* [PATCH AUTOSEL 4.4 01/14] iio: adc: xilinx: fix potential use-after-free on remove
@ 2019-05-07 5:42 Sasha Levin
2019-05-07 5:42 ` [PATCH AUTOSEL 4.4 02/14] HID: input: add mapping for Expose/Overview key Sasha Levin
` (12 more replies)
0 siblings, 13 replies; 14+ messages in thread
From: Sasha Levin @ 2019-05-07 5:42 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Sven Van Asbroeck, Sven Van Asbroeck, Jonathan Cameron,
Sasha Levin, linux-iio
From: Sven Van Asbroeck <thesven73@gmail.com>
[ Upstream commit 62039b6aef63380ba7a37c113bbaeee8a55c5342 ]
When cancel_delayed_work() returns, the delayed work may still
be running. This means that the core could potentially free
the private structure (struct xadc) while the delayed work
is still using it. This is a potential use-after-free.
Fix by calling cancel_delayed_work_sync(), which waits for
any residual work to finish before returning.
Signed-off-by: Sven Van Asbroeck <TheSven73@gmail.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iio/adc/xilinx-xadc-core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/iio/adc/xilinx-xadc-core.c b/drivers/iio/adc/xilinx-xadc-core.c
index 475c5a74f2d1..6398e86a272b 100644
--- a/drivers/iio/adc/xilinx-xadc-core.c
+++ b/drivers/iio/adc/xilinx-xadc-core.c
@@ -1299,7 +1299,7 @@ static int xadc_remove(struct platform_device *pdev)
}
free_irq(irq, indio_dev);
clk_disable_unprepare(xadc->clk);
- cancel_delayed_work(&xadc->zynq_unmask_work);
+ cancel_delayed_work_sync(&xadc->zynq_unmask_work);
kfree(xadc->data);
kfree(indio_dev->channels);
--
2.20.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH AUTOSEL 4.4 02/14] HID: input: add mapping for Expose/Overview key
2019-05-07 5:42 [PATCH AUTOSEL 4.4 01/14] iio: adc: xilinx: fix potential use-after-free on remove Sasha Levin
@ 2019-05-07 5:42 ` Sasha Levin
2019-05-07 5:42 ` [PATCH AUTOSEL 4.4 03/14] HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys Sasha Levin
` (11 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: Sasha Levin @ 2019-05-07 5:42 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: Dmitry Torokhov, Sasha Levin, linux-input
From: Dmitry Torokhov <dmitry.torokhov@gmail.com>
[ Upstream commit 96dd86871e1fffbc39e4fa61c9c75ec54ee9af0f ]
According to HUTRR77 usage 0x29f from the consumer page is reserved for
the Desktop application to present all running user’s application windows.
Linux defines KEY_SCALE to request Compiz Scale (Expose) mode, so let's
add the mapping.
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/hid-input.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/hid/hid-input.c b/drivers/hid/hid-input.c
index 8d74e691ac90..01b41ff43056 100644
--- a/drivers/hid/hid-input.c
+++ b/drivers/hid/hid-input.c
@@ -913,6 +913,8 @@ static void hidinput_configure_usage(struct hid_input *hidinput, struct hid_fiel
case 0x2cb: map_key_clear(KEY_KBDINPUTASSIST_ACCEPT); break;
case 0x2cc: map_key_clear(KEY_KBDINPUTASSIST_CANCEL); break;
+ case 0x29f: map_key_clear(KEY_SCALE); break;
+
default: map_key_clear(KEY_UNKNOWN);
}
break;
--
2.20.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH AUTOSEL 4.4 03/14] HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys
2019-05-07 5:42 [PATCH AUTOSEL 4.4 01/14] iio: adc: xilinx: fix potential use-after-free on remove Sasha Levin
2019-05-07 5:42 ` [PATCH AUTOSEL 4.4 02/14] HID: input: add mapping for Expose/Overview key Sasha Levin
@ 2019-05-07 5:42 ` Sasha Levin
2019-05-07 5:42 ` [PATCH AUTOSEL 4.4 04/14] libnvdimm/btt: Fix a kmemdup failure check Sasha Levin
` (10 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: Sasha Levin @ 2019-05-07 5:42 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: Dmitry Torokhov, Sasha Levin, linux-input
From: Dmitry Torokhov <dmitry.torokhov@gmail.com>
[ Upstream commit 7975a1d6a7afeb3eb61c971a153d24dd8fa032f3 ]
According to HUTRR73 usages 0x79, 0x7a and 0x7c from the consumer page
correspond to Brightness Up/Down/Toggle keys, so let's add the mappings.
