This is the start of the stable review cycle for the 4.4.224 release.
There are 86 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Wed, 20 May 2020 17:32:42 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.224-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <[email protected]>
Linux 4.4.224-rc1
Sergei Trofimovich <[email protected]>
Makefile: disallow data races on gcc-10 as well
Jim Mattson <[email protected]>
KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce
Geert Uytterhoeven <[email protected]>
ARM: dts: r8a7740: Add missing extal2 to CPG node
Kai-Heng Feng <[email protected]>
Revert "ALSA: hda/realtek: Fix pop noise on ALC225"
Wei Yongjun <[email protected]>
usb: gadget: legacy: fix error return code in cdc_bind()
Wei Yongjun <[email protected]>
usb: gadget: legacy: fix error return code in gncm_bind()
Christophe JAILLET <[email protected]>
usb: gadget: audio: Fix a missing error return value in audio_bind()
Christophe JAILLET <[email protected]>
usb: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()'
Eric W. Biederman <[email protected]>
exec: Move would_dump into flush_old_exec
Borislav Petkov <[email protected]>
x86: Fix early boot crash on gcc-10, third try
Fabio Estevam <[email protected]>
ARM: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries
Kyungtae Kim <[email protected]>
USB: gadget: fix illegal array access in binding with UDC
Takashi Iwai <[email protected]>
ALSA: rawmidi: Initialize allocated buffers
Takashi Iwai <[email protected]>
ALSA: rawmidi: Fix racy buffer resize under concurrent accesses
Takashi Iwai <[email protected]>
ALSA: hda/realtek - Limit int mic boost for Thinkpad T530
Paolo Abeni <[email protected]>
netlabel: cope with NULL catmap
Paolo Abeni <[email protected]>
net: ipv4: really enforce backoff for redirects
Cong Wang <[email protected]>
net: fix a potential recursive NETDEV_FEAT_CHANGE
Linus Torvalds <[email protected]>
gcc-10: avoid shadowing standard library 'free()' in crypto
Boris Ostrovsky <[email protected]>
x86/paravirt: Remove the unused irq_enable_sysexit pv op
Keith Busch <[email protected]>
blk-mq: Allow blocking queue tag iter callbacks
Jianchao Wang <[email protected]>
blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter
Gabriel Krisman Bertazi <[email protected]>
blk-mq: Allow timeouts to run while queue is freezing
Christoph Hellwig <[email protected]>
block: defer timeouts to a workqueue
Linus Torvalds <[email protected]>
gcc-10: disable 'restrict' warning for now
Linus Torvalds <[email protected]>
gcc-10: disable 'stringop-overflow' warning for now
Linus Torvalds <[email protected]>
gcc-10: disable 'array-bounds' warning for now
Linus Torvalds <[email protected]>
gcc-10: disable 'zero-length-bounds' warning for now
Linus Torvalds <[email protected]>
Stop the ad-hoc games with -Wno-maybe-initialized
Masahiro Yamada <[email protected]>
kbuild: compute false-positive -Wmaybe-uninitialized cases in Kconfig
Linus Torvalds <[email protected]>
gcc-10 warnings: fix low-hanging fruit
Jason Gunthorpe <[email protected]>
pnp: Use list_for_each_entry() instead of open coding
Jack Morgenstein <[email protected]>
IB/mlx4: Test return value of calls to ib_get_cached_pkey
Arnd Bergmann <[email protected]>
netfilter: conntrack: avoid gcc-10 zero-length-bounds warning
Gal Pressman <[email protected]>
net/mlx5: Fix driver load error flow when firmware is stuck
Anjali Singhai Jain <[email protected]>
i40e: avoid NVM acquire deadlock during NVM update
Ben Hutchings <[email protected]>
scsi: qla2xxx: Avoid double completion of abort command
zhong jiang <[email protected]>
mm/memory_hotplug.c: fix overflow in test_pages_in_a_zone()
Jiri Benc <[email protected]>
gre: do not keep the GRE header around in collect medata mode
John Hurley <[email protected]>
net: openvswitch: fix csum updates for MPLS actions
Vasily Averin <[email protected]>
ipc/util.c: sysvipc_find_ipc() incorrectly updates position index
Vasily Averin <[email protected]>
drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper()
Lubomir Rintel <[email protected]>
dmaengine: mmp_tdma: Reset channel error on release
Madhuparna Bhowmik <[email protected]>
dmaengine: pch_dma.c: Avoid data race between probe and irq handler
Ronnie Sahlberg <[email protected]>
cifs: Fix a race condition with cifs_echo_request
Samuel Cabrero <[email protected]>
cifs: Check for timeout on Negotiate stage
wuxu.wu <[email protected]>
spi: spi-dw: Add lock protect dw_spi rx/tx to prevent concurrent calls
Wu Bo <[email protected]>
scsi: sg: add sg_remove_request in sg_write
Arnd Bergmann <[email protected]>
drop_monitor: work around gcc-10 stringop-overflow warning
Christophe JAILLET <[email protected]>
net: moxa: Fix a potential double 'free_irq()'
Christophe JAILLET <[email protected]>
net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()'
David Ahern <[email protected]>
net: handle no dst on skb in icmp6_send
Vladis Dronov <[email protected]>
ptp: free ptp device pin descriptors properly
Vladis Dronov <[email protected]>
ptp: fix the race between the release of ptp_clock and cdev
YueHaibing <[email protected]>
ptp: Fix pass zero to ERR_PTR() in ptp_clock_register
Logan Gunthorpe <[email protected]>
chardev: add helper function to register char devs with a struct device
Dmitry Torokhov <[email protected]>
ptp: create "pins" together with the rest of attributes
Dmitry Torokhov <[email protected]>
ptp: use is_visible method to hide unused attributes
Dmitry Torokhov <[email protected]>
ptp: do not explicitly set drvdata in ptp_clock_register()
Cengiz Can <[email protected]>
blktrace: fix dereference after null check
Jan Kara <[email protected]>
blktrace: Protect q->blk_trace with RCU
Jens Axboe <[email protected]>
blktrace: fix trace mutex deadlock
Jens Axboe <[email protected]>
blktrace: fix unlocked access to init/start-stop/teardown
Waiman Long <[email protected]>
blktrace: Fix potential deadlock between delete & sysfs ops
Sabrina Dubroca <[email protected]>
net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup
Sabrina Dubroca <[email protected]>
net: ipv6: add net argument to ip6_dst_lookup_flow
Shijie Luo <[email protected]>
ext4: add cond_resched() to ext4_protect_reserved_inode
Kees Cook <[email protected]>
binfmt_elf: Do not move brk for INTERP-less ET_EXEC
Alexandre Belloni <[email protected]>
phy: micrel: Ensure interrupts are reenabled on resume
Alexandre Belloni <[email protected]>
phy: micrel: Disable auto negotiation on startup
Ivan Delalande <[email protected]>
scripts/decodecode: fix trapping instruction formatting
George Spelvin <[email protected]>
batman-adv: fix batadv_nc_random_weight_tq
Oliver Neukum <[email protected]>
USB: serial: garmin_gps: add sanity checking for data length
Oliver Neukum <[email protected]>
USB: uas: add quirk for LaCie 2Big Quadra
Alex Estrin <[email protected]>
Revert "IB/ipoib: Update broadcast object if PKey value was changed in index 0"
Ville Syrjälä <[email protected]>
x86/apm: Don't access __preempt_count with zeroed fs
