I took a scripted approach to look at some product kernels for patches
backported into vendor kernels. This is a set of (mostly) bugfixes I found
in Spreadtrum's linux-4.4 kernel that are missing in 4.4.176:
ffedbd2210f2 mmc: pwrseq: constify mmc_pwrseq_ops structures
c10368897e10 ALSA: compress: add support for 32bit calls in a 64bit kernel
64a67d4762ce mmc: pwrseq_simple: Make reset-gpios optional to match doc
4ec0ef3a8212 USB: iowarrior: fix oops with malicious USB descriptors
e5905ff1281f mmc: debugfs: Add a restriction to mmc debugfs clock setting
4ec96b4cbde8 mmc: make MAN_BKOPS_EN message a debug
ed9feec72fc1 mmc: sanitize 'bus width' in debug output
10a16a01d8f7 mmc: core: shut up "voltage-ranges unspecified" pr_info()
9772b47a4c29 usb: dwc3: gadget: Fix suspend/resume during device mode
6afedcd23cfd arm64: mm: Add trace_irqflags annotations to do_debug_exception()
437db4c6e798 mmc: mmc: Attempt to flush cache before reset
e51534c80660 mmc: core: fix using wrong io voltage if mmc_select_hs200 fails
e4c5800a3991 mm/rmap: replace BUG_ON(anon_vma->degree) with VM_WARN_ON
04c080080855 extcon: usb-gpio: Don't miss event during suspend/resume
78283edf2c01 kbuild: setlocalversion: print error to STDERR
c526c62d565e usb: gadget: composite: fix dereference after null check coverify warning
511a36d2f357 usb: gadget: Add the gserial port checking in gs_start_tx()
1712c9373f98 mmc: core: don't try to switch block size for dual rate mode
5ea8ea2cb7f1 tcp/dccp: drop SYN packets if accept queue is full
e1dc9b08051a serial: sprd: adjust TIMEOUT to a big value
81be24d263db Hang/soft lockup in d_invalidate with simultaneous calls
6f44a0bacb79 arm64: traps: disable irq in die()
b7d44c36a6f6 usb: renesas_usbhs: gadget: fix unused-but-set-variable warning
4350782570b9 serial: sprd: clear timeout interrupt only rather than all interrupts
3f3295709ede lib/int_sqrt: optimize small argument
32fd87b3bbf5 USB: core: only clean up what we allocated
Al Viro (1):
Hang/soft lockup in d_invalidate with simultaneous calls
Andrey Konovalov (1):
USB: core: only clean up what we allocated
Baolin Wang (1):
usb: gadget: Add the gserial port checking in gs_start_tx()
Chuanxiao Dong (1):
mmc: debugfs: Add a restriction to mmc debugfs clock setting
Dong Aisheng (1):
mmc: core: fix using wrong io voltage if mmc_select_hs200 fails
Eric Dumazet (1):
tcp/dccp: drop SYN packets if accept queue is full
James Morse (1):
arm64: mm: Add trace_irqflags annotations to do_debug_exception()
Josh Boyer (1):
USB: iowarrior: fix oops with malicious USB descriptors
Julia Lawall (1):
mmc: pwrseq: constify mmc_pwrseq_ops structures
Konstantin Khlebnikov (1):
mm/rmap: replace BUG_ON(anon_vma->degree) with VM_WARN_ON
Lanqing Liu (1):
serial: sprd: clear timeout interrupt only rather than all interrupts
Martin Fuzzey (1):
mmc: pwrseq_simple: Make reset-gpios optional to match doc
Peter Chen (1):
usb: gadget: composite: fix dereference after null check coverify
warning
Peter Zijlstra (1):
lib/int_sqrt: optimize small argument
Qiao Zhou (1):
arm64: traps: disable irq in die()
Ravindra Lokhande (1):
ALSA: compress: add support for 32bit calls in a 64bit kernel
Roger Quadros (2):
usb: dwc3: gadget: Fix suspend/resume during device mode
extcon: usb-gpio: Don't miss event during suspend/resume
Russell King (1):
mmc: core: shut up "voltage-ranges unspecified" pr_info()
Wei Qiao (1):
serial: sprd: adjust TIMEOUT to a big value
Wolfram Sang (3):
mmc: make MAN_BKOPS_EN message a debug
mmc: sanitize 'bus width' in debug output
kbuild: setlocalversion: print error to STDERR
Yoshihiro Shimoda (1):
usb: renesas_usbhs: gadget: fix unused-but-set-variable warning
Ziyuan Xu (1):
mmc: core: don't try to switch block size for dual rate mode
arch/arm64/kernel/traps.c | 8 +++++--
arch/arm64/mm/fault.c | 33 ++++++++++++++++++--------
drivers/extcon/extcon-usb-gpio.c | 3 +++
drivers/mmc/core/core.c | 13 ++++++----
drivers/mmc/core/debugfs.c | 2 +-
drivers/mmc/core/mmc.c | 16 +++++++++----
drivers/mmc/core/pwrseq.h | 2 +-
drivers/mmc/core/pwrseq_emmc.c | 2 +-
drivers/mmc/core/pwrseq_simple.c | 24 ++++++++++++-------
drivers/tty/serial/sprd_serial.c | 6 +++--
drivers/usb/core/config.c | 9 ++++---
drivers/usb/dwc3/gadget.c | 6 +++++
drivers/usb/gadget/composite.c | 2 ++
drivers/usb/gadget/function/u_serial.c | 7 +++++-
drivers/usb/misc/iowarrior.c | 6 +++++
drivers/usb/renesas_usbhs/mod_gadget.c | 5 +---
fs/dcache.c | 10 ++++----
include/net/inet_connection_sock.h | 5 ----
lib/int_sqrt.c | 3 +++
mm/rmap.c | 2 +-
net/dccp/ipv4.c | 8 +------
net/dccp/ipv6.c | 2 +-
net/ipv4/tcp_input.c | 8 +------
scripts/setlocalversion | 2 +-
sound/core/compress_offload.c | 13 ++++++++++
25 files changed, 126 insertions(+), 71 deletions(-)
--
2.20.0
This is the full list of patches that were backported and are not in
4.4.y, but as usual most of them did not appear to make sense for stable
kernels.
100 33 da5ce874f8ca f2fs: release locks before return in f2fs_ioc_gc_range()
100 100 1dc0f8991d4d f2fs: fix to avoid race in between atomic write and background GC
100 27 b27bc8091ccf f2fs: do gc in greedy mode for whole range if gc_urgent mode is set
100 100 782911f491e7 f2fs: set readdir_ra by default
33 33 81286d3e31b7 staging: android: ion: Remove check of idev->debug_root
100 80 ae6650163c66 loop: fix concurrent lo_open/lo_release
100 100 466a2b42d676 cpufreq: schedutil: Use idle_calls counter of the remote CPU
100 100 32fd87b3bbf5 USB: core: only clean up what we allocated
100 100 3f3295709ede lib/int_sqrt: optimize small argument
50 30 e22cdc3fc599 sched/isolcpus: Fix "isolcpus=" boot parameter handling when !CONFIG_CPUMASK_OFFSTACK
100 85 0abd8e70d24b f2fs: clear radix tree dirty tag of pages whose dirty flag is cleared
100 100 84a23fbe96b4 f2fs: clear FI_HOT_DATA correctly
91 91 12ac1d0f6c3e genirq: Make sparse_irq_lock protect what it should protect
100 55 c49cbc19b31e cpufreq: schedutil: Always process remote callback with slow switching
100 100 e2cabe48c20e cpufreq: schedutil: Don't restrict kthread to related_cpus unnecessarily
78 78 99d14d0e16fa cpufreq: Process remote callbacks from any CPU if the platform permits
31 61 674e75411fc2 sched: cpufreq: Allow remote cpufreq callbacks
50 100 4350782570b9 serial: sprd: clear timeout interrupt only rather than all interrupts
100 100 b7d44c36a6f6 usb: renesas_usbhs: gadget: fix unused-but-set-variable warning
100 100 6f44a0bacb79 arm64: traps: disable irq in die()
100 33 04dfc23006a2 f2fs: show more info if fail to issue discard
71 28 e41e6d75e501 f2fs: split wio_mutex
100 100 773a9ef85f02 mmc: pwrseq: Add reset callback to the struct mmc_pwrseq_ops
100 100 81be24d263db Hang/soft lockup in d_invalidate with simultaneous calls
100 100 e9256e142f59 mmc: pwrseq_simple: Parse DTS for the power-off-delay-us property
100 100 e1dc9b08051a serial: sprd: adjust TIMEOUT to a big value
100 100 6c3acd97572b f2fs: allocate hot_data for atomic writes
75 100 bdd154436077 USB: serial: spcp8x5: simplify endpoint check
45 100 590298b22325 USB: serial: pl2303: simplify endpoint check
68 100 32814c87f446 USB: serial: oti6858: simplify endpoint check
85 100 8ee1592d125a USB: serial: omninet: simplify endpoint check
42 100 206ff831bebb USB: serial: mos7720: simplify endpoint check
84 100 35194572b4ed USB: serial: kobil_sct: simplify endpoint check
75 100 b714d5dc0631 USB: serial: keyspan_pda: simplify endpoint check
69 100 fb527736ebcc USB: serial: iuu_phoenix: simplify endpoint check
65 100 e7d6507e5ba7 USB: serial: digi_acceleport: simplify endpoint check
81 100 d183b9b43390 USB: serial: cyberjack: simplify endpoint check
60 100 fe190ed0d602 xhci: Do not halt the host until both HCD have disconnected their devices.
