] ? rb_erase_cached+0x6c7/0x7f0 [ 64.262746] __vfs_write+0xc4/0x350 [ 64.265537] ? perf_syscall_enter+0xe4/0x5f0 [ 64.267792] ? kernel_read+0xa0/0xa0 [ 64.270358] ? perf_sched_cb_inc+0xc0/0xc0 [ 64.272575] ? syscall_exit_register+0x2a0/0x2a0 [ 64.275367] ? __switch_to+0x351/0x640 [ 64.277700] ? fsnotify+0x899/0x8f0 [ 64.280530] ? fsnotify_unmount_inodes+0x170/0x170 [ 64.283156] ? __fsnotify_update_child_dentry_flags+0x30/0x30 [ 64.286182] ? ring_buffer_record_is_on+0xd/0x20 [ 64.288749] ? __fget+0xa8/0xf0 [ 64.291136] vfs_write+0xf7/0x280 [ 64.292972] SyS_write+0xa1/0x120 [ 64.294965] ? SyS_read+0x120/0x120 [ 64.297474] ? SyS_read+0x120/0x120 [ 64.299751] do_syscall_64+0xeb/0x250 [ 64.301826] entry_SYSCALL_64_after_hwframe+0x21/0x86 [ 64.304352] RIP: 0033:0x7f5c994ade99 [ 64.306711] RSP: 002b:00007f5c99b97d98 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 64.309577] RAX: ffffffffffffffda RBX: 00000000200001e4 RCX: 00007f5c994ade99 [ 64.312334] RDX: 00000000000000a0 RSI: 00000000200001c0 RDI: 0000000000000015 [ 64.315783] RBP: 00007f5c99b97ec0 R08: 0000000000000000 R09: 0000000000000000 [ 64.318365] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5c99b97fc0 [ 64.320980] R13: 0000000000000000 R14: 00007fff660e1c40 R15: 00007f5c99b989c0 [ 64.323515] Code: e8 e8 79 08 ff 4c 89 ff 45 0f b6 a7 b8 01 00 00 e8 68 7c 08 ff 49 8b 1f 4d 89 e5 49 c1 e4 04 48 8 [ 64.330753] RIP: rdma_join_multicast+0x26e/0x12c0 RSP: ffff8801c8207860 [ 64.332979] CR2: 00000000000000b0 [ 64.335550] ---[ end trace 0c00c17a408849c1 ]--- Reported-by: <[email protected]> Fixes: c8f6a36 ("RDMA/cma: Add multicast communication support") Signed-off-by: Leon Romanovsky <[email protected]> Reviewed-by: Sean Hefty <[email protected]> Signed-off-by: Doug Ledford <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 7688f2c - Browse repository at this point
Copy the full SHA 7688f2cView commit details -
RDMA/ucma: Don't allow join attempts for unsupported AF family
Users can provide garbage while calling to ucma_join_ip_multicast(), it will indirectly cause to rdma_addr_size() return 0, making the call to ucma_process_join(), which had the right checks, but it is better to check the input as early as possible. The following crash from syzkaller revealed it. kernel BUG at lib/string.c:1052! invalid opcode: 0000 [#1] SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 0 PID: 4113 Comm: syz-executor0 Not tainted 4.16.0-rc5+ #261 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:fortify_panic+0x13/0x20 lib/string.c:1051 RSP: 0018:ffff8801ca81f8f0 EFLAGS: 00010286 RAX: 0000000000000022 RBX: 1ffff10039503f23 RCX: 0000000000000000 RDX: 0000000000000022 RSI: 1ffff10039503ed3 RDI: ffffed0039503f12 RBP: ffff8801ca81f8f0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000006 R11: 0000000000000000 R12: ffff8801ca81f998 R13: ffff8801ca81f938 R14: ffff8801ca81fa58 R15: 000000000000fa00 FS: 0000000000000000(0000) GS:ffff8801db200000(0063) knlGS:000000000a12a900 CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 CR2: 0000000008138024 CR3: 00000001cbb58004 CR4: 00000000001606f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: memcpy include/linux/string.h:344 [inline] ucma_join_ip_multicast+0x36b/0x3b0 drivers/infiniband/core/ucma.c:1421 ucma_write+0x2d6/0x3d0 drivers/infiniband/core/ucma.c:1633 __vfs_write+0xef/0x970 fs/read_write.c:480 vfs_write+0x189/0x510 fs/read_write.c:544 SYSC_write fs/read_write.c:589 [inline] SyS_write+0xef/0x220 fs/read_write.c:581 do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] do_fast_syscall_32+0x3ec/0xf9f arch/x86/entry/common.c:392 entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139 RIP: 0023:0xf7f9ec99 RSP: 002b:00000000ff8172cc EFLAGS: 00000282 ORIG_RAX: 0000000000000004 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000100 RDX: 0000000000000063 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 Code: 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 0f 0b 48 89 df e8 42 2c e3 fb eb de 55 48 89 fe 48 c7 c7 80 75 98 86 48 89 e5 e8 85 95 94 fb <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 55 48 89 e5 41 57 41 56 RIP: fortify_panic+0x13/0x20 lib/string.c:1051 RSP: ffff8801ca81f8f0 Fixes: 5bc2b7b ("RDMA/ucma: Allow user space to specify AF_IB when joining multicast") Reported-by: <[email protected]> Signed-off-by: Leon Romanovsky <[email protected]> Reviewed-by: Sean Hefty <[email protected]> Signed-off-by: Doug Ledford <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 0c81ffc - Browse repository at this point
Copy the full SHA 0c81ffcView commit details -
IB/mlx5: Fix cleanup order on unload
On load we create private CQ/QP/PD in order to be used by UMR, we create those resources after we register ourself as an IB device, and we destroy them after we unregister as an IB device. This was changed by commit 16c1975 ("IB/mlx5: Create profile infrastructure to add and remove stages") which moved the destruction before we unregistration. This allowed to trigger an invalid memory access when unloading mlx5_ib while there are open resources: BUG: unable to handle kernel paging request at 00000001002c012c ... Call Trace: mlx5_ib_post_send_wait+0x75/0x110 [mlx5_ib] __slab_free+0x9a/0x2d0 delay_time_func+0x10/0x10 [mlx5_ib] unreg_umr.isra.15+0x4b/0x50 [mlx5_ib] mlx5_mr_cache_free+0x46/0x150 [mlx5_ib] clean_mr+0xc9/0x190 [mlx5_ib] dereg_mr+0xba/0xf0 [mlx5_ib] ib_dereg_mr+0x13/0x20 [ib_core] remove_commit_idr_uobject+0x16/0x70 [ib_uverbs] uverbs_cleanup_ucontext+0xe8/0x1a0 [ib_uverbs] ib_uverbs_cleanup_ucontext.isra.9+0x19/0x40 [ib_uverbs] ib_uverbs_remove_one+0x162/0x2e0 [ib_uverbs] ib_unregister_device+0xd4/0x190 [ib_core] __mlx5_ib_remove+0x2e/0x40 [mlx5_ib] mlx5_remove_device+0xf5/0x120 [mlx5_core] mlx5_unregister_interface+0x37/0x90 [mlx5_core] mlx5_ib_cleanup+0xc/0x225 [mlx5_ib] SyS_delete_module+0x153/0x230 do_syscall_64+0x62/0x110 entry_SYSCALL_64_after_hwframe+0x21/0x86 ... We restore the original behavior by breaking the UMR stage into two parts, pre and post IB registration stages, this way we can restore the original functionality and maintain clean separation of logic between stages. Fixes: 16c1975 ("IB/mlx5: Create profile infrastructure to add and remove stages") Signed-off-by: Mark Bloch <[email protected]> Signed-off-by: Leon Romanovsky <[email protected]> Signed-off-by: Doug Ledford <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 42cea83 - Browse repository at this point
Copy the full SHA 42cea83View commit details -
x86, memremap: fix altmap accounting at free
Commit 24b6d41 "mm: pass the vmem_altmap to vmemmap_free" converted the vmemmap_free() path to pass the altmap argument all the way through the call chain rather than looking it up based on the page. Unfortunately that ends up over freeing altmap allocated pages in some cases since free_pagetable() is used to free both memmap space and pte space, where only the memmap stored in huge pages uses altmap allocations. Given that altmap allocations for memmap space are special cased in vmemmap_populate_hugepages() add a symmetric / special case free_hugepage_table() to handle altmap freeing, and cleanup the unneeded passing of altmap to leaf functions that do not require it. Without this change the sanity check accounting in devm_memremap_pages_release() will throw a warning with the following signature. nd_pmem pfn10.1: devm_memremap_pages_release: failed to free all reserved pages WARNING: CPU: 44 PID: 3539 at kernel/memremap.c:310 devm_memremap_pages_release+0x1c7/0x220 CPU: 44 PID: 3539 Comm: ndctl Tainted: G L 4.16.0-rc1-linux-stable #7 RIP: 0010:devm_memremap_pages_release+0x1c7/0x220 [..] Call Trace: release_nodes+0x225/0x270 device_release_driver_internal+0x15d/0x210 bus_remove_device+0xe2/0x160 device_del+0x130/0x310 ? klist_release+0x56/0x100 ? nd_region_notify+0xc0/0xc0 [libnvdimm] device_unregister+0x16/0x60 This was missed in testing since not all configurations will trigger this warning. Fixes: 24b6d41 ("mm: pass the vmem_altmap to vmemmap_free") Reported-by: Jane Chu <[email protected]> Cc: Ross Zwisler <[email protected]> Reviewed-by: Christoph Hellwig <[email protected]> Signed-off-by: Dan Williams <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for a7e6c70 - Browse repository at this point
Copy the full SHA a7e6c70View commit details -
infiniband: qplib_fp: fix pointer cast
Building for a 32-bit target results in a couple of warnings from casting between a 32-bit pointer and a 64-bit integer: drivers/infiniband/hw/bnxt_re/qplib_fp.c: In function 'bnxt_qplib_service_nq': drivers/infiniband/hw/bnxt_re/qplib_fp.c:333:23: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast] bnxt_qplib_arm_srq((struct bnxt_qplib_srq *)q_handle, ^ drivers/infiniband/hw/bnxt_re/qplib_fp.c:336:12: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast] (struct bnxt_qplib_srq *)q_handle, ^ In file included from include/linux/byteorder/little_endian.h:5, from arch/arm/include/uapi/asm/byteorder.h:22, from include/asm-generic/bitops/le.h:6, from arch/arm/include/asm/bitops.h:342, from include/linux/bitops.h:38, from include/linux/kernel.h:11, from include/linux/interrupt.h:6, from drivers/infiniband/hw/bnxt_re/qplib_fp.c:39: drivers/infiniband/hw/bnxt_re/qplib_fp.c: In function 'bnxt_qplib_create_srq': include/uapi/linux/byteorder/little_endian.h:31:43: error: cast from pointer to integer of different size [-Werror=pointer-to-int-cast] #define __cpu_to_le64(x) ((__force __le64)(__u64)(x)) ^ include/linux/byteorder/generic.h:86:21: note: in expansion of macro '__cpu_to_le64' #define cpu_to_le64 __cpu_to_le64 ^~~~~~~~~~~~~ drivers/infiniband/hw/bnxt_re/qplib_fp.c:569:19: note: in expansion of macro 'cpu_to_le64' req.srq_handle = cpu_to_le64(srq); Using a uintptr_t as an intermediate works on all architectures. Fixes: 37cb11a ("RDMA/bnxt_re: Add SRQ support for Broadcom adapters") Signed-off-by: Arnd Bergmann <[email protected]> Signed-off-by: Jason Gunthorpe <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 5388a50 - Browse repository at this point
Copy the full SHA 5388a50View commit details -
infiniband: bnxt_re: use BIT_ULL() for 64-bit bit masks
On 32-bit targets, we otherwise get a warning about an impossible constant integer expression: In file included from include/linux/kernel.h:11, from include/linux/interrupt.h:6, from drivers/infiniband/hw/bnxt_re/ib_verbs.c:39: drivers/infiniband/hw/bnxt_re/ib_verbs.c: In function 'bnxt_re_query_device': include/linux/bitops.h:7:24: error: left shift count >= width of type [-Werror=shift-count-overflow] #define BIT(nr) (1UL << (nr)) ^~ drivers/infiniband/hw/bnxt_re/bnxt_re.h:61:34: note: in expansion of macro 'BIT' #define BNXT_RE_MAX_MR_SIZE_HIGH BIT(39) ^~~ drivers/infiniband/hw/bnxt_re/bnxt_re.h:62:30: note: in expansion of macro 'BNXT_RE_MAX_MR_SIZE_HIGH' #define BNXT_RE_MAX_MR_SIZE BNXT_RE_MAX_MR_SIZE_HIGH ^~~~~~~~~~~~~~~~~~~~~~~~ drivers/infiniband/hw/bnxt_re/ib_verbs.c:149:25: note: in expansion of macro 'BNXT_RE_MAX_MR_SIZE' ib_attr->max_mr_size = BNXT_RE_MAX_MR_SIZE; ^~~~~~~~~~~~~~~~~~~ Fixes: 872f357 ("RDMA/bnxt_re: Add support for MRs with Huge pages") Signed-off-by: Arnd Bergmann <[email protected]> Signed-off-by: Jason Gunthorpe <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for bd8602c - Browse repository at this point
Copy the full SHA bd8602cView commit details
Commits on Mar 15, 2018
-
mmc: block: fix updating ext_csd caches on ioctl call
PARTITION_CONFIG is cached in mmc_card->ext_csd.part_config and the currently active partition in mmc_blk_data->part_curr. These caches do not always reflect changes if the ioctl call modifies the PARTITION_CONFIG registers, e.g. by changing BOOT_PARTITION_ENABLE. Write the PARTITION_CONFIG value extracted from the ioctl call to the cache and update the currently active partition accordingly. This ensures that the user space cannot change the values behind the kernel's back. The next call to mmc_blk_part_switch() will operate on the data set by the ioctl and reflect the changes appropriately. Signed-off-by: Bastian Stender <[email protected]> Signed-off-by: Jan Luebbe <[email protected]> Cc: [email protected] Signed-off-by: Ulf Hansson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for e74ef21 - Browse repository at this point
Copy the full SHA e74ef21View commit details -
mmc: dw_mmc: exynos: fix the suspend/resume issue for exynos5433
Before enabling the clock, dwmmc exynos driver is trying to access the register. Then the kernel panic can be occurred. Signed-off-by: Jaehoon Chung <[email protected]> Reviewed-by: Chanwoo Choi <[email protected]> Tested-by: Chanwoo Choi <[email protected]> Cc: [email protected] Signed-off-by: Ulf Hansson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for e22842d - Browse repository at this point
Copy the full SHA e22842dView commit details -
mmc: core: Disable HPI for certain Micron (Numonyx) eMMC cards
Certain Micron eMMC v4.5 cards might get broken when HPI feature is used and hence this patch disables the HPI feature for such buggy cards. In U-Boot, these cards are reported as Manufacturer: Micron (ID: 0xFE) OEM: 0x4E Name: MMC32G Revision: 19 (0x13) Serial: 959241022 Manufact. date: 8/2015 (0x82) CRC: 0x00 Tran Speed: 52000000 Rd Block Len: 512 MMC version 4.5 High Capacity: Yes Capacity: 29.1 GiB Boot Partition Size: 16 MiB Bus Width: 8-bit According to JEDEC JEP106 manufacturer 0xFE is Numonyx, which was bought by Micron. Signed-off-by: Dirk Behme <[email protected]> Signed-off-by: Mark Craske <[email protected]> Cc: <[email protected]> # 4.8+ Signed-off-by: Ulf Hansson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for dbe7dc6 - Browse repository at this point
Copy the full SHA dbe7dc6View commit details -
mmc: core: Fix tracepoint print of blk_addr and blksz
Swap the positions of blk_addr and blksz in the tracepoint print arguments so that they match the print format. Signed-off-by: Adrian Hunter <[email protected]> Fixes: d2f8225 ("mmc: core: Add members to mmc_request and mmc_data for CQE's") Cc: <[email protected]> # 4.14+ Signed-off-by: Ulf Hansson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c658dc5 - Browse repository at this point
Copy the full SHA c658dc5View commit details -
drm/tegra: plane: Fix RGB565 format on older Tegra
The opaque/alpha format conversion code is currently only looking at XRGB formats because they have an equivalent ARGB format. The opaque format for RGB565 is RGB565 itself, much like the YUV formats map to themselves. Reported-by: Dmitry Osipenko <[email protected]> Fixes: ebae8d0 ("drm/tegra: dc: Implement legacy blending") Signed-off-by: Thierry Reding <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8a927d6 - Browse repository at this point
Copy the full SHA 8a927d6View commit details -
net/smc: simplify wait when closing listen socket
Closing of a listen socket wakes up kernel_accept() of smc_tcp_listen_worker(), and then has to wait till smc_tcp_listen_worker() gives up the internal clcsock. The wait logic introduced with commit 127f497 ("net/smc: release clcsock from tcp_listen_worker") might wait longer than necessary. This patch implements the idea to implement the wait just with flush_work(), and gets rid of the extra smc_close_wait_listen_clcsock() function. Fixes: 127f497 ("net/smc: release clcsock from tcp_listen_worker") Reported-by: Hans Wippel <[email protected]> Signed-off-by: Ursula Braun <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 3d50206 - Browse repository at this point
Copy the full SHA 3d50206View commit details -
drm/tegra: plane: Correct legacy blending
Keep old 'dependent' state of unaffected planes, this way new state takes into account current state of unaffected planes. Fixes: ebae8d0 ("drm/tegra: dc: Implement legacy blending") Signed-off-by: Dmitry Osipenko <[email protected]> Signed-off-by: Thierry Reding <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 4851923 - Browse repository at this point
Copy the full SHA 4851923View commit details -
drm/radeon: Don't turn off DP sink when disconnected
Turning off the sink in this case causes various issues, because userspace expects it to stay on until it turns it off explicitly. Instead, turn the sink off and back on when a display is connected again. This dance seems necessary for link training to work correctly. Bugzilla: https://bugs.freedesktop.org/105308 Cc: [email protected] Reviewed-by: Alex Deucher <[email protected]> Signed-off-by: Michel Dänzer <[email protected]> Signed-off-by: Alex Deucher <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2681bc7 - Browse repository at this point
Copy the full SHA 2681bc7View commit details -
drm/amdgpu: Use atomic function to disable crtcs with dc enabled
This change fixes the deadlock when unloading the driver with displays connected. Signed-off-by: Mikita Lipski <[email protected]> Reviewed-by: Andrey Grodzovsky <[email protected]> Signed-off-by: Alex Deucher <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for d1bb88e - Browse repository at this point
Copy the full SHA d1bb88eView commit details -
gpu: ipu-v3: prg: avoid possible array underflow
gcc-8 reports that we access an array with a negative index in an error case: drivers/gpu/ipu-v3/ipu-prg.c: In function 'ipu_prg_channel_disable': drivers/gpu/ipu-v3/ipu-prg.c:252:43: error: array subscript -22 is below array bounds of 'struct ipu_prg_channel[3]' [-Werror=array-bounds] This moves the range check in front of the first time that variable gets used. Signed-off-by: Arnd Bergmann <[email protected]> Signed-off-by: Philipp Zabel <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 746d024 - Browse repository at this point
Copy the full SHA 746d024View commit details -
drm/imx: ipuv3-plane: Make functions static when possible
ipu_plane_state_reset(), ipu_plane_duplicate_state() and ipu_plane_destroy_state() are only used in this file, so make them static. This fixes the following sparse warnings: drivers/gpu/drm/imx/ipuv3-plane.c:275:6: warning: symbol 'ipu_plane_state_reset' was not declared. Should it be static? drivers/gpu/drm/imx/ipuv3-plane.c:295:24: warning: symbol 'ipu_plane_duplicate_state' was not declared. Should it be static? drivers/gpu/drm/imx/ipuv3-plane.c:309:6: warning: symbol 'ipu_plane_destroy_state' was not declared. Should it be static? Signed-off-by: Fabio Estevam <[email protected]> Signed-off-by: Philipp Zabel <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2ead44a - Browse repository at this point
Copy the full SHA 2ead44aView commit details -
drm/imx: ipuv3-plane: Include "imx-drm.h" header file
ipu_planes_assign_pre() prototype is in "imx-drm.h" header file, so include it to fix the following sparse warning: drivers/gpu/drm/imx/ipuv3-plane.c:729:5: warning: symbol 'ipu_planes_assign_pre' was not declared. Should it be static? Signed-off-by: Fabio Estevam <[email protected]> Signed-off-by: Philipp Zabel <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for a71d324 - Browse repository at this point
Copy the full SHA a71d324View commit details -
drm/imx: move arming of the vblank event to atomic_flush
Right now the vblank event completion is racing with the atomic update, which is especially bad when the PRE is in use, as one of the hardware issue workaround might extend the atomic commit for quite some time. If the vblank IRQ happens to trigger during that time, we will prematurely signal the atomic commit completion to userspace, which causes tearing when userspace re-uses a framebuffer we haven't managed to flip away from yet. Signed-off-by: Lucas Stach <[email protected]> Signed-off-by: Philipp Zabel <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6a055b9 - Browse repository at this point
Copy the full SHA 6a055b9View commit details -
clk: aspeed: Fix is_enabled for certain clocks
Some of the Aspeed clocks are disabled by setting the relevant bit in the "clock stop control" register to one, while others are disabled by setting their bit to zero. The driver already uses a flag per gate to identify this behavior, but doesn't apply it in the clock is_enabled function. Use the existing gate flag to correctly return whether or not a clock is enabled in the aspeed_clk_is_enabled function. Signed-off-by: Eddie James <[email protected]> Fixes: 6671507 ("clk: aspeed: Handle inverse polarity of USB port 1 clock gate") Reviewed-by: Joel Stanley <[email protected]> Signed-off-by: Stephen Boyd <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for d90c76b - Browse repository at this point
Copy the full SHA d90c76bView commit details -
clk: aspeed: Prevent reset if clock is enabled
According to the Aspeed specification, the reset and enable sequence should be done when the clock is stopped. The specification doesn't define behavior if the reset is done while the clock is enabled. From testing on the AST2500, the LPC Controller has problems if the clock is reset while enabled. Therefore, check whether the clock is enabled or not before performing the reset and enable sequence in the Aspeed clock driver. Reported-by: Lei Yu <[email protected]> Signed-off-by: Eddie James <[email protected]> Fixes: 15ed8ce ("clk: aspeed: Register gated clocks") Reviewed-by: Joel Stanley <[email protected]> Signed-off-by: Stephen Boyd <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8a53fc5 - Browse repository at this point
Copy the full SHA 8a53fc5View commit details -
Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174
The Atheros 1525/QCA6174 BT doesn't seem working properly on the recent kernels, as it tries to load a wrong firmware ar3k/AthrBT_0x00000200.dfu and it fails. This seems to have been a problem for some time, and the known workaround is to apply BTUSB_QCA_ROM quirk instead of BTUSB_ATH3012. The device in question is: T: Bus=01 Lev=01 Prnt=01 Port=09 Cnt=03 Dev#= 4 Spd=12 MxCh= 0 D: Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=0cf3 ProdID=3004 Rev= 0.01 C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms Bugzilla: http://bugzilla.opensuse.org/show_bug.cgi?id=1082504 Reported-by: Ivan Levshin <[email protected]> Tested-by: Ivan Levshin <[email protected]> Cc: <[email protected]> Signed-off-by: Takashi Iwai <[email protected]> Signed-off-by: Marcel Holtmann <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for f44cb4b - Browse repository at this point
Copy the full SHA f44cb4bView commit details -
Revert "Bluetooth: hci_bcm: Streamline runtime PM code"
This reverts commit 43fff76 ("Bluetooth: hci_bcm: Streamline runtime PM code"). The commit msg for this commit states "No functional change intended.", but replacing: pm_runtime_get(); pm_runtime_mark_last_busy(); pm_runtime_put_autosuspend(); with: pm_request_resume(); Does result in a functional change, pm_request_resume() only calls pm_runtime_mark_last_busy() if the device was suspended before the call. This results in the following happening: 1) Device is runtime suspended 2) Device drives host_wake IRQ logically high as it starts receiving data 3) bcm_host_wake() gets called, causes the device to runtime-resume, current time gets marked as last_busy time 4) After 5 seconds the autosuspend timer expires and the dev autosuspends as no one has been calling pm_runtime_mark_last_busy(), the device was resumed during those 5 seconds, so all the pm_request_resume() calls while receiving data and/or bcm_host_wake() calls were nops 5) If 4) happens while the device has (just received) data in its buffer to be read by the host the IRQ line is *already* / still logically high when we autosuspend and since we use an edge triggered IRQ, the IRQ will never trigger, causing the device to get stuck in suspend Therefor this commit has to be reverted, so that we avoid the device getting stuck in suspend. Signed-off-by: Hans de Goede <[email protected]> Acked-by: Lukas Wunner <[email protected]> Signed-off-by: Marcel Holtmann <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b09c615 - Browse repository at this point
Copy the full SHA b09c615View commit details -
Bluetooth: hci_bcm: Set pulsed_host_wake flag in sleep parameters
The IRQ output of the bcm bt-device is really a level IRQ signal, which signals a logical high as long as the device's buffer contains data. Since the draining in the buffer is done in the tty driver, we cannot (easily) wait in a threaded interrupt handler for the draining, after which the IRQ should go low again. So instead we treat the IRQ as an edge interrupt. This opens the window for a theoretical race where we wakeup, read some data and then autosuspend *before* the IRQ has gone (logical) low, followed by the device just at that moment receiving more data, causing the IRQ to stay high and we never see an edge. Since we call pm_runtime_mark_last_busy() on every received byte, there should be plenty time for the IRQ to go (logical) low before we ever suspend, so this should never happen, but after commit 43fff76 ("Bluetooth: hci_bcm: Streamline runtime PM code"), which has been reverted since, this was actually happening causing the device to get stuck in runtime suspend. The bcm bt-device actually has a workaround for this, if we set the pulsed_host_wake flag in the sleep parameters, then the device monitors if the host is draining the buffer and if not then after a timeout the device will pulse the IRQ line, causing us to see an edge, fixing the stuck in suspend condition. This commit sets the pulsed_host_wake flag to fix the (mostly theoretical) race caused by us treating the IRQ as an edge IRQ. Signed-off-by: Hans de Goede <[email protected]> Reviewed-by: Lukas Wunner <[email protected]> Signed-off-by: Marcel Holtmann <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for e07c99b - Browse repository at this point
Copy the full SHA e07c99bView commit details -
net sched actions: return explicit error when tunnel_key mode is not …
…specified If set/unset mode of the tunnel_key action is not provided, ->init() still returns 0, and the caller proceeds with bogus 'struct tc_action *' object, this results in crash: % tc actions add action tunnel_key src_ip 1.1.1.1 dst_ip 2.2.2.1 id 7 index 1 [ 35.805515] general protection fault: 0000 [#1] SMP PTI [ 35.806161] Modules linked in: act_tunnel_key kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc aesni_intel aes_x86_64 crypto_simd glue_helper cryptd serio_raw [ 35.808233] CPU: 1 PID: 428 Comm: tc Not tainted 4.16.0-rc4+ #286 [ 35.808929] RIP: 0010:tcf_action_init+0x90/0x190 [ 35.809457] RSP: 0018:ffffb8edc068b9a0 EFLAGS: 00010206 [ 35.810053] RAX: 1320c000000a0003 RBX: 0000000000000001 RCX: 0000000000000000 [ 35.810866] RDX: 0000000000000070 RSI: 0000000000007965 RDI: ffffb8edc068b910 [ 35.811660] RBP: ffffb8edc068b9d0 R08: 0000000000000000 R09: ffffb8edc068b808 [ 35.812463] R10: ffffffffc02bf040 R11: 0000000000000040 R12: ffffb8edc068bb38 [ 35.813235] R13: 0000000000000000 R14: 0000000000000000 R15: ffffb8edc068b910 [ 35.814006] FS: 00007f3d0d8556c0(0000) GS:ffff91d1dbc40000(0000) knlGS:0000000000000000 [ 35.814881] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 35.815540] CR2: 000000000043f720 CR3: 0000000019248001 CR4: 00000000001606a0 [ 35.816457] Call Trace: [ 35.817158] tc_ctl_action+0x11a/0x220 [ 35.817795] rtnetlink_rcv_msg+0x23d/0x2e0 [ 35.818457] ? __slab_alloc+0x1c/0x30 [ 35.819079] ? __kmalloc_node_track_caller+0xb1/0x2b0 [ 35.819544] ? rtnl_calcit.isra.30+0xe0/0xe0 [ 35.820231] netlink_rcv_skb+0xce/0x100 [ 35.820744] netlink_unicast+0x164/0x220 [ 35.821500] netlink_sendmsg+0x293/0x370 [ 35.822040] sock_sendmsg+0x30/0x40 [ 35.822508] ___sys_sendmsg+0x2c5/0x2e0 [ 35.823149] ? pagecache_get_page+0x27/0x220 [ 35.823714] ? filemap_fault+0xa2/0x640 [ 35.824423] ? page_add_file_rmap+0x108/0x200 [ 35.825065] ? alloc_set_pte+0x2aa/0x530 [ 35.825585] ? finish_fault+0x4e/0x70 [ 35.826140] ? __handle_mm_fault+0xbc1/0x10d0 [ 35.826723] ? __sys_sendmsg+0x41/0x70 [ 35.827230] __sys_sendmsg+0x41/0x70 [ 35.827710] do_syscall_64+0x68/0x120 [ 35.828195] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 35.828859] RIP: 0033:0x7f3d0ca4da67 [ 35.829331] RSP: 002b:00007ffc9f284338 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 35.830304] RAX: ffffffffffffffda RBX: 00007ffc9f284460 RCX: 00007f3d0ca4da67 [ 35.831247] RDX: 0000000000000000 RSI: 00007ffc9f2843b0 RDI: 0000000000000003 [ 35.832167] RBP: 000000005aa6a7a9 R08: 0000000000000001 R09: 0000000000000000 [ 35.833075] R10: 00000000000005f1 R11: 0000000000000246 R12: 0000000000000000 [ 35.833997] R13: 00007ffc9f2884c0 R14: 0000000000000001 R15: 0000000000674640 [ 35.834923] Code: 24 30 bb 01 00 00 00 45 31 f6 eb 5e 8b 50 08 83 c2 07 83 e2 fc 83 c2 70 49 8b 07 48 8b 40 70 48 85 c0 74 10 48 89 14 24 4c 89 ff <ff> d0 48 8b 14 24 48 01 c2 49 01 d6 45 85 ed 74 05 41 83 47 2c [ 35.837442] RIP: tcf_action_init+0x90/0x190 RSP: ffffb8edc068b9a0 [ 35.838291] ---[ end trace a095c06ee4b97a26 ]--- Fixes: d0f6dd8 ("net/sched: Introduce act_tunnel_key") Signed-off-by: Roman Mashak <[email protected]> Acked-by: Cong Wang <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 51d4740 - Browse repository at this point
