This is the start of the stable review cycle for the 4.14.216 release.
There are 28 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Sun, 17 Jan 2021 12:19:42 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.216-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <[email protected]>
Linux 4.14.216-rc1
Vasily Averin <[email protected]>
net: drop bogus skb with CHECKSUM_PARTIAL and offset beyond end of trimmed packet
Ming Lei <[email protected]>
block: fix use-after-free in disk_part_iter_next
Marc Zyngier <[email protected]>
KVM: arm64: Don't access PMCR_EL0 when no PMU is available
Arnd Bergmann <[email protected]>
wan: ds26522: select CONFIG_BITREVERSE
Dinghao Liu <[email protected]>
net/mlx5e: Fix two double free cases
Dinghao Liu <[email protected]>
net/mlx5e: Fix memleak in mlx5e_create_l2_table_groups
Dinghao Liu <[email protected]>
iommu/intel: Fix memleak in intel_irq_remapping_alloc
Arnd Bergmann <[email protected]>
block: rsxx: select CONFIG_CRC32
Arnd Bergmann <[email protected]>
wil6210: select CONFIG_CRC32
Shravya Kumbham <[email protected]>
dmaengine: xilinx_dma: fix mixed_enum_type coverity warning
Shravya Kumbham <[email protected]>
dmaengine: xilinx_dma: check dma_async_device_register return value
Roman Guskov <[email protected]>
spi: stm32: FIFO threshold level - fix align packet size
Colin Ian King <[email protected]>
cpufreq: powernow-k8: pass policy rather than use cpufreq_cpu_get()
Chunyan Zhang <[email protected]>
i2c: sprd: use a specific timeout to avoid system hang up issue
Andreas Kemnade <[email protected]>
ARM: OMAP2+: omap_device: fix idling of devices during probe
Lorenzo Bianconi <[email protected]>
iio: imu: st_lsm6dsx: fix edge-trigger interrupts
Sean Nyekjaer <[email protected]>
iio: imu: st_lsm6dsx: flip irq return logic
Lukas Wunner <[email protected]>
spi: pxa2xx: Fix use-after-free on unbind
Richard Weinberger <[email protected]>
ubifs: wbuf: Don't leak kernel memory to flash
Chris Wilson <[email protected]>
drm/i915: Fix mismatch between misplaced vma check and vma insert
Nick Desaulniers <[email protected]>
vmlinux.lds.h: Add PGO and AutoFDO input sections
Fenghua Yu <[email protected]>
x86/resctrl: Don't move a task to the same resource group
Fenghua Yu <[email protected]>
x86/resctrl: Use an IPI instead of task_work_add() to update PQR_ASSOC MSR
Florian Westphal <[email protected]>
net: fix pmtu check in nopmtudisc mode
Florian Westphal <[email protected]>
net: ip: always refragment ip defragmented packets
Jakub Kicinski <[email protected]>
net: vlan: avoid leaks on register_vlan_dev() failures
Jouni K. Seppänen <[email protected]>
net: cdc_ncm: correct overhead in delayed_ndp_size
Mathieu Desnoyers <[email protected]>
powerpc: Fix incorrect stw{, ux, u, x} instructions in __set_pte_at
-------------
Diffstat:
Makefile | 4 +-
arch/arm/mach-omap2/omap_device.c | 8 +-
arch/arm64/kvm/sys_regs.c | 4 +
arch/powerpc/include/asm/book3s/32/pgtable.h | 4 +-
arch/powerpc/include/asm/nohash/pgtable.h | 4 +-
arch/x86/kernel/cpu/intel_rdt_rdtgroup.c | 110 +++++++++++-------------
block/genhd.c | 9 +-
drivers/block/Kconfig | 1 +
drivers/cpufreq/powernow-k8.c | 9 +-
drivers/dma/xilinx/xilinx_dma.c | 8 +-
drivers/gpu/drm/i915/i915_gem_execbuffer.c | 2 +-