100 100 f759741d9d91 block: Fix oops in locked_inode_to_wb_and_lock_list()
100 100 773dc118756b mmc: core: Fix access to HS400-ES devices
64 64 e93b9865251a f2fs: add ovp valid_blocks check for bg gc victim to fg_gc
30 49 942fd3192f83 f2fs: check last page index in cached bio to decide submission
71 100 bcb7440e76a9 extcon: usb-gpio: Add pinctrl operation during system PM
66 100 5278204c9818 xhci: use the trb_to_noop() helper for command trbs
100 100 bc88c10d7e69 locking/spinlock/debug: Remove spinlock lockup detection code
100 100 d40a43af0a57 f2fs: fix an infinite loop when flush nodes in cp
89 86 541332a13b1d extcon: usb-gpio: Add VBUS detection support
100 50 65aca3205046 usb: dwc3: gadget: clear events in top-half handler
77 100 ebbb2d59398f usb: dwc3: gadget: use evt->cache for processing events
66 100 d9fa4c63f766 usb: dwc3: core: add a event buffer cache
100 100 9ad587710a2f usb: gadget: composite: remove unnecessary & operation
100 76 ef3d232245ab mmc: mmc: Relax checking for switch errors after HS200 switch
100 100 e173f8911f09 mmc: core: Update CMD13 polling policy when switch to HS DDR mode
68 63 aa33ce3c411a mmc: core: Enable __mmc_switch() to change bus speed timing for the host
100 33 5ec32f84111a mmc: core: Check SWITCH_ERROR bit from each CMD13 response when polling
50 50 625228fa3e01 mmc: core: Rename ignore_crc to retry_crc_err to reflect its purpose
100 100 89e57aedda33 mmc: core: Remove redundant __mmc_send_status()
33 33 437590a123b6 mmc: core: Retry instead of ignore at CRC errors when polling for busy
100 100 c2c24819b280 mmc: core: Don't power off the card when starting the host
55 50 716bdb8953c7 mmc: core: Factor out code related to polling in __mmc_switch()
23 89 cb26ce069ffa mmc: core: Clarify code which deals with polling in __mmc_switch()
100 100 5ea8ea2cb7f1 tcp/dccp: drop SYN packets if accept queue is full
72 100 8e5bfa8c1f84 sched/autogroup: Do not use autogroup->tg in zombie threads
100 100 8fdd136f2200 cfg80211: add bitrate for 20MHz MCS 9
75 100 fd9afd3cbe40 usb: gadget: u_ether: remove interrupt throttling
100 100 fe1b5700c70f mmc: mmc: Use 500ms as the default generic CMD6 timeout
100 100 1720d3545b77 mmc: core: switch to 1V8 or 1V2 for hs400es mode
100 100 e932835377f9 f2fs: check return value of write_checkpoint during fstrim
100 100 1712c9373f98 mmc: core: don't try to switch block size for dual rate mode
63 81 721e0497172f mmc: pwrseq-simple: Add an optional post-power-on-delay
100 100 00af62330c39 usb: dwc3: core: Move the mode setting to the right place
100 75 b1149ad917b7 coresight: always use stashed trace id value in etm4_trace_id
80 80 a399d233078e sched/core: Fix incorrect utilization accounting when switching to fair class
100 60 9d7aba7786b6 Revert "usb: dwc3: gadget: always decrement by 1"
100 100 511a36d2f357 usb: gadget: Add the gserial port checking in gs_start_tx()
100 100 c526c62d565e usb: gadget: composite: fix dereference after null check coverify warning
100 100 78283edf2c01 kbuild: setlocalversion: print error to STDERR
100 100 bb4eecf23be2 mmc: Change the max discard sectors and erase response when HW busy detect
100 100 6ae3e537eab9 mmc: core: expose MMC_CAP2_NO_* to dt
100 100 5f1d1434b7a0 Documentation: mmc: add description for new no-sd* and no-mmc
100 100 a0c3b68c72a3 mmc: core: Allow hosts to specify non-support for MMC commands
100 100 1b8d79c54944 mmc: core: Allow hosts to specify non-support for SD commands
100 100 649c6059d237 mmc: mmc: Fix HS switch failure in mmc_select_hs400()
61 100 08573eaf1a70 mmc: mmc: do not use CMD13 to get status after speed mode switch
33 100 bc26235bbd79 mmc: debugfs: add HS400 enhanced strobe description
74 100 81ac2af65793 mmc: core: implement enhanced strobe support
100 100 ef29c0e273b8 mmc: core: add mmc-hs400-enhanced-strobe support
100 100 a60119ce9434 Documentation: mmc: add mmc-hs400-enhanced-strobe
99 78 48b4800a1c6a zsmalloc: page migration support
88 79 bfd093f5e7f0 zsmalloc: use freeobj for index
48 62 4aa409cab7c3 zsmalloc: separate free_zspage from putback_zspage
66 66 3783689a1aa8 zsmalloc: introduce zspage structure
62 86 bdb0af7ca8f0 zsmalloc: factor page chain functionality out
100 100 1b8320b620d6 zsmalloc: use bit_spin_lock
50 68 1fc6e27d7b86 zsmalloc: keep max_object in size_class
100 85 b1123ea6d3b3 mm: balloon: use general non-lru movable page feature
88 93 bda807d44454 mm: migrate: support non-lru movable page migration
90 90 c6c919eb90e0 mm: use put_page() to free page instead of putback_lru_page()
92 100 72704f876f50 dwc3: gadget: Implement the suspend entry event handler
100 100 da1410be21bf usb: dwc3: gadget: Add the suspend state checking when stopping gadget
33 100 13fa2e69b1dd usb: dwc3: gadget: disable XFER_NOT_READY
92 35 361572b5f7a9 usb: dwc3: gadget: Handle TRB index 0 when full or empty
100 100 7d0a038b130c usb: dwc3: gadget: Account for link TRB in TRBs left
100 100 89bc856e5a74 usb: dwc3: gadget: Don't prepare TRBs if no space
75 100 0d25744ad107 usb: dwc3: gadget: Initialize the TRB ring
79 86 fc8bb91bc83e usb: dwc3: implement runtime PM
77 100 4cb4221764ef usb: dwc3: gadget: fix for possible endpoint disable race
45 29 51f5d49ad6f0 usb: dwc3: core: simplify suspend/resume operations
79 91 c499ff71ff2a usb: dwc3: core: re-factor init and exit paths
55 100 bcdb3272e889 usb: dwc3: core: move fladj to dwc3 structure
68 80 c4233573f6ee usb: dwc3: gadget: prepare TRBs on update transfers too
100 100 7f370ed0cfe9 usb: dwc3: core: get rid of DWC3_PM_OPS macro
73 91 9f8a67b65a49 usb: dwc3: gadget: fix gadget suspend/resume
68 93 d7be295243bb usb: dwc3: gadget: re-factor ->udc_start and ->udc_stop
100 100 058b6659e98f extcon: usb-gpio: add device binding for platform device
100 100 04c080080855 extcon: usb-gpio: Don't miss event during suspend/resume
100 100 5fc363232ae7 uas: remove can_queue set in host template
100 100 975756c41332 f2fs: avoid ENOSPC fault in the recovery process
80 40 c41f3cc3ae34 f2fs: inject page allocation failures
43 26 da011cc0da8c f2fs: move node pages only in victim section during GC
100 100 1ee4716585ed zsmalloc: remove unused pool param in obj_free
33 66 830e4bc5baa9 zsmalloc: clean up many BUG_ON
67 71 36b68aae8e39 usb: dwc3: gadget: use link TRB for all endpoint types
62 62 c28f82595dde usb: dwc3: switch trb enqueue/dequeue and first_trb_index to u8
100 100 e4c5800a3991 mm/rmap: replace BUG_ON(anon_vma->degree) with VM_WARN_ON
100 100 e51534c80660 mmc: core: fix using wrong io voltage if mmc_select_hs200 fails
100 100 437db4c6e798 mmc: mmc: Attempt to flush cache before reset
100 100 87e88659afd1 mmc: core: drop unnecessary bit checking
97 96 d97a1e5d7cd2 mmc: pwrseq: convert to proper platform device
75 100 f01b72d0fd53 mmc: pwrseq_emmc: add to_pwrseq_emmc() macro
85 100 5b96fea730ab mmc: pwrseq_simple: add to_pwrseq_simple() macro
100 100 4e6c71788d6b mmc: core: Do regular power cycle when lacking eMMC HW reset support
100 100 6afedcd23cfd arm64: mm: Add trace_irqflags annotations to do_debug_exception()
33 100 9772b47a4c29 usb: dwc3: gadget: Fix suspend/resume during device mode
100 100 a0747eb81c1d mmc: core: remove redundant memset of sdio_read_cccr
100 100 0076c71e37cc mmc: core: remove redundant memset of mmc_decode_cid
100 100 07d97d872359 mmc: core: report tuning command execution failure reason
100 77 cf925747d20b mmc: core: improve mmc_of_parse_voltage() to return better status
75 100 10a16a01d8f7 mmc: core: shut up "voltage-ranges unspecified" pr_info()
100 100 ed9feec72fc1 mmc: sanitize 'bus width' in debug output
100 77 6067bafe44d7 mmc: core: use the defined function to check whether card is removable
100 100 4ec96b4cbde8 mmc: make MAN_BKOPS_EN message a debug
100 100 e5905ff1281f mmc: debugfs: Add a restriction to mmc debugfs clock setting
100 100 0899e7419387 mmc: remove unnecessary assignment statements before return
100 100 62c03ca3ffa1 mmc: core: pwrseq_simple: remove unused header file
33 33 85ead8185a76 f2fs: delete unnecessary wait for page writeback
100 100 4ec0ef3a8212 USB: iowarrior: fix oops with malicious USB descriptors
100 100 5821a33b9bbd Staging: Android: align code with open parenthesis in ion_carveout_heap.c
100 100 9f93a8a0ba91 crypto: api - Introduce crypto_queue_len() helper function
100 92 06b241f32c71 mm: __delete_from_page_cache show Bad page if mapped
100 100 c0992d0f5484 USB: serial: option: add support for Quectel UC20
71 42 3158a8d416f4 USB: option: add support for SIM7100E
87 50 ff4e2494dc17 USB: serial: option: Adding support for Telit LE922
90 100 64a67d4762ce mmc: pwrseq_simple: Make reset-gpios optional to match doc
100 100 c10368897e10 ALSA: compress: add support for 32bit calls in a 64bit kernel
99 100 a5beaaf39455 usb: gadget: Add the console support for usb-to-serial port
100 100 100a606d54a0 mmc: core: Introduce MMC_CAP2_NO_SDIO cap
66 100 ffedbd2210f2 mmc: pwrseq: constify mmc_pwrseq_ops structures
66 100 1ff2575bcf42 mmc: core: Check for non-removable cards earlier in the error path
100 100 c29536e85b5f mmc: core: Make runtime resume default behavior for MMC/SD
100 100 d234d2123fa7 mmc: core: Keep host claimed in mmc_rescan() while calling host ops
100 100 86236813ff23 mmc: core: Invoke ->card_event() callback only when needed
Cc: [email protected]
Cc: [email protected]
Cc: [email protected]
Cc: [email protected]
Cc: [email protected]
Cc: [email protected]
Cc: [email protected]
Cc: [email protected]
Cc: [email protected]
Cc: [email protected]
From: Julia Lawall <[email protected]>
The mmc_pwrseq_ops structures are never modified, so declare them as const.
Done with the help of Coccinelle.
Signed-off-by: Julia Lawall <[email protected]>
Signed-off-by: Ulf Hansson <[email protected]>
(cherry picked from commit ffedbd2210f2f4cba490a9205adc11fd1b89a852)
Signed-off-by: Arnd Bergmann <[email protected]>
---
drivers/mmc/core/pwrseq.h | 2 +-
drivers/mmc/core/pwrseq_emmc.c | 2 +-
drivers/mmc/core/pwrseq_simple.c | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/mmc/core/pwrseq.h b/drivers/mmc/core/pwrseq.h
index 096da48c6a7e..133de0426687 100644
--- a/drivers/mmc/core/pwrseq.h
+++ b/drivers/mmc/core/pwrseq.h
@@ -16,7 +16,7 @@ struct mmc_pwrseq_ops {
};
struct mmc_pwrseq {
- struct mmc_pwrseq_ops *ops;
+ const struct mmc_pwrseq_ops *ops;
};
#ifdef CONFIG_OF
diff --git a/drivers/mmc/core/pwrseq_emmc.c b/drivers/mmc/core/pwrseq_emmc.c
index ad4f94ec7e8d..4a82bc77fe49 100644
--- a/drivers/mmc/core/pwrseq_emmc.c
+++ b/drivers/mmc/core/pwrseq_emmc.c
@@ -51,7 +51,7 @@ static void mmc_pwrseq_emmc_free(struct mmc_host *host)
kfree(pwrseq);
}
-static struct mmc_pwrseq_ops mmc_pwrseq_emmc_ops = {
+static const struct mmc_pwrseq_ops mmc_pwrseq_emmc_ops = {
.post_power_on = mmc_pwrseq_emmc_reset,
.free = mmc_pwrseq_emmc_free,
};
diff --git a/drivers/mmc/core/pwrseq_simple.c b/drivers/mmc/core/pwrseq_simple.c
index d10538bb5e07..2b16263458af 100644
--- a/drivers/mmc/core/pwrseq_simple.c
+++ b/drivers/mmc/core/pwrseq_simple.c
@@ -87,7 +87,7 @@ static void mmc_pwrseq_simple_free(struct mmc_host *host)
kfree(pwrseq);
}
-static struct mmc_pwrseq_ops mmc_pwrseq_simple_ops = {
+static const struct mmc_pwrseq_ops mmc_pwrseq_simple_ops = {
.pre_power_on = mmc_pwrseq_simple_pre_power_on,
.post_power_on = mmc_pwrseq_simple_post_power_on,
.power_off = mmc_pwrseq_simple_power_off,
--
2.20.0
From: Martin Fuzzey <[email protected]>
The DT binding doc says reset-gpios is an optional property but the code
currently bails out if it is omitted.
This is a regression since it breaks previously working device trees.
Fix it by restoring the original documented behaviour.
Fixes: ce037275861e ("mmc: pwrseq_simple: use GPIO descriptors array API")
Tested-by: Tony Lindgren <[email protected]>
Signed-off-by: Martin Fuzzey <[email protected]>
Signed-off-by: Ulf Hansson <[email protected]>
(cherry picked from commit 64a67d4762ce3ce4c9466eadd152d825fbf84967)
Signed-off-by: Arnd Bergmann <[email protected]>
---
drivers/mmc/core/pwrseq_simple.c | 22 ++++++++++++++--------
1 file changed, 14 insertions(+), 8 deletions(-)
diff --git a/drivers/mmc/core/pwrseq_simple.c b/drivers/mmc/core/pwrseq_simple.c
index 2b16263458af..aba786daebca 100644
--- a/drivers/mmc/core/pwrseq_simple.c
+++ b/drivers/mmc/core/pwrseq_simple.c
@@ -29,15 +29,18 @@ struct mmc_pwrseq_simple {
static void mmc_pwrseq_simple_set_gpios_value(struct mmc_pwrseq_simple *pwrseq,
int value)
{
- int i;
struct gpio_descs *reset_gpios = pwrseq->reset_gpios;
- int values[reset_gpios->ndescs];
- for (i = 0; i < reset_gpios->ndescs; i++)
- values[i] = value;
+ if (!IS_ERR(reset_gpios)) {
+ int i;
+ int values[reset_gpios->ndescs];
- gpiod_set_array_value_cansleep(reset_gpios->ndescs, reset_gpios->desc,
- values);
+ for (i = 0; i < reset_gpios->ndescs; i++)
+ values[i] = value;
+
+ gpiod_set_array_value_cansleep(
+ reset_gpios->ndescs, reset_gpios->desc, values);
+ }
}
static void mmc_pwrseq_simple_pre_power_on(struct mmc_host *host)
@@ -79,7 +82,8 @@ static void mmc_pwrseq_simple_free(struct mmc_host *host)
struct mmc_pwrseq_simple *pwrseq = container_of(host->pwrseq,
struct mmc_pwrseq_simple, pwrseq);
- gpiod_put_array(pwrseq->reset_gpios);
+ if (!IS_ERR(pwrseq->reset_gpios))
+ gpiod_put_array(pwrseq->reset_gpios);
if (!IS_ERR(pwrseq->ext_clk))
clk_put(pwrseq->ext_clk);
@@ -112,7 +116,9 @@ struct mmc_pwrseq *mmc_pwrseq_simple_alloc(struct mmc_host *host,
}
pwrseq->reset_gpios = gpiod_get_array(dev, "reset", GPIOD_OUT_HIGH);
- if (IS_ERR(pwrseq->reset_gpios)) {
+ if (IS_ERR(pwrseq->reset_gpios) &&
+ PTR_ERR(pwrseq->reset_gpios) != -ENOENT &&
+ PTR_ERR(pwrseq->reset_gpios) != -ENOSYS) {
ret = PTR_ERR(pwrseq->reset_gpios);
goto clk_put;
}
--
2.20.0
From: Chuanxiao Dong <[email protected]>
Clock frequency values written to an mmc host should not be less than
the minimum clock frequency which the mmc host supports.
