- 27 Jun, 2017 1 commit
-
-
Thadeu Lima de Souza Cascardo authored
Ignore: yes Signed-off-by:Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
-
- 26 Jun, 2017 5 commits
-
-
Thadeu Lima de Souza Cascardo authored
Signed-off-by: -
Helge Deller authored
Fix expand_upwards() on architectures with an upward-growing stack (parisc, metag and partly IA-64) to allow the stack to reliably grow exactly up to the address space limit given by TASK_SIZE. Signed-off-by:
Helge Deller <deller@gmx.de> Acked-by:
Hugh Dickins <hughd@google.com> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org> CVE-2017-1000364 (cherry-picked from commit bd726c90) Signed-off-by:
Stefan Bader <stefan.bader@canonical.com>
-
Hugh Dickins authored
commit f4cb767d upstream. Trinity gets kernel BUG at mm/mmap.c:1963! in about 3 minutes of mmap testing. That's the VM_BUG_ON(gap_end < gap_start) at the end of unmapped_area_topdown(). Linus points out how MAP_FIXED (which does not have to respect our stack guard gap intentions) could result in gap_end below gap_start there. Fix that, and the similar case in its alternative, unmapped_area(). Fixes: 1be7107f ("mm: larger stack guard gap, between vmas") Reported-by:
Dave Jones <davej@codemonkey.org.uk> Debugged-by:
Michal Hocko <mhocko@suse.com> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org> CVE-2017-1000364 (cherry-picked from linux-4.4.y queue) Signed-off-by:
-
Hugh Dickins authored
commit 1be7107f upstream. Stack guard page is a useful feature to reduce a risk of stack smashing into a different mapping. We have been using a single page gap which is sufficient to prevent having stack adjacent to a different mapping. But this seems to be insufficient in the light of the stack usage in userspace. E.g. glibc uses as large as 64kB alloca() in many commonly used functions. Others use constructs liks gid_t buffer[NGROUPS_MAX] which is 256kB or stack strings with MAX_ARG_STRLEN. This will become especially dangerous for suid binaries and the default no limit for the stack size limit because those applications can be tricked to consume a large portion of the stack and a single glibc call could jump over the guard page. These attacks are not theoretical, unfortunatelly. Make those attacks less probable by increasing the stack guard gap to 1MB (on systems with 4k pages; but make it depend on the page size because systems with larger base pages might cap stack allocations in the PAGE_SIZE units) which should cover larger alloca() and VLA stack allocations. It is obviously not a full fix because the problem is somehow inherent, but it should reduce attack space a lot. One could argue that the gap size should be configurable from userspace, but that can be done later when somebody finds that the new 1MB is wrong for some special case applications. For now, add a kernel command line option (stack_guard_gap) to specify the stack gap size (in page units). Implementation wise, first delete all the old code for stack guard page: because although we could get away with accounting one extra page in a stack vma, accounting a larger gap can break userspace - case in point, a program run with "ulimit -S -v 20000" failed when the 1MB gap was counted for RLIMIT_AS; similar problems could come with RLIMIT_MLOCK and strict non-overcommit mode. Instead of keeping gap inside the stack vma, maintain the stack guard gap as a gap between vmas: using vm_start_gap() in place of vm_start (or vm_end_gap() in place of vm_end if VM_GROWSUP) in just those few places which need to respect the gap - mainly arch_get_unmapped_area(), and and the vma tree's subtree_gap support for that. Original-patch-by:
Oleg Nesterov <oleg@redhat.com> Original-patch-by:
Willy Tarreau <w@1wt.eu> [gkh: minor build fixes for 4.4] Signed-off-by:
-
Andrea Arcangeli authored
mm->highest_vm_end doesn't need any update. After finally removing the oddness from vma_merge case 8 that was causing: 1) constant risk of trouble whenever anybody would check vma fields from rmap_walks, like it happened when page migration was introduced and it read the vma->vm_page_prot from a rmap_walk 2) the callers of vma_merge to re-initialize any value different from the current vma, instead of vma_merge() more reliably returning a vma that already matches all fields passed as parameter .. it is also worth to take the opportunity of cleaning up superfluous code in vma_adjust(), that if not removed adds up to the hard readability of the function. Link: http://lkml.kernel.org/r/1474492522-2261-5-git-send-email-aarcange@redhat.comSigned-off-by:
Andrea Arcangeli <aarcange@redhat.com> Cc: Rik van Riel <riel@redhat.com> Cc: Hugh Dickins <hughd@google.com> Cc: Mel Gorman <mgorman@techsingularity.net> Cc: Jan Vorlicek <janvorli@microsoft.com> Signed-off-by:
Andrew Morton <akpm@linux-foundation.org> Signed-off-by:
-
- 23 Jun, 2017 3 commits
-
-
Stefan Bader authored
This reverts commit b9f2a4fb to be replaced by the upstream patch set. CVE-2017-1000364 Signed-off-by:
-
Stefan Bader authored
This reverts commit cc9020f7 to be replaced by the upstream patch set. CVE-2017-1000364 Signed-off-by:
-
Stefan Bader authored
This reverts commit df5d7a91 to be replaced by the upstream patch set. CVE-2017-1000364 Signed-off-by:
-
- 21 Jun, 2017 1 commit
-
-
