This is the start of the stable review cycle for the 5.8.4 release.
There are 148 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Wed, 26 Aug 2020 08:23:34 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.8.4-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.8.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <[email protected]>
Linux 5.8.4-rc1
Al Viro <[email protected]>
do_epoll_ctl(): clean the failure exits up a bit
Arvind Sankar <[email protected]>
efi/libstub: Handle unterminated cmdline
Arvind Sankar <[email protected]>
efi/libstub: Handle NULL cmdline
Arvind Sankar <[email protected]>
efi/libstub: Stop parsing arguments at "--"
Li Heng <[email protected]>
efi: add missed destroy_workqueue when efisubsys_init fails
Arvind Sankar <[email protected]>
efi/x86: Mark kernel rodata non-executable for mixed mode
Tony Luck <[email protected]>
EDAC/{i7core,sb,pnd2,skx}: Fix error event severity
Vasant Hegde <[email protected]>
powerpc/pseries: Do not initiate shutdown when system is running on UPS
Michael Neuling <[email protected]>
powerpc: Fix P10 PVR revision in /proc/cpuinfo for SMT4 cores
Marc Zyngier <[email protected]>
epoll: Keep a reference on files added to the check list
Tom Rix <[email protected]>
net: dsa: b53: check for timeout
Haiyang Zhang <[email protected]>
hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit()
Veronika Kabatova <[email protected]>
selftests/bpf: Remove test_align leftovers
Wang Hai <[email protected]>
net: gemini: Fix missing free_netdev() in error path of gemini_ethernet_port_probe()
Shay Agroskin <[email protected]>
net: ena: Change WARN_ON expression in ena_del_napi_in_range()
Shay Agroskin <[email protected]>
net: ena: Prevent reset after device destruction
Jiri Wiesner <[email protected]>
bonding: fix active-backup failover for current ARP slave
Michael Roth <[email protected]>
powerpc/pseries/hotplug-cpu: wait indefinitely for vCPU death
Yonghong Song <[email protected]>
bpf: Use get_file_rcu() instead of get_file() for task_file iterator
Christophe Leroy <[email protected]>
powerpc/fixmap: Fix the size of the early debug area
Madhavan Srinivasan <[email protected]>
powerpc: Add POWER10 raw mode cputable entry
Stephen Boyd <[email protected]>
ARM64: vdso32: Install vdso32 from vdso_install
David Howells <[email protected]>
afs: Fix NULL deref in afs_dynroot_depopulate()
Masahiro Yamada <[email protected]>
kconfig: qconf: remove qInfo() to get back Qt4 support
David Howells <[email protected]>
afs: Fix key ref leak in afs_put_operation()
Weihang Li <[email protected]>
Revert "RDMA/hns: Reserve one sge in order to avoid local length error"
Selvin Xavier <[email protected]>
RDMA/bnxt_re: Do not add user qps to flushlist
Randy Dunlap <[email protected]>
Fix build error when CONFIG_ACPI is not set/enabled:
Juergen Gross <[email protected]>
efi: avoid error message when booting under Xen
Masahiro Yamada <[email protected]>
kconfig: qconf: fix signal connection to invalid slots
Masahiro Yamada <[email protected]>
kconfig: qconf: do not limit the pop-up menu to the first row
Quinn Tran <[email protected]>
Revert "scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe"
Adrian Hunter <[email protected]>
scsi: ufs: Fix interrupt error message for shared interrupts
Adrian Hunter <[email protected]>
scsi: ufs-pci: Add quirk for broken auto-hibernate for Intel EHL
Kiwoong Kim <[email protected]>
scsi: ufs: Add quirk to fix abnormal ocs fatal error
Alim Akhtar <[email protected]>
scsi: ufs: Introduce UFSHCD_QUIRK_PRDT_BYTE_GRAN quirk
Alim Akhtar <[email protected]>
scsi: ufs: Add quirk to enable host controller without hce
Alim Akhtar <[email protected]>
scsi: ufs: Add quirk to disallow reset of interrupt aggregation
Alim Akhtar <[email protected]>
scsi: ufs: Add quirk to fix mishandling utrlclr/utmrlclr
Jing Xiangfeng <[email protected]>
scsi: ufs: ti-j721e-ufs: Fix error return in ti_j721e_ufs_probe()
Colin Ian King <[email protected]>
of/address: check for invalid range.cpu_addr
Jim Mattson <[email protected]>
kvm: x86: Toggling CR4.PKE does not load PDPTEs in PAE mode
Jim Mattson <[email protected]>
kvm: x86: Toggling CR4.SMAP does not load PDPTEs in PAE mode
Jessica Clarke <[email protected]>
arch/ia64: Restore arch-specific pgd_offset_k implementation
Alex Williamson <[email protected]>
vfio/type1: Add proper error unwind for vfio_iommu_replay()
Alex Williamson <[email protected]>
vfio-pci: Avoid recursive read-lock usage
David Howells <[email protected]>
watch_queue: Limit the number of watches a user can hold
Dinghao Liu <[email protected]>
ASoC: intel: Fix memleak in sst_media_open
Srinivas Kandagatla <[email protected]>
ASoC: msm8916-wcd-analog: fix register Interrupt offset
Heiko Carstens <[email protected]>
s390/ptrace: fix storage key handling
Heiko Carstens <[email protected]>
s390/runtime_instrumentation: fix storage key handling
Mahesh Bandewar <[email protected]>
ipvlan: fix device features
Cong Wang <[email protected]>
bonding: fix a potential double-unregister
Zhang Changzhong <[email protected]>
can: j1939: add rxtimer for multipacket broadcast session
Zhang Changzhong <[email protected]>
can: j1939: abort multipacket broadcast session when timeout occurs
Zhang Changzhong <[email protected]>
can: j1939: cancel rxtimer on multipacket broadcast session complete
Zhang Changzhong <[email protected]>
can: j1939: fix support for multipacket broadcast message
Jarod Wilson <[email protected]>
bonding: show saner speed for broadcast mode
Fugang Duan <[email protected]>
net: fec: correct the error path for regulator disable in probe
Grzegorz Szczurek <[email protected]>
i40e: Fix crash during removing i40e driver
Przemyslaw Patynowski <[email protected]>
i40e: Set RX_ONLY mode for unicast promiscuous on VLAN
Vinicius Costa Gomes <[email protected]>
igc: Fix PTP initialization
Oleksij Rempel <[email protected]>
can: j1939: transport: add j1939_session_skb_find_by_offset() function
Oleksij Rempel <[email protected]>
can: j1939: transport: j1939_simple_recv(): ignore local J1939 messages send not by J1939 stack
Eric Dumazet <[email protected]>
can: j1939: fix kernel-infoleak in j1939_sk_sock2sockaddr_can()
Andrii Nakryiko <[email protected]>
libbpf: Fix BTF-defined map-in-map initialization on 32-bit host arches
John Fastabend <[email protected]>
bpf: sock_ops sk access may stomp registers when dst_reg = src_reg
John Fastabend <[email protected]>
bpf: sock_ops ctx access may stomp registers in corner case
Andrii Nakryiko <[email protected]>
tools/bpftool: Make skeleton code C++17-friendly by dropping typeof()
Srinivas Kandagatla <[email protected]>
ASoC: q6routing: add dummy register read/write function
Srinivas Kandagatla <[email protected]>
ASoC: q6afe-dai: mark all widgets registers as SND_SOC_NOPM
Amelie Delaunay <[email protected]>
spi: stm32: fixes suspend/resume management
Stephen Suryaputra <[email protected]>
netfilter: nf_tables: nft_exthdr: the presence return value should be little-endian
Jan Kara <[email protected]>
ext4: check journal inode extents more carefully
Jan Kara <[email protected]>
ext4: don't allow overlapping system zones
Qi Liu <[email protected]>
drm/virtio: fix missing dma_fence_put() in virtio_gpu_execbuffer_ioctl()
Eric Sandeen <[email protected]>
ext4: fix potential negative array index in do_split()
Helge Deller <[email protected]>
fs/signalfd.c: fix inconsistent return codes for signalfd4
OGAWA Hirofumi <[email protected]>
fat: fix fat_ra_init() for data clusters == 0
Luc Van Oostenryck <[email protected]>
alpha: fix annotation of io{read,write}{16,32}be()
Eiichi Tsukata <[email protected]>
xfs: Fix UBSAN null-ptr-deref in xfs_sysfs_init
Gaurav Singh <[email protected]>