Copy the full SHA 51d4740View commit details
Commits on Mar 16, 2018
-
RDMA/ucma: Check AF family prior resolving address
Garbage supplied by user will cause to UCMA module provide zero memory size for memcpy(), because it wasn't checked, it will produce unpredictable results in rdma_resolve_addr(). [ 42.873814] BUG: KASAN: null-ptr-deref in rdma_resolve_addr+0xc8/0xfb0 [ 42.874816] Write of size 28 at addr 00000000000000a0 by task resaddr/1044 [ 42.876765] [ 42.876960] CPU: 1 PID: 1044 Comm: resaddr Not tainted 4.16.0-rc1-00057-gaa56a5293d7e #34 [ 42.877840] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.11.0-0-g63451fca13-prebuilt.qemu-project.org 04/01/2014 [ 42.879691] Call Trace: [ 42.880236] dump_stack+0x5c/0x77 [ 42.880664] kasan_report+0x163/0x380 [ 42.881354] ? rdma_resolve_addr+0xc8/0xfb0 [ 42.881864] memcpy+0x34/0x50 [ 42.882692] rdma_resolve_addr+0xc8/0xfb0 [ 42.883366] ? deref_stack_reg+0x88/0xd0 [ 42.883856] ? vsnprintf+0x31a/0x770 [ 42.884686] ? rdma_bind_addr+0xc40/0xc40 [ 42.885327] ? num_to_str+0x130/0x130 [ 42.885773] ? deref_stack_reg+0x88/0xd0 [ 42.886217] ? __read_once_size_nocheck.constprop.6+0x10/0x10 [ 42.887698] ? unwind_get_return_address_ptr+0x50/0x50 [ 42.888302] ? replace_slot+0x147/0x170 [ 42.889176] ? delete_node+0x12c/0x340 [ 42.890223] ? __radix_tree_lookup+0xa9/0x160 [ 42.891196] ? ucma_resolve_ip+0xb7/0x110 [ 42.891917] ucma_resolve_ip+0xb7/0x110 [ 42.893003] ? ucma_resolve_addr+0x190/0x190 [ 42.893531] ? _copy_from_user+0x5e/0x90 [ 42.894204] ucma_write+0x174/0x1f0 [ 42.895162] ? ucma_resolve_route+0xf0/0xf0 [ 42.896309] ? dequeue_task_fair+0x67e/0xd90 [ 42.897192] ? put_prev_entity+0x7d/0x170 [ 42.897870] ? ring_buffer_record_is_on+0xd/0x20 [ 42.898439] ? tracing_record_taskinfo_skip+0x20/0x50 [ 42.899686] __vfs_write+0xc4/0x350 [ 42.900142] ? kernel_read+0xa0/0xa0 [ 42.900602] ? firmware_map_remove+0xdf/0xdf [ 42.901135] ? do_task_dead+0x5d/0x60 [ 42.901598] ? do_exit+0xcc6/0x1220 [ 42.902789] ? __fget+0xa8/0xf0 [ 42.903190] vfs_write+0xf7/0x280 [ 42.903600] SyS_write+0xa1/0x120 [ 42.904206] ? SyS_read+0x120/0x120 [ 42.905710] ? compat_start_thread+0x60/0x60 [ 42.906423] ? SyS_read+0x120/0x120 [ 42.908716] do_syscall_64+0xeb/0x250 [ 42.910760] entry_SYSCALL_64_after_hwframe+0x21/0x86 [ 42.912735] RIP: 0033:0x7f138b0afe99 [ 42.914734] RSP: 002b:00007f138b799e98 EFLAGS: 00000287 ORIG_RAX: 0000000000000001 [ 42.917134] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f138b0afe99 [ 42.919487] RDX: 000000000000002e RSI: 0000000020000c40 RDI: 0000000000000004 [ 42.922393] RBP: 00007f138b799ec0 R08: 00007f138b79a700 R09: 0000000000000000 [ 42.925266] R10: 00007f138b79a700 R11: 0000000000000287 R12: 00007f138b799fc0 [ 42.927570] R13: 0000000000000000 R14: 00007ffdbae757c0 R15: 00007f138b79a9c0 [ 42.930047] [ 42.932681] Disabling lock debugging due to kernel taint [ 42.934795] BUG: unable to handle kernel NULL pointer dereference at 00000000000000a0 [ 42.936939] IP: memcpy_erms+0x6/0x10 [ 42.938864] PGD 80000001bea92067 P4D 80000001bea92067 PUD 1bea96067 PMD 0 [ 42.941576] Oops: 0002 [#1] SMP KASAN PTI [ 42.943952] CPU: 1 PID: 1044 Comm: resaddr Tainted: G B 4.16.0-rc1-00057-gaa56a5293d7e #34 [ 42.946964] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.11.0-0-g63451fca13-prebuilt.qemu-project.org 04/01/2014 [ 42.952336] RIP: 0010:memcpy_erms+0x6/0x10 [ 42.954707] RSP: 0018:ffff8801c8b479c8 EFLAGS: 00010286 [ 42.957227] RAX: 00000000000000a0 RBX: ffff8801c8b47ba0 RCX: 000000000000001c [ 42.960543] RDX: 000000000000001c RSI: ffff8801c8b47bbc RDI: 00000000000000a0 [ 42.963867] RBP: ffff8801c8b47b60 R08: 0000000000000000 R09: ffffed0039168ed1 [ 42.967303] R10: 0000000000000001 R11: ffffed0039168ed0 R12: ffff8801c8b47bbc [ 42.970685] R13: 00000000000000a0 R14: 1ffff10039168f4a R15: 0000000000000000 [ 42.973631] FS: 00007f138b79a700(0000) GS:ffff8801e5d00000(0000) knlGS:0000000000000000 [ 42.976831] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 42.979239] CR2: 00000000000000a0 CR3: 00000001be908002 CR4: 00000000003606a0 [ 42.982060] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 42.984877] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 42.988033] Call Trace: [ 42.990487] rdma_resolve_addr+0xc8/0xfb0 [ 42.993202] ? deref_stack_reg+0x88/0xd0 [ 42.996055] ? vsnprintf+0x31a/0x770 [ 42.998707] ? rdma_bind_addr+0xc40/0xc40 [ 43.000985] ? num_to_str+0x130/0x130 [ 43.003410] ? deref_stack_reg+0x88/0xd0 [ 43.006302] ? __read_once_size_nocheck.constprop.6+0x10/0x10 [ 43.008780] ? unwind_get_return_address_ptr+0x50/0x50 [ 43.011178] ? replace_slot+0x147/0x170 [ 43.013517] ? delete_node+0x12c/0x340 [ 43.016019] ? __radix_tree_lookup+0xa9/0x160 [ 43.018755] ? ucma_resolve_ip+0xb7/0x110 [ 43.021270] ucma_resolve_ip+0xb7/0x110 [ 43.023968] ? ucma_resolve_addr+0x190/0x190 [ 43.026312] ? _copy_from_user+0x5e/0x90 [ 43.029384] ucma_write+0x174/0x1f0 [ 43.031861] ? ucma_resolve_route+0xf0/0xf0 [ 43.034782] ? dequeue_task_fair+0x67e/0xd90 [ 43.037483] ? put_prev_entity+0x7d/0x170 [ 43.040215] ? ring_buffer_record_is_on+0xd/0x20 [ 43.042990] ? tracing_record_taskinfo_skip+0x20/0x50 [ 43.045595] __vfs_write+0xc4/0x350 [ 43.048624] ? kernel_read+0xa0/0xa0 [ 43.051604] ? firmware_map_remove+0xdf/0xdf [ 43.055379] ? do_task_dead+0x5d/0x60 [ 43.058000] ? do_exit+0xcc6/0x1220 [ 43.060783] ? __fget+0xa8/0xf0 [ 43.063133] vfs_write+0xf7/0x280 [ 43.065677] SyS_write+0xa1/0x120 [ 43.068647] ? SyS_read+0x120/0x120 [ 43.071179] ? compat_start_thread+0x60/0x60 [ 43.074025] ? SyS_read+0x120/0x120 [ 43.076705] do_syscall_64+0xeb/0x250 [ 43.079006] entry_SYSCALL_64_after_hwframe+0x21/0x86 [ 43.081606] RIP: 0033:0x7f138b0afe99 [ 43.083679] RSP: 002b:00007f138b799e98 EFLAGS: 00000287 ORIG_RAX: 0000000000000001 [ 43.086802] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f138b0afe99 [ 43.089989] RDX: 000000000000002e RSI: 0000000020000c40 RDI: 0000000000000004 [ 43.092866] RBP: 00007f138b799ec0 R08: 00007f138b79a700 R09: 0000000000000000 [ 43.096233] R10: 00007f138b79a700 R11: 0000000000000287 R12: 00007f138b799fc0 [ 43.098913] R13: 0000000000000000 R14: 00007ffdbae757c0 R15: 00007f138b79a9c0 [ 43.101809] Code: 90 90 90 90 90 eb 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 <f3> a4 c3 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa 20 72 7e 40 38 [ 43.107950] RIP: memcpy_erms+0x6/0x10 RSP: ffff8801c8b479c8 Reported-by: <[email protected]> Fixes: 7521663 ("RDMA/cma: Export rdma cm interface to userspace") Signed-off-by: Leon Romanovsky <[email protected]> Reviewed-by: Sean Hefty <[email protected]> Signed-off-by: Jason Gunthorpe <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2975d5d - Browse repository at this point
Copy the full SHA 2975d5dView commit details -
acpi, numa: fix pxm to online numa node associations
Commit 9975986 "acpi: Add acpi_map_pxm_to_online_node()" added support for mapping a given proximity to its nearest, by SLIT distance, online node. However, it sometimes returns unexpected results due to the fact that it switches from comparing the PXM node to the last node that was closer than the current max. for_each_online_node(n) { dist = node_distance(node, n); if (dist < min_dist) { min_dist = dist; node = n; <---- from this point we're using the wrong node for node_distance() Fixes: 9975986 ("acpi: Add acpi_map_pxm_to_online_node()") Cc: <[email protected]> Reviewed-by: Toshi Kani <[email protected]> Acked-by: Rafael J. Wysocki <[email protected]>> Signed-off-by: Dan Williams <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for dc9e0a9 - Browse repository at this point
Copy the full SHA dc9e0a9View commit details -
mmc: dw_mmc: fix falling from idmac to PIO mode when dw_mci_reset occurs
It was found that in IDMAC mode after soft-reset driver switches to PIO mode. That's what happens in case of DTO timeout overflow calculation failure: 1. soft-reset is called 2. driver restarts dma 3. descriptors states are checked, one of descriptor is owned by the IDMAC. 4. driver can't use DMA and then switches to PIO mode. Failure was already fixed in: https://www.spinics.net/lists/linux-mmc/msg48125.html. Behaviour while soft-reset is not something we except or even want to happen. So we switch from dw_mci_idmac_reset to dw_mci_idmac_init, so descriptors are cleaned before starting dma. And while at it explicitly zero des0 which otherwise might contain garbage as being allocated by dmam_alloc_coherent(). Signed-off-by: Evgeniy Didin <[email protected]> Cc: Jaehoon Chung <[email protected]> Cc: Ulf Hansson <[email protected]> Cc: Andy Shevchenko <[email protected]> Cc: Jisheng Zhang <[email protected]> Cc: Shawn Lin <[email protected]> Cc: Alexey Brodkin <[email protected]> Cc: Eugeniy Paltsev <[email protected]> Cc: [email protected] Cc: <[email protected]> # 4.4+ Signed-off-by: Ulf Hansson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 47b7de2 - Browse repository at this point
Copy the full SHA 47b7de2View commit details -
net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off
When we have a bridge with vlan_filtering on and a vlan device on top of it, packets would be corrupted in skb_vlan_untag() called from br_dev_xmit(). The problem sits in skb_reorder_vlan_header() used in skb_vlan_untag(), which makes use of skb->mac_len. In this function mac_len is meant for handling rx path with vlan devices with reorder_header disabled, but in tx path mac_len is typically 0 and cannot be used, which is the problem in this case. The current code even does not properly handle rx path (skb_vlan_untag() called from __netif_receive_skb_core()) with reorder_header off actually. In rx path single tag case, it works as follows: - Before skb_reorder_vlan_header() mac_header data v v +-------------------+-------------+------+---- | ETH | VLAN | ETH | | ADDRS | TPID | TCI | TYPE | +-------------------+-------------+------+---- <-------- mac_len ---------> <-------------> to be removed - After skb_reorder_vlan_header() mac_header data v v +-------------------+------+---- | ETH | ETH | | ADDRS | TYPE | +-------------------+------+---- <-------- mac_len ---------> This is ok, but in rx double tag case, it corrupts packets: - Before skb_reorder_vlan_header() mac_header data v v +-------------------+-------------+-------------+------+---- | ETH | VLAN | VLAN | ETH | | ADDRS | TPID | TCI | TPID | TCI | TYPE | +-------------------+-------------+-------------+------+---- <--------------- mac_len ----------------> <-------------> should be removed <---------------------------> actually will be removed - After skb_reorder_vlan_header() mac_header data v v +-------------------+------+---- | ETH | ETH | | ADDRS | TYPE | +-------------------+------+---- <--------------- mac_len ----------------> So, two of vlan tags are both removed while only inner one should be removed and mac_header (and mac_len) is broken. skb_vlan_untag() is meant for removing the vlan header at (skb->data - 2), so use skb->data and skb->mac_header to calculate the right offset. Reported-by: Brandon Carpenter <[email protected]> Fixes: a6e18ff ("vlan: Fix untag operations of stacked vlans with REORDER_HEADER off") Signed-off-by: Toshiaki Makita <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 4bbb3e0 - Browse repository at this point
Copy the full SHA 4bbb3e0View commit details -
vlan: Fix out of order vlan headers with reorder header off
With reorder header off, received packets are untagged in skb_vlan_untag() called from within __netif_receive_skb_core(), and later the tag will be inserted back in vlan_do_receive(). This caused out of order vlan headers when we create a vlan device on top of another vlan device, because vlan_do_receive() inserts a tag as the outermost vlan tag. E.g. the outer tag is first removed in skb_vlan_untag() and inserted back in vlan_do_receive(), then the inner tag is next removed and inserted back as the outermost tag. This patch fixes the behaviour by inserting the inner tag at the right position. Signed-off-by: Toshiaki Makita <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for cbe7128 - Browse repository at this point
Copy the full SHA cbe7128View commit details -
Merge branch 'vlan-untag-and-insert-fixes'
Toshiaki Makita says: ==================== Fix vlan untag and insertion for bridge and vlan with reorder_hdr off As Brandon Carpenter reported[1], sending non-vlan-offloaded packets from bridge devices ends up with corrupted packets. He narrowed down this problem and found that the root cause is in skb_reorder_vlan_header(). While I was working on fixing this problem, I found that the function does not work properly for double tagged packets with reorder_hdr off as well. Patch 1 fixes these 2 problems in skb_reorder_vlan_header(). And it turned out that fixing skb_reorder_vlan_header() is not sufficient to receive double tagged packets with reorder_hdr off while I was testing the fix. Vlan tags got out of order when vlan devices with reorder_hdr disabled were stacked. Patch 2 fixes this problem. [1] https://www.spinics.net/lists/linux-ethernet-bridging/msg07039.html ==================== Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for e693be2 - Browse repository at this point
Copy the full SHA e693be2View commit details -
kcm: lock lower socket in kcm_attach
Need to lock lower socket in order to provide mutual exclusion with kcm_unattach. v2: Add Reported-by for syzbot Fixes: ab7ac4e ("kcm: Kernel Connection Multiplexor module") Reported-by: syzbot+ea75c0ffcd353d32515f064aaebefc5279e6161e@syzkaller.appspotmail.com Signed-off-by: Tom Herbert <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2cc683e - Browse repository at this point
Copy the full SHA 2cc683eView commit details -
net: systemport: Rewrite __bcm_sysport_tx_reclaim()
There is no need for complex checking between the last consumed index and current consumed index, a simple subtraction will do. This also eliminates the possibility of a permanent transmit queue stall under the following conditions: - one CPU bursts ring->size worth of traffic (up to 256 buffers), to the point where we run out of free descriptors, so we stop the transmit queue at the end of bcm_sysport_xmit() - because of our locking, we have the transmit process disable interrupts which means we can be blocking the TX reclamation process - when TX reclamation finally runs, we will be computing the difference between ring->c_index (last consumed index by SW) and what the HW reports through its register - this register is masked with (ring->size - 1) = 0xff, which will lead to stripping the upper bits of the index (register is 16-bits wide) - we will be computing last_tx_cn as 0, which means there is no work to be done, and we never wake-up the transmit queue, leaving it permanently disabled A practical example is e.g: ring->c_index aka last_c_index = 12, we pushed 256 entries, HW consumer index = 268, we mask it with 0xff = 12, so last_tx_cn == 0, nothing happens. Fixes: 80105be ("net: systemport: add Broadcom SYSTEMPORT Ethernet MAC driver") Signed-off-by: Florian Fainelli <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 484d802 - Browse repository at this point
Copy the full SHA 484d802View commit details -
net/iucv: Free memory obtained by kzalloc
Free memory by calling put_device(), if afiucv_iucv_init is not successful. Signed-off-by: Arvind Yadav <[email protected]> Reviewed-by: Cornelia Huck <[email protected]> Signed-off-by: Ursula Braun <[email protected]> Signed-off-by: Julian Wiedmann <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for fa6a91e - Browse repository at this point
Copy the full SHA fa6a91eView commit details -
qed: Fix MPA unalign flow in case header is split across two packets.
There is a corner case in the MPA unalign flow where a FPDU header is split over two tcp segments. The length of the first fragment in this case was not initialized properly and should be '1' Fixes: c7d1d83 ("qed: Add support for MPA header being split over two tcp packets") Signed-off-by: Michal Kalderon <[email protected]> Signed-off-by: Ariel Elior <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 933e8c9 - Browse repository at this point
Copy the full SHA 933e8c9View commit details -
qed: Fix non TCP packets should be dropped on iWARP ll2 connection
FW workaround. The iWARP LL2 connection did not expect TCP packets to arrive on it's connection. The fix drops any non-tcp packets Fixes b5c29ca ("qed: iWARP CM - setup a ll2 connection for handling SYN packets") Signed-off-by: Michal Kalderon <[email protected]> Signed-off-by: Ariel Elior <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 16da090 - Browse repository at this point
Copy the full SHA 16da090View commit details -
Merge branch 'qed-iWARP-related-fixes'
Michal Kalderon says: ==================== qed: iWARP related fixes This series contains two fixes related to iWARP flow. ==================== Signed-off-by: Michal Kalderon <[email protected]> Signed-off-by: Ariel Elior <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b225598 - Browse repository at this point
Copy the full SHA b225598View commit details -
Link updates were not reported to qedr correctly. Leading to cases where a link could be down, but qedr would see it as up. In addition, once qede was loaded, link state would be up, regardless of the actual link state. Signed-off-by: Michal Kalderon <[email protected]> Signed-off-by: Ariel Elior <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 4609adc - Browse repository at this point
Copy the full SHA 4609adcView commit details -
netlink: avoid a double skb free in genlmsg_mcast()
nlmsg_multicast() consumes always the skb, thus the original skb must be freed only when this function is called with a clone. Fixes: cb9f7a9 ("netlink: ensure to loop over all netns in genlmsg_multicast_allns()") Reported-by: Ben Hutchings <[email protected]> Signed-off-by: Nicolas Dichtel <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 02a2385 - Browse repository at this point
Copy the full SHA 02a2385View commit details -
skbuff: Fix not waking applications when errors are enqueued
When errors are enqueued to the error queue via sock_queue_err_skb() function, it is possible that the waiting application is not notified. Calling 'sk->sk_data_ready()' would not notify applications that selected only POLLERR events in poll() (for example). Fixes: 1da177e ("Linux-2.6.12-rc2") Reported-by: Randy E. Witt <[email protected]> Reviewed-by: Eric Dumazet <[email protected]> Signed-off-by: Vinicius Costa Gomes <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6e5d58f - Browse repository at this point
Copy the full SHA 6e5d58fView commit details -
net: dsa: mv88e6xxx: Fix binding documentation for MDIO busses
The MDIO busses are switch properties and so should be inside the switch node. Fix the examples in the binding document. Reported-by: 尤晓杰 <[email protected]> Signed-off-by: Andrew Lunn <[email protected]> Fixes: a3c53be ("net: dsa: mv88e6xxx: Support multiple MDIO busses") Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 7b7ef57 - Browse repository at this point
Copy the full SHA 7b7ef57View commit details -
batman-adv: update data pointers after skb_cow()
batadv_check_unicast_ttvn() calls skb_cow(), so pointers into the SKB data must be (re)set after calling it. The ethhdr variable is dropped altogether. Fixes: 7cdcf6d ("batman-adv: add UNICAST_4ADDR packet type") Signed-off-by: Matthias Schiffer <[email protected]> Signed-off-by: Sven Eckelmann <[email protected]> Signed-off-by: Simon Wunderlich <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for bc44b78 - Browse repository at this point
Copy the full SHA bc44b78View commit details -
batman-adv: fix header size check in batadv_dbg_arp()
Checking for 0 is insufficient: when an SKB without a batadv header, but with a VLAN header is received, hdr_size will be 4, making the following code interpret the Ethernet header as a batadv header. Fixes: be1db4f ("batman-adv: make the Distributed ARP Table vlan aware") Signed-off-by: Matthias Schiffer <[email protected]> Signed-off-by: Sven Eckelmann <[email protected]> Signed-off-by: Simon Wunderlich <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6f27d2c - Browse repository at this point
Copy the full SHA 6f27d2cView commit details
Commits on Mar 17, 2018
-
net: sched: fix uses after free
syzbot reported one use-after-free in pfifo_fast_enqueue() [1] Issue here is that we can not reuse skb after a successful skb_array_produce() since another cpu might have consumed it already. I believe a similar problem exists in try_bulk_dequeue_skb_slow() in case we put an skb into qdisc_enqueue_skb_bad_txq() for lockless qdisc. [1] BUG: KASAN: use-after-free in qdisc_pkt_len include/net/sch_generic.h:610 [inline] BUG: KASAN: use-after-free in qdisc_qstats_cpu_backlog_inc include/net/sch_generic.h:712 [inline] BUG: KASAN: use-after-free in pfifo_fast_enqueue+0x4bc/0x5e0 net/sched/sch_generic.c:639 Read of size 4 at addr ffff8801cede37e8 by task syzkaller717588/5543 CPU: 1 PID: 5543 Comm: syzkaller717588 Not tainted 4.16.0-rc4+ #265 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x24d lib/dump_stack.c:53 print_address_description+0x73/0x250 mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report+0x23c/0x360 mm/kasan/report.c:412 __asan_report_load4_noabort+0x14/0x20 mm/kasan/report.c:432 qdisc_pkt_len include/net/sch_generic.h:610 [inline] qdisc_qstats_cpu_backlog_inc include/net/sch_generic.h:712 [inline] pfifo_fast_enqueue+0x4bc/0x5e0 net/sched/sch_generic.c:639 __dev_xmit_skb net/core/dev.c:3216 [inline] Fixes: c5ad119 ("net: sched: pfifo_fast use skb_array") Signed-off-by: Eric Dumazet <[email protected]> Reported-by: [email protected] Cc: John Fastabend <[email protected]> Cc: Jamal Hadi Salim <[email protected]> Cc: Cong Wang <[email protected]> Cc: Jiri Pirko <[email protected]> Acked-by: John Fastabend <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for cce6294 - Browse repository at this point
Copy the full SHA cce6294View commit details -
mlxsw: spectrum_buffers: Set a minimum quota for CPU port traffic
In commit 9ffcc37 ("mlxsw: spectrum: Allow packets to be trapped from any PG") I fixed a problem where packets could not be trapped to the CPU due to exceeded shared buffer quotas. The mentioned commit explains the problem in detail. The problem was fixed by assigning a minimum quota for the CPU port and the traffic class used for scheduling traffic to the CPU. However, commit 117b0da ("mlxsw: Create a different trap group list for each device") assigned different traffic classes to different packet types and rendered the fix useless. Fix the problem by assigning a minimum quota for the CPU port and all the traffic classes that are currently in use. Fixes: 117b0da ("mlxsw: Create a different trap group list for each device") Signed-off-by: Ido Schimmel <[email protected]> Reported-by: Eddie Shklaer <[email protected]> Tested-by: Eddie Shklaer <[email protected]> Acked-by: Jiri Pirko <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for bcdd5de - Browse repository at this point
Copy the full SHA bcdd5deView commit details -
ALSA: hda/realtek - Always immediately update mute LED with pin VREF
Some HP laptops have a mute mute LED controlled by a pin VREF. The Realtek codec driver updates the VREF via vmaster hook by calling snd_hda_set_pin_ctl_cache(). This works fine as long as the driver is running in a normal mode. However, when the VREF change happens during the codec being in runtime PM suspend, the regmap access will skip and postpone the actual register change. This ends up with the unchanged LED status until the next runtime PM resume even if you change the Master mute switch. (Interestingly, the machine keeps the LED status even after the codec goes into D3 -- but it's another story.) For improving this usability, let the driver temporarily powering up / down only during the pin VREF change. This can be achieved easily by wrapping the call with snd_hda_power_up_pm() / *_down_pm(). Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199073 Cc: <[email protected]> Signed-off-by: Takashi Iwai <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for e40bdb0 - Browse repository at this point
Copy the full SHA e40bdb0View commit details -
net: hns: Fix ethtool private flags
The driver implementation returns support for private flags, while no private flags are present. When asked for the number of private flags it returns the number of statistic flag names. Fix this by returning EOPNOTSUPP for not implemented ethtool flags. Signed-off-by: Matthias Brugger <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for d61d263 - Browse repository at this point
Copy the full SHA d61d263View commit details -
net: ethernet: ti: cpsw: add check for in-band mode setting with RGMI…
…I PHY interface According to AM335x TRM[1] 14.3.6.2, AM437x TRM[2] 15.3.6.2 and DRA7 TRM[3] 24.11.4.8.7.3.3, in-band mode in EXT_EN(bit18) register is only available when PHY is configured in RGMII mode with 10Mbps speed. It will cause some networking issues without RGMII mode, such as carrier sense errors and low throughput. TI also mentioned this issue in their forum[4]. This patch adds the check mechanism for PHY interface with RGMII interface type, the in-band mode can only be set in RGMII mode with 10Mbps speed. References: [1]: https://www.ti.com/lit/ug/spruh73p/spruh73p.pdf [2]: http://www.ti.com/lit/ug/spruhl7h/spruhl7h.pdf [3]: http://www.ti.com/lit/ug/spruic2b/spruic2b.pdf [4]: https://e2e.ti.com/support/arm/sitara_arm/f/791/p/640765/2392155 Suggested-by: Holsety Chen (陳憲輝) <[email protected]> Signed-off-by: SZ Lin (林上智) <[email protected]> Signed-off-by: Schuyler Patton <[email protected]> Reviewed-by: Grygorii Strashko <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for f9db506 - Browse repository at this point
Copy the full SHA f9db506View commit details -
net/sched: fix NULL dereference in the error path of tcf_vlan_init()
