This is the start of the stable review cycle for the 4.4.105 release.
There are 49 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Sat Dec 9 12:46:41 UTC 2017.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.105-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <[email protected]>
Linux 4.4.105-rc1
Colin Ian King <[email protected]>
usb: host: fix incorrect updating of offset
Oliver Neukum <[email protected]>
USB: usbfs: Filter flags passed in from user space
Dan Carpenter <[email protected]>
USB: devio: Prevent integer overflow in proc_do_submiturb()
Mateusz Berezecki <[email protected]>
USB: Increase usbfs transfer limit
Masakazu Mokuno <[email protected]>
USB: core: Add type-specific length check of BOS descriptors
John Youn <[email protected]>
usb: ch9: Add size macro for SSP dev cap descriptor
Mathias Nyman <[email protected]>
usb: Add USB 3.1 Precision time measurement capability descriptor support
Yu Chen <[email protected]>
usb: xhci: fix panic in xhci_free_virt_devices_depth_first
Mike Looijmans <[email protected]>
usb: hub: Cycle HUB power when initialization fails
Greg Kroah-Hartman <[email protected]>
Revert "ocfs2: should wait dio before inode lock in ocfs2_setattr()"
Rui Sousa <[email protected]>
net: fec: fix multicast filtering hardware setup
Ross Lagerwall <[email protected]>
xen-netfront: Improve error handling during initialization
Jan Kara <[email protected]>
mm: avoid returning VM_FAULT_RETRY from ->page_mkwrite handlers
Jason Baron <[email protected]>
tcp: correct memory barrier usage in tcp_check_space()
Iago Abal <[email protected]>
dmaengine: pl330: fix double lock
Parthasarathy Bhuvaragan <[email protected]>
tipc: fix cleanup at module unload
Colin Ian King <[email protected]>
net: sctp: fix array overrun read on sctp_timer_tbl
Andrzej Hajda <[email protected]>
drm/exynos/decon5433: set STANDALONE_UPDATE_F on output enablement
Trond Myklebust <[email protected]>
NFSv4: Fix client recovery when server reboots multiple times
Christoffer Dall <[email protected]>
KVM: arm/arm64: Fix occasional warning from the timer work function
Benjamin Coddington <[email protected]>
nfs: Don't take a reference on fl->fl_file for LOCK operation
Kazuya Mizuguchi <[email protected]>
ravb: Remove Rx overflow log messages
Vlad Tsyrklevich <[email protected]>
net/appletalk: Fix kernel memory disclosure
David Forster <[email protected]>
vti6: fix device register to report IFLA_INFO_KIND
Peter Ujfalusi <[email protected]>
ARM: OMAP1: DMA: Correct the number of logical channels
Florian Fainelli <[email protected]>
net: systemport: Pad packet before inserting TSB
Florian Fainelli <[email protected]>
net: systemport: Utilize skb_put_padto()
Masami Hiramatsu <[email protected]>
kprobes/x86: Disable preemption in ftrace-based jprobes
Thomas Richter <[email protected]>
perf test attr: Fix ignored test case result
Ben Hutchings <[email protected]>
usbip: tools: Install all headers needed for libusbip development
Jibin Xu <[email protected]>
sysrq : fix Show Regs call trace on ARM
Gustavo A. R. Silva <[email protected]>
EDAC, sb_edac: Fix missing break in switch
Dave Hansen <[email protected]>
x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt()
Aaron Sierra <[email protected]>
serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X
Alexey Khoroshilov <[email protected]>
usb: phy: tahvo: fix error handling in tahvo_usb_probe()
John Stultz <[email protected]>
usb: dwc2: Error out of dwc2_hsotg_ep_disable() if we're in host mode
John Stultz <[email protected]>
usb: dwc2: Fix UDC state tracking
Hiromitsu Yamasaki <[email protected]>
spi: sh-msiof: Fix DMA transfer size check
Lukas Wunner <[email protected]>
serial: 8250_fintek: Fix rs485 disablement on invalid ioctl()
Andy Lutomirski <[email protected]>
selftests/x86/ldt_get: Add a few additional tests for limits
Christian Borntraeger <[email protected]>
s390/pci: do not require AIS facility
Boshi Wang <[email protected]>
ima: fix hash algorithm initialization
Sebastian Sjoholm <[email protected]>
USB: serial: option: add Quectel BG96 id
Heiko Carstens <[email protected]>
s390/runtime instrumentation: simplify task exit handling
Matt Wilson <[email protected]>
serial: 8250_pci: Add Amazon PCI serial device ID
Kai-Heng Feng <[email protected]>
usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub
Hans de Goede <[email protected]>
uas: Always apply US_FL_NO_ATA_1X quirk to Seagate devices
Rui Hua <[email protected]>
bcache: recover data from backing when data is clean
Coly Li <[email protected]>
bcache: only permit to recovery read error when cache device is clean
-------------
Diffstat:
Makefile | 4 +-
arch/arm/mach-omap1/dma.c | 16 +++----
arch/s390/include/asm/pci_insn.h | 2 +-
arch/s390/include/asm/runtime_instr.h | 4 +-
arch/s390/kernel/process.c | 2 +-
arch/s390/kernel/runtime_instr.c | 30 ++++++-------
arch/s390/pci/pci.c | 5 ++-
arch/s390/pci/pci_insn.c | 6 ++-
arch/x86/include/asm/syscalls.h | 2 +-
arch/x86/kernel/kprobes/ftrace.c | 23 ++++++----
arch/x86/kernel/ldt.c | 16 +++++--
arch/x86/um/ldt.c | 7 ++-
drivers/dma/pl330.c | 19 +++-----
drivers/edac/sb_edac.c | 1 +
drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 2 +
drivers/md/bcache/request.c | 9 +++-
drivers/net/appletalk/ipddp.c | 2 +-
drivers/net/ethernet/broadcom/bcmsysport.c | 23 +++++-----
drivers/net/ethernet/freescale/fec_main.c | 23 ++++------
drivers/net/ethernet/renesas/ravb_main.c | 8 +---
drivers/net/xen-netfront.c | 29 +++++-------
drivers/spi/spi-sh-msiof.c | 2 +-
drivers/staging/lustre/lustre/llite/llite_mmap.c | 4 +-
drivers/tty/serial/8250/8250_fintek.c | 2 +-
drivers/tty/serial/8250/8250_pci.c | 3 ++
drivers/tty/serial/8250/8250_port.c | 5 ++-
drivers/tty/sysrq.c | 9 +++-
drivers/usb/core/config.c | 31 +++++++++++--
drivers/usb/core/devio.c | 56 ++++++++++++------------
drivers/usb/core/hub.c | 9 ++++
drivers/usb/core/quirks.c | 3 ++
drivers/usb/dwc2/gadget.c | 7 +++
drivers/usb/host/ehci-dbg.c | 2 +-
drivers/usb/host/xhci-mem.c | 7 +++
drivers/usb/phy/phy-tahvo.c | 3 +-
drivers/usb/serial/option.c | 3 ++
drivers/usb/storage/uas-detect.h | 4 ++
fs/nfs/nfs4proc.c | 3 --
fs/nfs/nfs4state.c | 1 -
fs/ocfs2/file.c | 9 +---
include/linux/buffer_head.h | 4 +-
include/linux/usb.h | 1 +
include/uapi/linux/usb/ch9.h | 19 ++++++++
net/ipv4/tcp_input.c | 2 +-
net/ipv6/ip6_vti.c | 2 +-
net/sctp/debug.c | 2 +-
net/tipc/server.c | 4 +-
security/integrity/ima/ima_main.c | 4 ++
tools/perf/tests/attr.c | 2 +-
tools/testing/selftests/x86/ldt_gdt.c | 17 ++++++-
tools/usb/usbip/Makefile.am | 3 +-
virt/kvm/arm/arch_timer.c | 3 --
52 files changed, 278 insertions(+), 181 deletions(-)
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Coly Li <[email protected]>
commit d59b23795933678c9638fd20c942d2b4f3cd6185 upstream.
When bcache does read I/Os, for example in writeback or writethrough mode,
if a read request on cache device is failed, bcache will try to recovery
the request by reading from cached device. If the data on cached device is
not synced with cache device, then requester will get a stale data.
For critical storage system like database, providing stale data from
recovery may result an application level data corruption, which is
unacceptible.
With this patch, for a failed read request in writeback or writethrough
mode, recovery a recoverable read request only happens when cache device
is clean. That is to say, all data on cached device is up to update.
For other cache modes in bcache, read request will never hit
cached_dev_read_error(), they don't need this patch.
Please note, because cache mode can be switched arbitrarily in run time, a
writethrough mode might be switched from a writeback mode. Therefore
checking dc->has_data in writethrough mode still makes sense.
Changelog:
V4: Fix parens error pointed by Michael Lyle.
v3: By response from Kent Oversteet, he thinks recovering stale data is a
bug to fix, and option to permit it is unnecessary. So this version
the sysfs file is removed.
v2: rename sysfs entry from allow_stale_data_on_failure to
allow_stale_data_on_failure, and fix the confusing commit log.
v1: initial patch posted.
[small change to patch comment spelling by mlyle]
Signed-off-by: Coly Li <[email protected]>
Signed-off-by: Michael Lyle <[email protected]>
Reported-by: Arne Wolf <[email protected]>
Reviewed-by: Michael Lyle <[email protected]>
Cc: Kent Overstreet <[email protected]>
Cc: Nix <[email protected]>
Cc: Kai Krakow <[email protected]>
Cc: Eric Wheeler <[email protected]>
Cc: Junhui Tang <[email protected]>
Signed-off-by: Jens Axboe <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/md/bcache/request.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
--- a/drivers/md/bcache/request.c
+++ b/drivers/md/bcache/request.c
@@ -707,8 +707,16 @@ static void cached_dev_read_error(struct
{
struct search *s = container_of(cl, struct search, cl);
struct bio *bio = &s->bio.bio;
+ struct cached_dev *dc = container_of(s->d, struct cached_dev, disk);
- if (s->recoverable) {
+ /*
+ * If cache device is dirty (dc->has_dirty is non-zero), then
+ * recovery a failed read request from cached device may get a
+ * stale data back. So read failure recovery is only permitted
+ * when cache device is clean.
+ */
+ if (s->recoverable &&
+ (dc && !atomic_read(&dc->has_dirty))) {
/* Retry from the backing device: */
trace_bcache_read_retry(s->orig_bio);
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Lutomirski <[email protected]>
[ Upstream commit fec8f5ae1715a01c72ad52cb2ecd8aacaf142302 ]
We weren't testing the .limit and .limit_in_pages fields very well.
Add more tests.
This addition seems to trigger the "bits 16:19 are undefined" issue
that was fixed in an earlier patch. I think that, at least on my
CPU, the high nibble of the limit ends in LAR bits 16:19.
Signed-off-by: Andy Lutomirski <[email protected]>
Cc: Borislav Petkov <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Thomas Gleixner <[email protected]>
Link: http://lkml.kernel.org/r/5601c15ea9b3113d288953fd2838b18bedf6bc67.1509794321.git.luto@kernel.org
Signed-off-by: Ingo Molnar <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
tools/testing/selftests/x86/ldt_gdt.c | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)
--- a/tools/testing/selftests/x86/ldt_gdt.c
+++ b/tools/testing/selftests/x86/ldt_gdt.c
@@ -351,9 +351,24 @@ static void do_simple_tests(void)
install_invalid(&desc, false);
desc.seg_not_present = 0;
- desc.read_exec_only = 0;
desc.seg_32bit = 1;
+ desc.read_exec_only = 0;
+ desc.limit = 0xfffff;
+
install_valid(&desc, AR_DPL3 | AR_TYPE_RWDATA | AR_S | AR_P | AR_DB);
+
+ desc.limit_in_pages = 1;
+
+ install_valid(&desc, AR_DPL3 | AR_TYPE_RWDATA | AR_S | AR_P | AR_DB | AR_G);
+ desc.read_exec_only = 1;
+ install_valid(&desc, AR_DPL3 | AR_TYPE_RODATA | AR_S | AR_P | AR_DB | AR_G);
+ desc.contents = 1;
+ desc.read_exec_only = 0;
+ install_valid(&desc, AR_DPL3 | AR_TYPE_RWDATA_EXPDOWN | AR_S | AR_P | AR_DB | AR_G);
+ desc.read_exec_only = 1;
+ install_valid(&desc, AR_DPL3 | AR_TYPE_RODATA_EXPDOWN | AR_S | AR_P | AR_DB | AR_G);
+
+ desc.limit = 0;
install_invalid(&desc, true);
}
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Rui Hua <[email protected]>
commit e393aa2446150536929140739f09c6ecbcbea7f0 upstream.
When we send a read request and hit the clean data in cache device, there
is a situation called cache read race in bcache(see the commit in the tail
of cache_look_up(), the following explaination just copy from there):
The bucket we're reading from might be reused while our bio is in flight,
and we could then end up reading the wrong data. We guard against this
by checking (in bch_cache_read_endio()) if the pointer is stale again;
if so, we treat it as an error (s->iop.error = -EINTR) and reread from
the backing device (but we don't pass that error up anywhere)
It should be noted that cache read race happened under normal
circumstances, not the circumstance when SSD failed, it was counted
and shown in /sys/fs/bcache/XXX/internal/cache_read_races.
Without this patch, when we use writeback mode, we will never reread from
the backing device when cache read race happened, until the whole cache
device is clean, because the condition
(s->recoverable && (dc && !atomic_read(&dc->has_dirty))) is false in
cached_dev_read_error(). In this situation, the s->iop.error(= -EINTR)
will be passed up, at last, user will receive -EINTR when it's bio end,
this is not suitable, and wield to up-application.
In this patch, we use s->read_dirty_data to judge whether the read
request hit dirty data in cache device, it is safe to reread data from
the backing device when the read request hit clean data. This can not
only handle cache read race, but also recover data when failed read
request from cache device.
[edited by mlyle to fix up whitespace, commit log title, comment
spelling]
Fixes: d59b23795933 ("bcache: only permit to recovery read error when cache device is clean")
Signed-off-by: Hua Rui <[email protected]>
Reviewed-by: Michael Lyle <[email protected]>
Reviewed-by: Coly Li <[email protected]>
Signed-off-by: Michael Lyle <[email protected]>
Signed-off-by: Jens Axboe <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/md/bcache/request.c | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
--- a/drivers/md/bcache/request.c
+++ b/drivers/md/bcache/request.c
@@ -707,16 +707,15 @@ static void cached_dev_read_error(struct
{
struct search *s = container_of(cl, struct search, cl);
struct bio *bio = &s->bio.bio;
- struct cached_dev *dc = container_of(s->d, struct cached_dev, disk);
/*
- * If cache device is dirty (dc->has_dirty is non-zero), then
- * recovery a failed read request from cached device may get a
- * stale data back. So read failure recovery is only permitted
- * when cache device is clean.
+ * If read request hit dirty data (s->read_dirty_data is true),
+ * then recovery a failed read request from cached device may
+ * get a stale data back. So read failure recovery is only
+ * permitted when read request hit clean data in cache device,
+ * or when cache read race happened.
*/
- if (s->recoverable &&
- (dc && !atomic_read(&dc->has_dirty))) {
+ if (s->recoverable && !s->read_dirty_data) {
/* Retry from the backing device: */
trace_bcache_read_retry(s->orig_bio);
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Heiko Carstens <[email protected]>
commit 8d9047f8b967ce6181fd824ae922978e1b055cc0 upstream.
Free data structures required for runtime instrumentation from
arch_release_task_struct(). This allows to simplify the code a bit,
and also makes the semantics a bit easier: arch_release_task_struct()
is never called from the task that is being removed.
In addition this allows to get rid of exit_thread() in a later patch.
Signed-off-by: Heiko Carstens <[email protected]>
Signed-off-by: Martin Schwidefsky <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
arch/s390/include/asm/runtime_instr.h | 4 +++-
arch/s390/kernel/process.c | 2 +-
arch/s390/kernel/runtime_instr.c | 30 +++++++++++++++---------------
3 files changed, 19 insertions(+), 17 deletions(-)
--- a/arch/s390/include/asm/runtime_instr.h
+++ b/arch/s390/include/asm/runtime_instr.h
@@ -85,6 +85,8 @@ static inline void restore_ri_cb(struct
load_runtime_instr_cb(&runtime_instr_empty_cb);
}
-void exit_thread_runtime_instr(void);
+struct task_struct;
+
+void runtime_instr_release(struct task_struct *tsk);
#endif /* _RUNTIME_INSTR_H */
--- a/arch/s390/kernel/process.c
+++ b/arch/s390/kernel/process.c
@@ -72,7 +72,6 @@ extern void kernel_thread_starter(void);
*/
void exit_thread(void)
{
- exit_thread_runtime_instr();
}
void flush_thread(void)
@@ -87,6 +86,7 @@ void arch_release_task_struct(struct tas
{
/* Free either the floating-point or the vector register save area */
kfree(tsk->thread.fpu.regs);
+ runtime_instr_release(tsk);
}
int arch_dup_task_struct(struct task_struct *dst, struct task_struct *src)
--- a/arch/s390/kernel/runtime_instr.c
+++ b/arch/s390/kernel/runtime_instr.c
@@ -18,11 +18,24 @@
/* empty control block to disable RI by loading it */
struct runtime_instr_cb runtime_instr_empty_cb;
+void runtime_instr_release(struct task_struct *tsk)
+{
+ kfree(tsk->thread.ri_cb);
+}
+
static void disable_runtime_instr(void)
{
- struct pt_regs *regs = task_pt_regs(current);
+ struct task_struct *task = current;
+ struct pt_regs *regs;
+ if (!task->thread.ri_cb)
+ return;
+ regs = task_pt_regs(task);
+ preempt_disable();
load_runtime_instr_cb(&runtime_instr_empty_cb);
+ kfree(task->thread.ri_cb);
+ task->thread.ri_cb = NULL;
+ preempt_enable();
/*
* Make sure the RI bit is deleted from the PSW. If the user did not
@@ -43,19 +56,6 @@ static void init_runtime_instr_cb(struct
cb->valid = 1;
}
-void exit_thread_runtime_instr(void)
-{
- struct task_struct *task = current;
-
- preempt_disable();
- if (!task->thread.ri_cb)
- return;
- disable_runtime_instr();
- kfree(task->thread.ri_cb);
- task->thread.ri_cb = NULL;
- preempt_enable();
-}
-
SYSCALL_DEFINE1(s390_runtime_instr, int, command)
{
struct runtime_instr_cb *cb;
@@ -64,7 +64,7 @@ SYSCALL_DEFINE1(s390_runtime_instr, int,
return -EOPNOTSUPP;
if (command == S390_RUNTIME_INSTR_STOP) {
- exit_thread_runtime_instr();
+ disable_runtime_instr();
return 0;
}
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sebastian Sjoholm <[email protected]>
commit c654b21ede93845863597de9ad774fd30db5f2ab upstream.
Quectel BG96 is an Qualcomm MDM9206 based IoT modem, supporting both
CAT-M and NB-IoT. Tested hardware is BG96 mounted on Quectel
development board (EVB). The USB id is added to option.c to allow
DIAG,GPS,AT and modem communication with the BG96.