tools/testing/selftests/cgroup/cgroup_util.c: cg_read_strcmp: fix null pointer dereference
Evgeny Novikov <[email protected]>
media: camss: fix memory leaks on error handling paths in probe
Mao Wenan <[email protected]>
virtio_ring: Avoid loop when vq is broken in virtqueue_poll
Javed Hasan <[email protected]>
scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases
Srinivas Pandruvada <[email protected]>
cpufreq: intel_pstate: Fix cpuinfo_max_freq when MSR_TURBO_RATIO_LIMIT is 0
Boris Ostrovsky <[email protected]>
swiotlb-xen: use vmalloc_to_page on vmalloc virt addresses
Xiubo Li <[email protected]>
ceph: fix use-after-free for fsc->mdsc
Zhe Li <[email protected]>
jffs2: fix UAF problem
Guo Ren <[email protected]>
riscv: Fixup static_obj() fail
Felix Kuehling <[email protected]>
drm/ttm: fix offset in VMAs with a pg_offs in ttm_bo_vm_access
Darrick J. Wong <[email protected]>
xfs: fix inode quota reservation checks
Chuck Lever <[email protected]>
svcrdma: Fix another Receive buffer leak
Greg Ungerer <[email protected]>
m68knommu: fix overwriting of bits in ColdFire V3 cache control
Jinyang He <[email protected]>
MIPS: Fix unable to reserve memory for Crash kernel
Xiongfeng Wang <[email protected]>
Input: psmouse - add a newline when printing 'proto' by sysfs
Jaegeuk Kim <[email protected]>
f2fs: should avoid inode eviction in synchronous path
Evgeny Novikov <[email protected]>
media: vpss: clean up resources in init
Huacai Chen <[email protected]>
rtc: goldfish: Enable interrupt in set_alarm() when necessary
Chao Yu <[email protected]>
f2fs: fix to check page dirty status before writeback
Chen Zhou <[email protected]>
media: coda: jpeg: add NULL check after kmalloc
Chuhong Yuan <[email protected]>
media: budget-core: Improve exception handling in budget_register()
Bodo Stroesser <[email protected]>
scsi: target: tcmu: Fix crash in tcmu_flush_dcache_range on ARM
Stanley Chu <[email protected]>
scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices
Chris Wilson <[email protected]>
drm/i915: Provide the perf pmu.module
Pankaj Bharadiya <[email protected]>
drm/i915/pmu: Prefer drm_WARN_ON over WARN_ON
Krunoslav Kovac <[email protected]>
drm/amd/display: fix pow() crashing when given base 0
Paul Hsieh <[email protected]>
drm/amd/display: Fix DFPstate hang due to view port changed
Jaehyun Chung <[email protected]>
drm/amd/display: Blank stream before destroying HDCP session
Stylon Wang <[email protected]>
drm/amd/display: Fix EDID parsing after resume from suspend
Aric Cyr <[email protected]>
drm/amd/display: Fix incorrect backlight register offset for DCN
Daniel Kolesa <[email protected]>
drm/amdgpu/display: use GFP_ATOMIC in dcn20_validate_bandwidth_internal
Christophe JAILLET <[email protected]>
drm: amdgpu: Use the correct size when allocating memory
Yang Shi <[email protected]>
mm/memory.c: skip spurious TLB flush for retried page fault
Niklas Schnelle <[email protected]>
s390/pci: ignore stale configuration request event
Niklas Schnelle <[email protected]>
s390/pci: fix PF/VF linking on hot plug
Niklas Schnelle <[email protected]>
s390/pci: re-introduce zpci_remove_device()
Niklas Schnelle <[email protected]>
s390/pci: fix zpci_bus_link_virtfn()
Yang Weijiang <[email protected]>
selftests: kvm: Use a shorter encoding to clear RAX
Will Deacon <[email protected]>
KVM: Pass MMU notifier range flags to kvm_unmap_hva_range()
Steffen Maier <[email protected]>
scsi: zfcp: Fix use-after-free in request timeout handlers
zhangyi (F) <[email protected]>
jbd2: add the missing unlock_buffer() in the error path of jbd2_write_superblock()
Jan Kara <[email protected]>
ext4: fix checking of directory entry validity for inline directories
Jan Kara <[email protected]>
ext4: do not block RWF_NOWAIT dio write on unallocated space
Stephen Boyd <[email protected]>
opp: Put opp table in dev_pm_opp_set_rate() if _set_opp_bw() fails
Stephen Boyd <[email protected]>
opp: Put opp table in dev_pm_opp_set_rate() for empty tables
Rajendra Nayak <[email protected]>
opp: Enable resources again if they were disabled earlier
Kaike Wan <[email protected]>
RDMA/hfi1: Correct an interlock issue for TID RDMA WRITE request
Hui Wang <[email protected]>
ASoC: amd: renoir: restore two more registers during resume
Charan Teja Reddy <[email protected]>
mm, page_alloc: fix core hung in free_pcppages_bulk()
Doug Berger <[email protected]>
mm: include CMA pages in lowmem_reserve at boot
Phillip Lougher <[email protected]>
squashfs: avoid bio_alloc() failure with 1Mbyte blocks
Hugh Dickins <[email protected]>
uprobes: __replace_page() avoid BUG in munlock_vma_page()
Wei Yongjun <[email protected]>
kernel/relay.c: fix memleak on destroy relay channel
Jann Horn <[email protected]>
romfs: fix uninitialized memory leak in romfs_dev_read()
Aneesh Kumar K.V <[email protected]>
mm/vunmap: add cond_resched() in vunmap_pmd_range
Jens Axboe <[email protected]>
io_uring: find and cancel head link async work on files exit
Lukas Wunner <[email protected]>
spi: Prevent adding devices below an unregistering controller
Oleksij Rempel <[email protected]>
can: j1939: socket: j1939_sk_bind(): make sure ml_priv is allocated
Oleksij Rempel <[email protected]>
can: j1939: transport: j1939_session_tx_dat(): fix use-after-free read in j1939_tp_txtimer()
Mike Pozulp <[email protected]>
ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion
Mike Pozulp <[email protected]>
ALSA: hda/realtek: Add quirk for Samsung Galaxy Flex Book
Sameer Pujar <[email protected]>
ALSA: hda: avoid reset of sdo_limit
Hugh Dickins <[email protected]>
khugepaged: adjust VM_BUG_ON_MM() in __khugepaged_enter()
Thomas Zimmermann <[email protected]>
drm/ast: Initialize DRAM type before posting GPU
Thomas Zimmermann <[email protected]>
drm/ast: Remove unused code paths for AST 1180
Paul Cercueil <[email protected]>
drm/panel-simple: Fix inverted V/H SYNC for Frida FRD350H54004 panel
Chris Wilson <[email protected]>
drm/vgem: Replace opencoded version of drm_gem_dumb_map_offset()
-------------
Diffstat:
Makefile | 4 +-
arch/alpha/include/asm/io.h | 8 +-
arch/arm64/Makefile | 1 +
arch/arm64/include/asm/kvm_host.h | 2 +-
arch/arm64/kernel/vdso32/Makefile | 2 +-
arch/arm64/kvm/mmu.c | 2 +-
arch/ia64/include/asm/pgtable.h | 9 +
arch/m68k/include/asm/m53xxacr.h | 6 +-
arch/mips/include/asm/kvm_host.h | 2 +-
arch/mips/kernel/setup.c | 2 +-
arch/mips/kvm/mmu.c | 3 +-
arch/powerpc/include/asm/fixmap.h | 2 +-
arch/powerpc/include/asm/kvm_host.h | 3 +-
arch/powerpc/kernel/cputable.c | 20 ++
arch/powerpc/kernel/setup-common.c | 1 +
arch/powerpc/kvm/book3s.c | 3 +-
arch/powerpc/kvm/e500_mmu_host.c | 3 +-
arch/powerpc/platforms/pseries/hotplug-cpu.c | 18 +-
arch/powerpc/platforms/pseries/ras.c | 1 -
arch/riscv/kernel/vmlinux.lds.S | 2 +-
arch/s390/kernel/ptrace.c | 7 +-
arch/s390/kernel/runtime_instr.c | 2 +-
arch/s390/pci/pci.c | 22 ++-
arch/s390/pci/pci_bus.c | 52 ++---
arch/s390/pci/pci_bus.h | 13 ++
arch/s390/pci/pci_event.c | 7 +-
arch/x86/include/asm/kvm_host.h | 3 +-
arch/x86/kvm/mmu/mmu.c | 3 +-
arch/x86/kvm/x86.c | 2 +-
arch/x86/pci/xen.c | 1 +
arch/x86/platform/efi/efi_64.c | 2 +
drivers/cpufreq/intel_pstate.c | 1 +
drivers/edac/i7core_edac.c | 4 +-
drivers/edac/pnd2_edac.c | 2 +-
drivers/edac/sb_edac.c | 4 +-
drivers/edac/skx_common.c | 4 +-
drivers/firmware/efi/efi.c | 2 +
drivers/firmware/efi/libstub/efi-stub-helper.c | 12 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 2 +-
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 1 +
drivers/gpu/drm/amd/display/dc/core/dc_link.c | 3 +-
.../gpu/drm/amd/display/dc/dce/dce_panel_cntl.h | 2 +-
drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c | 4 +-
.../gpu/drm/amd/display/dc/dcn20/dcn20_resource.c | 2 +-
drivers/gpu/drm/amd/display/include/fixed31_32.h | 3 +