Kees Cook <[email protected]>
binfmt_elf: move brk out of mmap when doing direct loader exec
Sabrina Dubroca <[email protected]>
ipv6: fix cleanup ordering for ip6_mr failure
Govindarajulu Varadarajan <[email protected]>
enic: do not overwrite error code
Hans de Goede <[email protected]>
Revert "ACPI / video: Add force_native quirk for HP Pavilion dv6"
Eric Dumazet <[email protected]>
sch_choke: avoid potential panic in choke_reset()
Eric Dumazet <[email protected]>
sch_sfq: validate silly quantum values
Tariq Toukan <[email protected]>
net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc()
Julia Lawall <[email protected]>
dp83640: reverse arguments to list_add_tail
Greg Kroah-Hartman <[email protected]>
Revert "net: phy: Avoid polling PHY with PHY_IGNORE_INTERRUPTS"
Matt Jolly <[email protected]>
USB: serial: qcserial: Add DW5816e support
-------------
Diffstat:
Makefile | 17 +-
arch/arm/boot/dts/imx27-phytec-phycard-s-rdk.dts | 4 +-
arch/arm/boot/dts/r8a7740.dtsi | 2 +-
arch/x86/entry/entry_32.S | 8 +-
arch/x86/include/asm/apm.h | 6 -
arch/x86/include/asm/paravirt.h | 7 -
arch/x86/include/asm/paravirt_types.h | 9 --
arch/x86/include/asm/stackprotector.h | 7 +-
arch/x86/kernel/apm_32.c | 5 +
arch/x86/kernel/asm-offsets.c | 3 -
arch/x86/kernel/paravirt.c | 7 -
arch/x86/kernel/paravirt_patch_32.c | 2 -
arch/x86/kernel/paravirt_patch_64.c | 1 -
arch/x86/kernel/smpboot.c | 8 +
arch/x86/kvm/x86.c | 2 +-
arch/x86/xen/enlighten.c | 3 -
arch/x86/xen/smp.c | 1 +
arch/x86/xen/xen-asm_32.S | 14 --
arch/x86/xen/xen-ops.h | 3 -
block/blk-core.c | 3 +
block/blk-mq-tag.c | 7 +-
block/blk-mq.c | 17 ++
block/blk-timeout.c | 3 +
crypto/lrw.c | 4 +-
crypto/xts.c | 4 +-
drivers/acpi/video_detect.c | 11 --
drivers/dma/mmp_tdma.c | 2 +
drivers/dma/pch_dma.c | 2 +-
drivers/gpu/drm/qxl/qxl_image.c | 3 +-
drivers/infiniband/core/addr.c | 6 +-
drivers/infiniband/hw/mlx4/qp.c | 14 +-
drivers/infiniband/ulp/ipoib/ipoib_ib.c | 13 --
drivers/net/ethernet/cisco/enic/enic_main.c | 9 +-
drivers/net/ethernet/intel/i40e/i40e_nvm.c | 98 +++++++-----
drivers/net/ethernet/intel/i40e/i40e_prototype.h | 2 -
drivers/net/ethernet/mellanox/mlx4/main.c | 4 +-
drivers/net/ethernet/mellanox/mlx5/core/main.c | 2 +-
drivers/net/ethernet/moxa/moxart_ether.c | 2 +-
drivers/net/ethernet/natsemi/jazzsonic.c | 6 +-
drivers/net/geneve.c | 4 +-
drivers/net/phy/dp83640.c | 2 +-
drivers/net/phy/micrel.c | 28 +++-
drivers/net/phy/phy.c | 15 +-
drivers/net/vxlan.c | 10 +-
drivers/ptp/ptp_clock.c | 42 ++---
drivers/ptp/ptp_private.h | 9 +-
drivers/ptp/ptp_sysfs.c | 162 ++++++++-----------
drivers/scsi/qla2xxx/qla_init.c | 4 +-
drivers/scsi/sg.c | 4 +-
drivers/spi/spi-dw.c | 15 +-
drivers/spi/spi-dw.h | 1 +
drivers/usb/gadget/configfs.c | 3 +
drivers/usb/gadget/legacy/audio.c | 4 +-
drivers/usb/gadget/legacy/cdc2.c | 4 +-
drivers/usb/gadget/legacy/ncm.c | 4 +-
drivers/usb/gadget/udc/net2272.c | 2 +
drivers/usb/serial/garmin_gps.c | 4 +-
drivers/usb/serial/qcserial.c | 1 +
drivers/usb/storage/unusual_uas.h | 7 +
fs/binfmt_elf.c | 12 ++
fs/char_dev.c | 86 ++++++++++
fs/cifs/cifssmb.c | 12 ++
fs/cifs/connect.c | 11 +-
fs/cifs/smb2pdu.c | 12 ++
fs/exec.c | 4 +-
fs/ext4/block_validity.c | 1 +
include/linux/blkdev.h | 3 +-
include/linux/blktrace_api.h | 6 +-
include/linux/cdev.h | 5 +
include/linux/compiler.h | 7 +
include/linux/fs.h | 2 +-
include/linux/pnp.h | 29 ++--
include/linux/posix-clock.h | 19 ++-
include/linux/tty.h | 2 +-
include/net/addrconf.h | 6 +-
include/net/ipv6.h | 2 +-
include/net/netfilter/nf_conntrack.h | 2 +-
include/sound/rawmidi.h | 1 +
init/main.c | 2 +
ipc/util.c | 12 +-
kernel/time/posix-clock.c | 31 ++--
kernel/trace/blktrace.c | 191 +++++++++++++++++------
mm/memory_hotplug.c | 4 +-
net/batman-adv/network-coding.c | 9 +-
net/core/dev.c | 4 +-
net/core/drop_monitor.c | 11 +-
net/dccp/ipv6.c | 6 +-
net/ipv4/cipso_ipv4.c | 6 +-
net/ipv4/ip_gre.c | 7 +-
net/ipv4/route.c | 2 +-
net/ipv6/addrconf_core.c | 11 +-
net/ipv6/af_inet6.c | 10 +-
net/ipv6/datagram.c | 2 +-
net/ipv6/icmp.c | 6 +-
net/ipv6/inet6_connection_sock.c | 4 +-
net/ipv6/ip6_output.c | 8 +-
net/ipv6/raw.c | 2 +-
net/ipv6/syncookies.c | 2 +-
net/ipv6/tcp_ipv6.c | 4 +-
net/l2tp/l2tp_ip6.c | 2 +-
net/mpls/af_mpls.c | 7 +-
net/netfilter/nf_conntrack_core.c | 4 +-
net/netlabel/netlabel_kapi.c | 6 +
net/openvswitch/actions.c | 6 +-
net/sched/sch_choke.c | 3 +-
net/sched/sch_sfq.c | 9 ++
net/sctp/ipv6.c | 4 +-
net/tipc/udp_media.c | 9 +-
scripts/decodecode | 2 +-
sound/core/rawmidi.c | 35 ++++-
sound/pci/hda/patch_realtek.c | 12 +-
111 files changed, 805 insertions(+), 496 deletions(-)
From: Cengiz Can <[email protected]>
commit 153031a301bb07194e9c37466cfce8eacb977621 upstream.
There was a recent change in blktrace.c that added a RCU protection to
`q->blk_trace` in order to fix a use-after-free issue during access.
However the change missed an edge case that can lead to dereferencing of
`bt` pointer even when it's NULL:
Coverity static analyzer marked this as a FORWARD_NULL issue with CID
1460458.
```
/kernel/trace/blktrace.c: 1904 in sysfs_blk_trace_attr_store()
1898 ret = 0;
1899 if (bt == NULL)
1900 ret = blk_trace_setup_queue(q, bdev);
1901
1902 if (ret == 0) {
1903 if (attr == &dev_attr_act_mask)
>>> CID 1460458: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "bt".
1904 bt->act_mask = value;
1905 else if (attr == &dev_attr_pid)
1906 bt->pid = value;
1907 else if (attr == &dev_attr_start_lba)
1908 bt->start_lba = value;
1909 else if (attr == &dev_attr_end_lba)
```
Added a reassignment with RCU annotation to fix the issue.
Fixes: c780e86dd48 ("blktrace: Protect q->blk_trace with RCU")
Reviewed-by: Ming Lei <[email protected]>
Reviewed-by: Bob Liu <[email protected]>
Reviewed-by: Steven Rostedt (VMware) <[email protected]>
Signed-off-by: Cengiz Can <[email protected]>
Signed-off-by: Jens Axboe <[email protected]>
Signed-off-by: Ben Hutchings <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
kernel/trace/blktrace.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/kernel/trace/blktrace.c
+++ b/kernel/trace/blktrace.c
@@ -1822,8 +1822,11 @@ static ssize_t sysfs_blk_trace_attr_stor
}
ret = 0;
- if (bt == NULL)
+ if (bt == NULL) {
ret = blk_trace_setup_queue(q, bdev);
+ bt = rcu_dereference_protected(q->blk_trace,
+ lockdep_is_held(&q->blk_trace_mutex));
+ }
if (ret == 0) {
if (attr == &dev_attr_act_mask)
From: Sabrina Dubroca <[email protected]>
commit 6c8991f41546c3c472503dff1ea9daaddf9331c2 upstream.
ipv6_stub uses the ip6_dst_lookup function to allow other modules to
perform IPv6 lookups. However, this function skips the XFRM layer
entirely.
All users of ipv6_stub->ip6_dst_lookup use ip_route_output_flow (via the
ip_route_output_key and ip_route_output helpers) for their IPv4 lookups,
which calls xfrm_lookup_route(). This patch fixes this inconsistent
behavior by switching the stub to ip6_dst_lookup_flow, which also calls
xfrm_lookup_route().
This requires some changes in all the callers, as these two functions
take different arguments and have different return types.