Signed-off-by: Yuan Juntao <[email protected]>
Signed-off-by: Pawel Wodkowski <[email protected]>
Signed-off-by: Ulf Hansson <[email protected]>
(cherry picked from commit e5905ff1281f0a0f5c9863c430ac1ed5faaf5707)
Signed-off-by: Arnd Bergmann <[email protected]>
---
drivers/mmc/core/debugfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mmc/core/debugfs.c b/drivers/mmc/core/debugfs.c
index 154aced0b91b..705586dcd9fa 100644
--- a/drivers/mmc/core/debugfs.c
+++ b/drivers/mmc/core/debugfs.c
@@ -220,7 +220,7 @@ static int mmc_clock_opt_set(void *data, u64 val)
struct mmc_host *host = data;
/* We need this check due to input value is u64 */
- if (val > host->f_max)
+ if (val != 0 && (val > host->f_max || val < host->f_min))
return -EINVAL;
mmc_claim_host(host);
--
2.20.0
From: Josh Boyer <[email protected]>
The iowarrior driver expects at least one valid endpoint. If given
malicious descriptors that specify 0 for the number of endpoints,
it will crash in the probe function. Ensure there is at least
one endpoint on the interface before using it.
The full report of this issue can be found here:
http://seclists.org/bugtraq/2016/Mar/87
Reported-by: Ralf Spenneberg <[email protected]>
Cc: stable <[email protected]>
Signed-off-by: Josh Boyer <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
(cherry picked from commit 4ec0ef3a82125efc36173062a50624550a900ae0)
Signed-off-by: Arnd Bergmann <[email protected]>
---
drivers/usb/misc/iowarrior.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/usb/misc/iowarrior.c b/drivers/usb/misc/iowarrior.c
index 5e43fd881a9c..381a92a0ebb6 100644
--- a/drivers/usb/misc/iowarrior.c
+++ b/drivers/usb/misc/iowarrior.c
@@ -787,6 +787,12 @@ static int iowarrior_probe(struct usb_interface *interface,
iface_desc = interface->cur_altsetting;
dev->product_id = le16_to_cpu(udev->descriptor.idProduct);
+ if (iface_desc->desc.bNumEndpoints < 1) {
+ dev_err(&interface->dev, "Invalid number of endpoints\n");
+ retval = -EINVAL;
+ goto error;
+ }
+
/* set up the endpoint information */
for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
endpoint = &iface_desc->endpoint[i].desc;
--
2.20.0
From: Wolfram Sang <[email protected]>
IMO this info is only useful for developers. Most users won't need this
information, since there is not much they can do about it.
Signed-off-by: Wolfram Sang <[email protected]>
Signed-off-by: Ulf Hansson <[email protected]>
(cherry picked from commit 4ec96b4cbde8d5714a4477b5a2562c3dd40bc5fa)
Signed-off-by: Arnd Bergmann <[email protected]>
---
drivers/mmc/core/mmc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mmc/core/mmc.c b/drivers/mmc/core/mmc.c
index a31789be0840..adc3291e9d6a 100644
--- a/drivers/mmc/core/mmc.c
+++ b/drivers/mmc/core/mmc.c
@@ -508,7 +508,7 @@ static int mmc_decode_ext_csd(struct mmc_card *card, u8 *ext_csd)
card->ext_csd.raw_bkops_status =
ext_csd[EXT_CSD_BKOPS_STATUS];
if (!card->ext_csd.man_bkops_en)
- pr_info("%s: MAN_BKOPS_EN bit is not set\n",
+ pr_debug("%s: MAN_BKOPS_EN bit is not set\n",
mmc_hostname(card->host));
}
--
2.20.0
From: Ravindra Lokhande <[email protected]>
Compress offload does not support ioctl calls from a 32bit userspace
in a 64 bit kernel. This patch adds support for ioctls from a 32bit
userspace in a 64bit kernel
Signed-off-by: Ravindra Lokhande <[email protected]>
Acked-by: Vinod Koul <[email protected]>
Signed-off-by: Takashi Iwai <[email protected]>
(cherry picked from commit c10368897e104c008c610915a218f0fe5fa4ec96)
Signed-off-by: Arnd Bergmann <[email protected]>
---
sound/core/compress_offload.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/sound/core/compress_offload.c b/sound/core/compress_offload.c
index 6163bf3e8177..33d40d6fa3f1 100644
--- a/sound/core/compress_offload.c
+++ b/sound/core/compress_offload.c
@@ -38,6 +38,7 @@
#include <linux/uio.h>
#include <linux/uaccess.h>
#include <linux/module.h>
+#include <linux/compat.h>
#include <sound/core.h>
#include <sound/initval.h>
#include <sound/compress_params.h>
@@ -858,6 +859,15 @@ static long snd_compr_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
return retval;
}
+/* support of 32bit userspace on 64bit platforms */
+#ifdef CONFIG_COMPAT
+static long snd_compr_ioctl_compat(struct file *file, unsigned int cmd,
+ unsigned long arg)
+{
+ return snd_compr_ioctl(file, cmd, (unsigned long)compat_ptr(arg));
+}
+#endif
+
static const struct file_operations snd_compr_file_ops = {
.owner = THIS_MODULE,
.open = snd_compr_open,
@@ -865,6 +875,9 @@ static const struct file_operations snd_compr_file_ops = {
.write = snd_compr_write,
.read = snd_compr_read,
.unlocked_ioctl = snd_compr_ioctl,
+#ifdef CONFIG_COMPAT
+ .compat_ioctl = snd_compr_ioctl_compat,
+#endif
.mmap = snd_compr_mmap,
.poll = snd_compr_poll,
};
--
2.20.0
From: Russell King <[email protected]>
Each time a driver such as sdhci-esdhc-imx is probed, we get a info
printk complaining that the DT voltage-ranges property has not been
specified.
However, the DT binding specifically says that the voltage-ranges
property is optional. That means we should not be complaining that
DT hasn't specified this property: by indicating that it's optional,
it is valid not to have the property in DT.
Silence the warning if the property is missing.
Signed-off-by: Russell King <[email protected]>
Signed-off-by: Ulf Hansson <[email protected]>
(cherry picked from commit 10a16a01d8f72e80f4780e40cf3122f4caffa411)
Signed-off-by: Arnd Bergmann <[email protected]>
---
drivers/mmc/core/core.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/mmc/core/core.c b/drivers/mmc/core/core.c
index e2e927d1f7e4..df074f8c7cb7 100644
--- a/drivers/mmc/core/core.c
+++ b/drivers/mmc/core/core.c
@@ -1220,8 +1220,12 @@ int mmc_of_parse_voltage(struct device_node *np, u32 *mask)
voltage_ranges = of_get_property(np, "voltage-ranges", &num_ranges);
num_ranges = num_ranges / sizeof(*voltage_ranges) / 2;
- if (!voltage_ranges || !num_ranges) {
- pr_info("%s: voltage-ranges unspecified\n", np->full_name);
+ if (!voltage_ranges) {
+ pr_debug("%s: voltage-ranges unspecified\n", np->full_name);
+ return -EINVAL;
+ }
+ if (!num_ranges) {
+ pr_err("%s: voltage-ranges empty\n", np->full_name);
return -EINVAL;
}
--
2.20.0
From: Wolfram Sang <[email protected]>
The bus width is sometimes the actual bus width, and sometimes indices
to different arrays encoding the bus width. In my debugging case "2"
could mean 8-bit as well as 4-bit, which was extremly confusing. Let's
use the human-readable actual bus width in all places.
Signed-off-by: Wolfram Sang <[email protected]>
Signed-off-by: Ulf Hansson <[email protected]>
(cherry picked from commit ed9feec72fc1fa194ebfdb79e14561b35decce63)
Signed-off-by: Arnd Bergmann <[email protected]>
---
drivers/mmc/core/core.c | 2 +-
drivers/mmc/core/mmc.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/mmc/core/core.c b/drivers/mmc/core/core.c
index 299a83f1ad38..e2e927d1f7e4 100644
--- a/drivers/mmc/core/core.c
+++ b/drivers/mmc/core/core.c
@@ -1039,7 +1039,7 @@ static inline void mmc_set_ios(struct mmc_host *host)
"width %u timing %u\n",
mmc_hostname(host), ios->clock, ios->bus_mode,
ios->power_mode, ios->chip_select, ios->vdd,
- ios->bus_width, ios->timing);
+ 1 << ios->bus_width, ios->timing);
host->ops->set_ios(host, ios);
}
diff --git a/drivers/mmc/core/mmc.c b/drivers/mmc/core/mmc.c
index adc3291e9d6a..7286d0d324e1 100644
--- a/drivers/mmc/core/mmc.c
+++ b/drivers/mmc/core/mmc.c
@@ -952,7 +952,7 @@ static int mmc_select_bus_width(struct mmc_card *card)
break;
} else {
pr_warn("%s: switch to bus width %d failed\n",
- mmc_hostname(host), ext_csd_bits[idx]);
+ mmc_hostname(host), 1 << bus_width);
}
}
--
2.20.0
From: Roger Quadros <[email protected]>
Gadget controller might not be always active during system
suspend/resume as gadget driver might not have yet been loaded or
might have been unloaded prior to system suspend.
Check if we're active and only then perform
necessary actions during suspend/resume.
Signed-off-by: Roger Quadros <[email protected]>
Signed-off-by: Felipe Balbi <[email protected]>
(cherry picked from commit 9772b47a4c2916d645c551228b6085ea24acbe5d)
Signed-off-by: Arnd Bergmann <[email protected]>
---
drivers/usb/dwc3/gadget.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c
index b6037a0ae829..58e67c228971 100644
--- a/drivers/usb/dwc3/gadget.c
+++ b/drivers/usb/dwc3/gadget.c
@@ -2893,6 +2893,9 @@ void dwc3_gadget_exit(struct dwc3 *dwc)
int dwc3_gadget_suspend(struct dwc3 *dwc)
{
+ if (!dwc->gadget_driver)
+ return 0;
+
if (dwc->pullups_connected) {
dwc3_gadget_disable_irq(dwc);
dwc3_gadget_run_stop(dwc, true, true);
@@ -2911,6 +2914,9 @@ int dwc3_gadget_resume(struct dwc3 *dwc)
struct dwc3_ep *dep;
int ret;
+ if (!dwc->gadget_driver)
+ return 0;
+
/* Start with SuperSpeed Default */
dwc3_gadget_ep0_desc.wMaxPacketSize = cpu_to_le16(512);
--
2.20.0
From: Dong Aisheng <[email protected]>
Currently MMC core will keep going if HS200/HS timing switch failed
with -EBADMSG error by the assumption that the old timing is still valid.
However, for mmc_select_hs200 case, the signal voltage may have already
been switched. If the timing switch failed, we should fall back to
the old voltage in case the card is continue run with legacy timing.
If fall back signal voltage failed, we explicitly report an EIO error
to force retry during the next power cycle.