drivers/i2c/busses/i2c-sprd.c | 8 +-
drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c | 26 ++++--
drivers/iommu/intel_irq_remapping.c | 2 +
drivers/net/ethernet/mellanox/mlx5/core/en_fs.c | 3 +
drivers/net/usb/cdc_ncm.c | 8 +-
drivers/net/wan/Kconfig | 1 +
drivers/net/wireless/ath/wil6210/Kconfig | 1 +
drivers/spi/spi-pxa2xx.c | 3 +-
drivers/spi/spi-stm32.c | 4 +-
fs/ubifs/io.c | 13 ++-
include/asm-generic/vmlinux.lds.h | 5 +-
net/8021q/vlan.c | 3 +-
net/core/skbuff.c | 6 ++
net/ipv4/ip_output.c | 2 +-
net/ipv4/ip_tunnel.c | 10 +--
26 files changed, 153 insertions(+), 105 deletions(-)
From: Mathieu Desnoyers <[email protected]>
[ Upstream commit d85be8a49e733dcd23674aa6202870d54bf5600d ]
The placeholder for instruction selection should use the second
argument's operand, which is %1, not %0. This could generate incorrect
assembly code if the memory addressing of operand %0 is a different
form from that of operand %1.
Also remove the %Un placeholder because having %Un placeholders
for two operands which are based on the same local var (ptep) doesn't
make much sense. By the way, it doesn't change the current behaviour
because "<>" constraint is missing for the associated "=m".
[chleroy: revised commit log iaw segher's comments and removed %U0]
Fixes: 9bf2b5cdc5fe ("powerpc: Fixes for CONFIG_PTE_64BIT for SMP support")
Cc: <[email protected]> # v2.6.28+
Signed-off-by: Mathieu Desnoyers <[email protected]>
Signed-off-by: Christophe Leroy <[email protected]>
Acked-by: Segher Boessenkool <[email protected]>
Signed-off-by: Michael Ellerman <[email protected]>
Link: https://lore.kernel.org/r/96354bd77977a6a933fe9020da57629007fdb920.1603358942.git.christophe.leroy@csgroup.eu
Signed-off-by: Sasha Levin <[email protected]>
---
arch/powerpc/include/asm/book3s/32/pgtable.h | 4 ++--
arch/powerpc/include/asm/nohash/pgtable.h | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/arch/powerpc/include/asm/book3s/32/pgtable.h b/arch/powerpc/include/asm/book3s/32/pgtable.h
index 016579ef16d3d..ec98abca0df03 100644
--- a/arch/powerpc/include/asm/book3s/32/pgtable.h
+++ b/arch/powerpc/include/asm/book3s/32/pgtable.h
@@ -414,9 +414,9 @@ static inline void __set_pte_at(struct mm_struct *mm, unsigned long addr,
if (pte_val(*ptep) & _PAGE_HASHPTE)
flush_hash_entry(mm, ptep, addr);
__asm__ __volatile__("\
- stw%U0%X0 %2,%0\n\
+ stw%X0 %2,%0\n\
eieio\n\
- stw%U0%X0 %L2,%1"
+ stw%X1 %L2,%1"
: "=m" (*ptep), "=m" (*((unsigned char *)ptep+4))
: "r" (pte) : "memory");
diff --git a/arch/powerpc/include/asm/nohash/pgtable.h b/arch/powerpc/include/asm/nohash/pgtable.h
index 5c68f4a59f758..e9171b8242e4b 100644
--- a/arch/powerpc/include/asm/nohash/pgtable.h
+++ b/arch/powerpc/include/asm/nohash/pgtable.h
@@ -157,9 +157,9 @@ static inline void __set_pte_at(struct mm_struct *mm, unsigned long addr,
flush_hash_entry(mm, ptep, addr);
#endif
__asm__ __volatile__("\
- stw%U0%X0 %2,%0\n\
+ stw%X0 %2,%0\n\
eieio\n\
- stw%U0%X0 %L2,%1"
+ stw%X1 %L2,%1"
: "=m" (*ptep), "=m" (*((unsigned char *)ptep+4))
: "r" (pte) : "memory");
--
2.27.0
From: Florian Westphal <[email protected]>
[ Upstream commit bb4cc1a18856a73f0ff5137df0c2a31f4c50f6cf ]
Conntrack reassembly records the largest fragment size seen in IPCB.