Fixes: 5f81bd2e5d80 ("ipv6: export a stub for IPv6 symbols used by vxlan")
Reported-by: Xiumei Mu <[email protected]>
Signed-off-by: Sabrina Dubroca <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
[bwh: Backported to 4.4:
- Drop changes in lwt_bpf.c, mlx5, and rxe
- Adjust filename, context, indentation]
Signed-off-by: Ben Hutchings <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/infiniband/core/addr.c | 6 +++---
drivers/net/geneve.c | 4 +++-
drivers/net/vxlan.c | 10 ++++------
include/net/addrconf.h | 6 ++++--
net/ipv6/addrconf_core.c | 11 ++++++-----
net/ipv6/af_inet6.c | 2 +-
net/mpls/af_mpls.c | 7 +++----
net/tipc/udp_media.c | 9 ++++++---
8 files changed, 30 insertions(+), 25 deletions(-)
--- a/drivers/infiniband/core/addr.c
+++ b/drivers/infiniband/core/addr.c
@@ -293,9 +293,9 @@ static int addr6_resolve(struct sockaddr
fl6.saddr = src_in->sin6_addr;
fl6.flowi6_oif = addr->bound_dev_if;
- ret = ipv6_stub->ipv6_dst_lookup(addr->net, NULL, &dst, &fl6);
- if (ret < 0)
- goto put;
+ dst = ipv6_stub->ipv6_dst_lookup_flow(addr->net, NULL, &fl6, NULL);
+ if (IS_ERR(dst))
+ return PTR_ERR(dst);
if (ipv6_addr_any(&fl6.saddr)) {
ret = ipv6_dev_get_saddr(addr->net, ip6_dst_idev(dst)->dev,
--- a/drivers/net/geneve.c
+++ b/drivers/net/geneve.c
@@ -781,7 +781,9 @@ static struct dst_entry *geneve_get_v6_d
fl6->daddr = geneve->remote.sin6.sin6_addr;
}
- if (ipv6_stub->ipv6_dst_lookup(geneve->net, gs6->sock->sk, &dst, fl6)) {
+ dst = ipv6_stub->ipv6_dst_lookup_flow(geneve->net, gs6->sock->sk, fl6,
+ NULL);
+ if (IS_ERR(dst)) {
netdev_dbg(dev, "no route to %pI6\n", &fl6->daddr);
return ERR_PTR(-ENETUNREACH);
}
--- a/drivers/net/vxlan.c
+++ b/drivers/net/vxlan.c
@@ -1864,7 +1864,6 @@ static struct dst_entry *vxlan6_get_rout
{
struct dst_entry *ndst;
struct flowi6 fl6;
- int err;
memset(&fl6, 0, sizeof(fl6));
fl6.flowi6_oif = oif;
@@ -1873,11 +1872,10 @@ static struct dst_entry *vxlan6_get_rout
fl6.flowi6_mark = skb->mark;
fl6.flowi6_proto = IPPROTO_UDP;
- err = ipv6_stub->ipv6_dst_lookup(vxlan->net,
- vxlan->vn6_sock->sock->sk,
- &ndst, &fl6);
- if (err < 0)
- return ERR_PTR(err);
+ ndst = ipv6_stub->ipv6_dst_lookup_flow(vxlan->net, vxlan->vn6_sock->sock->sk,
+ &fl6, NULL);
+ if (unlikely(IS_ERR(ndst)))
+ return ERR_PTR(-ENETUNREACH);
*saddr = fl6.saddr;
return ndst;
--- a/include/net/addrconf.h
+++ b/include/net/addrconf.h
@@ -192,8 +192,10 @@ struct ipv6_stub {
const struct in6_addr *addr);
int (*ipv6_sock_mc_drop)(struct sock *sk, int ifindex,
const struct in6_addr *addr);
- int (*ipv6_dst_lookup)(struct net *net, struct sock *sk,
- struct dst_entry **dst, struct flowi6 *fl6);
+ struct dst_entry *(*ipv6_dst_lookup_flow)(struct net *net,
+ const struct sock *sk,
+ struct flowi6 *fl6,
+ const struct in6_addr *final_dst);
void (*udpv6_encap_enable)(void);
void (*ndisc_send_na)(struct net_device *dev, const struct in6_addr *daddr,
const struct in6_addr *solicited_addr,
--- a/net/ipv6/addrconf_core.c
+++ b/net/ipv6/addrconf_core.c
@@ -107,15 +107,16 @@ int inet6addr_notifier_call_chain(unsign
}
EXPORT_SYMBOL(inet6addr_notifier_call_chain);
-static int eafnosupport_ipv6_dst_lookup(struct net *net, struct sock *u1,
- struct dst_entry **u2,
- struct flowi6 *u3)
+static struct dst_entry *eafnosupport_ipv6_dst_lookup_flow(struct net *net,
+ const struct sock *sk,
+ struct flowi6 *fl6,
+ const struct in6_addr *final_dst)
{
- return -EAFNOSUPPORT;
+ return ERR_PTR(-EAFNOSUPPORT);
}
const struct ipv6_stub *ipv6_stub __read_mostly = &(struct ipv6_stub) {
- .ipv6_dst_lookup = eafnosupport_ipv6_dst_lookup,
+ .ipv6_dst_lookup_flow = eafnosupport_ipv6_dst_lookup_flow,
};
EXPORT_SYMBOL_GPL(ipv6_stub);
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -841,7 +841,7 @@ static struct pernet_operations inet6_ne
static const struct ipv6_stub ipv6_stub_impl = {
.ipv6_sock_mc_join = ipv6_sock_mc_join,
.ipv6_sock_mc_drop = ipv6_sock_mc_drop,
- .ipv6_dst_lookup = ip6_dst_lookup,
+ .ipv6_dst_lookup_flow = ip6_dst_lookup_flow,
.udpv6_encap_enable = udpv6_encap_enable,
.ndisc_send_na = ndisc_send_na,
.nd_tbl = &nd_tbl,
--- a/net/mpls/af_mpls.c
+++ b/net/mpls/af_mpls.c
@@ -470,16 +470,15 @@ static struct net_device *inet6_fib_look
struct net_device *dev;
struct dst_entry *dst;
struct flowi6 fl6;
- int err;
if (!ipv6_stub)
return ERR_PTR(-EAFNOSUPPORT);
memset(&fl6, 0, sizeof(fl6));
memcpy(&fl6.daddr, addr, sizeof(struct in6_addr));
- err = ipv6_stub->ipv6_dst_lookup(net, NULL, &dst, &fl6);
- if (err)
- return ERR_PTR(err);
+ dst = ipv6_stub->ipv6_dst_lookup_flow(net, NULL, &fl6, NULL);
+ if (IS_ERR(dst))
+ return ERR_CAST(dst);
dev = dst->dev;
dev_hold(dev);
--- a/net/tipc/udp_media.c
+++ b/net/tipc/udp_media.c
@@ -200,10 +200,13 @@ static int tipc_udp_send_msg(struct net
.saddr = src->ipv6,
.flowi6_proto = IPPROTO_UDP
};
- err = ipv6_stub->ipv6_dst_lookup(net, ub->ubsock->sk, &ndst,
- &fl6);
- if (err)
+ ndst = ipv6_stub->ipv6_dst_lookup_flow(net,
+ ub->ubsock->sk,
+ &fl6, NULL);
+ if (IS_ERR(ndst)) {
+ err = PTR_ERR(ndst);
goto tx_error;
+ }
ttl = ip6_dst_hoplimit(ndst);
err = udp_tunnel6_xmit_skb(ndst, ub->ubsock->sk, skb,
ndst->dev, &src->ipv6,
From: Hans de Goede <[email protected]>
commit fd25ea29093e275195d0ae8b2573021a1c98959f upstream.
Revert commit 6276e53fa8c0 (ACPI / video: Add force_native quirk for
HP Pavilion dv6).
In the commit message for the quirk this revert removes I wrote:
"Note that there are quite a few HP Pavilion dv6 variants, some
woth ATI and some with NVIDIA hybrid gfx, both seem to need this
quirk to have working backlight control. There are also some versions
with only Intel integrated gfx, these may not need this quirk, but it
should not hurt there."
Unfortunately that seems wrong, I've already received 2 reports of
this commit causing regressions on some dv6 variants (at least one
of which actually has a nvidia GPU). So it seems that HP has made a
mess here by using the same model-name both in marketing and in the
DMI data for many different variants. Some of which need
acpi_backlight=native for functional backlight control (as the
quirk this commit reverts was doing), where as others are broken by
it. So lets get back to the old sitation so as to avoid regressing
on models which used to work without any kernel cmdline arguments
before.
Fixes: 6276e53fa8c0 (ACPI / video: Add force_native quirk for HP Pavilion dv6)
Signed-off-by: Hans de Goede <[email protected]>
Signed-off-by: Rafael J. Wysocki <[email protected]>
Cc: Guenter Roeck <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/acpi/video_detect.c | 11 -----------
1 file changed, 11 deletions(-)
--- a/drivers/acpi/video_detect.c
+++ b/drivers/acpi/video_detect.c
@@ -289,17 +289,6 @@ static const struct dmi_system_id video_
DMI_MATCH(DMI_PRODUCT_NAME, "Dell System XPS L702X"),
},
},
- {
- /* https://bugzilla.redhat.com/show_bug.cgi?id=1204476 */
- /* https://bugs.launchpad.net/ubuntu/+source/linux-lts-trusty/+bug/1416940 */
- .callback = video_detect_force_native,
- .ident = "HP Pavilion dv6",
- .matches = {
- DMI_MATCH(DMI_SYS_VENDOR, "Hewlett-Packard"),
- DMI_MATCH(DMI_PRODUCT_NAME, "HP Pavilion dv6 Notebook PC"),
- },
- },
-
{ },
};
From: Kees Cook <[email protected]>
commit 7be3cb019db1cbd5fd5ffe6d64a23fefa4b6f229 upstream.
When brk was moved for binaries without an interpreter, it should have
been limited to ET_DYN only. In other words, the special case was an
ET_DYN that lacks an INTERP, not just an executable that lacks INTERP.
The bug manifested for giant static executables, where the brk would end
up in the middle of the text area on 32-bit architectures.
Reported-and-tested-by: Richard Kojedzinszky <[email protected]>
Fixes: bbdc6076d2e5 ("binfmt_elf: move brk out of mmap when doing direct loader exec")
Cc: [email protected]
Signed-off-by: Kees Cook <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Cc: Guenter Roeck <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
fs/binfmt_elf.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -1104,7 +1104,8 @@ static int load_elf_binary(struct linux_
* (since it grows up, and may collide early with the stack
* growing down), and into the unused ELF_ET_DYN_BASE region.
*/
- if (IS_ENABLED(CONFIG_ARCH_HAS_ELF_RANDOMIZE) && !interpreter)
+ if (IS_ENABLED(CONFIG_ARCH_HAS_ELF_RANDOMIZE) &&
+ loc->elf_ex.e_type == ET_DYN && !interpreter)
current->mm->brk = current->mm->start_brk =
ELF_ET_DYN_BASE;
From: Jim Mattson <[email protected]>
commit c4e0e4ab4cf3ec2b3f0b628ead108d677644ebd9 upstream.
Bank_num is a one-based count of banks, not a zero-based index. It
overflows the allocated space only when strictly greater than
KVM_MAX_MCE_BANKS.
Fixes: a9e38c3e01ad ("KVM: x86: Catch potential overrun in MCE setup")
Signed-off-by: Jue Wang <[email protected]>
Signed-off-by: Jim Mattson <[email protected]>
Reviewed-by: Peter Shier <[email protected]>
Message-Id: <[email protected]>
Reviewed-by: Vitaly Kuznetsov <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
arch/x86/kvm/x86.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -2941,7 +2941,7 @@ static int kvm_vcpu_ioctl_x86_setup_mce(
unsigned bank_num = mcg_cap & 0xff, bank;
r = -EINVAL;
- if (!bank_num || bank_num >= KVM_MAX_MCE_BANKS)
+ if (!bank_num || bank_num > KVM_MAX_MCE_BANKS)
goto out;
if (mcg_cap & ~(KVM_MCE_CAP_SUPPORTED | 0xff | 0xff0000))
goto out;
From: Jason Gunthorpe <[email protected]>
commit 01b2bafe57b19d9119413f138765ef57990921ce upstream.
Aside from good practice, this avoids a warning from gcc 10:
./include/linux/kernel.h:997:3: warning: array subscript -31 is outside array bounds of ‘struct list_head[1]’ [-Warray-bounds]
997 | ((type *)(__mptr - offsetof(type, member))); })
| ~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
./include/linux/list.h:493:2: note: in expansion of macro ‘container_of’
493 | container_of(ptr, type, member)
| ^~~~~~~~~~~~
./include/linux/pnp.h:275:30: note: in expansion of macro ‘list_entry’
275 | #define global_to_pnp_dev(n) list_entry(n, struct pnp_dev, global_list)
| ^~~~~~~~~~
./include/linux/pnp.h:281:11: note: in expansion of macro ‘global_to_pnp_dev’
281 | (dev) != global_to_pnp_dev(&pnp_global); \
| ^~~~~~~~~~~~~~~~~
arch/x86/kernel/rtc.c:189:2: note: in expansion of macro ‘pnp_for_each_dev’
189 | pnp_for_each_dev(dev) {
Because the common code doesn't cast the starting list_head to the
containing struct.