when the following command # tc actions replace action vlan pop index 100 is run for the first time, and tcf_vlan_init() fails allocating struct tcf_vlan_params, tcf_vlan_cleanup() calls kfree_rcu(NULL, ...). This causes the following error: BUG: unable to handle kernel NULL pointer dereference at 0000000000000018 IP: __call_rcu+0x23/0x2b0 PGD 80000000760a2067 P4D 80000000760a2067 PUD 742c1067 PMD 0 Oops: 0002 [#1] SMP PTI Modules linked in: act_vlan(E) ip6table_filter ip6_tables iptable_filter binfmt_misc ext4 snd_hda_codec_generic snd_hda_intel mbcache snd_hda_codec jbd2 snd_hda_core crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc snd_hwdep snd_seq snd_seq_device snd_pcm aesni_intel crypto_simd snd_timer glue_helper snd cryptd joydev soundcore virtio_balloon pcspkr i2c_piix4 nfsd auth_rpcgss nfs_acl lockd grace sunrpc ip_tables xfs libcrc32c ata_generic pata_acpi qxl drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm drm virtio_console virtio_blk virtio_net ata_piix crc32c_intel libata virtio_pci i2c_core virtio_ring serio_raw virtio floppy dm_mirror dm_region_hash dm_log dm_mod [last unloaded: act_vlan] CPU: 3 PID: 3119 Comm: tc Tainted: G E 4.16.0-rc4.act_vlan.orig+ #403 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:__call_rcu+0x23/0x2b0 RSP: 0018:ffffaac3005fb798 EFLAGS: 00010246 RAX: ffffffffc0704080 RBX: ffff97f2b4bbe900 RCX: 00000000ffffffff RDX: ffffffffabca5f00 RSI: 0000000000000010 RDI: 0000000000000010 RBP: 0000000000000010 R08: 0000000000000001 R09: 0000000000000044 R10: 00000000fd003000 R11: ffff97f2faab5b91 R12: 0000000000000000 R13: ffffffffabca5f00 R14: ffff97f2fb80202c R15: 00000000fffffff4 FS: 00007f68f75b4740(0000) GS:ffff97f2ffd80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000018 CR3: 0000000072b52001 CR4: 00000000001606e0 Call Trace: __tcf_idr_release+0x79/0xf0 tcf_vlan_init+0x168/0x270 [act_vlan] tcf_action_init_1+0x2cc/0x430 tcf_action_init+0xd3/0x1b0 tc_ctl_action+0x18b/0x240 rtnetlink_rcv_msg+0x29c/0x310 ? _cond_resched+0x15/0x30 ? __kmalloc_node_track_caller+0x1b9/0x270 ? rtnl_calcit.isra.28+0x100/0x100 netlink_rcv_skb+0xd2/0x110 netlink_unicast+0x17c/0x230 netlink_sendmsg+0x2cd/0x3c0 sock_sendmsg+0x30/0x40 ___sys_sendmsg+0x27a/0x290 ? filemap_map_pages+0x34a/0x3a0 ? __handle_mm_fault+0xbfd/0xe20 __sys_sendmsg+0x51/0x90 do_syscall_64+0x6e/0x1a0 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 RIP: 0033:0x7f68f69c5ba0 RSP: 002b:00007fffd79c1118 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fffd79c1240 RCX: 00007f68f69c5ba0 RDX: 0000000000000000 RSI: 00007fffd79c1190 RDI: 0000000000000003 RBP: 000000005aaa708e R08: 0000000000000002 R09: 0000000000000000 R10: 00007fffd79c0ba0 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fffd79c1254 R14: 0000000000000001 R15: 0000000000669f60 Code: 5d e9 42 da ff ff 66 90 0f 1f 44 00 00 41 57 41 56 41 55 49 89 d5 41 54 55 48 89 fd 53 48 83 ec 08 40 f6 c7 07 0f 85 19 02 00 00 <48> 89 75 08 48 c7 45 00 00 00 00 00 9c 58 0f 1f 44 00 00 49 89 RIP: __call_rcu+0x23/0x2b0 RSP: ffffaac3005fb798 CR2: 0000000000000018 fix this in tcf_vlan_cleanup(), ensuring that kfree_rcu(p, ...) is called only when p is not NULL. Fixes: 4c5b9d9 ("act_vlan: VLAN action rewrite to use RCU lock/unlock and update") Acked-by: Jiri Pirko <[email protected]> Acked-by: Manish Kurup <[email protected]> Signed-off-by: Davide Caratti <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 1edf8ab - Browse repository at this point
Copy the full SHA 1edf8abView commit details -
net/sched: fix NULL dereference in the error path of tcf_csum_init()
when the following command # tc action add action csum udp continue index 100 is run for the first time, and tcf_csum_init() fails allocating struct tcf_csum, tcf_csum_cleanup() calls kfree_rcu(NULL,...). This causes the following error: BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 IP: __call_rcu+0x23/0x2b0 PGD 80000000740b4067 P4D 80000000740b4067 PUD 32e7f067 PMD 0 Oops: 0002 [#1] SMP PTI Modules linked in: act_csum(E) act_vlan ip6table_filter ip6_tables iptable_filter binfmt_misc ext4 mbcache jbd2 crct10dif_pclmul crc32_pclmul ghash_clmulni_intel snd_hda_codec_generic pcbc snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep snd_seq snd_seq_device snd_pcm snd_timer aesni_intel crypto_simd glue_helper cryptd snd joydev pcspkr virtio_balloon i2c_piix4 soundcore nfsd auth_rpcgss nfs_acl lockd grace sunrpc ip_tables xfs libcrc32c ata_generic pata_acpi qxl drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm virtio_blk drm virtio_net virtio_console ata_piix crc32c_intel libata virtio_pci serio_raw i2c_core virtio_ring virtio floppy dm_mirror dm_region_hash dm_log dm_mod [last unloaded: act_vlan] CPU: 2 PID: 5763 Comm: tc Tainted: G E 4.16.0-rc4.act_vlan.orig+ #403 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:__call_rcu+0x23/0x2b0 RSP: 0018:ffffb275803e77c0 EFLAGS: 00010246 RAX: ffffffffc057b080 RBX: ffff9674bc6f5240 RCX: 00000000ffffffff RDX: ffffffff928a5f00 RSI: 0000000000000008 RDI: 0000000000000008 RBP: 0000000000000008 R08: 0000000000000001 R09: 0000000000000044 R10: 0000000000000220 R11: ffff9674b9ab4821 R12: 0000000000000000 R13: ffffffff928a5f00 R14: 0000000000000000 R15: 0000000000000001 FS: 00007fa6368d8740(0000) GS:ffff9674bfd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000010 CR3: 0000000073dec001 CR4: 00000000001606e0 Call Trace: __tcf_idr_release+0x79/0xf0 tcf_csum_init+0xfb/0x180 [act_csum] tcf_action_init_1+0x2cc/0x430 tcf_action_init+0xd3/0x1b0 tc_ctl_action+0x18b/0x240 rtnetlink_rcv_msg+0x29c/0x310 ? _cond_resched+0x15/0x30 ? __kmalloc_node_track_caller+0x1b9/0x270 ? rtnl_calcit.isra.28+0x100/0x100 netlink_rcv_skb+0xd2/0x110 netlink_unicast+0x17c/0x230 netlink_sendmsg+0x2cd/0x3c0 sock_sendmsg+0x30/0x40 ___sys_sendmsg+0x27a/0x290 ? filemap_map_pages+0x34a/0x3a0 ? __handle_mm_fault+0xbfd/0xe20 __sys_sendmsg+0x51/0x90 do_syscall_64+0x6e/0x1a0 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 RIP: 0033:0x7fa635ce9ba0 RSP: 002b:00007ffc185b0fc8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007ffc185b10f0 RCX: 00007fa635ce9ba0 RDX: 0000000000000000 RSI: 00007ffc185b1040 RDI: 0000000000000003 RBP: 000000005aaa85e0 R08: 0000000000000002 R09: 0000000000000000 R10: 00007ffc185b0a20 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc185b1104 R14: 0000000000000001 R15: 0000000000669f60 Code: 5d e9 42 da ff ff 66 90 0f 1f 44 00 00 41 57 41 56 41 55 49 89 d5 41 54 55 48 89 fd 53 48 83 ec 08 40 f6 c7 07 0f 85 19 02 00 00 <48> 89 75 08 48 c7 45 00 00 00 00 00 9c 58 0f 1f 44 00 00 49 89 RIP: __call_rcu+0x23/0x2b0 RSP: ffffb275803e77c0 CR2: 0000000000000010 fix this in tcf_csum_cleanup(), ensuring that kfree_rcu(param, ...) is called only when param is not NULL. Fixes: 9c5f69b ("net/sched: act_csum: don't use spinlock in the fast path") Signed-off-by: Davide Caratti <[email protected]> Acked-by: Jiri Pirko <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for aab378a - Browse repository at this point
Copy the full SHA aab378aView commit details -
net/sched: fix NULL dereference in the error path of tunnel_key_init()
when the following command # tc action add action tunnel_key unset index 100 is run for the first time, and tunnel_key_init() fails to allocate struct tcf_tunnel_key_params, tunnel_key_release() dereferences NULL pointers. This causes the following error: BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 IP: tunnel_key_release+0xd/0x40 [act_tunnel_key] PGD 8000000033787067 P4D 8000000033787067 PUD 74646067 PMD 0 Oops: 0000 [#1] SMP PTI Modules linked in: act_tunnel_key(E) act_csum ip6table_filter ip6_tables iptable_filter binfmt_misc ext4 mbcache jbd2 crct10dif_pclmul crc32_pclmul snd_hda_codec_generic ghash_clmulni_intel snd_hda_intel pcbc snd_hda_codec snd_hda_core snd_hwdep snd_seq aesni_intel snd_seq_device crypto_simd glue_helper snd_pcm cryptd joydev snd_timer pcspkr virtio_balloon snd i2c_piix4 soundcore nfsd auth_rpcgss nfs_acl lockd grace sunrpc ip_tables xfs libcrc32c ata_generic pata_acpi qxl drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm virtio_net virtio_blk drm virtio_console crc32c_intel ata_piix serio_raw i2c_core virtio_pci libata virtio_ring virtio floppy dm_mirror dm_region_hash dm_log dm_mod CPU: 2 PID: 3101 Comm: tc Tainted: G E 4.16.0-rc4.act_vlan.orig+ #403 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:tunnel_key_release+0xd/0x40 [act_tunnel_key] RSP: 0018:ffffba46803b7768 EFLAGS: 00010286 RAX: ffffffffc09010a0 RBX: 0000000000000000 RCX: 0000000000000024 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff99ee336d7480 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000044 R10: 0000000000000220 R11: ffff99ee79d73131 R12: 0000000000000000 R13: ffff99ee32d67610 R14: ffff99ee7671dc38 R15: 00000000fffffff4 FS: 00007febcb2cd740(0000) GS:ffff99ee7fd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000010 CR3: 000000007c8e4005 CR4: 00000000001606e0 Call Trace: __tcf_idr_release+0x79/0xf0 tunnel_key_init+0xd9/0x460 [act_tunnel_key] tcf_action_init_1+0x2cc/0x430 tcf_action_init+0xd3/0x1b0 tc_ctl_action+0x18b/0x240 rtnetlink_rcv_msg+0x29c/0x310 ? _cond_resched+0x15/0x30 ? __kmalloc_node_track_caller+0x1b9/0x270 ? rtnl_calcit.isra.28+0x100/0x100 netlink_rcv_skb+0xd2/0x110 netlink_unicast+0x17c/0x230 netlink_sendmsg+0x2cd/0x3c0 sock_sendmsg+0x30/0x40 ___sys_sendmsg+0x27a/0x290 __sys_sendmsg+0x51/0x90 do_syscall_64+0x6e/0x1a0 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 RIP: 0033:0x7febca6deba0 RSP: 002b:00007ffe7b0dd128 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007ffe7b0dd250 RCX: 00007febca6deba0 RDX: 0000000000000000 RSI: 00007ffe7b0dd1a0 RDI: 0000000000000003 RBP: 000000005aaa90cb R08: 0000000000000002 R09: 0000000000000000 R10: 00007ffe7b0dcba0 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffe7b0dd264 R14: 0000000000000001 R15: 0000000000669f60 Code: 44 00 00 8b 0d b5 23 00 00 48 8b 87 48 10 00 00 48 8b 3c c8 e9 a5 e5 d8 c3 0f 1f 44 00 00 0f 1f 44 00 00 53 48 8b 9f b0 00 00 00 <83> 7b 10 01 74 0b 48 89 df 31 f6 5b e9 f2 fa 7f c3 48 8b 7b 18 RIP: tunnel_key_release+0xd/0x40 [act_tunnel_key] RSP: ffffba46803b7768 CR2: 0000000000000010 Fix this in tunnel_key_release(), ensuring 'param' is not NULL before dereferencing it. Fixes: d0f6dd8 ("net/sched: Introduce act_tunnel_key") Signed-off-by: Davide Caratti <[email protected]> Acked-by: Jiri Pirko <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for abdadd3 - Browse repository at this point
Copy the full SHA abdadd3View commit details -
net/sched: fix NULL dereference in the error path of tcf_sample_init()
when the following command # tc action add action sample rate 100 group 100 index 100 is run for the first time, and psample_group_get(100) fails to create a new group, tcf_sample_cleanup() calls psample_group_put(NULL), thus causing the following error: BUG: unable to handle kernel NULL pointer dereference at 000000000000001c IP: psample_group_put+0x15/0x71 [psample] PGD 8000000075775067 P4D 8000000075775067 PUD 7453c067 PMD 0 Oops: 0002 [#1] SMP PTI Modules linked in: act_sample(E) psample ip6table_filter ip6_tables iptable_filter binfmt_misc ext4 snd_hda_codec_generic snd_hda_intel snd_hda_codec snd_hda_core mbcache jbd2 crct10dif_pclmul snd_hwdep crc32_pclmul snd_seq ghash_clmulni_intel pcbc snd_seq_device snd_pcm aesni_intel crypto_simd snd_timer glue_helper snd cryptd joydev pcspkr i2c_piix4 soundcore virtio_balloon nfsd auth_rpcgss nfs_acl lockd grace sunrpc ip_tables xfs libcrc32c ata_generic pata_acpi qxl drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm drm virtio_net ata_piix virtio_console virtio_blk libata serio_raw crc32c_intel virtio_pci i2c_core virtio_ring virtio floppy dm_mirror dm_region_hash dm_log dm_mod [last unloaded: act_tunnel_key] CPU: 2 PID: 5740 Comm: tc Tainted: G E 4.16.0-rc4.act_vlan.orig+ #403 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:psample_group_put+0x15/0x71 [psample] RSP: 0018:ffffb8a80032f7d0 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000024 RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffffffc06d93c0 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000044 R10: 00000000bd003000 R11: ffff979fba04aa59 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffff979fbba3f22c FS: 00007f7638112740(0000) GS:ffff979fbfd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000001c CR3: 00000000734ea001 CR4: 00000000001606e0 Call Trace: __tcf_idr_release+0x79/0xf0 tcf_sample_init+0x125/0x1d0 [act_sample] tcf_action_init_1+0x2cc/0x430 tcf_action_init+0xd3/0x1b0 tc_ctl_action+0x18b/0x240 rtnetlink_rcv_msg+0x29c/0x310 ? _cond_resched+0x15/0x30 ? __kmalloc_node_track_caller+0x1b9/0x270 ? rtnl_calcit.isra.28+0x100/0x100 netlink_rcv_skb+0xd2/0x110 netlink_unicast+0x17c/0x230 netlink_sendmsg+0x2cd/0x3c0 sock_sendmsg+0x30/0x40 ___sys_sendmsg+0x27a/0x290 ? filemap_map_pages+0x34a/0x3a0 ? __handle_mm_fault+0xbfd/0xe20 __sys_sendmsg+0x51/0x90 do_syscall_64+0x6e/0x1a0 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 RIP: 0033:0x7f7637523ba0 RSP: 002b:00007fff0473ef58 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fff0473f080 RCX: 00007f7637523ba0 RDX: 0000000000000000 RSI: 00007fff0473efd0 RDI: 0000000000000003 RBP: 000000005aaaac80 R08: 0000000000000002 R09: 0000000000000000 R10: 00007fff0473e9e0 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff0473f094 R14: 0000000000000001 R15: 0000000000669f60 Code: be 02 00 00 00 48 89 df e8 a9 fe ff ff e9 7c ff ff ff 0f 1f 40 00 0f 1f 44 00 00 53 48 89 fb 48 c7 c7 c0 93 6d c0 e8 db 20 8c ef <83> 6b 1c 01 74 10 48 c7 c7 c0 93 6d c0 ff 14 25 e8 83 83 b0 5b RIP: psample_group_put+0x15/0x71 [psample] RSP: ffffb8a80032f7d0 CR2: 000000000000001c Fix it in tcf_sample_cleanup(), ensuring that calls to psample_group_put(p) are done only when p is not NULL. Fixes: cadb9c9 ("net/sched: act_sample: Fix error path in init") Signed-off-by: Davide Caratti <[email protected]> Acked-by: Jiri Pirko <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 1f110e7 - Browse repository at this point
Copy the full SHA 1f110e7View commit details -
net/sched: fix NULL dereference on the error path of tcf_skbmod_init()
when the following command # tc action replace action skbmod swap mac index 100 is run for the first time, and tcf_skbmod_init() fails to allocate struct tcf_skbmod_params, tcf_skbmod_cleanup() calls kfree_rcu(NULL), thus causing the following error: BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 IP: __call_rcu+0x23/0x2b0 PGD 8000000034057067 P4D 8000000034057067 PUD 74937067 PMD 0 Oops: 0002 [#1] SMP PTI Modules linked in: act_skbmod(E) psample ip6table_filter ip6_tables iptable_filter binfmt_misc ext4 snd_hda_codec_generic snd_hda_intel snd_hda_codec crct10dif_pclmul mbcache jbd2 crc32_pclmul snd_hda_core ghash_clmulni_intel snd_hwdep pcbc snd_seq snd_seq_device snd_pcm aesni_intel snd_timer crypto_simd glue_helper snd cryptd virtio_balloon joydev soundcore pcspkr i2c_piix4 nfsd auth_rpcgss nfs_acl lockd grace sunrpc ip_tables xfs libcrc32c ata_generic pata_acpi qxl drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm drm virtio_console virtio_net virtio_blk ata_piix libata crc32c_intel virtio_pci serio_raw virtio_ring virtio i2c_core floppy dm_mirror dm_region_hash dm_log dm_mod [last unloaded: act_skbmod] CPU: 3 PID: 3144 Comm: tc Tainted: G E 4.16.0-rc4.act_vlan.orig+ #403 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:__call_rcu+0x23/0x2b0 RSP: 0018:ffffbd2e403e7798 EFLAGS: 00010246 RAX: ffffffffc0872080 RBX: ffff981d34bff780 RCX: 00000000ffffffff RDX: ffffffff922a5f00 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000001 R09: 000000000000021f R10: 000000003d003000 R11: 0000000000aaaaaa R12: 0000000000000000 R13: ffffffff922a5f00 R14: 0000000000000001 R15: ffff981d3b698c2c FS: 00007f3678292740(0000) GS:ffff981d3fd80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000008 CR3: 000000007c57a006 CR4: 00000000001606e0 Call Trace: __tcf_idr_release+0x79/0xf0 tcf_skbmod_init+0x1d1/0x210 [act_skbmod] tcf_action_init_1+0x2cc/0x430 tcf_action_init+0xd3/0x1b0 tc_ctl_action+0x18b/0x240 rtnetlink_rcv_msg+0x29c/0x310 ? _cond_resched+0x15/0x30 ? __kmalloc_node_track_caller+0x1b9/0x270 ? rtnl_calcit.isra.28+0x100/0x100 netlink_rcv_skb+0xd2/0x110 netlink_unicast+0x17c/0x230 netlink_sendmsg+0x2cd/0x3c0 sock_sendmsg+0x30/0x40 ___sys_sendmsg+0x27a/0x290 ? filemap_map_pages+0x34a/0x3a0 ? __handle_mm_fault+0xbfd/0xe20 __sys_sendmsg+0x51/0x90 do_syscall_64+0x6e/0x1a0 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 RIP: 0033:0x7f36776a3ba0 RSP: 002b:00007fff4703b618 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fff4703b740 RCX: 00007f36776a3ba0 RDX: 0000000000000000 RSI: 00007fff4703b690 RDI: 0000000000000003 RBP: 000000005aaaba36 R08: 0000000000000002 R09: 0000000000000000 R10: 00007fff4703b0a0 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff4703b754 R14: 0000000000000001 R15: 0000000000669f60 Code: 5d e9 42 da ff ff 66 90 0f 1f 44 00 00 41 57 41 56 41 55 49 89 d5 41 54 55 48 89 fd 53 48 83 ec 08 40 f6 c7 07 0f 85 19 02 00 00 <48> 89 75 08 48 c7 45 00 00 00 00 00 9c 58 0f 1f 44 00 00 49 89 RIP: __call_rcu+0x23/0x2b0 RSP: ffffbd2e403e7798 CR2: 0000000000000008 Fix it in tcf_skbmod_cleanup(), ensuring that kfree_rcu(p, ...) is called only when p is not NULL. Fixes: 86da71b ("net_sched: Introduce skbmod action") Signed-off-by: Davide Caratti <[email protected]> Acked-by: Jiri Pirko <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2d43361 - Browse repository at this point
Copy the full SHA 2d43361View commit details -
Merge branch 'tcf_foo_init-NULL-deref'
Davide Caratti says: ==================== net/sched: fix NULL dereference in the error path of .init() with several TC actions it's possible to see NULL pointer dereference, when the .init() function calls tcf_idr_alloc(), fails at some point and then calls tcf_idr_release(): this series fixes all them introducing non-NULL tests in the .cleanup() function. ==================== Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 78f1b04 - Browse repository at this point
Copy the full SHA 78f1b04View commit details
Commits on Mar 18, 2018
-
vmxnet3: avoid xmit reset due to a race in vmxnet3
The field txNumDeferred is used by the driver to keep track of the number of packets it has pushed to the emulation. The driver increments it on pushing the packet to the emulation and the emulation resets it to 0 at the end of the transmit. There is a possibility of a race either when (a) ESX is under heavy load or (b) workload inside VM is of low packet rate. This race results in xmit hangs when network coalescing is disabled. This change creates a local copy of txNumDeferred and uses it to perform ring arithmetic. Reported-by: Noriho Tanaka <[email protected]> Signed-off-by: Ronak Doshi <[email protected]> Acked-by: Shrikrishna Khare <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 7a4c003 - Browse repository at this point
Copy the full SHA 7a4c003View commit details -
vmxnet3: use correct flag to indicate LRO feature
'Commit 45dac1d ("vmxnet3: Changes for vmxnet3 adapter version 2 (fwd)")' introduced a flag "lro" in structure vmxnet3_adapter which is used to indicate whether LRO is enabled or not. However, the patch did not set the flag and hence it was never exercised. So, when LRO is enabled, it resulted in poor TCP performance due to delayed acks. This issue is seen with packets which are larger than the mss getting a delayed ack rather than an immediate ack, thus resulting in high latency. This patch removes the lro flag and directly uses device features against NETIF_F_LRO to check if lro is enabled. Fixes: 45dac1d ("vmxnet3: Changes for vmxnet3 adapter version 2 (fwd)") Reported-by: Rachel Lunnon <[email protected]> Signed-off-by: Ronak Doshi <[email protected]> Acked-by: Shrikrishna Khare <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 034f405 - Browse repository at this point
Copy the full SHA 034f405View commit details -
batman-adv: Add missing include for EPOLL* constants
Fixes: a9a0884 ("vfs: do bulk POLL* -> EPOLL* replacement") Signed-off-by: Sven Eckelmann <[email protected]> Signed-off-by: Simon Wunderlich <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 48881ed - Browse repository at this point
Copy the full SHA 48881edView commit details -
batman-adv: Fix skbuff rcsum on packet reroute
batadv_check_unicast_ttvn may redirect a packet to itself or another originator. This involves rewriting the ttvn and the destination address in the batadv unicast header. These field were not yet pulled (with skb rcsum update) and thus any change to them also requires a change in the receive checksum. Reported-by: Matthias Schiffer <[email protected]> Fixes: a73105b ("batman-adv: improved client announcement mechanism") Signed-off-by: Sven Eckelmann <[email protected]> Signed-off-by: Simon Wunderlich <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for fc04fdb - Browse repository at this point
Copy the full SHA fc04fdbView commit details -
net: fec: Fix unbalanced PM runtime calls
When unbinding/removing the driver, we will run into the following warnings: [ 259.655198] fec 400d1000.ethernet: 400d1000.ethernet supply phy not found, using dummy regulator [ 259.665065] fec 400d1000.ethernet: Unbalanced pm_runtime_enable! [ 259.672770] fec 400d1000.ethernet (unnamed net_device) (uninitialized): Invalid MAC address: 00:00:00:00:00:00 [ 259.683062] fec 400d1000.ethernet (unnamed net_device) (uninitialized): Using random MAC address: f2:3e:93:b7:29:c1 [ 259.696239] libphy: fec_enet_mii_bus: probed Avoid these warnings by balancing the runtime PM calls during fec_drv_remove(). Signed-off-by: Florian Fainelli <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for a069215 - Browse repository at this point
Copy the full SHA a069215View commit details -
dt-bindings: exynos: Document #sound-dai-cells property of the HDMI node
The #sound-dai-cells DT property is required to describe link between the HDMI IP block and the SoC's audio subsystem. Signed-off-by: Sylwester Nawrocki <[email protected]> Reviewed-by: Rob Herring <[email protected]> Signed-off-by: Inki Dae <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c15619a - Browse repository at this point
Copy the full SHA c15619aView commit details
Commits on Mar 19, 2018
-
Configuration menu - View commit details
-
Copy full SHA for c698ca5 - Browse repository at this point
Copy the full SHA c698ca5View commit details -
drm/tegra: dc: Detach IOMMU group from domain only once
Detaching from an IOMMU group multiple times can lead to a crash. This could potentially be fixed in the IOMMU driver, but it's easy to avoid the subsequent detach operations in this driver, so do that as well. Signed-off-by: Thierry Reding <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b1d0b34 - Browse repository at this point
Copy the full SHA b1d0b34View commit details -
drm/tegra: dsi: Don't disable regulator on ->exit()
The regulator is controlled as part of runtime PM, so it should not be additionally disabled from the ->exit() callback. Signed-off-by: Thierry Reding <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8dafb83 - Browse repository at this point
Copy the full SHA 8dafb83View commit details -
drm/tegra: Shutdown on driver unbind
Since commit 846c7df ("drm/atomic: Try to preserve the crtc enabled state in drm_atomic_remove_fb, v2."), removing the last framebuffer will no longer disable the corresponding pipeline, which causes the KMS core to complain about leaked connectors on driver unbind. Fix this by calling drm_atomic_helper_shutdown() on driver unbind, which will cause all display pipelines to be shut down and therefore drop the extra references on the connectors. Signed-off-by: Thierry Reding <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 192b4af - Browse repository at this point
Copy the full SHA 192b4afView commit details -
Revert "ACPI / battery: Add quirk for Asus GL502VSK and UX305LA"
Revert commit c68f067 ("ACPI / battery: Add quirk for Asus GL502VSK and UX305LA") and commit 4446823 ("ACPI / battery: Add quirk for Asus UX360UA and UX410UAK"). On many many Asus products, the battery is sometimes reported as charging or discharging even when it is full and you are on AC power. This change quirked the kernel to avoid advertising the discharging state when this happens on 4 laptop models, under the belief that this was incorrect information. I presume it originates from user reports who are confused that their battery status icon says that it is discharging. However, the reported information is indeed correct, and the quirk approach taken is inadequate and more thought is needed first. Specifically: 1. It only quirks discharging state, not charging 2. There are so many different Asus products and DMI naming variants within those product families that behave this way; Linux could grow to quirk hundreds of products and still not even be close at "winning" this battle. 3. Asus previously clarified that this behaviour is intentional. The platform will periodically do a partial discharge/charge cycle when the battery is full, because this is one way to extend the lifetime of the battery (leaving a battery at 100% charge and unused will decrease its usable capacity over time). My understanding is that any decent consumer product will have this behaviour, but it appears that Asus is different in that they expose this info through ACPI. However, the behaviour seems correct. The ACPI spec does not suggest in that the platform should hide the truth. It lets you report that the battery is full of charge, and discharging, and with external power connected; and Asus does this. 4. In terms of not confusing the user, this seems like something that could/should be handled by userspace, which can also detect these same (accurate) conditions in the general case. Revert this quirk before it gets included in a release, while we look for better approaches. Signed-off-by: Daniel Drake <[email protected]> Acked-by: Kai-Heng Feng <[email protected]> Signed-off-by: Rafael J. Wysocki <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 82bf43b - Browse repository at this point
Copy the full SHA 82bf43bView commit details -
mtdchar: fix usage of mtd_ooblayout_ecc()
Section was not properly computed. The value of OOB region definition is always ECC section 0 information in the OOB area, but we want to get all the ECC bytes information, so we should call mtd_ooblayout_ecc(mtd, section++, &oobregion) until it returns -ERANGE. Fixes: c2b7845 ("mtd: use mtd_ooblayout_xxx() helpers where appropriate") Cc: <[email protected]> Signed-off-by: OuYang ZhiZhong <[email protected]> Signed-off-by: Boris Brezillon <[email protected]>
OuYang ZhiZhong authored and Boris Brezillon committedMar 19, 2018 Configuration menu - View commit details
-
Copy full SHA for 6de5649 - Browse repository at this point
Copy the full SHA 6de5649View commit details -
can: cc770: Fix use after free in cc770_tx_interrupt()
This fixes use after free introduced by the last cc770 patch. Signed-off-by: Andri Yngvason <[email protected]> Fixes: 7462012 ("can: cc770: Fix queue stall & dropped RTR reply") Cc: linux-stable <[email protected]> Signed-off-by: Marc Kleine-Budde <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 9ffd750 - Browse repository at this point
Copy the full SHA 9ffd750View commit details -
Merge tag 'iio-fixes-for-4.16b' of git://git.kernel.org/pub/scm/linux…
…/kernel/git/jic23/iio into staging-linus Jonathan writes: Second set of IIO fixes for the 4.16 cycle. A slightly fiddly revert then fix pair in here as the bug lead to an unused local variable that was then removed without us noticing the bug. The revert should only be needed on 4.16 - the fix goes back futher. * ccs811 - Fix the transition from 'boot' to 'application' mode. Fixes the case where the power is not cut between boot cycles. * meson-saradc - Fix missing mutex_unlock in an error path. * sd-modulator - Fix bindings doc to have the right value of io-channel-cells to reflect that this device type only ever outputs one channel. * st-accel - Revert drop of redundant pointer patch. - Use the now available pointer to avoid overwriting the platform data pointer and causing trouble on reprobing the driver. * st-pressure - Use local copy of the platform data pointer to avoid overwriting the one associated with the device, which would cause issues on reprobing the driver. * stm32-dfsdm - Use the right regmap_cfg for the type of device. - Correct the ID passed to stop channel to be the channel one. - Correct which clock is used to allow for the 'audio' clock. - Fix allocation of channels when more than one is enabled.