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/hid-input.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/hid/hid-input.c b/drivers/hid/hid-input.c
index 01b41ff43056..ee3c66c02043 100644
--- a/drivers/hid/hid-input.c
+++ b/drivers/hid/hid-input.c
@@ -783,6 +783,10 @@ static void hidinput_configure_usage(struct hid_input *hidinput, struct hid_fiel
case 0x074: map_key_clear(KEY_BRIGHTNESS_MAX); break;
case 0x075: map_key_clear(KEY_BRIGHTNESS_AUTO); break;
+ case 0x079: map_key_clear(KEY_KBDILLUMUP); break;
+ case 0x07a: map_key_clear(KEY_KBDILLUMDOWN); break;
+ case 0x07c: map_key_clear(KEY_KBDILLUMTOGGLE); break;
+
case 0x082: map_key_clear(KEY_VIDEO_NEXT); break;
case 0x083: map_key_clear(KEY_LAST); break;
case 0x084: map_key_clear(KEY_ENTER); break;
--
2.20.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH AUTOSEL 4.4 04/14] libnvdimm/btt: Fix a kmemdup failure check
2019-05-07 5:42 [PATCH AUTOSEL 4.4 01/14] iio: adc: xilinx: fix potential use-after-free on remove Sasha Levin
2019-05-07 5:42 ` [PATCH AUTOSEL 4.4 02/14] HID: input: add mapping for Expose/Overview key Sasha Levin
2019-05-07 5:42 ` [PATCH AUTOSEL 4.4 03/14] HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys Sasha Levin
@ 2019-05-07 5:42 ` Sasha Levin
2019-05-07 5:42 ` [PATCH AUTOSEL 4.4 05/14] s390/dasd: Fix capacity calculation for large volumes Sasha Levin
` (9 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: Sasha Levin @ 2019-05-07 5:42 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Aditya Pakki, Dan Williams, Sasha Levin, linux-nvdimm
From: Aditya Pakki <pakki001@umn.edu>
[ Upstream commit 486fa92df4707b5df58d6508728bdb9321a59766 ]
In case kmemdup fails, the fix releases resources and returns to
avoid the NULL pointer dereference.
Signed-off-by: Aditya Pakki <pakki001@umn.edu>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvdimm/btt_devs.c | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
diff --git a/drivers/nvdimm/btt_devs.c b/drivers/nvdimm/btt_devs.c
index cb477518dd0e..4c129450495d 100644
--- a/drivers/nvdimm/btt_devs.c
+++ b/drivers/nvdimm/btt_devs.c
@@ -170,14 +170,15 @@ static struct device *__nd_btt_create(struct nd_region *nd_region,
return NULL;
nd_btt->id = ida_simple_get(&nd_region->btt_ida, 0, 0, GFP_KERNEL);
- if (nd_btt->id < 0) {
- kfree(nd_btt);
- return NULL;
- }
+ if (nd_btt->id < 0)
+ goto out_nd_btt;
nd_btt->lbasize = lbasize;
- if (uuid)
+ if (uuid) {
uuid = kmemdup(uuid, 16, GFP_KERNEL);
+ if (!uuid)
+ goto out_put_id;
+ }
nd_btt->uuid = uuid;
dev = &nd_btt->dev;
dev_set_name(dev, "btt%d.%d", nd_region->id, nd_btt->id);
@@ -192,6 +193,13 @@ static struct device *__nd_btt_create(struct nd_region *nd_region,
return NULL;
}
return dev;
+
+out_put_id:
+ ida_simple_remove(&nd_region->btt_ida, nd_btt->id);
+
+out_nd_btt:
+ kfree(nd_btt);
+ return NULL;
}
struct device *nd_btt_create(struct nd_region *nd_region)
--
2.20.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH AUTOSEL 4.4 05/14] s390/dasd: Fix capacity calculation for large volumes
2019-05-07 5:42 [PATCH AUTOSEL 4.4 01/14] iio: adc: xilinx: fix potential use-after-free on remove Sasha Levin
` (2 preceding siblings ...)
2019-05-07 5:42 ` [PATCH AUTOSEL 4.4 04/14] libnvdimm/btt: Fix a kmemdup failure check Sasha Levin
@ 2019-05-07 5:42 ` Sasha Levin
2019-05-07 5:42 ` [PATCH AUTOSEL 4.4 06/14] Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ Sasha Levin
` (8 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: Sasha Levin @ 2019-05-07 5:42 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Peter Oberparleiter, Stefan Haberland, Martin Schwidefsky,
Sasha Levin, linux-s390
From: Peter Oberparleiter <oberpar@linux.ibm.com>
[ Upstream commit 2cc9637ce825f3a9f51f8f78af7474e9e85bfa5f ]
The DASD driver incorrectly limits the maximum number of blocks of ECKD
DASD volumes to 32 bit numbers. Volumes with a capacity greater than
2^32-1 blocks are incorrectly recognized as smaller volumes.
This results in the following volume capacity limits depending on the
formatted block size:
BLKSIZE MAX_GB MAX_CYL
512 2047 5843492
1024 4095 8676701
2048 8191 13634816
4096 16383 23860929
The same problem occurs when a volume with more than 17895697 cylinders
is accessed in raw-track-access mode.
Fix this problem by adding an explicit type cast when calculating the
maximum number of blocks.