Signed-off-by: Dong Aisheng <[email protected]>
Signed-off-by: Ulf Hansson <[email protected]>
(cherry picked from commit e51534c806609c806d81bfb034f02737461f855c)
Signed-off-by: Arnd Bergmann <[email protected]>
---
drivers/mmc/core/mmc.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/drivers/mmc/core/mmc.c b/drivers/mmc/core/mmc.c
index 7286d0d324e1..7844baecf306 100644
--- a/drivers/mmc/core/mmc.c
+++ b/drivers/mmc/core/mmc.c
@@ -1251,10 +1251,11 @@ static int mmc_select_hs200(struct mmc_card *card)
{
struct mmc_host *host = card->host;
bool send_status = true;
- unsigned int old_timing;
+ unsigned int old_timing, old_signal_voltage;
int err = -EINVAL;
u8 val;
+ old_signal_voltage = host->ios.signal_voltage;
if (card->mmc_avail_type & EXT_CSD_CARD_TYPE_HS200_1_2V)
err = __mmc_set_signal_voltage(host, MMC_SIGNAL_VOLTAGE_120);
@@ -1263,7 +1264,7 @@ static int mmc_select_hs200(struct mmc_card *card)
/* If fails try again during next card power cycle */
if (err)
- goto err;
+ return err;
mmc_select_driver_type(card);
@@ -1297,9 +1298,14 @@ static int mmc_select_hs200(struct mmc_card *card)
}
}
err:
- if (err)
+ if (err) {
+ /* fall back to the old signal voltage, if fails report error */
+ if (__mmc_set_signal_voltage(host, old_signal_voltage))
+ err = -EIO;
+
pr_err("%s: %s failed, error %d\n", mmc_hostname(card->host),
__func__, err);
+ }
return err;
}
--
2.20.0
From: Roger Quadros <[email protected]>
Pin state might have changed during suspend/resume while
our interrupts were disabled and if device doesn't support wakeup.
Scan for change during resume for such case.
Signed-off-by: Roger Quadros <[email protected]>
Signed-off-by: Chanwoo Choi <[email protected]>
(cherry picked from commit 04c080080855ce84dcd490a2e04805608a21085d)
Signed-off-by: Arnd Bergmann <[email protected]>
---
drivers/extcon/extcon-usb-gpio.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/extcon/extcon-usb-gpio.c b/drivers/extcon/extcon-usb-gpio.c
index 2b2fecffb1ad..c6a7c9ddf0ac 100644
--- a/drivers/extcon/extcon-usb-gpio.c
+++ b/drivers/extcon/extcon-usb-gpio.c
@@ -192,6 +192,9 @@ static int usb_extcon_resume(struct device *dev)
}
enable_irq(info->id_irq);
+ if (!device_may_wakeup(dev))
+ queue_delayed_work(system_power_efficient_wq,
+ &info->wq_detcable, 0);
return ret;
}
--
2.20.0
From: Baolin Wang <[email protected]>
When usb gadget is set gadget serial function, it will be crash in below
situation.
It will clean the 'port->port_usb' pointer in gserial_disconnect() function
when usb link is inactive, but it will release lock for disabling the endpoints
in this function. Druing the lock release period, it maybe complete one request
to issue gs_write_complete()--->gs_start_tx() function, but the 'port->port_usb'
pointer had been set NULL, thus it will be crash in gs_start_tx() function.
This patch adds the 'port->port_usb' pointer checking in gs_start_tx() function
to avoid this situation.
Signed-off-by: Baolin Wang <[email protected]>
Signed-off-by: Felipe Balbi <[email protected]>
(cherry picked from commit 511a36d2f357724312bb3776d2f6eed3890928b2)
Signed-off-by: Arnd Bergmann <[email protected]>
---
drivers/usb/gadget/function/u_serial.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/usb/gadget/function/u_serial.c b/drivers/usb/gadget/function/u_serial.c
index 4ea44f7122ee..d73618475664 100644
--- a/drivers/usb/gadget/function/u_serial.c
+++ b/drivers/usb/gadget/function/u_serial.c
@@ -361,10 +361,15 @@ __acquires(&port->port_lock)
*/
{
struct list_head *pool = &port->write_pool;
- struct usb_ep *in = port->port_usb->in;
+ struct usb_ep *in;
int status = 0;
bool do_tty_wake = false;
+ if (!port->port_usb)
+ return status;
+
+ in = port->port_usb->in;
+
while (!port->write_busy && !list_empty(pool)) {
struct usb_request *req;
int len;
--
2.20.0
From: Peter Chen <[email protected]>
cdev->config is checked for null pointer at above code, so cdev->config
might be null, fix it by adding null pointer check.
Signed-off-by: Peter Chen <[email protected]>
Signed-off-by: Felipe Balbi <[email protected]>
(cherry picked from commit c526c62d565ea5a5bba9433f28756079734f430d)
Signed-off-by: Arnd Bergmann <[email protected]>
---
drivers/usb/gadget/composite.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/usb/gadget/composite.c b/drivers/usb/gadget/composite.c
index 58f5fbdb6959..8bf54477f472 100644
--- a/drivers/usb/gadget/composite.c
+++ b/drivers/usb/gadget/composite.c
@@ -1819,6 +1819,8 @@ unknown:
break;
case USB_RECIP_ENDPOINT:
+ if (!cdev->config)
+ break;
endp = ((w_index & 0x80) >> 3) | (w_index & 0x0f);
list_for_each_entry(f, &cdev->config->functions, list) {
if (test_bit(endp, f->endpoints))
--
2.20.0
From: Wolfram Sang <[email protected]>
I tried to use 'make O=...' from an unclean source tree. This triggered
the error path of setlocalversion. But by printing to STDOUT, it created
a broken localversion which then caused another (unrelated) error:
"4.7.0-rc2Error: kernelrelease not valid - run make prepare to update it" exceeds 64 characters
After printing to STDERR, the true build error gets displayed later:
/home/wsa/Kernel/linux is not clean, please run 'make mrproper'
in the '/home/wsa/Kernel/linux' directory.
Signed-off-by: Wolfram Sang <[email protected]>
Signed-off-by: Michal Marek <[email protected]>
(cherry picked from commit 78283edf2c01c38eb840a3de5ffd18fe2992ab64)
Signed-off-by: Arnd Bergmann <[email protected]>
---
scripts/setlocalversion | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/setlocalversion b/scripts/setlocalversion
index 63d91e22ed7c..966dd3924ea9 100755
--- a/scripts/setlocalversion
+++ b/scripts/setlocalversion
@@ -143,7 +143,7 @@ fi
if test -e include/config/auto.conf; then
. include/config/auto.conf
else
- echo "Error: kernelrelease not valid - run 'make prepare' to update it"
+ echo "Error: kernelrelease not valid - run 'make prepare' to update it" >&2
exit 1
fi
--
2.20.0
From: Ziyuan Xu <[email protected]>
Per spec, block size should always be 512 bytes for dual rate mode,
so any attempts to switch the block size under dual rate mode should
be neglected.
Signed-off-by: Ziyuan Xu <[email protected]>
Signed-off-by: Shawn Lin <[email protected]>
Signed-off-by: Ulf Hansson <[email protected]>
(cherry picked from commit 1712c9373f98ae8ed41599a8d7841a6fba29c264)
Signed-off-by: Arnd Bergmann <[email protected]>
---
drivers/mmc/core/core.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/mmc/core/core.c b/drivers/mmc/core/core.c
index df074f8c7cb7..3e17268b9994 100644
--- a/drivers/mmc/core/core.c
+++ b/drivers/mmc/core/core.c
@@ -2406,7 +2406,8 @@ int mmc_set_blocklen(struct mmc_card *card, unsigned int blocklen)
{
struct mmc_command cmd = {0};
- if (mmc_card_blockaddr(card) || mmc_card_ddr52(card))
+ if (mmc_card_blockaddr(card) || mmc_card_ddr52(card) ||
+ mmc_card_hs400(card) || mmc_card_hs400es(card))
return 0;
cmd.opcode = MMC_SET_BLOCKLEN;
--
2.20.0
From: Eric Dumazet <[email protected]>
Per listen(fd, backlog) rules, there is really no point accepting a SYN,
sending a SYNACK, and dropping the following ACK packet if accept queue
is full, because application is not draining accept queue fast enough.
This behavior is fooling TCP clients that believe they established a
flow, while there is nothing at server side. They might then send about
10 MSS (if using IW10) that will be dropped anyway while server is under
stress.
Signed-off-by: Eric Dumazet <[email protected]>
Acked-by: Neal Cardwell <[email protected]>
Acked-by: Yuchung Cheng <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
(cherry picked from commit 5ea8ea2cb7f1d0db15762c9b0bb9e7330425a071)
Signed-off-by: Arnd Bergmann <[email protected]>
---
include/net/inet_connection_sock.h | 5 -----
net/dccp/ipv4.c | 8 +-------
net/dccp/ipv6.c | 2 +-
net/ipv4/tcp_input.c | 8 +-------
4 files changed, 3 insertions(+), 20 deletions(-)
diff --git a/include/net/inet_connection_sock.h b/include/net/inet_connection_sock.h
index 49dcad4fe99e..72599bbc8255 100644
--- a/include/net/inet_connection_sock.h
+++ b/include/net/inet_connection_sock.h
@@ -289,11 +289,6 @@ static inline int inet_csk_reqsk_queue_len(const struct sock *sk)
return reqsk_queue_len(&inet_csk(sk)->icsk_accept_queue);
}
-static inline int inet_csk_reqsk_queue_young(const struct sock *sk)
-{
- return reqsk_queue_len_young(&inet_csk(sk)->icsk_accept_queue);
-}
-
static inline int inet_csk_reqsk_queue_is_full(const struct sock *sk)
{
return inet_csk_reqsk_queue_len(sk) >= sk->sk_max_ack_backlog;
diff --git a/net/dccp/ipv4.c b/net/dccp/ipv4.c
index 45fd82e61e79..b0a577a79a6a 100644
--- a/net/dccp/ipv4.c
+++ b/net/dccp/ipv4.c
@@ -592,13 +592,7 @@ int dccp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
if (inet_csk_reqsk_queue_is_full(sk))
goto drop;
- /*
- * Accept backlog is full. If we have already queued enough
- * of warm entries in syn queue, drop request. It is better than
- * clogging syn queue with openreqs with exponentially increasing
- * timeout.
- */
- if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
+ if (sk_acceptq_is_full(sk))
goto drop;
req = inet_reqsk_alloc(&dccp_request_sock_ops, sk, true);
diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c
index 0bf41faeffc4..18bb2a42f0d1 100644
--- a/net/dccp/ipv6.c
+++ b/net/dccp/ipv6.c
@@ -324,7 +324,7 @@ static int dccp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
if (inet_csk_reqsk_queue_is_full(sk))
goto drop;
- if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
+ if (sk_acceptq_is_full(sk))
goto drop;
req = inet_reqsk_alloc(&dccp6_request_sock_ops, sk, true);
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 1aff93d76f24..b320fa9f834a 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -6305,13 +6305,7 @@ int tcp_conn_request(struct request_sock_ops *rsk_ops,
goto drop;
}
-
- /* Accept backlog is full. If we have already queued enough
- * of warm entries in syn queue, drop request. It is better than
- * clogging syn queue with openreqs with exponentially increasing
- * timeout.
- */
- if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1) {
+ if (sk_acceptq_is_full(sk)) {
NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
goto drop;
}
--
2.20.0
From: Al Viro <[email protected]>
It's not hard to trigger a bunch of d_invalidate() on the same
dentry in parallel. They end up fighting each other - any
dentry picked for removal by one will be skipped by the rest
and we'll go for the next iteration through the entire
subtree, even if everything is being skipped. Morevoer, we
immediately go back to scanning the subtree. The only thing
we really need is to dissolve all mounts in the subtree and
as soon as we've nothing left to do, we can just unhash the
dentry and bugger off.
Signed-off-by: Al Viro <[email protected]>
(cherry picked from commit 81be24d263dbeddaba35827036d6f6787a59c2c3)
Signed-off-by: Arnd Bergmann <[email protected]>
---
fs/dcache.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/fs/dcache.c b/fs/dcache.c
index 9ffe60702299..cb554e406545 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -1510,7 +1510,7 @@ static void check_and_drop(void *_data)
{
struct detach_data *data = _data;
- if (!data->mountpoint && !data->select.found)
+ if (!data->mountpoint && list_empty(&data->select.dispose))
__d_drop(data->select.start);
}
@@ -1552,17 +1552,15 @@ void d_invalidate(struct dentry *dentry)
d_walk(dentry, &data, detach_and_collect, check_and_drop);
- if (data.select.found)
+ if (!list_empty(&data.select.dispose))
shrink_dentry_list(&data.select.dispose);
+ else if (!data.mountpoint)
+ return;
if (data.mountpoint) {
detach_mounts(data.mountpoint);
dput(data.mountpoint);
}
-
- if (!data.mountpoint && !data.select.found)
- break;
-
cond_resched();
}
}
--
2.20.0
From: Wei Qiao <[email protected]>
SPRD_TIMEOUT was 256, which is too small to wait until the status
switched to workable in a while loop, so that the earlycon could
not work correctly.