Stefan Bader authored
Ignore: yes Signed-off-by:
-
- 20 Jun, 2017 30 commits
-
-
Kleber Sacilotto de Souza authored
Signed-off-by:Kleber Sacilotto de Souza <kleber.souza@canonical.com>
-
Stefan Bader authored
This was a change which happened rather late in the process. It might have some performance benefit as it avoids trying to expand the stack every time it is touched and instead checks on whether the guard area has been reached. CVE-2017-1000364 Signed-off-by:
-
Andy Whitcroft authored
During the development of the linux-*-tools-common Privides/Conflicts/Replaces configuration we switched from versioned to unversioned Conflicts/Replaces and droped Breaks as redundant. This somehow failed to be appplied to the linux-*-cloud-tools-common update. Though currently equivalent these should be made consistent. BugLink: http://bugs.launchpad.net/bugs/1688579Signed-off-by:
Andy Whitcroft <apw@canonical.com> Acked-by:
-
Eric Dumazet authored
Andrey Konovalov and idaifish@gmail.com reported crashes caused by one skb shared_info being overwritten from __ip6_append_data() Andrey program lead to following state : copy -4200 datalen 2000 fraglen 2040 maxfraglen 2040 alloclen 2048 transhdrlen 0 offset 0 fraggap 6200 The skb_copy_and_csum_bits(skb_prev, maxfraglen, data + transhdrlen, fraggap, 0); is overwriting skb->head and skb_shared_info Since we apparently detect this rare condition too late, move the code earlier to even avoid allocating skb and risking crashes. Once again, many thanks to Andrey and syzkaller team. Signed-off-by:
Eric Dumazet <edumazet@google.com> Reported-by:
Andrey Konovalov <andreyknvl@google.com> Tested-by:
David S. Miller <davem@davemloft.net> CVE-2017-9242 (cherry-picked from 232cd35d) Signed-off-by:
Colin King <colin.king@canonical.com> Acked-by:
Andy Whitcroft <andy.whitcroft@canonical.com> Signed-off-by:
-
Eric Dumazet authored
SCTP needs fixes similar to 83eaddab ("ipv6/dccp: do not inherit ipv6_mc_list from parent"), otherwise bad things can happen. Signed-off-by:
-
Craig Gallek authored
The KASAN warning repoted below was discovered with a syzkaller program. The reproducer is basically: int s = socket(AF_INET6, SOCK_RAW, NEXTHDR_HOP); send(s, &one_byte_of_data, 1, MSG_MORE); send(s, &more_than_mtu_bytes_data, 2000, 0); The socket() call sets the nexthdr field of the v6 header to NEXTHDR_HOP, the first send call primes the payload with a non zero byte of data, and the second send call triggers the fragmentation path. The fragmentation code tries to parse the header options in order to figure out where to insert the fragment option. Since nexthdr points to an invalid option, the calculation of the size of the network header can made to be much larger than the linear section of the skb and data is read outside of it. This fix makes ip6_find_1stfrag return an error if it detects running out-of-bounds. [ 42.361487] ================================================================== [ 42.364412] BUG: KASAN: slab-out-of-bounds in ip6_fragment+0x11c8/0x3730 [ 42.365471] Read of size 840 at addr ffff88000969e798 by task ip6_fragment-oo/3789 [ 42.366469] [ 42.366696] CPU: 1 PID: 3789 Comm: ip6_fragment-oo Not tainted 4.11.0+ #41 [ 42.367628] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.1-1ubuntu1 04/01/2014 [ 42.368824] Call Trace: [ 42.369183] dump_stack+0xb3/0x10b [ 42.369664] print_address_description+0x73/0x290 [ 42.370325] kasan_report+0x252/0x370 [ 42.370839] ? ip6_fragment+0x11c8/0x3730 [ 42.371396] check_memory_region+0x13c/0x1a0 [ 42.371978] memcpy+0x23/0x50 [ 42.372395] ip6_fragment+0x11c8/0x3730 [ 42.372920] ? nf_ct_expect_unregister_notifier+0x110/0x110 [ 42.373681] ? ip6_copy_metadata+0x7f0/0x7f0 [ 42.374263] ? ip6_forward+0x2e30/0x2e30 [ 42.374803] ip6_finish_output+0x584/0x990 [ 42.375350] ip6_output+0x1b7/0x690 [ 42.375836] ? ip6_finish_output+0x990/0x990 [ 42.376411] ? ip6_fragment+0x3730/0x3730 [ 42.376968] ip6_local_out+0x95/0x160 [ 42.377471] ip6_send_skb+0xa1/0x330 [ 42.377969] ip6_push_pending_frames+0xb3/0xe0 [ 42.378589] rawv6_sendmsg+0x2051/0x2db0 [ 42.379129] ? rawv6_bind+0x8b0/0x8b0 [ 42.379633] ? _copy_from_user+0x84/0xe0 [ 42.380193] ? debug_check_no_locks_freed+0x290/0x290 [ 42.380878] ? ___sys_sendmsg+0x162/0x930 [ 42.381427] ? rcu_read_lock_sched_held+0xa3/0x120 [ 42.382074] ? sock_has_perm+0x1f6/0x290 [ 42.382614] ? ___sys_sendmsg+0x167/0x930 [ 42.383173] ? lock_downgrade+0x660/0x660 [ 42.383727] inet_sendmsg+0x123/0x500 [ 42.384226] ? inet_sendmsg+0x123/0x500 [ 42.384748] ? inet_recvmsg+0x540/0x540 [ 42.385263] sock_sendmsg+0xca/0x110 [ 42.385758] SYSC_sendto+0x217/0x380 [ 42.386249] ? SYSC_connect+0x310/0x310 [ 42.386783] ? __might_fault+0x110/0x1d0 [ 42.387324] ? lock_downgrade+0x660/0x660 [ 42.387880] ? __fget_light+0xa1/0x1f0 [ 42.388403] ? __fdget+0x18/0x20 [ 42.388851] ? sock_common_setsockopt+0x95/0xd0 [ 42.389472] ? SyS_setsockopt+0x17f/0x260 [ 42.390021] ? entry_SYSCALL_64_fastpath+0x5/0xbe [ 42.390650] SyS_sendto+0x40/0x50 [ 42.391103] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 42.391731] RIP: 0033:0x7fbbb711e383 [ 42.392217] RSP: 002b:00007ffff4d34f28 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 42.393235] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fbbb711e383 [ 42.394195] RDX: 0000000000001000 RSI: 