drivers/gpu/drm/ast/ast_drv.c | 1 -
drivers/gpu/drm/ast/ast_drv.h | 2 -
drivers/gpu/drm/ast/ast_main.c | 91 ++++-----
drivers/gpu/drm/ast/ast_mode.c | 11 +-
drivers/gpu/drm/ast/ast_post.c | 10 +-
drivers/gpu/drm/i915/i915_pmu.c | 17 +-
drivers/gpu/drm/panel/panel-simple.c | 2 +-
drivers/gpu/drm/ttm/ttm_bo_vm.c | 4 +-
drivers/gpu/drm/vgem/vgem_drv.c | 27 ---
drivers/gpu/drm/virtio/virtgpu_ioctl.c | 1 +
drivers/infiniband/hw/bnxt_re/main.c | 3 +-
drivers/infiniband/hw/hfi1/tid_rdma.c | 1 +
drivers/infiniband/hw/hns/hns_roce_device.h | 2 -
drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 9 +-
drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 4 +-
drivers/infiniband/hw/hns/hns_roce_qp.c | 5 +-
drivers/infiniband/hw/hns/hns_roce_srq.c | 2 +-
drivers/input/mouse/psmouse-base.c | 2 +-
drivers/media/pci/ttpci/budget-core.c | 11 +-
drivers/media/platform/coda/coda-jpeg.c | 5 +-
drivers/media/platform/davinci/vpss.c | 20 +-
drivers/media/platform/qcom/camss/camss.c | 30 ++-
drivers/net/bonding/bond_main.c | 42 ++++-
drivers/net/dsa/b53/b53_common.c | 2 +
drivers/net/ethernet/amazon/ena/ena_netdev.c | 30 ++-
drivers/net/ethernet/cortina/gemini.c | 4 +-
drivers/net/ethernet/freescale/fec_main.c | 4 +-
drivers/net/ethernet/intel/i40e/i40e_adminq_cmd.h | 2 +-
drivers/net/ethernet/intel/i40e/i40e_common.c | 35 +++-
drivers/net/ethernet/intel/i40e/i40e_main.c | 3 +
drivers/net/ethernet/intel/igc/igc_main.c | 5 +-
drivers/net/ethernet/intel/igc/igc_ptp.c | 2 -
drivers/net/hyperv/netvsc_drv.c | 2 +-
drivers/net/ipvlan/ipvlan_main.c | 27 ++-
drivers/of/address.c | 5 +
drivers/opp/core.c | 19 +-
drivers/pci/hotplug/s390_pci_hpc.c | 12 +-
drivers/rtc/rtc-goldfish.c | 1 +
drivers/s390/scsi/zfcp_fsf.c | 4 +-
drivers/scsi/libfc/fc_disc.c | 12 +-
drivers/scsi/qla2xxx/qla_os.c | 4 -
drivers/scsi/ufs/ti-j721e-ufs.c | 1 +
drivers/scsi/ufs/ufs_quirks.h | 1 +
drivers/scsi/ufs/ufshcd-pci.c | 16 +-
drivers/scsi/ufs/ufshcd.c | 130 +++++++++++--
drivers/scsi/ufs/ufshcd.h | 38 +++-
drivers/spi/Kconfig | 3 +
drivers/spi/spi-stm32.c | 27 ++-
drivers/spi/spi.c | 21 ++-
drivers/target/target_core_user.c | 2 +-
drivers/vfio/pci/vfio_pci_private.h | 2 +
drivers/vfio/pci/vfio_pci_rdwr.c | 120 +++++++++---
drivers/vfio/vfio_iommu_type1.c | 71 ++++++-
drivers/video/fbdev/efifb.c | 2 +-
drivers/virtio/virtio_ring.c | 3 +
drivers/xen/swiotlb-xen.c | 8 +-
fs/afs/dynroot.c | 20 +-
fs/afs/fs_operation.c | 1 +
fs/ceph/mds_client.c | 3 +-
fs/eventpoll.c | 26 +--
fs/ext4/block_validity.c | 87 ++++-----
fs/ext4/ext4.h | 6 +-
fs/ext4/extents.c | 16 +-
fs/ext4/file.c | 4 +
fs/ext4/indirect.c | 6 +-
fs/ext4/inode.c | 5 +-
fs/ext4/mballoc.c | 4 +-
fs/ext4/namei.c | 22 ++-
fs/f2fs/compress.c | 6 +
fs/f2fs/node.c | 10 +-
fs/fat/fatent.c | 3 +
fs/io_uring.c | 33 +++-
fs/jbd2/journal.c | 4 +-
fs/jffs2/dir.c | 6 +-
fs/romfs/storage.c | 4 +-
fs/signalfd.c | 10 +-
fs/squashfs/block.c | 6 +-
fs/xfs/xfs_sysfs.h | 6 +-
fs/xfs/xfs_trans_dquot.c | 2 +-
include/linux/pgtable.h | 2 +
include/linux/sched/user.h | 3 +
kernel/bpf/task_iter.c | 3 +-
kernel/events/uprobes.c | 2 +-
kernel/relay.c | 1 +
kernel/watch_queue.c | 8 +
mm/khugepaged.c | 2 +-
mm/memory.c | 3 +
mm/page_alloc.c | 7 +-
mm/vmalloc.c | 2 +
net/can/j1939/socket.c | 14 ++
net/can/j1939/transport.c | 89 +++++++--
net/core/filter.c | 75 ++++++--
net/netfilter/nft_exthdr.c | 4 +-
net/sunrpc/xprtrdma/svc_rdma_recvfrom.c | 2 +
scripts/kconfig/qconf.cc | 72 ++++---
sound/hda/hdac_bus.c | 12 ++
sound/hda/hdac_controller.c | 11 --
sound/pci/hda/patch_realtek.c | 2 +
sound/soc/amd/renoir/acp3x-pdm-dma.c | 29 +--
sound/soc/codecs/msm8916-wcd-analog.c | 4 +-
sound/soc/intel/atom/sst-mfld-platform-pcm.c | 5 +-
sound/soc/qcom/qdsp6/q6afe-dai.c | 210 ++++++++++-----------
sound/soc/qcom/qdsp6/q6routing.c | 16 ++
tools/bpf/bpftool/gen.c | 8 +-
tools/lib/bpf/libbpf.c | 16 +-
tools/testing/selftests/bpf/.gitignore | 1 -
tools/testing/selftests/bpf/Makefile | 2 +-
tools/testing/selftests/cgroup/cgroup_util.c | 2 +-
tools/testing/selftests/kvm/x86_64/debug_regs.c | 4 +-
virt/kvm/kvm_main.c | 3 +-
155 files changed, 1385 insertions(+), 693 deletions(-)
From: Oleksij Rempel <[email protected]>
commit cd3b3636c99fcac52c598b64061f3fe4413c6a12 upstream.
The current stack implementation do not support ECTS requests of not
aligned TP sized blocks.
If ECTS will request a block with size and offset spanning two TP
blocks, this will cause memcpy() to read beyond the queued skb (which
does only contain one TP sized block).
Sometimes KASAN will detect this read if the memory region beyond the
skb was previously allocated and freed. In other situations it will stay
undetected. The ETP transfer in any case will be corrupted.
This patch adds a sanity check to avoid this kind of read and abort the
session with error J1939_XTP_ABORT_ECTS_TOO_BIG.
Reported-by: [email protected]
Fixes: 9d71dd0c7009 ("can: add support of SAE J1939 protocol")
Cc: linux-stable <[email protected]> # >= v5.4
Signed-off-by: Oleksij Rempel <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Marc Kleine-Budde <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/can/j1939/transport.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
--- a/net/can/j1939/transport.c
+++ b/net/can/j1939/transport.c
@@ -787,6 +787,18 @@ static int j1939_session_tx_dat(struct j
if (len > 7)
len = 7;
+ if (offset + len > se_skb->len) {
+ netdev_err_once(priv->ndev,
+ "%s: 0x%p: requested data outside of queued buffer: offset %i, len %i, pkt.tx: %i\n",
+ __func__, session, skcb->offset, se_skb->len , session->pkt.tx);
+ return -EOVERFLOW;
+ }
+
+ if (!len) {
+ ret = -ENOBUFS;
+ break;
+ }
+
memcpy(&dat[1], &tpdat[offset], len);
ret = j1939_tp_tx_dat(session, dat, len + 1);
if (ret < 0) {
@@ -1120,6 +1132,9 @@ static enum hrtimer_restart j1939_tp_txt
* cleanup including propagation of the error to user space.
*/
break;
+ case -EOVERFLOW:
+ j1939_session_cancel(session, J1939_XTP_ABORT_ECTS_TOO_BIG);
+ break;
case 0:
session->tx_retry = 0;
break;
From: Chuhong Yuan <[email protected]>
[ Upstream commit fc0456458df8b3421dba2a5508cd817fbc20ea71 ]
budget_register() has no error handling after its failure.
Add the missed undo functions for error handling to fix it.
Signed-off-by: Chuhong Yuan <[email protected]>
Signed-off-by: Sean Young <[email protected]>
Signed-off-by: Mauro Carvalho Chehab <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
drivers/media/pci/ttpci/budget-core.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/drivers/media/pci/ttpci/budget-core.c b/drivers/media/pci/ttpci/budget-core.c
index fadbdeeb44955..293867b9e7961 100644
--- a/drivers/media/pci/ttpci/budget-core.c
+++ b/drivers/media/pci/ttpci/budget-core.c
@@ -369,20 +369,25 @@ static int budget_register(struct budget *budget)
ret = dvbdemux->dmx.add_frontend(&dvbdemux->dmx, &budget->hw_frontend);
if (ret < 0)
- return ret;
+ goto err_release_dmx;
budget->mem_frontend.source = DMX_MEMORY_FE;
ret = dvbdemux->dmx.add_frontend(&dvbdemux->dmx, &budget->mem_frontend);
if (ret < 0)
- return ret;
+ goto err_release_dmx;
ret = dvbdemux->dmx.connect_frontend(&dvbdemux->dmx, &budget->hw_frontend);
if (ret < 0)
- return ret;
+ goto err_release_dmx;
dvb_net_init(&budget->dvb_adapter, &budget->dvb_net, &dvbdemux->dmx);
return 0;
+
+err_release_dmx:
+ dvb_dmxdev_release(&budget->dmxdev);
+ dvb_dmx_release(&budget->demux);
+ return ret;
}
static void budget_unregister(struct budget *budget)
--
2.25.1
From: Thomas Zimmermann <[email protected]>
[ Upstream commit 244d012801dae30c91983b360457c78d481584b0 ]
Posting the GPU requires the correct DRAM type to be stored in
struct ast_private. Therefore first initialize the DRAM info and
then post the GPU. This restores the original order of instructions
in this function.