Signed-off-by: Wei Qiao <[email protected]>
Signed-off-by: Chunyan Zhang <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
(cherry picked from commit e1dc9b08051a2c2e694edf48d1e704f07c7c143c)
Signed-off-by: Arnd Bergmann <[email protected]>
---
drivers/tty/serial/sprd_serial.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/tty/serial/sprd_serial.c b/drivers/tty/serial/sprd_serial.c
index 1e302caaa450..176f0a2bf9d9 100644
--- a/drivers/tty/serial/sprd_serial.c
+++ b/drivers/tty/serial/sprd_serial.c
@@ -36,7 +36,7 @@
#define SPRD_FIFO_SIZE 128
#define SPRD_DEF_RATE 26000000
#define SPRD_BAUD_IO_LIMIT 3000000
-#define SPRD_TIMEOUT 256
+#define SPRD_TIMEOUT 256000
/* the offset of serial registers and BITs for them */
/* data registers */
--
2.20.0
From: James Morse <[email protected]>
With CONFIG_PROVE_LOCKING, CONFIG_DEBUG_LOCKDEP and CONFIG_TRACE_IRQFLAGS
enabled, lockdep will compare current->hardirqs_enabled with the flags from
local_irq_save().
When a debug exception occurs, interrupts are disabled in entry.S, but
lockdep isn't told, resulting in:
DEBUG_LOCKS_WARN_ON(current->hardirqs_enabled)
------------[ cut here ]------------
WARNING: at ../kernel/locking/lockdep.c:3523
Modules linked in:
CPU: 3 PID: 1752 Comm: perf Not tainted 4.5.0-rc4+ #2204
Hardware name: ARM Juno development board (r1) (DT)
task: ffffffc974868000 ti: ffffffc975f40000 task.ti: ffffffc975f40000
PC is at check_flags.part.35+0x17c/0x184
LR is at check_flags.part.35+0x17c/0x184
pc : [<ffffff80080fc93c>] lr : [<ffffff80080fc93c>] pstate: 600003c5
[...]
---[ end trace 74631f9305ef5020 ]---
Call trace:
[<ffffff80080fc93c>] check_flags.part.35+0x17c/0x184
[<ffffff80080ffe30>] lock_acquire+0xa8/0xc4
[<ffffff8008093038>] breakpoint_handler+0x118/0x288
[<ffffff8008082434>] do_debug_exception+0x3c/0xa8
[<ffffff80080854b4>] el1_dbg+0x18/0x6c
[<ffffff80081e82f4>] do_filp_open+0x64/0xdc
[<ffffff80081d6e60>] do_sys_open+0x140/0x204
[<ffffff80081d6f58>] SyS_openat+0x10/0x18
[<ffffff8008085d30>] el0_svc_naked+0x24/0x28
possible reason: unannotated irqs-off.
irq event stamp: 65857
hardirqs last enabled at (65857): [<ffffff80081fb1c0>] lookup_mnt+0xf4/0x1b4
hardirqs last disabled at (65856): [<ffffff80081fb188>] lookup_mnt+0xbc/0x1b4
softirqs last enabled at (65790): [<ffffff80080bdca4>] __do_softirq+0x1f8/0x290
softirqs last disabled at (65757): [<ffffff80080be038>] irq_exit+0x9c/0xd0
This patch adds the annotations to do_debug_exception(), while trying not
to call trace_hardirqs_off() if el1_dbg() interrupted a task that already
had irqs disabled.
Signed-off-by: James Morse <[email protected]>
Signed-off-by: Will Deacon <[email protected]>
(cherry picked from commit 6afedcd23cfd7ac56c011069e4a8db37b46e4623)
Signed-off-by: Arnd Bergmann <[email protected]>
---
arch/arm64/mm/fault.c | 33 +++++++++++++++++++++++----------
1 file changed, 23 insertions(+), 10 deletions(-)
diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c
index be7f8416809f..04c4b88706d8 100644
--- a/arch/arm64/mm/fault.c
+++ b/arch/arm64/mm/fault.c
@@ -595,20 +595,33 @@ asmlinkage int __exception do_debug_exception(unsigned long addr,
{
const struct fault_info *inf = debug_fault_info + DBG_ESR_EVT(esr);
struct siginfo info;
+ int rv;
- if (!inf->fn(addr, esr, regs))
- return 1;
+ /*
+ * Tell lockdep we disabled irqs in entry.S. Do nothing if they were
+ * already disabled to preserve the last enabled/disabled addresses.
+ */
+ if (interrupts_enabled(regs))
+ trace_hardirqs_off();
- pr_alert("Unhandled debug exception: %s (0x%08x) at 0x%016lx\n",
- inf->name, esr, addr);
+ if (!inf->fn(addr, esr, regs)) {
+ rv = 1;
+ } else {
+ pr_alert("Unhandled debug exception: %s (0x%08x) at 0x%016lx\n",
+ inf->name, esr, addr);
+
+ info.si_signo = inf->sig;
+ info.si_errno = 0;
+ info.si_code = inf->code;
+ info.si_addr = (void __user *)addr;
+ arm64_notify_die("", regs, &info, 0);
+ rv = 0;
+ }
- info.si_signo = inf->sig;
- info.si_errno = 0;
- info.si_code = inf->code;
- info.si_addr = (void __user *)addr;
- arm64_notify_die("", regs, &info, 0);
+ if (interrupts_enabled(regs))
+ trace_hardirqs_on();
- return 0;
+ return rv;
}
#ifdef CONFIG_ARM64_PAN
--
2.20.0
From: Konstantin Khlebnikov <[email protected]>
This check effectively catches anon vma hierarchy inconsistence and some
vma corruptions. It was effective for catching corner cases in anon vma
reusing logic. For now this code seems stable so check could be hidden
under CONFIG_DEBUG_VM and replaced with WARN because it's not so fatal.
Signed-off-by: Konstantin Khlebnikov <[email protected]>
Suggested-by: Vasily Averin <[email protected]>
Acked-by: Vlastimil Babka <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
(cherry picked from commit e4c5800a3991f0c6a766983535dfc10d51802cf6)
Signed-off-by: Arnd Bergmann <[email protected]>
---
mm/rmap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mm/rmap.c b/mm/rmap.c
index 488dda209431..cf733fab230f 100644
--- a/mm/rmap.c
+++ b/mm/rmap.c
@@ -408,7 +408,7 @@ void unlink_anon_vmas(struct vm_area_struct *vma)
list_for_each_entry_safe(avc, next, &vma->anon_vma_chain, same_vma) {
struct anon_vma *anon_vma = avc->anon_vma;
- BUG_ON(anon_vma->degree);
+ VM_WARN_ON(anon_vma->degree);
put_anon_vma(anon_vma);
list_del(&avc->same_vma);
--
2.20.0
From: Yoshihiro Shimoda <[email protected]>
The commit b8b9c974afee ("usb: renesas_usbhs: gadget: disable all eps
when the driver stops") causes the unused-but-set-variable warning.
But, if the usbhsg_ep_disable() will return non-zero value, udc/core.c
doesn't clear the ep->enabled flag. So, this driver should not return
non-zero value, if the pipe is zero because this means the pipe is
already disabled. Otherwise, the ep->enabled flag is never cleared
when the usbhsg_ep_disable() is called by the renesas_usbhs driver first.
Fixes: b8b9c974afee ("usb: renesas_usbhs: gadget: disable all eps when the driver stops")
Fixes: 11432050f070 ("usb: renesas_usbhs: gadget: fix NULL pointer dereference in ep_disable()")
Signed-off-by: Yoshihiro Shimoda <[email protected]>
Signed-off-by: Felipe Balbi <[email protected]>
(cherry picked from commit b7d44c36a6f6d956e1539e0dd42f98b26e5a4684)
Signed-off-by: Arnd Bergmann <[email protected]>
---
drivers/usb/renesas_usbhs/mod_gadget.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/drivers/usb/renesas_usbhs/mod_gadget.c b/drivers/usb/renesas_usbhs/mod_gadget.c
index 8647d2c2a8c4..c5553028e616 100644
--- a/drivers/usb/renesas_usbhs/mod_gadget.c
+++ b/drivers/usb/renesas_usbhs/mod_gadget.c
@@ -641,14 +641,11 @@ static int usbhsg_ep_disable(struct usb_ep *ep)
struct usbhsg_uep *uep = usbhsg_ep_to_uep(ep);
struct usbhs_pipe *pipe;
unsigned long flags;
- int ret = 0;
spin_lock_irqsave(&uep->lock, flags);
pipe = usbhsg_uep_to_pipe(uep);
- if (!pipe) {
- ret = -EINVAL;
+ if (!pipe)
goto out;
- }
usbhsg_pipe_disable(uep);
usbhs_pipe_free(pipe);
--
2.20.0
From: Peter Zijlstra <[email protected]>
The current int_sqrt() computation is sub-optimal for the case of small
@x. Which is the interesting case when we're going to do cumulative
distribution functions on idle times, which we assume to be a random
variable, where the target residency of the deepest idle state gives an
upper bound on the variable (5e6ns on recent Intel chips).
In the case of small @x, the compute loop:
while (m != 0) {
b = y + m;
y >>= 1;
if (x >= b) {
x -= b;
y += m;
}
m >>= 2;
}
can be reduced to:
while (m > x)
m >>= 2;
Because y==0, b==m and until x>=m y will remain 0.
And while this is computationally equivalent, it runs much faster
because there's less code, in particular less branches.
cycles: branches: branch-misses:
OLD:
hot: 45.109444 +- 0.044117 44.333392 +- 0.002254 0.018723 +- 0.000593
cold: 187.737379 +- 0.156678 44.333407 +- 0.002254 6.272844 +- 0.004305
PRE:
hot: 67.937492 +- 0.064124 66.999535 +- 0.000488 0.066720 +- 0.001113
cold: 232.004379 +- 0.332811 66.999527 +- 0.000488 6.914634 +- 0.006568
POST:
hot: 43.633557 +- 0.034373 45.333132 +- 0.002277 0.023529 +- 0.000681
cold: 207.438411 +- 0.125840 45.333132 +- 0.002277 6.976486 +- 0.004219
Averages computed over all values <128k using a LFSR to generate order.
Cold numbers have a LFSR based branch trace buffer 'confuser' ran between
each int_sqrt() invocation.
Link: http://lkml.kernel.org/r/[email protected]
Fixes: 30493cc9dddb ("lib/int_sqrt.c: optimize square root algorithm")
Signed-off-by: Peter Zijlstra (Intel) <[email protected]>
Suggested-by: Anshul Garg <[email protected]>
Acked-by: Linus Torvalds <[email protected]>
Cc: Davidlohr Bueso <[email protected]>
Cc: Thomas Gleixner <[email protected]>
Cc: Ingo Molnar <[email protected]>
Cc: Will Deacon <[email protected]>
Cc: Joe Perches <[email protected]>
Cc: David Miller <[email protected]>
Cc: Matthew Wilcox <[email protected]>
Cc: Kees Cook <[email protected]>
Cc: Michael Davidson <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
(cherry picked from commit 3f3295709edea6268ff1609855f498035286af73)
Signed-off-by: Arnd Bergmann <[email protected]>
---
lib/int_sqrt.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/lib/int_sqrt.c b/lib/int_sqrt.c
index 1ef4cc344977..1afb545a37c5 100644
--- a/lib/int_sqrt.c
+++ b/lib/int_sqrt.c
@@ -22,6 +22,9 @@ unsigned long int_sqrt(unsigned long x)
return x;
m = 1UL << (BITS_PER_LONG - 2);
+ while (m > x)
+ m >>= 2;
+
while (m != 0) {
b = y + m;
y >>= 1;
--
2.20.0
From: Andrey Konovalov <[email protected]>
When cleaning up the configurations, make sure we only free the number
of configurations and interfaces that we could have allocated.