Signed-off-by: Jason Gunthorpe <[email protected]>
[ rjw: Whitespace adjustments ]
Signed-off-by: Rafael J. Wysocki <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
include/linux/pnp.h | 29 +++++++++--------------------
1 file changed, 9 insertions(+), 20 deletions(-)
--- a/include/linux/pnp.h
+++ b/include/linux/pnp.h
@@ -219,10 +219,8 @@ struct pnp_card {
#define global_to_pnp_card(n) list_entry(n, struct pnp_card, global_list)
#define protocol_to_pnp_card(n) list_entry(n, struct pnp_card, protocol_list)
#define to_pnp_card(n) container_of(n, struct pnp_card, dev)
-#define pnp_for_each_card(card) \
- for((card) = global_to_pnp_card(pnp_cards.next); \
- (card) != global_to_pnp_card(&pnp_cards); \
- (card) = global_to_pnp_card((card)->global_list.next))
+#define pnp_for_each_card(card) \
+ list_for_each_entry(card, &pnp_cards, global_list)
struct pnp_card_link {
struct pnp_card *card;
@@ -275,14 +273,9 @@ struct pnp_dev {
#define card_to_pnp_dev(n) list_entry(n, struct pnp_dev, card_list)
#define protocol_to_pnp_dev(n) list_entry(n, struct pnp_dev, protocol_list)
#define to_pnp_dev(n) container_of(n, struct pnp_dev, dev)
-#define pnp_for_each_dev(dev) \
- for((dev) = global_to_pnp_dev(pnp_global.next); \
- (dev) != global_to_pnp_dev(&pnp_global); \
- (dev) = global_to_pnp_dev((dev)->global_list.next))
-#define card_for_each_dev(card,dev) \
- for((dev) = card_to_pnp_dev((card)->devices.next); \
- (dev) != card_to_pnp_dev(&(card)->devices); \
- (dev) = card_to_pnp_dev((dev)->card_list.next))
+#define pnp_for_each_dev(dev) list_for_each_entry(dev, &pnp_global, global_list)
+#define card_for_each_dev(card, dev) \
+ list_for_each_entry(dev, &(card)->devices, card_list)
#define pnp_dev_name(dev) (dev)->name
static inline void *pnp_get_drvdata(struct pnp_dev *pdev)
@@ -434,14 +427,10 @@ struct pnp_protocol {
};
#define to_pnp_protocol(n) list_entry(n, struct pnp_protocol, protocol_list)
-#define protocol_for_each_card(protocol,card) \
- for((card) = protocol_to_pnp_card((protocol)->cards.next); \
- (card) != protocol_to_pnp_card(&(protocol)->cards); \
- (card) = protocol_to_pnp_card((card)->protocol_list.next))
-#define protocol_for_each_dev(protocol,dev) \
- for((dev) = protocol_to_pnp_dev((protocol)->devices.next); \
- (dev) != protocol_to_pnp_dev(&(protocol)->devices); \
- (dev) = protocol_to_pnp_dev((dev)->protocol_list.next))
+#define protocol_for_each_card(protocol, card) \
+ list_for_each_entry(card, &(protocol)->cards, protocol_list)
+#define protocol_for_each_dev(protocol, dev) \
+ list_for_each_entry(dev, &(protocol)->devices, protocol_list)
extern struct bus_type pnp_bus_type;
From: Fabio Estevam <[email protected]>
commit 0caf34350a25907515d929a9c77b9b206aac6d1e upstream.
The I2C2 pins are already used and the following errors are seen:
imx27-pinctrl 10015000.iomuxc: pin MX27_PAD_I2C2_SDA already requested by 10012000.i2c; cannot claim for 1001d000.i2c
imx27-pinctrl 10015000.iomuxc: pin-69 (1001d000.i2c) status -22
imx27-pinctrl 10015000.iomuxc: could not request pin 69 (MX27_PAD_I2C2_SDA) from group i2c2grp on device 10015000.iomuxc
imx-i2c 1001d000.i2c: Error applying setting, reverse things back
imx-i2c: probe of 1001d000.i2c failed with error -22
Fix it by adding the correct I2C1 IOMUX entries for the pinctrl_i2c1 group.
Cc: <[email protected]>
Fixes: 61664d0b432a ("ARM: dts: imx27 phyCARD-S pinctrl")
Signed-off-by: Fabio Estevam <[email protected]>
Reviewed-by: Stefan Riedmueller <[email protected]>
Signed-off-by: Shawn Guo <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
arch/arm/boot/dts/imx27-phytec-phycard-s-rdk.dts | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/arch/arm/boot/dts/imx27-phytec-phycard-s-rdk.dts
+++ b/arch/arm/boot/dts/imx27-phytec-phycard-s-rdk.dts
@@ -81,8 +81,8 @@
imx27-phycard-s-rdk {
pinctrl_i2c1: i2c1grp {
fsl,pins = <
- MX27_PAD_I2C2_SDA__I2C2_SDA 0x0
- MX27_PAD_I2C2_SCL__I2C2_SCL 0x0
+ MX27_PAD_I2C_DATA__I2C_DATA 0x0
+ MX27_PAD_I2C_CLK__I2C_CLK 0x0
>;
};
From: Jiri Benc <[email protected]>
[ Upstream commit e271c7b4420ddbb9fae82a2b31a5ab3edafcf4fe ]
For ipgre interface in collect metadata mode, it doesn't make sense for the
interface to be of ARPHRD_IPGRE type. The outer header of received packets
is not needed, as all the information from it is present in metadata_dst. We
already don't set ipgre_header_ops for collect metadata interfaces, which is
the only consumer of mac_header pointing to the outer IP header.
Just set the interface type to ARPHRD_NONE in collect metadata mode for
ipgre (not gretap, that still correctly stays ARPHRD_ETHER) and reset
mac_header.
Fixes: a64b04d86d14 ("gre: do not assign header_ops in collect metadata mode")
Fixes: 2e15ea390e6f4 ("ip_gre: Add support to collect tunnel metadata.")
Signed-off-by: Jiri Benc <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
net/ipv4/ip_gre.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
index e5448570d6483..900ee28bda99a 100644
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -399,7 +399,10 @@ static int ipgre_rcv(struct sk_buff *skb, const struct tnl_ptk_info *tpi)
iph->saddr, iph->daddr, tpi->key);
if (tunnel) {
- skb_pop_mac_header(skb);
+ if (tunnel->dev->type != ARPHRD_NONE)
+ skb_pop_mac_header(skb);
+ else
+ skb_reset_mac_header(skb);
if (tunnel->collect_md) {
__be16 flags;
__be64 tun_id;
@@ -1015,6 +1018,8 @@ static void ipgre_netlink_parms(struct net_device *dev,
struct ip_tunnel *t = netdev_priv(dev);
t->collect_md = true;
+ if (dev->type == ARPHRD_IPGRE)
+ dev->type = ARPHRD_NONE;
}
}
--
2.20.1
From: Madhuparna Bhowmik <[email protected]>
[ Upstream commit 2e45676a4d33af47259fa186ea039122ce263ba9 ]
pd->dma.dev is read in irq handler pd_irq().
However, it is set to pdev->dev after request_irq().
Therefore, set pd->dma.dev to pdev->dev before request_irq() to
avoid data race between pch_dma_probe() and pd_irq().
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Madhuparna Bhowmik <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Vinod Koul <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
drivers/dma/pch_dma.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/dma/pch_dma.c b/drivers/dma/pch_dma.c
index 113605f6fe208..32517003e118e 100644
--- a/drivers/dma/pch_dma.c
+++ b/drivers/dma/pch_dma.c
@@ -877,6 +877,7 @@ static int pch_dma_probe(struct pci_dev *pdev,
}
pci_set_master(pdev);
+ pd->dma.dev = &pdev->dev;
err = request_irq(pdev->irq, pd_irq, IRQF_SHARED, DRV_NAME, pd);
if (err) {
@@ -892,7 +893,6 @@ static int pch_dma_probe(struct pci_dev *pdev,
goto err_free_irq;
}
- pd->dma.dev = &pdev->dev;
INIT_LIST_HEAD(&pd->dma.channels);
--
2.20.1
From: Vasily Averin <[email protected]>
[ Upstream commit 5b5703dbafae74adfbe298a56a81694172caf5e6 ]
v2: removed TODO reminder
Signed-off-by: Vasily Averin <[email protected]>
Link: http://patchwork.freedesktop.org/patch/msgid/[email protected]
Signed-off-by: Gerd Hoffmann <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
drivers/gpu/drm/qxl/qxl_image.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/qxl/qxl_image.c b/drivers/gpu/drm/qxl/qxl_image.c
index 7fbcc35e8ad35..c89c10055641e 100644
--- a/drivers/gpu/drm/qxl/qxl_image.c
+++ b/drivers/gpu/drm/qxl/qxl_image.c
@@ -210,7 +210,8 @@ qxl_image_init_helper(struct qxl_device *qdev,
break;
default:
DRM_ERROR("unsupported image bit depth\n");
- return -EINVAL; /* TODO: cleanup */
+ qxl_bo_kunmap_atomic_page(qdev, image_bo, ptr);
+ return -EINVAL;
}
image->u.bitmap.flags = QXL_BITMAP_TOP_DOWN;
image->u.bitmap.x = width;
--
2.20.1
From: Alexandre Belloni <[email protected]>
[ Upstream commit f5aba91d7f186cba84af966a741a0346de603cd4 ]
At least on ksz8081, when getting back from power down, interrupts are
disabled. ensure they are reenabled if they were previously enabled.