Signed-off-by: Sebastian Sjoholm <[email protected]>
Signed-off-by: Johan Hovold <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/usb/serial/option.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/usb/serial/option.c
+++ b/drivers/usb/serial/option.c
@@ -241,6 +241,7 @@ static void option_instat_callback(struc
/* These Quectel products use Quectel's vendor ID */
#define QUECTEL_PRODUCT_EC21 0x0121
#define QUECTEL_PRODUCT_EC25 0x0125
+#define QUECTEL_PRODUCT_BG96 0x0296
#define CMOTECH_VENDOR_ID 0x16d8
#define CMOTECH_PRODUCT_6001 0x6001
@@ -1185,6 +1186,8 @@ static const struct usb_device_id option
.driver_info = (kernel_ulong_t)&net_intf4_blacklist },
{ USB_DEVICE(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EC25),
.driver_info = (kernel_ulong_t)&net_intf4_blacklist },
+ { USB_DEVICE(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_BG96),
+ .driver_info = (kernel_ulong_t)&net_intf4_blacklist },
{ USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_6001) },
{ USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_CMU_300) },
{ USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_6003),
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Richter <[email protected]>
[ Upstream commit 22905582f6dd4bbd0c370fe5732c607452010c04 ]
Command perf test -v 16 (Setup struct perf_event_attr test) always
reports success even if the test case fails. It works correctly if you
also specify -F (for don't fork).
root@s35lp76 perf]# ./perf test -v 16
15: Setup struct perf_event_attr :
--- start ---
running './tests/attr/test-record-no-delay'
[ perf record: Woken up 1 times to write data ]
[ perf record: Captured and wrote 0.002 MB /tmp/tmp4E1h7R/perf.data
(1 samples) ]
expected task=0, got 1
expected precise_ip=0, got 3
expected wakeup_events=1, got 0
FAILED './tests/attr/test-record-no-delay' - match failure
test child finished with 0
---- end ----
Setup struct perf_event_attr: Ok
The reason for the wrong error reporting is the return value of the
system() library call. It is called in run_dir() file tests/attr.c and
returns the exit status, in above case 0xff00.
This value is given as parameter to the exit() function which can only
handle values 0-0xff.
The child process terminates with exit value of 0 and the parent does
not detect any error.
This patch corrects the error reporting and prints the correct test
result.
Signed-off-by: Thomas-Mich Richter <[email protected]>
Acked-by: Jiri Olsa <[email protected]>
Cc: Heiko Carstens <[email protected]>
Cc: Hendrik Brueckner <[email protected]>
Cc: Martin Schwidefsky <[email protected]>
Cc: Thomas-Mich Richter <[email protected]>
LPU-Reference: [email protected]
Link: http://lkml.kernel.org/n/[email protected]
Signed-off-by: Arnaldo Carvalho de Melo <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
tools/perf/tests/attr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/tools/perf/tests/attr.c
+++ b/tools/perf/tests/attr.c
@@ -150,7 +150,7 @@ static int run_dir(const char *d, const
snprintf(cmd, 3*PATH_MAX, PYTHON " %s/attr.py -d %s/attr/ -p %s %.*s",
d, d, perf, vcnt, v);
- return system(cmd);
+ return system(cmd) ? TEST_FAIL : TEST_OK;
}
int test__attr(void)
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christian Borntraeger <[email protected]>
[ Upstream commit 48070c73058be6de9c0d754d441ed7092dfc8f12 ]
As of today QEMU does not provide the AIS facility to its guest. This
prevents Linux guests from using PCI devices as the ais facility is
checked during init. As this is just a performance optimization, we can
move the ais check into the code where we need it (calling the SIC
instruction). This is used at initialization and on interrupt. Both
places do not require any serialization, so we can simply skip the
instruction.
Since we will now get all interrupts, we can also avoid the 2nd scan.
As we can have multiple interrupts in parallel we might trigger spurious
irqs more often for the non-AIS case but the core code can handle that.
Signed-off-by: Christian Borntraeger <[email protected]>
Reviewed-by: Pierre Morel <[email protected]>
Reviewed-by: Halil Pasic <[email protected]>
Acked-by: Sebastian Ott <[email protected]>
Signed-off-by: Heiko Carstens <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
arch/s390/include/asm/pci_insn.h | 2 +-
arch/s390/pci/pci.c | 5 +++--
arch/s390/pci/pci_insn.c | 6 +++++-
3 files changed, 9 insertions(+), 4 deletions(-)
--- a/arch/s390/include/asm/pci_insn.h
+++ b/arch/s390/include/asm/pci_insn.h
@@ -81,6 +81,6 @@ int zpci_refresh_trans(u64 fn, u64 addr,
int zpci_load(u64 *data, u64 req, u64 offset);
int zpci_store(u64 data, u64 req, u64 offset);
int zpci_store_block(const u64 *data, u64 req, u64 offset);
-void zpci_set_irq_ctrl(u16 ctl, char *unused, u8 isc);
+int zpci_set_irq_ctrl(u16 ctl, char *unused, u8 isc);
#endif
--- a/arch/s390/pci/pci.c
+++ b/arch/s390/pci/pci.c
@@ -359,7 +359,8 @@ static void zpci_irq_handler(struct airq
/* End of second scan with interrupts on. */
break;
/* First scan complete, reenable interrupts. */
- zpci_set_irq_ctrl(SIC_IRQ_MODE_SINGLE, NULL, PCI_ISC);
+ if (zpci_set_irq_ctrl(SIC_IRQ_MODE_SINGLE, NULL, PCI_ISC))
+ break;
si = 0;
continue;
}
@@ -921,7 +922,7 @@ static int __init pci_base_init(void)
if (!s390_pci_probe)
return 0;
- if (!test_facility(69) || !test_facility(71) || !test_facility(72))
+ if (!test_facility(69) || !test_facility(71))
return 0;
rc = zpci_debug_init();
--- a/arch/s390/pci/pci_insn.c
+++ b/arch/s390/pci/pci_insn.c
@@ -7,6 +7,7 @@
#include <linux/export.h>
#include <linux/errno.h>
#include <linux/delay.h>
+#include <asm/facility.h>
#include <asm/pci_insn.h>
#include <asm/pci_debug.h>
#include <asm/processor.h>
@@ -91,11 +92,14 @@ int zpci_refresh_trans(u64 fn, u64 addr,
}
/* Set Interruption Controls */
-void zpci_set_irq_ctrl(u16 ctl, char *unused, u8 isc)
+int zpci_set_irq_ctrl(u16 ctl, char *unused, u8 isc)
{
+ if (!test_facility(72))
+ return -EIO;
asm volatile (
" .insn rsy,0xeb00000000d1,%[ctl],%[isc],%[u]\n"
: : [ctl] "d" (ctl), [isc] "d" (isc << 27), [u] "Q" (*unused));
+ return 0;
}
/* PCI Load */
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Florian Fainelli <[email protected]>
[ Upstream commit bb7da333d0a9f3bddc08f84187b7579a3f68fd24 ]
Since we need to pad our packets, utilize skb_put_padto() which
increases skb->len by how much we need to pad, allowing us to eliminate
the test on skb->len right below.
Signed-off-by: Florian Fainelli <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/net/ethernet/broadcom/bcmsysport.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
--- a/drivers/net/ethernet/broadcom/bcmsysport.c
+++ b/drivers/net/ethernet/broadcom/bcmsysport.c
@@ -1061,13 +1061,12 @@ static netdev_tx_t bcm_sysport_xmit(stru
* (including FCS and tag) because the length verification is done after
* the Broadcom tag is stripped off the ingress packet.
*/
- if (skb_padto(skb, ETH_ZLEN + ENET_BRCM_TAG_LEN)) {
+ if (skb_put_padto(skb, ETH_ZLEN + ENET_BRCM_TAG_LEN)) {
ret = NETDEV_TX_OK;
goto out;
}
- skb_len = skb->len < ETH_ZLEN + ENET_BRCM_TAG_LEN ?
- ETH_ZLEN + ENET_BRCM_TAG_LEN : skb->len;
+ skb_len = skb->len;
mapping = dma_map_single(kdev, skb->data, skb_len, DMA_TO_DEVICE);
if (dma_mapping_error(kdev, mapping)) {
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Florian Fainelli <[email protected]>
[ Upstream commit 38e5a85562a6cd911fc26d951d576551a688574c ]
Inserting the TSB means adding an extra 8 bytes in front the of packet
that is going to be used as metadata information by the TDMA engine, but
stripped off, so it does not really help with the packet padding.
For some odd packet sizes that fall below the 60 bytes payload (e.g: ARP)
we can end-up padding them after the TSB insertion, thus making them 64
bytes, but with the TDMA stripping off the first 8 bytes, they could
still be smaller than 64 bytes which is required to ingress the switch.
Fix this by swapping the padding and TSB insertion, guaranteeing that
the packets have the right sizes.
Fixes: 80105befdb4b ("net: systemport: add Broadcom SYSTEMPORT Ethernet MAC driver")
Signed-off-by: Florian Fainelli <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/net/ethernet/broadcom/bcmsysport.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
--- a/drivers/net/ethernet/broadcom/bcmsysport.c
+++ b/drivers/net/ethernet/broadcom/bcmsysport.c
@@ -1045,15 +1045,6 @@ static netdev_tx_t bcm_sysport_xmit(stru
goto out;
}
- /* Insert TSB and checksum infos */
- if (priv->tsb_en) {
- skb = bcm_sysport_insert_tsb(skb, dev);
- if (!skb) {
- ret = NETDEV_TX_OK;
- goto out;
- }
- }
-
/* The Ethernet switch we are interfaced with needs packets to be at
* least 64 bytes (including FCS) otherwise they will be discarded when
* they enter the switch port logic. When Broadcom tags are enabled, we
@@ -1066,6 +1057,15 @@ static netdev_tx_t bcm_sysport_xmit(stru
goto out;
}
+ /* Insert TSB and checksum infos */
+ if (priv->tsb_en) {
+ skb = bcm_sysport_insert_tsb(skb, dev);
+ if (!skb) {
+ ret = NETDEV_TX_OK;
+ goto out;
+ }
+ }
+
skb_len = skb->len;
mapping = dma_map_single(kdev, skb->data, skb_len, DMA_TO_DEVICE);
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kazuya Mizuguchi <[email protected]>
[ Upstream commit 18a3ed59d09cf81a6447aadf6931bf0c9ffec5e0 ]
Remove Rx overflow log messages as in an environment where logging results
in network traffic logging may cause further overflows.
Fixes: c156633f1353 ("Renesas Ethernet AVB driver proper")
Signed-off-by: Kazuya Mizuguchi <[email protected]>
[simon: reworked changelog]
Signed-off-by: Simon Horman <[email protected]>
Acked-by: Sergei Shtylyov <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/net/ethernet/renesas/ravb_main.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
--- a/drivers/net/ethernet/renesas/ravb_main.c
+++ b/drivers/net/ethernet/renesas/ravb_main.c
@@ -831,14 +831,10 @@ static int ravb_poll(struct napi_struct
/* Receive error message handling */
priv->rx_over_errors = priv->stats[RAVB_BE].rx_over_errors;
priv->rx_over_errors += priv->stats[RAVB_NC].rx_over_errors;
- if (priv->rx_over_errors != ndev->stats.rx_over_errors) {
+ if (priv->rx_over_errors != ndev->stats.rx_over_errors)
ndev->stats.rx_over_errors = priv->rx_over_errors;
- netif_err(priv, rx_err, ndev, "Receive Descriptor Empty\n");
- }
- if (priv->rx_fifo_errors != ndev->stats.rx_fifo_errors) {
+ if (priv->rx_fifo_errors != ndev->stats.rx_fifo_errors)
ndev->stats.rx_fifo_errors = priv->rx_fifo_errors;
- netif_err(priv, rx_err, ndev, "Receive FIFO Overflow\n");
- }
out:
return budget - quota;
}
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christoffer Dall <[email protected]>
[ Upstream commit 63e41226afc3f7a044b70325566fa86ac3142538 ]
When a VCPU blocks (WFI) and has programmed the vtimer, we program a
soft timer to expire in the future to wake up the vcpu thread when
appropriate. Because such as wake up involves a vcpu kick, and the
timer expire function can get called from interrupt context, and the
kick may sleep, we have to schedule the kick in the work function.
The work function currently has a warning that gets raised if it turns
out that the timer shouldn't fire when it's run, which was added because
the idea was that in that case the work should never have been cancelled.
However, it turns out that this whole thing is racy and we can get
spurious warnings. The problem is that we clear the armed flag in the
work function, which may run in parallel with the
kvm_timer_unschedule->timer_disarm() call. This results in a possible
situation where the timer_disarm() call does not call
cancel_work_sync(), which effectively synchronizes the completion of the
work function with running the VCPU. As a result, the VCPU thread
proceeds before the work function completees, causing changes to the
timer state such that kvm_timer_should_fire(vcpu) returns false in the
work function.
All we do in the work function is to kick the VCPU, and an occasional
rare extra kick never harmed anyone. Since the race above is extremely
rare, we don't bother checking if the race happens but simply remove the
check and the clearing of the armed flag from the work function.
Reported-by: Matthias Brugger <[email protected]>
Reviewed-by: Marc Zyngier <[email protected]>
Signed-off-by: Christoffer Dall <[email protected]>
Signed-off-by: Marc Zyngier <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
virt/kvm/arm/arch_timer.c | 3 ---
1 file changed, 3 deletions(-)
--- a/virt/kvm/arm/arch_timer.c
+++ b/virt/kvm/arm/arch_timer.c
@@ -84,9 +84,6 @@ static void kvm_timer_inject_irq_work(st
struct kvm_vcpu *vcpu;
vcpu = container_of(work, struct kvm_vcpu, arch.timer_cpu.expired);
- vcpu->arch.timer_cpu.armed = false;
-
- WARN_ON(!kvm_timer_should_fire(vcpu));
/*
* If the vcpu is blocked we want to wake it up so that it will see
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Trond Myklebust <[email protected]>
[ Upstream commit c6180a6237174f481dc856ed6e890d8196b6f0fb ]
If the server reboots multiple times, the client should rely on the
server to tell it that it cannot reclaim state as per section 9.6.3.4
in RFC7530 and section 8.4.2.1 in RFC5661.
Currently, the client is being to conservative, and is assuming that
if the server reboots while state recovery is in progress, then it must
ignore state that was not recovered before the reboot.
Signed-off-by: Trond Myklebust <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
fs/nfs/nfs4state.c | 1 -
1 file changed, 1 deletion(-)
--- a/fs/nfs/nfs4state.c
+++ b/fs/nfs/nfs4state.c
@@ -1680,7 +1680,6 @@ static int nfs4_recovery_handle_error(st
break;
case -NFS4ERR_STALE_CLIENTID:
set_bit(NFS4CLNT_LEASE_EXPIRED, &clp->cl_state);
- nfs4_state_clear_reclaim_reboot(clp);
nfs4_state_start_reclaim_reboot(clp);
break;
case -NFS4ERR_EXPIRED:
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Colin Ian King <[email protected]>
[ Upstream commit 0e73fc9a56f22f2eec4d2b2910c649f7af67b74d ]
The comparison on the timeout can lead to an array overrun
read on sctp_timer_tbl because of an off-by-one error. Fix
this by using < instead of <= and also compare to the array
size rather than SCTP_EVENT_TIMEOUT_MAX.
Fixes CoverityScan CID#1397639 ("Out-of-bounds read")
Signed-off-by: Colin Ian King <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/sctp/debug.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/sctp/debug.c
+++ b/net/sctp/debug.c
@@ -166,7 +166,7 @@ static const char *const sctp_timer_tbl[
/* Lookup timer debug name. */
const char *sctp_tname(const sctp_subtype_t id)
{
- if (id.timeout <= SCTP_EVENT_TIMEOUT_MAX)
+ if (id.timeout < ARRAY_SIZE(sctp_timer_tbl))
return sctp_timer_tbl[id.timeout];
return "unknown_timer";
}
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jason Baron <[email protected]>
[ Upstream commit 56d806222ace4c3aeae516cd7a855340fb2839d8 ]
sock_reset_flag() maps to __clear_bit() not the atomic version clear_bit().
Thus, we need smp_mb(), smp_mb__after_atomic() is not sufficient.
Fixes: 3c7151275c0c ("tcp: add memory barriers to write space paths")
Cc: Eric Dumazet <[email protected]>
Cc: Oleg Nesterov <[email protected]>
Signed-off-by: Jason Baron <[email protected]>
Acked-by: Eric Dumazet <[email protected]>
Reported-by: Oleg Nesterov <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/ipv4/tcp_input.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -4942,7 +4942,7 @@ static void tcp_check_space(struct sock
if (sock_flag(sk, SOCK_QUEUE_SHRUNK)) {
sock_reset_flag(sk, SOCK_QUEUE_SHRUNK);
/* pairs with tcp_poll() */
- smp_mb__after_atomic();
+ smp_mb();
if (sk->sk_socket &&
test_bit(SOCK_NOSPACE, &sk->sk_socket->flags))
tcp_new_space(sk);
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ross Lagerwall <[email protected]>
[ Upstream commit e2e004acc7cbe3c531e752a270a74e95cde3ea48 ]
This fixes a crash when running out of grant refs when creating many
queues across many netdevs.
* If creating queues fails (i.e. there are no grant refs available),
call xenbus_dev_fatal() to ensure that the xenbus device is set to the
closed state.
* If no queues are created, don't call xennet_disconnect_backend as
netdev->real_num_tx_queues will not have been set correctly.
* If setup_netfront() fails, ensure that all the queues created are
cleaned up, not just those that have been set up.
* If any queues were set up and an error occurs, call
xennet_destroy_queues() to clean up the napi context.
* If any fatal error occurs, unregister and destroy the netdev to avoid
leaving around a half setup network device.
Signed-off-by: Ross Lagerwall <[email protected]>
Reviewed-by: Boris Ostrovsky <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/net/xen-netfront.c | 29 +++++++++++------------------
1 file changed, 11 insertions(+), 18 deletions(-)
--- a/drivers/net/xen-netfront.c
+++ b/drivers/net/xen-netfront.c
@@ -1840,27 +1840,19 @@ static int talk_to_netback(struct xenbus
xennet_destroy_queues(info);
err = xennet_create_queues(info, &num_queues);
- if (err < 0)
- goto destroy_ring;
+ if (err < 0) {
+ xenbus_dev_fatal(dev, err, "creating queues");
+ kfree(info->queues);
+ info->queues = NULL;
+ goto out;
+ }
/* Create shared ring, alloc event channel -- for each queue */
for (i = 0; i < num_queues; ++i) {
queue = &info->queues[i];
err = setup_netfront(dev, queue, feature_split_evtchn);
- if (err) {
- /* setup_netfront() will tidy up the current
- * queue on error, but we need to clean up
- * those already allocated.