Signed-off-by: Peter Oberparleiter <oberpar@linux.ibm.com>
Reviewed-by: Stefan Haberland <sth@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/s390/block/dasd_eckd.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/s390/block/dasd_eckd.c b/drivers/s390/block/dasd_eckd.c
index 80a43074c2f9..c530610f61ac 100644
--- a/drivers/s390/block/dasd_eckd.c
+++ b/drivers/s390/block/dasd_eckd.c
@@ -2066,14 +2066,14 @@ static int dasd_eckd_end_analysis(struct dasd_block *block)
blk_per_trk = recs_per_track(&private->rdc_data, 0, block->bp_block);
raw:
- block->blocks = (private->real_cyl *
+ block->blocks = ((unsigned long) private->real_cyl *
private->rdc_data.trk_per_cyl *
blk_per_trk);
dev_info(&device->cdev->dev,
- "DASD with %d KB/block, %d KB total size, %d KB/track, "
+ "DASD with %u KB/block, %lu KB total size, %u KB/track, "
"%s\n", (block->bp_block >> 10),
- ((private->real_cyl *
+ (((unsigned long) private->real_cyl *
private->rdc_data.trk_per_cyl *
blk_per_trk * (block->bp_block >> 9)) >> 1),
((blk_per_trk * block->bp_block) >> 10),
--
2.20.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH AUTOSEL 4.4 06/14] Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ
2019-05-07 5:42 [PATCH AUTOSEL 4.4 01/14] iio: adc: xilinx: fix potential use-after-free on remove Sasha Levin
` (3 preceding siblings ...)
2019-05-07 5:42 ` [PATCH AUTOSEL 4.4 05/14] s390/dasd: Fix capacity calculation for large volumes Sasha Levin
@ 2019-05-07 5:42 ` Sasha Levin
2019-05-07 5:42 ` [PATCH AUTOSEL 4.4 07/14] s390/3270: fix lockdep false positive on view->lock Sasha Levin
` (7 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: Sasha Levin @ 2019-05-07 5:42 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Anson Huang, Anson Huang, Dmitry Torokhov, Sasha Levin,
linux-input
From: Anson Huang <anson.huang@nxp.com>
[ Upstream commit bf2a7ca39fd3ab47ef71c621a7ee69d1813b1f97 ]
SNVS IRQ is requested before necessary driver data initialized,
if there is a pending IRQ during driver probe phase, kernel
NULL pointer panic will occur in IRQ handler. To avoid such
scenario, just initialize necessary driver data before enabling
IRQ. This patch is inspired by NXP's internal kernel tree.
Fixes: d3dc6e232215 ("input: keyboard: imx: add snvs power key driver")
Signed-off-by: Anson Huang <Anson.Huang@nxp.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/input/keyboard/snvs_pwrkey.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/input/keyboard/snvs_pwrkey.c b/drivers/input/keyboard/snvs_pwrkey.c
index 9adf13a5864a..57143365e945 100644
--- a/drivers/input/keyboard/snvs_pwrkey.c
+++ b/drivers/input/keyboard/snvs_pwrkey.c
@@ -156,6 +156,9 @@ static int imx_snvs_pwrkey_probe(struct platform_device *pdev)
return error;
}
+ pdata->input = input;
+ platform_set_drvdata(pdev, pdata);
+
error = devm_request_irq(&pdev->dev, pdata->irq,
imx_snvs_pwrkey_interrupt,
0, pdev->name, pdev);
@@ -172,9 +175,6 @@ static int imx_snvs_pwrkey_probe(struct platform_device *pdev)
return error;
}
- pdata->input = input;
- platform_set_drvdata(pdev, pdata);
-
device_init_wakeup(&pdev->dev, pdata->wakeup);
return 0;
--
2.20.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH AUTOSEL 4.4 07/14] s390/3270: fix lockdep false positive on view->lock
2019-05-07 5:42 [PATCH AUTOSEL 4.4 01/14] iio: adc: xilinx: fix potential use-after-free on remove Sasha Levin
` (4 preceding siblings ...)
2019-05-07 5:42 ` [PATCH AUTOSEL 4.4 06/14] Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ Sasha Levin
@ 2019-05-07 5:42 ` Sasha Levin
2019-05-07 5:42 ` [PATCH AUTOSEL 4.4 08/14] KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in tracing Sasha Levin
` (6 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: Sasha Levin @ 2019-05-07 5:42 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: Martin Schwidefsky, Sasha Levin, linux-s390
From: Martin Schwidefsky <schwidefsky@de.ibm.com>
[ Upstream commit 5712f3301a12c0c3de9cc423484496b0464f2faf ]
The spinlock in the raw3270_view structure is used by con3270, tty3270
and fs3270 in different ways. For con3270 the lock can be acquired in
irq context, for tty3270 and fs3270 the highest context is bh.
Lockdep sees the view->lock as a single class and if the 3270 driver
is used for the console the following message is generated:
WARNING: inconsistent lock state
5.1.0-rc3-05157-g5c168033979d #12 Not tainted
--------------------------------
inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage.
swapper/0/1 [HC0[0]:SC1[1]:HE1:SE0] takes:
(____ptrval____) (&(&view->lock)->rlock){?.-.}, at: tty3270_update+0x7c/0x330
Introduce a lockdep subclass for the view lock to distinguish bh from
irq locks.