However, when this gets forwarded/transmitted, fragmentation will only
be forced if one of the fragmented packets had the DF bit set.
In that case, a flag in IPCB will force fragmentation even if the
MTU is large enough.
This should work fine, but this breaks with ip tunnels.
Consider client that sends a UDP datagram of size X to another host.
The client fragments the datagram, so two packets, of size y and z, are
sent. DF bit is not set on any of these packets.
Middlebox netfilter reassembles those packets back to single size-X
packet, before routing decision.
packet-size-vs-mtu checks in ip_forward are irrelevant, because DF bit
isn't set. At output time, ip refragmentation is skipped as well
because x is still smaller than the mtu of the output device.
If ttransmit device is an ip tunnel, the packet size increases to
x+overhead.
Also, tunnel might be configured to force DF bit on outer header.
In this case, packet will be dropped (exceeds MTU) and an ICMP error is
generated back to sender.
But sender already respects the announced MTU, all the packets that
it sent did fit the announced mtu.
Force refragmentation as per original sizes unconditionally so ip tunnel
will encapsulate the fragments instead.
The only other solution I see is to place ip refragmentation in
the ip_tunnel code to handle this case.
Fixes: d6b915e29f4ad ("ip_fragment: don't forward defragmented DF packet")
Reported-by: Christian Perle <[email protected]>
Signed-off-by: Florian Westphal <[email protected]>
Acked-by: Pablo Neira Ayuso <[email protected]>
Signed-off-by: Jakub Kicinski <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/ipv4/ip_output.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -312,7 +312,7 @@ static int ip_finish_output(struct net *
if (skb_is_gso(skb))
return ip_finish_output_gso(net, sk, skb, mtu);
- if (skb->len > mtu || (IPCB(skb)->flags & IPSKB_FRAG_PMTU))
+ if (skb->len > mtu || IPCB(skb)->frag_max_size)
return ip_fragment(net, sk, skb, mtu, ip_finish_output2);
return ip_finish_output2(net, sk, skb);
From: Richard Weinberger <[email protected]>
commit 20f1431160c6b590cdc269a846fc5a448abf5b98 upstream
Write buffers use a kmalloc()'ed buffer, they can leak
up to seven bytes of kernel memory to flash if writes are not
aligned.
So use ubifs_pad() to fill these gaps with padding bytes.
This was never a problem while scanning because the scanner logic
manually aligns node lengths and skips over these gaps.
Cc: <[email protected]>
Fixes: 1e51764a3c2ac05a2 ("UBIFS: add new flash file system")
Signed-off-by: Richard Weinberger <[email protected]>
Reviewed-by: Zhihao Cheng <[email protected]>
Signed-off-by: Richard Weinberger <[email protected]>
[sudip: adjust context]
Signed-off-by: Sudip Mukherjee <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
fs/ubifs/io.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
--- a/fs/ubifs/io.c
+++ b/fs/ubifs/io.c
@@ -331,7 +331,7 @@ void ubifs_pad(const struct ubifs_info *
{
uint32_t crc;
- ubifs_assert(pad >= 0 && !(pad & 7));
+ ubifs_assert(pad >= 0);
if (pad >= UBIFS_PAD_NODE_SZ) {
struct ubifs_ch *ch = buf;
@@ -727,6 +727,10 @@ int ubifs_wbuf_write_nolock(struct ubifs
* write-buffer.