- */
- if (i > 0) {
- rtnl_lock();
- netif_set_real_num_tx_queues(info->netdev, i);
- rtnl_unlock();
- goto destroy_ring;
- } else {
- goto out;
- }
- }
+ if (err)
+ goto destroy_ring;
}
again:
@@ -1950,9 +1942,10 @@ abort_transaction_no_dev_fatal:
xenbus_transaction_end(xbt, 1);
destroy_ring:
xennet_disconnect_backend(info);
- kfree(info->queues);
- info->queues = NULL;
+ xennet_destroy_queues(info);
out:
+ unregister_netdev(info->netdev);
+ xennet_free_netdev(info->netdev);
return err;
}
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Iago Abal <[email protected]>
[ Upstream commit 91539eb1fda2d530d3b268eef542c5414e54bf1a ]
The static bug finder EBA (http://www.iagoabal.eu/eba/) reported the
following double-lock bug:
Double lock:
1. spin_lock_irqsave(pch->lock, flags) at pl330_free_chan_resources:2236;
2. call to function `pl330_release_channel' immediately after;
3. call to function `dma_pl330_rqcb' in line 1753;
4. spin_lock_irqsave(pch->lock, flags) at dma_pl330_rqcb:1505.
I have fixed it as suggested by Marek Szyprowski.
First, I have replaced `pch->lock' with `pl330->lock' in functions
`pl330_alloc_chan_resources' and `pl330_free_chan_resources'. This avoids
the double-lock by acquiring a different lock than `dma_pl330_rqcb'.
NOTE that, as a result, `pl330_free_chan_resources' executes
`list_splice_tail_init' on `pch->work_list' under lock `pl330->lock',
whereas in the rest of the code `pch->work_list' is protected by
`pch->lock'. I don't know if this may cause race conditions. Similarly
`pch->cyclic' is written by `pl330_alloc_chan_resources' under
`pl330->lock' but read by `pl330_tx_submit' under `pch->lock'.
Second, I have removed locking from `pl330_request_channel' and
`pl330_release_channel' functions. Function `pl330_request_channel' is
only called from `pl330_alloc_chan_resources', so the lock is already
held. Function `pl330_release_channel' is called from
`pl330_free_chan_resources', which already holds the lock, and from
`pl330_del'. Function `pl330_del' is called in an error path of
`pl330_probe' and at the end of `pl330_remove', but I assume that there
cannot be concurrent accesses to the protected data at those points.
Signed-off-by: Iago Abal <[email protected]>
Reviewed-by: Marek Szyprowski <[email protected]>
Signed-off-by: Vinod Koul <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/dma/pl330.c | 19 ++++++-------------
1 file changed, 6 insertions(+), 13 deletions(-)
--- a/drivers/dma/pl330.c
+++ b/drivers/dma/pl330.c
@@ -1657,7 +1657,6 @@ static bool _chan_ns(const struct pl330_
static struct pl330_thread *pl330_request_channel(struct pl330_dmac *pl330)
{
struct pl330_thread *thrd = NULL;
- unsigned long flags;
int chans, i;
if (pl330->state == DYING)
@@ -1665,8 +1664,6 @@ static struct pl330_thread *pl330_reques
chans = pl330->pcfg.num_chan;
- spin_lock_irqsave(&pl330->lock, flags);
-
for (i = 0; i < chans; i++) {
thrd = &pl330->channels[i];
if ((thrd->free) && (!_manager_ns(thrd) ||
@@ -1684,8 +1681,6 @@ static struct pl330_thread *pl330_reques
thrd = NULL;
}
- spin_unlock_irqrestore(&pl330->lock, flags);
-
return thrd;
}
@@ -1703,7 +1698,6 @@ static inline void _free_event(struct pl
static void pl330_release_channel(struct pl330_thread *thrd)
{
struct pl330_dmac *pl330;
- unsigned long flags;
if (!thrd || thrd->free)
return;
@@ -1715,10 +1709,8 @@ static void pl330_release_channel(struct
pl330 = thrd->dmac;
- spin_lock_irqsave(&pl330->lock, flags);
_free_event(thrd, thrd->ev);
thrd->free = true;
- spin_unlock_irqrestore(&pl330->lock, flags);
}
/* Initialize the structure for PL330 configuration, that can be used
@@ -2085,20 +2077,20 @@ static int pl330_alloc_chan_resources(st
struct pl330_dmac *pl330 = pch->dmac;
unsigned long flags;
- spin_lock_irqsave(&pch->lock, flags);
+ spin_lock_irqsave(&pl330->lock, flags);
dma_cookie_init(chan);
pch->cyclic = false;
pch->thread = pl330_request_channel(pl330);
if (!pch->thread) {
- spin_unlock_irqrestore(&pch->lock, flags);
+ spin_unlock_irqrestore(&pl330->lock, flags);
return -ENOMEM;
}
tasklet_init(&pch->task, pl330_tasklet, (unsigned long) pch);
- spin_unlock_irqrestore(&pch->lock, flags);
+ spin_unlock_irqrestore(&pl330->lock, flags);
return 1;
}
@@ -2201,12 +2193,13 @@ static int pl330_pause(struct dma_chan *
static void pl330_free_chan_resources(struct dma_chan *chan)
{
struct dma_pl330_chan *pch = to_pchan(chan);
+ struct pl330_dmac *pl330 = pch->dmac;
unsigned long flags;
tasklet_kill(&pch->task);
pm_runtime_get_sync(pch->dmac->ddma.dev);
- spin_lock_irqsave(&pch->lock, flags);
+ spin_lock_irqsave(&pl330->lock, flags);
pl330_release_channel(pch->thread);
pch->thread = NULL;
@@ -2214,7 +2207,7 @@ static void pl330_free_chan_resources(st
if (pch->cyclic)
list_splice_tail_init(&pch->work_list, &pch->dmac->desc_pool);
- spin_unlock_irqrestore(&pch->lock, flags);
+ spin_unlock_irqrestore(&pl330->lock, flags);
pm_runtime_mark_last_busy(pch->dmac->ddma.dev);
pm_runtime_put_autosuspend(pch->dmac->ddma.dev);
}
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Rui Sousa <[email protected]>
[ Upstream commit 01f8902bcf3ff124d0aeb88a774180ebcec20ace ]
Fix hardware setup of multicast address hash:
- Never clear the hardware hash (to avoid packet loss)
- Construct the hash register values in software and then write once
to hardware
Signed-off-by: Rui Sousa <[email protected]>
Signed-off-by: Fugang Duan <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/net/ethernet/freescale/fec_main.c | 23 +++++++++--------------
1 file changed, 9 insertions(+), 14 deletions(-)
--- a/drivers/net/ethernet/freescale/fec_main.c
+++ b/drivers/net/ethernet/freescale/fec_main.c
@@ -2968,6 +2968,7 @@ static void set_multicast_list(struct ne
struct netdev_hw_addr *ha;
unsigned int i, bit, data, crc, tmp;
unsigned char hash;
+ unsigned int hash_high = 0, hash_low = 0;
if (ndev->flags & IFF_PROMISC) {
tmp = readl(fep->hwp + FEC_R_CNTRL);
@@ -2990,11 +2991,7 @@ static void set_multicast_list(struct ne
return;
}
- /* Clear filter and add the addresses in hash register
- */
- writel(0, fep->hwp + FEC_GRP_HASH_TABLE_HIGH);
- writel(0, fep->hwp + FEC_GRP_HASH_TABLE_LOW);
-
+ /* Add the addresses in hash register */
netdev_for_each_mc_addr(ha, ndev) {
/* calculate crc32 value of mac address */
crc = 0xffffffff;
@@ -3012,16 +3009,14 @@ static void set_multicast_list(struct ne
*/
hash = (crc >> (32 - HASH_BITS)) & 0x3f;
- if (hash > 31) {
- tmp = readl(fep->hwp + FEC_GRP_HASH_TABLE_HIGH);
- tmp |= 1 << (hash - 32);
- writel(tmp, fep->hwp + FEC_GRP_HASH_TABLE_HIGH);
- } else {
- tmp = readl(fep->hwp + FEC_GRP_HASH_TABLE_LOW);
- tmp |= 1 << hash;
- writel(tmp, fep->hwp + FEC_GRP_HASH_TABLE_LOW);
- }
+ if (hash > 31)
+ hash_high |= 1 << (hash - 32);
+ else
+ hash_low |= 1 << hash;
}
+
+ writel(hash_high, fep->hwp + FEC_GRP_HASH_TABLE_HIGH);
+ writel(hash_low, fep->hwp + FEC_GRP_HASH_TABLE_LOW);
}
/* Set a MAC change in hardware. */
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mathias Nyman <[email protected]>
commit faee822c5a7ab99de25cd34fcde3f8d37b6b9923 upstream.
USB 3.1 devices that support precision time measurement have an
additional PTM cabaility descriptor as part of the full BOS descriptor
Look for this descriptor while parsing the BOS descriptor, and store it in
struct usb_hub_bos if it exists.
Signed-off-by: Mathias Nyman <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/usb/core/config.c | 3 +++
include/linux/usb.h | 1 +
include/uapi/linux/usb/ch9.h | 10 ++++++++++
3 files changed, 14 insertions(+)
--- a/drivers/usb/core/config.c
+++ b/drivers/usb/core/config.c
@@ -959,6 +959,9 @@ int usb_get_bos_descriptor(struct usb_de
dev->bos->ss_id =
(struct usb_ss_container_id_descriptor *)buffer;
break;
+ case USB_PTM_CAP_TYPE:
+ dev->bos->ptm_cap =
+ (struct usb_ptm_cap_descriptor *)buffer;
default:
break;
}
--- a/include/linux/usb.h
+++ b/include/linux/usb.h
@@ -330,6 +330,7 @@ struct usb_host_bos {
struct usb_ss_cap_descriptor *ss_cap;
struct usb_ssp_cap_descriptor *ssp_cap;
struct usb_ss_container_id_descriptor *ss_id;
+ struct usb_ptm_cap_descriptor *ptm_cap;
};
int __usb_get_extra_descriptor(char *buffer, unsigned size,
--- a/include/uapi/linux/usb/ch9.h
+++ b/include/uapi/linux/usb/ch9.h
@@ -895,6 +895,16 @@ struct usb_ssp_cap_descriptor {
#define USB_SSP_SUBLINK_SPEED_LSM (0xff << 16) /* Lanespeed mantissa */
} __attribute__((packed));
+/*
+ * Precision time measurement capability descriptor: advertised by devices and
+ * hubs that support PTM
+ */
+#define USB_PTM_CAP_TYPE 0xb
+struct usb_ptm_cap_descriptor {
+ __u8 bLength;
+ __u8 bDescriptorType;
+ __u8 bDevCapabilityType;
+} __attribute__((packed));
/*-------------------------------------------------------------------------*/
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yu Chen <[email protected]>
commit 80e457699a8dbdd70f2d26911e46f538645c55fc upstream.
Check vdev->real_port 0 to avoid panic
[ 9.261347] [<ffffff800884a390>] xhci_free_virt_devices_depth_first+0x58/0x108
[ 9.261352] [<ffffff800884a814>] xhci_mem_cleanup+0x1bc/0x570
[ 9.261355] [<ffffff8008842de8>] xhci_stop+0x140/0x1c8
[ 9.261365] [<ffffff80087ed304>] usb_remove_hcd+0xfc/0x1d0
[ 9.261369] [<ffffff80088551c4>] xhci_plat_remove+0x6c/0xa8
[ 9.261377] [<ffffff80086e928c>] platform_drv_remove+0x2c/0x70
[ 9.261384] [<ffffff80086e6ea0>] __device_release_driver+0x80/0x108
[ 9.261387] [<ffffff80086e7a1c>] device_release_driver+0x2c/0x40
[ 9.261392] [<ffffff80086e5f28>] bus_remove_device+0xe0/0x120
[ 9.261396] [<ffffff80086e2e34>] device_del+0x114/0x210
[ 9.261399] [<ffffff80086e9e00>] platform_device_del+0x30/0xa0
[ 9.261403] [<ffffff8008810bdc>] dwc3_otg_work+0x204/0x488
[ 9.261407] [<ffffff80088133fc>] event_work+0x304/0x5b8
[ 9.261414] [<ffffff80080e31b0>] process_one_work+0x148/0x490
[ 9.261417] [<ffffff80080e3548>] worker_thread+0x50/0x4a0
[ 9.261421] [<ffffff80080e9ea0>] kthread+0xe8/0x100
[ 9.261427] [<ffffff8008083680>] ret_from_fork+0x10/0x50
The problem can occur if xhci_plat_remove() is called shortly after
xhci_plat_probe(). While xhci_free_virt_devices_depth_first been
called before the device has been setup and get real_port initialized.
The problem occurred on Hikey960 and was reproduced by Guenter Roeck
on Kevin with chromeos-4.4.
Fixes: ee8665e28e8d ("xhci: free xhci virtual devices with leaf nodes first")
Cc: Guenter Roeck <[email protected]>
Reviewed-by: Guenter Roeck <[email protected]>
Tested-by: Guenter Roeck <[email protected]>
Signed-off-by: Fan Ning <[email protected]>
Signed-off-by: Li Rui <[email protected]>
Signed-off-by: yangdi <[email protected]>
Signed-off-by: Yu Chen <[email protected]>
Signed-off-by: Mathias Nyman <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/usb/host/xhci-mem.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/drivers/usb/host/xhci-mem.c
+++ b/drivers/usb/host/xhci-mem.c
@@ -981,6 +981,12 @@ void xhci_free_virt_devices_depth_first(
if (!vdev)
return;
+ if (vdev->real_port == 0 ||
+ vdev->real_port > HCS_MAX_PORTS(xhci->hcs_params1)) {
+ xhci_dbg(xhci, "Bad vdev->real_port.\n");
+ goto out;
+ }
+
tt_list_head = &(xhci->rh_bw[vdev->real_port - 1].tts);
list_for_each_entry_safe(tt_info, next, tt_list_head, tt_list) {
/* is this a hub device that added a tt_info to the tts list */
@@ -994,6 +1000,7 @@ void xhci_free_virt_devices_depth_first(
}
}
}
+out:
/* we are now at a leaf device */
xhci_free_virt_device(xhci, slot_id);
}
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Masakazu Mokuno <[email protected]>
commit 81cf4a45360f70528f1f64ba018d61cb5767249a upstream.
As most of BOS descriptors are longer in length than their header
'struct usb_dev_cap_header', comparing solely with it is not sufficient
to avoid out-of-bounds access to BOS descriptors.
This patch adds descriptor type specific length check in
usb_get_bos_descriptor() to fix the issue.
Signed-off-by: Masakazu Mokuno <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/usb/core/config.c | 28 ++++++++++++++++++++++++----
include/uapi/linux/usb/ch9.h | 3 +++
2 files changed, 27 insertions(+), 4 deletions(-)
--- a/drivers/usb/core/config.c
+++ b/drivers/usb/core/config.c
@@ -871,14 +871,25 @@ void usb_release_bos_descriptor(struct u
}
}
+static const __u8 bos_desc_len[256] = {
+ [USB_CAP_TYPE_WIRELESS_USB] = USB_DT_USB_WIRELESS_CAP_SIZE,
+ [USB_CAP_TYPE_EXT] = USB_DT_USB_EXT_CAP_SIZE,
+ [USB_SS_CAP_TYPE] = USB_DT_USB_SS_CAP_SIZE,
+ [USB_SSP_CAP_TYPE] = USB_DT_USB_SSP_CAP_SIZE(1),
+ [CONTAINER_ID_TYPE] = USB_DT_USB_SS_CONTN_ID_SIZE,
+ [USB_PTM_CAP_TYPE] = USB_DT_USB_PTM_ID_SIZE,
+};
+
/* Get BOS descriptor set */
int usb_get_bos_descriptor(struct usb_device *dev)
{
struct device *ddev = &dev->dev;
struct usb_bos_descriptor *bos;
struct usb_dev_cap_header *cap;
+ struct usb_ssp_cap_descriptor *ssp_cap;
unsigned char *buffer;
- int length, total_len, num, i;
+ int length, total_len, num, i, ssac;
+ __u8 cap_type;
int ret;
bos = kzalloc(sizeof(struct usb_bos_descriptor), GFP_KERNEL);
@@ -931,7 +942,13 @@ int usb_get_bos_descriptor(struct usb_de
dev->bos->desc->bNumDeviceCaps = i;
break;
}
+ cap_type = cap->bDevCapabilityType;
length = cap->bLength;
+ if (bos_desc_len[cap_type] && length < bos_desc_len[cap_type]) {
+ dev->bos->desc->bNumDeviceCaps = i;
+ break;
+ }
+
total_len -= length;
if (cap->bDescriptorType != USB_DT_DEVICE_CAPABILITY) {
@@ -939,7 +956,7 @@ int usb_get_bos_descriptor(struct usb_de
continue;
}
- switch (cap->bDevCapabilityType) {
+ switch (cap_type) {
case USB_CAP_TYPE_WIRELESS_USB:
/* Wireless USB cap descriptor is handled by wusb */
break;
@@ -952,8 +969,11 @@ int usb_get_bos_descriptor(struct usb_de
(struct usb_ss_cap_descriptor *)buffer;
break;
case USB_SSP_CAP_TYPE:
- dev->bos->ssp_cap =
- (struct usb_ssp_cap_descriptor *)buffer;
+ ssp_cap = (struct usb_ssp_cap_descriptor *)buffer;
+ ssac = (le32_to_cpu(ssp_cap->bmAttributes) &
+ USB_SSP_SUBLINK_SPEED_ATTRIBS) + 1;
+ if (length >= USB_DT_USB_SSP_CAP_SIZE(ssac))
+ dev->bos->ssp_cap = ssp_cap;
break;
case CONTAINER_ID_TYPE:
dev->bos->ss_id =
--- a/include/uapi/linux/usb/ch9.h
+++ b/include/uapi/linux/usb/ch9.h
@@ -812,6 +812,8 @@ struct usb_wireless_cap_descriptor { /*
__u8 bReserved;
} __attribute__((packed));
+#define USB_DT_USB_WIRELESS_CAP_SIZE 11
+
/* USB 2.0 Extension descriptor */
#define USB_CAP_TYPE_EXT 2
@@ -1007,6 +1009,7 @@ enum usb3_link_state {
USB3_LPM_U3
};
+#define USB_DT_USB_PTM_ID_SIZE 3
/*
* A U1 timeout of 0x0 means the parent hub will reject any transitions to U1.
* 0xff means the parent hub will accept transitions to U1, but will not
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mateusz Berezecki <[email protected]>
commit 1129d270cbfbb7e2b1ec3dede4a13930bdd10e41 upstream.
Promote a variable keeping track of USB transfer memory usage to a
wider data type and allow for higher bandwidth transfers from a large
number of USB devices connected to a single host.