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/s390/char/con3270.c | 2 +-
drivers/s390/char/fs3270.c | 3 ++-
drivers/s390/char/raw3270.c | 3 ++-
drivers/s390/char/raw3270.h | 4 +++-
drivers/s390/char/tty3270.c | 3 ++-
5 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/drivers/s390/char/con3270.c b/drivers/s390/char/con3270.c
index bae98521c808..3e5a7912044f 100644
--- a/drivers/s390/char/con3270.c
+++ b/drivers/s390/char/con3270.c
@@ -627,7 +627,7 @@ con3270_init(void)
(void (*)(unsigned long)) con3270_read_tasklet,
(unsigned long) condev->read);
- raw3270_add_view(&condev->view, &con3270_fn, 1);
+ raw3270_add_view(&condev->view, &con3270_fn, 1, RAW3270_VIEW_LOCK_IRQ);
INIT_LIST_HEAD(&condev->freemem);
for (i = 0; i < CON3270_STRING_PAGES; i++) {
diff --git a/drivers/s390/char/fs3270.c b/drivers/s390/char/fs3270.c
index 71e974738014..f0c86bcbe316 100644
--- a/drivers/s390/char/fs3270.c
+++ b/drivers/s390/char/fs3270.c
@@ -463,7 +463,8 @@ fs3270_open(struct inode *inode, struct file *filp)
init_waitqueue_head(&fp->wait);
fp->fs_pid = get_pid(task_pid(current));
- rc = raw3270_add_view(&fp->view, &fs3270_fn, minor);
+ rc = raw3270_add_view(&fp->view, &fs3270_fn, minor,
+ RAW3270_VIEW_LOCK_BH);
if (rc) {
fs3270_free_view(&fp->view);
goto out;
diff --git a/drivers/s390/char/raw3270.c b/drivers/s390/char/raw3270.c
index 220acb4cbee5..9c350e6d75bf 100644
--- a/drivers/s390/char/raw3270.c
+++ b/drivers/s390/char/raw3270.c
@@ -956,7 +956,7 @@ raw3270_deactivate_view(struct raw3270_view *view)
* Add view to device with minor "minor".
*/
int
-raw3270_add_view(struct raw3270_view *view, struct raw3270_fn *fn, int minor)
+raw3270_add_view(struct raw3270_view *view, struct raw3270_fn *fn, int minor, int subclass)
{
unsigned long flags;
struct raw3270 *rp;
@@ -978,6 +978,7 @@ raw3270_add_view(struct raw3270_view *view, struct raw3270_fn *fn, int minor)
view->cols = rp->cols;
view->ascebc = rp->ascebc;
spin_lock_init(&view->lock);
+ lockdep_set_subclass(&view->lock, subclass);
list_add(&view->list, &rp->view_list);
rc = 0;
spin_unlock_irqrestore(get_ccwdev_lock(rp->cdev), flags);
diff --git a/drivers/s390/char/raw3270.h b/drivers/s390/char/raw3270.h
index e1e41c2861fb..5ae54317857a 100644
--- a/drivers/s390/char/raw3270.h
+++ b/drivers/s390/char/raw3270.h
@@ -155,6 +155,8 @@ struct raw3270_fn {
struct raw3270_view {
struct list_head list;
spinlock_t lock;
+#define RAW3270_VIEW_LOCK_IRQ 0
+#define RAW3270_VIEW_LOCK_BH 1
atomic_t ref_count;
struct raw3270 *dev;
struct raw3270_fn *fn;
@@ -163,7 +165,7 @@ struct raw3270_view {
unsigned char *ascebc; /* ascii -> ebcdic table */
};
-int raw3270_add_view(struct raw3270_view *, struct raw3270_fn *, int);
+int raw3270_add_view(struct raw3270_view *, struct raw3270_fn *, int, int);
int raw3270_activate_view(struct raw3270_view *);
void raw3270_del_view(struct raw3270_view *);
void raw3270_deactivate_view(struct raw3270_view *);
diff --git a/drivers/s390/char/tty3270.c b/drivers/s390/char/tty3270.c
index e96fc7fd9498..ab95d24b991b 100644
--- a/drivers/s390/char/tty3270.c
+++ b/drivers/s390/char/tty3270.c
@@ -937,7 +937,8 @@ static int tty3270_install(struct tty_driver *driver, struct tty_struct *tty)
return PTR_ERR(tp);
rc = raw3270_add_view(&tp->view, &tty3270_fn,
- tty->index + RAW3270_FIRSTMINOR);
+ tty->index + RAW3270_FIRSTMINOR,
+ RAW3270_VIEW_LOCK_BH);
if (rc) {
tty3270_free_view(tp);
return rc;
--
2.20.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH AUTOSEL 4.4 08/14] KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in tracing
2019-05-07 5:42 [PATCH AUTOSEL 4.4 01/14] iio: adc: xilinx: fix potential use-after-free on remove Sasha Levin
` (5 preceding siblings ...)
2019-05-07 5:42 ` [PATCH AUTOSEL 4.4 07/14] s390/3270: fix lockdep false positive on view->lock Sasha Levin
@ 2019-05-07 5:42 ` Sasha Levin
2019-05-07 5:42 ` [PATCH AUTOSEL 4.4 09/14] tools lib traceevent: Fix missing equality check for strcmp Sasha Levin
` (5 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: Sasha Levin @ 2019-05-07 5:42 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: Vitaly Kuznetsov, Paolo Bonzini, Sasha Levin, kvm
From: Vitaly Kuznetsov <vkuznets@redhat.com>
[ Upstream commit 7a223e06b1a411cef6c4cd7a9b9a33c8d225b10e ]
In __apic_accept_irq() interface trig_mode is int and actually on some code
paths it is set above u8:
kvm_apic_set_irq() extracts it from 'struct kvm_lapic_irq' where trig_mode
is u16. This is done on purpose as e.g. kvm_set_msi_irq() sets it to
(1 << 15) & e->msi.data
kvm_apic_local_deliver sets it to reg & (1 << 15).