Configuration menu - View commit details
-
Copy full SHA for b769949 - Browse repository at this point
Copy the full SHA b769949View commit details -
staging: ncpfs: memory corruption in ncp_read_kernel()
If the server is malicious then *bytes_read could be larger than the size of the "target" buffer. It would lead to memory corruption when we do the memcpy(). Reported-by: Dr Silvio Cesare of InfoSect <Silvio Cesare <[email protected]> Signed-off-by: Dan Carpenter <[email protected]> Cc: stable <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 4c41aa2 - Browse repository at this point
Copy the full SHA 4c41aa2View commit details -
libata: Apply NOLPM quirk to Crucial M500 480 and 960GB SSDs
There have been reports of the Crucial M500 480GB model not working with LPM set to min_power / med_power_with_dipm level. It has not been tested with medium_power, but that typically has no measurable power-savings. Note the reporters Crucial_CT480M500SSD3 has a firmware version of MU03 and there is a MU05 update available, but that update does not mention any LPM fixes in its changelog, so the quirk matches all firmware versions. In my experience the LPM problems with (older) Crucial SSDs seem to be limited to higher capacity versions of the SSDs (different firmware?), so this commit adds a NOLPM quirk for the 480 and 960GB versions of the M500, to avoid LPM causing issues with these SSDs. Cc: [email protected] Reported-and-tested-by: Martin Steigerwald <[email protected]> Signed-off-by: Hans de Goede <[email protected]> Signed-off-by: Tejun Heo <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 62ac3f7 - Browse repository at this point
Copy the full SHA 62ac3f7View commit details -
libata: Make Crucial BX100 500GB LPM quirk apply to all firmware vers…
…ions Commit b17e572 ("libata: disable LPM for Crucial BX100 SSD 500GB drive"), introduced a ATA_HORKAGE_NOLPM quirk for Crucial BX100 500GB SSDs but limited this to the MU02 firmware version, according to: http://www.crucial.com/usa/en/support-ssd-firmware MU02 is the last version, so there are no newer possibly fixed versions and if the MU02 version has broken LPM then the MU01 almost certainly also has broken LPM, so this commit changes the quirk to apply to all firmware versions. Fixes: b17e572 ("libata: disable LPM for Crucial BX100 SSD 500GB...") Cc: [email protected] Cc: Kai-Heng Feng <[email protected]> Signed-off-by: Hans de Goede <[email protected]> Signed-off-by: Tejun Heo <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 3bf7b5d - Browse repository at this point
Copy the full SHA 3bf7b5dView commit details -
libata: Modify quirks for MX100 to limit NCQ_TRIM quirk to MU01 version
When commit 9c7be59 ("libata: Apply NOLPM quirk to Crucial MX100 512GB SSDs") was added it inherited the ATA_HORKAGE_NO_NCQ_TRIM quirk from the existing "Crucial_CT*MX100*" entry, but that entry sets model_rev to "MU01", where as the entry adding the NOLPM quirk sets it to NULL. This means that after this commit we no apply the NO_NCQ_TRIM quirk to all "Crucial_CT512MX100*" SSDs even if they have the fixed "MU02" firmware. This commit splits the "Crucial_CT512MX100*" quirk into 2 quirks, one for the "MU01" firmware and one for all other firmware versions, so that we once again only apply the NO_NCQ_TRIM quirk to the "MU01" firmware version. Fixes: 9c7be59 ("libata: Apply NOLPM quirk to ... MX100 512GB SSDs") Cc: [email protected] Signed-off-by: Hans de Goede <[email protected]> Signed-off-by: Tejun Heo <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for d418ff5 - Browse repository at this point
Copy the full SHA d418ff5View commit details -
ALSA: usb-audio: Fix parsing descriptor of UAC2 processing unit
Currently, the offsets in the UAC2 processing unit descriptor are calculated incorrectly. It causes an issue when connecting the device which provides such a feature: ~~~~ [84126.724420] usb 1-1.3.1: invalid Processing Unit descriptor (id 18) ~~~~ After this patch is applied, the UAC2 processing unit inits w/o this error. Fixes: 23caaf1 ("ALSA: usb-mixer: Add support for Audio Class v2.0") Signed-off-by: Kirill Marinushkin <[email protected]> Cc: <[email protected]> Signed-off-by: Takashi Iwai <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for a6618f4 - Browse repository at this point
Copy the full SHA a6618f4View commit details -
drm/amd/display: Refine disable VGA
bad case won't follow normal sense, it will not enable vga1 as usual, but vga2,3,4 is on. Signed-off-by: Clark Zheng <[email protected]> Reviewed-by: Tony Cheng <[email protected]> Acked-by: Alex Deucher <[email protected]> Signed-off-by: Alex Deucher <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 219be9d - Browse repository at this point
Copy the full SHA 219be9dView commit details -
drm/amd/display: fix dereferencing possible ERR_PTR()
This patch fixes static checker warning caused by "36cc549d5986: "drm/amd/display: disable CRTCs with NULL FB on their primary plane (V2)" Reported-by: Dan Carpenter <[email protected]> Signed-off-by: Shirish S <[email protected]> Reviewed-by: Harry Wentland <[email protected]> Acked-by: Alex Deucher <[email protected]> Signed-off-by: Alex Deucher <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for cd2d6c9 - Browse repository at this point
Copy the full SHA cd2d6c9View commit details -
clk: bcm2835: Fix ana->maskX definitions
ana->maskX values are already '~'-ed in bcm2835_pll_set_rate(). Remove the '~' in the definition to fix ANA setup. Note that this commit fixes a long standing bug preventing one from using an HDMI display if it's plugged after the FW has booted Linux. This is because PLLH is used by the HDMI encoder to generate the pixel clock. Fixes: 41691b8 ("clk: bcm2835: Add support for programming the audio domain clocks") Cc: <[email protected]> Signed-off-by: Boris Brezillon <[email protected]> Reviewed-by: Eric Anholt <[email protected]> Signed-off-by: Stephen Boyd <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 49012d1 - Browse repository at this point
Copy the full SHA 49012d1View commit details -
clk: bcm2835: Protect sections updating shared registers
CM_PLLx and A2W_XOSC_CTRL registers are accessed by different clock handlers and must be accessed with ->regs_lock held. Update the sections where this protection is missing. Fixes: 41691b8 ("clk: bcm2835: Add support for programming the audio domain clocks") Cc: <[email protected]> Signed-off-by: Boris Brezillon <[email protected]> Reviewed-by: Eric Anholt <[email protected]> Signed-off-by: Stephen Boyd <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 7997f3b - Browse repository at this point
Copy the full SHA 7997f3bView commit details -
percpu: include linux/sched.h for cond_resched()
microblaze build broke due to missing declaration of the cond_resched() invocation added recently. Let's include linux/sched.h explicitly. Signed-off-by: Tejun Heo <[email protected]> Reported-by: kbuild test robot <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 71546d1 - Browse repository at this point
Copy the full SHA 71546d1View commit details -
mm: Allow to kill tasks doing pcpu_alloc() and waiting for pcpu_balan…
…ce_workfn() In case of memory deficit and low percpu memory pages, pcpu_balance_workfn() takes pcpu_alloc_mutex for a long time (as it makes memory allocations itself and waits for memory reclaim). If tasks doing pcpu_alloc() are choosen by OOM killer, they can't exit, because they are waiting for the mutex. The patch makes pcpu_alloc() to care about killing signal and use mutex_lock_killable(), when it's allowed by GFP flags. This guarantees, a task does not miss SIGKILL from OOM killer. Signed-off-by: Kirill Tkhai <[email protected]> Signed-off-by: Tejun Heo <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for f52ba1f - Browse repository at this point
Copy the full SHA f52ba1fView commit details -
percpu_ref: Update doc to dissuade users from depending on internal R…
…CU grace periods percpu_ref internally uses sched-RCU to implement the percpu -> atomic mode switching and the documentation suggested that this could be depended upon. This doesn't seem like a good idea. * percpu_ref uses sched-RCU which has different grace periods regular RCU. Users may combine percpu_ref with regular RCU usage and incorrectly believe that regular RCU grace periods are performed by percpu_ref. This can lead to, for example, use-after-free due to premature freeing. * percpu_ref has a grace period when switching from percpu to atomic mode. It doesn't have one between the last put and release. This distinction is subtle and can lead to surprising bugs. * percpu_ref allows starting in and switching to atomic mode manually for debugging and other purposes. This means that there may not be any grace periods from kill to release. This patch makes it clear that the grace periods are percpu_ref's internal implementation detail and can't be depended upon by the users. Signed-off-by: Tejun Heo <[email protected]> Cc: Kent Overstreet <[email protected]> Cc: Linus Torvalds <[email protected]> Signed-off-by: Tejun Heo <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b3a5d11 - Browse repository at this point
Copy the full SHA b3a5d11View commit details -
RDMA/ucma: Fix use-after-free access in ucma_close
The error in ucma_create_id() left ctx in the list of contexts belong to ucma file descriptor. The attempt to close this file descriptor causes to use-after-free accesses while iterating over such list. Fixes: 7521663 ("RDMA/cma: Export rdma cm interface to userspace") Reported-by: <[email protected]> Signed-off-by: Leon Romanovsky <[email protected]> Reviewed-by: Sean Hefty <[email protected]> Signed-off-by: Jason Gunthorpe <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ed65a4d - Browse repository at this point
Copy the full SHA ed65a4dView commit details -
RDMA/verbs: Remove restrack entry from XRCD structure
XRCD object is not implemented in the restrack, so lets remove it. Fixes: 02d8883 ("RDMA/restrack: Add general infrastructure to track RDMA resources") Signed-off-by: Leon Romanovsky <[email protected]> Signed-off-by: Jason Gunthorpe <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 80cf79a - Browse repository at this point
Copy the full SHA 80cf79aView commit details -
nfsd: remove blocked locks on client teardown
We had some reports of panics in nfsd4_lm_notify, and that showed a nfs4_lockowner that had outlived its so_client. Ensure that we walk any leftover lockowners after tearing down all of the stateids, and remove any blocked locks that they hold. With this change, we also don't need to walk the nbl_lru on nfsd_net shutdown, as that will happen naturally when we tear down the clients. Fixes: 76d348f (nfsd: have nfsd4_lock use blocking locks for v4.1+ locks) Reported-by: Frank Sorenson <[email protected]> Signed-off-by: Jeff Layton <[email protected]> Cc: [email protected] # 4.9 Signed-off-by: J. Bruce Fields <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 68ef3bc - Browse repository at this point
Copy the full SHA 68ef3bcView commit details -
Merge branch 'for-4.16-fixes' of git://git.kernel.org/pub/scm/linux/k…
…ernel/git/tj/libata Pull libata fixes from Tejun Heo: "I sat on them too long and it's quite a few this late, but nothing has a wide blast area. The changes are... - Fix corner cases in SG command handling. - Recent introduction of default powersaving mode config option exposed several devices with broken powersaving behaviors. A number of patches to update the blacklist accordingly. - Fix a kernel panic on SAS hotplug. - Other misc and device specific updates" * 'for-4.16-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata: libata: Modify quirks for MX100 to limit NCQ_TRIM quirk to MU01 version libata: Make Crucial BX100 500GB LPM quirk apply to all firmware versions libata: Apply NOLPM quirk to Crucial M500 480 and 960GB SSDs libata: Enable queued TRIM for Samsung SSD 860 PCI: Add function 1 DMA alias quirk for Highpoint RocketRAID 644L ahci: Add PCI-id for the Highpoint Rocketraid 644L card ata: do not schedule hot plug if it is a sas host libata: disable LPM for Crucial BX100 SSD 500GB drive libata: Apply NOLPM quirk to Crucial MX100 512GB SSDs libata: update documentation for sysfs interfaces ata: sata_rcar: Remove unused variable in sata_rcar_init_controller() libata: transport: cleanup documentation of sysfs interface sata_rcar: Reset SATA PHY when Salvator-X board resumes libata: don't try to pass through NCQ commands to non-NCQ devices libata: remove WARN() for DMA or PIO command without data libata: fix length validation of ATAPI-relayed SCSI commands ata: libahci: fix comment indentation ahci: Add check for device presence (PCIe hot unplug) in ahci_stop_engine() libata: Fix compile warning with ATA_DEBUG enabled
Configuration menu - View commit details
-
Copy full SHA for efac248 - Browse repository at this point
Copy the full SHA efac248View commit details -
Merge branch 'for-4.16-fixes' of git://git.kernel.org/pub/scm/linux/k…
…ernel/git/tj/percpu Pull percpu fixes from Tejun Heo: "Late percpu pull request for v4.16-rc6. - percpu allocator pool replenishing no longer triggers OOM or warning messages. Also, the alloc interface now understands __GFP_NORETRY and __GFP_NOWARN. This is to allow avoiding OOMs from userland triggered actions like bpf map creation. Also added cond_resched() in alloc loop. - perpcu allocation now can be interrupted by kill sigs to avoid deadlocking OOM killer. - Added Dennis Zhou as a co-maintainer. He has rewritten the area map allocator, understands most of the code base and has been responsive for all bug reports" * 'for-4.16-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu: percpu_ref: Update doc to dissuade users from depending on internal RCU grace periods mm: Allow to kill tasks doing pcpu_alloc() and waiting for pcpu_balance_workfn() percpu: include linux/sched.h for cond_resched() percpu: add a schedule point in pcpu_balance_workfn() percpu: allow select gfp to be passed to underlying allocators percpu: add __GFP_NORETRY semantics to the percpu balancing path percpu: match chunk allocator declarations with definitions percpu: add Dennis Zhou as a percpu co-maintainer
Configuration menu - View commit details
-
Copy full SHA for 0d707a2 - Browse repository at this point
Copy the full SHA 0d707a2View commit details -
Merge branch 'for-4.16-fixes' of git://git.kernel.org/pub/scm/linux/k…
…ernel/git/tj/wq Pull workqueue fixes from Tejun Heo: "Two low-impact workqueue commits. One fixes workqueue creation error path and the other removes the unused cancel_work()" * 'for-4.16-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq: workqueue: remove unused cancel_work() workqueue: use put_device() instead of kfree()
Configuration menu - View commit details
-
Copy full SHA for c6256ca - Browse repository at this point
Copy the full SHA c6256caView commit details -
ACPI / watchdog: Fix off-by-one error at resource assignment
The resource allocation in WDAT watchdog has off-one-by error, it sets one byte more than the actual end address. This may eventually lead to unexpected resource conflicts. Fixes: 058dfc7 (ACPI / watchdog: Add support for WDAT hardware watchdog) Cc: 4.9+ <[email protected]> # 4.9+ Signed-off-by: Takashi Iwai <[email protected]> Acked-by: Mika Westerberg <[email protected]> Acked-by: Guenter Roeck <[email protected]> Signed-off-by: Rafael J. Wysocki <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b1abf6f - Browse repository at this point
Copy the full SHA b1abf6fView commit details -
Merge branch 'for-4.16-fixes' of git://git.kernel.org/pub/scm/linux/k…
…ernel/git/tj/cgroup Pull cgroup fixes from Tejun Heo: "Two commits to fix the following subtle cgroup2 behavior bugs: - cpu.max was rejecting config when it shouldn't - thread mode enable was allowed when it shouldn't" * 'for-4.16-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup: cgroup: fix rule checking for threaded mode switching sched, cgroup: Don't reject lower cpu.max on ancestors
Configuration menu - View commit details
-
Copy full SHA for 1b5f3ba - Browse repository at this point
Copy the full SHA 1b5f3baView commit details -
drm/i915/dp: Write to SET_POWER dpcd to enable MST hub.
If bios sets up an MST output and hardware state readout code sees this is an SST configuration, when disabling the encoder we end up calling ->post_disable_dp() hook instead of the MST version. Consequently, we write to the DP_SET_POWER dpcd to set it D3 state. Further along when we try enable the encoder in MST mode, POWER_UP_PHY transaction fails to power up the MST hub. This results in continuous link training failures which keep the system busy delaying boot. We could identify bios MST boot discrepancy and handle it accordingly but a simple way to solve this is to write to the DP_SET_POWER dpcd for MST too. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=105470 Cc: Ville Syrjälä <[email protected]> Cc: Jani Nikula <[email protected]> Reviewed-by: Ville Syrjälä <[email protected]> Reported-by: Laura Abbott <[email protected]> Cc: [email protected] Fixes: 5ea2355 ("drm/i915/mst: Use MST sideband message transactions for dpms control") Tested-by: Laura Abbott <[email protected]> Signed-off-by: Dhinakaran Pandiyan <[email protected]> Signed-off-by: Jani Nikula <[email protected]> Link: https://patchwork.freedesktop.org/patch/msgid/[email protected] (cherry picked from commit ad260ab) Signed-off-by: Rodrigo Vivi <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b1e3144 - Browse repository at this point
Copy the full SHA b1e3144View commit details
Commits on Mar 20, 2018
-
sysfs: symlink: export sysfs_create_link_nowarn()
The sysfs_create_link_nowarn() is going to be used in phylib framework in subsequent patch which can be built as module. Hence, export sysfs_create_link_nowarn() to avoid build errors. Cc: Florian Fainelli <[email protected]> Cc: Andrew Lunn <[email protected]> Fixes: a399546 ("net: phy: Relax error checking on sysfs_create_link()") Signed-off-by: Grygorii Strashko <[email protected]> Acked-by: Greg Kroah-Hartman <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2399ac4 - Browse repository at this point
Copy the full SHA 2399ac4View commit details -
net: phy: relax error checking when creating sysfs link netdev->phydev
Some ethernet drivers (like TI CPSW) may connect and manage >1 Net PHYs per one netdevice, as result such drivers will produce warning during system boot and fail to connect second phy to netdevice when PHYLIB framework will try to create sysfs link netdev->phydev for second PHY in phy_attach_direct(), because sysfs link with the same name has been created already for the first PHY. As result, second CPSW external port will became unusable. Fix it by relaxing error checking when PHYLIB framework is creating sysfs link netdev->phydev in phy_attach_direct(), suppressing warning by using sysfs_create_link_nowarn() and adding error message instead. After this change links (phy->netdev and netdev->phy) creation failure is not fatal any more and system can continue working, which fixes TI CPSW issue. Cc: Florian Fainelli <[email protected]> Cc: Andrew Lunn <[email protected]> Fixes: a399546 ("net: phy: Relax error checking on sysfs_create_link()") Signed-off-by: Grygorii Strashko <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 4414b3e - Browse repository at this point
Copy the full SHA 4414b3eView commit details -
Merge branch 'phy-relax-error-checking'
Grygorii Strashko says: ==================== net: phy: relax error checking when creating sysfs link netdev->phydev Some ethernet drivers (like TI CPSW) may connect and manage >1 Net PHYs per one netdevice, as result such drivers will produce warning during system boot and fail to connect second phy to netdevice when PHYLIB framework will try to create sysfs link netdev->phydev for second PHY in phy_attach_direct(), because sysfs link with the same name has been created already for the first PHY. As result, second CPSW external port will became unusable. This regression was introduced by commits: 5568363 ("net: phy: Create sysfs reciprocal links for attached_dev/phydev" a399546 ("net: phy: Relax error checking on sysfs_create_link()" Patch 1: exports sysfs_create_link_nowarn() function as preparation for Patch 2. Patch 2: relaxes error checking when PHYLIB framework is creating sysfs link netdev->phydev in phy_attach_direct(), suppresses warning by using sysfs_create_link_nowarn() and adds error message instead, so links creation failure is not fatal any more and system can continue working, which fixes TI CPSW issue and makes boot logs accessible in case of NFS boot, for example. This can be stable material 4.13+. Changes in v2: - commit messages updated. v1: https://patchwork.ozlabs.org/cover/886058/ ==================== Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 36fe095 - Browse repository at this point
Copy the full SHA 36fe095View commit details -
drm/sun4i: hdmi: Fix an error handling path in 'sun4i_hdmi_bind()'
If we can not allocate the HDMI encoder regmap, we still need to free some resources before returning. Fixes: 4b1c924 ("drm/sun4i: hdmi: create a regmap for later use") Reviewed-by: Chen-Yu Tsai <[email protected]> Signed-off-by: Christophe JAILLET <[email protected]> Signed-off-by: Maxime Ripard <[email protected]> Link: https://patchwork.freedesktop.org/patch/msgid/14c42391e1b562c7495bda6ad6fa1d24ec8dc052.1521413031.git.christophe.jaillet@wanadoo.fr
Configuration menu - View commit details
-
Copy full SHA for 8250e6c - Browse repository at this point
Copy the full SHA 8250e6cView commit details -
drm/sun4i: hdmi: Fix another error handling path in 'sun4i_hdmi_bind()'
If we can not get the HDMI DDC clock, we still need to free some resources before returning. Fixes: 939d749 ("drm/sun4i: hdmi: Add support for controller hardware variants") Reviewed-by: Chen-Yu Tsai <[email protected]> Signed-off-by: Christophe JAILLET <[email protected]> Signed-off-by: Maxime Ripard <[email protected]> Link: https://patchwork.freedesktop.org/patch/msgid/5e0084af4ad57e9eea3bca5bd8e2e95970cd6714.1521413031.git.christophe.jaillet@wanadoo.fr
Configuration menu - View commit details
-
Copy full SHA for 1bc659e - Browse repository at this point
Copy the full SHA 1bc659eView commit details -
Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/ker…
…nel/git/bluetooth/bluetooth Johan Hedberg says: ==================== Here are a few more important Bluetooth driver fixes for the 4.16 kernel. Please let me know if there are any issues pulling. Thanks. ==================== Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b5dd0e7 - Browse repository at this point
Copy the full SHA b5dd0e7View commit details -
vmxnet3: remove unused flag "rxcsum" from struct vmxnet3_adapter
Signed-off-by: Igor Pylypiv <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8137a8e - Browse repository at this point
Copy the full SHA 8137a8eView commit details -
devlink: Remove redundant free on error path
The current code performs unneeded free. Remove the redundant skb freeing during the error path. Fixes: 1555d20 ("devlink: Support for pipeline debug (dpipe)") Signed-off-by: Arkadi Sharshevsky <[email protected]> Acked-by: Jiri Pirko <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 7fe4d6d - Browse repository at this point
Copy the full SHA 7fe4d6dView commit details -
net: ethernet: arc: Fix a potential memory leak if an optional regula…
…tor is deferred If the optional regulator is deferred, we must release some resources. They will be re-allocated when the probe function will be called again. Fixes: 6eacf31 ("ethernet: arc: Add support for Rockchip SoC layer device tree bindings") Signed-off-by: Christophe JAILLET <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 00777fa - Browse repository at this point
Copy the full SHA 00777faView commit details -
cppcheck report: [drivers/net/ethernet/cortina/gemini.c:543]: (error) Memory leak: skb_tab Signed-off-by: Igor Pylypiv <[email protected]> Acked-by: Linus Walleij <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 44caebd - Browse repository at this point
Copy the full SHA 44caebdView commit details -
Merge tag 'linux-can-fixes-for-4.16-20180319' of ssh://gitolite.kerne…
…l.org/pub/scm/linux/kernel/git/mkl/linux-can Marc Kleine-Budde says: ==================== pull-request: can 2018-03-19 this is a pull reqeust of one patch for net/master. The patch is by Andri Yngvason and fixes a potential use-after-free bug in the cc770 driver introduced in the previous pull-request. ==================== Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8220ce6 - Browse repository at this point
Copy the full SHA 8220ce6View commit details -
ipv6: old_dport should be a __be16 in __ip6_datagram_connect()
Fixes: 2f987a7 ("net: ipv6: keep sk status consistent after datagram connect failure") Signed-off-by: Stefano Brivio <[email protected]> Acked-by: Paolo Abeni <[email protected]> Acked-by: Guillaume Nault <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 5f2fb80 - Browse repository at this point
Copy the full SHA 5f2fb80View commit details -
RDMA/ucma: Ensure that CM_ID exists prior to access it