Signed-off-by: Mateusz Berezecki <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/usb/core/devio.c | 43 ++++++++++++++++---------------------------
1 file changed, 16 insertions(+), 27 deletions(-)
--- a/drivers/usb/core/devio.c
+++ b/drivers/usb/core/devio.c
@@ -113,42 +113,35 @@ enum snoop_when {
#define USB_DEVICE_DEV MKDEV(USB_DEVICE_MAJOR, 0)
/* Limit on the total amount of memory we can allocate for transfers */
-static unsigned usbfs_memory_mb = 16;
+static u32 usbfs_memory_mb = 16;
module_param(usbfs_memory_mb, uint, 0644);
MODULE_PARM_DESC(usbfs_memory_mb,
"maximum MB allowed for usbfs buffers (0 = no limit)");
-/* Hard limit, necessary to avoid arithmetic overflow */
-#define USBFS_XFER_MAX (UINT_MAX / 2 - 1000000)
-
-static atomic_t usbfs_memory_usage; /* Total memory currently allocated */
+static atomic64_t usbfs_memory_usage; /* Total memory currently allocated */
/* Check whether it's okay to allocate more memory for a transfer */
-static int usbfs_increase_memory_usage(unsigned amount)
+static int usbfs_increase_memory_usage(u64 amount)
{
- unsigned lim;
+ u64 lim;
- /*
- * Convert usbfs_memory_mb to bytes, avoiding overflows.
- * 0 means use the hard limit (effectively unlimited).
- */
lim = ACCESS_ONCE(usbfs_memory_mb);
- if (lim == 0 || lim > (USBFS_XFER_MAX >> 20))
- lim = USBFS_XFER_MAX;
- else
- lim <<= 20;
+ lim <<= 20;
- atomic_add(amount, &usbfs_memory_usage);
- if (atomic_read(&usbfs_memory_usage) <= lim)
- return 0;
- atomic_sub(amount, &usbfs_memory_usage);
- return -ENOMEM;
+ atomic64_add(amount, &usbfs_memory_usage);
+
+ if (lim > 0 && atomic64_read(&usbfs_memory_usage) > lim) {
+ atomic64_sub(amount, &usbfs_memory_usage);
+ return -ENOMEM;
+ }
+
+ return 0;
}
/* Memory for a transfer is being deallocated */
-static void usbfs_decrease_memory_usage(unsigned amount)
+static void usbfs_decrease_memory_usage(u64 amount)
{
- atomic_sub(amount, &usbfs_memory_usage);
+ atomic64_sub(amount, &usbfs_memory_usage);
}
static int connected(struct usb_dev_state *ps)
@@ -1077,7 +1070,7 @@ static int proc_bulk(struct usb_dev_stat
if (!usb_maxpacket(dev, pipe, !(bulk.ep & USB_DIR_IN)))
return -EINVAL;
len1 = bulk.len;
- if (len1 >= USBFS_XFER_MAX)
+ if (len1 >= (INT_MAX - sizeof(struct urb)))
return -EINVAL;
ret = usbfs_increase_memory_usage(len1 + sizeof(struct urb));
if (ret)
@@ -1424,10 +1417,6 @@ static int proc_do_submiturb(struct usb_
return -EINVAL;
}
- if (uurb->buffer_length >= USBFS_XFER_MAX) {
- ret = -EINVAL;
- goto error;
- }
if (uurb->buffer_length > 0 &&
!access_ok(is_in ? VERIFY_WRITE : VERIFY_READ,
uurb->buffer, uurb->buffer_length)) {
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Gustavo A. R. Silva" <[email protected]>
[ Upstream commit a8e9b186f153a44690ad0363a56716e7077ad28c ]
Add missing break statement in order to prevent the code from falling
through.
Signed-off-by: Gustavo A. R. Silva <[email protected]>
Cc: Qiuxu Zhuo <[email protected]>
Cc: linux-edac <[email protected]>
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Borislav Petkov <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/edac/sb_edac.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/edac/sb_edac.c
+++ b/drivers/edac/sb_edac.c
@@ -1773,6 +1773,7 @@ static int ibridge_mci_bind_devs(struct
break;
case PCI_DEVICE_ID_INTEL_IBRIDGE_IMC_HA0_TA:
pvt->pci_ta = pdev;
+ break;
case PCI_DEVICE_ID_INTEL_IBRIDGE_IMC_HA0_RAS:
pvt->pci_ras = pdev;
break;
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Aaron Sierra <[email protected]>
[ Upstream commit 0ab84da2e076948c49d36197ee7d254125c53eab ]
The upper four bits of the XR17V35x fractional divisor register (DLD)
control general chip function (RS-485 direction pin polarity, multidrop
mode, XON/XOFF parity check, and fast IR mode). Don't allow these bits
to be clobbered when setting the baudrate.
Signed-off-by: Aaron Sierra <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/tty/serial/8250/8250_port.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/drivers/tty/serial/8250/8250_port.c
+++ b/drivers/tty/serial/8250/8250_port.c
@@ -2223,8 +2223,11 @@ static void serial8250_set_divisor(struc
serial_dl_write(up, quot);
/* XR17V35x UARTs have an extra fractional divisor register (DLD) */
- if (up->port.type == PORT_XR17V35X)
+ if (up->port.type == PORT_XR17V35X) {
+ /* Preserve bits not related to baudrate; DLD[7:4]. */
+ quot_frac |= serial_port_in(port, 0x2) & 0xf0;
serial_port_out(port, 0x2, quot_frac);
+ }
}
static unsigned int
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jibin Xu <[email protected]>
[ Upstream commit b00bebbc301c8e1f74f230dc82282e56b7e7a6db ]
When kernel configuration SMP,PREEMPT and DEBUG_PREEMPT are enabled,
echo 1 >/proc/sys/kernel/sysrq
echo p >/proc/sysrq-trigger
kernel will print call trace as below:
sysrq: SysRq : Show Regs
BUG: using __this_cpu_read() in preemptible [00000000] code: sh/435
caller is __this_cpu_preempt_check+0x18/0x20
Call trace:
[<ffffff8008088e80>] dump_backtrace+0x0/0x1d0
[<ffffff8008089074>] show_stack+0x24/0x30
[<ffffff8008447970>] dump_stack+0x90/0xb0
[<ffffff8008463950>] check_preemption_disabled+0x100/0x108
[<ffffff8008463998>] __this_cpu_preempt_check+0x18/0x20
[<ffffff80084c9194>] sysrq_handle_showregs+0x1c/0x40
[<ffffff80084c9c7c>] __handle_sysrq+0x12c/0x1a0
[<ffffff80084ca140>] write_sysrq_trigger+0x60/0x70
[<ffffff8008251e00>] proc_reg_write+0x90/0xd0
[<ffffff80081f1788>] __vfs_write+0x48/0x90
[<ffffff80081f241c>] vfs_write+0xa4/0x190
[<ffffff80081f3354>] SyS_write+0x54/0xb0
[<ffffff80080833f0>] el0_svc_naked+0x24/0x28
This can be seen on a common board like an r-pi3.
This happens because when echo p >/proc/sysrq-trigger,
get_irq_regs() is called outside of IRQ context,
if preemption is enabled in this situation,kernel will
print the call trace. Since many prior discussions on
the mailing lists have made it clear that get_irq_regs
either just returns NULL or stale data when used outside
of IRQ context,we simply avoid calling it outside of
IRQ context.
Signed-off-by: Jibin Xu <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/tty/sysrq.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
--- a/drivers/tty/sysrq.c
+++ b/drivers/tty/sysrq.c
@@ -237,8 +237,10 @@ static void sysrq_handle_showallcpus(int
* architecture has no support for it:
*/
if (!trigger_all_cpu_backtrace()) {
- struct pt_regs *regs = get_irq_regs();
+ struct pt_regs *regs = NULL;
+ if (in_irq())
+ regs = get_irq_regs();
if (regs) {
pr_info("CPU%d:\n", smp_processor_id());
show_regs(regs);
@@ -257,7 +259,10 @@ static struct sysrq_key_op sysrq_showall
static void sysrq_handle_showregs(int key)
{
- struct pt_regs *regs = get_irq_regs();
+ struct pt_regs *regs = NULL;
+
+ if (in_irq())
+ regs = get_irq_regs();
if (regs)
show_regs(regs);
perf_event_print_debug();
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lukas Wunner <[email protected]>
[ Upstream commit 3236a965486ba0c6043cf2c7b51943d8b382ae29 ]
This driver's ->rs485_config callback checks if SER_RS485_RTS_ON_SEND
and SER_RS485_RTS_AFTER_SEND have the same value. If they do, it means
the user has passed in invalid data with the TIOCSRS485 ioctl()
since RTS must have a different polarity when sending and when not
sending. In this case, rs485 mode is not enabled (the RS485_URA bit
is not set in the RS485 Enable Register) and this is supposed to be
signaled back to the user by clearing the SER_RS485_ENABLED bit in
struct serial_rs485 ... except a missing tilde character is preventing
that from happening.
Fixes: 28e3fb6c4dce ("serial: Add support for Fintek F81216A LPC to 4 UART")
Cc: Ricardo Ribalda Delgado <[email protected]>
Cc: "Ji-Ze Hong (Peter Hong)" <[email protected]>
Signed-off-by: Lukas Wunner <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/tty/serial/8250/8250_fintek.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/tty/serial/8250/8250_fintek.c
+++ b/drivers/tty/serial/8250/8250_fintek.c
@@ -117,7 +117,7 @@ static int fintek_8250_rs485_config(stru
if ((!!(rs485->flags & SER_RS485_RTS_ON_SEND)) ==
(!!(rs485->flags & SER_RS485_RTS_AFTER_SEND)))
- rs485->flags &= SER_RS485_ENABLED;
+ rs485->flags &= ~SER_RS485_ENABLED;
else
config |= RS485_URA;
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ben Hutchings <[email protected]>
[ Upstream commit c15562c0dcb2c7f26e891923b784cf1926b8c833 ]
usbip_host_driver.h now depends on several additional headers, which
need to be installed along with it.
Fixes: 021aed845303 ("staging: usbip: userspace: migrate usbip_host_driver ...")
Fixes: 3391ba0e2792 ("usbip: tools: Extract generic code to be shared with ...")
Signed-off-by: Ben Hutchings <[email protected]>
Acked-by: Shuah Khan <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
tools/usb/usbip/Makefile.am | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/tools/usb/usbip/Makefile.am
+++ b/tools/usb/usbip/Makefile.am
@@ -1,6 +1,7 @@
SUBDIRS := libsrc src
includedir = @includedir@/usbip
include_HEADERS := $(addprefix libsrc/, \
- usbip_common.h vhci_driver.h usbip_host_driver.h)
+ usbip_common.h vhci_driver.h usbip_host_driver.h \
+ list.h sysfs_utils.h usbip_host_common.h)
dist_man_MANS := $(addprefix doc/, usbip.8 usbipd.8)
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dave Hansen <[email protected]>
[ Upstream commit da20ab35180780e4a6eadc804544f1fa967f3567 ]
We do not have tracepoints for sys_modify_ldt() because we define
it directly instead of using the normal SYSCALL_DEFINEx() macros.
However, there is a reason sys_modify_ldt() does not use the macros:
it has an 'int' return type instead of 'unsigned long'. This is
a bug, but it's a bug cemented in the ABI.
What does this mean? If we return -EINVAL from a function that
returns 'int', we have 0x00000000ffffffea in %rax. But, if we
return -EINVAL from a function returning 'unsigned long', we end
up with 0xffffffffffffffea in %rax, which is wrong.
To work around this and maintain the 'int' behavior while using
the SYSCALL_DEFINEx() macros, so we add a cast to 'unsigned int'
in both implementations of sys_modify_ldt().
Signed-off-by: Dave Hansen <[email protected]>
Reviewed-by: Andy Lutomirski <[email protected]>
Reviewed-by: Brian Gerst <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Thomas Gleixner <[email protected]>
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Ingo Molnar <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
arch/x86/include/asm/syscalls.h | 2 +-
arch/x86/kernel/ldt.c | 16 +++++++++++++---
arch/x86/um/ldt.c | 7 +++++--
3 files changed, 19 insertions(+), 6 deletions(-)
--- a/arch/x86/include/asm/syscalls.h
+++ b/arch/x86/include/asm/syscalls.h
@@ -21,7 +21,7 @@ asmlinkage long sys_ioperm(unsigned long
asmlinkage long sys_iopl(unsigned int);
/* kernel/ldt.c */
-asmlinkage int sys_modify_ldt(int, void __user *, unsigned long);
+asmlinkage long sys_modify_ldt(int, void __user *, unsigned long);
/* kernel/signal.c */
asmlinkage long sys_rt_sigreturn(void);
--- a/arch/x86/kernel/ldt.c
+++ b/arch/x86/kernel/ldt.c
@@ -12,6 +12,7 @@
#include <linux/string.h>
#include <linux/mm.h>
#include <linux/smp.h>
+#include <linux/syscalls.h>
#include <linux/slab.h>
#include <linux/vmalloc.h>
#include <linux/uaccess.h>
@@ -271,8 +272,8 @@ out:
return error;
}
-asmlinkage int sys_modify_ldt(int func, void __user *ptr,
- unsigned long bytecount)
+SYSCALL_DEFINE3(modify_ldt, int , func , void __user * , ptr ,
+ unsigned long , bytecount)
{
int ret = -ENOSYS;
@@ -290,5 +291,14 @@ asmlinkage int sys_modify_ldt(int func,
ret = write_ldt(ptr, bytecount, 0);
break;
}
- return ret;
+ /*
+ * The SYSCALL_DEFINE() macros give us an 'unsigned long'
+ * return type, but tht ABI for sys_modify_ldt() expects
+ * 'int'. This cast gives us an int-sized value in %rax
+ * for the return code. The 'unsigned' is necessary so
+ * the compiler does not try to sign-extend the negative
+ * return codes into the high half of the register when
+ * taking the value from int->long.
+ */
+ return (unsigned int)ret;
}
--- a/arch/x86/um/ldt.c
+++ b/arch/x86/um/ldt.c
@@ -6,6 +6,7 @@
#include <linux/mm.h>
#include <linux/sched.h>
#include <linux/slab.h>
+#include <linux/syscalls.h>
#include <linux/uaccess.h>
#include <asm/unistd.h>
#include <os.h>
@@ -369,7 +370,9 @@ void free_ldt(struct mm_context *mm)
mm->arch.ldt.entry_count = 0;
}
-int sys_modify_ldt(int func, void __user *ptr, unsigned long bytecount)
+SYSCALL_DEFINE3(modify_ldt, int , func , void __user * , ptr ,
+ unsigned long , bytecount)
{
- return do_modify_ldt_skas(func, ptr, bytecount);
+ /* See non-um modify_ldt() for why we do this cast */
+ return (unsigned int)do_modify_ldt_skas(func, ptr, bytecount);
}
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexey Khoroshilov <[email protected]>
[ Upstream commit ce035409bfa892a2fabb89720b542e1b335c3426 ]
If devm_extcon_dev_allocate() fails, we should disable clk before return.
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Alexey Khoroshilov <[email protected]>
Fixes: 860d2686fda7 ("usb: phy: tahvo: Use devm_extcon_dev_[allocate|register]() and replace deprecated API")
Signed-off-by: Felipe Balbi <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/usb/phy/phy-tahvo.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/usb/phy/phy-tahvo.c
+++ b/drivers/usb/phy/phy-tahvo.c
@@ -368,7 +368,8 @@ static int tahvo_usb_probe(struct platfo
tu->extcon = devm_extcon_dev_allocate(&pdev->dev, tahvo_cable);
if (IS_ERR(tu->extcon)) {
dev_err(&pdev->dev, "failed to allocate memory for extcon\n");
- return -ENOMEM;
+ ret = PTR_ERR(tu->extcon);
+ goto err_disable_clk;
}
ret = devm_extcon_dev_register(&pdev->dev, tu->extcon);
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Oliver Neukum <[email protected]>
commit 446f666da9f019ce2ffd03800995487e79a91462 upstream.
USBDEVFS_URB_ISO_ASAP must be accepted only for ISO endpoints.
Improve sanity checking.
Reported-by: Andrey Konovalov <[email protected]>
Signed-off-by: Oliver Neukum <[email protected]>
Acked-by: Alan Stern <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/usb/core/devio.c | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
--- a/drivers/usb/core/devio.c
+++ b/drivers/usb/core/devio.c
@@ -1293,14 +1293,18 @@ static int proc_do_submiturb(struct usb_
int number_of_packets = 0;
unsigned int stream_id = 0;
void *buf;
-
- if (uurb->flags & ~(USBDEVFS_URB_ISO_ASAP |
- USBDEVFS_URB_SHORT_NOT_OK |
+ unsigned long mask = USBDEVFS_URB_SHORT_NOT_OK |
USBDEVFS_URB_BULK_CONTINUATION |
USBDEVFS_URB_NO_FSBR |
USBDEVFS_URB_ZERO_PACKET |
- USBDEVFS_URB_NO_INTERRUPT))
- return -EINVAL;
+ USBDEVFS_URB_NO_INTERRUPT;
+ /* USBDEVFS_URB_ISO_ASAP is a special case */
+ if (uurb->type == USBDEVFS_URB_TYPE_ISO)
+ mask |= USBDEVFS_URB_ISO_ASAP;
+
+ if (uurb->flags & ~mask)
+ return -EINVAL;
+
if ((unsigned int)uurb->buffer_length >= USBFS_XFER_MAX)
return -EINVAL;
if (uurb->buffer_length > 0 && !uurb->buffer)
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Colin Ian King <[email protected]>
commit 1d5a31582ef046d3b233f0da1a68ae26519b2f0a upstream.
The variable temp is incorrectly being updated, instead it should
be offset otherwise the loop just reads the same capability value
and loops forever. Thanks to Alan Stern for pointing out the
correct fix to my original fix. Fix also cleans up clang warning:
drivers/usb/host/ehci-dbg.c:840:4: warning: Value stored to 'temp'
is never read
Fixes: d49d43174400 ("USB: misc ehci updates")
Signed-off-by: Colin Ian King <[email protected]>
Acked-by: Alan Stern <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/usb/host/ehci-dbg.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/usb/host/ehci-dbg.c
+++ b/drivers/usb/host/ehci-dbg.c
@@ -851,7 +851,7 @@ static ssize_t fill_registers_buffer(str
default: /* unknown */
break;
}
- temp = (cap >> 8) & 0xff;
+ offset = (cap >> 8) & 0xff;
}
}
#endif
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <[email protected]>
commit 57999d1107c1e60c2ca7088f2ac0f819e2f554b3 upstream.
There used to be an integer overflow check in proc_do_submiturb() but
we removed it. It turns out that it's still required. The
uurb->buffer_length variable is a signed integer and it's controlled by
the user. It can lead to an integer overflow when we do:
num_sgs = DIV_ROUND_UP(uurb->buffer_length, USB_SG_SIZE);
If we strip away the macro then that line looks like this:
num_sgs = (uurb->buffer_length + USB_SG_SIZE - 1) / USB_SG_SIZE;
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
It's the first addition which can overflow.