Signed-off-by: Thomas Zimmermann <[email protected]>
Reviewed-by: Sam Ravnborg <[email protected]>
Acked-by: Benjamin Herrenschmidt <[email protected]>
Fixes: bad09da6deab ("drm/ast: Fixed vram size incorrect issue on POWER")
Cc: Joel Stanley <[email protected]>
Cc: Y.C. Chen <[email protected]>
Cc: Benjamin Herrenschmidt <[email protected]>
Cc: Dave Airlie <[email protected]>
Cc: Thomas Zimmermann <[email protected]>
Cc: Gerd Hoffmann <[email protected]>
Cc: Daniel Vetter <[email protected]>
Cc: Sam Ravnborg <[email protected]>
Cc: Emil Velikov <[email protected]>
Cc: "Y.C. Chen" <[email protected]>
Cc: <[email protected]> # v4.11+
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
Signed-off-by: Sasha Levin <[email protected]>
---
drivers/gpu/drm/ast/ast_main.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/ast/ast_main.c b/drivers/gpu/drm/ast/ast_main.c
index f48a9f62368c0..99c11b51f0207 100644
--- a/drivers/gpu/drm/ast/ast_main.c
+++ b/drivers/gpu/drm/ast/ast_main.c
@@ -458,9 +458,6 @@ int ast_driver_load(struct drm_device *dev, unsigned long flags)
ast_detect_chip(dev, &need_post);
- if (need_post)
- ast_post_gpu(dev);
-
ret = ast_get_dram_info(dev);
if (ret)
goto out_free;
@@ -469,6 +466,9 @@ int ast_driver_load(struct drm_device *dev, unsigned long flags)
ast->mclk, ast->dram_type,
ast->dram_bus_width, ast->vram_size);
+ if (need_post)
+ ast_post_gpu(dev);
+
ret = ast_mm_init(ast);
if (ret)
goto out_free;
--
2.25.1
From: Steffen Maier <[email protected]>
commit 2d9a2c5f581be3991ba67fa9e7497c711220ea8e upstream.
Before v4.15 commit 75492a51568b ("s390/scsi: Convert timers to use
timer_setup()"), we intentionally only passed zfcp_adapter as context
argument to zfcp_fsf_request_timeout_handler(). Since we only trigger
adapter recovery, it was unnecessary to sync against races between timeout
and (late) completion. Likewise, we only passed zfcp_erp_action as context
argument to zfcp_erp_timeout_handler(). Since we only wakeup an ERP action,
it was unnecessary to sync against races between timeout and (late)
completion.
Meanwhile the timeout handlers get timer_list as context argument and do a
timer-specific container-of to zfcp_fsf_req which can have been freed.
Fix it by making sure that any request timeout handlers, that might just
have started before del_timer(), are completed by using del_timer_sync()
instead. This ensures the request free happens afterwards.
Space time diagram of potential use-after-free:
Basic idea is to have 2 or more pending requests whose timeouts run out at
almost the same time.
req 1 timeout ERP thread req 2 timeout
---------------- ---------------- ---------------------------------------
zfcp_fsf_request_timeout_handler
fsf_req = from_timer(fsf_req, t, timer)
adapter = fsf_req->adapter
zfcp_qdio_siosl(adapter)
zfcp_erp_adapter_reopen(adapter,...)
zfcp_erp_strategy
...
zfcp_fsf_req_dismiss_all
list_for_each_entry_safe
zfcp_fsf_req_complete 1
del_timer 1
zfcp_fsf_req_free 1
zfcp_fsf_req_complete 2
zfcp_fsf_request_timeout_handler
del_timer 2
fsf_req = from_timer(fsf_req, t, timer)
zfcp_fsf_req_free 2
adapter = fsf_req->adapter
^^^^^^^ already freed
Link: https://lore.kernel.org/r/[email protected]
Fixes: 75492a51568b ("s390/scsi: Convert timers to use timer_setup()")
Cc: <[email protected]> #4.15+
Suggested-by: Julian Wiedmann <[email protected]>
Reviewed-by: Julian Wiedmann <[email protected]>
Signed-off-by: Steffen Maier <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/s390/scsi/zfcp_fsf.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/s390/scsi/zfcp_fsf.c
+++ b/drivers/s390/scsi/zfcp_fsf.c
@@ -434,7 +434,7 @@ static void zfcp_fsf_req_complete(struct
return;
}
- del_timer(&req->timer);
+ del_timer_sync(&req->timer);
zfcp_fsf_protstatus_eval(req);
zfcp_fsf_fsfstatus_eval(req);
req->handler(req);
@@ -867,7 +867,7 @@ static int zfcp_fsf_req_send(struct zfcp
req->qdio_req.qdio_outb_usage = atomic_read(&qdio->req_q_free);
req->issued = get_tod_clock();
if (zfcp_qdio_send(qdio, &req->qdio_req)) {
- del_timer(&req->timer);
+ del_timer_sync(&req->timer);
/* lookup request again, list might have changed */
zfcp_reqlist_find_rm(adapter->req_list, req_id);
zfcp_erp_adapter_reopen(adapter, 0, "fsrs__1");
From: Mike Pozulp <[email protected]>
commit f70fff83cda63bbf596f99edc131b9daaba07458 upstream.
The Flex Book uses the same ALC298 codec as other Samsung laptops which
have the no headphone sound bug, like my Samsung Notebook. The Flex Book
owner used Early Patching to confirm that this quirk fixes the bug.
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=207423
Signed-off-by: Mike Pozulp <[email protected]>
Cc: <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Takashi Iwai <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
sound/pci/hda/patch_realtek.c | 1 +
1 file changed, 1 insertion(+)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -7696,6 +7696,7 @@ static const struct snd_pci_quirk alc269
SND_PCI_QUIRK(0x144d, 0xc109, "Samsung Ativ book 9 (NP900X3G)", ALC269_FIXUP_INV_DMIC),
SND_PCI_QUIRK(0x144d, 0xc169, "Samsung Notebook 9 Pen (NP930SBE-K01US)", ALC298_FIXUP_SAMSUNG_HEADPHONE_VERY_QUIET),
SND_PCI_QUIRK(0x144d, 0xc176, "Samsung Notebook 9 Pro (NP930MBE-K04US)", ALC298_FIXUP_SAMSUNG_HEADPHONE_VERY_QUIET),
+ SND_PCI_QUIRK(0x144d, 0xc189, "Samsung Galaxy Flex Book (NT950QCG-X716)", ALC298_FIXUP_SAMSUNG_HEADPHONE_VERY_QUIET),
SND_PCI_QUIRK(0x144d, 0xc740, "Samsung Ativ book 8 (NP870Z5G)", ALC269_FIXUP_ATIV_BOOK_8),
SND_PCI_QUIRK(0x144d, 0xc812, "Samsung Notebook Pen S (NT950SBE-X58)", ALC298_FIXUP_SAMSUNG_HEADPHONE_VERY_QUIET),
SND_PCI_QUIRK(0x1458, 0xfa53, "Gigabyte BXBT-2807", ALC283_FIXUP_HEADSET_MIC),
From: Jan Kara <[email protected]>
commit 7303cb5bfe845f7d43cd9b2dbd37dbb266efda9b upstream.
ext4_search_dir() and ext4_generic_delete_entry() can be called both for
standard director blocks and for inline directories stored inside inode
or inline xattr space. For the second case we didn't call
ext4_check_dir_entry() with proper constraints that could result in
accepting corrupted directory entry as well as false positive filesystem
errors like:
EXT4-fs error (device dm-0): ext4_search_dir:1395: inode #28320400:
block 113246792: comm dockerd: bad entry in directory: directory entry too
close to block end - offset=0, inode=28320403, rec_len=32, name_len=8,
size=4096
Fix the arguments passed to ext4_check_dir_entry().
Fixes: 109ba779d6cc ("ext4: check for directory entries too close to block end")
CC: [email protected]
Signed-off-by: Jan Kara <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Theodore Ts'o <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
fs/ext4/namei.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/fs/ext4/namei.c
+++ b/fs/ext4/namei.c
@@ -1396,8 +1396,8 @@ int ext4_search_dir(struct buffer_head *
ext4_match(dir, fname, de)) {
/* found a match - just to be sure, do
* a full check */
- if (ext4_check_dir_entry(dir, NULL, de, bh, bh->b_data,
- bh->b_size, offset))
+ if (ext4_check_dir_entry(dir, NULL, de, bh, search_buf,
+ buf_size, offset))
return -1;
*res_dir = de;
return 1;
@@ -2472,7 +2472,7 @@ int ext4_generic_delete_entry(handle_t *
de = (struct ext4_dir_entry_2 *)entry_buf;
while (i < buf_size - csum_size) {
if (ext4_check_dir_entry(dir, NULL, de, bh,
- bh->b_data, bh->b_size, i))
+ entry_buf, buf_size, i))
return -EFSCORRUPTED;
if (de == de_del) {
if (pde)
From: Charan Teja Reddy <[email protected]>
commit 88e8ac11d2ea3acc003cf01bb5a38c8aa76c3cfd upstream.
The following race is observed with the repeated online, offline and a
delay between two successive online of memory blocks of movable zone.
P1 P2
Online the first memory block in
the movable zone. The pcp struct
values are initialized to default
values,i.e., pcp->high = 0 &
pcp->batch = 1.
Allocate the pages from the
movable zone.
Try to Online the second memory
block in the movable zone thus it
entered the online_pages() but yet
to call zone_pcp_update().
This process is entered into
the exit path thus it tries
to release the order-0 pages
to pcp lists through
free_unref_page_commit().
As pcp->high = 0, pcp->count = 1
proceed to call the function
free_pcppages_bulk().
Update the pcp values thus the
new pcp values are like, say,
pcp->high = 378, pcp->batch = 63.