Prior to access UCMA commands, the context should be initialized and connected to CM_ID with ucma_create_id(). In case user skips this step, he can provide non-valid ctx without CM_ID and cause to multiple NULL dereferences. Also there are situations where the create_id can be raced with other user access, ensure that the context is only shared to other threads once it is fully initialized to avoid the races. [ 109.088108] BUG: unable to handle kernel NULL pointer dereference at 0000000000000020 [ 109.090315] IP: ucma_connect+0x138/0x1d0 [ 109.092595] PGD 80000001dc02d067 P4D 80000001dc02d067 PUD 1da9ef067 PMD 0 [ 109.095384] Oops: 0000 [#1] SMP KASAN PTI [ 109.097834] CPU: 0 PID: 663 Comm: uclose Tainted: G B 4.16.0-rc1-00062-g2975d5de6428 #45 [ 109.100816] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.11.0-0-g63451fca13-prebuilt.qemu-project.org 04/01/2014 [ 109.105943] RIP: 0010:ucma_connect+0x138/0x1d0 [ 109.108850] RSP: 0018:ffff8801c8567a80 EFLAGS: 00010246 [ 109.111484] RAX: 0000000000000000 RBX: 1ffff100390acf50 RCX: ffffffff9d7812e2 [ 109.114496] RDX: 1ffffffff3f507a5 RSI: 0000000000000297 RDI: 0000000000000297 [ 109.117490] RBP: ffff8801daa15600 R08: 0000000000000000 R09: ffffed00390aceeb [ 109.120429] R10: 0000000000000001 R11: ffffed00390aceea R12: 0000000000000000 [ 109.123318] R13: 0000000000000120 R14: ffff8801de6459c0 R15: 0000000000000118 [ 109.126221] FS: 00007fabb68d6700(0000) GS:ffff8801e5c00000(0000) knlGS:0000000000000000 [ 109.129468] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 109.132523] CR2: 0000000000000020 CR3: 00000001d45d8003 CR4: 00000000003606b0 [ 109.135573] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 109.138716] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 109.142057] Call Trace: [ 109.144160] ? ucma_listen+0x110/0x110 [ 109.146386] ? wake_up_q+0x59/0x90 [ 109.148853] ? futex_wake+0x10b/0x2a0 [ 109.151297] ? save_stack+0x89/0xb0 [ 109.153489] ? _copy_from_user+0x5e/0x90 [ 109.155500] ucma_write+0x174/0x1f0 [ 109.157933] ? ucma_resolve_route+0xf0/0xf0 [ 109.160389] ? __mod_node_page_state+0x1d/0x80 [ 109.162706] __vfs_write+0xc4/0x350 [ 109.164911] ? kernel_read+0xa0/0xa0 [ 109.167121] ? path_openat+0x1b10/0x1b10 [ 109.169355] ? fsnotify+0x899/0x8f0 [ 109.171567] ? fsnotify_unmount_inodes+0x170/0x170 [ 109.174145] ? __fget+0xa8/0xf0 [ 109.177110] vfs_write+0xf7/0x280 [ 109.179532] SyS_write+0xa1/0x120 [ 109.181885] ? SyS_read+0x120/0x120 [ 109.184482] ? compat_start_thread+0x60/0x60 [ 109.187124] ? SyS_read+0x120/0x120 [ 109.189548] do_syscall_64+0xeb/0x250 [ 109.192178] entry_SYSCALL_64_after_hwframe+0x21/0x86 [ 109.194725] RIP: 0033:0x7fabb61ebe99 [ 109.197040] RSP: 002b:00007fabb68d5e98 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ 109.200294] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fabb61ebe99 [ 109.203399] RDX: 0000000000000120 RSI: 00000000200001c0 RDI: 0000000000000004 [ 109.206548] RBP: 00007fabb68d5ec0 R08: 0000000000000000 R09: 0000000000000000 [ 109.209902] R10: 0000000000000000 R11: 0000000000000202 R12: 00007fabb68d5fc0 [ 109.213327] R13: 0000000000000000 R14: 00007fff40ab2430 R15: 00007fabb68d69c0 [ 109.216613] Code: 88 44 24 2c 0f b6 84 24 6e 01 00 00 88 44 24 2d 0f b6 84 24 69 01 00 00 88 44 24 2e 8b 44 24 60 89 44 24 30 e8 da f6 06 ff 31 c0 <66> 41 83 7c 24 20 1b 75 04 8b 44 24 64 48 8d 74 24 20 4c 89 e7 [ 109.223602] RIP: ucma_connect+0x138/0x1d0 RSP: ffff8801c8567a80 [ 109.226256] CR2: 0000000000000020 Fixes: 7521663 ("RDMA/cma: Export rdma cm interface to userspace") Reported-by: <[email protected]> Signed-off-by: Leon Romanovsky <[email protected]> Signed-off-by: Jason Gunthorpe <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for e8980d6 - Browse repository at this point
Copy the full SHA e8980d6View commit details -
kvm/x86: fix icebp instruction handling
The undocumented 'icebp' instruction (aka 'int1') works pretty much like 'int3' in the absense of in-circuit probing equipment (except, obviously, that it raises #DB instead of raising #BP), and is used by some validation test-suites as such. But Andy Lutomirski noticed that his test suite acted differently in kvm than on bare hardware. The reason is that kvm used an inexact test for the icebp instruction: it just assumed that an all-zero VM exit qualification value meant that the VM exit was due to icebp. That is not unlike the guess that do_debug() does for the actual exception handling case, but it's purely a heuristic, not an absolute rule. do_debug() does it because it wants to ascribe _some_ reasons to the #DB that happened, and an empty %dr6 value means that 'icebp' is the most likely casue and we have no better information. But kvm can just do it right, because unlike the do_debug() case, kvm actually sees the real reason for the #DB in the VM-exit interruption information field. So instead of relying on an inexact heuristic, just use the actual VM exit information that says "it was 'icebp'". Right now the 'icebp' instruction isn't technically documented by Intel, but that will hopefully change. The special "privileged software exception" information _is_ actually mentioned in the Intel SDM, even though the cause of it isn't enumerated. Reported-by: Andy Lutomirski <[email protected]> Tested-by: Paolo Bonzini <[email protected]> Signed-off-by: Linus Torvalds <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 32d43cd - Browse repository at this point
Copy the full SHA 32d43cdView commit details -
test_bpf: Fix testing with CONFIG_BPF_JIT_ALWAYS_ON=y on other arches
Function bpf_fill_maxinsns11 is designed to not be able to be JITed on x86_64. So, it fails when CONFIG_BPF_JIT_ALWAYS_ON=y, and commit 09584b4 ("bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y") makes sure that failure is detected on that case. However, it does not fail on other architectures, which have a different JIT compiler design. So, test_bpf has started to fail to load on those. After this fix, test_bpf loads fine on both x86_64 and ppc64el. Fixes: 09584b4 ("bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y") Signed-off-by: Thadeu Lima de Souza Cascardo <[email protected]> Reviewed-by: Yonghong Song <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 52fda36 - Browse repository at this point
Copy the full SHA 52fda36View commit details -
trace/bpf: remove helper bpf_perf_prog_read_value from tracepoint typ…
…e programs Commit 4bebdc7 ("bpf: add helper bpf_perf_prog_read_value") added helper bpf_perf_prog_read_value so that perf_event type program can read event counter and enabled/running time. This commit, however, introduced a bug which allows this helper for tracepoint type programs. This is incorrect as bpf_perf_prog_read_value needs to access perf_event through its bpf_perf_event_data_kern type context, which is not available for tracepoint type program. This patch fixed the issue by separating bpf_func_proto between tracepoint and perf_event type programs and removed bpf_perf_prog_read_value from tracepoint func prototype. Fixes: 4bebdc7 ("bpf: add helper bpf_perf_prog_read_value") Reported-by: Alexei Starovoitov <[email protected]> Signed-off-by: Yonghong Song <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for f005afe - Browse repository at this point
Copy the full SHA f005afeView commit details -
bpf: skip unnecessary capability check
The current check statement in BPF syscall will do a capability check for CAP_SYS_ADMIN before checking sysctl_unprivileged_bpf_disabled. This code path will trigger unnecessary security hooks on capability checking and cause false alarms on unprivileged process trying to get CAP_SYS_ADMIN access. This can be resolved by simply switch the order of the statement and CAP_SYS_ADMIN is not required anyway if unprivileged bpf syscall is allowed. Signed-off-by: Chenbo Feng <[email protected]> Acked-by: Lorenzo Colitti <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 0fa4fe8 - Browse repository at this point
Copy the full SHA 0fa4fe8View commit details -
Merge tag 'nfsd-4.16-1' of git://linux-nfs.org/~bfields/linux
Pull nfsd fix from Bruce Fields: "Just one fix for an occasional panic from Jeff Layton" * tag 'nfsd-4.16-1' of git://linux-nfs.org/~bfields/linux: nfsd: remove blocked locks on client teardown
Configuration menu - View commit details
-
Copy full SHA for 645102e - Browse repository at this point
Copy the full SHA 645102eView commit details -
Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/g…
…it/jejb/scsi Pull SCSI fixes from James Bottomley: - one driver patch (qla2xxx) which fixes a problem caused by an existing regression fix (FCP discovery is failing) - one generic fix to a longstanding bug in libsas that causes I/O eventually to hang to the device in the face of ATA error recovery. * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: qla2xxx: Remove FC_NO_LOOP_ID for FCP and FC-NVMe Discovery scsi: libsas: defer ata device eh commands to libata
Configuration menu - View commit details
-
Copy full SHA for 76c0b6a - Browse repository at this point
Copy the full SHA 76c0b6aView commit details
Commits on Mar 21, 2018
-
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/gi…
…t/rdma/rdma Pull rdma fixes from Jason Gunthorpe: "Not much exciting here, almost entirely syzkaller fixes. This is going to be on ongoing theme for some time, I think. Both Google and Mellanox are now running syzkaller on different parts of the user API. Summary: - Many bug fixes related to syzkaller from Leon Romanovsky. These are still for the mlx driver and ucma interface. - Fix a situation with port reuse for iWarp, discovered during scale-up testing - Bug fixes for the profile and restrack patches accepted during this merge window - Compile warning cleanups from Arnd, this is apparently the last warning to make 32 bit builds quiet" * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma: RDMA/ucma: Ensure that CM_ID exists prior to access it RDMA/verbs: Remove restrack entry from XRCD structure RDMA/ucma: Fix use-after-free access in ucma_close RDMA/ucma: Check AF family prior resolving address infiniband: bnxt_re: use BIT_ULL() for 64-bit bit masks infiniband: qplib_fp: fix pointer cast IB/mlx5: Fix cleanup order on unload RDMA/ucma: Don't allow join attempts for unsupported AF family RDMA/ucma: Fix access to non-initialized CM_ID object RDMA/core: Do not use invalid destination in determining port reuse RDMA/mlx5: Fix crash while accessing garbage pointer and freed memory IB/mlx5: Fix integer overflows in mlx5_ib_create_srq IB/mlx5: Fix out-of-bounds read in create_raw_packet_qp_rq
Configuration menu - View commit details
-
Copy full SHA for 303851e - Browse repository at this point
Copy the full SHA 303851eView commit details -
kbuild: disable clang's default use of -fmerge-all-constants
Prasad reported that he has seen crashes in BPF subsystem with netd on Android with arm64 in the form of (note, the taint is unrelated): [ 4134.721483] Unable to handle kernel paging request at virtual address 800000001 [ 4134.820925] Mem abort info: [ 4134.901283] Exception class = DABT (current EL), IL = 32 bits [ 4135.016736] SET = 0, FnV = 0 [ 4135.119820] EA = 0, S1PTW = 0 [ 4135.201431] Data abort info: [ 4135.301388] ISV = 0, ISS = 0x00000021 [ 4135.359599] CM = 0, WnR = 0 [ 4135.470873] user pgtable: 4k pages, 39-bit VAs, pgd = ffffffe39b946000 [ 4135.499757] [0000000800000001] *pgd=0000000000000000, *pud=0000000000000000 [ 4135.660725] Internal error: Oops: 96000021 [#1] PREEMPT SMP [ 4135.674610] Modules linked in: [ 4135.682883] CPU: 5 PID: 1260 Comm: netd Tainted: G S W 4.14.19+ #1 [ 4135.716188] task: ffffffe39f4aa380 task.stack: ffffff801d4e0000 [ 4135.731599] PC is at bpf_prog_add+0x20/0x68 [ 4135.741746] LR is at bpf_prog_inc+0x20/0x2c [ 4135.751788] pc : [<ffffff94ab7ad584>] lr : [<ffffff94ab7ad638>] pstate: 60400145 [ 4135.769062] sp : ffffff801d4e3ce0 [...] [ 4136.258315] Process netd (pid: 1260, stack limit = 0xffffff801d4e0000) [ 4136.273746] Call trace: [...] [ 4136.442494] 3ca0: ffffff94ab7ad584 0000000060400145 ffffffe3a01bf8f8 0000000000000006 [ 4136.460936] 3cc0: 0000008000000000 ffffff94ab844204 ffffff801d4e3cf0 ffffff94ab7ad584 [ 4136.479241] [<ffffff94ab7ad584>] bpf_prog_add+0x20/0x68 [ 4136.491767] [<ffffff94ab7ad638>] bpf_prog_inc+0x20/0x2c [ 4136.504536] [<ffffff94ab7b5d08>] bpf_obj_get_user+0x204/0x22c [ 4136.518746] [<ffffff94ab7ade68>] SyS_bpf+0x5a8/0x1a88 Android's netd was basically pinning the uid cookie BPF map in BPF fs (/sys/fs/bpf/traffic_cookie_uid_map) and later on retrieving it again resulting in above panic. Issue is that the map was wrongly identified as a prog! Above kernel was compiled with clang 4.0, and it turns out that clang decided to merge the bpf_prog_iops and bpf_map_iops into a single memory location, such that the two i_ops could then not be distinguished anymore. Reason for this miscompilation is that clang has the more aggressive -fmerge-all-constants enabled by default. In fact, clang source code has a comment about it in lib/AST/ExprConstant.cpp on why it is okay to do so: Pointers with different bases cannot represent the same object. (Note that clang defaults to -fmerge-all-constants, which can lead to inconsistent results for comparisons involving the address of a constant; this generally doesn't matter in practice.) The issue never appeared with gcc however, since gcc does not enable -fmerge-all-constants by default and even *explicitly* states in it's option description that using this flag results in non-conforming behavior, quote from man gcc: Languages like C or C++ require each variable, including multiple instances of the same variable in recursive calls, to have distinct locations, so using this option results in non-conforming behavior. There are also various clang bug reports open on that matter [1], where clang developers acknowledge the non-conforming behavior, and refer to disabling it with -fno-merge-all-constants. But even if this gets fixed in clang today, there are already users out there that triggered this. Thus, fix this issue by explicitly adding -fno-merge-all-constants to the kernel's Makefile to generically disable this optimization, since potentially other places in the kernel could subtly break as well. Note, there is also a flag called -fmerge-constants (not supported by clang), which is more conservative and only applies to strings and it's enabled in gcc's -O/-O2/-O3/-Os optimization levels. In gcc's code, the two flags -fmerge-{all-,}constants share the same variable internally, so when disabling it via -fno-merge-all-constants, then we really don't merge any const data (e.g. strings), and text size increases with gcc (14,927,214 -> 14,942,646 for vmlinux.o). $ gcc -fverbose-asm -O2 foo.c -S -o foo.S -> foo.S lists -fmerge-constants under options enabled $ gcc -fverbose-asm -O2 -fno-merge-all-constants foo.c -S -o foo.S -> foo.S doesn't list -fmerge-constants under options enabled $ gcc -fverbose-asm -O2 -fno-merge-all-constants -fmerge-constants foo.c -S -o foo.S -> foo.S lists -fmerge-constants under options enabled Thus, as a workaround we need to set both -fno-merge-all-constants *and* -fmerge-constants in the Makefile in order for text size to stay as is. [1] https://bugs.llvm.org/show_bug.cgi?id=18538 Reported-by: Prasad Sodagudi <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]> Cc: Linus Torvalds <[email protected]> Cc: Chenbo Feng <[email protected]> Cc: Richard Smith <[email protected]> Cc: Chandler Carruth <[email protected]> Cc: [email protected] Tested-by: Prasad Sodagudi <[email protected]> Acked-by: Alexei Starovoitov <[email protected]> Signed-off-by: Alexei Starovoitov <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 87e0d4f - Browse repository at this point
Copy the full SHA 87e0d4fView commit details -
Merge tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux…
…/kernel/git/clk/linux Pull clk fixes from Stephen Boyd: "A late collection of fixes for regressions seen this release cycle. Normally I send this earlier than now but real life got in the way. Things are back to normal now. There's the normal set of SoC driver fixes: i.MX boot warning, TI display clks, allwinner clk ops being wrong (fun), driver probe badness on error paths, correctness fix for the new aspeed driver, and even a fix for a race condition in the bcm2835 clk driver. At the core framework level we also got some fixes for the clk phase API caching at the wrong time, better handling of the enabled state of orphan clks, and a fix for a newly introduced bug in how we handle rate calculations for pass-through clks" * tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux: clk: bcm2835: Protect sections updating shared registers clk: bcm2835: Fix ana->maskX definitions clk: aspeed: Prevent reset if clock is enabled clk: aspeed: Fix is_enabled for certain clocks clk: qcom: msm8916: Fix return value check in qcom_apcs_msm8916_clk_probe() clk: hisilicon: hi3660:Fix potential NULL dereference in hi3660_stub_clk_probe() clk: fix determine rate error with pass-through clock clk: migrate the count of orphaned clocks at init clk: update cached phase to respect the fact when setting phase clk: ti: am43xx: add set-rate-parent support for display clkctrl clock clk: ti: am33xx: add set-rate-parent support for display clkctrl clock clk: ti: clkctrl: add support for CLK_SET_RATE_PARENT flag clk: imx51-imx53: Fix UART4/5 registration on i.MX50 and i.MX53 clk: sunxi-ng: a31: Fix CLK_OUT_* clock ops
Configuration menu - View commit details
-
Copy full SHA for 3215b9d - Browse repository at this point
Copy the full SHA 3215b9dView commit details -
Merge tag 'drm/tegra/for-4.16-rc7-fixes' of git://anongit.freedesktop…
….org/tegra/linux into drm-fixes drm/tegra: Fixes for v4.16-rc7 This contains two small fixes for the alpha blending support that was merged into v4.16-rc1 and a fix for connector reference leaks caused by the fact that display pipelines are no longer automatically disabled if the framebuffer is removed. Furthermore this contains a fix for a crash on IOMMU detach at driver unbind time and a regulator enable/disable unbalance fix. * tag 'drm/tegra/for-4.16-rc7-fixes' of git://anongit.freedesktop.org/tegra/linux: drm/tegra: Shutdown on driver unbind drm/tegra: dsi: Don't disable regulator on ->exit() drm/tegra: dc: Detach IOMMU group from domain only once drm/tegra: plane: Correct legacy blending drm/tegra: plane: Fix RGB565 format on older Tegra
Configuration menu - View commit details
-
Copy full SHA for ebfb821 - Browse repository at this point
Copy the full SHA ebfb821View commit details -
Merge tag 'exynos-drm-fixes-for-v4.16-rc6' of git://git.kernel.org/pu…
…b/scm/linux/kernel/git/daeinki/drm-exynos into drm-fixes Add a device tree property description for hdmi device node . '#sound-dai-cells' property is required to describe link between the HDMI IP block and the SoC's audio subsystem and Exynos SoC device tree files already have this property but we missed its description. * tag 'exynos-drm-fixes-for-v4.16-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/daeinki/drm-exynos: dt-bindings: exynos: Document #sound-dai-cells property of the HDMI node
Configuration menu - View commit details
-
Copy full SHA for fca3c46 - Browse repository at this point
Copy the full SHA fca3c46View commit details -
drm/amd/display: Allow truncation to 10 bits
The truncation isn't being programmed if the truncation depth is set to 2, it causes an issue with dce11.2 asic using 6bit eDP panel. It required to truncate 12:10 in order to perform spatial dither 10:6. This change will allow 12:10 truncation to be enabled. Signed-off-by: Mikita Lipski <[email protected]> Reviewed-by: Jun Lei <[email protected]> Acked-by: Harry Wentland <[email protected]> Signed-off-by: Alex Deucher <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8bfac12 - Browse repository at this point
Copy the full SHA 8bfac12View commit details -
drm/amd/display: Fix FMT truncation programming
Switch the order of parameters being set for depth and mode of truncation, as it previously was not correct Signed-off-by: Mikita Lipski <[email protected]> Reviewed-by: Harry Wentland <[email protected]> Signed-off-by: Alex Deucher <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 4407a29 - Browse repository at this point
Copy the full SHA 4407a29View commit details -
drm/amd/display: We shouldn't set format_default on plane as atomic d…
…river This is still a leftover from early atomic brinup days. Signed-off-by: Harry Wentland <[email protected]> Reviewed-by: Tony Cheng <[email protected]> Acked-by: Harry Wentland <[email protected]> Signed-off-by: Alex Deucher <[email protected]> Cc: [email protected]
Configuration menu - View commit details
-
Copy full SHA for 509648f - Browse repository at this point
Copy the full SHA 509648fView commit details -
drm/amd/display: Add one to EDID's audio channel count when passing t…
…o DC DC takes channel count to mean the actual count. cea_sad's channels represent it as number of channels - 1. Signed-off-by: Harry Wentland <[email protected]> Reviewed-by: Tony Cheng <[email protected]> Acked-by: Harry Wentland <[email protected]> Signed-off-by: Alex Deucher <[email protected]> Cc: [email protected]
Configuration menu - View commit details
-
Copy full SHA for 731a373 - Browse repository at this point
Copy the full SHA 731a373View commit details -
mtd: nand: fsl_ifc: Fix nand waitfunc return value
As per the IFC hardware manual, Most significant 2 bytes in nand_fsr register are the outcome of NAND READ STATUS command. So status value need to be shifted and aligned as per the nand framework requirement. Fixes: 8277188 ("NAND Machine support for Integrated Flash Controller") Cc: [email protected] # v3.18+ Signed-off-by: Jagdish Gediya <[email protected]> Reviewed-by: Prabhakar Kushwaha <[email protected]> Signed-off-by: Boris Brezillon <[email protected]>
Jagdish Gediya authored and Boris Brezillon committedMar 21, 2018 Configuration menu - View commit details
-
Copy full SHA for fa8e6d5 - Browse repository at this point
Copy the full SHA fa8e6d5View commit details -
mtd: nand: fsl_ifc: Fix eccstat array overflow for IFC ver >= 2.0.0
Number of ECC status registers i.e. (ECCSTATx) has been increased in IFC version 2.0.0 due to increase in SRAM size. This is causing eccstat array to over flow. So, replace eccstat array with u32 variable to make it fail-safe and independent of number of ECC status registers or SRAM size. Fixes: bccb06c ("mtd: nand: ifc: update bufnum mask for ver >= 2.0.0") Cc: [email protected] # 3.18+ Signed-off-by: Prabhakar Kushwaha <[email protected]> Signed-off-by: Jagdish Gediya <[email protected]> Signed-off-by: Boris Brezillon <[email protected]>
Jagdish Gediya authored and Boris Brezillon committedMar 21, 2018 Configuration menu - View commit details
-
Copy full SHA for 843c3a5 - Browse repository at this point
Copy the full SHA 843c3a5View commit details -
mtd: nand: fsl_ifc: Read ECCSTAT0 and ECCSTAT1 registers for IFC 2.0
Due to missing information in Hardware manual, current implementation doesn't read ECCSTAT0 and ECCSTAT1 registers for IFC 2.0. Add support to read ECCSTAT0 and ECCSTAT1 registers during ecccheck for IFC 2.0. Fixes: 6564414 ("mtd: nand: ifc: Fix location of eccstat registers for IFC V1.0") Cc: [email protected] # v3.18+ Signed-off-by: Jagdish Gediya <[email protected]> Reviewed-by: Prabhakar Kushwaha <[email protected]> Signed-off-by: Boris Brezillon <[email protected]>
Jagdish Gediya authored and Boris Brezillon committedMar 21, 2018 Configuration menu - View commit details
-
Copy full SHA for 6b00c35 - Browse repository at this point
Copy the full SHA 6b00c35View commit details -
ALSA: hda - Force polling mode on CFL for fixing codec communication
We've observed too long probe time with Coffee Lake (CFL) machines, and the likely cause is some communication problem between the HD-audio controller and the codec chips. While the controller expects an IRQ wakeup for each codec response, it seems sometimes missing, and it takes one second for the controller driver to time out and read the response in the polling mode. Although we aren't sure about the real culprit yet, in this patch, we put a workaround by forcing the polling mode as default for CFL machines; the polling mode itself isn't too heavy, and much better than other workarounds initially suggested (e.g. disabling power-save), at least. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199007 Fixes: e79b000 ("ALSA: hda - Add Coffelake PCI ID") Reported-and-tested-by: Hui Wang <[email protected]> Cc: <[email protected]> Signed-off-by: Takashi Iwai <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for a8d7bde - Browse repository at this point
Copy the full SHA a8d7bdeView commit details -
drm: Reject getfb for multi-plane framebuffers
getfb can only return a single plane, so reject attempts to use it with multi-plane framebuffers. Signed-off-by: Daniel Stone <[email protected]> Reported-by: Daniel van Vugt <[email protected]> Reviewed-by: Rob Clark <[email protected]> Reviewed-by: Daniel Vetter <[email protected]> Fixes: 308e5bc ("drm: add an fb creation ioctl that takes a pixel format v5") Cc: [email protected] # v3.3+ Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=105518 Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
Configuration menu - View commit details
-
Copy full SHA for b24791f - Browse repository at this point
Copy the full SHA b24791fView commit details -
drm/vmwgfx: Fix black screen and device errors when running without f…
…bdev When we are running without fbdev, transitioning from the login screen to X or gnome-shell/wayland will cause a vt switch and the driver will disable svga mode, losing all modesetting resources. However, the kms atomic state does not reflect that and may think that a crtc is still turned on, which will cause device errors when we try to bind an fb to the crtc, and the screen will remain black. Fix this by turning off all kms resources before disabling svga mode. Cc: <[email protected]> Signed-off-by: Thomas Hellstrom <[email protected]> Reviewed-by: Sinclair Yeh <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 140bcaa - Browse repository at this point
Copy the full SHA 140bcaaView commit details -
drm/vmwgfx: Fix a destoy-while-held mutex problem.