Fix the immediate issue by making 'tm' into u16. We may also want to adjust
__apic_accept_irq() interface and use proper sizes for vector, level,
trig_mode but this is not urgent.
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kvm/trace.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kvm/trace.h b/arch/x86/kvm/trace.h
index ab9ae67a80e4..0ec94c6b4757 100644
--- a/arch/x86/kvm/trace.h
+++ b/arch/x86/kvm/trace.h
@@ -434,13 +434,13 @@ TRACE_EVENT(kvm_apic_ipi,
);
TRACE_EVENT(kvm_apic_accept_irq,
- TP_PROTO(__u32 apicid, __u16 dm, __u8 tm, __u8 vec),
+ TP_PROTO(__u32 apicid, __u16 dm, __u16 tm, __u8 vec),
TP_ARGS(apicid, dm, tm, vec),
TP_STRUCT__entry(
__field( __u32, apicid )
__field( __u16, dm )
- __field( __u8, tm )
+ __field( __u16, tm )
__field( __u8, vec )
),
--
2.20.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH AUTOSEL 4.4 09/14] tools lib traceevent: Fix missing equality check for strcmp
2019-05-07 5:42 [PATCH AUTOSEL 4.4 01/14] iio: adc: xilinx: fix potential use-after-free on remove Sasha Levin
` (6 preceding siblings ...)
2019-05-07 5:42 ` [PATCH AUTOSEL 4.4 08/14] KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in tracing Sasha Levin
@ 2019-05-07 5:42 ` Sasha Levin
2019-05-07 5:42 ` [PATCH AUTOSEL 4.4 10/14] init: initialize jump labels before command line option parsing Sasha Levin
` (4 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: Sasha Levin @ 2019-05-07 5:42 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Rikard Falkeborn, Steven Rostedt, Tzvetomir Stoyanov,
Arnaldo Carvalho de Melo, Sasha Levin
From: Rikard Falkeborn <rikard.falkeborn@gmail.com>
[ Upstream commit f32c2877bcb068a718bb70094cd59ccc29d4d082 ]
There was a missing comparison with 0 when checking if type is "s64" or
"u64". Therefore, the body of the if-statement was entered if "type" was
"u64" or not "s64", which made the first strcmp() redundant since if
type is "u64", it's not "s64".
If type is "s64", the body of the if-statement is not entered but since
the remainder of the function consists of if-statements which will not
be entered if type is "s64", we will just return "val", which is
correct, albeit at the cost of a few more calls to strcmp(), i.e., it
will behave just as if the if-statement was entered.
If type is neither "s64" or "u64", the body of the if-statement will be
entered incorrectly and "val" returned. This means that any type that is
checked after "s64" and "u64" is handled the same way as "s64" and
"u64", i.e., the limiting of "val" to fit in for example "s8" is never
reached.
This was introduced in the kernel tree when the sources were copied from
trace-cmd in commit f7d82350e597 ("tools/events: Add files to create
libtraceevent.a"), and in the trace-cmd repo in 1cdbae6035cei
("Implement typecasting in parser") when the function was introduced,
i.e., it has always behaved the wrong way.
Detected by cppcheck.
Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com>
Reviewed-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Cc: Tzvetomir Stoyanov <tstoyanov@vmware.com>
Fixes: f7d82350e597 ("tools/events: Add files to create libtraceevent.a")
Link: http://lkml.kernel.org/r/20190409091529.2686-1-rikard.falkeborn@gmail.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/lib/traceevent/event-parse.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/lib/traceevent/event-parse.c b/tools/lib/traceevent/event-parse.c
index 743746a3c50d..df3c73e9dea4 100644
--- a/tools/lib/traceevent/event-parse.c
+++ b/tools/lib/traceevent/event-parse.c
@@ -2201,7 +2201,7 @@ eval_type_str(unsigned long long val, const char *type, int pointer)
return val & 0xffffffff;
if (strcmp(type, "u64") == 0 ||
- strcmp(type, "s64"))
+ strcmp(type, "s64") == 0)
return val;
if (strcmp(type, "s8") == 0)
--
2.20.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH AUTOSEL 4.4 10/14] init: initialize jump labels before command line option parsing
2019-05-07 5:42 [PATCH AUTOSEL 4.4 01/14] iio: adc: xilinx: fix potential use-after-free on remove Sasha Levin
` (7 preceding siblings ...)
2019-05-07 5:42 ` [PATCH AUTOSEL 4.4 09/14] tools lib traceevent: Fix missing equality check for strcmp Sasha Levin
@ 2019-05-07 5:42 ` Sasha Levin
2019-05-07 5:42 ` [PATCH AUTOSEL 4.4 11/14] ipvs: do not schedule icmp errors from tunnels Sasha Levin
` (3 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: Sasha Levin @ 2019-05-07 5:42 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Dan Williams, Guenter Roeck, Kees Cook, Mathieu Desnoyers,
Thomas Gleixner, Mike Rapoport, Russell King, Andrew Morton,
Linus Torvalds, Sasha Levin
From: Dan Williams <dan.j.williams@intel.com>
[ Upstream commit 6041186a32585fc7a1d0f6cfe2f138b05fdc3c82 ]
When a module option, or core kernel argument, toggles a static-key it
requires jump labels to be initialized early. While x86, PowerPC, and
ARM64 arrange for jump_label_init() to be called before parse_args(),
ARM does not.