Read the pcp's batch value using
READ_ONCE() and pass the same to
free_pcppages_bulk(), pcp values
passed here are, batch = 63,
count = 1.
Since num of pages in the pcp
lists are less than ->batch,
then it will stuck in
while(list_empty(list)) loop
with interrupts disabled thus
a core hung.
Avoid this by ensuring free_pcppages_bulk() is called with proper count of
pcp list pages.
The mentioned race is some what easily reproducible without [1] because
pcp's are not updated for the first memory block online and thus there is
a enough race window for P2 between alloc+free and pcp struct values
update through onlining of second memory block.
With [1], the race still exists but it is very narrow as we update the pcp
struct values for the first memory block online itself.
This is not limited to the movable zone, it could also happen in cases
with the normal zone (e.g., hotplug to a node that only has DMA memory, or
no other memory yet).
[1]: https://patchwork.kernel.org/patch/11696389/
Fixes: 5f8dcc21211a ("page-allocator: split per-cpu list into one-list-per-migrate-type")
Signed-off-by: Charan Teja Reddy <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Acked-by: David Hildenbrand <[email protected]>
Acked-by: David Rientjes <[email protected]>
Acked-by: Michal Hocko <[email protected]>
Cc: Michal Hocko <[email protected]>
Cc: Vlastimil Babka <[email protected]>
Cc: Vinayak Menon <[email protected]>
Cc: <[email protected]> [2.6+]
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Linus Torvalds <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
mm/page_alloc.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -1306,6 +1306,11 @@ static void free_pcppages_bulk(struct zo
struct page *page, *tmp;
LIST_HEAD(head);
+ /*
+ * Ensure proper count is passed which otherwise would stuck in the
+ * below while (list_empty(list)) loop.
+ */
+ count = min(pcp->count, count);
while (count) {
struct list_head *list;
From: Stylon Wang <[email protected]>
commit b24bdc37d03a0478189e20a50286092840f414fa upstream.
[Why]
Resuming from suspend, CEA blocks from EDID are not parsed and no video
modes can support YUV420. When this happens, output bpc cannot go over
8-bit with 4K modes on HDMI.
[How]
In amdgpu_dm_update_connector_after_detect(), drm_add_edid_modes() is
called after drm_connector_update_edid_property() to fully parse EDID
and update display info.
Cc: [email protected]
Signed-off-by: Stylon Wang <[email protected]>
Reviewed-by: Nicholas Kazlauskas <[email protected]>
Acked-by: Qingqing Zhuo <[email protected]>
Signed-off-by: Alex Deucher <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
@@ -2184,6 +2184,7 @@ void amdgpu_dm_update_connector_after_de
drm_connector_update_edid_property(connector,
aconnector->edid);
+ drm_add_edid_modes(connector, aconnector->edid);
if (aconnector->dc_link->aux_mode)
drm_dp_cec_set_edid(&aconnector->dm_dp_aux.aux,
From: Thomas Zimmermann <[email protected]>
[ Upstream commit 05f13f5b5996d20a9819e0c6fd0cda4956c8aff9 ]
The ast driver contains code paths for AST 1180 chips. The chip is not
supported and the rsp code has never been tested. Simplify the driver by
removing the AST 1180 code.
Signed-off-by: Thomas Zimmermann <[email protected]>
Reviewed-by: Daniel Vetter <[email protected]>
Reviewed-by: Emil Velikov <[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
Signed-off-by: Sasha Levin <[email protected]>
---
drivers/gpu/drm/ast/ast_drv.c | 1 -
drivers/gpu/drm/ast/ast_drv.h | 2 -
drivers/gpu/drm/ast/ast_main.c | 89 +++++++++++++++-------------------
drivers/gpu/drm/ast/ast_mode.c | 11 +----
drivers/gpu/drm/ast/ast_post.c | 10 ++--
5 files changed, 43 insertions(+), 70 deletions(-)
diff --git a/drivers/gpu/drm/ast/ast_drv.c b/drivers/gpu/drm/ast/ast_drv.c
index b7ba22dddcad9..83509106f3ba9 100644
--- a/drivers/gpu/drm/ast/ast_drv.c
+++ b/drivers/gpu/drm/ast/ast_drv.c
@@ -59,7 +59,6 @@ static struct drm_driver driver;
static const struct pci_device_id pciidlist[] = {
AST_VGA_DEVICE(PCI_CHIP_AST2000, NULL),
AST_VGA_DEVICE(PCI_CHIP_AST2100, NULL),
- /* AST_VGA_DEVICE(PCI_CHIP_AST1180, NULL), - don't bind to 1180 for now */
{0, 0, 0},
};
diff --git a/drivers/gpu/drm/ast/ast_drv.h b/drivers/gpu/drm/ast/ast_drv.h
index 656d591b154b3..09f2659e29118 100644
--- a/drivers/gpu/drm/ast/ast_drv.h
+++ b/drivers/gpu/drm/ast/ast_drv.h
@@ -52,7 +52,6 @@
#define PCI_CHIP_AST2000 0x2000
#define PCI_CHIP_AST2100 0x2010
-#define PCI_CHIP_AST1180 0x1180
enum ast_chip {
@@ -64,7 +63,6 @@ enum ast_chip {
AST2300,
AST2400,
AST2500,
- AST1180,
};
enum ast_tx_chip {
diff --git a/drivers/gpu/drm/ast/ast_main.c b/drivers/gpu/drm/ast/ast_main.c
index e5398e3dabe70..f48a9f62368c0 100644
--- a/drivers/gpu/drm/ast/ast_main.c
+++ b/drivers/gpu/drm/ast/ast_main.c
@@ -142,50 +142,42 @@ static int ast_detect_chip(struct drm_device *dev, bool *need_post)
ast_detect_config_mode(dev, &scu_rev);
/* Identify chipset */
- if (dev->pdev->device == PCI_CHIP_AST1180) {
- ast->chip = AST1100;
- DRM_INFO("AST 1180 detected\n");
- } else {
- if (dev->pdev->revision >= 0x40) {
- ast->chip = AST2500;
- DRM_INFO("AST 2500 detected\n");
- } else if (dev->pdev->revision >= 0x30) {
- ast->chip = AST2400;
- DRM_INFO("AST 2400 detected\n");
- } else if (dev->pdev->revision >= 0x20) {
- ast->chip = AST2300;
- DRM_INFO("AST 2300 detected\n");
- } else if (dev->pdev->revision >= 0x10) {
- switch (scu_rev & 0x0300) {
- case 0x0200:
- ast->chip = AST1100;
- DRM_INFO("AST 1100 detected\n");
- break;
- case 0x0100:
- ast->chip = AST2200;
- DRM_INFO("AST 2200 detected\n");
- break;
- case 0x0000:
- ast->chip = AST2150;
- DRM_INFO("AST 2150 detected\n");
- break;
- default:
- ast->chip = AST2100;
- DRM_INFO("AST 2100 detected\n");
- break;
- }
- ast->vga2_clone = false;
- } else {
- ast->chip = AST2000;
- DRM_INFO("AST 2000 detected\n");
+ if (dev->pdev->revision >= 0x40) {
+ ast->chip = AST2500;
+ DRM_INFO("AST 2500 detected\n");
+ } else if (dev->pdev->revision >= 0x30) {
+ ast->chip = AST2400;
+ DRM_INFO("AST 2400 detected\n");
+ } else if (dev->pdev->revision >= 0x20) {
+ ast->chip = AST2300;
+ DRM_INFO("AST 2300 detected\n");
+ } else if (dev->pdev->revision >= 0x10) {
+ switch (scu_rev & 0x0300) {
+ case 0x0200:
+ ast->chip = AST1100;
+ DRM_INFO("AST 1100 detected\n");
+ break;
+ case 0x0100:
+ ast->chip = AST2200;
+ DRM_INFO("AST 2200 detected\n");
+ break;
+ case 0x0000:
+ ast->chip = AST2150;
+ DRM_INFO("AST 2150 detected\n");
+ break;
+ default:
+ ast->chip = AST2100;
+ DRM_INFO("AST 2100 detected\n");
+ break;
}
+ ast->vga2_clone = false;
+ } else {
+ ast->chip = AST2000;
+ DRM_INFO("AST 2000 detected\n");
}
/* Check if we support wide screen */
switch (ast->chip) {
- case AST1180:
- ast->support_wide_screen = true;
- break;
case AST2000:
ast->support_wide_screen = false;
break;
@@ -469,15 +461,13 @@ int ast_driver_load(struct drm_device *dev, unsigned long flags)
if (need_post)
ast_post_gpu(dev);
- if (ast->chip != AST1180) {
- ret = ast_get_dram_info(dev);
- if (ret)
- goto out_free;
- ast->vram_size = ast_get_vram_info(dev);
- DRM_INFO("dram MCLK=%u Mhz type=%d bus_width=%d size=%08x\n",
- ast->mclk, ast->dram_type,
- ast->dram_bus_width, ast->vram_size);
- }
+ ret = ast_get_dram_info(dev);
+ if (ret)
+ goto out_free;
+ ast->vram_size = ast_get_vram_info(dev);
+ DRM_INFO("dram MCLK=%u Mhz type=%d bus_width=%d size=%08x\n",
+ ast->mclk, ast->dram_type,
+ ast->dram_bus_width, ast->vram_size);
ret = ast_mm_init(ast);
if (ret)
@@ -496,8 +486,7 @@ int ast_driver_load(struct drm_device *dev, unsigned long flags)
ast->chip == AST2200 ||
ast->chip == AST2300 ||
ast->chip == AST2400 ||
- ast->chip == AST2500 ||
- ast->chip == AST1180) {
+ ast->chip == AST2500) {
dev->mode_config.max_width = 1920;
dev->mode_config.max_height = 2048;
} else {
diff --git a/drivers/gpu/drm/ast/ast_mode.c b/drivers/gpu/drm/ast/ast_mode.c
index 3a3a511670c9c..73fd76cec5120 100644
--- a/drivers/gpu/drm/ast/ast_mode.c
+++ b/drivers/gpu/drm/ast/ast_mode.c
@@ -769,9 +769,6 @@ static void ast_crtc_dpms(struct drm_crtc *crtc, int mode)
{
struct ast_private *ast = crtc->dev->dev_private;
- if (ast->chip == AST1180)
- return;
-
/* TODO: Maybe control display signal generation with
* Sync Enable (bit CR17.7).