When validating legacy surfaces, the backup bo might be destroyed at surface validate time. However, the kms resource validation code may have the bo reserved, so we will destroy a locked mutex. While there shouldn't be any other users of that mutex when it is destroyed, it causes a lock leak and thus throws a lockdep error. Fix this by having the kms resource validation code hold a reference to the bo while we have it reserved. We do this by introducing a validation context which might come in handy when the kms code is extended to validate multiple resources or buffers. Cc: <[email protected]> Signed-off-by: Thomas Hellstrom <[email protected]> Reviewed-by: Brian Paul <[email protected]> Reviewed-by: Sinclair Yeh <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 73a8825 - Browse repository at this point
Copy the full SHA 73a8825View commit details -
mac80211: add ieee80211_hw flag for QoS NDP support
Commit 7b6ddea ("mac80211: use QoS NDP for AP probing") added an argument qos_ok to ieee80211_nullfunc_get to support QoS NDP. Despite the claim in the commit log "Change all the drivers to *not* allow QoS NDP for now, even though it looks like most of them should be OK with that", this commit enables QoS NDP in response to beacons (see change to mlme.c:ieee80211_send_nullfunc), causing ath9k_htc to lose IP connectivity. See: https://patchwork.kernel.org/patch/10241109/ https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891060 Introduce a hardware flag to allow such buggy drivers to override the correct default behaviour of mac80211 of sending QoS NDP packets. Signed-off-by: Ben Caradoc-Davies <[email protected]> Signed-off-by: Johannes Berg <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 7c181f4 - Browse repository at this point
Copy the full SHA 7c181f4View commit details -
Zero is a valid IRQ number and is being used on some CHT tablets. Stop treating it as an error. Reported-by: Luke Ross <[email protected]> Fixes: 1b7ba57 ("mmc: sdhci-acpi: Handle return value of platform_get_irq") Cc: Arvind Yadav <[email protected]> Signed-off-by: Adrian Hunter <[email protected]> Cc: [email protected] Signed-off-by: Ulf Hansson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for d58ac80 - Browse repository at this point
Copy the full SHA d58ac80View commit details -
mac80211_hwsim: Set wmediumd for new radios
Set the wmediumd to the net's wmediumd when the radio gets created. Radios created after HWSIM_CMD_REGISTER don't currently get their data->wmediumd set and the userspace would need to reconnect to netlink to be able to call HWSIM_CMD_REGISTER again. Alternatively I think data->netgroup and data->wmedium could be replaced with a pointer to hwsim_net. Signed-off-by: Andrew Zaborowski <[email protected]> Signed-off-by: Johannes Berg <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 4ea5aca - Browse repository at this point
Copy the full SHA 4ea5acaView commit details -
ath9k_htc: use non-QoS NDP for AP probing
When switching mac80211 to use QoS NDP, it turned out that ath9k_htc is somehow broken by this, e.g. see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891060. Fix this by using the new mac80211 flag to go back to the old, incorrect, behaviour for this driver. Fixes: 7b6ddea ("mac80211: use QoS NDP for AP probing") Reported-by: Ben Caradoc-Davies <[email protected]> Acked-by: Kalle Valo <[email protected]> Signed-off-by: Johannes Berg <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 60b01bc - Browse repository at this point
Copy the full SHA 60b01bcView commit details -
drm/i915: Specify which engines to reset following semaphore/event lo…
…ckups If the GPU is stuck waiting for an event or for a semaphore, we need to reset the GPU in order to recover. We have to tell the reset routine which engines we want reset, but we were still using the old interface and declaring it as "not-fatal". Fixes: 14b730f ("drm/i915/tdr: Prepare error handler to accept mask of hung engines") Signed-off-by: Chris Wilson <[email protected]> Cc: Mika Kuoppala <[email protected]> Cc: Michel Thierry <[email protected]> Reviewed-by: Michel Thierry <[email protected]> Link: https://patchwork.freedesktop.org/patch/msgid/[email protected] (cherry picked from commit ca98317) Signed-off-by: Rodrigo Vivi <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 3a088dd - Browse repository at this point
Copy the full SHA 3a088ddView commit details -
Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf
Daniel Borkmann says: ==================== pull-request: bpf 2018-03-21 The following pull-request contains BPF updates for your *net* tree. The main changes are: 1) Follow-up fix to the fault injection framework to prevent jump optimization on the kprobe by installing a dummy post-handler, from Masami. 2) Drop bpf_perf_prog_read_value helper from tracepoint type programs which was mistakenly added there and would otherwise crash due to wrong input context, from Yonghong. 3) Fix a crash in BPF fs when compiled with clang. Code appears to be fine just that clang tries to overly aggressive optimize in non C conform ways, therefore fix the kernel's Makefile to generally prevent such issues, from Daniel. 4) Skip unnecessary capability checks in bpf syscall, which is otherwise triggering unnecessary security hooks on capability checking and causing false alarms on unprivileged processes trying to access CAP_SYS_ADMIN restricted infra, from Chenbo. 5) Fix the test_bpf.ko module when CONFIG_BPF_JIT_ALWAYS_ON is set with regards to a test case that is really just supposed to fail on x8_64 JIT but not others, from Thadeu. ==================== Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 3d27484 - Browse repository at this point
Copy the full SHA 3d27484View commit details -
libnvdimm, region: hide persistence_domain when unknown
Similar to other region attributes, do not emit the persistence_domain attribute if its contents are empty. Fixes: 96c3a23 ("libnvdimm: expose platform persistence attr...") Cc: Dave Jiang <[email protected]> Reviewed-by: Ross Zwisler <[email protected]> Signed-off-by: Dan Williams <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 896196d - Browse repository at this point
Copy the full SHA 896196dView commit details -
MIPS: lantiq: Fix Danube USB clock
On Danube the USB0 controller registers are at 1e101000 and the USB0 PHY register is at 1f203018 similar to all other lantiq SoCs. Activate the USB controller gating clock thorough the USB controller driver and not the PHY. This fixes a problem introduced in a previous commit. Fixes: dea54fb ("phy: Add an USB PHY driver for the Lantiq SoCs using the RCU module") Signed-off-by: Mathias Kresin <[email protected]> Signed-off-by: Hauke Mehrtens <[email protected]> Acked-by: Martin Blumenstingl <[email protected]> Cc: Ralf Baechle <[email protected]> Cc: John Crispin <[email protected]> Cc: [email protected] Cc: <[email protected]> # 4.14+ Patchwork: https://patchwork.linux-mips.org/patch/18816/ Signed-off-by: James Hogan <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 214cbc1 - Browse repository at this point
Copy the full SHA 214cbc1View commit details -
MIPS: lantiq: Enable AHB Bus for USB
On Danube and AR9 the USB core is connected though a AHB bus to the main system cross bar, hence we need to enable the gating clock of the AHB Bus as well to make the USB controller work. Fixes: dea54fb ("phy: Add an USB PHY driver for the Lantiq SoCs using the RCU module") Signed-off-by: Mathias Kresin <[email protected]> Signed-off-by: Hauke Mehrtens <[email protected]> Acked-by: Martin Blumenstingl <[email protected]> Cc: Ralf Baechle <[email protected]> Cc: John Crispin <[email protected]> Cc: [email protected] Cc: <[email protected]> # 4.14+ Patchwork: https://patchwork.linux-mips.org/patch/18814/ Signed-off-by: James Hogan <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 3223a5a - Browse repository at this point
Copy the full SHA 3223a5aView commit details -
MIPS: lantiq: ase: Enable MFD_SYSCON
Enable syscon to use it for the RCU MFD on Amazon SE as well. The Amazon SE also has similar reset controller system as Danube and XWAY and use their drivers mostly. As these drivers now need syscon also activate the syscon subsystem for for Amazon SE. Fixes: 2b6639d ("MIPS: lantiq: Enable MFD_SYSCON to be able to use it for the RCU MFD") Signed-off-by: Mathias Kresin <[email protected]> Signed-off-by: Hauke Mehrtens <[email protected]> Acked-by: Martin Blumenstingl <[email protected]> Cc: Ralf Baechle <[email protected]> Cc: John Crispin <[email protected]> Cc: [email protected] Cc: <[email protected]> # 4.14+ Patchwork: https://patchwork.linux-mips.org/patch/18817/ Signed-off-by: James Hogan <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for a821328 - Browse repository at this point
Copy the full SHA a821328View commit details -
bnx2x: fix spelling mistake: "registeration" -> "registration"
Trivial fix to spelling mistake in BNX2X_ERR error message text Signed-off-by: Colin Ian King <[email protected]> Acked-by: Sudarsana Kalluru <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 924613d - Browse repository at this point
Copy the full SHA 924613dView commit details -
qede: fix spelling mistake: "registeration" -> "registration"
Trivial fix to spelling mistakes in DP_ERR error message text and comments Signed-off-by: Colin Ian King <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 3f2176d - Browse repository at this point
Copy the full SHA 3f2176dView commit details -
net/sched: fix idr leak on the error path of tcf_bpf_init()
when the following command sequence is entered # tc action add action bpf bytecode '4,40 0 0 12,31 0 1 2048,6 0 0 262144,6 0 0 0' index 100 RTNETLINK answers: Invalid argument We have an error talking to the kernel # tc action add action bpf bytecode '4,40 0 0 12,21 0 1 2048,6 0 0 262144,6 0 0 0' index 100 RTNETLINK answers: No space left on device We have an error talking to the kernel act_bpf correctly refuses to install the first TC rule, because 31 is not a valid instruction. However, it refuses to install the second TC rule, even if the BPF code is correct. Furthermore, it's no more possible to install any other rule having the same value of 'index' until act_bpf module is unloaded/inserted again. After the idr has been reserved, call tcf_idr_release() instead of tcf_idr_cleanup(), to fix this issue. Fixes: 65a206c ("net/sched: Change act_api and act_xxx modules to use IDR") Acked-by: Jamal Hadi Salim <[email protected]> Signed-off-by: Davide Caratti <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for bbc09e7 - Browse repository at this point
Copy the full SHA bbc09e7View commit details -
net/sched: fix idr leak in the error path of tcf_simp_init()
if the kernel fails to duplicate 'sdata', creation of a new action fails with -ENOMEM. However, subsequent attempts to install the same action using the same value of 'index' systematically fail with -ENOSPC, and that value of 'index' will no more be usable by act_simple, until rmmod / insmod of act_simple.ko is done: # tc actions add action simple sdata hello index 100 # tc actions list action simple action order 0: Simple <hello> index 100 ref 1 bind 0 # tc actions flush action simple # tc actions add action simple sdata hello index 100 RTNETLINK answers: Cannot allocate memory We have an error talking to the kernel # tc actions flush action simple # tc actions add action simple sdata hello index 100 RTNETLINK answers: No space left on device We have an error talking to the kernel # tc actions add action simple sdata hello index 100 RTNETLINK answers: No space left on device We have an error talking to the kernel ... Fix this in the error path of tcf_simp_init(), calling tcf_idr_release() in place of tcf_idr_cleanup(). Fixes: 65a206c ("net/sched: Change act_api and act_xxx modules to use IDR") Suggested-by: Cong Wang <[email protected]> Acked-by: Jamal Hadi Salim <[email protected]> Signed-off-by: Davide Caratti <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 60e10b3 - Browse repository at this point
Copy the full SHA 60e10b3View commit details -
net/sched: fix idr leak in the error path of tcf_act_police_init()
tcf_act_police_init() can fail after the idr has been successfully reserved (e.g., qdisc_get_rtab() may return NULL). When this happens, subsequent attempts to configure a police rule using the same idr value systematiclly fail with -ENOSPC: # tc action add action police rate 1000 burst 1000 drop index 100 RTNETLINK answers: Cannot allocate memory We have an error talking to the kernel # tc action add action police rate 1000 burst 1000 drop index 100 RTNETLINK answers: No space left on device We have an error talking to the kernel # tc action add action police rate 1000 burst 1000 drop index 100 RTNETLINK answers: No space left on device ... Fix this in the error path of tcf_act_police_init(), calling tcf_idr_release() in place of tcf_idr_cleanup(). Fixes: 65a206c ("net/sched: Change act_api and act_xxx modules to use IDR") Acked-by: Jamal Hadi Salim <[email protected]> Signed-off-by: Davide Caratti <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 5bf7f81 - Browse repository at this point
Copy the full SHA 5bf7f81View commit details -
libnvdimm, nfit: fix persistence domain reporting
The persistence domain is a point in the platform where once writes reach that destination the platform claims it will make them persistent relative to power loss. In the ACPI NFIT this is currently communicated as 2 bits in the "NFIT - Platform Capabilities Structure". The bits comprise a hierarchy, i.e. bit0 "CPU Cache Flush to NVDIMM Durability on Power Loss Capable" implies bit1 "Memory Controller Flush to NVDIMM Durability on Power Loss Capable". Commit 96c3a23 "libnvdimm: expose platform persistence attr..." shows the persistence domain as flags, but it's really an enumerated hierarchy. Fix this newly introduced user ABI to show the closest available persistence domain before userspace develops dependencies on seeing, or needing to develop code to tolerate, the raw NFIT flags communicated through the libnvdimm-generic region attribute. Fixes: 96c3a23 ("libnvdimm: expose platform persistence attr...") Reviewed-by: Dave Jiang <[email protected]> Cc: "Rafael J. Wysocki" <[email protected]> Cc: Ross Zwisler <[email protected]> Signed-off-by: Dan Williams <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for fe9a552 - Browse repository at this point
Copy the full SHA fe9a552View commit details -
net/sched: fix idr leak in the error path of tcp_pedit_init()
tcf_pedit_init() can fail to allocate 'keys' after the idr has been successfully reserved. When this happens, subsequent attempts to configure a pedit rule using the same idr value systematically fail with -ENOSPC: # tc action add action pedit munge ip ttl set 63 index 100 RTNETLINK answers: Cannot allocate memory We have an error talking to the kernel # tc action add action pedit munge ip ttl set 63 index 100 RTNETLINK answers: No space left on device We have an error talking to the kernel # tc action add action pedit munge ip ttl set 63 index 100 RTNETLINK answers: No space left on device We have an error talking to the kernel ... Fix this in the error path of tcf_act_pedit_init(), calling tcf_idr_release() in place of tcf_idr_cleanup(). Fixes: 65a206c ("net/sched: Change act_api and act_xxx modules to use IDR") Acked-by: Jamal Hadi Salim <[email protected]> Signed-off-by: Davide Caratti <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 94fa3f9 - Browse repository at this point
Copy the full SHA 94fa3f9View commit details -
net/sched: fix idr leak in the error path of __tcf_ipt_init()
__tcf_ipt_init() can fail after the idr has been successfully reserved. When this happens, subsequent attempts to configure xt/ipt rules using the same idr value systematically fail with -ENOSPC: # tc action add action xt -j LOG --log-prefix test1 index 100 tablename: mangle hook: NF_IP_POST_ROUTING target: LOG level warning prefix "test1" index 100 RTNETLINK answers: Cannot allocate memory We have an error talking to the kernel Command "(null)" is unknown, try "tc actions help". # tc action add action xt -j LOG --log-prefix test1 index 100 tablename: mangle hook: NF_IP_POST_ROUTING target: LOG level warning prefix "test1" index 100 RTNETLINK answers: No space left on device We have an error talking to the kernel Command "(null)" is unknown, try "tc actions help". # tc action add action xt -j LOG --log-prefix test1 index 100 tablename: mangle hook: NF_IP_POST_ROUTING target: LOG level warning prefix "test1" index 100 RTNETLINK answers: No space left on device We have an error talking to the kernel ... Fix this in the error path of __tcf_ipt_init(), calling tcf_idr_release() in place of tcf_idr_cleanup(). Since tcf_ipt_release() can now be called when tcfi_t is NULL, we also need to protect calls to ipt_destroy_target() to avoid NULL pointer dereference. Fixes: 65a206c ("net/sched: Change act_api and act_xxx modules to use IDR") Acked-by: Jamal Hadi Salim <[email protected]> Signed-off-by: Davide Caratti <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 1e46ef1 - Browse repository at this point
Copy the full SHA 1e46ef1View commit details -
net/sched: fix idr leak in the error path of tcf_vlan_init()
tcf_vlan_init() can fail after the idr has been successfully reserved. When this happens, every subsequent attempt to configure vlan rules using the same idr value will systematically fail with -ENOSPC, unless the first attempt was done using the 'replace' keyword. # tc action add action vlan pop index 100 RTNETLINK answers: Cannot allocate memory We have an error talking to the kernel # tc action add action vlan pop index 100 RTNETLINK answers: No space left on device We have an error talking to the kernel # tc action add action vlan pop index 100 RTNETLINK answers: No space left on device We have an error talking to the kernel ... Fix this in tcf_vlan_init(), ensuring that tcf_idr_release() is called on the error path when the idr has been reserved, but not yet inserted. Also, don't test 'ovr' in the error path, to avoid a 'replace' failure implicitly become a 'delete' that leaks refcount in act_vlan module: # rmmod act_vlan; modprobe act_vlan # tc action add action vlan push id 5 index 100 # tc action replace action vlan push id 7 index 100 RTNETLINK answers: Cannot allocate memory We have an error talking to the kernel # tc action list action vlan # # rmmod act_vlan rmmod: ERROR: Module act_vlan is in use Fixes: 4c5b9d9 ("act_vlan: VLAN action rewrite to use RCU lock/unlock and update") Fixes: 65a206c ("net/sched: Change act_api and act_xxx modules to use IDR") Acked-by: Jamal Hadi Salim <[email protected]> Signed-off-by: Davide Caratti <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for d7f2001 - Browse repository at this point
Copy the full SHA d7f2001View commit details -
net/sched: fix idr leak in the error path of tcf_skbmod_init()
tcf_skbmod_init() can fail after the idr has been successfully reserved. When this happens, every subsequent attempt to configure skbmod rules using the same idr value will systematically fail with -ENOSPC, unless the first attempt was done using the 'replace' keyword: # tc action add action skbmod swap mac index 100 RTNETLINK answers: Cannot allocate memory We have an error talking to the kernel # tc action add action skbmod swap mac index 100 RTNETLINK answers: No space left on device We have an error talking to the kernel # tc action add action skbmod swap mac index 100 RTNETLINK answers: No space left on device We have an error talking to the kernel ... Fix this in tcf_skbmod_init(), ensuring that tcf_idr_release() is called on the error path when the idr has been reserved, but not yet inserted. Also, don't test 'ovr' in the error path, to avoid a 'replace' failure implicitly become a 'delete' that leaks refcount in act_skbmod module: # rmmod act_skbmod; modprobe act_skbmod # tc action add action skbmod swap mac index 100 # tc action add action skbmod swap mac continue index 100 RTNETLINK answers: File exists We have an error talking to the kernel # tc action replace action skbmod swap mac continue index 100 RTNETLINK answers: Cannot allocate memory We have an error talking to the kernel # tc action list action skbmod # # rmmod act_skbmod rmmod: ERROR: Module act_skbmod is in use Fixes: 65a206c ("net/sched: Change act_api and act_xxx modules to use IDR") Acked-by: Jamal Hadi Salim <[email protected]> Signed-off-by: Davide Caratti <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for f29cdfb - Browse repository at this point
Copy the full SHA f29cdfbView commit details -
Merge branch 'net-sched-action-idr-leak'
Davide Caratti says: ==================== fix idr leak in actions This series fixes situations where a temporary failure to install a TC action results in the permanent impossibility to reuse the configured value of 'index'. Thanks to Cong Wang for the initial review. v2: fix build error in act_ipt.c, reported by kbuild test robot ==================== Acked-by: Cong Wang <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ba9a190 - Browse repository at this point
Copy the full SHA ba9a190View commit details -
Merge branch 'drm-fixes-4.16' of git://people.freedesktop.org/~agd5f/…
…linux into drm-fixes A few more fixes for 4.16. Mostly for displays: - A fix for DP handling on radeon - Fix banding on eDP panels - Fix HBR audio - Fix for disabling VGA mode on Raven that leads to a corrupt or blank display on some platforms * 'drm-fixes-4.16' of git://people.freedesktop.org/~agd5f/linux: drm/amd/display: Add one to EDID's audio channel count when passing to DC drm/amd/display: We shouldn't set format_default on plane as atomic driver drm/amd/display: Fix FMT truncation programming drm/amd/display: Allow truncation to 10 bits drm/amd/display: fix dereferencing possible ERR_PTR() drm/amd/display: Refine disable VGA drm/amdgpu: Use atomic function to disable crtcs with dc enabled drm/radeon: Don't turn off DP sink when disconnected
Configuration menu - View commit details
-
Copy full SHA for 82269df - Browse repository at this point
Copy the full SHA 82269dfView commit details -
MIPS: ralink: Remove ralink_halt()
ralink_halt() does nothing that machine_halt() doesn't already do, so it adds no value. It actually causes incorrect behaviour due to the "unreachable()" at the end. This tells the compiler that the end of the function will never be reached, which isn't true. The compiler responds by not adding a 'return' instruction, so control simply moves on to whatever bytes come afterwards in memory. In my tested, that was the ralink_restart() function. This means that an attempt to 'halt' the machine would actually cause a reboot. So remove ralink_halt() so that a 'halt' really does halt. Fixes: c06e836 ("MIPS: ralink: adds reset code") Signed-off-by: NeilBrown <[email protected]> Cc: John Crispin <[email protected]> Cc: Ralf Baechle <[email protected]> Cc: [email protected] Cc: <[email protected]> # 3.9+ Patchwork: https://patchwork.linux-mips.org/patch/18851/ Signed-off-by: James Hogan <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 891731f - Browse repository at this point
Copy the full SHA 891731fView commit details
Commits on Mar 22, 2018
-
MIPS: ralink: Fix booting on MT7621
Since commit 3af5a67 ("MIPS: Fix early CM probing") the MT7621 has not been able to boot. This commit caused mips_cm_probe() to be called before mt7621.c::proc_soc_init(). prom_soc_init() has a comment explaining that mips_cm_probe() "wipes out the bootloader config" and means that configuration registers are no longer available. It has some code to re-enable this config. Before this re-enable code is run, the sysc register cannot be read, so when SYSC_REG_CHIP_NAME0 is read, a garbage value is returned and panic() is called. If we move the config-repair code to the top of prom_soc_init(), the registers can be read and boot can proceed. Very occasionally, the first register read after the reconfiguration returns garbage, so add a call to __sync(). Fixes: 3af5a67 ("MIPS: Fix early CM probing") Signed-off-by: NeilBrown <[email protected]> Reviewed-by: Matt Redfearn <[email protected]> Cc: John Crispin <[email protected]> Cc: Ralf Baechle <[email protected]> Cc: [email protected] Cc: <[email protected]> # 4.5+ Patchwork: https://patchwork.linux-mips.org/patch/18859/ Signed-off-by: James Hogan <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for a63d706 - Browse repository at this point
Copy the full SHA a63d706View commit details -
Revert: "vfio-pci: Mask INTx if a device is not capabable of enabling…
… it" This reverts commit 2170dd0 The intent of commit 2170dd0 ("vfio-pci: Mask INTx if a device is not capabable of enabling it") was to disallow the user from seeing that the device supports INTx if the platform is incapable of enabling it. The detection of this case however incorrectly includes devices which natively do not support INTx, such as SR-IOV VFs, and further discussions reveal gaps even for the target use case. Reported-by: Arjun Vynipadath <[email protected]> Fixes: 2170dd0 ("vfio-pci: Mask INTx if a device is not capabable of enabling it") Signed-off-by: Alex Williamson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 834814e - Browse repository at this point
Copy the full SHA 834814eView commit details -
drm: udl: Properly check framebuffer mmap offsets
The memmap options sent to the udl framebuffer driver were not being checked for all sets of possible crazy values. Fix this up by properly bounding the allowed values. Reported-by: Eyal Itkin <[email protected]> Cc: stable <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> Signed-off-by: Daniel Vetter <[email protected]> Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
Configuration menu - View commit details
-
Copy full SHA for 3b82a4d - Browse repository at this point
Copy the full SHA 3b82a4dView commit details -
ALSA: hda/realtek - Fix Dell headset Mic can't record
This platform was hardware fixed type for CTIA type for headset port. Assigned 0x19 verb will fix can't record issue. Signed-off-by: Kailang Yang <[email protected]> Cc: <[email protected]> Signed-off-by: Takashi Iwai <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for f0ba9d6 - Browse repository at this point
Copy the full SHA f0ba9d6View commit details -
ALSA: hda/realtek - Fix speaker no sound after system resume
It will have a chance speaker no sound after system resume. To toggle NID 0x53 index 0x2 bit 15 will solve this issue. This usage will also suitable with ALC256. Fixes: 4a219ef ("ALSA: hda/realtek - Add ALC256 HP depop function") Signed-off-by: Kailang Yang <[email protected]> Cc: <[email protected]> Signed-off-by: Takashi Iwai <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 88d42b2 - Browse repository at this point
Copy the full SHA 88d42b2View commit details -
ALSA: aloop: Sync stale timer before release
The aloop driver tries to stop the pending timer via timer_del() in the trigger callback and in the close callback. The former is correct, as it's an atomic operation, while the latter expects that the timer gets really removed and proceeds the resource releases after that. But timer_del() doesn't synchronize, hence the running timer may still access the released resources. A similar situation can be also seen in the prepare callback after trigger(STOP) where the prepare tries to re-initialize the things while a timer is still running. The problems like the above are seen indirectly in some syzkaller reports (although it's not 100% clear whether this is the only cause, as the race condition is quite narrow and not always easy to trigger). For addressing these issues, this patch adds the explicit alls of timer_del_sync() in some places, so that the pending timer is properly killed / synced. Cc: <[email protected]> Signed-off-by: Takashi Iwai <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 67a01af - Browse repository at this point
Copy the full SHA 67a01afView commit details -
ALSA: aloop: Fix access to not-yet-ready substream via cable
In loopback_open() and loopback_close(), we assign and release the substream object to the corresponding cable in a racy way. It's neither locked nor done in the right position. The open callback assigns the substream before its preparation finishes, hence the other side of the cable may pick it up, which may lead to the invalid memory access. This patch addresses these: move the assignment to the end of the open callback, and wrap with cable->lock for avoiding concurrent accesses. Cc: <[email protected]> Signed-off-by: Takashi Iwai <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8e6b1a7 - Browse repository at this point
Copy the full SHA 8e6b1a7View commit details -
Merge tag 'batadv-net-for-davem-20180319' of git://git.open-mesh.org/…
…linux-merge Simon Wunderlich says: ==================== Here are some batman-adv bugfixes: - fix possible IPv6 packet loss when multicast extension is used, by Linus Luessing - fix SKB handling issues for TTVN and DAT, by Matthias Schiffer (two patches) - fix include for eventpoll, by Sven Eckelmann - fix skb checksum for ttvn reroutes, by Sven Eckelmann ==================== Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ee54a9f - Browse repository at this point
Copy the full SHA ee54a9fView commit details -
net: phy: Add general dummy stubs for MMD register access
For some phy devices, even though they don't support the MMD extended register access, it does have some side effect if we are trying to read/write the MMD registers via indirect method. So introduce general dummy stubs for MMD register access which these devices can use to avoid such side effect. Fixes: b6b5e8a ("gianfar: Disable EEE autoneg by default") Signed-off-by: Kevin Hao <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 5df7af8 - Browse repository at this point
Copy the full SHA 5df7af8View commit details -
net: phy: realtek: Use the dummy stubs for MMD register access for rt…
…l8211b The Ethernet on mpc8315erdb is broken since commit b6b5e8a ("gianfar: Disable EEE autoneg by default"). The reason is that even though the rtl8211b doesn't support the MMD extended registers access, it does return some random values if we trying to access the MMD register via indirect method. This makes it seem that the EEE is supported by this phy device. And the subsequent writing to the MMD registers does cause the phy malfunction. So use the dummy stubs for the MMD register access to fix this issue. Fixes: b6b5e8a ("gianfar: Disable EEE autoneg by default") Signed-off-by: Kevin Hao <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 0231b1a - Browse repository at this point
Copy the full SHA 0231b1aView commit details -
net: phy: micrel: Use the general dummy stubs for MMD register access
The new general dummy stubs for MMD register access were introduced. Use that for the codes reuse. Signed-off-by: Kevin Hao <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c846a2b - Browse repository at this point
Copy the full SHA c846a2bView commit details -
Merge branch 'net-phy-Add-general-dummy-stubs-for-MMD-register-access'
Kevin Hao says: ==================== net: phy: Add general dummy stubs for MMD register access v2: As suggested by Andrew: - Add general dummy stubs - Also use that for the micrel phy This patch series fix the Ethernet broken on the mpc8315erdb board introduced by commit b6b5e8a ("gianfar: Disable EEE autoneg by default"). ==================== Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 3d21ac6 - Browse repository at this point
Copy the full SHA 3d21ac6View commit details -
s390/qeth: free netdevice when removing a card