Kernel command line: rdinit=/sbin/init page_alloc.shuffle=1 panic=-1 console=ttyAMA0,115200 page_alloc.shuffle=1
------------[ cut here ]------------
WARNING: CPU: 0 PID: 0 at ./include/linux/jump_label.h:303
page_alloc_shuffle+0x12c/0x1ac
static_key_enable(): static key 'page_alloc_shuffle_key+0x0/0x4' used
before call to jump_label_init()
Modules linked in:
CPU: 0 PID: 0 Comm: swapper Not tainted
5.1.0-rc4-next-20190410-00003-g3367c36ce744 #1
Hardware name: ARM Integrator/CP (Device Tree)
[<c0011c68>] (unwind_backtrace) from [<c000ec48>] (show_stack+0x10/0x18)
[<c000ec48>] (show_stack) from [<c07e9710>] (dump_stack+0x18/0x24)
[<c07e9710>] (dump_stack) from [<c001bb1c>] (__warn+0xe0/0x108)
[<c001bb1c>] (__warn) from [<c001bb88>] (warn_slowpath_fmt+0x44/0x6c)
[<c001bb88>] (warn_slowpath_fmt) from [<c0b0c4a8>]
(page_alloc_shuffle+0x12c/0x1ac)
[<c0b0c4a8>] (page_alloc_shuffle) from [<c0b0c550>] (shuffle_store+0x28/0x48)
[<c0b0c550>] (shuffle_store) from [<c003e6a0>] (parse_args+0x1f4/0x350)
[<c003e6a0>] (parse_args) from [<c0ac3c00>] (start_kernel+0x1c0/0x488)
Move the fallback call to jump_label_init() to occur before
parse_args().
The redundant calls to jump_label_init() in other archs are left intact
in case they have static key toggling use cases that are even earlier
than option parsing.
Link: http://lkml.kernel.org/r/155544804466.1032396.13418949511615676665.stgit@dwillia2-desk3.amr.corp.intel.com
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Reported-by: Guenter Roeck <groeck@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Mike Rapoport <rppt@linux.ibm.com>
Cc: Russell King <rmk@armlinux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
init/main.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/init/main.c b/init/main.c
index 49926d95442f..e88c8cdef6a7 100644
--- a/init/main.c
+++ b/init/main.c
@@ -538,6 +538,8 @@ asmlinkage __visible void __init start_kernel(void)
page_alloc_init();
pr_notice("Kernel command line: %s\n", boot_command_line);
+ /* parameters may set static keys */
+ jump_label_init();
parse_early_param();
after_dashes = parse_args("Booting kernel",
static_command_line, __start___param,
@@ -547,8 +549,6 @@ asmlinkage __visible void __init start_kernel(void)
parse_args("Setting init args", after_dashes, NULL, 0, -1, -1,
NULL, set_init_arg);
- jump_label_init();
-
/*
* These use large bootmem allocations and must precede
* kmem_cache_init()
--
2.20.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH AUTOSEL 4.4 11/14] ipvs: do not schedule icmp errors from tunnels
2019-05-07 5:42 [PATCH AUTOSEL 4.4 01/14] iio: adc: xilinx: fix potential use-after-free on remove Sasha Levin
` (8 preceding siblings ...)
2019-05-07 5:42 ` [PATCH AUTOSEL 4.4 10/14] init: initialize jump labels before command line option parsing Sasha Levin
@ 2019-05-07 5:42 ` Sasha Levin
2019-05-07 5:42 ` [PATCH AUTOSEL 4.4 12/14] s390: ctcm: fix ctcm_new_device error return code Sasha Levin
` (2 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: Sasha Levin @ 2019-05-07 5:42 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Julian Anastasov, Simon Horman, Pablo Neira Ayuso, Sasha Levin,
netdev, lvs-devel, netfilter-devel, coreteam
From: Julian Anastasov <ja@ssi.bg>
[ Upstream commit 0261ea1bd1eb0da5c0792a9119b8655cf33c80a3 ]
We can receive ICMP errors from client or from
tunneling real server. While the former can be
scheduled to real server, the latter should
not be scheduled, they are decapsulated only when
existing connection is found.
Fixes: 6044eeffafbe ("ipvs: attempt to schedule icmp packets")
Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netfilter/ipvs/ip_vs_core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index ac212542a217..c4509a10ce52 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -1484,7 +1484,7 @@ ip_vs_in_icmp(struct netns_ipvs *ipvs, struct sk_buff *skb, int *related,
if (!cp) {
int v;
- if (!sysctl_schedule_icmp(ipvs))
+ if (ipip || !sysctl_schedule_icmp(ipvs))
return NF_ACCEPT;
if (!ip_vs_try_to_schedule(ipvs, AF_INET, skb, pd, &v, &cp, &ciph))
--
2.20.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH AUTOSEL 4.4 12/14] s390: ctcm: fix ctcm_new_device error return code
2019-05-07 5:42 [PATCH AUTOSEL 4.4 01/14] iio: adc: xilinx: fix potential use-after-free on remove Sasha Levin
` (9 preceding siblings ...)