*/
memcpy(wbuf->buf + wbuf->used, buf, len);
+ if (aligned_len > len) {
+ ubifs_assert(aligned_len - len < 8);
+ ubifs_pad(c, wbuf->buf + wbuf->used + len, aligned_len - len);
+ }
if (aligned_len == wbuf->avail) {
dbg_io("flush jhead %s wbuf to LEB %d:%d",
@@ -819,13 +823,18 @@ int ubifs_wbuf_write_nolock(struct ubifs
}
spin_lock(&wbuf->lock);
- if (aligned_len)
+ if (aligned_len) {
/*
* And now we have what's left and what does not take whole
* max. write unit, so write it to the write-buffer and we are
* done.
*/
memcpy(wbuf->buf, buf + written, len);
+ if (aligned_len > len) {
+ ubifs_assert(aligned_len - len < 8);
+ ubifs_pad(c, wbuf->buf + len, aligned_len - len);
+ }
+ }
if (c->leb_size - wbuf->offs >= c->max_write_size)
wbuf->size = c->max_write_size;
From: Andreas Kemnade <[email protected]>
commit ec76c2eea903947202098090bbe07a739b5246e9 upstream.
On the GTA04A5 od->_driver_status was not set to BUS_NOTIFY_BIND_DRIVER
during probe of the second mmc used for wifi. Therefore
omap_device_late_idle idled the device during probing causing oopses when
accessing the registers.
It was not set because od->_state was set to OMAP_DEVICE_STATE_IDLE
in the notifier callback. Therefore set od->_driver_status also in that
case.
This came apparent after commit 21b2cec61c04 ("mmc: Set
PROBE_PREFER_ASYNCHRONOUS for drivers that existed in v4.4") causing this
oops:
omap_hsmmc 480b4000.mmc: omap_device_late_idle: enabled but no driver. Idling
8<--- cut here ---
Unhandled fault: external abort on non-linefetch (0x1028) at 0xfa0b402c
...
(omap_hsmmc_set_bus_width) from [<c07996bc>] (omap_hsmmc_set_ios+0x11c/0x258)
(omap_hsmmc_set_ios) from [<c077b2b0>] (mmc_power_up.part.8+0x3c/0xd0)
(mmc_power_up.part.8) from [<c077c14c>] (mmc_start_host+0x88/0x9c)
(mmc_start_host) from [<c077d284>] (mmc_add_host+0x58/0x84)
(mmc_add_host) from [<c0799190>] (omap_hsmmc_probe+0x5fc/0x8c0)
(omap_hsmmc_probe) from [<c0666728>] (platform_drv_probe+0x48/0x98)
(platform_drv_probe) from [<c066457c>] (really_probe+0x1dc/0x3b4)
Fixes: 04abaf07f6d5 ("ARM: OMAP2+: omap_device: Sync omap_device and pm_runtime after probe defer")
Fixes: 21b2cec61c04 ("mmc: Set PROBE_PREFER_ASYNCHRONOUS for drivers that existed in v4.4")
Acked-by: Ulf Hansson <[email protected]>
Signed-off-by: Andreas Kemnade <[email protected]>
[[email protected]: left out extra parens, trimmed description stack trace]
Signed-off-by: Tony Lindgren <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
arch/arm/mach-omap2/omap_device.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
--- a/arch/arm/mach-omap2/omap_device.c
+++ b/arch/arm/mach-omap2/omap_device.c
@@ -224,10 +224,12 @@ static int _omap_device_notifier_call(st
break;
case BUS_NOTIFY_BIND_DRIVER:
od = to_omap_device(pdev);
- if (od && (od->_state == OMAP_DEVICE_STATE_ENABLED) &&
- pm_runtime_status_suspended(dev)) {
+ if (od) {
od->_driver_status = BUS_NOTIFY_BIND_DRIVER;
- pm_runtime_set_active(dev);
+ if (od->_state == OMAP_DEVICE_STATE_ENABLED &&
+ pm_runtime_status_suspended(dev)) {
+ pm_runtime_set_active(dev);
+ }
}
break;
case BUS_NOTIFY_ADD_DEVICE:
From: Sean Nyekjaer <[email protected]>
commit ec76d918f23034f9f662539ca9c64e2ae3ba9fba upstream
No need for using reverse logic in the irq return,
fix this by flip things around.