Reported-by: Andrey Konovalov <[email protected]>
Cc: stable <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
(cherry picked from commit 32fd87b3bbf5f7a045546401dfe2894dbbf4d8c3)
Signed-off-by: Arnd Bergmann <[email protected]>
---
drivers/usb/core/config.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/usb/core/config.c b/drivers/usb/core/config.c
index 6a287c81a7be..b8eb289e0b17 100644
--- a/drivers/usb/core/config.c
+++ b/drivers/usb/core/config.c
@@ -734,18 +734,21 @@ void usb_destroy_configuration(struct usb_device *dev)
return;
if (dev->rawdescriptors) {
- for (i = 0; i < dev->descriptor.bNumConfigurations; i++)
+ for (i = 0; i < dev->descriptor.bNumConfigurations &&
+ i < USB_MAXCONFIG; i++)
kfree(dev->rawdescriptors[i]);
kfree(dev->rawdescriptors);
dev->rawdescriptors = NULL;
}
- for (c = 0; c < dev->descriptor.bNumConfigurations; c++) {
+ for (c = 0; c < dev->descriptor.bNumConfigurations &&
+ c < USB_MAXCONFIG; c++) {
struct usb_host_config *cf = &dev->config[c];
kfree(cf->string);
- for (i = 0; i < cf->desc.bNumInterfaces; i++) {
+ for (i = 0; i < cf->desc.bNumInterfaces &&
+ i < USB_MAXINTERFACES; i++) {
if (cf->intf_cache[i])
kref_put(&cf->intf_cache[i]->ref,
usb_release_interface_cache);
--
2.20.0
From: Lanqing Liu <[email protected]>
On Spreadtrum's serial device, nearly all of interrupts would be cleared
by hardware except timeout interrupt. This patch removed the operation
of clearing all interrupt in irq handler, instead added an if statement
to check if the timeout interrupt is supposed to be cleared.
Wrongly clearing timeout interrupt would lead to uart data stay in rx
fifo, that means the driver cannot read them out anymore.
Signed-off-by: Lanqing Liu <[email protected]>
Signed-off-by: Chunyan Zhang <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
(cherry picked from commit 4350782570b919f254c1e083261a21c19fcaee90)
Signed-off-by: Arnd Bergmann <[email protected]>
---
drivers/tty/serial/sprd_serial.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/tty/serial/sprd_serial.c b/drivers/tty/serial/sprd_serial.c
index 176f0a2bf9d9..c894eca57e73 100644
--- a/drivers/tty/serial/sprd_serial.c
+++ b/drivers/tty/serial/sprd_serial.c
@@ -63,6 +63,7 @@
/* interrupt clear register */
#define SPRD_ICLR 0x0014
+#define SPRD_ICLR_TIMEOUT BIT(13)
/* line control register */
#define SPRD_LCR 0x0018
@@ -298,7 +299,8 @@ static irqreturn_t sprd_handle_irq(int irq, void *dev_id)
return IRQ_NONE;
}
- serial_out(port, SPRD_ICLR, ~0);
+ if (ims & SPRD_IMSR_TIMEOUT)
+ serial_out(port, SPRD_ICLR, SPRD_ICLR_TIMEOUT);
if (ims & (SPRD_IMSR_RX_FIFO_FULL |
SPRD_IMSR_BREAK_DETECT | SPRD_IMSR_TIMEOUT))
--
2.20.0
From: Qiao Zhou <[email protected]>
In current die(), the irq is disabled for __die() handle, not
including the possible panic() handling. Since the log in __die()
can take several hundreds ms, new irq might come and interrupt
current die().
If the process calling die() holds some critical resource, and some
other process scheduled later also needs it, then it would deadlock.
The first panic will not be executed.
So here disable irq for the whole flow of die().
Signed-off-by: Qiao Zhou <[email protected]>
Signed-off-by: Will Deacon <[email protected]>
(cherry picked from commit 6f44a0bacb79a03972c83759711832b382b1b8ac)
Signed-off-by: Arnd Bergmann <[email protected]>
---
arch/arm64/kernel/traps.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c
index 5d270ca76aec..6b4579e07aa2 100644
--- a/arch/arm64/kernel/traps.c
+++ b/arch/arm64/kernel/traps.c
@@ -239,10 +239,12 @@ void die(const char *str, struct pt_regs *regs, int err)
{
struct thread_info *thread = current_thread_info();
int ret;
+ unsigned long flags;
+
+ raw_spin_lock_irqsave(&die_lock, flags);
oops_enter();
- raw_spin_lock_irq(&die_lock);
console_verbose();
bust_spinlocks(1);
ret = __die(str, err, thread, regs);
@@ -252,13 +254,15 @@ void die(const char *str, struct pt_regs *regs, int err)
bust_spinlocks(0);
add_taint(TAINT_DIE, LOCKDEP_NOW_UNRELIABLE);
- raw_spin_unlock_irq(&die_lock);
oops_exit();
if (in_interrupt())
panic("Fatal exception in interrupt");
if (panic_on_oops)
panic("Fatal exception");
+
+ raw_spin_unlock_irqrestore(&die_lock, flags);
+
if (ret != NOTIFY_STOP)
do_exit(SIGSEGV);
}
--
2.20.0
On Fri, Mar 22, 2019 at 04:43:52PM +0100, Arnd Bergmann wrote:
> From: Julia Lawall <[email protected]>
>
> The mmc_pwrseq_ops structures are never modified, so declare them as const.
>
> Done with the help of Coccinelle.
>
> Signed-off-by: Julia Lawall <[email protected]>
> Signed-off-by: Ulf Hansson <[email protected]>
> (cherry picked from commit ffedbd2210f2f4cba490a9205adc11fd1b89a852)
> Signed-off-by: Arnd Bergmann <[email protected]>
> ---
> drivers/mmc/core/pwrseq.h | 2 +-
> drivers/mmc/core/pwrseq_emmc.c | 2 +-
> drivers/mmc/core/pwrseq_simple.c | 2 +-
> 3 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/mmc/core/pwrseq.h b/drivers/mmc/core/pwrseq.h
> index 096da48c6a7e..133de0426687 100644
> --- a/drivers/mmc/core/pwrseq.h
> +++ b/drivers/mmc/core/pwrseq.h
> @@ -16,7 +16,7 @@ struct mmc_pwrseq_ops {
> };
>
> struct mmc_pwrseq {
> - struct mmc_pwrseq_ops *ops;
> + const struct mmc_pwrseq_ops *ops;
> };
>
> #ifdef CONFIG_OF
> diff --git a/drivers/mmc/core/pwrseq_emmc.c b/drivers/mmc/core/pwrseq_emmc.c
> index ad4f94ec7e8d..4a82bc77fe49 100644
> --- a/drivers/mmc/core/pwrseq_emmc.c
> +++ b/drivers/mmc/core/pwrseq_emmc.c
> @@ -51,7 +51,7 @@ static void mmc_pwrseq_emmc_free(struct mmc_host *host)
> kfree(pwrseq);
> }
>
> -static struct mmc_pwrseq_ops mmc_pwrseq_emmc_ops = {
> +static const struct mmc_pwrseq_ops mmc_pwrseq_emmc_ops = {
> .post_power_on = mmc_pwrseq_emmc_reset,
> .free = mmc_pwrseq_emmc_free,
> };
> diff --git a/drivers/mmc/core/pwrseq_simple.c b/drivers/mmc/core/pwrseq_simple.c
> index d10538bb5e07..2b16263458af 100644
> --- a/drivers/mmc/core/pwrseq_simple.c
> +++ b/drivers/mmc/core/pwrseq_simple.c
> @@ -87,7 +87,7 @@ static void mmc_pwrseq_simple_free(struct mmc_host *host)
> kfree(pwrseq);
> }
>
> -static struct mmc_pwrseq_ops mmc_pwrseq_simple_ops = {
> +static const struct mmc_pwrseq_ops mmc_pwrseq_simple_ops = {
> .pre_power_on = mmc_pwrseq_simple_pre_power_on,
> .post_power_on = mmc_pwrseq_simple_post_power_on,
> .power_off = mmc_pwrseq_simple_power_off,
Why is this needed for a stable patch? It doesn't fix a bug, it just
looks like it is a "nice thing" to have, right? I don't think any later
patch in this series relies it it, or am I missing something?
thanks,
greg k-h
On Fri, Mar 22, 2019 at 04:43:53PM +0100, Arnd Bergmann wrote:
> From: Ravindra Lokhande <[email protected]>
>
> Compress offload does not support ioctl calls from a 32bit userspace
> in a 64 bit kernel. This patch adds support for ioctls from a 32bit
> userspace in a 64bit kernel
>
> Signed-off-by: Ravindra Lokhande <[email protected]>
> Acked-by: Vinod Koul <[email protected]>
> Signed-off-by: Takashi Iwai <[email protected]>
> (cherry picked from commit c10368897e104c008c610915a218f0fe5fa4ec96)
> Signed-off-by: Arnd Bergmann <[email protected]>
> ---
> sound/core/compress_offload.c | 13 +++++++++++++
> 1 file changed, 13 insertions(+)
How is this not a "new feature"? What bug does this fix? Has this ever
worked in the past?
thanks,
greg k-h
On Fri, Mar 22, 2019 at 04:43:55PM +0100, Arnd Bergmann wrote:
> From: Josh Boyer <[email protected]>
>
> The iowarrior driver expects at least one valid endpoint. If given
> malicious descriptors that specify 0 for the number of endpoints,
> it will crash in the probe function. Ensure there is at least
> one endpoint on the interface before using it.
>
> The full report of this issue can be found here:
> http://seclists.org/bugtraq/2016/Mar/87
>
> Reported-by: Ralf Spenneberg <[email protected]>
> Cc: stable <[email protected]>
> Signed-off-by: Josh Boyer <[email protected]>
> Signed-off-by: Greg Kroah-Hartman <[email protected]>
> (cherry picked from commit 4ec0ef3a82125efc36173062a50624550a900ae0)
> Signed-off-by: Arnd Bergmann <[email protected]>
> ---
> drivers/usb/misc/iowarrior.c | 6 ++++++
> 1 file changed, 6 insertions(+)
This commit has been in the tree for a long time. It was in the 4.4.7
release, back in April 2016. And then it was reverted in commit
b7321e81fc36 ("USB: iowarrior: fix NULL-deref at probe") as it broke
systems. So why add it back, the correct functionality should be there
today, right?
thanks,
greg k-h
On Fri, Mar 22, 2019 at 04:44:09PM +0100, Arnd Bergmann wrote:
> From: Eric Dumazet <[email protected]>
>
> Per listen(fd, backlog) rules, there is really no point accepting a SYN,
> sending a SYNACK, and dropping the following ACK packet if accept queue
> is full, because application is not draining accept queue fast enough.
>
> This behavior is fooling TCP clients that believe they established a
> flow, while there is nothing at server side. They might then send about
> 10 MSS (if using IW10) that will be dropped anyway while server is under
> stress.
>
> Signed-off-by: Eric Dumazet <[email protected]>
> Acked-by: Neal Cardwell <[email protected]>
> Acked-by: Yuchung Cheng <[email protected]>
> Signed-off-by: David S. Miller <[email protected]>
> (cherry picked from commit 5ea8ea2cb7f1d0db15762c9b0bb9e7330425a071)
Also queued up for 4.9.y
On Fri, Mar 22, 2019 at 04:44:10PM +0100, Arnd Bergmann wrote:
> From: Wei Qiao <[email protected]>
>
> SPRD_TIMEOUT was 256, which is too small to wait until the status
> switched to workable in a while loop, so that the earlycon could
> not work correctly.
>
> Signed-off-by: Wei Qiao <[email protected]>
> Signed-off-by: Chunyan Zhang <[email protected]>
> Signed-off-by: Greg Kroah-Hartman <[email protected]>
> (cherry picked from commit e1dc9b08051a2c2e694edf48d1e704f07c7c143c)
> Signed-off-by: Arnd Bergmann <[email protected]>
> ---
> drivers/tty/serial/sprd_serial.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Also applied to 4.9.y
On Fri, Mar 22, 2019 at 04:44:08PM +0100, Arnd Bergmann wrote:
> From: Ziyuan Xu <[email protected]>
>
> Per spec, block size should always be 512 bytes for dual rate mode,
> so any attempts to switch the block size under dual rate mode should
> be neglected.
>
> Signed-off-by: Ziyuan Xu <[email protected]>
> Signed-off-by: Shawn Lin <[email protected]>
> Signed-off-by: Ulf Hansson <[email protected]>
> (cherry picked from commit 1712c9373f98ae8ed41599a8d7841a6fba29c264)
> Signed-off-by: Arnd Bergmann <[email protected]>
> ---
> drivers/mmc/core/core.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/mmc/core/core.c b/drivers/mmc/core/core.c
> index df074f8c7cb7..3e17268b9994 100644
> --- a/drivers/mmc/core/core.c
> +++ b/drivers/mmc/core/core.c
> @@ -2406,7 +2406,8 @@ int mmc_set_blocklen(struct mmc_card *card, unsigned int blocklen)
> {
> struct mmc_command cmd = {0};
>
> - if (mmc_card_blockaddr(card) || mmc_card_ddr52(card))
> + if (mmc_card_blockaddr(card) || mmc_card_ddr52(card) ||
> + mmc_card_hs400(card) || mmc_card_hs400es(card))
This breaks the build, there is no mmc_card_hs400es() call in 4.4.y.