Fixes: 1129d270cbfb ("USB: Increase usbfs transfer limit")
Signed-off-by: Dan Carpenter <[email protected]>
Acked-by: Alan Stern <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/usb/core/devio.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/usb/core/devio.c
+++ b/drivers/usb/core/devio.c
@@ -118,6 +118,9 @@ module_param(usbfs_memory_mb, uint, 0644
MODULE_PARM_DESC(usbfs_memory_mb,
"maximum MB allowed for usbfs buffers (0 = no limit)");
+/* Hard limit, necessary to avoid arithmetic overflow */
+#define USBFS_XFER_MAX (UINT_MAX / 2 - 1000000)
+
static atomic64_t usbfs_memory_usage; /* Total memory currently allocated */
/* Check whether it's okay to allocate more memory for a transfer */
@@ -1298,6 +1301,8 @@ static int proc_do_submiturb(struct usb_
USBDEVFS_URB_ZERO_PACKET |
USBDEVFS_URB_NO_INTERRUPT))
return -EINVAL;
+ if ((unsigned int)uurb->buffer_length >= USBFS_XFER_MAX)
+ return -EINVAL;
if (uurb->buffer_length > 0 && !uurb->buffer)
return -EINVAL;
if (!(uurb->type == USBDEVFS_URB_TYPE_CONTROL &&
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: John Youn <[email protected]>
commit 446fa3a95df1e8b78f25e1babc41e46edd200821 upstream.
The SuperspeedPlus Device Capability Descriptor has a variable size
depending on the number of sublink speed attributes.
This patch adds a macro to calculate that size. The macro takes one
argument, the Sublink Speed Attribute Count (SSAC) as reported by the
descriptor in bmAttributes[4:0].
See USB 3.1 9.6.2.5, Table 9-19.
Signed-off-by: John Youn <[email protected]>
Signed-off-by: Felipe Balbi <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
include/uapi/linux/usb/ch9.h | 6 ++++++
1 file changed, 6 insertions(+)
--- a/include/uapi/linux/usb/ch9.h
+++ b/include/uapi/linux/usb/ch9.h
@@ -906,6 +906,12 @@ struct usb_ptm_cap_descriptor {
__u8 bDevCapabilityType;
} __attribute__((packed));
+/*
+ * The size of the descriptor for the Sublink Speed Attribute Count
+ * (SSAC) specified in bmAttributes[4:0].
+ */
+#define USB_DT_USB_SSP_CAP_SIZE(ssac) (16 + ssac * 4)
+
/*-------------------------------------------------------------------------*/
/* USB_DT_WIRELESS_ENDPOINT_COMP: companion descriptor associated with
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mike Looijmans <[email protected]>
commit 973593a960ddac0f14f0d8877d2d0abe0afda795 upstream.
Sometimes the USB device gets confused about the state of the initialization and
the connection fails. In particular, the device thinks that it's already set up
and running while the host thinks the device still needs to be configured. To
work around this issue, power-cycle the hub's output to issue a sort of "reset"
to the device. This makes the device restart its state machine and then the
initialization succeeds.
This fixes problems where the kernel reports a list of errors like this:
usb 1-1.3: device not accepting address 19, error -71
The end result is a non-functioning device. After this patch, the sequence
becomes like this:
usb 1-1.3: new high-speed USB device number 18 using ci_hdrc
usb 1-1.3: device not accepting address 18, error -71
usb 1-1.3: new high-speed USB device number 19 using ci_hdrc
usb 1-1.3: device not accepting address 19, error -71
usb 1-1-port3: attempt power cycle
usb 1-1.3: new high-speed USB device number 21 using ci_hdrc
usb-storage 1-1.3:1.2: USB Mass Storage device detected
Signed-off-by: Mike Looijmans <[email protected]>
Acked-by: Alan Stern <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/usb/core/hub.c | 9 +++++++++
1 file changed, 9 insertions(+)
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -4858,6 +4858,15 @@ loop:
usb_put_dev(udev);
if ((status == -ENOTCONN) || (status == -ENOTSUPP))
break;
+
+ /* When halfway through our retry count, power-cycle the port */
+ if (i == (SET_CONFIG_TRIES / 2) - 1) {
+ dev_info(&port_dev->dev, "attempt power cycle\n");
+ usb_hub_set_port_power(hdev, hub, port1, false);
+ msleep(2 * hub_power_on_good_delay(hub));
+ usb_hub_set_port_power(hdev, hub, port1, true);
+ msleep(hub_power_on_good_delay(hub));
+ }
}
if (hub->hdev->parent ||
!hcd->driver->port_handed_over ||
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Greg Kroah-Hartman <[email protected]>
This reverts commit c4baa4a5870cb02f713def1620052bfca7a82bbb which is
commit 28f5a8a7c033cbf3e32277f4cc9c6afd74f05300 upstream.
It shouldn't be applied to the 4.4-stable tree.
Ben and Alex write:
> Now that ocfs2_setattr() calls this outside of the inode locked region,
> what prevents another task adding a new dio request immediately
> afterward?
>
In the kernel 4.6, firstly, we use the inode_lock() in do_truncate() to
prevent another bio to be issued from this node.
Furthermore, we use the ocfs2_rw_lock() and ocfs2_inode_lock() in ocfs2_setattr()
to guarantee no more bio will be issued from the other nodes in this cluster.
> Also, ocfs2_dio_end_io_write() was introduced in 4.6 and it looks like
> the dio completion path didn't previously take the inode lock. So it
> doesn't look this fix is needed in 3.18 or 4.4.
Yes, ocfs2_dio_end_io_write() was introduced in 4.6 and the problem this patch
fixes is only exist in the kernel 4.6 and above 4.6.
Reported-by: Ben Hutchings <[email protected]>
Cc: Alex Chen <[email protected]>
Cc: Jun Piao <[email protected]>
Cc: Joseph Qi <[email protected]>
Cc: Changwei Ge <[email protected]>
Cc: Mark Fasheh <[email protected]>
Cc: Joel Becker <[email protected]>
Cc: Junxiao Bi <[email protected]>
Cc: Andrew Morton <[email protected]>
Cc: Linus Torvalds <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
fs/ocfs2/file.c | 9 ++-------
1 file changed, 2 insertions(+), 7 deletions(-)
--- a/fs/ocfs2/file.c
+++ b/fs/ocfs2/file.c
@@ -1166,13 +1166,6 @@ int ocfs2_setattr(struct dentry *dentry,
}
size_change = S_ISREG(inode->i_mode) && attr->ia_valid & ATTR_SIZE;
if (size_change) {
- /*
- * Here we should wait dio to finish before inode lock
- * to avoid a deadlock between ocfs2_setattr() and
- * ocfs2_dio_end_io_write()
- */
- inode_dio_wait(inode);
-
status = ocfs2_rw_lock(inode, 1);
if (status < 0) {
mlog_errno(status);
@@ -1193,6 +1186,8 @@ int ocfs2_setattr(struct dentry *dentry,
if (status)
goto bail_unlock;
+ inode_dio_wait(inode);
+
if (i_size_read(inode) >= attr->ia_size) {
if (ocfs2_should_order_data(inode)) {
status = ocfs2_begin_ordered_truncate(inode,
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: John Stultz <[email protected]>
[ Upstream commit 9b481092c2a31a6b630aff9c28f0145bf6683787 ]
We've found that while in host mode, using Android, if one runs
the command:
stop adbd
The existing usb devices being utilized in host mode are disconnected.
This is most visible with usb networking devices.
This seems to be due to adbd closing the file:
/dev/usb-ffs/adb/ep0
Which calls ffs_ep0_release() and the following backtrace:
[<ffffff800875a430>] dwc2_hsotg_ep_disable+0x148/0x150
[<ffffff800875a498>] dwc2_hsotg_udc_stop+0x60/0x110
[<ffffff8008787950>] usb_gadget_remove_driver+0x58/0x78
[<ffffff80087879e4>] usb_gadget_unregister_driver+0x74/0xe8
[<ffffff80087850c0>] unregister_gadget+0x28/0x58
[<ffffff800878511c>] unregister_gadget_item+0x2c/0x40
[<ffffff8008790ea8>] ffs_data_clear+0xe8/0xf8
[<ffffff8008790ed8>] ffs_data_reset+0x20/0x58
[<ffffff8008793218>] ffs_data_closed+0x98/0xe8
[<ffffff80087932d8>] ffs_ep0_release+0x20/0x30
Then when dwc2_hsotg_ep_disable() is called, we call
kill_all_requests() which causes a bunch of the following
messages:
dwc2 f72c0000.usb: Mode Mismatch Interrupt: currently in Host mode
dwc2 f72c0000.usb: Mode Mismatch Interrupt: currently in Host mode
dwc2 f72c0000.usb: Mode Mismatch Interrupt: currently in Host mode
dwc2 f72c0000.usb: Mode Mismatch Interrupt: currently in Host mode
dwc2 f72c0000.usb: Mode Mismatch Interrupt: currently in Host mode
dwc2 f72c0000.usb: Mode Mismatch Interrupt: currently in Host mode
dwc2 f72c0000.usb: Mode Mismatch Interrupt: currently in Host mode
dwc2 f72c0000.usb: Mode Mismatch Interrupt: currently in Host mode
init: Service 'adbd' (pid 1915) killed by signal 9
init: Sending signal 9 to service 'adbd' (pid 1915) process group...
init: Successfully killed process cgroup uid 0 pid 1915 in 0ms
init: processing action (init.svc.adbd=stopped) from (/init.usb.configfs.rc:15)
dwc2 f72c0000.usb: dwc2_hc_chhltd_intr_dma: Channel 8 - ChHltd set, but reason is unknown
dwc2 f72c0000.usb: hcint 0x00000002, intsts 0x04200029
dwc2 f72c0000.usb: dwc2_hc_chhltd_intr_dma: Channel 12 - ChHltd set, but reason is unknown
dwc2 f72c0000.usb: hcint 0x00000002, intsts 0x04200029
dwc2 f72c0000.usb: dwc2_hc_chhltd_intr_dma: Channel 15 - ChHltd set, but reason is unknown
dwc2 f72c0000.usb: hcint 0x00000002, intsts 0x04200029
dwc2 f72c0000.usb: dwc2_hc_chhltd_intr_dma: Channel 3 - ChHltd set, but reason is unknown
dwc2 f72c0000.usb: hcint 0x00000002, intsts 0x04200029
dwc2 f72c0000.usb: dwc2_hc_chhltd_intr_dma: Channel 4 - ChHltd set, but reason is unknown
dwc2 f72c0000.usb: hcint 0x00000002, intsts 0x04200029
dwc2 f72c0000.usb: dwc2_update_urb_state_abn(): trimming xfer length
And the usb devices connected are basically hung at this point.
It seems like if we're in host mode, we probably shouldn't run
the dwc2_hostg_ep_disable logic, so this patch returns an error
in that case.
With this patch (along with the previous patch in this set), we avoid
the mismatched interrupts and connected usb devices continue to function.
I'm not sure if some other solution would be better here, but this seems
to work, so I wanted to send it out for input on what the right approach
should be.
Cc: Wei Xu <[email protected]>
Cc: Guodong Xu <[email protected]>
Cc: Amit Pundir <[email protected]>
Cc: YongQin Liu <[email protected]>
Cc: John Youn <[email protected]>
Cc: Minas Harutyunyan <[email protected]>
Cc: Douglas Anderson <[email protected]>
Cc: Chen Yu <[email protected]>
Cc: Felipe Balbi <[email protected]>
Cc: Greg Kroah-Hartman <[email protected]>
Cc: [email protected]
Acked-by: Minas Harutyunyan <[email protected]>
Tested-by: Minas Harutyunyan <[email protected]>
Reported-by: YongQin Liu <[email protected]>
Signed-off-by: John Stultz <[email protected]>
Signed-off-by: Felipe Balbi <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/usb/dwc2/gadget.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/usb/dwc2/gadget.c
+++ b/drivers/usb/dwc2/gadget.c
@@ -2834,6 +2834,11 @@ static int dwc2_hsotg_ep_disable(struct
return -EINVAL;
}
+ if (hsotg->op_state != OTG_STATE_B_PERIPHERAL) {
+ dev_err(hsotg->dev, "%s: called in host mode?\n", __func__);
+ return -EINVAL;
+ }
+
epctrl_reg = dir_in ? DIEPCTL(index) : DOEPCTL(index);
spin_lock_irqsave(&hsotg->lock, flags);
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jan Kara <[email protected]>
[ Upstream commit 0911d0041c22922228ca52a977d7b0b0159fee4b ]
Some ->page_mkwrite handlers may return VM_FAULT_RETRY as its return
code (GFS2 or Lustre can definitely do this). However VM_FAULT_RETRY
from ->page_mkwrite is completely unhandled by the mm code and results
in locking and writeably mapping the page which definitely is not what
the caller wanted.
Fix Lustre and block_page_mkwrite_ret() used by other filesystems
(notably GFS2) to return VM_FAULT_NOPAGE instead which results in
bailing out from the fault code, the CPU then retries the access, and we
fault again effectively doing what the handler wanted.
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Jan Kara <[email protected]>
Reported-by: Al Viro <[email protected]>
Reviewed-by: Jinshan Xiong <[email protected]>
Cc: Matthew Wilcox <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/staging/lustre/lustre/llite/llite_mmap.c | 4 +---
include/linux/buffer_head.h | 4 +---
2 files changed, 2 insertions(+), 6 deletions(-)
--- a/drivers/staging/lustre/lustre/llite/llite_mmap.c
+++ b/drivers/staging/lustre/lustre/llite/llite_mmap.c
@@ -402,15 +402,13 @@ static int ll_page_mkwrite(struct vm_are
result = VM_FAULT_LOCKED;
break;
case -ENODATA:
+ case -EAGAIN:
case -EFAULT:
result = VM_FAULT_NOPAGE;
break;
case -ENOMEM:
result = VM_FAULT_OOM;
break;
- case -EAGAIN:
- result = VM_FAULT_RETRY;
- break;
default:
result = VM_FAULT_SIGBUS;
break;
--- a/include/linux/buffer_head.h
+++ b/include/linux/buffer_head.h
@@ -234,12 +234,10 @@ static inline int block_page_mkwrite_ret
{
if (err == 0)
return VM_FAULT_LOCKED;
- if (err == -EFAULT)
+ if (err == -EFAULT || err == -EAGAIN)
return VM_FAULT_NOPAGE;
if (err == -ENOMEM)
return VM_FAULT_OOM;
- if (err == -EAGAIN)
- return VM_FAULT_RETRY;
/* -ENOSPC, -EDQUOT, -EIO ... */
return VM_FAULT_SIGBUS;
}
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Parthasarathy Bhuvaragan <[email protected]>
[ Upstream commit 35e22e49a5d6a741ebe7f2dd280b2052c3003ef7 ]
In tipc_server_stop(), we iterate over the connections with limiting
factor as server's idr_in_use. We ignore the fact that this variable
is decremented in tipc_close_conn(), leading to premature exit.
In this commit, we iterate until the we have no connections left.
Acked-by: Ying Xue <[email protected]>
Acked-by: Jon Maloy <[email protected]>
Tested-by: John Thompson <[email protected]>
Signed-off-by: Parthasarathy Bhuvaragan <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/tipc/server.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
--- a/net/tipc/server.c
+++ b/net/tipc/server.c
@@ -618,14 +618,12 @@ int tipc_server_start(struct tipc_server
void tipc_server_stop(struct tipc_server *s)
{
struct tipc_conn *con;
- int total = 0;
int id;
spin_lock_bh(&s->idr_lock);
- for (id = 0; total < s->idr_in_use; id++) {
+ for (id = 0; s->idr_in_use; id++) {
con = idr_find(&s->conn_idr, id);
if (con) {
- total++;
spin_unlock_bh(&s->idr_lock);
tipc_close_conn(con);
spin_lock_bh(&s->idr_lock);
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andrzej Hajda <[email protected]>
[ Upstream commit 11d8bcef7a0399e1d2519f207fd575fc404306b4 ]
DECON_TV requires STANDALONE_UPDATE after output enabling, otherwise it does
not start. This change is neutral for DECON.
Signed-off-by: Andrzej Hajda <[email protected]>
Signed-off-by: Inki Dae <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/gpu/drm/exynos/exynos5433_drm_decon.c
+++ b/drivers/gpu/drm/exynos/exynos5433_drm_decon.c
@@ -180,6 +180,8 @@ static void decon_commit(struct exynos_d
/* enable output and display signal */
decon_set_bits(ctx, DECON_VIDCON0, VIDCON0_ENVID | VIDCON0_ENVID_F, ~0);
+
+ decon_set_bits(ctx, DECON_UPDATE, STANDALONE_UPDATE_F, ~0);
}
static void decon_win_set_pixfmt(struct decon_context *ctx, unsigned int win,
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: John Stultz <[email protected]>
[ Upstream commit ce2b21a4e5ce042c0a42c9db8fa9e0f849427d5e ]
It has been noticed that the dwc2 udc state reporting doesn't
seem to work (at least on HiKey boards). Where after the initial
setup, the sysfs /sys/class/udc/f72c0000.usb/state file would
report "configured" no matter the state of the OTG port.
This patch adds a call so that we report to the UDC layer when
the gadget device is disconnected.
This patch does depend on the previous patch ("usb: dwc2:
Improve gadget state disconnection handling") in this patch set
in order to properly work.
Cc: Wei Xu <[email protected]>
Cc: Guodong Xu <[email protected]>
Cc: Amit Pundir <[email protected]>
Cc: YongQin Liu <[email protected]>
Cc: John Youn <[email protected]>
Cc: Minas Harutyunyan <[email protected]>
Cc: Douglas Anderson <[email protected]>
Cc: Chen Yu <[email protected]>
Cc: Felipe Balbi <[email protected]>
Cc: Greg Kroah-Hartman <[email protected]>
Cc: [email protected]
Acked-by: Minas Harutyunyan <[email protected]>
Tested-by: Minas Harutyunyan <[email protected]>
Reported-by: Amit Pundir <[email protected]>
Signed-off-by: John Stultz <[email protected]>
Signed-off-by: Felipe Balbi <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/usb/dwc2/gadget.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/usb/dwc2/gadget.c
+++ b/drivers/usb/dwc2/gadget.c
@@ -2206,6 +2206,8 @@ void dwc2_hsotg_disconnect(struct dwc2_h
call_gadget(hsotg, disconnect);
hsotg->lx_state = DWC2_L3;
+
+ usb_gadget_set_state(&hsotg->gadget, USB_STATE_NOTATTACHED);
}
/**
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Benjamin Coddington <[email protected]>
[ Upstream commit 4b09ec4b14a168bf2c687e1f598140c3c11e9222 ]
I have reports of a crash that look like __fput() was called twice for
a NFSv4.0 file. It seems possible that the state manager could try to
reclaim a lock and take a reference on the fl->fl_file at the same time the
file is being released if, during the close(), a signal interrupts the wait
for outstanding IO while removing locks which then skips the removal
of that lock.
Since 83bfff23e9ed ("nfs4: have do_vfs_lock take an inode pointer") has
removed the need to traverse fl->fl_file->f_inode in nfs4_lock_done(),
taking that reference is no longer necessary.