Signed-off-by: Sean Nyekjaer <[email protected]>
Signed-off-by: Jonathan Cameron <[email protected]>
Signed-off-by: Sudip Mukherjee <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c
+++ b/drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c
@@ -401,7 +401,7 @@ static irqreturn_t st_lsm6dsx_handler_th
count = st_lsm6dsx_read_fifo(hw);
mutex_unlock(&hw->fifo_lock);
- return !count ? IRQ_NONE : IRQ_HANDLED;
+ return count ? IRQ_HANDLED : IRQ_NONE;
}
static int st_lsm6dsx_buffer_preenable(struct iio_dev *iio_dev)
On Fri, Jan 15, 2021 at 01:27:37PM +0100, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.14.216 release.
> There are 28 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sun, 17 Jan 2021 12:19:42 +0000.
> Anything received after that time might be too late.
>
Build results:
total: 168 pass: 168 fail: 0
Qemu test results:
total: 404 pass: 404 fail: 0
Tested-by: Guenter Roeck <[email protected]>
Guenter
On Fri, 15 Jan 2021 at 18:04, Greg Kroah-Hartman
<[email protected]> wrote:
>
> This is the start of the stable review cycle for the 4.14.216 release.
> There are 28 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sun, 17 Jan 2021 12:19:42 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.216-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Results from Linaro’s test farm.
No regressions on arm64, arm, x86_64, and i386.
Tested-by: Linux Kernel Functional Testing <[email protected]>
Summary
------------------------------------------------------------------------
kernel: 4.14.216-rc1
git repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
git branch: linux-4.14.y
git commit: 4cfcf012355fcec6a76068a773208220deebc337
git describe: v4.14.215-29-g4cfcf012355f
Test details: https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-4.14.y/build/v4.14.215-29-g4cfcf012355f
No regressions (compared to build v4.14.215)
No fixes (compared to build v4.14.215)
Ran 40410 total tests in the following environments and test suites.
Environments
--------------
- arm
- arm64
- dragonboard-410c - arm64
- hi6220-hikey - arm64
- i386
- juno-r2 - arm64
- juno-r2-compat
- juno-r2-kasan
- mips
- qemu-arm64-kasan
- qemu-x86_64-kasan
- qemu_arm
- qemu_arm64
- qemu_arm64-compat
- qemu_i386
- qemu_x86_64
- qemu_x86_64-compat
- sparc
- x15 - arm
- x86_64
- x86-kasan
- x86_64
Test Suites
-----------
* build
* linux-log-parser
* install-android-platform-tools-r2600
* ltp-containers-tests
* ltp-cve-tests
* ltp-syscalls-tests
* perf
* v4l2-compliance
* libhugetlbfs
* ltp-cap_bounds-tests
* ltp-commands-tests
* ltp-controllers-tests
* ltp-cpuhotplug-tests
* ltp-crypto-tests
* ltp-dio-tests
* ltp-fcntl-locktests-tests
* ltp-filecaps-tests
* ltp-fs-tests
* ltp-fs_bind-tests
* ltp-fs_perms_simple-tests
* ltp-fsx-tests
* ltp-hugetlb-tests
* ltp-io-tests
* ltp-ipc-tests
* ltp-math-tests
* ltp-mm-tests
* ltp-nptl-tests
* ltp-pty-tests
* ltp-securebits-tests
* ltp-tracing-tests
* network-basic-tests
* ltp-open-posix-tests
* ltp-sched-tests
* kvm-unit-tests
* rcutorture
* fwts
--
Linaro LKFT
https://lkft.linaro.org