This fixes resuming which is failing on the xplained boards from atmel
since 321beec5047a (net: phy: Use interrupts when available in NOLINK
state)
Fixes: 321beec5047a (net: phy: Use interrupts when available in NOLINK state)
Signed-off-by: Alexandre Belloni <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
drivers/net/phy/micrel.c | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)
diff --git a/drivers/net/phy/micrel.c b/drivers/net/phy/micrel.c
index 98166e144f2dd..48788ef0ac639 100644
--- a/drivers/net/phy/micrel.c
+++ b/drivers/net/phy/micrel.c
@@ -603,6 +603,21 @@ ksz9021_wr_mmd_phyreg(struct phy_device *phydev, int ptrad, int devnum,
{
}
+static int kszphy_resume(struct phy_device *phydev)
+{
+ int value;
+
+ mutex_lock(&phydev->lock);
+
+ value = phy_read(phydev, MII_BMCR);
+ phy_write(phydev, MII_BMCR, value & ~BMCR_PDOWN);
+
+ kszphy_config_intr(phydev);
+ mutex_unlock(&phydev->lock);
+
+ return 0;
+}
+
static int kszphy_probe(struct phy_device *phydev)
{
const struct kszphy_type *type = phydev->drv->driver_data;
@@ -794,7 +809,7 @@ static struct phy_driver ksphy_driver[] = {
.ack_interrupt = kszphy_ack_interrupt,
.config_intr = kszphy_config_intr,
.suspend = genphy_suspend,
- .resume = genphy_resume,
+ .resume = kszphy_resume,
.driver = { .owner = THIS_MODULE,},
}, {
.phy_id = PHY_ID_KSZ8061,
--
2.20.1
From: Anjali Singhai Jain <[email protected]>
[ Upstream commit 09f79fd49d94cda5837e9bfd0cb222232b3b6d9f ]
X722 devices use the AdminQ to access the NVM, and this requires taking
the AdminQ lock. Because of this, we lock the AdminQ during
i40e_read_nvm(), which is also called in places where the lock is
already held, such as the firmware update path which wants to lock once
and then unlock when finished after performing several tasks.
Although this should have only affected X722 devices, commit
96a39aed25e6 ("i40e: Acquire NVM lock before reads on all devices",
2016-12-02) added locking for all NVM reads, regardless of device
family.
This resulted in us accidentally causing NVM acquire timeouts on all
devices, causing failed firmware updates which left the eeprom in
a corrupt state.
Create unsafe non-locked variants of i40e_read_nvm_word and
i40e_read_nvm_buffer, __i40e_read_nvm_word and __i40e_read_nvm_buffer
respectively. These variants will not take the NVM lock and are expected
to only be called in places where the NVM lock is already held if
needed.
Since the only caller of i40e_read_nvm_buffer() was in such a path,
remove it entirely in favor of the unsafe version. If necessary we can
always add it back in the future.
Additionally, we now need to hold the NVM lock in i40e_validate_checksum
because the call to i40e_calc_nvm_checksum now assumes that the NVM lock
is held. We can further move the call to read I40E_SR_SW_CHECKSUM_WORD
up a bit so that we do not need to acquire the NVM lock twice.
This should resolve firmware updates and also fix potential raise that
could have caused the driver to report an invalid NVM checksum upon
driver load.
Reported-by: Stefan Assmann <[email protected]>
Fixes: 96a39aed25e6 ("i40e: Acquire NVM lock before reads on all devices", 2016-12-02)
Signed-off-by: Anjali Singhai Jain <[email protected]>
Signed-off-by: Jacob Keller <[email protected]>
Tested-by: Andrew Bowers <[email protected]>
Signed-off-by: Jeff Kirsher <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
drivers/net/ethernet/intel/i40e/i40e_nvm.c | 98 ++++++++++++-------
.../net/ethernet/intel/i40e/i40e_prototype.h | 2 -
2 files changed, 60 insertions(+), 40 deletions(-)
diff --git a/drivers/net/ethernet/intel/i40e/i40e_nvm.c b/drivers/net/ethernet/intel/i40e/i40e_nvm.c
index dd4e6ea9e0e1b..af7f97791320d 100644
--- a/drivers/net/ethernet/intel/i40e/i40e_nvm.c
+++ b/drivers/net/ethernet/intel/i40e/i40e_nvm.c
@@ -266,7 +266,7 @@ static i40e_status i40e_read_nvm_aq(struct i40e_hw *hw, u8 module_pointer,
* @offset: offset of the Shadow RAM word to read (0x000000 - 0x001FFF)
* @data: word read from the Shadow RAM
*
- * Reads one 16 bit word from the Shadow RAM using the GLNVM_SRCTL register.
+ * Reads one 16 bit word from the Shadow RAM using the AdminQ
**/
static i40e_status i40e_read_nvm_word_aq(struct i40e_hw *hw, u16 offset,
u16 *data)
@@ -280,27 +280,49 @@ static i40e_status i40e_read_nvm_word_aq(struct i40e_hw *hw, u16 offset,
}
/**
- * i40e_read_nvm_word - Reads Shadow RAM
+ * __i40e_read_nvm_word - Reads nvm word, assumes called does the locking
* @hw: pointer to the HW structure
* @offset: offset of the Shadow RAM word to read (0x000000 - 0x001FFF)
* @data: word read from the Shadow RAM
*
- * Reads one 16 bit word from the Shadow RAM using the GLNVM_SRCTL register.
+ * Reads one 16 bit word from the Shadow RAM.
+ *
+ * Do not use this function except in cases where the nvm lock is already
+ * taken via i40e_acquire_nvm().
+ **/
+static i40e_status __i40e_read_nvm_word(struct i40e_hw *hw,
+ u16 offset, u16 *data)
+{
+ i40e_status ret_code = 0;
+
+ if (hw->flags & I40E_HW_FLAG_AQ_SRCTL_ACCESS_ENABLE)
+ ret_code = i40e_read_nvm_word_aq(hw, offset, data);
+ else
+ ret_code = i40e_read_nvm_word_srctl(hw, offset, data);
+ return ret_code;
+}
+
+/**
+ * i40e_read_nvm_word - Reads nvm word and acquire lock if necessary
+ * @hw: pointer to the HW structure
+ * @offset: offset of the Shadow RAM word to read (0x000000 - 0x001FFF)
+ * @data: word read from the Shadow RAM
+ *
+ * Reads one 16 bit word from the Shadow RAM.
**/
i40e_status i40e_read_nvm_word(struct i40e_hw *hw, u16 offset,
u16 *data)
{
- enum i40e_status_code ret_code = 0;
+ i40e_status ret_code = 0;
ret_code = i40e_acquire_nvm(hw, I40E_RESOURCE_READ);
- if (!ret_code) {
- if (hw->flags & I40E_HW_FLAG_AQ_SRCTL_ACCESS_ENABLE) {
- ret_code = i40e_read_nvm_word_aq(hw, offset, data);
- } else {
- ret_code = i40e_read_nvm_word_srctl(hw, offset, data);
- }
- i40e_release_nvm(hw);
- }
+ if (ret_code)
+ return ret_code;
+
+ ret_code = __i40e_read_nvm_word(hw, offset, data);
+
+ i40e_release_nvm(hw);
+
return ret_code;
}
@@ -393,31 +415,25 @@ static i40e_status i40e_read_nvm_buffer_aq(struct i40e_hw *hw, u16 offset,
}
/**
- * i40e_read_nvm_buffer - Reads Shadow RAM buffer
+ * __i40e_read_nvm_buffer - Reads nvm buffer, caller must acquire lock
* @hw: pointer to the HW structure
* @offset: offset of the Shadow RAM word to read (0x000000 - 0x001FFF).
* @words: (in) number of words to read; (out) number of words actually read
* @data: words read from the Shadow RAM
*
* Reads 16 bit words (data buffer) from the SR using the i40e_read_nvm_srrd()
- * method. The buffer read is preceded by the NVM ownership take
- * and followed by the release.
+ * method.
**/
-i40e_status i40e_read_nvm_buffer(struct i40e_hw *hw, u16 offset,
- u16 *words, u16 *data)
+static i40e_status __i40e_read_nvm_buffer(struct i40e_hw *hw,
+ u16 offset, u16 *words,
+ u16 *data)
{
- enum i40e_status_code ret_code = 0;
+ i40e_status ret_code = 0;
- if (hw->flags & I40E_HW_FLAG_AQ_SRCTL_ACCESS_ENABLE) {
- ret_code = i40e_acquire_nvm(hw, I40E_RESOURCE_READ);
- if (!ret_code) {
- ret_code = i40e_read_nvm_buffer_aq(hw, offset, words,
- data);
- i40e_release_nvm(hw);
- }
- } else {
+ if (hw->flags & I40E_HW_FLAG_AQ_SRCTL_ACCESS_ENABLE)
+ ret_code = i40e_read_nvm_buffer_aq(hw, offset, words, data);
+ else
ret_code = i40e_read_nvm_buffer_srctl(hw, offset, words, data);
- }
return ret_code;
}
@@ -499,15 +515,15 @@ static i40e_status i40e_calc_nvm_checksum(struct i40e_hw *hw,
data = (u16 *)vmem.va;
/* read pointer to VPD area */
- ret_code = i40e_read_nvm_word(hw, I40E_SR_VPD_PTR, &vpd_module);
+ ret_code = __i40e_read_nvm_word(hw, I40E_SR_VPD_PTR, &vpd_module);
if (ret_code) {
ret_code = I40E_ERR_NVM_CHECKSUM;
goto i40e_calc_nvm_checksum_exit;
}
/* read pointer to PCIe Alt Auto-load module */
- ret_code = i40e_read_nvm_word(hw, I40E_SR_PCIE_ALT_AUTO_LOAD_PTR,
- &pcie_alt_module);
+ ret_code = __i40e_read_nvm_word(hw, I40E_SR_PCIE_ALT_AUTO_LOAD_PTR,
+ &pcie_alt_module);
if (ret_code) {
ret_code = I40E_ERR_NVM_CHECKSUM;
goto i40e_calc_nvm_checksum_exit;
@@ -521,7 +537,7 @@ static i40e_status i40e_calc_nvm_checksum(struct i40e_hw *hw,
if ((i % I40E_SR_SECTOR_SIZE_IN_WORDS) == 0) {
u16 words = I40E_SR_SECTOR_SIZE_IN_WORDS;
- ret_code = i40e_read_nvm_buffer(hw, i, &words, data);
+ ret_code = __i40e_read_nvm_buffer(hw, i, &words, data);
if (ret_code) {
ret_code = I40E_ERR_NVM_CHECKSUM;
goto i40e_calc_nvm_checksum_exit;
@@ -593,14 +609,19 @@ i40e_status i40e_validate_nvm_checksum(struct i40e_hw *hw,
u16 checksum_sr = 0;
u16 checksum_local = 0;
+ /* We must acquire the NVM lock in order to correctly synchronize the
+ * NVM accesses across multiple PFs. Without doing so it is possible
+ * for one of the PFs to read invalid data potentially indicating that
+ * the checksum is invalid.