On removal, a qeth card's netdevice is currently not properly freed because the call chain looks as follows: qeth_core_remove_device(card) lx_remove_device(card) unregister_netdev(card->dev) card->dev = NULL !!! qeth_core_free_card(card) if (card->dev) !!! free_netdev(card->dev) Fix it by free'ing the netdev straight after unregistering. This also fixes the sysfs-driven layer switch case (qeth_dev_layer2_store()), where the need to free the current netdevice was not considered at all. Note that free_netdev() takes care of the netif_napi_del() for us too. Fixes: 4a71df5 ("qeth: new qeth device driver") Signed-off-by: Julian Wiedmann <[email protected]> Reviewed-by: Ursula Braun <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6be6873 - Browse repository at this point
Copy the full SHA 6be6873View commit details -
s390/qeth: when thread completes, wake up all waiters
qeth_wait_for_threads() is potentially called by multiple users, make sure to notify all of them after qeth_clear_thread_running_bit() adjusted the thread_running_mask. With no timeout, callers would otherwise stall. Signed-off-by: Julian Wiedmann <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 1063e43 - Browse repository at this point
Copy the full SHA 1063e43View commit details -
s390/qeth: lock read device while queueing next buffer
For calling ccw_device_start(), issue_next_read() needs to hold the device's ccwlock. This is satisfied for the IRQ handler path (where qeth_irq() gets called under the ccwlock), but we need explicit locking for the initial call by the MPC initialization. Signed-off-by: Julian Wiedmann <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 17bf8c9 - Browse repository at this point
Copy the full SHA 17bf8c9View commit details -
s390/qeth: on channel error, reject further cmd requests
When the IRQ handler determines that one of the cmd IO channels has failed and schedules recovery, block any further cmd requests from being submitted. The request would inevitably stall, and prevent the recovery from making progress until the request times out. This sort of error was observed after Live Guest Relocation, where the pending IO on the READ channel intentionally gets terminated to kick-start recovery. Simultaneously the guest executed SIOCETHTOOL, triggering qeth to issue a QUERY CARD INFO command. The command then stalled in the inoperabel WRITE channel. Signed-off-by: Julian Wiedmann <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for a6c3d93 - Browse repository at this point
Copy the full SHA a6c3d93View commit details -
Merge branch 's390-qeth-fixes'
Julian Wiedmann says: ==================== s390/qeth: fixes 2018-03-20 Please apply one final set of qeth patches for 4.16. All of these fix long-standing bugs, so please queue them up for -stable as well. ==================== Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 1959031 - Browse repository at this point
Copy the full SHA 1959031View commit details -
net: aquantia: Fix hardware reset when SPI may rarely hangup
Under some circumstances (notably using thunderbolt interface) SPI on chip reset may be in active transaction. Here we forcibly cleanup SPI to prevent possible hangups. Signed-off-by: Igor Russkikh <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 1bf9a75 - Browse repository at this point
Copy the full SHA 1bf9a75View commit details -
net: aquantia: Fix a regression with reset on old firmware
FW 1.5.58 and below needs a fixed delay even after 0x18 register is filled. Otherwise, setting MPI_INIT state too fast causes traffic hang. Signed-off-by: Igor Russkikh <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for d0f0fb2 - Browse repository at this point
Copy the full SHA d0f0fb2View commit details -
net: aquantia: Change inefficient wait loop on fw data reads
B1 hardware changes behavior of mailbox interface, it has busy bit always raised. Data ready condition should be detected by increment of address register. Old code has empty `for` loop, and that caused cpu overloads on B1 hardware. aq_nic_service_timer_cb consumed ~100ms because of that. Signed-off-by: Igor Russkikh <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 47203b3 - Browse repository at this point
Copy the full SHA 47203b3View commit details -
net: aquantia: Add tx clean budget and valid budget handling logic
We should report to napi full budget only when we have more job to do. Before this fix, on any tx queue cleanup we forced napi to do poll again. Thats a waste of cpu resources and caused storming with napi polls when there was at least one tx on each interrupt. With this fix we report full budget only when there is more job on TX to do. Or, as before, when rx budget was fully consumed. Signed-off-by: Igor Russkikh <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b647d39 - Browse repository at this point
Copy the full SHA b647d39View commit details -
net: aquantia: Allow live mac address changes
There is nothing prevents us from changing MAC on the running interface. Allow this with ndev priv flag. Signed-off-by: Igor Russkikh <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 3e9a545 - Browse repository at this point
Copy the full SHA 3e9a545View commit details -
net: aquantia: Implement pci shutdown callback
We should close link and all NIC operations during shutdown. On some systems graceful reboot never closes NIC interface on its own, but only indicates pci device shutdown. Without explicit handler, NIC rx rings continued to transfer DMA data into prepared buffers while CPU rebooted already. That caused memory corruptions on soft reboot. Signed-off-by: Igor Russkikh <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 90869dd - Browse repository at this point
Copy the full SHA 90869ddView commit details -
net: aquantia: driver version bump
Signed-off-by: Igor Russkikh <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c89bf1c - Browse repository at this point
Copy the full SHA c89bf1cView commit details -
Igor Russkikh says: ==================== Aquantia atlantic hot fixes 03-2018 This is a set of atlantic driver hot fixes for various areas: Some issues with hardware reset covered, Fixed napi_poll flood happening on some traffic conditions, Allow system to change MAC address on live device, Add pci shutdown handler. patch v2: - reverse christmas tree - remove driver private parameter, replacing it with define. ==================== Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 9b894cd - Browse repository at this point
Copy the full SHA 9b894cdView commit details -
ipv6: sr: fix scheduling in RCU when creating seg6 lwtunnel state
The seg6_build_state() function is called with RCU read lock held, so we cannot use GFP_KERNEL. This patch uses GFP_ATOMIC instead. [ 92.770271] ============================= [ 92.770628] WARNING: suspicious RCU usage [ 92.770921] 4.16.0-rc4+ #12 Not tainted [ 92.771277] ----------------------------- [ 92.771585] ./include/linux/rcupdate.h:302 Illegal context switch in RCU read-side critical section! [ 92.772279] [ 92.772279] other info that might help us debug this: [ 92.772279] [ 92.773067] [ 92.773067] rcu_scheduler_active = 2, debug_locks = 1 [ 92.773514] 2 locks held by ip/2413: [ 92.773765] #0: (rtnl_mutex){+.+.}, at: [<00000000e5461720>] rtnetlink_rcv_msg+0x441/0x4d0 [ 92.774377] #1: (rcu_read_lock){....}, at: [<00000000df4f161e>] lwtunnel_build_state+0x59/0x210 [ 92.775065] [ 92.775065] stack backtrace: [ 92.775371] CPU: 0 PID: 2413 Comm: ip Not tainted 4.16.0-rc4+ #12 [ 92.775791] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1.fc27 04/01/2014 [ 92.776608] Call Trace: [ 92.776852] dump_stack+0x7d/0xbc [ 92.777130] __schedule+0x133/0xf00 [ 92.777393] ? unwind_get_return_address_ptr+0x50/0x50 [ 92.777783] ? __sched_text_start+0x8/0x8 [ 92.778073] ? rcu_is_watching+0x19/0x30 [ 92.778383] ? kernel_text_address+0x49/0x60 [ 92.778800] ? __kernel_text_address+0x9/0x30 [ 92.779241] ? unwind_get_return_address+0x29/0x40 [ 92.779727] ? pcpu_alloc+0x102/0x8f0 [ 92.780101] _cond_resched+0x23/0x50 [ 92.780459] __mutex_lock+0xbd/0xad0 [ 92.780818] ? pcpu_alloc+0x102/0x8f0 [ 92.781194] ? seg6_build_state+0x11d/0x240 [ 92.781611] ? save_stack+0x9b/0xb0 [ 92.781965] ? __ww_mutex_wakeup_for_backoff+0xf0/0xf0 [ 92.782480] ? seg6_build_state+0x11d/0x240 [ 92.782925] ? lwtunnel_build_state+0x1bd/0x210 [ 92.783393] ? ip6_route_info_create+0x687/0x1640 [ 92.783846] ? ip6_route_add+0x74/0x110 [ 92.784236] ? inet6_rtm_newroute+0x8a/0xd0 Fixes: 6c8702c ("ipv6: sr: add support for SRH encapsulation and injection with lwtunnels") Signed-off-by: David Lebrun <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 191f86c - Browse repository at this point
Copy the full SHA 191f86cView commit details -
ipv6: sr: fix NULL pointer dereference when setting encap source address
When using seg6 in encap mode, we call ipv6_dev_get_saddr() to set the source address of the outer IPv6 header, in case none was specified. Using skb->dev can lead to BUG() when it is in an inconsistent state. This patch uses the net_device attached to the skb's dst instead. [940807.667429] BUG: unable to handle kernel NULL pointer dereference at 000000000000047c [940807.762427] IP: ipv6_dev_get_saddr+0x8b/0x1d0 [940807.815725] PGD 0 P4D 0 [940807.847173] Oops: 0000 [#1] SMP PTI [940807.890073] Modules linked in: [940807.927765] CPU: 6 PID: 0 Comm: swapper/6 Tainted: G W 4.16.0-rc1-seg6bpf+ #2 [940808.028988] Hardware name: HP ProLiant DL120 G6/ProLiant DL120 G6, BIOS O26 09/06/2010 [940808.128128] RIP: 0010:ipv6_dev_get_saddr+0x8b/0x1d0 [940808.187667] RSP: 0018:ffff88043fd836b0 EFLAGS: 00010206 [940808.251366] RAX: 0000000000000005 RBX: ffff88042cb1c860 RCX: 00000000000000fe [940808.338025] RDX: 00000000000002c0 RSI: ffff88042cb1c860 RDI: 0000000000004500 [940808.424683] RBP: ffff88043fd83740 R08: 0000000000000000 R09: ffffffffffffffff [940808.511342] R10: 0000000000000040 R11: 0000000000000000 R12: ffff88042cb1c850 [940808.598012] R13: ffffffff8208e380 R14: ffff88042ac8da00 R15: 0000000000000002 [940808.684675] FS: 0000000000000000(0000) GS:ffff88043fd80000(0000) knlGS:0000000000000000 [940808.783036] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [940808.852975] CR2: 000000000000047c CR3: 00000004255fe000 CR4: 00000000000006e0 [940808.939634] Call Trace: [940808.970041] <IRQ> [940808.995250] ? ip6t_do_table+0x265/0x640 [940809.043341] seg6_do_srh_encap+0x28f/0x300 [940809.093516] ? seg6_do_srh+0x1a0/0x210 [940809.139528] seg6_do_srh+0x1a0/0x210 [940809.183462] seg6_output+0x28/0x1e0 [940809.226358] lwtunnel_output+0x3f/0x70 [940809.272370] ip6_xmit+0x2b8/0x530 [940809.313185] ? ac6_proc_exit+0x20/0x20 [940809.359197] inet6_csk_xmit+0x7d/0xc0 [940809.404173] tcp_transmit_skb+0x548/0x9a0 [940809.453304] __tcp_retransmit_skb+0x1a8/0x7a0 [940809.506603] ? ip6_default_advmss+0x40/0x40 [940809.557824] ? tcp_current_mss+0x24/0x90 [940809.605925] tcp_retransmit_skb+0xd/0x80 [940809.654016] tcp_xmit_retransmit_queue.part.17+0xf9/0x210 [940809.719797] tcp_ack+0xa47/0x1110 [940809.760612] tcp_rcv_established+0x13c/0x570 [940809.812865] tcp_v6_do_rcv+0x151/0x3d0 [940809.858879] tcp_v6_rcv+0xa5c/0xb10 [940809.901770] ? seg6_output+0xdd/0x1e0 [940809.946745] ip6_input_finish+0xbb/0x460 [940809.994837] ip6_input+0x74/0x80 [940810.034612] ? ip6_rcv_finish+0xb0/0xb0 [940810.081663] ipv6_rcv+0x31c/0x4c0 ... Fixes: 6c8702c ("ipv6: sr: add support for SRH encapsulation and injection with lwtunnels") Reported-by: Tom Herbert <[email protected]> Signed-off-by: David Lebrun <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8936ef7 - Browse repository at this point
Copy the full SHA 8936ef7View commit details -
ppp: avoid loop in xmit recursion detection code
We already detect situations where a PPP channel sends packets back to its upper PPP device. While this is enough to avoid deadlocking on xmit locks, this doesn't prevent packets from looping between the channel and the unit. The problem is that ppp_start_xmit() enqueues packets in ppp->file.xq before checking for xmit recursion. Therefore, __ppp_xmit_process() might dequeue a packet from ppp->file.xq and send it on the channel which, in turn, loops it back on the unit. Then ppp_start_xmit() queues the packet back to ppp->file.xq and __ppp_xmit_process() picks it up and sends it again through the channel. Therefore, the packet will loop between __ppp_xmit_process() and ppp_start_xmit() until some other part of the xmit path drops it. For L2TP, we rapidly fill the skb's headroom and pppol2tp_xmit() drops the packet after a few iterations. But PPTP reallocates the headroom if necessary, letting the loop run and exhaust the machine resources (as reported in https://bugzilla.kernel.org/show_bug.cgi?id=199109). Fix this by letting __ppp_xmit_process() enqueue the skb to ppp->file.xq, so that we can check for recursion before adding it to the queue. Now ppp_xmit_process() can drop the packet when recursion is detected. __ppp_channel_push() is a bit special. It calls __ppp_xmit_process() without having any actual packet to send. This is used by ppp_output_wakeup() to re-enable transmission on the parent unit (for implementations like ppp_async.c, where the .start_xmit() function might not consume the skb, leaving it in ppp->xmit_pending and disabling transmission). Therefore, __ppp_xmit_process() needs to handle the case where skb is NULL, dequeuing as many packets as possible from ppp->file.xq. Reported-by: xu heng <[email protected]> Fixes: 55454a5 ("ppp: avoid dealock on recursive xmit") Signed-off-by: Guillaume Nault <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6d06673 - Browse repository at this point
Copy the full SHA 6d06673View commit details -
net/ipv6: Handle onlink flag with multipath routes
For multipath routes the ONLINK flag can be specified per nexthop in rtnh_flags or globally in rtm_flags. Update ip6_route_multipath_add to consider the ONLINK setting coming from rtnh_flags. Each loop over nexthops the config for the sibling route is initialized to the global config and then per nexthop settings overlayed. The flag is 'or'ed into fib6_config to handle the ONLINK flag coming from either rtm_flags or rtnh_flags. Fixes: fc1e64e ("net/ipv6: Add support for onlink flag") Signed-off-by: David Ahern <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 68e2ffd - Browse repository at this point
Copy the full SHA 68e2ffdView commit details -
hv_netvsc: disable NAPI before channel close
This makes sure that no CPU is still process packets when the channel is closed. Fixes: 76bb5db ("netvsc: fix use after free on module removal") Signed-off-by: Stephen Hemminger <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8348e04 - Browse repository at this point
Copy the full SHA 8348e04View commit details -
hv_netvsc: use RCU to fix concurrent rx and queue changes
The receive processing may continue to happen while the internal network device state is in RCU grace period. The internal RNDIS structure is associated with the internal netvsc_device structure; both have the same RCU lifetime. Defer freeing all associated parts until after grace period. Fixes: 0cf7378 ("hv_netvsc: netvsc_teardown_gpadl() split") Signed-off-by: Stephen Hemminger <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 02400fc - Browse repository at this point
Copy the full SHA 02400fcView commit details -
hv_netvsc: change GPAD teardown order on older versions
On older versions of Windows, the host ignores messages after vmbus channel is closed. Workaround this by doing what Windows does and send the teardown before close on older versions of NVSP protocol. Reported-by: Mohammed Gamal <[email protected]> Fixes: 0cf7378 ("hv_netvsc: netvsc_teardown_gpadl() split") Signed-off-by: Stephen Hemminger <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 0ef58b0 - Browse repository at this point
Copy the full SHA 0ef58b0View commit details -
hv_netvsc: common detach logic
Make common function for detaching internals of device during changes to MTU and RSS. Make sure no more packets are transmitted and all packets have been received before doing device teardown. Change the wait logic to be common and use usleep_range(). Changes transmit enabling logic so that transmit queues are disabled during the period when lower device is being changed. And enabled only after sub channels are setup. This avoids issue where it could be that a packet was being sent while subchannel was not initialized. Fixes: 8195b13 ("hv_netvsc: fix deadlock on hotplug") Signed-off-by: Stephen Hemminger <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 7b2ee50 - Browse repository at this point
Copy the full SHA 7b2ee50View commit details -
Merge branch 'hv_netvsc-fix-races-during-shutdown-and-changes'
Stephen Hemminger says: ==================== hv_netvsc: fix races during shutdown and changes This set of patches fixes issues identified by Vitaly Kuznetsov and Mohammed Gamal related to state changes in Hyper-v network driver. A lot of the issues are because setting up the netvsc device requires a second step (in work queue) to get all the sub-channels running. ==================== Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 53e8269 - Browse repository at this point
Copy the full SHA 53e8269View commit details -
net: dsa: Fix functional dsa-loop dependency on FIXED_PHY
We have a functional dependency on the FIXED_PHY MDIO bus because we register fixed PHY devices "the old way" which only works if the code that does this has had a chance to run before the fixed MDIO bus is probed. Make sure we account for that and have dsa_loop_bdinfo.o be either built-in or modular depending on whether CONFIG_FIXED_PHY reflects that too. Fixes: 98cd155 ("net: dsa: Mock-up driver") Signed-off-by: Florian Fainelli <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 40013ff - Browse repository at this point
Copy the full SHA 40013ffView commit details -
Merge tag 'mac80211-for-davem-2018-03-21' of git://git.kernel.org/pub…
…/scm/linux/kernel/git/jberg/mac80211 Johannes Berg says: ==================== Two more fixes (in three patches): * ath9k_htc doesn't like QoS NDP frames, use regular ones * hwsim: set up wmediumd for radios created later ==================== Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for e0645d9 - Browse repository at this point
Copy the full SHA e0645d9View commit details -
macsec: missing dev_put() on error in macsec_newlink()
We moved the dev_hold(real_dev); call earlier in the function but forgot to update the error paths. Fixes: 0759e55 ("macsec: fix negative refcnt on parent link") Signed-off-by: Dan Carpenter <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 5dcd840 - Browse repository at this point
Copy the full SHA 5dcd840View commit details -
Merge tag 'imx-drm-fixes-2018-03-22' of git://git.pengutronix.de/git/…
…pza/linux into drm-fixes drm/imx: fixes for early vblank event issue, array underflow error - fix an array underflow error by reordering the range check before the array subscript in ipu-prg. - make some local functions static in ipuv3-plane. - add a missng header for ipu_planes_assign_pre in ipuv3-plane. - move arming of the vblank event from atomic_begin to atomic_flush, to avoid signalling atomic commit completion to userspace before plane atomic_update has finished, due to a race condition that is likely to be hit on i.MX6QP on PRE enabled channels. * tag 'imx-drm-fixes-2018-03-22' of git://git.pengutronix.de/git/pza/linux: drm/imx: move arming of the vblank event to atomic_flush drm/imx: ipuv3-plane: Include "imx-drm.h" header file drm/imx: ipuv3-plane: Make functions static when possible gpu: ipu-v3: prg: avoid possible array underflow
Configuration menu - View commit details
-
Copy full SHA for cec1b94 - Browse repository at this point
Copy the full SHA cec1b94View commit details -
Merge branch 'vmwgfx-fixes-4.16' of git://people.freedesktop.org/~tho…
…mash/linux into drm-fixes Two vmwgfx fixes for 4.16. Both cc'd stable. * 'vmwgfx-fixes-4.16' of git://people.freedesktop.org/~thomash/linux: drm/vmwgfx: Fix a destoy-while-held mutex problem. drm/vmwgfx: Fix black screen and device errors when running without fbdev
Configuration menu - View commit details
-
Copy full SHA for 096c49e - Browse repository at this point
Copy the full SHA 096c49eView commit details -
Merge tag 'drm-intel-fixes-2018-03-21' of git://anongit.freedesktop.o…
…rg/drm/drm-intel into drm-fixes One fix for DP MST and one fix for GPU reset on hang check. * tag 'drm-intel-fixes-2018-03-21' of git://anongit.freedesktop.org/drm/drm-intel: drm/i915: Specify which engines to reset following semaphore/event lockups drm/i915/dp: Write to SET_POWER dpcd to enable MST hub.
Configuration menu - View commit details
-
Copy full SHA for 8c2d689 - Browse repository at this point
Copy the full SHA 8c2d689View commit details -
Merge tag 'drm-misc-fixes-2018-03-22' of git://anongit.freedesktop.or…
…g/drm/drm-misc into drm-fixes Main change is a patch to reject getfb call for multiplanar framebuffers, then we have a couple of error path fixes on the sun4i driver. Still on that driver there is a clk fix and finally a mmap offset fix on the udl driver. * tag 'drm-misc-fixes-2018-03-22' of git://anongit.freedesktop.org/drm/drm-misc: drm: udl: Properly check framebuffer mmap offsets drm: Reject getfb for multi-plane framebuffers drm/sun4i: hdmi: Fix another error handling path in 'sun4i_hdmi_bind()' drm/sun4i: hdmi: Fix an error handling path in 'sun4i_hdmi_bind()' drm/sun4i: Fix an error handling path in 'sun4i_drv_bind()' drm/sun4i: Fix exclusivity of the TCON clocks
Configuration menu - View commit details
-
Copy full SHA for b7b3f66 - Browse repository at this point
Copy the full SHA b7b3f66View commit details -
Merge tag 'mmc-v4.16-rc4' of git://git.kernel.org/pub/scm/linux/kerne…
…l/git/ulfh/mmc Pull MMC fixes from Ulf Hansson: "A couple of MMC fixes intended for v4.16-rc7: MMC host: - dw_mmc: Fix the suspend/resume issue for Exynos5433 - dw_mmc: Fix the DTO/CTO timeout overflow calculation for 32-bit systems - dw_mmc: Make PIO mode work when failing with idmac when dw_mci_reset occurs - sdhci-acpi: Re-allow IRQ 0 to fix broken probe MMC core: - Update EXT_CSD caches to correctly switch partition for ioctl calls - Fix tracepoint print of blk_addr and blksz - Disable HPI on broken Micron (Numonyx) eMMC cards" * tag 'mmc-v4.16-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc: mmc: sdhci-acpi: Fix IRQ 0 mmc: dw_mmc: fix falling from idmac to PIO mode when dw_mci_reset occurs mmc: core: Fix tracepoint print of blk_addr and blksz mmc: core: Disable HPI for certain Micron (Numonyx) eMMC cards mmc: dw_mmc: exynos: fix the suspend/resume issue for exynos5433 mmc: block: fix updating ext_csd caches on ioctl call mmc: dw_mmc: Fix the DTO/CTO timeout overflow calculation for 32-bit systems
Configuration menu - View commit details
-
Copy full SHA for 9ce2078 - Browse repository at this point
Copy the full SHA 9ce2078View commit details -
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller: 1) Always validate XFRM esn replay attribute, from Florian Westphal. 2) Fix RCU read lock imbalance in xfrm_get_tos(), from Xin Long. 3) Don't try to get firmware dump if not loaded in iwlwifi, from Shaul Triebitz. 4) Fix BPF helpers to deal with SCTP GSO SKBs properly, from Daniel Axtens. 5) Fix some interrupt handling issues in e1000e driver, from Benjamin Poitier. 6) Use strlcpy() in several ethtool get_strings methods, from Florian Fainelli. 7) Fix rhlist dup insertion, from Paul Blakey. 8) Fix SKB leak in netem packet scheduler, from Alexey Kodanev. 9) Fix driver unload crash when link is up in smsc911x, from Jeremy Linton. 10) Purge out invalid socket types in l2tp_tunnel_create(), from Eric Dumazet. 11) Need to purge the write queue when TCP connections are aborted, otherwise userspace using MSG_ZEROCOPY can't close the fd. From Soheil Hassas Yeganeh. 12) Fix double free in error path of team driver, from Arkadi Sharshevsky. 13) Filter fixes for hv_netvsc driver, from Stephen Hemminger. 14) Fix non-linear packet access in ipv6 ndisc code, from Lorenzo Bianconi. 15) Properly filter out unsupported feature flags in macvlan driver, from Shannon Nelson. 16) Don't request loading the diag module for a protocol if the protocol itself is not even registered. From Xin Long. 17) If datagram connect fails in ipv6, make sure the socket state is consistent afterwards. From Paolo Abeni. 18) Use after free in qed driver, from Dan Carpenter. 19) If received ipv4 PMTU is less than the min pmtu, lock the mtu in the entry. From Sabrina Dubroca. 20) Fix sleep in atomic in tg3 driver, from Jonathan Toppins. 21) Fix vlan in vlan untagging in some situations, from Toshiaki Makita. 22) Fix double SKB free in genlmsg_mcast(). From Nicolas Dichtel. 23) Fix NULL derefs in error paths of tcf_*_init(), from Davide Caratti. 24) Unbalanced PM runtime calls in FEC driver, from Florian Fainelli. 25) Memory leak in gemini driver, from Igor Pylypiv. 26) IDR leaks in error paths of tcf_*_init() functions, from Davide Caratti. 27) Need to use GFP_ATOMIC in seg6_build_state(), from David Lebrun. 28) Missing dev_put() in error path of macsec_newlink(), from Dan Carpenter. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (201 commits) macsec: missing dev_put() on error in macsec_newlink() net: dsa: Fix functional dsa-loop dependency on FIXED_PHY hv_netvsc: common detach logic hv_netvsc: change GPAD teardown order on older versions hv_netvsc: use RCU to fix concurrent rx and queue changes hv_netvsc: disable NAPI before channel close net/ipv6: Handle onlink flag with multipath routes ppp: avoid loop in xmit recursion detection code ipv6: sr: fix NULL pointer dereference when setting encap source address ipv6: sr: fix scheduling in RCU when creating seg6 lwtunnel state net: aquantia: driver version bump net: aquantia: Implement pci shutdown callback net: aquantia: Allow live mac address changes net: aquantia: Add tx clean budget and valid budget handling logic net: aquantia: Change inefficient wait loop on fw data reads net: aquantia: Fix a regression with reset on old firmware net: aquantia: Fix hardware reset when SPI may rarely hangup s390/qeth: on channel error, reject further cmd requests s390/qeth: lock read device while queueing next buffer s390/qeth: when thread completes, wake up all waiters ...
Configuration menu - View commit details
-
Copy full SHA for c4f4d2f - Browse repository at this point
Copy the full SHA c4f4d2fView commit details -
* acpi-wdat: ACPI / watchdog: Fix off-by-one error at resource assignment
Configuration menu - View commit details
-
Copy full SHA for 594fdba - Browse repository at this point
Copy the full SHA 594fdbaView commit details -
Merge tag 'modules-for-v4.16-rc7' of git://git.kernel.org/pub/scm/lin…
…ux/kernel/git/jeyu/linux Pull modules fix from Jessica Yu: "Propagate error in modules_open() to avoid possible later NULL dereference if seq_open() had failed" * tag 'modules-for-v4.16-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux: module: propagate error in modules_open()
Configuration menu - View commit details
-
Copy full SHA for 394c73d - Browse repository at this point
Copy the full SHA 394c73dView commit details -
Merge tag 'acpi-4.16-rc7' of git://git.kernel.org/pub/scm/linux/kerne…
…l/git/rafael/linux-pm Pull ACPI fixes from Rafael Wysocki: "These revert one recent commit that added incorrect battery quirks for some Asus systems and fix an off-by-one error in the watchdog driver based on the ACPI WDAT table. Specifics: - Revert the recent change adding battery quirks for Asus GL502VSK and UX305LA as these quirks turn out to be inadequate and possibly premature (Daniel Drake). - Fix an off-by-one error in the resource allocation part of the watchdog driver based on the ACPI WDAT table (Takashi Iwai)" * tag 'acpi-4.16-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: ACPI / watchdog: Fix off-by-one error at resource assignment Revert "ACPI / battery: Add quirk for Asus GL502VSK and UX305LA"
Configuration menu - View commit details
-
Copy full SHA for e7d7743 - Browse repository at this point
Copy the full SHA e7d7743View commit details -
drm/ast: Fixed 1280x800 Display Issue
The original ast driver cannot display properly if the resolution is 1280x800 and the pixel clock is 83.5MHz. Here is the update to fix it. Signed-off-by: Y.C. Chen <[email protected]> Signed-off-by: Dave Airlie <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 5a9f698 - Browse repository at this point
Copy the full SHA 5a9f698View commit details
Commits on Mar 23, 2018
-
mm/mempolicy.c: avoid use uninitialized preferred_node
Alexander reported a use of uninitialized memory in __mpol_equal(), which is caused by incorrect use of preferred_node. When mempolicy in mode MPOL_PREFERRED with flags MPOL_F_LOCAL, it uses numa_node_id() instead of preferred_node, however, __mpol_equal() uses preferred_node without checking whether it is MPOL_F_LOCAL or not. [[email protected]: slight comment tweak] Link: http://lkml.kernel.org/r/[email protected] Fixes: fc36b8d ("mempolicy: use MPOL_F_LOCAL to Indicate Preferred Local Policy") Signed-off-by: Yisheng Xie <[email protected]> Reported-by: Alexander Potapenko <[email protected]> Tested-by: Alexander Potapenko <[email protected]> Reviewed-by: Andrew Morton <[email protected]> Cc: Dmitriy Vyukov <[email protected]> Cc: Vlastimil Babka <[email protected]> Cc: Michal Hocko <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8970a63 - Browse repository at this point
Copy the full SHA 8970a63View commit details -
MAINTAINERS: update Mark Fasheh's e-mail
I'd like to use my personal e-mail for Ocfs2 requests and review. Link: http://lkml.kernel.org/r/[email protected] Signed-off-by: Mark Fasheh <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 296cefe - Browse repository at this point
Copy the full SHA 296cefeView commit details -
lockdep: fix fs_reclaim warning