Signed-off-by: Benjamin Coddington <[email protected]>
Reviewed-by: Jeff Layton <[email protected]>
Signed-off-by: Trond Myklebust <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
fs/nfs/nfs4proc.c | 3 ---
1 file changed, 3 deletions(-)
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -38,7 +38,6 @@
#include <linux/mm.h>
#include <linux/delay.h>
#include <linux/errno.h>
-#include <linux/file.h>
#include <linux/string.h>
#include <linux/ratelimit.h>
#include <linux/printk.h>
@@ -5738,7 +5737,6 @@ static struct nfs4_lockdata *nfs4_alloc_
p->server = server;
atomic_inc(&lsp->ls_count);
p->ctx = get_nfs_open_context(ctx);
- get_file(fl->fl_file);
memcpy(&p->fl, fl, sizeof(p->fl));
return p;
out_free_seqid:
@@ -5851,7 +5849,6 @@ static void nfs4_lock_release(void *call
nfs_free_seqid(data->arg.lock_seqid);
nfs4_put_lock_state(data->lsp);
put_nfs_open_context(data->ctx);
- fput(data->fl.fl_file);
kfree(data);
dprintk("%s: done!\n", __func__);
}
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vlad Tsyrklevich <[email protected]>
[ Upstream commit ce7e40c432ba84da104438f6799d460a4cad41bc ]
ipddp_route structs contain alignment padding so kernel heap memory
is leaked when they are copied to user space in
ipddp_ioctl(SIOCFINDIPDDPRT). Change kmalloc() to kzalloc() to clear
that memory.
Signed-off-by: Vlad Tsyrklevich <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/net/appletalk/ipddp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/appletalk/ipddp.c
+++ b/drivers/net/appletalk/ipddp.c
@@ -191,7 +191,7 @@ static netdev_tx_t ipddp_xmit(struct sk_
*/
static int ipddp_create(struct ipddp_route *new_rt)
{
- struct ipddp_route *rt = kmalloc(sizeof(*rt), GFP_KERNEL);
+ struct ipddp_route *rt = kzalloc(sizeof(*rt), GFP_KERNEL);
if (rt == NULL)
return -ENOMEM;
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Forster <[email protected]>
[ Upstream commit 93e246f783e6bd1bc64fdfbfe68b18161f69b28e ]
vti6 interface is registered before the rtnl_link_ops block
is attached. As a result the resulting RTM_NEWLINK is missing
IFLA_INFO_KIND. Re-order attachment of rtnl_link_ops block to fix.
Signed-off-by: Dave Forster <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/ipv6/ip6_vti.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/ipv6/ip6_vti.c
+++ b/net/ipv6/ip6_vti.c
@@ -189,12 +189,12 @@ static int vti6_tnl_create2(struct net_d
struct vti6_net *ip6n = net_generic(net, vti6_net_id);
int err;
+ dev->rtnl_link_ops = &vti6_link_ops;
err = register_netdevice(dev);
if (err < 0)
goto out;
strcpy(t->parms.name, dev->name);
- dev->rtnl_link_ops = &vti6_link_ops;
dev_hold(dev);
vti6_tnl_link(ip6n, t);
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Peter Ujfalusi <[email protected]>
[ Upstream commit 657279778af54f35e54b07b6687918f254a2992c ]
OMAP1510, OMAP5910 and OMAP310 have only 9 logical channels.
OMAP1610, OMAP5912, OMAP1710, OMAP730, and OMAP850 have 16 logical channels
available.
The wired 17 for the lch_count must have been used to cover the 16 + 1
dedicated LCD channel, in reality we can only use 9 or 16 channels.
The d->chan_count is not used by the omap-dma stack, so we can skip the
setup. chan_count was configured to the number of logical channels and not
the actual number of physical channels anyways.
Signed-off-by: Peter Ujfalusi <[email protected]>
Acked-by: Aaro Koskinen <[email protected]>
Signed-off-by: Tony Lindgren <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
arch/arm/mach-omap1/dma.c | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
--- a/arch/arm/mach-omap1/dma.c
+++ b/arch/arm/mach-omap1/dma.c
@@ -31,7 +31,6 @@
#include "soc.h"
#define OMAP1_DMA_BASE (0xfffed800)
-#define OMAP1_LOGICAL_DMA_CH_COUNT 17
static u32 enable_1510_mode;
@@ -311,8 +310,6 @@ static int __init omap1_system_dma_init(
goto exit_iounmap;
}
- d->lch_count = OMAP1_LOGICAL_DMA_CH_COUNT;
-
/* Valid attributes for omap1 plus processors */
if (cpu_is_omap15xx())
d->dev_caps = ENABLE_1510_MODE;
@@ -329,13 +326,14 @@ static int __init omap1_system_dma_init(
d->dev_caps |= CLEAR_CSR_ON_READ;
d->dev_caps |= IS_WORD_16;
- if (cpu_is_omap15xx())
- d->chan_count = 9;
- else if (cpu_is_omap16xx() || cpu_is_omap7xx()) {
- if (!(d->dev_caps & ENABLE_1510_MODE))
- d->chan_count = 16;
+ /* available logical channels */
+ if (cpu_is_omap15xx()) {
+ d->lch_count = 9;
+ } else {
+ if (d->dev_caps & ENABLE_1510_MODE)
+ d->lch_count = 9;
else
- d->chan_count = 9;
+ d->lch_count = 16;
}
p = dma_plat_info;
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Masami Hiramatsu <[email protected]>
[ Upstream commit 5bb4fc2d8641219732eb2bb654206775a4219aca ]
Disable preemption in ftrace-based jprobe handlers as
described in Documentation/kprobes.txt:
"Probe handlers are run with preemption disabled."
This will fix jprobes behavior when CONFIG_PREEMPT=y.
Signed-off-by: Masami Hiramatsu <[email protected]>
Cc: Alexei Starovoitov <[email protected]>
Cc: Alexei Starovoitov <[email protected]>
Cc: Ananth N Mavinakayanahalli <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: Paul E . McKenney <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Steven Rostedt <[email protected]>
Cc: Thomas Gleixner <[email protected]>
Link: http://lkml.kernel.org/r/150581530024.32348.9863783558598926771.stgit@devbox
Signed-off-by: Ingo Molnar <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
arch/x86/kernel/kprobes/ftrace.c | 23 ++++++++++++++---------
1 file changed, 14 insertions(+), 9 deletions(-)
--- a/arch/x86/kernel/kprobes/ftrace.c
+++ b/arch/x86/kernel/kprobes/ftrace.c
@@ -26,7 +26,7 @@
#include "common.h"
static nokprobe_inline
-int __skip_singlestep(struct kprobe *p, struct pt_regs *regs,
+void __skip_singlestep(struct kprobe *p, struct pt_regs *regs,
struct kprobe_ctlblk *kcb, unsigned long orig_ip)
{
/*
@@ -41,20 +41,21 @@ int __skip_singlestep(struct kprobe *p,
__this_cpu_write(current_kprobe, NULL);
if (orig_ip)
regs->ip = orig_ip;
- return 1;
}
int skip_singlestep(struct kprobe *p, struct pt_regs *regs,
struct kprobe_ctlblk *kcb)
{
- if (kprobe_ftrace(p))
- return __skip_singlestep(p, regs, kcb, 0);
- else
- return 0;
+ if (kprobe_ftrace(p)) {
+ __skip_singlestep(p, regs, kcb, 0);
+ preempt_enable_no_resched();
+ return 1;
+ }
+ return 0;
}
NOKPROBE_SYMBOL(skip_singlestep);
-/* Ftrace callback handler for kprobes */
+/* Ftrace callback handler for kprobes -- called under preepmt disabed */
void kprobe_ftrace_handler(unsigned long ip, unsigned long parent_ip,
struct ftrace_ops *ops, struct pt_regs *regs)
{
@@ -77,13 +78,17 @@ void kprobe_ftrace_handler(unsigned long
/* Kprobe handler expects regs->ip = ip + 1 as breakpoint hit */
regs->ip = ip + sizeof(kprobe_opcode_t);
+ /* To emulate trap based kprobes, preempt_disable here */
+ preempt_disable();
__this_cpu_write(current_kprobe, p);
kcb->kprobe_status = KPROBE_HIT_ACTIVE;
- if (!p->pre_handler || !p->pre_handler(p, regs))
+ if (!p->pre_handler || !p->pre_handler(p, regs)) {
__skip_singlestep(p, regs, kcb, orig_ip);
+ preempt_enable_no_resched();
+ }
/*
* If pre_handler returns !0, it sets regs->ip and
- * resets current kprobe.
+ * resets current kprobe, and keep preempt count +1.
*/
}
end:
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hiromitsu Yamasaki <[email protected]>
[ Upstream commit 36735783fdb599c94b9c86824583df367c65900b ]
DMA supports 32-bit words only,
even if BITLEN1 of SITMDR2 register is 16bit.
Fixes: b0d0ce8b6b91 ("spi: sh-msiof: Add DMA support")
Signed-off-by: Hiromitsu Yamasaki <[email protected]>
Signed-off-by: Simon Horman <[email protected]>
Acked-by: Geert Uytterhoeven <[email protected]>
Acked-by: Dirk Behme <[email protected]>
Signed-off-by: Mark Brown <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/spi/spi-sh-msiof.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/spi/spi-sh-msiof.c
+++ b/drivers/spi/spi-sh-msiof.c
@@ -863,7 +863,7 @@ static int sh_msiof_transfer_one(struct
break;
copy32 = copy_bswap32;
} else if (bits <= 16) {
- if (l & 1)
+ if (l & 3)
break;
copy32 = copy_wswap32;
} else {
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Boshi Wang <[email protected]>
[ Upstream commit ebe7c0a7be92bbd34c6ff5b55810546a0ee05bee ]
The hash_setup function always sets the hash_setup_done flag, even
when the hash algorithm is invalid. This prevents the default hash
algorithm defined as CONFIG_IMA_DEFAULT_HASH from being used.
This patch sets hash_setup_done flag only for valid hash algorithms.
Fixes: e7a2ad7eb6f4 "ima: enable support for larger default filedata hash algorithms"
Signed-off-by: Boshi Wang <[email protected]>
Signed-off-by: Mimi Zohar <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
security/integrity/ima/ima_main.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -52,6 +52,8 @@ static int __init hash_setup(char *str)
ima_hash_algo = HASH_ALGO_SHA1;
else if (strncmp(str, "md5", 3) == 0)
ima_hash_algo = HASH_ALGO_MD5;
+ else
+ return 1;
goto out;
}
@@ -61,6 +63,8 @@ static int __init hash_setup(char *str)
break;
}
}
+ if (i == HASH_ALGO__LAST)
+ return 1;
out:
hash_setup_done = 1;
return 1;
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Matt Wilson <[email protected]>
commit 3bfd1300abfe3adb18e84a89d97a0e82a22124bb upstream.
This device will be used in future Amazon EC2 instances as the primary
serial port (i.e., data sent to this port will be available via the
GetConsoleOuput [1] EC2 API).
[1] http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetConsoleOutput.html
Signed-off-by: Matt Wilson <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/tty/serial/8250/8250_pci.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/tty/serial/8250/8250_pci.c
+++ b/drivers/tty/serial/8250/8250_pci.c
@@ -5797,6 +5797,9 @@ static struct pci_device_id serial_pci_t
{ PCI_DEVICE(0x1601, 0x0800), .driver_data = pbn_b0_4_1250000 },
{ PCI_DEVICE(0x1601, 0xa801), .driver_data = pbn_b0_4_1250000 },
+ /* Amazon PCI serial device */
+ { PCI_DEVICE(0x1d0f, 0x8250), .driver_data = pbn_b0_1_115200 },
+
/*
* These entries match devices with class COMMUNICATION_SERIAL,
* COMMUNICATION_MODEM or COMMUNICATION_MULTISERIAL
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans de Goede <[email protected]>
commit 7fee72d5e8f1e7b8d8212e28291b1a0243ecf2f1 upstream.
We've been adding this as a quirk on a per device basis hoping that
newer disk enclosures would do better, but that has not happened,
so simply apply this quirk to all Seagate devices.
Signed-off-by: Hans de Goede <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/usb/storage/uas-detect.h | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/usb/storage/uas-detect.h
+++ b/drivers/usb/storage/uas-detect.h
@@ -111,6 +111,10 @@ static int uas_use_uas_driver(struct usb
}
}
+ /* All Seagate disk enclosures have broken ATA pass-through support */
+ if (le16_to_cpu(udev->descriptor.idVendor) == 0x0bc2)
+ flags |= US_FL_NO_ATA_1X;
+
usb_stor_adjust_quirks(udev, &flags);
if (flags & US_FL_IGNORE_UAS) {
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kai-Heng Feng <[email protected]>
commit e43a12f1793ae1fe006e26fe9327a8840a92233c upstream.
KY-688 USB 3.1 Type-C Hub internally uses a Genesys Logic hub to connect
to Realtek r8153.
Similar to commit ("7496cfe5431f2 usb: quirks: Add no-lpm quirk for Moshi
USB to Ethernet Adapter"), no-lpm can make r8153 ethernet work.
Signed-off-by: Kai-Heng Feng <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/usb/core/quirks.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/usb/core/quirks.c
+++ b/drivers/usb/core/quirks.c
@@ -151,6 +151,9 @@ static const struct usb_device_id usb_qu
/* appletouch */
{ USB_DEVICE(0x05ac, 0x021a), .driver_info = USB_QUIRK_RESET_RESUME },
+ /* Genesys Logic hub, internally used by KY-688 USB 3.1 Type-C Hub */
+ { USB_DEVICE(0x05e3, 0x0612), .driver_info = USB_QUIRK_NO_LPM },
+
/* Genesys Logic hub, internally used by Moshi USB to Ethernet Adapter */
{ USB_DEVICE(0x05e3, 0x0616), .driver_info = USB_QUIRK_NO_LPM },
On Thu, Dec 07, 2017 at 02:06:54PM +0100, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.4.105 release.
> There are 49 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat Dec 9 12:46:41 UTC 2017.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.105-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
> -------------
> Pseudo-Shortlog of commits:
>
> Greg Kroah-Hartman <[email protected]>
> Linux 4.4.105-rc1
>
> Colin Ian King <[email protected]>
> usb: host: fix incorrect updating of offset
>
> Oliver Neukum <[email protected]>
> USB: usbfs: Filter flags passed in from user space
>
> Dan Carpenter <[email protected]>
> USB: devio: Prevent integer overflow in proc_do_submiturb()
>
> Mateusz Berezecki <[email protected]>
> USB: Increase usbfs transfer limit
>
> Masakazu Mokuno <[email protected]>
> USB: core: Add type-specific length check of BOS descriptors
>
> John Youn <[email protected]>
> usb: ch9: Add size macro for SSP dev cap descriptor
>
> Mathias Nyman <[email protected]>
> usb: Add USB 3.1 Precision time measurement capability descriptor support
>
> Yu Chen <[email protected]>
> usb: xhci: fix panic in xhci_free_virt_devices_depth_first
>
> Mike Looijmans <[email protected]>
> usb: hub: Cycle HUB power when initialization fails
>
> Greg Kroah-Hartman <[email protected]>
> Revert "ocfs2: should wait dio before inode lock in ocfs2_setattr()"
>
> Rui Sousa <[email protected]>
> net: fec: fix multicast filtering hardware setup
>
> Ross Lagerwall <[email protected]>
> xen-netfront: Improve error handling during initialization
>
> Jan Kara <[email protected]>
> mm: avoid returning VM_FAULT_RETRY from ->page_mkwrite handlers
>
> Jason Baron <[email protected]>
> tcp: correct memory barrier usage in tcp_check_space()
>
> Iago Abal <[email protected]>
> dmaengine: pl330: fix double lock
>
> Parthasarathy Bhuvaragan <[email protected]>
> tipc: fix cleanup at module unload
>
> Colin Ian King <[email protected]>
> net: sctp: fix array overrun read on sctp_timer_tbl
>
> Andrzej Hajda <[email protected]>
> drm/exynos/decon5433: set STANDALONE_UPDATE_F on output enablement
>
> Trond Myklebust <[email protected]>
> NFSv4: Fix client recovery when server reboots multiple times
>
> Christoffer Dall <[email protected]>
> KVM: arm/arm64: Fix occasional warning from the timer work function
>
> Benjamin Coddington <[email protected]>
> nfs: Don't take a reference on fl->fl_file for LOCK operation
>
> Kazuya Mizuguchi <[email protected]>
> ravb: Remove Rx overflow log messages
>
> Vlad Tsyrklevich <[email protected]>
> net/appletalk: Fix kernel memory disclosure
>
> David Forster <[email protected]>
> vti6: fix device register to report IFLA_INFO_KIND
>
> Peter Ujfalusi <[email protected]>
> ARM: OMAP1: DMA: Correct the number of logical channels
>
> Florian Fainelli <[email protected]>
> net: systemport: Pad packet before inserting TSB
>
> Florian Fainelli <[email protected]>
> net: systemport: Utilize skb_put_padto()
>
> Masami Hiramatsu <[email protected]>
> kprobes/x86: Disable preemption in ftrace-based jprobes
>
> Thomas Richter <[email protected]>
> perf test attr: Fix ignored test case result
>
> Ben Hutchings <[email protected]>
> usbip: tools: Install all headers needed for libusbip development
>
> Jibin Xu <[email protected]>
> sysrq : fix Show Regs call trace on ARM
>
> Gustavo A. R. Silva <[email protected]>
> EDAC, sb_edac: Fix missing break in switch
>
> Dave Hansen <[email protected]>
> x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt()
>
> Aaron Sierra <[email protected]>
> serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X
>
> Alexey Khoroshilov <[email protected]>
> usb: phy: tahvo: fix error handling in tahvo_usb_probe()
>
> John Stultz <[email protected]>
> usb: dwc2: Error out of dwc2_hsotg_ep_disable() if we're in host mode
>
> John Stultz <[email protected]>
> usb: dwc2: Fix UDC state tracking
>
> Hiromitsu Yamasaki <[email protected]>
> spi: sh-msiof: Fix DMA transfer size check
>
> Lukas Wunner <[email protected]>
> serial: 8250_fintek: Fix rs485 disablement on invalid ioctl()
>
> Andy Lutomirski <[email protected]>
> selftests/x86/ldt_get: Add a few additional tests for limits
>
> Christian Borntraeger <[email protected]>
> s390/pci: do not require AIS facility
>
> Boshi Wang <[email protected]>
> ima: fix hash algorithm initialization
>
> Sebastian Sjoholm <[email protected]>
> USB: serial: option: add Quectel BG96 id
>
> Heiko Carstens <[email protected]>
> s390/runtime instrumentation: simplify task exit handling
>
> Matt Wilson <[email protected]>
> serial: 8250_pci: Add Amazon PCI serial device ID
>
> Kai-Heng Feng <[email protected]>
> usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub
>
> Hans de Goede <[email protected]>
> uas: Always apply US_FL_NO_ATA_1X quirk to Seagate devices
>
> Rui Hua <[email protected]>
> bcache: recover data from backing when data is clean
>
> Coly Li <[email protected]>
> bcache: only permit to recovery read error when cache device is clean
>
>
> -------------
>
> Diffstat:
>
> Makefile | 4 +-
> arch/arm/mach-omap1/dma.c | 16 +++----
> arch/s390/include/asm/pci_insn.h | 2 +-
> arch/s390/include/asm/runtime_instr.h | 4 +-
> arch/s390/kernel/process.c | 2 +-
> arch/s390/kernel/runtime_instr.c | 30 ++++++-------
> arch/s390/pci/pci.c | 5 ++-
> arch/s390/pci/pci_insn.c | 6 ++-
> arch/x86/include/asm/syscalls.h | 2 +-
> arch/x86/kernel/kprobes/ftrace.c | 23 ++++++----
> arch/x86/kernel/ldt.c | 16 +++++--
> arch/x86/um/ldt.c | 7 ++-
> drivers/dma/pl330.c | 19 +++-----
> drivers/edac/sb_edac.c | 1 +
> drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 2 +
> drivers/md/bcache/request.c | 9 +++-
> drivers/net/appletalk/ipddp.c | 2 +-
> drivers/net/ethernet/broadcom/bcmsysport.c | 23 +++++-----
> drivers/net/ethernet/freescale/fec_main.c | 23 ++++------
> drivers/net/ethernet/renesas/ravb_main.c | 8 +---
> drivers/net/xen-netfront.c | 29 +++++-------
> drivers/spi/spi-sh-msiof.c | 2 +-
> drivers/staging/lustre/lustre/llite/llite_mmap.c | 4 +-
> drivers/tty/serial/8250/8250_fintek.c | 2 +-
> drivers/tty/serial/8250/8250_pci.c | 3 ++
> drivers/tty/serial/8250/8250_port.c | 5 ++-
> drivers/tty/sysrq.c | 9 +++-
> drivers/usb/core/config.c | 31 +++++++++++--
> drivers/usb/core/devio.c | 56 ++++++++++++------------
> drivers/usb/core/hub.c | 9 ++++
> drivers/usb/core/quirks.c | 3 ++
> drivers/usb/dwc2/gadget.c | 7 +++
> drivers/usb/host/ehci-dbg.c | 2 +-
> drivers/usb/host/xhci-mem.c | 7 +++
> drivers/usb/phy/phy-tahvo.c | 3 +-
> drivers/usb/serial/option.c | 3 ++
> drivers/usb/storage/uas-detect.h | 4 ++
> fs/nfs/nfs4proc.c | 3 --
> fs/nfs/nfs4state.c | 1 -
> fs/ocfs2/file.c | 9 +---
> include/linux/buffer_head.h | 4 +-
> include/linux/usb.h | 1 +
> include/uapi/linux/usb/ch9.h | 19 ++++++++
> net/ipv4/tcp_input.c | 2 +-
> net/ipv6/ip6_vti.c | 2 +-
> net/sctp/debug.c | 2 +-
> net/tipc/server.c | 4 +-
> security/integrity/ima/ima_main.c | 4 ++
> tools/perf/tests/attr.c | 2 +-
> tools/testing/selftests/x86/ldt_gdt.c | 17 ++++++-
> tools/usb/usbip/Makefile.am | 3 +-
> virt/kvm/arm/arch_timer.c | 3 --
> 52 files changed, 278 insertions(+), 181 deletions(-)
>
>
Merged, compiled, and flashed on my Pixel 2 XL and OnePlus 5.