*/
@@ -793,16 +790,10 @@ static void ast_crtc_dpms(struct drm_crtc *crtc, int mode)
static int ast_crtc_helper_atomic_check(struct drm_crtc *crtc,
struct drm_crtc_state *state)
{
- struct ast_private *ast = crtc->dev->dev_private;
struct ast_crtc_state *ast_state;
const struct drm_format_info *format;
bool succ;
- if (ast->chip == AST1180) {
- DRM_ERROR("AST 1180 modesetting not supported\n");
- return -EINVAL;
- }
-
if (!state->enable)
return 0; /* no mode checks if CRTC is being disabled */
@@ -1044,7 +1035,7 @@ static enum drm_mode_status ast_mode_valid(struct drm_connector *connector,
if ((ast->chip == AST2100) || (ast->chip == AST2200) ||
(ast->chip == AST2300) || (ast->chip == AST2400) ||
- (ast->chip == AST2500) || (ast->chip == AST1180)) {
+ (ast->chip == AST2500)) {
if ((mode->hdisplay == 1920) && (mode->vdisplay == 1080))
return MODE_OK;
diff --git a/drivers/gpu/drm/ast/ast_post.c b/drivers/gpu/drm/ast/ast_post.c
index 2d1b186197432..af0c8ebb009a1 100644
--- a/drivers/gpu/drm/ast/ast_post.c
+++ b/drivers/gpu/drm/ast/ast_post.c
@@ -58,13 +58,9 @@ bool ast_is_vga_enabled(struct drm_device *dev)
struct ast_private *ast = dev->dev_private;
u8 ch;
- if (ast->chip == AST1180) {
- /* TODO 1180 */
- } else {
- ch = ast_io_read8(ast, AST_IO_VGA_ENABLE_PORT);
- return !!(ch & 0x01);
- }
- return false;
+ ch = ast_io_read8(ast, AST_IO_VGA_ENABLE_PORT);
+
+ return !!(ch & 0x01);
}
static const u8 extreginfo[] = { 0x0f, 0x04, 0x1c, 0xff };
--
2.25.1
From: Jann Horn <[email protected]>
commit bcf85fcedfdd17911982a3e3564fcfec7b01eebd upstream.
romfs has a superblock field that limits the size of the filesystem; data
beyond that limit is never accessed.
romfs_dev_read() fetches a caller-supplied number of bytes from the
backing device. It returns 0 on success or an error code on failure;
therefore, its API can't represent short reads, it's all-or-nothing.
However, when romfs_dev_read() detects that the requested operation would
cross the filesystem size limit, it currently silently truncates the
requested number of bytes. This e.g. means that when the content of a
file with size 0x1000 starts one byte before the filesystem size limit,
->readpage() will only fill a single byte of the supplied page while
leaving the rest uninitialized, leaking that uninitialized memory to
userspace.
Fix it by returning an error code instead of truncating the read when the
requested read operation would go beyond the end of the filesystem.
Fixes: da4458bda237 ("NOMMU: Make it possible for RomFS to use MTD devices directly")
Signed-off-by: Jann Horn <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Reviewed-by: Greg Kroah-Hartman <[email protected]>
Cc: David Howells <[email protected]>
Cc: <[email protected]>
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Linus Torvalds <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
fs/romfs/storage.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
--- a/fs/romfs/storage.c
+++ b/fs/romfs/storage.c
@@ -217,10 +217,8 @@ int romfs_dev_read(struct super_block *s
size_t limit;
limit = romfs_maxsize(sb);
- if (pos >= limit)
+ if (pos >= limit || buflen > limit - pos)
return -EIO;
- if (buflen > limit - pos)
- buflen = limit - pos;
#ifdef CONFIG_ROMFS_ON_MTD
if (sb->s_mtd)
From: Jens Axboe <[email protected]>
commit b711d4eaf0c408a811311ee3e94d6e9e5a230a9a upstream.
Commit f254ac04c874 ("io_uring: enable lookup of links holding inflight files")
only handled 2 out of the three head link cases we have, we also need to
lookup and cancel work that is blocked in io-wq if that work has a link
that's holding a reference to the files structure.
Put the "cancel head links that hold this request pending" logic into
io_attempt_cancel(), which will to through the motions of finding and
canceling head links that hold the current inflight files stable request
pending.
Cc: [email protected]
Reported-by: Pavel Begunkov <[email protected]>
Signed-off-by: Jens Axboe <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
fs/io_uring.c | 33 +++++++++++++++++++++++++++++----
1 file changed, 29 insertions(+), 4 deletions(-)
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -7609,6 +7609,33 @@ static bool io_timeout_remove_link(struc
return found;
}
+static bool io_cancel_link_cb(struct io_wq_work *work, void *data)
+{
+ return io_match_link(container_of(work, struct io_kiocb, work), data);
+}
+
+static void io_attempt_cancel(struct io_ring_ctx *ctx, struct io_kiocb *req)
+{
+ enum io_wq_cancel cret;
+
+ /* cancel this particular work, if it's running */
+ cret = io_wq_cancel_work(ctx->io_wq, &req->work);
+ if (cret != IO_WQ_CANCEL_NOTFOUND)
+ return;
+
+ /* find links that hold this pending, cancel those */
+ cret = io_wq_cancel_cb(ctx->io_wq, io_cancel_link_cb, req, true);
+ if (cret != IO_WQ_CANCEL_NOTFOUND)
+ return;
+
+ /* if we have a poll link holding this pending, cancel that */
+ if (io_poll_remove_link(ctx, req))
+ return;
+
+ /* final option, timeout link is holding this req pending */
+ io_timeout_remove_link(ctx, req);
+}
+
static void io_uring_cancel_files(struct io_ring_ctx *ctx,
struct files_struct *files)
{
@@ -7665,10 +7692,8 @@ static void io_uring_cancel_files(struct
continue;
}
} else {
- io_wq_cancel_work(ctx->io_wq, &cancel_req->work);
- /* could be a link, check and remove if it is */
- if (!io_poll_remove_link(ctx, cancel_req))
- io_timeout_remove_link(ctx, cancel_req);
+ /* cancel this request, or head link requests */
+ io_attempt_cancel(ctx, cancel_req);
io_put_req(cancel_req);
}
From: Lukas Wunner <[email protected]>
commit ddf75be47ca748f8b12d28ac64d624354fddf189 upstream.
CONFIG_OF_DYNAMIC and CONFIG_ACPI allow adding SPI devices at runtime
using a DeviceTree overlay or DSDT patch. CONFIG_SPI_SLAVE allows the
same via sysfs.
But there are no precautions to prevent adding a device below a
controller that's being removed. Such a device is unusable and may not
even be able to unbind cleanly as it becomes inaccessible once the
controller has been torn down. E.g. it is then impossible to quiesce
the device's interrupt.
of_spi_notify() and acpi_spi_notify() do hold a ref on the controller,
but otherwise run lockless against spi_unregister_controller().
Fix by holding the spi_add_lock in spi_unregister_controller() and
bailing out of spi_add_device() if the controller has been unregistered
concurrently.
Fixes: ce79d54ae447 ("spi/of: Add OF notifier handler")
Signed-off-by: Lukas Wunner <[email protected]>
Cc: [email protected] # v3.19+
Cc: Geert Uytterhoeven <[email protected]>
Cc: Octavian Purdila <[email protected]>
Cc: Pantelis Antoniou <[email protected]>
Link: https://lore.kernel.org/r/a8c3205088a969dc8410eec1eba9aface60f36af.1596451035.git.lukas@wunner.de
Signed-off-by: Mark Brown <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/spi/Kconfig | 3 +++
drivers/spi/spi.c | 21 ++++++++++++++++++++-
2 files changed, 23 insertions(+), 1 deletion(-)
--- a/drivers/spi/Kconfig
+++ b/drivers/spi/Kconfig
@@ -999,4 +999,7 @@ config SPI_SLAVE_SYSTEM_CONTROL
endif # SPI_SLAVE
+config SPI_DYNAMIC
+ def_bool ACPI || OF_DYNAMIC || SPI_SLAVE
+
endif # SPI
--- a/drivers/spi/spi.c
+++ b/drivers/spi/spi.c
@@ -475,6 +475,12 @@ static LIST_HEAD(spi_controller_list);
*/
static DEFINE_MUTEX(board_lock);
+/*
+ * Prevents addition of devices with same chip select and
+ * addition of devices below an unregistering controller.