2019-05-07 5:42 ` [PATCH AUTOSEL 4.4 11/14] ipvs: do not schedule icmp errors from tunnels Sasha Levin
@ 2019-05-07 5:42 ` Sasha Levin
2019-05-07 5:42 ` [PATCH AUTOSEL 4.4 13/14] selftests/net: correct the return value for run_netsocktests Sasha Levin
2019-05-07 5:42 ` [PATCH AUTOSEL 4.4 14/14] gpu: ipu-v3: dp: fix CSC handling Sasha Levin
12 siblings, 0 replies; 14+ messages in thread
From: Sasha Levin @ 2019-05-07 5:42 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Arnd Bergmann, Nathan Chancellor, Julian Wiedmann,
David S . Miller, Sasha Levin, linux-s390
From: Arnd Bergmann <arnd@arndb.de>
[ Upstream commit 27b141fc234a3670d21bd742c35d7205d03cbb3a ]
clang points out that the return code from this function is
undefined for one of the error paths:
../drivers/s390/net/ctcm_main.c:1595:7: warning: variable 'result' is used uninitialized whenever 'if' condition is true
[-Wsometimes-uninitialized]
if (priv->channel[direction] == NULL) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../drivers/s390/net/ctcm_main.c:1638:9: note: uninitialized use occurs here
return result;
^~~~~~
../drivers/s390/net/ctcm_main.c:1595:3: note: remove the 'if' if its condition is always false
if (priv->channel[direction] == NULL) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../drivers/s390/net/ctcm_main.c:1539:12: note: initialize the variable 'result' to silence this warning
int result;
^
Make it return -ENODEV here, as in the related failure cases.
gcc has a known bug in underreporting some of these warnings
when it has already eliminated the assignment of the return code
based on some earlier optimization step.
Reviewed-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/s390/net/ctcm_main.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/s390/net/ctcm_main.c b/drivers/s390/net/ctcm_main.c
index 05c37d6d4afe..a31821d94677 100644
--- a/drivers/s390/net/ctcm_main.c
+++ b/drivers/s390/net/ctcm_main.c
@@ -1595,6 +1595,7 @@ static int ctcm_new_device(struct ccwgroup_device *cgdev)
if (priv->channel[direction] == NULL) {
if (direction == CTCM_WRITE)
channel_free(priv->channel[CTCM_READ]);
+ result = -ENODEV;
goto out_dev;
}
priv->channel[direction]->netdev = dev;
--
2.20.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH AUTOSEL 4.4 13/14] selftests/net: correct the return value for run_netsocktests
2019-05-07 5:42 [PATCH AUTOSEL 4.4 01/14] iio: adc: xilinx: fix potential use-after-free on remove Sasha Levin
` (10 preceding siblings ...)
2019-05-07 5:42 ` [PATCH AUTOSEL 4.4 12/14] s390: ctcm: fix ctcm_new_device error return code Sasha Levin
@ 2019-05-07 5:42 ` Sasha Levin
2019-05-07 5:42 ` [PATCH AUTOSEL 4.4 14/14] gpu: ipu-v3: dp: fix CSC handling Sasha Levin
12 siblings, 0 replies; 14+ messages in thread
From: Sasha Levin @ 2019-05-07 5:42 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Po-Hsu Lin, David S . Miller, Sasha Levin, netdev,
linux-kselftest
From: Po-Hsu Lin <po-hsu.lin@canonical.com>
[ Upstream commit 30c04d796b693e22405c38e9b78e9a364e4c77e6 ]
The run_netsocktests will be marked as passed regardless the actual test
result from the ./socket:
selftests: net: run_netsocktests
========================================
--------------------
running socket test
--------------------
[FAIL]
ok 1..6 selftests: net: run_netsocktests [PASS]
This is because the test script itself has been successfully executed.
Fix this by exit 1 when the test failed.
Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/net/run_netsocktests | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/net/run_netsocktests b/tools/testing/selftests/net/run_netsocktests
index 16058bbea7a8..c195b4478662 100755
--- a/tools/testing/selftests/net/run_netsocktests
+++ b/tools/testing/selftests/net/run_netsocktests
@@ -6,7 +6,7 @@ echo "--------------------"
./socket
if [ $? -ne 0 ]; then
echo "[FAIL]"
+ exit 1
else
echo "[PASS]"
fi
-
--
2.20.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH AUTOSEL 4.4 14/14] gpu: ipu-v3: dp: fix CSC handling
2019-05-07 5:42 [PATCH AUTOSEL 4.4 01/14] iio: adc: xilinx: fix potential use-after-free on remove Sasha Levin
` (11 preceding siblings ...)
2019-05-07 5:42 ` [PATCH AUTOSEL 4.4 13/14] selftests/net: correct the return value for run_netsocktests Sasha Levin
@ 2019-05-07 5:42 ` Sasha Levin
12 siblings, 0 replies; 14+ messages in thread
From: Sasha Levin @ 2019-05-07 5:42 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Lucas Stach, Jonathan Marek, Philipp Zabel, Sasha Levin,
dri-devel
From: Lucas Stach <l.stach@pengutronix.de>
[ Upstream commit d4fad0a426c6e26f48c9a7cdd21a7fe9c198d645 ]
Initialize the flow input colorspaces to unknown and reset to that value
when the channel gets disabled. This avoids the state getting mixed up
with a previous mode.