No initial issues noticed in general usage or dmesg.
On Thu, Dec 07, 2017 at 08:23:59AM -0700, Nathan Chancellor wrote:
> Merged, compiled, and flashed on my Pixel 2 XL and OnePlus 5.
>
> No initial issues noticed in general usage or dmesg.
Thanks for the testing and letting me know.
greg k-h
On Thu, Dec 07, 2017 at 02:06:54PM +0100, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.4.105 release.
> There are 49 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat Dec 9 12:46:41 UTC 2017.
> Anything received after that time might be too late.
>
Build results:
total: 145 pass: 145 fail: 0
Qemu test results:
total: 116 pass: 116 fail: 0
Details are available at http://kerneltests.org/builders.
Guenter
On 12/07/2017 06:06 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.4.105 release.
> There are 49 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat Dec 9 12:46:41 UTC 2017.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.105-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
Compiled and booted on my test system. No dmesg regressions.
thanks,
-- Shuah
On Thu, 2017-12-07 at 14:07 +0100, Greg Kroah-Hartman wrote:
> 4.4-stable review patch. If anyone has any objections, please let me
> know.
>
> ------------------
>
> From: John Stultz <[email protected]>
>
>
> [ Upstream commit ce2b21a4e5ce042c0a42c9db8fa9e0f849427d5e ]
>
> It has been noticed that the dwc2 udc state reporting doesn't
> seem to work (at least on HiKey boards). Where after the initial
> setup, the sysfs /sys/class/udc/f72c0000.usb/state file would
> report "configured" no matter the state of the OTG port.
>
> This patch adds a call so that we report to the UDC layer when
> the gadget device is disconnected.
>
> This patch does depend on the previous patch ("usb: dwc2:
> Improve gadget state disconnection handling") in this patch set
> in order to properly work.
Then you should add that (commit d2471d4a24df).
Ben.
> Cc: Wei Xu <[email protected]>
> Cc: Guodong Xu <[email protected]>
> Cc: Amit Pundir <[email protected]>
> Cc: YongQin Liu <[email protected]>
> Cc: John Youn <[email protected]>
> Cc: Minas Harutyunyan <[email protected]>
> Cc: Douglas Anderson <[email protected]>
> Cc: Chen Yu <[email protected]>
> Cc: Felipe Balbi <[email protected]>
> Cc: Greg Kroah-Hartman <[email protected]>
> Cc: [email protected]
> Acked-by: Minas Harutyunyan <[email protected]>
> Tested-by: Minas Harutyunyan <[email protected]>
> Reported-by: Amit Pundir <[email protected]>
> Signed-off-by: John Stultz <[email protected]>
> Signed-off-by: Felipe Balbi <[email protected]>
> Signed-off-by: Sasha Levin <[email protected]>
> Signed-off-by: Greg Kroah-Hartman <[email protected]>
> ---
> drivers/usb/dwc2/gadget.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> --- a/drivers/usb/dwc2/gadget.c
> +++ b/drivers/usb/dwc2/gadget.c
> @@ -2206,6 +2206,8 @@ void dwc2_hsotg_disconnect(struct dwc2_h
>
> call_gadget(hsotg, disconnect);
> hsotg->lx_state = DWC2_L3;
> +
> + usb_gadget_set_state(&hsotg->gadget, USB_STATE_NOTATTACHED);
> }
>
> /**
>
>
>
--
Ben Hutchings
Software Developer, Codethink Ltd.
On Thu, 2017-12-07 at 14:07 +0100, Greg Kroah-Hartman wrote:
> 4.4-stable review patch. If anyone has any objections, please let me know.
>
> ------------------
>
> From: Ben Hutchings <[email protected]>
>
>
> [ Upstream commit c15562c0dcb2c7f26e891923b784cf1926b8c833 ]
>
> usbip_host_driver.h now depends on several additional headers, which
> need to be installed along with it.
>
> Fixes: 021aed845303 ("staging: usbip: userspace: migrate usbip_host_driver ...")
> Fixes: 3391ba0e2792 ("usbip: tools: Extract generic code to be shared with ...")
> Signed-off-by: Ben Hutchings <[email protected]>
> Acked-by: Shuah Khan <[email protected]>
> Signed-off-by: Greg Kroah-Hartman <[email protected]>
> Signed-off-by: Sasha Levin <[email protected]>
> Signed-off-by: Greg Kroah-Hartman <[email protected]>
> ---
> tools/usb/usbip/Makefile.am | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> --- a/tools/usb/usbip/Makefile.am
> +++ b/tools/usb/usbip/Makefile.am
> @@ -1,6 +1,7 @@
> SUBDIRS := libsrc src
> includedir = @includedir@/usbip
> include_HEADERS := $(addprefix libsrc/, \
> - usbip_common.h vhci_driver.h usbip_host_driver.h)
> + usbip_common.h vhci_driver.h usbip_host_driver.h \
> + list.h sysfs_utils.h usbip_host_common.h)
usbip_host_common.h was added in 4.7 (by the second commit listed
above), so for 4.4 and 3.18 it should not be added to this list.
Ben.
> dist_man_MANS := $(addprefix doc/, usbip.8 usbipd.8)
>
>
>
--
Ben Hutchings
Software Developer, Codethink Ltd.
On Thu, 2017-12-07 at 14:07 +0100, Greg Kroah-Hartman wrote:
> 4.4-stable review patch. If anyone has any objections, please let me know.
>
> ------------------
>
> From: Benjamin Coddington <[email protected]>
>
>
> [ Upstream commit 4b09ec4b14a168bf2c687e1f598140c3c11e9222 ]
>
> I have reports of a crash that look like __fput() was called twice for
> a NFSv4.0 file. It seems possible that the state manager could try to
> reclaim a lock and take a reference on the fl->fl_file at the same time the
> file is being released if, during the close(), a signal interrupts the wait
> for outstanding IO while removing locks which then skips the removal
> of that lock.
>
> Since 83bfff23e9ed ("nfs4: have do_vfs_lock take an inode pointer") has
> removed the need to traverse fl->fl_file->f_inode in nfs4_lock_done(),
> taking that reference is no longer necessary.
[...]
No objection to this in 4.4, but that other commit only went into 4.2
so this fix doesn't look suitable for 3.18.
Ben.
--
Ben Hutchings
Software Developer, Codethink Ltd.
On Thu, 2017-12-07 at 14:07 +0100, Greg Kroah-Hartman wrote:
> 4.4-stable review patch. If anyone has any objections, please let me
> know.
>
> ------------------
>
> From: Colin Ian King <[email protected]>
>
>
> [ Upstream commit 0e73fc9a56f22f2eec4d2b2910c649f7af67b74d ]
>
> The comparison on the timeout can lead to an array overrun
> read on sctp_timer_tbl because of an off-by-one error. Fix
> this by using < instead of <= and also compare to the array
> size rather than SCTP_EVENT_TIMEOUT_MAX.
>
> Fixes CoverityScan CID#1397639 ("Out-of-bounds read")
SCTP_EVENT_TIMEOUT_MAX is one less than the array size, so the bounds
check using <= was correct. This is cleanup, not a bug fix.
Ben.
> Signed-off-by: Colin Ian King <[email protected]>
> Signed-off-by: David S. Miller <[email protected]>
> Signed-off-by: Sasha Levin <[email protected]>
> Signed-off-by: Greg Kroah-Hartman <[email protected]>
> ---
> net/sctp/debug.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> --- a/net/sctp/debug.c
> +++ b/net/sctp/debug.c
> @@ -166,7 +166,7 @@ static const char *const sctp_timer_tbl[
> /* Lookup timer debug name. */
> const char *sctp_tname(const sctp_subtype_t id)
> {
> - if (id.timeout <= SCTP_EVENT_TIMEOUT_MAX)
> + if (id.timeout < ARRAY_SIZE(sctp_timer_tbl))
> return sctp_timer_tbl[id.timeout];
> return "unknown_timer";
> }
>
>
>
--
Ben Hutchings
Software Developer, Codethink Ltd.
On Thu, 2017-12-07 at 14:07 +0100, Greg Kroah-Hartman wrote:
> 4.4-stable review patch. If anyone has any objections, please let me
> know.
>
> ------------------
>
> From: Ross Lagerwall <[email protected]>
>
>
> [ Upstream commit e2e004acc7cbe3c531e752a270a74e95cde3ea48 ]
[...]
> @@ -1950,9 +1942,10 @@ abort_transaction_no_dev_fatal:
> xenbus_transaction_end(xbt, 1);
> destroy_ring:
> xennet_disconnect_backend(info);
> - kfree(info->queues);
> - info->queues = NULL;
> + xennet_destroy_queues(info);
> out:
> + unregister_netdev(info->netdev);
> + xennet_free_netdev(info->netdev);
> return err;
> }
This last bit of cleanup looks wrong. It was subsequently changed
upstream by:
86b5672b1adb xen-netfront: avoid crashing on resume after a failure in talk_to_netback()
Ben.
--
Ben Hutchings
Software Developer, Codethink Ltd.
On 7 December 2017 at 18:36, Greg Kroah-Hartman
<[email protected]> wrote:
> This is the start of the stable review cycle for the 4.4.105 release.
> There are 49 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat Dec 9 12:46:41 UTC 2017.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.105-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Results from Linaro’s test farm.
No regressions on arm64, arm and x86_64.
Summary
------------------------------------------------------------------------
kernel: 4.4.105-rc1
git repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
git branch: linux-4.4.y
git commit: ffc1d3fcd46a59815958ce25e4e70da1a8a5799d
git describe: v4.4.104-50-gffc1d3fcd46a
Test details: https://qa-reports.linaro.org/lkft/linux-stable-rc-4.4-oe/build/v4.4.104-50-gffc1d3fcd46a
No regressions (compared to build v4.4.104-41-g313a3e2c5953)
Boards, architectures and test suites:
-------------------------------------
juno-r2 - arm64
* boot - pass: 20,
* kselftest - fail: 1, pass: 26, skip: 26
* libhugetlbfs - pass: 90, skip: 1
* ltp-cap_bounds-tests - pass: 2,
* ltp-containers-tests - pass: 28, skip: 36
* ltp-fcntl-locktests-tests - pass: 2,
* ltp-filecaps-tests - pass: 2,
* ltp-fs-tests - pass: 60,
* ltp-fs_bind-tests - pass: 2,
* ltp-fs_perms_simple-tests - pass: 19,
* ltp-fsx-tests - pass: 2,
* ltp-hugetlb-tests - pass: 22,
* ltp-io-tests - pass: 3,
* ltp-ipc-tests - pass: 9,
* ltp-math-tests - pass: 11,
* ltp-nptl-tests - pass: 2,
* ltp-pty-tests - pass: 4,
* ltp-sched-tests - pass: 14,
* ltp-securebits-tests - pass: 4,
* ltp-syscalls-tests - pass: 982, skip: 124
* ltp-timers-tests - pass: 12,
x15 - arm
* boot - pass: 20,
* kselftest - pass: 25, skip: 29
* libhugetlbfs - pass: 87, skip: 1
* ltp-cap_bounds-tests - pass: 2,
* ltp-containers-tests - pass: 64,
* ltp-fcntl-locktests-tests - pass: 2,
* ltp-filecaps-tests - pass: 2,
* ltp-fs-tests - pass: 60,
* ltp-fs_bind-tests - pass: 2,
* ltp-fs_perms_simple-tests - pass: 19,
* ltp-fsx-tests - pass: 2,
* ltp-hugetlb-tests - pass: 20, skip: 2
* ltp-io-tests - pass: 3,
* ltp-ipc-tests - pass: 9,
* ltp-math-tests - pass: 11,
* ltp-nptl-tests - pass: 2,
* ltp-pty-tests - pass: 4,
* ltp-sched-tests - pass: 13, skip: 1
* ltp-securebits-tests - pass: 4,
* ltp-syscalls-tests - pass: 1035, skip: 67
* ltp-timers-tests - pass: 12,
x86_64
* boot - pass: 20,
* kselftest - pass: 38, skip: 32
* libhugetlbfs - pass: 76, skip: 1
* ltp-cap_bounds-tests - pass: 2,
* ltp-containers-tests - pass: 64,
* ltp-fcntl-locktests-tests - pass: 2,
* ltp-filecaps-tests - pass: 2,
* ltp-fs-tests - pass: 61, skip: 1
* ltp-fs_bind-tests - pass: 2,
* ltp-fs_perms_simple-tests - pass: 19,
* ltp-fsx-tests - pass: 2,
* ltp-hugetlb-tests - pass: 22,
* ltp-io-tests - pass: 3,
* ltp-ipc-tests - pass: 9,
* ltp-math-tests - pass: 11,
* ltp-nptl-tests - pass: 2,
* ltp-pty-tests - pass: 4,
* ltp-sched-tests - pass: 9, skip: 1
* ltp-securebits-tests - pass: 4,
* ltp-syscalls-tests - pass: 956, skip: 164
* ltp-timers-tests - pass: 12,
And the arm64 hikey results.
Summary
------------------------------------------------------------------------
kernel: 4.4.105-rc1
git repo: https://git.linaro.org/lkft/arm64-stable-rc.git
git tag: 4.4.105-rc1-hikey-20171207-71
git commit: a849b7fb29a1351a51385f46e75306760d936bbc
git describe: 4.4.105-rc1-hikey-20171207-71
Test details: https://qa-reports.linaro.org/lkft/linaro-hikey-stable-rc-4.4-oe/build/4.4.105-rc1-hikey-20171207-71
No regressions (compared to build 4.4.105-rc1-hikey-20171206-69)
Boards, architectures and test suites:
-------------------------------------
hi6220-hikey - arm64
* boot - pass: 20,
* kselftest - pass: 24, skip: 31
* libhugetlbfs - pass: 90, skip: 1
* ltp-cap_bounds-tests - pass: 2,
* ltp-containers-tests - pass: 28, skip: 36
* ltp-fcntl-locktests-tests - pass: 2,
* ltp-filecaps-tests - pass: 2,
* ltp-fs-tests - pass: 60,
* ltp-fs_bind-tests - pass: 2,
* ltp-fs_perms_simple-tests - pass: 19,
* ltp-fsx-tests - pass: 2,
* ltp-hugetlb-tests - pass: 21, skip: 1
* ltp-io-tests - pass: 3,
* ltp-ipc-tests - pass: 9,
* ltp-math-tests - pass: 11,
* ltp-nptl-tests - pass: 2,
* ltp-pty-tests - pass: 4,
* ltp-sched-tests - pass: 14,
* ltp-securebits-tests - pass: 4,
* ltp-syscalls-tests - pass: 979, skip: 124
* ltp-timers-tests - pass: 12,
Documentation - https://collaborate.linaro.org/display/LKFT/Email+Reports
Tested-by: Naresh Kamboju <[email protected]>
On Fri, Dec 08, 2017 at 03:56:40AM +0000, Ben Hutchings wrote:
>On Thu, 2017-12-07 at 14:07 +0100, Greg Kroah-Hartman wrote:
>> 4.4-stable review patch.??If anyone has any objections, please let me know.
>>
>> ------------------
>>
>> From: Ben Hutchings <[email protected]>
>>
>>
>> [ Upstream commit c15562c0dcb2c7f26e891923b784cf1926b8c833 ]
>>
>> usbip_host_driver.h now depends on several additional headers, which
>> need to be installed along with it.
>>
>> Fixes: 021aed845303 ("staging: usbip: userspace: migrate usbip_host_driver ...")
>> Fixes: 3391ba0e2792 ("usbip: tools: Extract generic code to be shared with ...")