+ */
+static DEFINE_MUTEX(spi_add_lock);
+
/**
* spi_alloc_device - Allocate a new SPI device
* @ctlr: Controller to which device is connected
@@ -554,7 +560,6 @@ static int spi_dev_check(struct device *
*/
int spi_add_device(struct spi_device *spi)
{
- static DEFINE_MUTEX(spi_add_lock);
struct spi_controller *ctlr = spi->controller;
struct device *dev = ctlr->dev.parent;
int status;
@@ -582,6 +587,13 @@ int spi_add_device(struct spi_device *sp
goto done;
}
+ /* Controller may unregister concurrently */
+ if (IS_ENABLED(CONFIG_SPI_DYNAMIC) &&
+ !device_is_registered(&ctlr->dev)) {
+ status = -ENODEV;
+ goto done;
+ }
+
/* Descriptors take precedence */
if (ctlr->cs_gpiods)
spi->cs_gpiod = ctlr->cs_gpiods[spi->chip_select];
@@ -2764,6 +2776,10 @@ void spi_unregister_controller(struct sp
struct spi_controller *found;
int id = ctlr->bus_num;
+ /* Prevent addition of new devices, unregister existing ones */
+ if (IS_ENABLED(CONFIG_SPI_DYNAMIC))
+ mutex_lock(&spi_add_lock);
+
device_for_each_child(&ctlr->dev, NULL, __unregister);
/* First make sure that this controller was ever added */
@@ -2784,6 +2800,9 @@ void spi_unregister_controller(struct sp
if (found == ctlr)
idr_remove(&spi_master_idr, id);
mutex_unlock(&board_lock);
+
+ if (IS_ENABLED(CONFIG_SPI_DYNAMIC))
+ mutex_unlock(&spi_add_lock);
}
EXPORT_SYMBOL_GPL(spi_unregister_controller);
From: Yang Weijiang <[email protected]>
commit 98b0bf02738004829d7e26d6cb47b2e469aaba86 upstream.
If debug_regs.c is built with newer binutils, the resulting binary is "optimized"
by the assembler:
asm volatile("ss_start: "
"xor %%rax,%%rax\n\t"
"cpuid\n\t"
"movl $0x1a0,%%ecx\n\t"
"rdmsr\n\t"
: : : "rax", "ecx");
is translated to :
000000000040194e <ss_start>:
40194e: 31 c0 xor %eax,%eax <----- rax->eax?
401950: 0f a2 cpuid
401952: b9 a0 01 00 00 mov $0x1a0,%ecx
401957: 0f 32 rdmsr
As you can see rax is replaced with eax in target binary code.
This causes a difference is the length of xor instruction (2 Byte vs 3 Byte),
and makes the hard-coded instruction length check fail:
/* Instruction lengths starting at ss_start */
int ss_size[4] = {
3, /* xor */ <-------- 2 or 3?
2, /* cpuid */
5, /* mov */
2, /* rdmsr */
};
Encode the shorter version directly and, while at it, fix the "clobbers"
of the asm.
Cc: [email protected]
Signed-off-by: Yang Weijiang <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
tools/testing/selftests/kvm/x86_64/debug_regs.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/tools/testing/selftests/kvm/x86_64/debug_regs.c
+++ b/tools/testing/selftests/kvm/x86_64/debug_regs.c
@@ -40,11 +40,11 @@ static void guest_code(void)
/* Single step test, covers 2 basic instructions and 2 emulated */
asm volatile("ss_start: "
- "xor %%rax,%%rax\n\t"
+ "xor %%eax,%%eax\n\t"
"cpuid\n\t"
"movl $0x1a0,%%ecx\n\t"
"rdmsr\n\t"
- : : : "rax", "ecx");
+ : : : "eax", "ebx", "ecx", "edx");
/* DR6.BD test */
asm volatile("bd_start: mov %%dr0, %%rax" : : : "rax");
From: Will Deacon <[email protected]>
commit fdfe7cbd58806522e799e2a50a15aee7f2cbb7b6 upstream.
The 'flags' field of 'struct mmu_notifier_range' is used to indicate
whether invalidate_range_{start,end}() are permitted to block. In the
case of kvm_mmu_notifier_invalidate_range_start(), this field is not
forwarded on to the architecture-specific implementation of
kvm_unmap_hva_range() and therefore the backend cannot sensibly decide
whether or not to block.
Add an extra 'flags' parameter to kvm_unmap_hva_range() so that
architectures are aware as to whether or not they are permitted to block.
Cc: <[email protected]>
Cc: Marc Zyngier <[email protected]>
Cc: Suzuki K Poulose <[email protected]>
Cc: James Morse <[email protected]>
Signed-off-by: Will Deacon <[email protected]>
Message-Id: <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
arch/arm64/include/asm/kvm_host.h | 2 +-
arch/arm64/kvm/mmu.c | 2 +-
arch/mips/include/asm/kvm_host.h | 2 +-
arch/mips/kvm/mmu.c | 3 ++-
arch/powerpc/include/asm/kvm_host.h | 3 ++-
arch/powerpc/kvm/book3s.c | 3 ++-
arch/powerpc/kvm/e500_mmu_host.c | 3 ++-
arch/x86/include/asm/kvm_host.h | 3 ++-
arch/x86/kvm/mmu/mmu.c | 3 ++-
virt/kvm/kvm_main.c | 3 ++-
10 files changed, 17 insertions(+), 10 deletions(-)
--- a/arch/arm64/include/asm/kvm_host.h
+++ b/arch/arm64/include/asm/kvm_host.h
@@ -443,7 +443,7 @@ int __kvm_arm_vcpu_set_events(struct kvm
#define KVM_ARCH_WANT_MMU_NOTIFIER
int kvm_unmap_hva_range(struct kvm *kvm,
- unsigned long start, unsigned long end);
+ unsigned long start, unsigned long end, unsigned flags);
int kvm_set_spte_hva(struct kvm *kvm, unsigned long hva, pte_t pte);
int kvm_age_hva(struct kvm *kvm, unsigned long start, unsigned long end);
int kvm_test_age_hva(struct kvm *kvm, unsigned long hva);
--- a/arch/arm64/kvm/mmu.c
+++ b/arch/arm64/kvm/mmu.c
@@ -2203,7 +2203,7 @@ static int kvm_unmap_hva_handler(struct
}
int kvm_unmap_hva_range(struct kvm *kvm,
- unsigned long start, unsigned long end)
+ unsigned long start, unsigned long end, unsigned flags)
{
if (!kvm->arch.pgd)
return 0;
--- a/arch/mips/include/asm/kvm_host.h
+++ b/arch/mips/include/asm/kvm_host.h
@@ -981,7 +981,7 @@ enum kvm_mips_fault_result kvm_trap_emul
#define KVM_ARCH_WANT_MMU_NOTIFIER
int kvm_unmap_hva_range(struct kvm *kvm,
- unsigned long start, unsigned long end);
+ unsigned long start, unsigned long end, unsigned flags);
int kvm_set_spte_hva(struct kvm *kvm, unsigned long hva, pte_t pte);
int kvm_age_hva(struct kvm *kvm, unsigned long start, unsigned long end);
int kvm_test_age_hva(struct kvm *kvm, unsigned long hva);
--- a/arch/mips/kvm/mmu.c
+++ b/arch/mips/kvm/mmu.c
@@ -518,7 +518,8 @@ static int kvm_unmap_hva_handler(struct
return 1;
}
-int kvm_unmap_hva_range(struct kvm *kvm, unsigned long start, unsigned long end)
+int kvm_unmap_hva_range(struct kvm *kvm, unsigned long start, unsigned long end,
+ unsigned flags)
{
handle_hva_to_gpa(kvm, start, end, &kvm_unmap_hva_handler, NULL);
--- a/arch/powerpc/include/asm/kvm_host.h
+++ b/arch/powerpc/include/asm/kvm_host.h
@@ -58,7 +58,8 @@
#define KVM_ARCH_WANT_MMU_NOTIFIER
extern int kvm_unmap_hva_range(struct kvm *kvm,
- unsigned long start, unsigned long end);
+ unsigned long start, unsigned long end,
+ unsigned flags);
extern int kvm_age_hva(struct kvm *kvm, unsigned long start, unsigned long end);
extern int kvm_test_age_hva(struct kvm *kvm, unsigned long hva);
extern int kvm_set_spte_hva(struct kvm *kvm, unsigned long hva, pte_t pte);
--- a/arch/powerpc/kvm/book3s.c
+++ b/arch/powerpc/kvm/book3s.c
@@ -834,7 +834,8 @@ void kvmppc_core_commit_memory_region(st
kvm->arch.kvm_ops->commit_memory_region(kvm, mem, old, new, change);
}
-int kvm_unmap_hva_range(struct kvm *kvm, unsigned long start, unsigned long end)
+int kvm_unmap_hva_range(struct kvm *kvm, unsigned long start, unsigned long end,
+ unsigned flags)
{
return kvm->arch.kvm_ops->unmap_hva_range(kvm, start, end);
}
--- a/arch/powerpc/kvm/e500_mmu_host.c
+++ b/arch/powerpc/kvm/e500_mmu_host.c
@@ -734,7 +734,8 @@ static int kvm_unmap_hva(struct kvm *kvm
return 0;
}
-int kvm_unmap_hva_range(struct kvm *kvm, unsigned long start, unsigned long end)
+int kvm_unmap_hva_range(struct kvm *kvm, unsigned long start, unsigned long end,
+ unsigned flags)
{
/* kvm_unmap_hva flushes everything anyways */
kvm_unmap_hva(kvm, start);
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -1641,7 +1641,8 @@ asmlinkage void kvm_spurious_fault(void)
_ASM_EXTABLE(666b, 667b)
#define KVM_ARCH_WANT_MMU_NOTIFIER
-int kvm_unmap_hva_range(struct kvm *kvm, unsigned long start, unsigned long end);
+int kvm_unmap_hva_range(struct kvm *kvm, unsigned long start, unsigned long end,
+ unsigned flags);
int kvm_age_hva(struct kvm *kvm, unsigned long start, unsigned long end);
int kvm_test_age_hva(struct kvm *kvm, unsigned long hva);
int kvm_set_spte_hva(struct kvm *kvm, unsigned long hva, pte_t pte);
--- a/arch/x86/kvm/mmu/mmu.c
+++ b/arch/x86/kvm/mmu/mmu.c
@@ -1971,7 +1971,8 @@ static int kvm_handle_hva(struct kvm *kv
return kvm_handle_hva_range(kvm, hva, hva + 1, data, handler);
}
-int kvm_unmap_hva_range(struct kvm *kvm, unsigned long start, unsigned long end)
+int kvm_unmap_hva_range(struct kvm *kvm, unsigned long start, unsigned long end,
+ unsigned flags)
{
return kvm_handle_hva_range(kvm, start, end, 0, kvm_unmap_rmapp);
}
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -427,7 +427,8 @@ static int kvm_mmu_notifier_invalidate_r
* count is also read inside the mmu_lock critical section.