How did this build for you?
greg k-h
On Fri, Mar 22, 2019 at 04:44:11PM +0100, Arnd Bergmann wrote:
> From: Al Viro <[email protected]>
>
> It's not hard to trigger a bunch of d_invalidate() on the same
> dentry in parallel. They end up fighting each other - any
> dentry picked for removal by one will be skipped by the rest
> and we'll go for the next iteration through the entire
> subtree, even if everything is being skipped. Morevoer, we
> immediately go back to scanning the subtree. The only thing
> we really need is to dissolve all mounts in the subtree and
> as soon as we've nothing left to do, we can just unhash the
> dentry and bugger off.
>
> Signed-off-by: Al Viro <[email protected]>
> (cherry picked from commit 81be24d263dbeddaba35827036d6f6787a59c2c3)
> Signed-off-by: Arnd Bergmann <[email protected]>
> ---
> fs/dcache.c | 10 ++++------
> 1 file changed, 4 insertions(+), 6 deletions(-)
Also added to 4.9.y
On Fri, Mar 22, 2019 at 04:44:12PM +0100, Arnd Bergmann wrote:
> From: Qiao Zhou <[email protected]>
>
> In current die(), the irq is disabled for __die() handle, not
> including the possible panic() handling. Since the log in __die()
> can take several hundreds ms, new irq might come and interrupt
> current die().
>
> If the process calling die() holds some critical resource, and some
> other process scheduled later also needs it, then it would deadlock.
> The first panic will not be executed.
>
> So here disable irq for the whole flow of die().
>
> Signed-off-by: Qiao Zhou <[email protected]>
> Signed-off-by: Will Deacon <[email protected]>
> (cherry picked from commit 6f44a0bacb79a03972c83759711832b382b1b8ac)
> Signed-off-by: Arnd Bergmann <[email protected]>
> ---
> arch/arm64/kernel/traps.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
also added to 4.9.y
On Fri, Mar 22, 2019 at 04:44:14PM +0100, Arnd Bergmann wrote:
> From: Lanqing Liu <[email protected]>
>
> On Spreadtrum's serial device, nearly all of interrupts would be cleared
> by hardware except timeout interrupt. This patch removed the operation
> of clearing all interrupt in irq handler, instead added an if statement
> to check if the timeout interrupt is supposed to be cleared.
>
> Wrongly clearing timeout interrupt would lead to uart data stay in rx
> fifo, that means the driver cannot read them out anymore.
>
> Signed-off-by: Lanqing Liu <[email protected]>
> Signed-off-by: Chunyan Zhang <[email protected]>
> Signed-off-by: Greg Kroah-Hartman <[email protected]>
> (cherry picked from commit 4350782570b919f254c1e083261a21c19fcaee90)
> Signed-off-by: Arnd Bergmann <[email protected]>
> ---
> drivers/tty/serial/sprd_serial.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
Also added to 4.9.y
On Fri, Mar 22, 2019 at 04:44:15PM +0100, Arnd Bergmann wrote:
> From: Peter Zijlstra <[email protected]>
>
> The current int_sqrt() computation is sub-optimal for the case of small
> @x. Which is the interesting case when we're going to do cumulative
> distribution functions on idle times, which we assume to be a random
> variable, where the target residency of the deepest idle state gives an
> upper bound on the variable (5e6ns on recent Intel chips).
>
> In the case of small @x, the compute loop:
>
> while (m != 0) {
> b = y + m;
> y >>= 1;
>
> if (x >= b) {
> x -= b;
> y += m;
> }
> m >>= 2;
> }
>
> can be reduced to:
>
> while (m > x)
> m >>= 2;
>
> Because y==0, b==m and until x>=m y will remain 0.
>
> And while this is computationally equivalent, it runs much faster
> because there's less code, in particular less branches.
>
> cycles: branches: branch-misses:
>
> OLD:
>
> hot: 45.109444 +- 0.044117 44.333392 +- 0.002254 0.018723 +- 0.000593
> cold: 187.737379 +- 0.156678 44.333407 +- 0.002254 6.272844 +- 0.004305
>
> PRE:
>
> hot: 67.937492 +- 0.064124 66.999535 +- 0.000488 0.066720 +- 0.001113
> cold: 232.004379 +- 0.332811 66.999527 +- 0.000488 6.914634 +- 0.006568
>
> POST:
>
> hot: 43.633557 +- 0.034373 45.333132 +- 0.002277 0.023529 +- 0.000681
> cold: 207.438411 +- 0.125840 45.333132 +- 0.002277 6.976486 +- 0.004219
>
> Averages computed over all values <128k using a LFSR to generate order.
> Cold numbers have a LFSR based branch trace buffer 'confuser' ran between
> each int_sqrt() invocation.
>
> Link: http://lkml.kernel.org/r/[email protected]
> Fixes: 30493cc9dddb ("lib/int_sqrt.c: optimize square root algorithm")
> Signed-off-by: Peter Zijlstra (Intel) <[email protected]>
> Suggested-by: Anshul Garg <[email protected]>
> Acked-by: Linus Torvalds <[email protected]>
> Cc: Davidlohr Bueso <[email protected]>
> Cc: Thomas Gleixner <[email protected]>
> Cc: Ingo Molnar <[email protected]>
> Cc: Will Deacon <[email protected]>
> Cc: Joe Perches <[email protected]>
> Cc: David Miller <[email protected]>
> Cc: Matthew Wilcox <[email protected]>
> Cc: Kees Cook <[email protected]>
> Cc: Michael Davidson <[email protected]>
> Signed-off-by: Andrew Morton <[email protected]>
> Signed-off-by: Linus Torvalds <[email protected]>
> (cherry picked from commit 3f3295709edea6268ff1609855f498035286af73)
> Signed-off-by: Arnd Bergmann <[email protected]>
> ---
> lib/int_sqrt.c | 3 +++
> 1 file changed, 3 insertions(+)
Also added to 4.14.y and 4.9.y
On Fri, Mar 22, 2019 at 04:44:16PM +0100, Arnd Bergmann wrote:
> From: Andrey Konovalov <[email protected]>
>
> When cleaning up the configurations, make sure we only free the number
> of configurations and interfaces that we could have allocated.
>
> Reported-by: Andrey Konovalov <[email protected]>
> Cc: stable <[email protected]>
> Signed-off-by: Greg Kroah-Hartman <[email protected]>
> (cherry picked from commit 32fd87b3bbf5f7a045546401dfe2894dbbf4d8c3)
> Signed-off-by: Arnd Bergmann <[email protected]>
> ---
> drivers/usb/core/config.c | 9 ++++++---
> 1 file changed, 6 insertions(+), 3 deletions(-)
Also added to 4.14.y and 4.9.y
On Fri, Mar 22, 2019 at 04:43:51PM +0100, Arnd Bergmann wrote:
> I took a scripted approach to look at some product kernels for patches
> backported into vendor kernels. This is a set of (mostly) bugfixes I found
> in Spreadtrum's linux-4.4 kernel that are missing in 4.4.176:
>
> ffedbd2210f2 mmc: pwrseq: constify mmc_pwrseq_ops structures
> c10368897e10 ALSA: compress: add support for 32bit calls in a 64bit kernel
> 64a67d4762ce mmc: pwrseq_simple: Make reset-gpios optional to match doc
> 4ec0ef3a8212 USB: iowarrior: fix oops with malicious USB descriptors
> e5905ff1281f mmc: debugfs: Add a restriction to mmc debugfs clock setting
> 4ec96b4cbde8 mmc: make MAN_BKOPS_EN message a debug
> ed9feec72fc1 mmc: sanitize 'bus width' in debug output
> 10a16a01d8f7 mmc: core: shut up "voltage-ranges unspecified" pr_info()
> 9772b47a4c29 usb: dwc3: gadget: Fix suspend/resume during device mode
> 6afedcd23cfd arm64: mm: Add trace_irqflags annotations to do_debug_exception()
> 437db4c6e798 mmc: mmc: Attempt to flush cache before reset
> e51534c80660 mmc: core: fix using wrong io voltage if mmc_select_hs200 fails
> e4c5800a3991 mm/rmap: replace BUG_ON(anon_vma->degree) with VM_WARN_ON
> 04c080080855 extcon: usb-gpio: Don't miss event during suspend/resume
> 78283edf2c01 kbuild: setlocalversion: print error to STDERR
> c526c62d565e usb: gadget: composite: fix dereference after null check coverify warning
> 511a36d2f357 usb: gadget: Add the gserial port checking in gs_start_tx()
> 1712c9373f98 mmc: core: don't try to switch block size for dual rate mode
> 5ea8ea2cb7f1 tcp/dccp: drop SYN packets if accept queue is full
> e1dc9b08051a serial: sprd: adjust TIMEOUT to a big value
> 81be24d263db Hang/soft lockup in d_invalidate with simultaneous calls
> 6f44a0bacb79 arm64: traps: disable irq in die()
> b7d44c36a6f6 usb: renesas_usbhs: gadget: fix unused-but-set-variable warning
> 4350782570b9 serial: sprd: clear timeout interrupt only rather than all interrupts
> 3f3295709ede lib/int_sqrt: optimize small argument
> 32fd87b3bbf5 USB: core: only clean up what we allocated
All now queued up, except for the exceptions I have responded to.
thanks,
greg k-h
On Tue, 26 Mar 2019, Greg KH wrote:
> On Fri, Mar 22, 2019 at 04:43:52PM +0100, Arnd Bergmann wrote:
> > From: Julia Lawall <[email protected]>
> >
> > The mmc_pwrseq_ops structures are never modified, so declare them as const.
> >
> > Done with the help of Coccinelle.
> >
> > Signed-off-by: Julia Lawall <[email protected]>
> > Signed-off-by: Ulf Hansson <[email protected]>
> > (cherry picked from commit ffedbd2210f2f4cba490a9205adc11fd1b89a852)
> > Signed-off-by: Arnd Bergmann <[email protected]>
> > ---
> > drivers/mmc/core/pwrseq.h | 2 +-
> > drivers/mmc/core/pwrseq_emmc.c | 2 +-
> > drivers/mmc/core/pwrseq_simple.c | 2 +-
> > 3 files changed, 3 insertions(+), 3 deletions(-)
> >
> > diff --git a/drivers/mmc/core/pwrseq.h b/drivers/mmc/core/pwrseq.h
> > index 096da48c6a7e..133de0426687 100644
> > --- a/drivers/mmc/core/pwrseq.h
> > +++ b/drivers/mmc/core/pwrseq.h
> > @@ -16,7 +16,7 @@ struct mmc_pwrseq_ops {
> > };
> >
> > struct mmc_pwrseq {
> > - struct mmc_pwrseq_ops *ops;
> > + const struct mmc_pwrseq_ops *ops;
> > };
> >
> > #ifdef CONFIG_OF
> > diff --git a/drivers/mmc/core/pwrseq_emmc.c b/drivers/mmc/core/pwrseq_emmc.c
> > index ad4f94ec7e8d..4a82bc77fe49 100644
> > --- a/drivers/mmc/core/pwrseq_emmc.c
> > +++ b/drivers/mmc/core/pwrseq_emmc.c
> > @@ -51,7 +51,7 @@ static void mmc_pwrseq_emmc_free(struct mmc_host *host)
> > kfree(pwrseq);
> > }
> >
> > -static struct mmc_pwrseq_ops mmc_pwrseq_emmc_ops = {
> > +static const struct mmc_pwrseq_ops mmc_pwrseq_emmc_ops = {
> > .post_power_on = mmc_pwrseq_emmc_reset,
> > .free = mmc_pwrseq_emmc_free,
> > };
> > diff --git a/drivers/mmc/core/pwrseq_simple.c b/drivers/mmc/core/pwrseq_simple.c
> > index d10538bb5e07..2b16263458af 100644
> > --- a/drivers/mmc/core/pwrseq_simple.c
> > +++ b/drivers/mmc/core/pwrseq_simple.c
> > @@ -87,7 +87,7 @@ static void mmc_pwrseq_simple_free(struct mmc_host *host)
> > kfree(pwrseq);
> > }
> >
> > -static struct mmc_pwrseq_ops mmc_pwrseq_simple_ops = {
> > +static const struct mmc_pwrseq_ops mmc_pwrseq_simple_ops = {
> > .pre_power_on = mmc_pwrseq_simple_pre_power_on,
> > .post_power_on = mmc_pwrseq_simple_post_power_on,
> > .power_off = mmc_pwrseq_simple_power_off,
>
> Why is this needed for a stable patch? It doesn't fix a bug, it just
> looks like it is a "nice thing" to have, right? I don't think any later
> patch in this series relies it it, or am I missing something?