00007ffff4d34f60 RDI: 0000000000000003 [ 42.395145] RBP: 0000000000000046 R08: 00007ffff4d34f40 R09: 0000000000000018 [ 42.396056] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000400aad [ 42.396598] R13: 0000000000000066 R14: 00007ffff4d34ee0 R15: 00007fbbb717af00 [ 42.397257] [ 42.397411] Allocated by task 3789: [ 42.397702] save_stack_trace+0x16/0x20 [ 42.398005] save_stack+0x46/0xd0 [ 42.398267] kasan_kmalloc+0xad/0xe0 [ 42.398548] kasan_slab_alloc+0x12/0x20 [ 42.398848] __kmalloc_node_track_caller+0xcb/0x380 [ 42.399224] __kmalloc_reserve.isra.32+0x41/0xe0 [ 42.399654] __alloc_skb+0xf8/0x580 [ 42.400003] sock_wmalloc+0xab/0xf0 [ 42.400346] __ip6_append_data.isra.41+0x2472/0x33d0 [ 42.400813] ip6_append_data+0x1a8/0x2f0 [ 42.401122] rawv6_sendmsg+0x11ee/0x2db0 [ 42.401505] inet_sendmsg+0x123/0x500 [ 42.401860] sock_sendmsg+0xca/0x110 [ 42.402209] ___sys_sendmsg+0x7cb/0x930 [ 42.402582] __sys_sendmsg+0xd9/0x190 [ 42.402941] SyS_sendmsg+0x2d/0x50 [ 42.403273] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 42.403718] [ 42.403871] Freed by task 1794: [ 42.404146] save_stack_trace+0x16/0x20 [ 42.404515] save_stack+0x46/0xd0 [ 42.404827] kasan_slab_free+0x72/0xc0 [ 42.405167] kfree+0xe8/0x2b0 [ 42.405462] skb_free_head+0x74/0xb0 [ 42.405806] skb_release_data+0x30e/0x3a0 [ 42.406198] skb_release_all+0x4a/0x60 [ 42.406563] consume_skb+0x113/0x2e0 [ 42.406910] skb_free_datagram+0x1a/0xe0 [ 42.407288] netlink_recvmsg+0x60d/0xe40 [ 42.407667] sock_recvmsg+0xd7/0x110 [ 42.408022] ___sys_recvmsg+0x25c/0x580 [ 42.408395] __sys_recvmsg+0xd6/0x190 [ 42.408753] SyS_recvmsg+0x2d/0x50 [ 42.409086] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 42.409513] [ 42.409665] The buggy address belongs to the object at ffff88000969e780 [ 42.409665] which belongs to the cache kmalloc-512 of size 512 [ 42.410846] The buggy address is located 24 bytes inside of [ 42.410846] 512-byte region [ffff88000969e780, ffff88000969e980) [ 42.411941] The buggy address belongs to the page: [ 42.412405] page:ffffea000025a780 count:1 mapcount:0 mapping: (null) index:0x0 compound_mapcount: 0 [ 42.413298] flags: 0x100000000008100(slab|head) [ 42.413729] raw: 0100000000008100 0000000000000000 0000000000000000 00000001800c000c [ 42.414387] raw: ffffea00002a9500 0000000900000007 ffff88000c401280 0000000000000000 [ 42.415074] page dumped because: kasan: bad access detected [ 42.415604] [ 42.415757] Memory state around the buggy address: [ 42.416222] ffff88000969e880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 42.416904] ffff88000969e900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 42.417591] >ffff88000969e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.418273] ^ [ 42.418588] ffff88000969ea00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.419273] ffff88000969ea80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.419882] ================================================================== Reported-by:
Craig Gallek <kraig@google.com> Signed-off-by:
-
WANG Cong authored
Like commit 657831ff ("dccp/tcp: do not inherit mc_list from parent") we should clear ipv6_mc_list etc. for IPv6 sockets too. Cc: Eric Dumazet <edumazet@google.com> Signed-off-by:
Cong Wang <xiyou.wangcong@gmail.com> Acked-by:
-
Eric Dumazet authored
syzkaller found a way to trigger double frees from ip_mc_drop_socket() It turns out that leave a copy of parent mc_list at accept() time, which is very bad. Very similar to commit 8b485ce6 ("tcp: do not inherit fastopen_req from parent") Initial report from Pray3r, completed by Andrey one. Thanks a lot to them ! Signed-off-by:
Pray3r <pray3r.z@gmail.com> Reported-by:
-
Seth Forshee authored
BugLink: http://bugs.launchpad.net/bugs/1690908 The current module signing exclusion implementation suffers from two problems. First, it looks for the signed-inclusion file relative to the path where make is executed and thus doesn't work if the source and build directories are different. Second, the signed-inclusion file lists only the module name, but the strings searched for in the file include the path (and the path to the module install location at that). Fix these problems by updating scripts/Makefile.modinst to look for signed-inclusion relative to the path of the source tree and to use only the module name when matching against the contents of that file. Signed-off-by:
Seth Forshee <seth.forshee@canonical.com> Acked-by:
-
Thadeu Lima de Souza Cascardo authored
BugLink: http://bugs.launchpad.net/bugs/1693504 gen-auto-reconstruct script adds extend-diff-ignore options to debian/source/options for symlinks not found in the orig tarball. These options, however, are regular expressions, and match any part of a file path. This may cause some files to be excluded from source when they are not an exact match, but are a partial match to those symlinks. Using beggining and end of string metacharacters fix the issue. This problem was found in one of the derivatives, which contained a symlink, whose name was a prefix for a directory in the same path, leading that entire directory to be excluded from source. Signed-off-by:
-
AceLan Kao authored