*/
kvm->mmu_notifier_count++;
- need_tlb_flush = kvm_unmap_hva_range(kvm, range->start, range->end);
+ need_tlb_flush = kvm_unmap_hva_range(kvm, range->start, range->end,
+ range->flags);
need_tlb_flush |= kvm->tlbs_dirty;
/* we've to flush the tlb before the pages can be freed */
if (need_tlb_flush)
From: Hugh Dickins <[email protected]>
commit c17c3dc9d08b9aad9a55a1e53f205187972f448e upstream.
syzbot crashed on the VM_BUG_ON_PAGE(PageTail) in munlock_vma_page(), when
called from uprobes __replace_page(). Which of many ways to fix it?
Settled on not calling when PageCompound (since Head and Tail are equals
in this context, PageCompound the usual check in uprobes.c, and the prior
use of FOLL_SPLIT_PMD will have cleared PageMlocked already).
Fixes: 5a52c9df62b4 ("uprobe: use FOLL_SPLIT_PMD instead of FOLL_SPLIT")
Reported-by: syzbot <[email protected]>
Signed-off-by: Hugh Dickins <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Reviewed-by: Srikar Dronamraju <[email protected]>
Acked-by: Song Liu <[email protected]>
Acked-by: Oleg Nesterov <[email protected]>
Cc: "Kirill A. Shutemov" <[email protected]>
Cc: <[email protected]> [5.4+]
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Linus Torvalds <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
kernel/events/uprobes.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/kernel/events/uprobes.c
+++ b/kernel/events/uprobes.c
@@ -205,7 +205,7 @@ static int __replace_page(struct vm_area
try_to_free_swap(old_page);
page_vma_mapped_walk_done(&pvmw);
- if (vma->vm_flags & VM_LOCKED)
+ if ((vma->vm_flags & VM_LOCKED) && !PageCompound(old_page))
munlock_vma_page(old_page);
put_page(old_page);
From: Aneesh Kumar K.V <[email protected]>
commit e47110e90584a22e9980510b00d0dfad3a83354e upstream.
Like zap_pte_range add cond_resched so that we can avoid softlockups as
reported below. On non-preemptible kernel with large I/O map region (like
the one we get when using persistent memory with sector mode), an unmap of
the namespace can report below softlockups.
22724.027334] watchdog: BUG: soft lockup - CPU#49 stuck for 23s! [ndctl:50777]
NIP [c0000000000dc224] plpar_hcall+0x38/0x58
LR [c0000000000d8898] pSeries_lpar_hpte_invalidate+0x68/0xb0
Call Trace:
flush_hash_page+0x114/0x200
hpte_need_flush+0x2dc/0x540
vunmap_page_range+0x538/0x6f0
free_unmap_vmap_area+0x30/0x70
remove_vm_area+0xfc/0x140
__vunmap+0x68/0x270
__iounmap.part.0+0x34/0x60
memunmap+0x54/0x70
release_nodes+0x28c/0x300
device_release_driver_internal+0x16c/0x280
unbind_store+0x124/0x170
drv_attr_store+0x44/0x60
sysfs_kf_write+0x64/0x90
kernfs_fop_write+0x1b0/0x290
__vfs_write+0x3c/0x70
vfs_write+0xd8/0x260
ksys_write+0xdc/0x130
system_call+0x5c/0x70
Reported-by: Harish Sriram <[email protected]>
Signed-off-by: Aneesh Kumar K.V <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Reviewed-by: Andrew Morton <[email protected]>
Cc: <[email protected]>
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Linus Torvalds <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
mm/vmalloc.c | 2 ++
1 file changed, 2 insertions(+)
--- a/mm/vmalloc.c
+++ b/mm/vmalloc.c
@@ -102,6 +102,8 @@ static void vunmap_pmd_range(pud_t *pud,
if (pmd_none_or_clear_bad(pmd))
continue;
vunmap_pte_range(pmd, addr, next, mask);
+
+ cond_resched();
} while (pmd++, addr = next, addr != end);
}
On Mon, Aug 24, 2020 at 10:28:18AM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.8.4 release.
> There are 148 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 26 Aug 2020 08:23:34 +0000.
> Anything received after that time might be too late.
>
Building powerpc:defconfig ... failed
--------------
Error log:
powerpc64-linux-ld: arch/powerpc/kernel/cputable.o:(.init.data+0xd78): undefined reference to `__machine_check_early_realmode_p10'
make[1]: *** [vmlinux] Error 1
make: *** [__sub-make] Error 2
The problem affects several builds.
Guenter
On Mon, Aug 24, 2020 at 06:40:27AM -0700, Guenter Roeck wrote:
>On Mon, Aug 24, 2020 at 10:28:18AM +0200, Greg Kroah-Hartman wrote:
>> This is the start of the stable review cycle for the 5.8.4 release.
>> There are 148 patches in this series, all will be posted as a response
>> to this one. If anyone has any issues with these being applied, please
>> let me know.
>>
>> Responses should be made by Wed, 26 Aug 2020 08:23:34 +0000.
>> Anything received after that time might be too late.
>>
>
>Building powerpc:defconfig ... failed
>--------------
>Error log:
>powerpc64-linux-ld: arch/powerpc/kernel/cputable.o:(.init.data+0xd78): undefined reference to `__machine_check_early_realmode_p10'
>make[1]: *** [vmlinux] Error 1
>make: *** [__sub-make] Error 2
>
>The problem affects several builds.
I think that I've fixed it, thanks!
--
Thanks,
Sasha
On Mon, 24 Aug 2020 at 14:03, Greg Kroah-Hartman
<[email protected]> wrote:
>
> This is the start of the stable review cycle for the 5.8.4 release.
> There are 148 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 26 Aug 2020 08:23:34 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.8.4-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.8.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Results from Linaro’s test farm.
No regressions on arm64, arm, x86_64, and i386.
NOTE:
on x86_64 kasan enabled build this kernel warning noticed while running
LTP syscalls fork13 test case.
[ 928.754534] WARNING: kernel stack regs at 00000000d9dac8ad in
fork13:28354 has bad 'bp' value 0000000000000000
[ 928.754536] unwind stack type:0 next_sp:0000000000000000 mask:0x6 graph_idx:0
ref:
https://lkft.validation.linaro.org/scheduler/job/1703012#L6510
Summary
------------------------------------------------------------------------
kernel: 5.8.4-rc1
git repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
git branch: linux-5.8.y
git commit: 8960c0bf1993f3bdce3a3de5f03aaf5755f661e5
git describe: v5.8.3-149-g8960c0bf1993
Test details: https://qa-reports.linaro.org/lkft/linux-stable-rc-5.8-oe/build/v5.8.3-149-g8960c0bf1993
No regressions (compared to build v5.8.3)
No fixes (compared to build v5.8.3)
Ran 40223 total tests in the following environments and test suites.
Environments
--------------
- dragonboard-410c
- hi6220-hikey
- i386
- juno-r2
- juno-r2-compat
- juno-r2-kasan
- nxp-ls2088
- qemu_arm
- qemu_arm64
- qemu_i386
- qemu_x86_64
- x15
- x86
- x86-kasan
Test Suites
-----------
* build
* igt-gpu-tools
* install-android-platform-tools-r2600
* kselftest
* kselftest/drivers
* kselftest/filesystems
* kselftest/net
* libhugetlbfs
* linux-log-parser
* ltp-cap_bounds-tests
* ltp-commands-tests
* ltp-controllers-tests
* ltp-cpuhotplug-tests
* ltp-crypto-tests
* ltp-cve-tests
* ltp-fcntl-locktests-tests
* ltp-filecaps-tests
* ltp-fs-tests
* ltp-fs_bind-tests
* ltp-fs_perms_simple-tests
* ltp-fsx-tests
* ltp-ipc-tests
* ltp-math-tests
* ltp-nptl-tests
* ltp-pty-tests
* ltp-sched-tests
* ltp-securebits-tests
* ltp-syscalls-tests
* perf
* v4l2-compliance
* ltp-hugetlb-tests
* ltp-mm-tests
* network-basic-tests
* prep-inline
* ltp-containers-tests
* ltp-dio-tests
* ltp-io-tests
* ltp-open-posix-tests
* ltp-tracing-tests
* ssuite
* kselftest-vsyscall-mode-native
* kselftest-vsyscall-mode-native/drivers
* kselftest-vsyscall-mode-native/filesystems
* kselftest-vsyscall-mode-native/net
* kselftest-vsyscall-mode-none
* kselftest-vsyscall-mode-none/drivers
* kselftest-vsyscall-mode-none/filesystems
* kselftest-vsyscall-mode-none/net
--
Linaro LKFT
https://lkft.linaro.org