+ */
+ ret_code = i40e_acquire_nvm(hw, I40E_RESOURCE_READ);
+ if (ret_code)
+ return ret_code;
ret_code = i40e_calc_nvm_checksum(hw, &checksum_local);
+ __i40e_read_nvm_word(hw, I40E_SR_SW_CHECKSUM_WORD, &checksum_sr);
+ i40e_release_nvm(hw);
if (ret_code)
- goto i40e_validate_nvm_checksum_exit;
-
- /* Do not use i40e_read_nvm_word() because we do not want to take
- * the synchronization semaphores twice here.
- */
- i40e_read_nvm_word(hw, I40E_SR_SW_CHECKSUM_WORD, &checksum_sr);
+ return ret_code;
/* Verify read checksum from EEPROM is the same as
* calculated checksum
@@ -612,7 +633,6 @@ i40e_status i40e_validate_nvm_checksum(struct i40e_hw *hw,
if (checksum)
*checksum = checksum_local;
-i40e_validate_nvm_checksum_exit:
return ret_code;
}
@@ -958,6 +978,7 @@ static i40e_status i40e_nvmupd_state_writing(struct i40e_hw *hw,
break;
case I40E_NVMUPD_CSUM_CON:
+ /* Assumes the caller has acquired the nvm */
status = i40e_update_nvm_checksum(hw);
if (status) {
*perrno = hw->aq.asq_last_status ?
@@ -971,6 +992,7 @@ static i40e_status i40e_nvmupd_state_writing(struct i40e_hw *hw,
break;
case I40E_NVMUPD_CSUM_LCB:
+ /* Assumes the caller has acquired the nvm */
status = i40e_update_nvm_checksum(hw);
if (status) {
*perrno = hw->aq.asq_last_status ?
diff --git a/drivers/net/ethernet/intel/i40e/i40e_prototype.h b/drivers/net/ethernet/intel/i40e/i40e_prototype.h
index bb9d583e5416f..6caa2ab0ad743 100644
--- a/drivers/net/ethernet/intel/i40e/i40e_prototype.h
+++ b/drivers/net/ethernet/intel/i40e/i40e_prototype.h
@@ -282,8 +282,6 @@ i40e_status i40e_acquire_nvm(struct i40e_hw *hw,
void i40e_release_nvm(struct i40e_hw *hw);
i40e_status i40e_read_nvm_word(struct i40e_hw *hw, u16 offset,
u16 *data);
-i40e_status i40e_read_nvm_buffer(struct i40e_hw *hw, u16 offset,
- u16 *words, u16 *data);
i40e_status i40e_update_nvm_checksum(struct i40e_hw *hw);
i40e_status i40e_validate_nvm_checksum(struct i40e_hw *hw,
u16 *checksum);
--
2.20.1
From: Arnd Bergmann <[email protected]>
[ Upstream commit 2c407aca64977ede9b9f35158e919773cae2082f ]
gcc-10 warns around a suspicious access to an empty struct member:
net/netfilter/nf_conntrack_core.c: In function '__nf_conntrack_alloc':
net/netfilter/nf_conntrack_core.c:1522:9: warning: array subscript 0 is outside the bounds of an interior zero-length array 'u8[0]' {aka 'unsigned char[0]'} [-Wzero-length-bounds]
1522 | memset(&ct->__nfct_init_offset[0], 0,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from net/netfilter/nf_conntrack_core.c:37:
include/net/netfilter/nf_conntrack.h:90:5: note: while referencing '__nfct_init_offset'
90 | u8 __nfct_init_offset[0];
| ^~~~~~~~~~~~~~~~~~
The code is correct but a bit unusual. Rework it slightly in a way that
does not trigger the warning, using an empty struct instead of an empty
array. There are probably more elegant ways to do this, but this is the
smallest change.
Fixes: c41884ce0562 ("netfilter: conntrack: avoid zeroing timer")
Signed-off-by: Arnd Bergmann <[email protected]>
Signed-off-by: Pablo Neira Ayuso <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
include/net/netfilter/nf_conntrack.h | 2 +-
net/netfilter/nf_conntrack_core.c | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h
index 636e9e11bd5f6..e3f73fd1d53a9 100644
--- a/include/net/netfilter/nf_conntrack.h
+++ b/include/net/netfilter/nf_conntrack.h
@@ -98,7 +98,7 @@ struct nf_conn {
possible_net_t ct_net;
/* all members below initialized via memset */
- u8 __nfct_init_offset[0];
+ struct { } __nfct_init_offset;
/* If we were expected by an expectation, this will be it */
struct nf_conn *master;
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index de0aad12b91d2..e58516274e86a 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -898,9 +898,9 @@ __nf_conntrack_alloc(struct net *net,
/* Don't set timer yet: wait for confirmation */
setup_timer(&ct->timeout, death_by_timeout, (unsigned long)ct);
write_pnet(&ct->ct_net, net);
- memset(&ct->__nfct_init_offset[0], 0,
+ memset(&ct->__nfct_init_offset, 0,
offsetof(struct nf_conn, proto) -
- offsetof(struct nf_conn, __nfct_init_offset[0]));
+ offsetof(struct nf_conn, __nfct_init_offset));
if (zone && nf_ct_zone_add(ct, GFP_ATOMIC, zone) < 0)
goto out_free;
--
2.20.1
From: Linus Torvalds <[email protected]>
commit 44720996e2d79e47d508b0abe99b931a726a3197 upstream.
This is another fine warning, related to the 'zero-length-bounds' one,
but hitting the same historical code in the kernel.
Because C didn't historically support flexible array members, we have
code that instead uses a one-sized array, the same way we have cases of
zero-sized arrays.
The one-sized arrays come from either not wanting to use the gcc
zero-sized array extension, or from a slight convenience-feature, where
particularly for strings, the size of the structure now includes the
allocation for the final NUL character.
So with a "char name[1];" at the end of a structure, you can do things
like
v = my_malloc(sizeof(struct vendor) + strlen(name));
and avoid the "+1" for the terminator.
Yes, the modern way to do that is with a flexible array, and using
'offsetof()' instead of 'sizeof()', and adding the "+1" by hand. That
also technically gets the size "more correct" in that it avoids any
alignment (and thus padding) issues, but this is another long-term
cleanup thing that will not happen for 5.7.
So disable the warning for now, even though it's potentially quite
useful. Having a slew of warnings that then hide more urgent new issues
is not an improvement.
Signed-off-by: Linus Torvalds <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
Makefile | 1 +
1 file changed, 1 insertion(+)
--- a/Makefile
+++ b/Makefile
@@ -797,6 +797,7 @@ KBUILD_CFLAGS += $(call cc-disable-warni
# We'll want to enable this eventually, but it's not going away for 5.7 at least
KBUILD_CFLAGS += $(call cc-disable-warning, zero-length-bounds)
+KBUILD_CFLAGS += $(call cc-disable-warning, array-bounds)
# Enabled with W=2, disabled by default as noisy
KBUILD_CFLAGS += $(call cc-disable-warning, maybe-uninitialized)
From: Christophe JAILLET <[email protected]>
commit ccaef7e6e354fb65758eaddd3eae8065a8b3e295 upstream.
'dev' is allocated in 'net2272_probe_init()'. It must be freed in the error
handling path, as already done in the remove function (i.e.
'net2272_plat_remove()')
Fixes: 90fccb529d24 ("usb: gadget: Gadget directory cleanup - group UDC drivers")
Signed-off-by: Christophe JAILLET <[email protected]>
Signed-off-by: Felipe Balbi <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/usb/gadget/udc/net2272.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/usb/gadget/udc/net2272.c
+++ b/drivers/usb/gadget/udc/net2272.c
@@ -2670,6 +2670,8 @@ net2272_plat_probe(struct platform_devic
err_req:
release_mem_region(base, len);
err:
+ kfree(dev);
+
return ret;
}
On Mon, 18 May 2020 at 23:08, Greg Kroah-Hartman
<[email protected]> wrote:
>
> This is the start of the stable review cycle for the 4.4.224 release.
> There are 86 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 20 May 2020 17:32:42 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.224-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Results from Linaro’s test farm.
No regressions on arm64, arm, x86_64, and i386.
Summary
------------------------------------------------------------------------
kernel: 4.4.224-rc1
git repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
git branch: linux-4.4.y
git commit: 5614224b8432edc87094945490727479494da465
git describe: v4.4.223-87-g5614224b8432
Test details: https://qa-reports.linaro.org/lkft/linux-stable-rc-4.4-oe/build/v4.4.223-87-g5614224b8432
No regressions (compared to build v4.4.223)
No fixes (compared to build v4.4.223)
Ran 18965 total tests in the following environments and test suites.