BugLink: http://bugs.launchpad.net/bugs/1692836 The fix is suggested by Qualcomm, and it helps to fix the network speed issue. Ath10k driver changed a lot after 4.4 kernel, so this fix can't applied on other kernels than 4.4. We need to figure out other way for kernels after Xenial. Without the patch, the 5GHz network speed is pretty low 11n 0.0-120.1 sec 271 MBytes 18.9 Mbits/sec 11AC 0.0-120.2 sec 141 MBytes 9.86 Mbits/sec After applied the patch 11n 0.0-120.0 sec 2.04 GBytes 146 Mbits/sec 11AC 0.0-120.0 sec 1.17 GBytes 83.6 Mbits/sec Signed-off-by:
AceLan Kao <acelan.kao@canonical.com> Acked-by:
-
Shrirang Bagul authored
BugLink: https://bugs.launchpad.net/bugs/1694607 Vendor release ver: 1.2.RC12 Changelog: 1.2.RC12 - WLAN Bug Fixes: --------------- 1) WoWLAN stress test cases issue resolved (when all wifi, bt, ble traffics run and suspend) WLAN Limitations/Features NOT Supported: ---------------------------------------- 1) S5 with WoWLAN does not work. 2) For GTK rekey, wakeup trigger send to host. 3) Low throughput observed for TCP downlink traffic in Coex mode BT Limitations/Features NOT Supported: ---------------------------------------- 1) To connect multiple BT slaves, connection should be initiated from rsi module. 2) In coex mode, BT file transfer fails at times with certain mobiles. 1.2.RC11 - WLAN New Features: ------------------ 1) Module parameter for debug level(ven_rsi_zone_enabled) is added. 2) Regulatory changes for Caracalla added WLAN Bug Fixes: --------------- 1) Legacy power save issue is fixed. WLAN Limitations/Features NOT Supported: ---------------------------------------- 1) S5 with WoWLAN does not work. 2) For GTK rekey, wakeup trigger send to host. 3) Low throughput observed for TCP downlink traffic in Coex mode BT Limitations/Features NOT Supported: ---------------------------------------- 1) To connect multiple BT slaves, connection should be initiated from rsi module. 2) In coex mode, BT file transfer fails at times with certain mobiles. 1.2.RC10 - WLAN Bug Fixes: --------------- 1) 1 minute time delay in sdio resume issue is resolved (Reduced to 10s). 2) Fail in multiple iterations of hibernate issue is resolved. WLAN Limitations/Features NOT Supported: ---------------------------------------- 1) S5 with WoWLAN does not work. 2) For GTK rekey, wakeup trigger send to host. BT New Features: ---------------- 1) BT classic + BT LE mode is supported BT Limitations/Features NOT Supported: ---------------------------------------- 1) To connect multiple BT slaves, connection should be initiated from rsi module. 2) In coex mode, BT file transfer fails at times with certain mobiles. 1.2.RC9 - WLAN Bug Fixes: --------------- 1) BT reset added before going to S3/S4/S5 sleep when WoWLAN is enabled. 2) Station connection check before going to S3/S4/S5 sleep removed. WLAN Limitations/Features NOT Supported: ---------------------------------------- 1) S5 with WoWLAN does not work. 2) For GTK rekey, wakeup trigger send to host. BT Limitations/Features NOT Supported: ---------------------------------------- 1) To connect multiple BT slaves, connection should be initiated from rsi module. 2) In coex mode, BT file transfer fails at times with certain mobiles. 1.2.RC8 - WLAN Bug Fixes: --------------- 1) Added power leak fixes for S4. 2) S5 WoLAN issue resolved. 3) Wakeup short pulse issue resolved. WLAN Limitations/Features NOT Supported: ---------------------------------------- 1) S5 with WoWLAN does not work. 2) For GTK rekey, wakeup trigger send to host. BT Limitations/Features NOT Supported: ---------------------------------------- 1) To connect multiple BT slaves, connection should be initiated from rsi module. 2) In coex mode, BT file transfer fails at times with certain mobiles. 1.2.RC7 - WLAN Bug Fixes: --------------- 1) Configured host wakeup pin as active low from driver. WLAN Limitations/Features NOT Supported: ---------------------------------------- 1) S5 with WoWLAN does not work. 2) For GTK rekey, wakeup trigger send to host. BT Limitations/Features NOT Supported: ---------------------------------------- 1) To connect multiple BT slaves, connection should be initiated from rsi module. 2) In coex mode, BT file transfer fails at times with certain mobiles. 1.2.RC6 - WLAN Bug Fixes: --------------- 1) AP data throughput issue resolved. 2) Scan results issue resolved. WLAN Limitations/Features NOT Supported: ---------------------------------------- 1) S5 with WoWLAN does not work. 2) For GTK rekey, wakeup trigger send to host. BT Limitations/Features NOT Supported: ---------------------------------------- 1) To connect multiple BT slaves, connection should be initiated from rsi module. 2) In coex mode, BT file transfer fails at times with certain mobiles. 1.2.RC4 - WLAN Bug Fixes: --------------- 1) Buffer status interrupt handling improved. 2) Scan results update in sta+bt dual mode issue resolved WLAN Limitations/Features NOT Supported: ---------------------------------------- 1) S5 with WoWLAN does not work. 2) For GTK rekey, wakeup trigger send to host. BT Limitations/Features NOT Supported: ---------------------------------------- 1) To connect multiple BT slaves, connection should be initiated from rsi module. 2) In coex mode, BT file transfer fails at times with certain mobiles. 1.2.RC3 - WLAN Bug Fixes: --------------- 1) WoWLAN multiple cycles issue resolved. 2) Driver Version is correctly updated. 