Fine with me.
julia
On Tue, Mar 26, 2019 at 2:23 AM Greg KH <[email protected]> wrote:
>
> On Fri, Mar 22, 2019 at 04:43:53PM +0100, Arnd Bergmann wrote:
> > From: Ravindra Lokhande <[email protected]>
> >
> > Compress offload does not support ioctl calls from a 32bit userspace
> > in a 64 bit kernel. This patch adds support for ioctls from a 32bit
> > userspace in a 64bit kernel
> >
> > Signed-off-by: Ravindra Lokhande <[email protected]>
> > Acked-by: Vinod Koul <[email protected]>
> > Signed-off-by: Takashi Iwai <[email protected]>
> > (cherry picked from commit c10368897e104c008c610915a218f0fe5fa4ec96)
> > Signed-off-by: Arnd Bergmann <[email protected]>
> > ---
> > sound/core/compress_offload.c | 13 +++++++++++++
> > 1 file changed, 13 insertions(+)
>
> How is this not a "new feature"? What bug does this fix? Has this ever
> worked in the past?
It has never worked in the past, but I consider it a bug for the compat layer
to behave differently from native code. In this case, any 32-bit application
using the SNDRV_COMPRESS_* ioctls will just fail to do anything on
a 64-bit kernel at all without the trivial fix that should have been there when
the driver was originally merged.
Arnd
On Tue, Mar 26, 2019 at 2:22 AM Greg KH <[email protected]> wrote:
> On Fri, Mar 22, 2019 at 04:43:52PM +0100, Arnd Bergmann wrote:
> > }
> >
> > -static struct mmc_pwrseq_ops mmc_pwrseq_simple_ops = {
> > +static const struct mmc_pwrseq_ops mmc_pwrseq_simple_ops = {
> > .pre_power_on = mmc_pwrseq_simple_pre_power_on,
> > .post_power_on = mmc_pwrseq_simple_post_power_on,
> > .power_off = mmc_pwrseq_simple_power_off,
>
> Why is this needed for a stable patch? It doesn't fix a bug, it just
> looks like it is a "nice thing" to have, right? I don't think any later
> patch in this series relies it it, or am I missing something?
Right, the benefit here is rather small. In theory, any structure of
function pointers is a place into which an exploit can be placed
in case someone finds a way to modify a few bytes of kernel
memory. Placing the structures in read-only memory make this
a little harder (it doesn't prevent rowhammer attacks though).
Dropping this patch is certainly fine with me, as we have a large
supply of other structure definitions like this, and we wont' get close to
plugging enough of them in stable kernels.
Arnd
On Tue, Mar 26, 2019 at 2:27 AM Greg KH <[email protected]> wrote:
>
> On Fri, Mar 22, 2019 at 04:44:08PM +0100, Arnd Bergmann wrote:
> > From: Ziyuan Xu <[email protected]>
> >
> > Per spec, block size should always be 512 bytes for dual rate mode,
> > so any attempts to switch the block size under dual rate mode should
> > be neglected.
> >
> > Signed-off-by: Ziyuan Xu <[email protected]>
> > Signed-off-by: Shawn Lin <[email protected]>
> > Signed-off-by: Ulf Hansson <[email protected]>
> > (cherry picked from commit 1712c9373f98ae8ed41599a8d7841a6fba29c264)
> > Signed-off-by: Arnd Bergmann <[email protected]>
> > ---
> > drivers/mmc/core/core.c | 3 ++-
> > 1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/mmc/core/core.c b/drivers/mmc/core/core.c
> > index df074f8c7cb7..3e17268b9994 100644
> > --- a/drivers/mmc/core/core.c
> > +++ b/drivers/mmc/core/core.c
> > @@ -2406,7 +2406,8 @@ int mmc_set_blocklen(struct mmc_card *card, unsigned int blocklen)
> > {
> > struct mmc_command cmd = {0};
> >
> > - if (mmc_card_blockaddr(card) || mmc_card_ddr52(card))
> > + if (mmc_card_blockaddr(card) || mmc_card_ddr52(card) ||
> > + mmc_card_hs400(card) || mmc_card_hs400es(card))
>
> This breaks the build, there is no mmc_card_hs400es() call in 4.4.y.
>
> How did this build for you?
I had a larger set of backported patches and then dropped others
that did not look like stable material, but then did not rebuild again
afterwards. I'll make sure to do that next time.
Arnd
On Tue, Mar 26, 2019 at 2:23 AM Greg Kroah-Hartman
<[email protected]> wrote:
>
> On Fri, Mar 22, 2019 at 04:43:55PM +0100, Arnd Bergmann wrote:
> > From: Josh Boyer <[email protected]>
> >
> > The iowarrior driver expects at least one valid endpoint. If given
> > malicious descriptors that specify 0 for the number of endpoints,
> > it will crash in the probe function. Ensure there is at least
> > one endpoint on the interface before using it.
> >
> > The full report of this issue can be found here:
> > http://seclists.org/bugtraq/2016/Mar/87
> >
> > Reported-by: Ralf Spenneberg <[email protected]>
> > Cc: stable <[email protected]>
> > Signed-off-by: Josh Boyer <[email protected]>
> > Signed-off-by: Greg Kroah-Hartman <[email protected]>
> > (cherry picked from commit 4ec0ef3a82125efc36173062a50624550a900ae0)
> > Signed-off-by: Arnd Bergmann <[email protected]>
> > ---
> > drivers/usb/misc/iowarrior.c | 6 ++++++
> > 1 file changed, 6 insertions(+)
>
> This commit has been in the tree for a long time. It was in the 4.4.7
> release, back in April 2016. And then it was reverted in commit
> b7321e81fc36 ("USB: iowarrior: fix NULL-deref at probe") as it broke
> systems. So why add it back, the correct functionality should be there
> today, right?
Sorry I missed that history. The script I used to identify patches noticed
that this patch was not applied, but I did not have a check for already-
reverted patches.
Chunyan, Baolin: it seems the spreadtrum 4.4 kernel got this wrong
as well, by backporting the patch again on top of 4.4.172. Can you check
the latest internal version for this?
Arnd
On Tue, 26 Mar 2019 at 16:21, Arnd Bergmann <[email protected]> wrote:
>
> On Tue, Mar 26, 2019 at 2:23 AM Greg Kroah-Hartman
> <[email protected]> wrote:
> >
> > On Fri, Mar 22, 2019 at 04:43:55PM +0100, Arnd Bergmann wrote:
> > > From: Josh Boyer <[email protected]>
> > >
> > > The iowarrior driver expects at least one valid endpoint. If given
> > > malicious descriptors that specify 0 for the number of endpoints,
> > > it will crash in the probe function. Ensure there is at least
> > > one endpoint on the interface before using it.
> > >
> > > The full report of this issue can be found here:
> > > http://seclists.org/bugtraq/2016/Mar/87
> > >
> > > Reported-by: Ralf Spenneberg <[email protected]>
> > > Cc: stable <[email protected]>
> > > Signed-off-by: Josh Boyer <[email protected]>
> > > Signed-off-by: Greg Kroah-Hartman <[email protected]>
> > > (cherry picked from commit 4ec0ef3a82125efc36173062a50624550a900ae0)
> > > Signed-off-by: Arnd Bergmann <[email protected]>
> > > ---
> > > drivers/usb/misc/iowarrior.c | 6 ++++++
> > > 1 file changed, 6 insertions(+)
> >
> > This commit has been in the tree for a long time. It was in the 4.4.7
> > release, back in April 2016. And then it was reverted in commit
> > b7321e81fc36 ("USB: iowarrior: fix NULL-deref at probe") as it broke
> > systems. So why add it back, the correct functionality should be there
> > today, right?
>
> Sorry I missed that history. The script I used to identify patches noticed
> that this patch was not applied, but I did not have a check for already-
> reverted patches.
>
> Chunyan, Baolin: it seems the spreadtrum 4.4 kernel got this wrong
> as well, by backporting the patch again on top of 4.4.172. Can you check
> the latest internal version for this?
Yes, I saw this patch in our 4.4 kernel.
Orson, we should revert this patch from our kernel as Greg mentioned.
--
Baolin Wang
Best Regards
Hi Arnd, Baolin,
Thank you!
I am in travel.
I 'll apply it when I am back.
Best,
Orson
--------
Good patches are always welcome!
________________________________________
From: Baolin Wang <[email protected]>
Sent: Tuesday, March 26, 2019 17:35
To: Arnd Bergmann
Cc: Greg Kroah-Hartman; # 3.4.x; Kees Cook; Sebastian Andrzej Siewior; Gustavo A. R. Silva; Josh Boyer; Ralf Spenneberg; USB list; Linux Kernel Mailing List; ?Ŵ??? (Chunyan Zhang); ?????? (Baolin Wang); ?Ծ? (Orson Zhai); ?Ŵ??? (Chunyan Zhang)
Subject: Re: [BACKPORT 4.4.y 04/25] USB: iowarrior: fix oops with malicious USB descriptors
On Tue, 26 Mar 2019 at 16:21, Arnd Bergmann <[email protected]> wrote:
>
> On Tue, Mar 26, 2019 at 2:23 AM Greg Kroah-Hartman
> <[email protected]> wrote:
> >
> > On Fri, Mar 22, 2019 at 04:43:55PM +0100, Arnd Bergmann wrote:
> > > From: Josh Boyer <[email protected]>
> > >
> > > The iowarrior driver expects at least one valid endpoint. If given
> > > malicious descriptors that specify 0 for the number of endpoints,
> > > it will crash in the probe function. Ensure there is at least
> > > one endpoint on the interface before using it.
> > >
> > > The full report of this issue can be found here:
> > > http://seclists.org/bugtraq/2016/Mar/87
> > >
> > > Reported-by: Ralf Spenneberg <[email protected]>
> > > Cc: stable <[email protected]>
> > > Signed-off-by: Josh Boyer <[email protected]>
> > > Signed-off-by: Greg Kroah-Hartman <[email protected]>
> > > (cherry picked from commit 4ec0ef3a82125efc36173062a50624550a900ae0)
> > > Signed-off-by: Arnd Bergmann <[email protected]>
> > > ---
> > > drivers/usb/misc/iowarrior.c | 6 ++++++
> > > 1 file changed, 6 insertions(+)
> >
> > This commit has been in the tree for a long time. It was in the 4.4.7
> > release, back in April 2016. And then it was reverted in commit
> > b7321e81fc36 ("USB: iowarrior: fix NULL-deref at probe") as it broke
> > systems. So why add it back, the correct functionality should be there
> > today, right?
>
> Sorry I missed that history. The script I used to identify patches noticed
> that this patch was not applied, but I did not have a check for already-
> reverted patches.
>
> Chunyan, Baolin: it seems the spreadtrum 4.4 kernel got this wrong
> as well, by backporting the patch again on top of 4.4.172. Can you check
> the latest internal version for this?
Yes, I saw this patch in our 4.4 kernel.
Orson, we should revert this patch from our kernel as Greg mentioned.
--
Baolin Wang
Best Regards
On Tue, Mar 26, 2019 at 08:55:14AM +0100, Arnd Bergmann wrote:
> On Tue, Mar 26, 2019 at 2:23 AM Greg KH <[email protected]> wrote:
> >
> > On Fri, Mar 22, 2019 at 04:43:53PM +0100, Arnd Bergmann wrote:
> > > From: Ravindra Lokhande <[email protected]>
> > >
> > > Compress offload does not support ioctl calls from a 32bit userspace
> > > in a 64 bit kernel. This patch adds support for ioctls from a 32bit
> > > userspace in a 64bit kernel
> > >
> > > Signed-off-by: Ravindra Lokhande <[email protected]>
> > > Acked-by: Vinod Koul <[email protected]>
> > > Signed-off-by: Takashi Iwai <[email protected]>
> > > (cherry picked from commit c10368897e104c008c610915a218f0fe5fa4ec96)
> > > Signed-off-by: Arnd Bergmann <[email protected]>
> > > ---
> > > sound/core/compress_offload.c | 13 +++++++++++++
> > > 1 file changed, 13 insertions(+)
> >
> > How is this not a "new feature"? What bug does this fix? Has this ever
> > worked in the past?
>
> It has never worked in the past, but I consider it a bug for the compat layer
> to behave differently from native code. In this case, any 32-bit application
> using the SNDRV_COMPRESS_* ioctls will just fail to do anything on
> a 64-bit kernel at all without the trivial fix that should have been there when
> the driver was originally merged.
Ok, fair enough, now queued up.
greg k-h