>> Signed-off-by: Ben Hutchings <[email protected]>
>> Acked-by: Shuah Khan <[email protected]>
>> Signed-off-by: Greg Kroah-Hartman <[email protected]>
>> Signed-off-by: Sasha Levin <[email protected]>
>> Signed-off-by: Greg Kroah-Hartman <[email protected]>
>> ---
>> ?tools/usb/usbip/Makefile.am |????3 ++-
>> ?1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> --- a/tools/usb/usbip/Makefile.am
>> +++ b/tools/usb/usbip/Makefile.am
>> @@ -1,6 +1,7 @@
>> ?SUBDIRS := libsrc src
>> ?includedir = @includedir@/usbip
>> ?include_HEADERS := $(addprefix libsrc/, \
>> - ?????usbip_common.h vhci_driver.h usbip_host_driver.h)
>> + ?????usbip_common.h vhci_driver.h usbip_host_driver.h \
>> + ?????list.h sysfs_utils.h usbip_host_common.h)
>
>usbip_host_common.h was added in 4.7 (by the second commit listed
>above), so?for 4.4 and 3.18 it should not be added to this list.
Thanks Ben!
Greg, I'm not sure how to send you fixes for patches currently in your
-rc cycle, since ideally you would just remove them instead of
reverting. Any ideas?
--
Thanks,
Sasha
On Sat, Dec 09, 2017 at 06:16:04AM +0000, [email protected] wrote:
> On Fri, Dec 08, 2017 at 03:56:40AM +0000, Ben Hutchings wrote:
> >On Thu, 2017-12-07 at 14:07 +0100, Greg Kroah-Hartman wrote:
> >> 4.4-stable review patch.??If anyone has any objections, please let me know.
> >>
> >> ------------------
> >>
> >> From: Ben Hutchings <[email protected]>
> >>
> >>
> >> [ Upstream commit c15562c0dcb2c7f26e891923b784cf1926b8c833 ]
> >>
> >> usbip_host_driver.h now depends on several additional headers, which
> >> need to be installed along with it.
> >>
> >> Fixes: 021aed845303 ("staging: usbip: userspace: migrate usbip_host_driver ...")
> >> Fixes: 3391ba0e2792 ("usbip: tools: Extract generic code to be shared with ...")
> >> Signed-off-by: Ben Hutchings <[email protected]>
> >> Acked-by: Shuah Khan <[email protected]>
> >> Signed-off-by: Greg Kroah-Hartman <[email protected]>
> >> Signed-off-by: Sasha Levin <[email protected]>
> >> Signed-off-by: Greg Kroah-Hartman <[email protected]>
> >> ---
> >> ?tools/usb/usbip/Makefile.am |????3 ++-
> >> ?1 file changed, 2 insertions(+), 1 deletion(-)
> >>
> >> --- a/tools/usb/usbip/Makefile.am
> >> +++ b/tools/usb/usbip/Makefile.am
> >> @@ -1,6 +1,7 @@
> >> ?SUBDIRS := libsrc src
> >> ?includedir = @includedir@/usbip
> >> ?include_HEADERS := $(addprefix libsrc/, \
> >> - ?????usbip_common.h vhci_driver.h usbip_host_driver.h)
> >> + ?????usbip_common.h vhci_driver.h usbip_host_driver.h \
> >> + ?????list.h sysfs_utils.h usbip_host_common.h)
> >
> >usbip_host_common.h was added in 4.7 (by the second commit listed
> >above), so?for 4.4 and 3.18 it should not be added to this list.
>
> Thanks Ben!
>
> Greg, I'm not sure how to send you fixes for patches currently in your
> -rc cycle, since ideally you would just remove them instead of
> reverting. Any ideas?
Yes, I can just drop them from the queue. I'll go through all of these
later this evening when I get back to the keyboard...
thanks,
greg k-h
On Fri, Dec 08, 2017 at 04:18:58AM +0000, Ben Hutchings wrote:
> On Thu, 2017-12-07 at 14:07 +0100, Greg Kroah-Hartman wrote:
> > 4.4-stable review patch.??If anyone has any objections, please let me know.
> >
> > ------------------
> >
> > From: Benjamin Coddington <[email protected]>
> >
> >
> > [ Upstream commit 4b09ec4b14a168bf2c687e1f598140c3c11e9222 ]
> >
> > I have reports of a crash that look like __fput() was called twice for
> > a NFSv4.0 file.??It seems possible that the state manager could try to
> > reclaim a lock and take a reference on the fl->fl_file at the same time the
> > file is being released if, during the close(), a signal interrupts the wait
> > for outstanding IO while removing locks which then skips the removal
> > of that lock.
> >
> > Since 83bfff23e9ed ("nfs4: have do_vfs_lock take an inode pointer") has
> > removed the need to traverse fl->fl_file->f_inode in nfs4_lock_done(),
> > taking that reference is no longer necessary.
> [...]
>
> No objection to this in 4.4, but that other commit only went into 4.2
> so this fix doesn't look suitable for 3.18.
Good catch, now dropped, thanks.
greg k-h
On Fri, Dec 08, 2017 at 04:34:51AM +0000, Ben Hutchings wrote:
> On Thu, 2017-12-07 at 14:07 +0100, Greg Kroah-Hartman wrote:
> > 4.4-stable review patch.??If anyone has any objections, please let me
> > know.
> >
> > ------------------
> >
> > From: Colin Ian King <[email protected]>
> >
> >
> > [ Upstream commit 0e73fc9a56f22f2eec4d2b2910c649f7af67b74d ]
> >
> > The comparison on the timeout can lead to an array overrun
> > read on sctp_timer_tbl because of an off-by-one error. Fix
> > this by using < instead of <= and also compare to the array
> > size rather than SCTP_EVENT_TIMEOUT_MAX.
> >
> > Fixes CoverityScan CID#1397639 ("Out-of-bounds read")
>
> SCTP_EVENT_TIMEOUT_MAX is one less than the array size, so the bounds
> check using <= was correct. This is cleanup, not a bug fix.
Ah, I was wondering why no one caught this earlier for submission.
Coverity isn't the smartest tool at times :(
thanks,
greg k-h
On Fri, Dec 08, 2017 at 05:10:49AM +0000, Ben Hutchings wrote:
> On Thu, 2017-12-07 at 14:07 +0100, Greg Kroah-Hartman wrote:
> > 4.4-stable review patch.??If anyone has any objections, please let me
> > know.
> >
> > ------------------
> >
> > From: Ross Lagerwall <[email protected]>
> >
> >
> > [ Upstream commit e2e004acc7cbe3c531e752a270a74e95cde3ea48 ]
> [...]
> > @@ -1950,9 +1942,10 @@ abort_transaction_no_dev_fatal:
> > ? xenbus_transaction_end(xbt, 1);
> > ? destroy_ring:
> > ? xennet_disconnect_backend(info);
> > - kfree(info->queues);
> > - info->queues = NULL;
> > + xennet_destroy_queues(info);
> > ? out:
> > + unregister_netdev(info->netdev);
> > + xennet_free_netdev(info->netdev);
> > ? return err;
> > ?}
>
> This last bit of cleanup looks wrong. It was subsequently changed
> upstream by:
>
> 86b5672b1adb xen-netfront: avoid crashing on resume after a failure in talk_to_netback()
Good catch, but it's d86b5672b1ad ("xen-netfront: avoid crashing on
resume after a failure in talk_to_netback()")
:)
thanks,
greg k-h
On Fri, Dec 08, 2017 at 12:00:47PM -0800, Kevin Hilman wrote:
> kernelci.org bot <[email protected]> writes:
>
> > stable-rc/linux-4.4.y boot: 122 boots: 2 failed, 106 passed with 12 offline, 2 conflicts (v4.4.104-50-gffc1d3fcd46a)
> >
> > Full Boot Summary: https://kernelci.org/boot/all/job/stable-rc/branch/linux-4.4.y/kernel/v4.4.104-50-gffc1d3fcd46a/
> > Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-4.4.y/kernel/v4.4.104-50-gffc1d3fcd46a/
> >
> > Tree: stable-rc
> > Branch: linux-4.4.y
> > Git Describe: v4.4.104-50-gffc1d3fcd46a
> > Git Commit: ffc1d3fcd46a59815958ce25e4e70da1a8a5799d
> > Git URL: http://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
> > Tested: 62 unique boards, 20 SoC families, 18 builds out of 182
> >
> > Boot Regressions Detected:
> >
> > arm:
> >
> > exynos_defconfig:
> > exynos5422-odroidxu3:
> > lab-collabora: failing since 31 days (last pass: v4.4.95-21-g32458fcb7bd6 - first fail: v4.4.96-41-g336421367b9c)
> > exynos5422-odroidxu3_rootfs:nfs:
> > lab-collabora: failing since 23 days (last pass: v4.4.95-21-g32458fcb7bd6 - first fail: v4.4.97-57-g528c687b455d)
>
> TL;DR; All is well.
>
> These two are passing in another lab, so this is a board/lab setup issue
> under. Guillaume (Cc'd) is investigating.
I figured with a lab that was failing for that long, I didn't need to
worry about it.
thanks,
greg k-h
> Kevin
On Fri, Dec 08, 2017 at 03:56:40AM +0000, Ben Hutchings wrote:
> On Thu, 2017-12-07 at 14:07 +0100, Greg Kroah-Hartman wrote:
> > 4.4-stable review patch.??If anyone has any objections, please let me know.
> >
> > ------------------
> >
> > From: Ben Hutchings <[email protected]>
> >
> >
> > [ Upstream commit c15562c0dcb2c7f26e891923b784cf1926b8c833 ]
> >
> > usbip_host_driver.h now depends on several additional headers, which
> > need to be installed along with it.
> >
> > Fixes: 021aed845303 ("staging: usbip: userspace: migrate usbip_host_driver ...")
> > Fixes: 3391ba0e2792 ("usbip: tools: Extract generic code to be shared with ...")
> > Signed-off-by: Ben Hutchings <[email protected]>
> > Acked-by: Shuah Khan <[email protected]>
> > Signed-off-by: Greg Kroah-Hartman <[email protected]>
> > Signed-off-by: Sasha Levin <[email protected]>
> > Signed-off-by: Greg Kroah-Hartman <[email protected]>
> > ---
> > ?tools/usb/usbip/Makefile.am |????3 ++-
> > ?1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > --- a/tools/usb/usbip/Makefile.am
> > +++ b/tools/usb/usbip/Makefile.am
> > @@ -1,6 +1,7 @@
> > ?SUBDIRS := libsrc src
> > ?includedir = @includedir@/usbip
> > ?include_HEADERS := $(addprefix libsrc/, \
> > - ?????usbip_common.h vhci_driver.h usbip_host_driver.h)
> > + ?????usbip_common.h vhci_driver.h usbip_host_driver.h \
> > + ?????list.h sysfs_utils.h usbip_host_common.h)
>
> usbip_host_common.h was added in 4.7 (by the second commit listed
> above), so?for 4.4 and 3.18 it should not be added to this list.
Thanks, now dropped from those trees.
Many thanks for the great review.
greg k-h
On Fri, Dec 08, 2017 at 03:37:17AM +0000, Ben Hutchings wrote:
> On Thu, 2017-12-07 at 14:07 +0100, Greg Kroah-Hartman wrote:
> > 4.4-stable review patch.??If anyone has any objections, please let me
> > know.
> >
> > ------------------
> >
> > From: John Stultz <[email protected]>
> >
> >
> > [ Upstream commit ce2b21a4e5ce042c0a42c9db8fa9e0f849427d5e ]
> >
> > It has been noticed that the dwc2 udc state reporting doesn't
> > seem to work (at least on HiKey boards). Where after the initial
> > setup, the sysfs /sys/class/udc/f72c0000.usb/state file would
> > report "configured" no matter the state of the OTG port.
> >
> > This patch adds a call so that we report to the UDC layer when
> > the gadget device is disconnected.
> >
> > This patch does depend on the previous patch ("usb: dwc2:
> > Improve gadget state disconnection handling") in this patch set
> > in order to properly work.
>
> Then you should add that (commit d2471d4a24df).
Ah, but that patch doesn't apply :(
So, I've dropped this one, and the one after this one (which depended on
this one), so all should be back to how things were.
Sasha, can you fix this up and submit all 3 for the 4.4, 4.9 and 4.14
trees sometime in the future?
thanks,
greg k-h
On Sat, Dec 09, 2017 at 08:41:54AM +0100, Greg Kroah-Hartman wrote:
>On Sat, Dec 09, 2017 at 06:16:04AM +0000, [email protected] wrote:
>> On Fri, Dec 08, 2017 at 03:56:40AM +0000, Ben Hutchings wrote:
>> >On Thu, 2017-12-07 at 14:07 +0100, Greg Kroah-Hartman wrote:
>> >> 4.4-stable review patch.??If anyone has any objections, please let me know.
>> >>
>> >> ------------------
>> >>
>> >> From: Ben Hutchings <[email protected]>
>> >>
>> >>
>> >> [ Upstream commit c15562c0dcb2c7f26e891923b784cf1926b8c833 ]
>> >>
>> >> usbip_host_driver.h now depends on several additional headers, which
>> >> need to be installed along with it.
>> >>
>> >> Fixes: 021aed845303 ("staging: usbip: userspace: migrate usbip_host_driver ...")
>> >> Fixes: 3391ba0e2792 ("usbip: tools: Extract generic code to be shared with ...")
>> >> Signed-off-by: Ben Hutchings <[email protected]>
>> >> Acked-by: Shuah Khan <[email protected]>
>> >> Signed-off-by: Greg Kroah-Hartman <[email protected]>
>> >> Signed-off-by: Sasha Levin <[email protected]>
>> >> Signed-off-by: Greg Kroah-Hartman <[email protected]>
>> >> ---
>> >> ?tools/usb/usbip/Makefile.am |????3 ++-
>> >> ?1 file changed, 2 insertions(+), 1 deletion(-)
>> >>
>> >> --- a/tools/usb/usbip/Makefile.am
>> >> +++ b/tools/usb/usbip/Makefile.am
>> >> @@ -1,6 +1,7 @@
>> >> ?SUBDIRS := libsrc src
>> >> ?includedir = @includedir@/usbip
>> >> ?include_HEADERS := $(addprefix libsrc/, \
>> >> - ?????usbip_common.h vhci_driver.h usbip_host_driver.h)
>> >> + ?????usbip_common.h vhci_driver.h usbip_host_driver.h \
>> >> + ?????list.h sysfs_utils.h usbip_host_common.h)
>> >
>> >usbip_host_common.h was added in 4.7 (by the second commit listed
>> >above), so?for 4.4 and 3.18 it should not be added to this list.
>>
>> Thanks Ben!
>>
>> Greg, I'm not sure how to send you fixes for patches currently in your
>> -rc cycle, since ideally you would just remove them instead of
>> reverting. Any ideas?
>
>Yes, I can just drop them from the queue. I'll go through all of these
>later this evening when I get back to the keyboard...
If you regenerate trees based on the queue, can I send you patches for
your stable-queue to remove commits after you've pulled from me but
before you release it?
--
Thanks,
Sasha
On Sat, Dec 09, 2017 at 06:12:56PM +0100, Greg Kroah-Hartman wrote:
>On Fri, Dec 08, 2017 at 03:37:17AM +0000, Ben Hutchings wrote:
>> On Thu, 2017-12-07 at 14:07 +0100, Greg Kroah-Hartman wrote:
>> > 4.4-stable review patch.??If anyone has any objections, please let me
>> > know.
>> >
>> > ------------------
>> >
>> > From: John Stultz <[email protected]>
>> >
>> >
>> > [ Upstream commit ce2b21a4e5ce042c0a42c9db8fa9e0f849427d5e ]
>> >
>> > It has been noticed that the dwc2 udc state reporting doesn't
>> > seem to work (at least on HiKey boards). Where after the initial
>> > setup, the sysfs /sys/class/udc/f72c0000.usb/state file would
>> > report "configured" no matter the state of the OTG port.
>> >
>> > This patch adds a call so that we report to the UDC layer when
>> > the gadget device is disconnected.
>> >
>> > This patch does depend on the previous patch ("usb: dwc2:
>> > Improve gadget state disconnection handling") in this patch set
>> > in order to properly work.
>>
>> Then you should add that (commit d2471d4a24df).
>
>Ah, but that patch doesn't apply :(
>
>So, I've dropped this one, and the one after this one (which depended on
>this one), so all should be back to how things were.
>
>Sasha, can you fix this up and submit all 3 for the 4.4, 4.9 and 4.14
>trees sometime in the future?
Sure, I'll resend this.
--
Thanks,
Sasha
On Tue, Dec 12, 2017 at 12:13:59AM +0000, [email protected] wrote:
> On Sat, Dec 09, 2017 at 08:41:54AM +0100, Greg Kroah-Hartman wrote:
> >On Sat, Dec 09, 2017 at 06:16:04AM +0000, [email protected] wrote:
> >> On Fri, Dec 08, 2017 at 03:56:40AM +0000, Ben Hutchings wrote:
> >> >On Thu, 2017-12-07 at 14:07 +0100, Greg Kroah-Hartman wrote:
> >> >> 4.4-stable review patch.??If anyone has any objections, please let me know.
> >> >>
> >> >> ------------------
> >> >>
> >> >> From: Ben Hutchings <[email protected]>
> >> >>
> >> >>
> >> >> [ Upstream commit c15562c0dcb2c7f26e891923b784cf1926b8c833 ]
> >> >>
> >> >> usbip_host_driver.h now depends on several additional headers, which
> >> >> need to be installed along with it.
> >> >>
> >> >> Fixes: 021aed845303 ("staging: usbip: userspace: migrate usbip_host_driver ...")
> >> >> Fixes: 3391ba0e2792 ("usbip: tools: Extract generic code to be shared with ...")
> >> >> Signed-off-by: Ben Hutchings <[email protected]>
> >> >> Acked-by: Shuah Khan <[email protected]>
> >> >> Signed-off-by: Greg Kroah-Hartman <[email protected]>
> >> >> Signed-off-by: Sasha Levin <[email protected]>
> >> >> Signed-off-by: Greg Kroah-Hartman <[email protected]>
> >> >> ---
> >> >> ?tools/usb/usbip/Makefile.am |????3 ++-
> >> >> ?1 file changed, 2 insertions(+), 1 deletion(-)
> >> >>
> >> >> --- a/tools/usb/usbip/Makefile.am
> >> >> +++ b/tools/usb/usbip/Makefile.am
> >> >> @@ -1,6 +1,7 @@
> >> >> ?SUBDIRS := libsrc src
> >> >> ?includedir = @includedir@/usbip
> >> >> ?include_HEADERS := $(addprefix libsrc/, \
> >> >> - ?????usbip_common.h vhci_driver.h usbip_host_driver.h)
> >> >> + ?????usbip_common.h vhci_driver.h usbip_host_driver.h \
> >> >> + ?????list.h sysfs_utils.h usbip_host_common.h)
> >> >
> >> >usbip_host_common.h was added in 4.7 (by the second commit listed
> >> >above), so?for 4.4 and 3.18 it should not be added to this list.
> >>
> >> Thanks Ben!
> >>
> >> Greg, I'm not sure how to send you fixes for patches currently in your
> >> -rc cycle, since ideally you would just remove them instead of
> >> reverting. Any ideas?
> >
> >Yes, I can just drop them from the queue. I'll go through all of these
> >later this evening when I get back to the keyboard...
>
> If you regenerate trees based on the queue, can I send you patches for
> your stable-queue to remove commits after you've pulled from me but
> before you release it?
You can, but no one has ever done that before, could be an interesting
thing to attempt :)
greg k-h