3) Default operating mode for Caracalla board is corrected. WLAN Limitations/Features NOT Supported: ---------------------------------------- 1) S5 with WoWLAN does not work. 2) For GTK rekey, wakeup trigger send to host. BT New Features: ---------------- 1) Multiple slaves issue in WLAN-BT coex mode resolved. BT Limitations/Features NOT Supported: -------------------------------------- 1) To connect multiple BT slaves, connection should be initiated from rsi module. 2) In coex mode, BT file transfer fails at times with certain mobiles. 1.2.RC2 - WLAN Bug Fixes: --------------- 1) Suspend/resume issues resolved. WLAN Limitations/Features NOT Supported: ---------------------------------------- 1) S5 with WoWLAN does not work. 2) For GTK rekey, wakeup trigger send to host. 3) EAP not tested BT Limitations/Features NOT Supported: -------------------------------------- 1) To connect multiple BT slaves, connection should be initiated from rsi module. 2) In coex mode, BT file transfer fails at times with certain mobiles. 1.2.RC1 - WLAN New Features: ------------------ 1) Restrict functional modes as per device operating mode 2) Default operating mode for Caracalla board is 13 WLAN Bug Fixes: --------------- 1) Driver oops issue if more than 4 clients try to connect in operating mode 14 resolved. 2) Issue with connecting more than max clients and disconnection issue resolved. 3) L2 test stop when wlan interface down issue resolved. 4) Driver version corrected. WLAN Limitations/Features NOT Supported: ---------------------------------------- 1) S5 with WoWLAN does not work. 2) For GTK rekey, wakeup trigger send to host. 3) EAP not tested 4) For channels 12 and 13 in US region max TX power is coming 0 in beacons. BT Limitations/Features NOT Supported: ---------------------------------------- 1) To connect multiple BT slaves, connection should be initiated from rsi module. 2) In coex mode, BT file transfer fails at times with certain mobiles. 1.1 - Generic ------- 1) Firmware file name is displayed along with version information. at the driver load time. 2) Device operating mode is made available in the below files: /sys/module/rsi_sdio/parameters/dev_oper_mode /sys/module/rsi_usb/parameters/dev_oper_mode 3) Wi-Fi BT radio sharing has been improved. WLAN Limitations/Features NOT Supported: ---------------------------------------- 1) S5 with WoWLAN does not work. 2) For GTK rekey, wakeup trigger send to host. 3) EAP not tested 4) For channels 12 and 13 in US region max TX power is coming 0 in beacons. BT Limitations/Features NOT Supported: -------------------------------------- 1) To connect multiple BT slaves, connection should be initiated from rsi module. 2) In coex mode, BT file transfer fails at times with certain mobiles. 1.0.RC7 - Generic ------- 1) Driver version, Firmware version and operating mode information is displayed at the driver load time. 2) Driver version is made available in the below files: /sys/module/rsi_91x/version /sys/module/rsi_sdio/version /sys/module/rsi_usb/version WLAN Bug Fixes: --------------- 1) Power save latencies resolved WLAN Limitations/Features NOT Supported: ---------------------------------------- 1) S5 with WoWLAN does not work. 2) For GTK rekey, wakeup trigger send to host. 3) EAP not tested BT Limitations/Features NOT Supported: -------------------------------------- 1) To connect multiple BT slaves, connection should be initiated from rsi module. 2) In coex mode, BT file transfer fails at times with certain mobiles. 1.0 - WLAN New Features: ------------------ 1) Station mode 2) All Security modes (WEP/WPA/WPA2) 3) Station Power save (legacy and UAPSD) 4) Bgscan and roaming 5) External antenna selection 6) Neighbour report request in RRM 7) Regulatory (802)11d) support 8) Management frame protection support (802)11w) 9) Software RF-kill 10) AP mode 11) S3, S4 suspend and resume 12) WoWLAN 13) AP Power save 14) Wi-Fi direct WLAN Bug Fixes: --------------- 1) Allowed channels 12 and 13 in FCC region. 2) For the allowed channels 12 and 13 in any region, power configuration updated as per Caracalla regulatory rules. WLAN Limitations/Features NOT Supported: ---------------------------------------- 1) S5 with WoWLAN does not work. 2) For GTK rekey, wakeup trigger send to host. 3) EAP not tested BT New Features: ---------------- 1) BT EDR mode 2) BT LE mode 3) BT coex mode (All the coex modes)) 4) Multi-slave mode supported) BT Limitations/Features NOT Supported: ---------------------------------------- 1) To connect multiple BT slaves, connection should be initiated from rsi module. 2) In coex mode, BT file transfer fails at times with certain mobiles. 1.0_RC3 - Gerenic: -------- 1) Device operating mode is changed as module parameter. Please check README or TRM on how to configure this while loading the modules. 2) Max number of stations supported in Wi-Fi AP alone mode is 32, and AP + BT coex mode is 4. 3) AP + BT-EDR + BLE support added. WLAN Bug Fixes: --------------- 1) Bgscan probe request issue resolved. 2) WoWLAN before association issue resolved. WLAN Limitations/Features NOT Supported: ---------------------------------------- 1) S4 with and without WoWLAN works with the work-around implemented by Canonical. 