Environments
--------------
- i386
- juno-r2 - arm64
- juno-r2-compat
- juno-r2-kasan
- x15 - arm
- x86_64
- x86-kasan
Test Suites
-----------
* build
* kselftest
* kselftest/drivers
* kselftest/filesystems
* libhugetlbfs
* linux-log-parser
* ltp-cap_bounds-tests
* ltp-commands-tests
* ltp-containers-tests
* ltp-cpuhotplug-tests
* ltp-crypto-tests
* ltp-cve-tests
* ltp-dio-tests
* ltp-fcntl-locktests-tests
* ltp-filecaps-tests
* ltp-fs-tests
* ltp-fs_bind-tests
* ltp-fs_perms_simple-tests
* ltp-fsx-tests
* ltp-hugetlb-tests
* ltp-io-tests
* ltp-ipc-tests
* ltp-math-tests
* ltp-mm-tests
* ltp-nptl-tests
* ltp-open-posix-tests
* ltp-pty-tests
* ltp-sched-tests
* ltp-securebits-tests
* ltp-syscalls-tests
* network-basic-tests
* perf
* v4l2-compliance
* kvm-unit-tests
* install-android-platform-tools-r2600
* install-android-platform-tools-r2800
* kselftest/net
* kselftest-vsyscall-mode-native
* kselftest-vsyscall-mode-native/drivers
* kselftest-vsyscall-mode-native/filesystems
* kselftest-vsyscall-mode-none
* kselftest-vsyscall-mode-none/drivers
* kselftest-vsyscall-mode-none/filesystems
Summary
------------------------------------------------------------------------
kernel: 4.4.224-rc1
git repo: https://git.linaro.org/lkft/arm64-stable-rc.git
git branch: 4.4.224-rc1-hikey-20200518-727
git commit: 59657db1accd5fa3cc599da31d1501113075794c
git describe: 4.4.224-rc1-hikey-20200518-727
Test details: https://qa-reports.linaro.org/lkft/linaro-hikey-stable-rc-4.4-oe/build/4.4.224-rc1-hikey-20200518-727
No regressions (compared to build 4.4.224-rc1-hikey-20200518-726)
No fixes (compared to build 4.4.224-rc1-hikey-20200518-726)
Ran 1813 total tests in the following environments and test suites.
Environments
--------------
- hi6220-hikey - arm64
Test Suites
-----------
* build
* install-android-platform-tools-r2600
* kselftest
* kselftest/drivers
* kselftest/filesystems
* libhugetlbfs
* linux-log-parser
* ltp-cap_bounds-tests
* ltp-commands-tests
* ltp-containers-tests
* ltp-cpuhotplug-tests
* ltp-cve-tests
* ltp-dio-tests
* ltp-fcntl-locktests-tests
* ltp-filecaps-tests
* ltp-fs-tests
* ltp-fs_bind-tests
* ltp-fs_perms_simple-tests
* ltp-fsx-tests
* ltp-hugetlb-tests
* ltp-io-tests
* ltp-ipc-tests
* ltp-math-tests
* ltp-mm-tests
* ltp-nptl-tests
* ltp-pty-tests
* ltp-sched-tests
* ltp-securebits-tests
* ltp-syscalls-tests
* perf
* spectre-meltdown-checker-test
* v4l2-compliance
--
Linaro LKFT
https://lkft.linaro.org
On 18/05/2020 18:35, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.4.224 release.
> There are 86 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 20 May 2020 17:32:42 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.224-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
All tests are passing for Tegra ...
Test results for stable-v4.4:
6 builds: 6 pass, 0 fail
12 boots: 12 pass, 0 fail
19 tests: 19 pass, 0 fail
Linux version: 4.4.224-rc1-g4935dd6adfe2
Boards tested: tegra124-jetson-tk1, tegra20-ventana,
tegra30-cardhu-a04
Cheers
Jon
--
nvpublic
Hello Greg,
> From: [email protected] <[email protected]> On
> Behalf Of Greg Kroah-Hartman
> Sent: 18 May 2020 18:36
>
> This is the start of the stable review cycle for the 4.4.224 release.
> There are 86 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
No build/boot issues seen for CIP configs for Linux Linux 4.4.224-rc1 (5614224b8432).
Build/test pipeline/logs: https://gitlab.com/cip-project/cip-testing/linux-stable-rc-ci/pipelines/147257290
GitLab CI pipeline: https://gitlab.com/cip-project/cip-testing/linux-cip-pipelines/-/blob/master/trees/linux-4.4.y.yml
Relevant LAVA jobs: https://lava.ciplatform.org/scheduler/alljobs?length=25&search=561422#table
Kind regards, Chris
>
> Responses should be made by Wed, 20 May 2020 17:32:42 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-
> 4.4.224-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
> linux-4.4.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
> -------------
> Pseudo-Shortlog of commits:
>
> Greg Kroah-Hartman <[email protected]>
> Linux 4.4.224-rc1
>
> Sergei Trofimovich <[email protected]>
> Makefile: disallow data races on gcc-10 as well
>
> Jim Mattson <[email protected]>
> KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce
>
> Geert Uytterhoeven <[email protected]>
> ARM: dts: r8a7740: Add missing extal2 to CPG node
>
> Kai-Heng Feng <[email protected]>
> Revert "ALSA: hda/realtek: Fix pop noise on ALC225"
>
> Wei Yongjun <[email protected]>
> usb: gadget: legacy: fix error return code in cdc_bind()
>
> Wei Yongjun <[email protected]>
> usb: gadget: legacy: fix error return code in gncm_bind()
>
> Christophe JAILLET <[email protected]>
> usb: gadget: audio: Fix a missing error return value in audio_bind()
>
> Christophe JAILLET <[email protected]>
> usb: gadget: net2272: Fix a memory leak in an error handling path in
> 'net2272_plat_probe()'
>
> Eric W. Biederman <[email protected]>
> exec: Move would_dump into flush_old_exec
>
> Borislav Petkov <[email protected]>
> x86: Fix early boot crash on gcc-10, third try
>
> Fabio Estevam <[email protected]>
> ARM: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries
>
> Kyungtae Kim <[email protected]>
> USB: gadget: fix illegal array access in binding with UDC
>
> Takashi Iwai <[email protected]>
> ALSA: rawmidi: Initialize allocated buffers
>
> Takashi Iwai <[email protected]>
> ALSA: rawmidi: Fix racy buffer resize under concurrent accesses
>
> Takashi Iwai <[email protected]>
> ALSA: hda/realtek - Limit int mic boost for Thinkpad T530
>
> Paolo Abeni <[email protected]>
> netlabel: cope with NULL catmap
>
> Paolo Abeni <[email protected]>
> net: ipv4: really enforce backoff for redirects
>
> Cong Wang <[email protected]>
> net: fix a potential recursive NETDEV_FEAT_CHANGE
>
> Linus Torvalds <[email protected]>
> gcc-10: avoid shadowing standard library 'free()' in crypto
>
> Boris Ostrovsky <[email protected]>
> x86/paravirt: Remove the unused irq_enable_sysexit pv op
>
> Keith Busch <[email protected]>
> blk-mq: Allow blocking queue tag iter callbacks
>
> Jianchao Wang <[email protected]>
> blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter
>
> Gabriel Krisman Bertazi <[email protected]>
> blk-mq: Allow timeouts to run while queue is freezing
>
> Christoph Hellwig <[email protected]>
> block: defer timeouts to a workqueue
>
> Linus Torvalds <[email protected]>
> gcc-10: disable 'restrict' warning for now
>
> Linus Torvalds <[email protected]>
> gcc-10: disable 'stringop-overflow' warning for now
>
> Linus Torvalds <[email protected]>
> gcc-10: disable 'array-bounds' warning for now
>
> Linus Torvalds <[email protected]>
> gcc-10: disable 'zero-length-bounds' warning for now
>
> Linus Torvalds <[email protected]>
> Stop the ad-hoc games with -Wno-maybe-initialized
>
> Masahiro Yamada <[email protected]>
> kbuild: compute false-positive -Wmaybe-uninitialized cases in Kconfig
>
> Linus Torvalds <[email protected]>
> gcc-10 warnings: fix low-hanging fruit
>
> Jason Gunthorpe <[email protected]>
> pnp: Use list_for_each_entry() instead of open coding
>
> Jack Morgenstein <[email protected]>
> IB/mlx4: Test return value of calls to ib_get_cached_pkey
>
> Arnd Bergmann <[email protected]>
> netfilter: conntrack: avoid gcc-10 zero-length-bounds warning
>
> Gal Pressman <[email protected]>
> net/mlx5: Fix driver load error flow when firmware is stuck
>
> Anjali Singhai Jain <[email protected]>
> i40e: avoid NVM acquire deadlock during NVM update
>
> Ben Hutchings <[email protected]>
> scsi: qla2xxx: Avoid double completion of abort command
>
> zhong jiang <[email protected]>
> mm/memory_hotplug.c: fix overflow in test_pages_in_a_zone()
>
> Jiri Benc <[email protected]>
> gre: do not keep the GRE header around in collect medata mode
>
> John Hurley <[email protected]>
> net: openvswitch: fix csum updates for MPLS actions
>
> Vasily Averin <[email protected]>
> ipc/util.c: sysvipc_find_ipc() incorrectly updates position index
>
> Vasily Averin <[email protected]>
> drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper()