Also keep the CSC settings for the background flow intact when disabling
the foreground flow.
Root-caused-by: Jonathan Marek <jonathan@marek.ca>
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
Signed-off-by: Philipp Zabel <p.zabel@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/ipu-v3/ipu-dp.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/ipu-v3/ipu-dp.c b/drivers/gpu/ipu-v3/ipu-dp.c
index 98686edbcdbb..33de3a1bac49 100644
--- a/drivers/gpu/ipu-v3/ipu-dp.c
+++ b/drivers/gpu/ipu-v3/ipu-dp.c
@@ -195,7 +195,8 @@ int ipu_dp_setup_channel(struct ipu_dp *dp,
ipu_dp_csc_init(flow, flow->foreground.in_cs, flow->out_cs,
DP_COM_CONF_CSC_DEF_BOTH);
} else {
- if (flow->foreground.in_cs == flow->out_cs)
+ if (flow->foreground.in_cs == IPUV3_COLORSPACE_UNKNOWN ||
+ flow->foreground.in_cs == flow->out_cs)
/*
* foreground identical to output, apply color
* conversion on background
@@ -261,6 +262,8 @@ void ipu_dp_disable_channel(struct ipu_dp *dp)
struct ipu_dp_priv *priv = flow->priv;
u32 reg, csc;
+ dp->in_cs = IPUV3_COLORSPACE_UNKNOWN;
+
if (!dp->foreground)
return;
@@ -268,8 +271,9 @@ void ipu_dp_disable_channel(struct ipu_dp *dp)
reg = readl(flow->base + DP_COM_CONF);
csc = reg & DP_COM_CONF_CSC_DEF_MASK;
- if (csc == DP_COM_CONF_CSC_DEF_FG)
- reg &= ~DP_COM_CONF_CSC_DEF_MASK;
+ reg &= ~DP_COM_CONF_CSC_DEF_MASK;
+ if (csc == DP_COM_CONF_CSC_DEF_BOTH || csc == DP_COM_CONF_CSC_DEF_BG)
+ reg |= DP_COM_CONF_CSC_DEF_BG;
reg &= ~DP_COM_CONF_FG_EN;
writel(reg, flow->base + DP_COM_CONF);
@@ -350,6 +354,8 @@ int ipu_dp_init(struct ipu_soc *ipu, struct device *dev, unsigned long base)
mutex_init(&priv->mutex);
for (i = 0; i < IPUV3_NUM_FLOWS; i++) {
+ priv->flow[i].background.in_cs = IPUV3_COLORSPACE_UNKNOWN;
+ priv->flow[i].foreground.in_cs = IPUV3_COLORSPACE_UNKNOWN;
priv->flow[i].foreground.foreground = true;
priv->flow[i].base = priv->base + ipu_dp_flow_base[i];
priv->flow[i].priv = priv;
--
2.20.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
end of thread, other threads:[~2019-05-07 5:45 UTC | newest]
Thread overview: 14+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-05-07 5:42 [PATCH AUTOSEL 4.4 01/14] iio: adc: xilinx: fix potential use-after-free on remove Sasha Levin
2019-05-07 5:42 ` [PATCH AUTOSEL 4.4 02/14] HID: input: add mapping for Expose/Overview key Sasha Levin
2019-05-07 5:42 ` [PATCH AUTOSEL 4.4 03/14] HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys Sasha Levin
2019-05-07 5:42 ` [PATCH AUTOSEL 4.4 04/14] libnvdimm/btt: Fix a kmemdup failure check Sasha Levin
2019-05-07 5:42 ` [PATCH AUTOSEL 4.4 05/14] s390/dasd: Fix capacity calculation for large volumes Sasha Levin
2019-05-07 5:42 ` [PATCH AUTOSEL 4.4 06/14] Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ Sasha Levin
2019-05-07 5:42 ` [PATCH AUTOSEL 4.4 07/14] s390/3270: fix lockdep false positive on view->lock Sasha Levin
2019-05-07 5:42 ` [PATCH AUTOSEL 4.4 08/14] KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in tracing Sasha Levin
2019-05-07 5:42 ` [PATCH AUTOSEL 4.4 09/14] tools lib traceevent: Fix missing equality check for strcmp Sasha Levin
2019-05-07 5:42 ` [PATCH AUTOSEL 4.4 10/14] init: initialize jump labels before command line option parsing Sasha Levin
2019-05-07 5:42 ` [PATCH AUTOSEL 4.4 11/14] ipvs: do not schedule icmp errors from tunnels Sasha Levin
2019-05-07 5:42 ` [PATCH AUTOSEL 4.4 12/14] s390: ctcm: fix ctcm_new_device error return code Sasha Levin
2019-05-07 5:42 ` [PATCH AUTOSEL 4.4 13/14] selftests/net: correct the return value for run_netsocktests Sasha Levin
2019-05-07 5:42 ` [PATCH AUTOSEL 4.4 14/14] gpu: ipu-v3: dp: fix CSC handling Sasha Levin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).