2) S5 with WoWLAN does not work. 3) For GTK rekey, wakeup trigger send to host. 4) EAP not tested 5) To connect multiple BT slaves, connection should be initiated from rsi module. 6) In coex mode, BT file transfer fails at times with certain mobiles. BT New Features: ---------------- 1) Multi-slave mode supported. BT Bug Fixes: ------------- 1) Radio sharing of coex modes improved. 1.0.RC2 - WLAN Bug Fixes: --------------- 1) PVB preparation issue in AP mode resolved. WLAN Limitations/Features NOT Supported: ---------------------------------------- 1) EAP not supported 2) Issue while Resume in S4 with or without WoWLAN. 3) S5 with WoWLAN does not work. 4) For GTK rekey, wakeup trigger send to host. BT Bug Fixes: ------------- 1) BT dual mode disconnection issue resolved 2) AP BT dual mode issue resolved 1.0_RC1 - WLAN Bug Fixes: --------------- 1) WoWLAN in Co-ex mode issue resolved. 2) AP beacon DTIM count update issue resolved. 3) Firmware assertion (0x5d) in bgscan issue is resolved. WLAN Limitations/Features NOT Supported: ---------------------------------------- 1) EAP not supported 2) Issue while Resume in S4 with or without WoWLAN. 3) S5 with WoWLAN does not work. 4) For GTK rekey, wakeup trigger send to host. 0.9.8.5_RC6 - WLAN Bug Fixes: --------------- 1) Firmware CRC check fail issue resolved 2) Compilation fails on 4.10.1 kernel issue resolved 3) BG scan issues resolved 4) AP mode regulatory fixes 5) WoWLAN issues resolved. WLAN Limitations/Features NOT Supported: ---------------------------------------- 1) EAP not supported 2) Issue while Resume in S4 with or without WoWLAN. 3) S5 with WoWLAN does not work. 4) For GTK rekey, wakeup trigger send to host. 0.9.8.5_RC4 - WLAN Bug Fixes: ------------------- 1) AP mode configuration in channels 12 and 13 for EU region issue resolved. 2) Data latencies in AP mode issue resolved. 3) Roaming issues resolved. 4) AP WEP mode issue resolved. WLAN Limitations/Features NOT Supported: ---------------------------------------- 1) EAP not supported 2) Issue while Resume in S4 with or without WoWLAN. 3) S5 with WoWLAN does not work. 4) For GTK rekey, wakeup trigger send to host. 5) WoWLAN does not work in WEP mode. Others: ------- 1) USB binds only to RS9113, let upstream kernel driver handle other RSI chips 0.9.8.5_RC3 - WLAN Bug Fixes: ------------------- 1) Power save issue in station mode (By default UAPSD is enabled on Caracalla board) fixed. 2) WoWLAN with S3 issue resolved WLAN Limitations/Features NOT Supported: ---------------------------------------- 1) EAP not supported 2) Not verified removing SDIO interrupt polling 3) S4/S5 sleep states not supported (with and without WoWLAN) 0.9.8.5_RC2 - WLAN Bug Fixes: ------------------- 1) Power save issue in station mode (By default UAPSD is enabled on Caracalla board) fixed. 2) Firmware assert 0x71 (while doing bgscan) issue fixed. 3) Keep alive functionality in station mode issue fixed. 4) Data traffic stops when connected to multiple stations issue resolved 5) WoWLAN not working issue is resolved WLAN Limitations/Features NOT Supported: ---------------------------------------- 1) EAP not supported 2) Not verified removing SDIO interrupt polling 3) S4/S5 sleep states not supported (with and without WoWLAN) 4) Wi-Fi direct testing is in progress 0.9.8.5_RC1 - WLAN Bug Fixes: ------------------- 1) Observed unicast probe requests during bgscan issue fixed 2) Firmware assert 0x71 (while doing bgscan) issue fixed. 3) Crash when doing rmmod while data traffic is going on issue resolved. 4) Beacons stopped after 5 minutes of data traffic issue fixed. 5) Keep alive functionality in station mode issue fixed 6) 11n data rates issue in station mode resolved. WLAN Limitations/Features NOT Supported: ---------------------------------------- 1) EAP not supported 2) Not verified removing SDIO interrupt polling 3) S4/S5 sleep states not supported (with.without WoWLAN) 4) power save is not working consistently 5) WoWLAN is not working consistently 0.9.8.3 - WLAN New Features: ----------------------------------------- 1) AP Mode 2) S3, S4 suspend and resume 3) WoWLAN [Testing in progress] WLAN Bug Fixes: ------------------- 1) First EAPOL drop issue is resolved 2) Firmware Assert while roaming issue is resolved (Provide driver bgsan should be enabled along with supplicant bgscan) 3) Roaming takes longer time issue is resolved 4) Added polling support as a work-around for the SDIO interrupt issue on some platforms WLAN Limitations/Features NOT Supported: ---------------------------------------- 1) Wi-Fi Direct mode not supported 2) EAP not supported 3) SDIO interrupts are not being delivered to the 9113 driver 4) In S4 state 9113 device gets reset but device isn't getting re-enumerated. Signed-off-by:
Shrirang Bagul <shrirang.bagul@canonical.com> Acked-by:
-
Libin Yang authored
BugLink: http://bugs.launchpad.net/bugs/1694665 This patch adds support for DP MST audio in i915. Enable audio codec when DP MST is enabled if has_audio flag is set. Disable audio codec when DP MST is disabled if has_audio flag is set. Another separated patches to support DP MST audio will be implemented in audio driver. This patch is ported from commit 3708d5e0 ("drm/i915: start adding dp mst audio") And because commit 3708d5e0 ("drm/i915: start adding dp mst audio") breaks MST multi-monitor setups on some platforms, the orignal patch is reverted by commit be754b10 ("Revert "drm/i915: start adding dp mst audio"") As the multi-monitor setups issue is fixed, let's port the patch and enable the dp mst audio. Signed-off-by:
Libin Yang <libin.yang@intel.com> Cc: Lyude <cpaul@redhat.com> Cc: Jani Nikula <jani.nikula@intel.com> Cc: Rodrigo Vivi <rodrigo.vivi@intel.com> Cc: Dhinakaran Pandiyan <dhinakaran.pandiyan@intel.com> Reviewed-by:
Jani Nikula <jani.nikula@intel.com> Signed-off-by:
Timo Aaltonen <timo.aaltonen@canonical.com> Acked-by:
-
Libin Yang authored
BugLink: http://bugs.launchpad.net/bugs/1694665 In initialization, audio driver will call functions get_eld() and etc. But at that time, audio driver may not know whether it is DP MST or not. In the original function get_saved_enc(), if it is DP MST, it requires to set the pipe to the correct value, otherwise, pipe to be -1. Although audio driver can get the knowledge whether it is in DP MST mode or not by reading the codec register. It will drop performance each time before it calls the get_eld and other similar functions. As gfx driver can easily know whether it is in DP MST mode or not. Let's extend the get_saved_enc() function to handle the situation that audio driver still sends the device id info even it is in DP SST mode and return the correct intel_encoder instead of panic. Signed-off-by:
Libin Yang <libin.yang@linux.intel.com> Reviewed-by:
-
Libin Yang authored
BugLink: http://bugs.launchpad.net/bugs/1694665 Prepare for using the same code for judging ddi being audio enabled. No functional changes. Signed-off-by:
Dhinakaran Pandiyan <dhinakaran.pandiyan@intel.com> Signed-off-by:
Lyude <cpaul@redhat.com> Reviewed-by:
-
Pandiyan, Dhinakaran authored
BugLink: http://bugs.launchpad.net/bugs/1694665 DP MST provides the capability to send multiple video and audio streams through a single port. This requires the API's between i915 and audio drivers to distinguish between multiple audio capable displays that can be connected to a port. Currently only the port identity is shared in the APIs. This patch adds support for MST with an additional parameter 'int pipe'. The existing parameter 'port' does not change it's meaning. pipe = MST : display pipe that the stream originates from Non-MST : -1 Affected APIs: struct i915_audio_component_ops - int (*sync_audio_rate)(struct device *, int port, int rate); + int (*sync_audio_rate)(struct device *, int port, int pipe, + int rate); - int (*get_eld)(struct device *, int port, bool *enabled, - unsigned char *buf, int max_bytes); + int (*get_eld)(struct device *, int port, int pipe, + bool *enabled, unsigned char *buf, int max_bytes); struct i915_audio_component_audio_ops - void (*pin_eld_notify)(void *audio_ptr, int port); + void (*pin_eld_notify)(void *audio_ptr, int port, int pipe); This patch makes dummy changes in the audio drivers (thanks Libin) for build to succeed. The audio side drivers will send the right 'pipe' values for MST in patches that will follow. v2: Renamed the new API parameter from 'dev_id' to 'pipe'. (Jim, Ville) Included Asoc driver API compatibility changes from Jeeja. Added WARN_ON() for invalid pipe in get_saved_encoder(). (Takashi) Added comment for av_enc_map[] definition. (Takashi) v3: Fixed logic error introduced while renaming 'dev_id' as 'pipe' (Ville) Renamed get_saved_encoder() to get_saved_enc() to reduce line length v4: Rebased. Parameter check for pipe < -1 values in get_saved_enc() (Ville) Switched to for_each_pipe() in get_saved_enc() (Ville) Renamed 'pipe' to 'dev_id' in audio side code (Takashi) v5: Included a comment for the dev_id arg. (Libin) Signed-off-by:
Takashi Iwai <tiwai@suse.de> Reviewed-by:
Ville Syrjälä <ville.syrjala@linux.intel.com> Signed-off-by:
Rodrigo Vivi <rodrigo.vivi@intel.com> Link: http://patchwork.freedesktop.org/patch/msgid/1474488168-2343-1-git-send-email-dhinakaran.pandiyan@intel.com (backported from commit f9318941) Signed-off-by:
-
Pandiyan, Dhinakaran authored
BugLink: http://bugs.launchpad.net/bugs/1694665 With DP MST, a digital_port can carry more than one audio stream. Hence, more than one audio_connector needs to be attached to intel_digital_port in such cases. However, each stream is associated with an unique encoder. So, instead of creating an array of audio_connectors per port, move audio_connector from struct intel_digital_port to struct intel_encoder. This also simplifies access to the right audio_connector from codec functions in intel_audio.c that receive intel_encoder. v2: Removed locals that are not needed anymore. v3: No code change except for minor change in context. Signed-off-by:
-
Pandiyan, Dhinakaran authored
BugLink: http://bugs.launchpad.net/bugs/1694665 Now that we have the port enum stored in intel_encoder, use that instead of dereferencing intel_dig_port. Saves us a few locals. struct intel_encoder variables have been renamed to be consistent and convey type information. v2: Fix incorrect 'enum port' member names - s/attached_port/port Signed-off-by:
-
Pandiyan, Dhinakaran authored
BugLink: http://bugs.launchpad.net/bugs/1694665 No functional change, just clean up. Signed-off-by:
Chris Wilson <chris@chris-wilson.co.uk> Signed-off-by:
-
Pandiyan, Dhinakaran authored