>
> Lubomir Rintel <[email protected]>
> dmaengine: mmp_tdma: Reset channel error on release
>
> Madhuparna Bhowmik <[email protected]>
> dmaengine: pch_dma.c: Avoid data race between probe and irq handler
>
> Ronnie Sahlberg <[email protected]>
> cifs: Fix a race condition with cifs_echo_request
>
> Samuel Cabrero <[email protected]>
> cifs: Check for timeout on Negotiate stage
>
> wuxu.wu <[email protected]>
> spi: spi-dw: Add lock protect dw_spi rx/tx to prevent concurrent calls
>
> Wu Bo <[email protected]>
> scsi: sg: add sg_remove_request in sg_write
>
> Arnd Bergmann <[email protected]>
> drop_monitor: work around gcc-10 stringop-overflow warning
>
> Christophe JAILLET <[email protected]>
> net: moxa: Fix a potential double 'free_irq()'
>
> Christophe JAILLET <[email protected]>
> net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()'
>
> David Ahern <[email protected]>
> net: handle no dst on skb in icmp6_send
>
> Vladis Dronov <[email protected]>
> ptp: free ptp device pin descriptors properly
>
> Vladis Dronov <[email protected]>
> ptp: fix the race between the release of ptp_clock and cdev
>
> YueHaibing <[email protected]>
> ptp: Fix pass zero to ERR_PTR() in ptp_clock_register
>
> Logan Gunthorpe <[email protected]>
> chardev: add helper function to register char devs with a struct device
>
> Dmitry Torokhov <[email protected]>
> ptp: create "pins" together with the rest of attributes
>
> Dmitry Torokhov <[email protected]>
> ptp: use is_visible method to hide unused attributes
>
> Dmitry Torokhov <[email protected]>
> ptp: do not explicitly set drvdata in ptp_clock_register()
>
> Cengiz Can <[email protected]>
> blktrace: fix dereference after null check
>
> Jan Kara <[email protected]>
> blktrace: Protect q->blk_trace with RCU
>
> Jens Axboe <[email protected]>
> blktrace: fix trace mutex deadlock
>
> Jens Axboe <[email protected]>
> blktrace: fix unlocked access to init/start-stop/teardown
>
> Waiman Long <[email protected]>
> blktrace: Fix potential deadlock between delete & sysfs ops
>
> Sabrina Dubroca <[email protected]>
> net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup
>
> Sabrina Dubroca <[email protected]>
> net: ipv6: add net argument to ip6_dst_lookup_flow
>
> Shijie Luo <[email protected]>
> ext4: add cond_resched() to ext4_protect_reserved_inode
>
> Kees Cook <[email protected]>
> binfmt_elf: Do not move brk for INTERP-less ET_EXEC
>
> Alexandre Belloni <[email protected]>
> phy: micrel: Ensure interrupts are reenabled on resume
>
> Alexandre Belloni <[email protected]>
> phy: micrel: Disable auto negotiation on startup
>
> Ivan Delalande <[email protected]>
> scripts/decodecode: fix trapping instruction formatting
>
> George Spelvin <[email protected]>
> batman-adv: fix batadv_nc_random_weight_tq
>
> Oliver Neukum <[email protected]>
> USB: serial: garmin_gps: add sanity checking for data length
>
> Oliver Neukum <[email protected]>
> USB: uas: add quirk for LaCie 2Big Quadra
>
> Alex Estrin <[email protected]>
> Revert "IB/ipoib: Update broadcast object if PKey value was changed in index
> 0"
>
> Ville Syrjälä <[email protected]>
> x86/apm: Don't access __preempt_count with zeroed fs
>
> Kees Cook <[email protected]>
> binfmt_elf: move brk out of mmap when doing direct loader exec
>
> Sabrina Dubroca <[email protected]>
> ipv6: fix cleanup ordering for ip6_mr failure
>
> Govindarajulu Varadarajan <[email protected]>
> enic: do not overwrite error code
>
> Hans de Goede <[email protected]>
> Revert "ACPI / video: Add force_native quirk for HP Pavilion dv6"
>
> Eric Dumazet <[email protected]>
> sch_choke: avoid potential panic in choke_reset()
>
> Eric Dumazet <[email protected]>
> sch_sfq: validate silly quantum values
>
> Tariq Toukan <[email protected]>
> net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc()
>
> Julia Lawall <[email protected]>
> dp83640: reverse arguments to list_add_tail
>
> Greg Kroah-Hartman <[email protected]>
> Revert "net: phy: Avoid polling PHY with PHY_IGNORE_INTERRUPTS"
>
> Matt Jolly <[email protected]>
> USB: serial: qcserial: Add DW5816e support
>
>
> -------------
>
> Diffstat:
>
> Makefile | 17 +-
> arch/arm/boot/dts/imx27-phytec-phycard-s-rdk.dts | 4 +-
> arch/arm/boot/dts/r8a7740.dtsi | 2 +-
> arch/x86/entry/entry_32.S | 8 +-
> arch/x86/include/asm/apm.h | 6 -
> arch/x86/include/asm/paravirt.h | 7 -
> arch/x86/include/asm/paravirt_types.h | 9 --
> arch/x86/include/asm/stackprotector.h | 7 +-
> arch/x86/kernel/apm_32.c | 5 +
> arch/x86/kernel/asm-offsets.c | 3 -
> arch/x86/kernel/paravirt.c | 7 -
> arch/x86/kernel/paravirt_patch_32.c | 2 -
> arch/x86/kernel/paravirt_patch_64.c | 1 -
> arch/x86/kernel/smpboot.c | 8 +
> arch/x86/kvm/x86.c | 2 +-
> arch/x86/xen/enlighten.c | 3 -
> arch/x86/xen/smp.c | 1 +
> arch/x86/xen/xen-asm_32.S | 14 --
> arch/x86/xen/xen-ops.h | 3 -
> block/blk-core.c | 3 +
> block/blk-mq-tag.c | 7 +-
> block/blk-mq.c | 17 ++
> block/blk-timeout.c | 3 +
> crypto/lrw.c | 4 +-
> crypto/xts.c | 4 +-
> drivers/acpi/video_detect.c | 11 --
> drivers/dma/mmp_tdma.c | 2 +
> drivers/dma/pch_dma.c | 2 +-
> drivers/gpu/drm/qxl/qxl_image.c | 3 +-
> drivers/infiniband/core/addr.c | 6 +-
> drivers/infiniband/hw/mlx4/qp.c | 14 +-
> drivers/infiniband/ulp/ipoib/ipoib_ib.c | 13 --
> drivers/net/ethernet/cisco/enic/enic_main.c | 9 +-
> drivers/net/ethernet/intel/i40e/i40e_nvm.c | 98 +++++++-----
> drivers/net/ethernet/intel/i40e/i40e_prototype.h | 2 -
> drivers/net/ethernet/mellanox/mlx4/main.c | 4 +-
> drivers/net/ethernet/mellanox/mlx5/core/main.c | 2 +-
> drivers/net/ethernet/moxa/moxart_ether.c | 2 +-
> drivers/net/ethernet/natsemi/jazzsonic.c | 6 +-
> drivers/net/geneve.c | 4 +-
> drivers/net/phy/dp83640.c | 2 +-
> drivers/net/phy/micrel.c | 28 +++-
> drivers/net/phy/phy.c | 15 +-
> drivers/net/vxlan.c | 10 +-
> drivers/ptp/ptp_clock.c | 42 ++---
> drivers/ptp/ptp_private.h | 9 +-
> drivers/ptp/ptp_sysfs.c | 162 ++++++++-----------
> drivers/scsi/qla2xxx/qla_init.c | 4 +-
> drivers/scsi/sg.c | 4 +-
> drivers/spi/spi-dw.c | 15 +-
> drivers/spi/spi-dw.h | 1 +
> drivers/usb/gadget/configfs.c | 3 +
> drivers/usb/gadget/legacy/audio.c | 4 +-
> drivers/usb/gadget/legacy/cdc2.c | 4 +-
> drivers/usb/gadget/legacy/ncm.c | 4 +-
> drivers/usb/gadget/udc/net2272.c | 2 +
> drivers/usb/serial/garmin_gps.c | 4 +-
> drivers/usb/serial/qcserial.c | 1 +
> drivers/usb/storage/unusual_uas.h | 7 +
> fs/binfmt_elf.c | 12 ++
> fs/char_dev.c | 86 ++++++++++
> fs/cifs/cifssmb.c | 12 ++
> fs/cifs/connect.c | 11 +-
> fs/cifs/smb2pdu.c | 12 ++
> fs/exec.c | 4 +-
> fs/ext4/block_validity.c | 1 +
> include/linux/blkdev.h | 3 +-
> include/linux/blktrace_api.h | 6 +-
> include/linux/cdev.h | 5 +
> include/linux/compiler.h | 7 +
> include/linux/fs.h | 2 +-
> include/linux/pnp.h | 29 ++--
> include/linux/posix-clock.h | 19 ++-
> include/linux/tty.h | 2 +-
> include/net/addrconf.h | 6 +-
> include/net/ipv6.h | 2 +-
> include/net/netfilter/nf_conntrack.h | 2 +-
> include/sound/rawmidi.h | 1 +
> init/main.c | 2 +
> ipc/util.c | 12 +-
> kernel/time/posix-clock.c | 31 ++--
> kernel/trace/blktrace.c | 191 +++++++++++++++++------
> mm/memory_hotplug.c | 4 +-
> net/batman-adv/network-coding.c | 9 +-
> net/core/dev.c | 4 +-
> net/core/drop_monitor.c | 11 +-
> net/dccp/ipv6.c | 6 +-
> net/ipv4/cipso_ipv4.c | 6 +-
> net/ipv4/ip_gre.c | 7 +-
> net/ipv4/route.c | 2 +-
> net/ipv6/addrconf_core.c | 11 +-
> net/ipv6/af_inet6.c | 10 +-
> net/ipv6/datagram.c | 2 +-
> net/ipv6/icmp.c | 6 +-
> net/ipv6/inet6_connection_sock.c | 4 +-
> net/ipv6/ip6_output.c | 8 +-
> net/ipv6/raw.c | 2 +-
> net/ipv6/syncookies.c | 2 +-
> net/ipv6/tcp_ipv6.c | 4 +-
> net/l2tp/l2tp_ip6.c | 2 +-
> net/mpls/af_mpls.c | 7 +-
> net/netfilter/nf_conntrack_core.c | 4 +-
> net/netlabel/netlabel_kapi.c | 6 +
> net/openvswitch/actions.c | 6 +-
> net/sched/sch_choke.c | 3 +-
> net/sched/sch_sfq.c | 9 ++
> net/sctp/ipv6.c | 4 +-
> net/tipc/udp_media.c | 9 +-
> scripts/decodecode | 2 +-
> sound/core/rawmidi.c | 35 ++++-
> sound/pci/hda/patch_realtek.c | 12 +-
> 111 files changed, 805 insertions(+), 496 deletions(-)
>