Dave Jones reported fs_reclaim lockdep warnings. ============================================ WARNING: possible recursive locking detected 4.15.0-rc9-backup-debug+ #1 Not tainted -------------------------------------------- sshd/24800 is trying to acquire lock: (fs_reclaim){+.+.}, at: [<0000000084f438c2>] fs_reclaim_acquire.part.102+0x5/0x30 but task is already holding lock: (fs_reclaim){+.+.}, at: [<0000000084f438c2>] fs_reclaim_acquire.part.102+0x5/0x30 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(fs_reclaim); lock(fs_reclaim); *** DEADLOCK *** May be due to missing lock nesting notation 2 locks held by sshd/24800: #0: (sk_lock-AF_INET6){+.+.}, at: [<000000001a069652>] tcp_sendmsg+0x19/0x40 #1: (fs_reclaim){+.+.}, at: [<0000000084f438c2>] fs_reclaim_acquire.part.102+0x5/0x30 stack backtrace: CPU: 3 PID: 24800 Comm: sshd Not tainted 4.15.0-rc9-backup-debug+ #1 Call Trace: dump_stack+0xbc/0x13f __lock_acquire+0xa09/0x2040 lock_acquire+0x12e/0x350 fs_reclaim_acquire.part.102+0x29/0x30 kmem_cache_alloc+0x3d/0x2c0 alloc_extent_state+0xa7/0x410 __clear_extent_bit+0x3ea/0x570 try_release_extent_mapping+0x21a/0x260 __btrfs_releasepage+0xb0/0x1c0 btrfs_releasepage+0x161/0x170 try_to_release_page+0x162/0x1c0 shrink_page_list+0x1d5a/0x2fb0 shrink_inactive_list+0x451/0x940 shrink_node_memcg.constprop.88+0x4c9/0x5e0 shrink_node+0x12d/0x260 try_to_free_pages+0x418/0xaf0 __alloc_pages_slowpath+0x976/0x1790 __alloc_pages_nodemask+0x52c/0x5c0 new_slab+0x374/0x3f0 ___slab_alloc.constprop.81+0x47e/0x5a0 __slab_alloc.constprop.80+0x32/0x60 __kmalloc_track_caller+0x267/0x310 __kmalloc_reserve.isra.40+0x29/0x80 __alloc_skb+0xee/0x390 sk_stream_alloc_skb+0xb8/0x340 tcp_sendmsg_locked+0x8e6/0x1d30 tcp_sendmsg+0x27/0x40 inet_sendmsg+0xd0/0x310 sock_write_iter+0x17a/0x240 __vfs_write+0x2ab/0x380 vfs_write+0xfb/0x260 SyS_write+0xb6/0x140 do_syscall_64+0x1e5/0xc05 entry_SYSCALL64_slow_path+0x25/0x25 This warning is caused by commit d92a8cf ("locking/lockdep: Rework FS_RECLAIM annotation") which replaced the use of lockdep_{set,clear}_current_reclaim_state() in __perform_reclaim() and lockdep_trace_alloc() in slab_pre_alloc_hook() with fs_reclaim_acquire()/ fs_reclaim_release(). Since __kmalloc_reserve() from __alloc_skb() adds __GFP_NOMEMALLOC | __GFP_NOWARN to gfp_mask, and all reclaim path simply propagates __GFP_NOMEMALLOC, fs_reclaim_acquire() in slab_pre_alloc_hook() is trying to grab the 'fake' lock again when __perform_reclaim() already grabbed the 'fake' lock. The /* this guy won't enter reclaim */ if ((current->flags & PF_MEMALLOC) && !(gfp_mask & __GFP_NOMEMALLOC)) return false; test which causes slab_pre_alloc_hook() to try to grab the 'fake' lock was added by commit cf40bd1 ("lockdep: annotate reclaim context (__GFP_NOFS)"). But that test is outdated because PF_MEMALLOC thread won't enter reclaim regardless of __GFP_NOMEMALLOC after commit 341ce06 ("page allocator: calculate the alloc_flags for allocation only once") added the PF_MEMALLOC safeguard ( /* Avoid recursion of direct reclaim */ if (p->flags & PF_MEMALLOC) goto nopage; in __alloc_pages_slowpath()). Thus, let's fix outdated test by removing __GFP_NOMEMALLOC test and allow __need_fs_reclaim() to return false. Link: http://lkml.kernel.org/r/[email protected] Fixes: d92a8cf ("locking/lockdep: Rework FS_RECLAIM annotation") Signed-off-by: Tetsuo Handa <[email protected]> Reported-by: Dave Jones <[email protected]> Tested-by: Dave Jones <[email protected]> Cc: Peter Zijlstra <[email protected]> Cc: Nick Piggin <[email protected]> Cc: Ingo Molnar <[email protected]> Cc: Nikolay Borisov <[email protected]> Cc: Michal Hocko <[email protected]> Cc: <[email protected]> [4.14+] Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2e517d6 - Browse repository at this point
Copy the full SHA 2e517d6View commit details -
hugetlbfs: check for pgoff value overflow
A vma with vm_pgoff large enough to overflow a loff_t type when converted to a byte offset can be passed via the remap_file_pages system call. The hugetlbfs mmap routine uses the byte offset to calculate reservations and file size. A sequence such as: mmap(0x20a00000, 0x600000, 0, 0x66033, -1, 0); remap_file_pages(0x20a00000, 0x600000, 0, 0x20000000000000, 0); will result in the following when task exits/file closed, kernel BUG at mm/hugetlb.c:749! Call Trace: hugetlbfs_evict_inode+0x2f/0x40 evict+0xcb/0x190 __dentry_kill+0xcb/0x150 __fput+0x164/0x1e0 task_work_run+0x84/0xa0 exit_to_usermode_loop+0x7d/0x80 do_syscall_64+0x18b/0x190 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 The overflowed pgoff value causes hugetlbfs to try to set up a mapping with a negative range (end < start) that leaves invalid state which causes the BUG. The previous overflow fix to this code was incomplete and did not take the remap_file_pages system call into account. [[email protected]: v3] Link: http://lkml.kernel.org/r/[email protected] [[email protected]: include mmdebug.h] [[email protected]: fix -ve left shift count on sh] Link: http://lkml.kernel.org/r/[email protected] Fixes: 045c7a3 ("hugetlbfs: fix offset overflow in hugetlbfs mmap") Signed-off-by: Mike Kravetz <[email protected]> Reported-by: Nic Losby <[email protected]> Acked-by: Michal Hocko <[email protected]> Cc: "Kirill A . Shutemov" <[email protected]> Cc: Yisheng Xie <[email protected]> Cc: <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 63489f8 - Browse repository at this point
Copy the full SHA 63489f8View commit details -
h8300: remove extraneous __BIG_ENDIAN definition
A bugfix I did earlier caused a build regression on h8300, which defines the __BIG_ENDIAN macro in a slightly different way than the generic code: arch/h8300/include/asm/byteorder.h:5:0: warning: "__BIG_ENDIAN" redefined We don't need to define it here, as the same macro is already provided by the linux/byteorder/big_endian.h, and that version does not conflict. While this is a v4.16 regression, my earlier patch also got backported to the 4.14 and 4.15 stable kernels, so we need the fixup there as well. Link: http://lkml.kernel.org/r/[email protected] Fixes: 101110f ("Kbuild: always define endianess in kconfig.h") Signed-off-by: Arnd Bergmann <[email protected]> Cc: Yoshinori Sato <[email protected]> Cc: <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 1705f7c - Browse repository at this point
Copy the full SHA 1705f7cView commit details -
mm/vmalloc: add interfaces to free unmapped page table
On architectures with CONFIG_HAVE_ARCH_HUGE_VMAP set, ioremap() may create pud/pmd mappings. A kernel panic was observed on arm64 systems with Cortex-A75 in the following steps as described by Hanjun Guo. 1. ioremap a 4K size, valid page table will build, 2. iounmap it, pte0 will set to 0; 3. ioremap the same address with 2M size, pgd/pmd is unchanged, then set the a new value for pmd; 4. pte0 is leaked; 5. CPU may meet exception because the old pmd is still in TLB, which will lead to kernel panic. This panic is not reproducible on x86. INVLPG, called from iounmap, purges all levels of entries associated with purged address on x86. x86 still has memory leak. The patch changes the ioremap path to free unmapped page table(s) since doing so in the unmap path has the following issues: - The iounmap() path is shared with vunmap(). Since vmap() only supports pte mappings, making vunmap() to free a pte page is an overhead for regular vmap users as they do not need a pte page freed up. - Checking if all entries in a pte page are cleared in the unmap path is racy, and serializing this check is expensive. - The unmap path calls free_vmap_area_noflush() to do lazy TLB purges. Clearing a pud/pmd entry before the lazy TLB purges needs extra TLB purge. Add two interfaces, pud_free_pmd_page() and pmd_free_pte_page(), which clear a given pud/pmd entry and free up a page for the lower level entries. This patch implements their stub functions on x86 and arm64, which work as workaround. [[email protected]: fix typo in pmd_free_pte_page() stub] Link: http://lkml.kernel.org/r/[email protected] Fixes: e61ce6a ("mm: change ioremap to set up huge I/O mappings") Reported-by: Lei Li <[email protected]> Signed-off-by: Toshi Kani <[email protected]> Cc: Catalin Marinas <[email protected]> Cc: Wang Xuefeng <[email protected]> Cc: Will Deacon <[email protected]> Cc: Hanjun Guo <[email protected]> Cc: Michal Hocko <[email protected]> Cc: Thomas Gleixner <[email protected]> Cc: Ingo Molnar <[email protected]> Cc: "H. Peter Anvin" <[email protected]> Cc: Borislav Petkov <[email protected]> Cc: Matthew Wilcox <[email protected]> Cc: Chintan Pandya <[email protected]> Cc: <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b6bdb75 - Browse repository at this point
Copy the full SHA b6bdb75View commit details -
x86/mm: implement free pmd/pte page interfaces
Implement pud_free_pmd_page() and pmd_free_pte_page() on x86, which clear a given pud/pmd entry and free up lower level page table(s). The address range associated with the pud/pmd entry must have been purged by INVLPG. Link: http://lkml.kernel.org/r/[email protected] Fixes: e61ce6a ("mm: change ioremap to set up huge I/O mappings") Signed-off-by: Toshi Kani <[email protected]> Reported-by: Lei Li <[email protected]> Cc: Michal Hocko <[email protected]> Cc: Thomas Gleixner <[email protected]> Cc: Ingo Molnar <[email protected]> Cc: "H. Peter Anvin" <[email protected]> Cc: Borislav Petkov <[email protected]> Cc: Matthew Wilcox <[email protected]> Cc: <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 28ee90f - Browse repository at this point
Copy the full SHA 28ee90fView commit details -
mm/khugepaged.c: convert VM_BUG_ON() to collapse fail
khugepaged is not yet able to convert PTE-mapped huge pages back to PMD mapped. We do not collapse such pages. See check khugepaged_scan_pmd(). But if between khugepaged_scan_pmd() and __collapse_huge_page_isolate() somebody managed to instantiate THP in the range and then split the PMD back to PTEs we would have a problem -- VM_BUG_ON_PAGE(PageCompound(page)) will get triggered. It's possible since we drop mmap_sem during collapse to re-take for write. Replace the VM_BUG_ON() with graceful collapse fail. Link: http://lkml.kernel.org/r/[email protected] Fixes: b1caa95 ("khugepaged: ignore pmd tables with THP mapped with ptes") Signed-off-by: Kirill A. Shutemov <[email protected]> Cc: Laura Abbott <[email protected]> Cc: Jerome Marchand <[email protected]> Cc: Vlastimil Babka <[email protected]> Cc: <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for fece202 - Browse repository at this point
Copy the full SHA fece202View commit details -
mm/thp: do not wait for lock_page() in deferred_split_scan()
deferred_split_scan() gets called from reclaim path. Waiting for page lock may lead to deadlock there. Replace lock_page() with trylock_page() and skip the page if we failed to lock it. We will get to the page on the next scan. Link: http://lkml.kernel.org/r/[email protected] Fixes: 9a98225 ("thp: introduce deferred_split_huge_page()") Signed-off-by: Kirill A. Shutemov <[email protected]> Acked-by: Michal Hocko <[email protected]> Cc: <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for fa41b90 - Browse repository at this point
Copy the full SHA fa41b90View commit details -
mm/shmem: do not wait for lock_page() in shmem_unused_huge_shrink()
shmem_unused_huge_shrink() gets called from reclaim path. Waiting for page lock may lead to deadlock there. There was a bug report that may be attributed to this: http://lkml.kernel.org/r/[email protected] Replace lock_page() with trylock_page() and skip the page if we failed to lock it. We will get to the page on the next scan. We can test for the PageTransHuge() outside the page lock as we only need protection against splitting the page under us. Holding pin oni the page is enough for this. Link: http://lkml.kernel.org/r/[email protected] Fixes: 779750d ("shmem: split huge pages beyond i_size under memory pressure") Signed-off-by: Kirill A. Shutemov <[email protected]> Reported-by: Eric Wheeler <[email protected]> Acked-by: Michal Hocko <[email protected]> Reviewed-by: Andrew Morton <[email protected]> Cc: Tetsuo Handa <[email protected]> Cc: Hugh Dickins <[email protected]> Cc: <[email protected]> [4.8+] Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b3cd54b - Browse repository at this point
Copy the full SHA b3cd54bView commit details -
Revert "mm: page_alloc: skip over regions of invalid pfns where possi…
…ble" This reverts commit b92df1d ("mm: page_alloc: skip over regions of invalid pfns where possible"). The commit is meant to be a boot init speed up skipping the loop in memmap_init_zone() for invalid pfns. But given some specific memory mapping on x86_64 (or more generally theoretically anywhere but on arm with CONFIG_HAVE_ARCH_PFN_VALID) the implementation also skips valid pfns which is plain wrong and causes 'kernel BUG at mm/page_alloc.c:1389!' crash> log | grep -e BUG -e RIP -e Call.Trace -e move_freepages_block -e rmqueue -e freelist -A1 kernel BUG at mm/page_alloc.c:1389! invalid opcode: 0000 [#1] SMP -- RIP: 0010: move_freepages+0x15e/0x160 -- Call Trace: move_freepages_block+0x73/0x80 __rmqueue+0x263/0x460 get_page_from_freelist+0x7e1/0x9e0 __alloc_pages_nodemask+0x176/0x420 -- crash> page_init_bug -v | grep RAM <struct resource 0xffff88067fffd2f8> 1000 - 9bfff System RAM (620.00 KiB) <struct resource 0xffff88067fffd3a0> 100000 - 430bffff System RAM ( 1.05 GiB = 1071.75 MiB = 1097472.00 KiB) <struct resource 0xffff88067fffd410> 4b0c8000 - 4bf9cfff System RAM ( 14.83 MiB = 15188.00 KiB) <struct resource 0xffff88067fffd480> 4bfac000 - 646b1fff System RAM (391.02 MiB = 400408.00 KiB) <struct resource 0xffff88067fffd560> 7b788000 - 7b7fffff System RAM (480.00 KiB) <struct resource 0xffff88067fffd640> 100000000 - 67fffffff System RAM ( 22.00 GiB) crash> page_init_bug | head -6 <struct resource 0xffff88067fffd560> 7b788000 - 7b7fffff System RAM (480.00 KiB) <struct page 0xffffea0001ede200> 1fffff00000000 0 <struct pglist_data 0xffff88047ffd9000> 1 <struct zone 0xffff88047ffd9800> DMA32 4096 1048575 <struct page 0xffffea0001ede200> 505736 505344 <struct page 0xffffea0001ed8000> 505855 <struct page 0xffffea0001edffc0> <struct page 0xffffea0001ed8000> 0 0 <struct pglist_data 0xffff88047ffd9000> 0 <struct zone 0xffff88047ffd9000> DMA 1 4095 <struct page 0xffffea0001edffc0> 1fffff00000400 0 <struct pglist_data 0xffff88047ffd9000> 1 <struct zone 0xffff88047ffd9800> DMA32 4096 1048575 BUG, zones differ! crash> kmem -p 77fff000 78000000 7b5ff000 7b600000 7b787000 7b788000 PAGE PHYSICAL MAPPING INDEX CNT FLAGS ffffea0001e00000 78000000 0 0 0 0 ffffea0001ed7fc0 7b5ff000 0 0 0 0 ffffea0001ed8000 7b600000 0 0 0 0 <<<< ffffea0001ede1c0 7b787000 0 0 0 0 ffffea0001ede200 7b788000 0 0 1 1fffff00000000 Link: http://lkml.kernel.org/r/[email protected] Fixes: b92df1d ("mm: page_alloc: skip over regions of invalid pfns where possible") Signed-off-by: Daniel Vacek <[email protected]> Acked-by: Ard Biesheuvel <[email protected]> Acked-by: Michal Hocko <[email protected]> Reviewed-by: Andrew Morton <[email protected]> Cc: Vlastimil Babka <[email protected]> Cc: Mel Gorman <[email protected]> Cc: Pavel Tatashin <[email protected]> Cc: Paul Burton <[email protected]> Cc: <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for f59f1ca - Browse repository at this point
Copy the full SHA f59f1caView commit details -
mm/vmscan: wake up flushers for legacy cgroups too
Commit 726d061 ("mm: vmscan: kick flushers when we encounter dirty pages on the LRU") added flusher invocation to shrink_inactive_list() when many dirty pages on the LRU are encountered. However, shrink_inactive_list() doesn't wake up flushers for legacy cgroup reclaim, so the next commit bbef938 ("mm: vmscan: remove old flusher wakeup from direct reclaim path") removed the only source of flusher's wake up in legacy mem cgroup reclaim path. This leads to premature OOM if there is too many dirty pages in cgroup: # mkdir /sys/fs/cgroup/memory/test # echo $$ > /sys/fs/cgroup/memory/test/tasks # echo 50M > /sys/fs/cgroup/memory/test/memory.limit_in_bytes # dd if=/dev/zero of=tmp_file bs=1M count=100 Killed dd invoked oom-killer: gfp_mask=0x14000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 Call Trace: dump_stack+0x46/0x65 dump_header+0x6b/0x2ac oom_kill_process+0x21c/0x4a0 out_of_memory+0x2a5/0x4b0 mem_cgroup_out_of_memory+0x3b/0x60 mem_cgroup_oom_synchronize+0x2ed/0x330 pagefault_out_of_memory+0x24/0x54 __do_page_fault+0x521/0x540 page_fault+0x45/0x50 Task in /test killed as a result of limit of /test memory: usage 51200kB, limit 51200kB, failcnt 73 memory+swap: usage 51200kB, limit 9007199254740988kB, failcnt 0 kmem: usage 296kB, limit 9007199254740988kB, failcnt 0 Memory cgroup stats for /test: cache:49632KB rss:1056KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:49500KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:1168KB inactive_file:24760KB active_file:24960KB unevictable:0KB Memory cgroup out of memory: Kill process 3861 (bash) score 88 or sacrifice child Killed process 3876 (dd) total-vm:8484kB, anon-rss:1052kB, file-rss:1720kB, shmem-rss:0kB oom_reaper: reaped process 3876 (dd), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB Wake up flushers in legacy cgroup reclaim too. Link: http://lkml.kernel.org/r/[email protected] Fixes: bbef938 ("mm: vmscan: remove old flusher wakeup from direct reclaim path") Signed-off-by: Andrey Ryabinin <[email protected]> Tested-by: Shakeel Butt <[email protected]> Acked-by: Michal Hocko <[email protected]> Cc: Mel Gorman <[email protected]> Cc: Tejun Heo <[email protected]> Cc: Johannes Weiner <[email protected]> Cc: <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 1c610d5 - Browse repository at this point
Copy the full SHA 1c610d5View commit details -
mm, thp: do not cause memcg oom for thp
Commit 2516035 ("mm, thp: remove __GFP_NORETRY from khugepaged and madvised allocations") changed the page allocator to no longer detect thp allocations based on __GFP_NORETRY. It did not, however, modify the mem cgroup try_charge() path to avoid oom kill for either khugepaged collapsing or thp faulting. It is never expected to oom kill a process to allocate a hugepage for thp; reclaim is governed by the thp defrag mode and MADV_HUGEPAGE, but allocations (and charging) should fallback instead of oom killing processes. Link: http://lkml.kernel.org/r/[email protected] Fixes: 2516035 ("mm, thp: remove __GFP_NORETRY from khugepaged and madvised allocations") Signed-off-by: David Rientjes <[email protected]> Cc: "Kirill A. Shutemov" <[email protected]> Cc: Michal Hocko <[email protected]> Cc: Vlastimil Babka <[email protected]> Cc: Johannes Weiner <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 9d3c335 - Browse repository at this point
Copy the full SHA 9d3c335View commit details -
Merge tag 'drm-fixes-for-v4.16-rc7' of git://people.freedesktop.org/~…
…airlied/linux Pull drm fixes from Dave Airlie: "A bunch of fixes all over the place (core, i915, amdgpu, imx, sun4i, ast, tegra, vmwgfx), nothing too serious or worrying at this stage. - one uapi fix to stop multi-planar images with getfb - Sun4i error path and clock fixes - udl driver mmap offset fix - i915 DP MST and GPU reset fixes - vmwgfx mutex and black screen fixes - imx array underflow fix and vblank fix - amdgpu: display fixes - exynos devicetree fix - ast mode fix" * tag 'drm-fixes-for-v4.16-rc7' of git://people.freedesktop.org/~airlied/linux: (29 commits) drm/ast: Fixed 1280x800 Display Issue drm: udl: Properly check framebuffer mmap offsets drm/i915: Specify which engines to reset following semaphore/event lockups drm/vmwgfx: Fix a destoy-while-held mutex problem. drm/vmwgfx: Fix black screen and device errors when running without fbdev drm: Reject getfb for multi-plane framebuffers drm/amd/display: Add one to EDID's audio channel count when passing to DC drm/amd/display: We shouldn't set format_default on plane as atomic driver drm/amd/display: Fix FMT truncation programming drm/amd/display: Allow truncation to 10 bits drm/sun4i: hdmi: Fix another error handling path in 'sun4i_hdmi_bind()' drm/sun4i: hdmi: Fix an error handling path in 'sun4i_hdmi_bind()' drm/i915/dp: Write to SET_POWER dpcd to enable MST hub. drm/amd/display: fix dereferencing possible ERR_PTR() drm/amd/display: Refine disable VGA drm/tegra: Shutdown on driver unbind drm/tegra: dsi: Don't disable regulator on ->exit() drm/tegra: dc: Detach IOMMU group from domain only once dt-bindings: exynos: Document #sound-dai-cells property of the HDMI node drm/imx: move arming of the vblank event to atomic_flush ...
Configuration menu - View commit details
-
Copy full SHA for 9ec7ccc - Browse repository at this point
Copy the full SHA 9ec7cccView commit details -
Merge branch 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/…
…kernel/git/nvdimm/nvdimm Pull libnvdimm fixes from Dan Williams: "Two regression fixes, two bug fixes for older issues, two fixes for new functionality added this cycle that have userspace ABI concerns, and a small cleanup. These have appeared in a linux-next release and have a build success report from the 0day robot. * The 4.16 rework of altmap handling led to some configurations leaking page table allocations due to freeing from the altmap reservation rather than the page allocator. The impact without the fix is leaked memory and a WARN() message when tearing down libnvdimm namespaces. The rework also missed a place where error handling code needed to be removed that can lead to a crash if devm_memremap_pages() fails. * acpi_map_pxm_to_node() had a latent bug whereby it could misidentify the closest online node to a given proximity domain. * Block integrity handling was reworked several kernels back to allow calling add_disk() after setting up the integrity profile. The nd_btt and nd_blk drivers are just now catching up to fix automatic partition detection at driver load time. * The new peristence_domain attribute, a platform indicator of whether cpu caches are powerfail protected for example, is meant to be a single value enum and not a set of flags. This oversight was caught while reviewing new userspace code in libndctl to communicate the attribute. Fix this new enabling up so that we are not stuck with an unwanted userspace ABI" * 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm: libnvdimm, nfit: fix persistence domain reporting libnvdimm, region: hide persistence_domain when unknown acpi, numa: fix pxm to online numa node associations x86, memremap: fix altmap accounting at free libnvdimm: remove redundant assignment to pointer 'dev' libnvdimm, {btt, blk}: do integrity setup before add_disk() kernel/memremap: Remove stale devres_free() call
Configuration menu - View commit details
-
Copy full SHA for 8401c72 - Browse repository at this point
Copy the full SHA 8401c72View commit details -
Merge branch 'akpm' (patches from Andrew)
Merge misc fixes from Andrew Morton: "13 fixes" * emailed patches from Andrew Morton <[email protected]>: mm, thp: do not cause memcg oom for thp mm/vmscan: wake up flushers for legacy cgroups too Revert "mm: page_alloc: skip over regions of invalid pfns where possible" mm/shmem: do not wait for lock_page() in shmem_unused_huge_shrink() mm/thp: do not wait for lock_page() in deferred_split_scan() mm/khugepaged.c: convert VM_BUG_ON() to collapse fail x86/mm: implement free pmd/pte page interfaces mm/vmalloc: add interfaces to free unmapped page table h8300: remove extraneous __BIG_ENDIAN definition hugetlbfs: check for pgoff value overflow lockdep: fix fs_reclaim warning MAINTAINERS: update Mark Fasheh's e-mail mm/mempolicy.c: avoid use uninitialized preferred_node
Configuration menu - View commit details
-
Copy full SHA for f36b753 - Browse repository at this point
Copy the full SHA f36b753View commit details -
tracing: probeevent: Fix to support minus offset from symbol
In Documentation/trace/kprobetrace.txt, it says @sym[+|-offs] : Fetch memory at SYM +|- offs (SYM should be a data symbol) However, the parser doesn't parse minus offset correctly, since commit 2fba0c8 ("tracing/kprobes: Fix probe offset to be unsigned") drops minus ("-") offset support for kprobe probe address usage. This fixes the traceprobe_split_symbol_offset() to parse minus offset again with checking the offset range, and add a minus offset check in kprobe probe address usage. Link: http://lkml.kernel.org/r/152129028983.31874.13419301530285775521.stgit@devbox Cc: Ingo Molnar <[email protected]> Cc: Tom Zanussi <[email protected]> Cc: Arnaldo Carvalho de Melo <[email protected]> Cc: Ravi Bangoria <[email protected]> Cc: [email protected] Fixes: 2fba0c8 ("tracing/kprobes: Fix probe offset to be unsigned") Acked-by: Namhyung Kim <[email protected]> Signed-off-by: Masami Hiramatsu <[email protected]> Signed-off-by: Steven Rostedt (VMware) <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c5d343b - Browse repository at this point
Copy the full SHA c5d343bView commit details -
selftests: ftrace: Add probe event argument syntax testcase
Add a testcase for probe event argument syntax which ensures the kprobe_events interface correctly parses given event arguments. Link: http://lkml.kernel.org/r/152129033679.31874.12705519603869152799.stgit@devbox Signed-off-by: Masami Hiramatsu <[email protected]> Signed-off-by: Steven Rostedt (VMware) <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 871bef2 - Browse repository at this point
Copy the full SHA 871bef2View commit details -
selftests: ftrace: Add a testcase for string type with kprobe_event
Add a testcase for string type with kprobe event. This tests good/bad syntax combinations and also the traced data is correct in several way. Link: http://lkml.kernel.org/r/152129038381.31874.9201387794548737554.stgit@devbox Signed-off-by: Masami Hiramatsu <[email protected]> Signed-off-by: Steven Rostedt (VMware) <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 5fbdbed - Browse repository at this point
Copy the full SHA 5fbdbedView commit details -
selftests: ftrace: Add a testcase for probepoint
Add a testcase for probe point definition. This tests symbol, address and symbol+offset syntax. The offset must be positive and smaller than UINT_MAX. Link: http://lkml.kernel.org/r/152129043097.31874.14273580606301767394.stgit@devbox Signed-off-by: Masami Hiramatsu <[email protected]> Signed-off-by: Steven Rostedt (VMware) <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for dfa453b - Browse repository at this point
Copy the full SHA dfa453bView commit details -
Merge tag 'sound-4.16-rc7' of git://git.kernel.org/pub/scm/linux/kern…
…el/git/tiwai/sound Pull sound fixes from Takashi Iwai: "Things look calming down, but people were still busy to plaster over small holes: - Two fixes to harden against races in aloop driver - A correction of a long-standing bug in USB-audio UAC2 processing unit parser - As usual suspects, HD-audio: a workaround for Coffee Lake controller and a few other device-specific fixes All small and for stable" * tag 'sound-4.16-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ALSA: aloop: Fix access to not-yet-ready substream via cable ALSA: aloop: Sync stale timer before release ALSA: hda/realtek - Fix speaker no sound after system resume ALSA: hda/realtek - Fix Dell headset Mic can't record ALSA: hda - Force polling mode on CFL for fixing codec communication ALSA: usb-audio: Fix parsing descriptor of UAC2 processing unit ALSA: hda/realtek - Always immediately update mute LED with pin VREF
Configuration menu - View commit details
-
Copy full SHA for 8ce7201 - Browse repository at this point
Copy the full SHA 8ce7201View commit details -
Merge tag 'media/v4.16-4' of git://git.kernel.org/pub/scm/linux/kerne…
…l/git/mchehab/linux-media Pull media fixes from Mauro Carvalho Chehab: "Three fixes: - dvb: fix a Kconfig typo on a help text - tegra-cec: reset rx_buf_cnt when start bit detected - rc: lirc does not use LIRC_CAN_SEND_SCANCODE feature" * tag 'media/v4.16-4' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media: media: dvb: fix a Kconfig typo media: tegra-cec: reset rx_buf_cnt when start bit detected media: rc: lirc does not use LIRC_CAN_SEND_SCANCODE feature
Configuration menu - View commit details
-
Copy full SHA for cde00d2 - Browse repository at this point
Copy the full SHA cde00d2View commit details -
Merge tag 'char-misc-4.16-rc7' of git://git.kernel.org/pub/scm/linux/…
…kernel/git/gregkh/char-misc Pull hyperv fix from Greg KH: "This is a single hyperv bugfix for 4.16-rc7. It resolves an issue with the ring-buffer signaling to resolve reported problems. It's been in linux-next for a while now with no reported issues" * tag 'char-misc-4.16-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: Drivers: hv: vmbus: Fix ring buffer signaling
Configuration menu - View commit details
-
Copy full SHA for 97235e7 - Browse repository at this point
Copy the full SHA 97235e7View commit details -
Merge tag 'staging-4.16-rc7' of git://git.kernel.org/pub/scm/linux/ke…
…rnel/git/gregkh/staging Pull staging/IIO fixes from Greg KH: "Here are a few small staging and IIO fixes for various reported issues. All of them are tiny, the majority being iio driver fixes for small issues, and one staging driver fix for a memory corruption issue. All have been in linux-next with no reported issues" * tag 'staging-4.16-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: staging: ncpfs: memory corruption in ncp_read_kernel() iio: st_pressure: st_accel: pass correct platform data to init Revert "iio: accel: st_accel: remove redundant pointer pdata" iio: adc: meson-saradc: unlock on error in meson_sar_adc_lock() dt-bindings: iio: adc: sd-modulator: fix io-channel-cells iio: adc: stm32-dfsdm: fix multiple channel initialization iio: adc: stm32-dfsdm: fix clock source selection iio: adc: stm32-dfsdm: fix call to stop channel iio: adc: stm32-dfsdm: fix compatible data use iio: chemical: ccs811: Corrected firmware boot/application mode transition
Configuration menu - View commit details
-
Copy full SHA for 935c200 - Browse repository at this point
Copy the full SHA 935c200View commit details -
Merge tag 'mtd/fixes-for-4.16-rc7' of git://git.infradead.org/linux-mtd
Pull MTD fixes from Boris Brezillon: - Fix several problems in the fsl_ifc NAND controller driver - Fix misuse of mtd_ooblayout_ecc() in mtdchar.c * tag 'mtd/fixes-for-4.16-rc7' of git://git.infradead.org/linux-mtd: mtd: nand: fsl_ifc: Read ECCSTAT0 and ECCSTAT1 registers for IFC 2.0 mtd: nand: fsl_ifc: Fix eccstat array overflow for IFC ver >= 2.0.0 mtd: nand: fsl_ifc: Fix nand waitfunc return value mtdchar: fix usage of mtd_ooblayout_ecc()
Configuration menu - View commit details
-
Copy full SHA for a580657 - Browse repository at this point
Copy the full SHA a580657View commit details -
Merge tag 'vfio-v4.16-rc7' of git://github.com/awilliam/linux-vfio
Pull VFIO fix from Alex Williamson: "Revert masking INTx where it cannot be enabled - it plays poorly with SR-IOV VFs and presumes DisINTx support" * tag 'vfio-v4.16-rc7' of git://github.com/awilliam/linux-vfio: Revert: "vfio-pci: Mask INTx if a device is not capabable of enabling it"
Configuration menu - View commit details
-
Copy full SHA for 095fe49 - Browse repository at this point
Copy the full SHA 095fe49View commit details -
Merge tag 'mips_fixes_4.16_5' of git://git.kernel.org/pub/scm/linux/k…
…ernel/git/jhogan/mips Pull MIPS fixes from James Hogan: "Another miscellaneous pile of MIPS fixes for 4.16: - lantiq: fixes for clocks and Amazon SE (4.14) - ralink: fix booting on MT7621 (4.5) - ralink: fix halt (3.9)" * tag 'mips_fixes_4.16_5' of git://git.kernel.org/pub/scm/linux/kernel/git/jhogan/mips: MIPS: ralink: Fix booting on MT7621 MIPS: ralink: Remove ralink_halt() MIPS: lantiq: ase: Enable MFD_SYSCON MIPS: lantiq: Enable AHB Bus for USB MIPS: lantiq: Fix Danube USB clock
Configuration menu - View commit details
-
Copy full SHA for 86d043d - Browse repository at this point
Copy the full SHA 86d043dView commit details -
Merge tag 'trace-v4.16-rc4' of git://git.kernel.org/pub/scm/linux/ker…
…nel/git/rostedt/linux-trace Pull kprobe fixes from Steven Rostedt: "The documentation for kprobe events says that symbol offets can take both a + and - sign to get to befor and after the symbol address. But in actuality, the code does not support the minus. This fixes that issue, and adds a few more selftests to kprobe events" * tag 'trace-v4.16-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: selftests: ftrace: Add a testcase for probepoint selftests: ftrace: Add a testcase for string type with kprobe_event selftests: ftrace: Add probe event argument syntax testcase tracing: probeevent: Fix to support minus offset from symbol
Configuration menu - View commit details
-
Copy full SHA for 99fec39 - Browse repository at this point
Copy the full SHA 99fec39View commit details
Commits on Mar 24, 2018
-
Merge tag 'pinctrl-v4.16-3' of git://git.kernel.org/pub/scm/linux/ker…
…nel/git/linusw/linux-pinctrl Pull pin control fixes from Linus Walleij: "Two fixes for pin control for v4.16: - Renesas SH-PFC: remove a duplicate clkout pin which was causing crashes - fix Samsung out of bounds exceptions" * tag 'pinctrl-v4.16-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl: pinctrl: samsung: Validate alias coming from DT pinctrl: sh-pfc: r8a7795: remove duplicate of CLKOUT pin in pinmux_pins[]
Configuration menu - View commit details
-
Copy full SHA for bcfc1f4 - Browse repository at this point
Copy the full SHA bcfc1f4View commit details