BugLink: http://bugs.launchpad.net/bugs/1694665 Storing the port enum in intel_encoder makes it convenient to know the port attached to an encoder. Moving the port information up from intel_digital_port to intel_encoder avoids unecessary intel_digital_port access and handles MST encoders cleanly without requiring conditional checks for them (thanks danvet). v2: Renamed the port enum member from 'attached_port' to 'port' (danvet) Fixed missing initialization of port in intel_sdvo.c (danvet) v3: Fixed missing initialization of port in intel_crt.c (Ville) v4: Storing port for DVO encoders too. Signed-off-by:
Daniel Vetter <daniel.vetter@ffwll.ch> Reviewed-by:
-
Greg Kroah-Hartman authored
BugLink: http://bugs.launchpad.net/bugs/1694621Signed-off-by:
-
Julius Werner authored
BugLink: http://bugs.launchpad.net/bugs/1694621 commit b299cde2 upstream. /dev/mem currently allows mmap() mappings that wrap around the end of the physical address space, which should probably be illegal. It circumvents the existing STRICT_DEVMEM permission check because the loop immediately terminates (as the start address is already higher than the end address). On the x86_64 architecture it will then cause a panic (from the BUG(start >= end) in arch/x86/mm/pat.c:reserve_memtype()). This patch adds an explicit check to make sure offset + size will not wrap around in the physical address type. Signed-off-by:
Julius Werner <jwerner@chromium.org> Signed-off-by:
-
J. Bruce Fields authored
BugLink: http://bugs.launchpad.net/bugs/1694621 commit f961e3f2 upstream. In error cases, lgp->lg_layout_type may be out of bounds; so we shouldn't be using it until after the check of nfserr. This was seen to crash nfsd threads when the server receives a LAYOUTGET request with a large layout type. GETDEVICEINFO has the same problem. Reported-by:
Ari Kauppi <Ari.Kauppi@synopsys.com> Reviewed-by:
Christoph Hellwig <hch@lst.de> Signed-off-by:
J. Bruce Fields <bfields@redhat.com> Signed-off-by:
-
Mario Kleiner authored
BugLink: http://bugs.launchpad.net/bugs/1694621 commit e345da82 upstream. The builtin eDP panel in the HP zBook 17 G2 supports 10 bpc, as advertised by the Laptops product specs and verified via injecting a fixed edid + photometer measurements, but edid reports unknown depth, so drivers fall back to 6 bpc. Add a quirk to get the full 10 bpc. Signed-off-by:
Mario Kleiner <mario.kleiner.de@gmail.com> Acked-by:
Harry Wentland <harry.wentland@amd.com> Signed-off-by:
-
Lukas Wunner authored
BugLink: http://bugs.launchpad.net/bugs/1694621 commit ea00353f upstream. Laurent Pinchart reported that the Renesas R-Car H2 Lager board (r8a7790) crashes during suspend tests. Geert Uytterhoeven managed to reproduce the issue on an M2-W Koelsch board (r8a7791): It occurs when the PME scan runs, once per second. During PME scan, the PCI host bridge (rcar-pci) registers are accessed while its module clock has already been disabled, leading to the crash. One reproducer is to configure s2ram to use "s2idle" instead of "deep" suspend: # echo 0 > /sys/module/printk/parameters/console_suspend # echo s2idle > /sys/power/mem_sleep # echo mem > /sys/power/state Another reproducer is to write either "platform" or "processors" to /sys/power/pm_test. It does not (or is less likely) to happen during full system suspend ("core" or "none") because system suspend also disables timers, and thus the workqueue handling PME scans no longer runs. Geert believes the issue may still happen in the small window between disabling module clocks and disabling timers: # echo 0 > /sys/module/printk/parameters/console_suspend # echo platform > /sys/power/pm_test # Or "processors" # echo mem > /sys/power/state (Make sure CONFIG_PCI_RCAR_GEN2 and CONFIG_USB_OHCI_HCD_PCI are enabled.) Rafael Wysocki agrees that PME scans should be suspended before the host bridge registers become inaccessible. To that end, queue the task on a workqueue that gets frozen before devices suspend. Rafael notes however that as a result, some wakeup events may be missed if they are delivered via PME from a device without working IRQ (which hence must be polled) and occur after the workqueue has been frozen. If that turns out to be an issue in practice, it may be possible to solve it by calling pci_pme_list_scan() once directly from one of the host bridge's pm_ops callbacks. Stacktrace for posterity: PM: Syncing filesystems ... [ 38.566237] done. PM: Preparing system for sleep (mem) Freezing user space processes ... [ 38.579813] (elapsed 0.001 seconds) done. Freezing remaining freezable tasks ... (elapsed 0.001 seconds) done. PM: Suspending system (mem) PM: suspend of devices complete after 152.456 msecs PM: late suspend of devices complete after 2.809 msecs PM: noirq suspend of devices complete after 29.863 msecs suspend debug: Waiting for 5 second(s). Unhandled fault: asynchronous external abort (0x1211) at 0x00000000 pgd = c0003000 [00000000] *pgd=80000040004003, *pmd=00000000 Internal error: : 1211 [#1] SMP ARM Modules linked in: CPU: 1 PID: 20 Comm: kworker/1:1 Not tainted 4.9.0-rc1-koelsch-00011-g68db9bc8 #3383 Hardware name: Generic R8A7791 (Flattened Device Tree) Workqueue: events pci_pme_list_scan task: eb56e140 task.stack: eb58e000 PC is at pci_generic_config_read+0x64/0x6c LR is at rcar_pci_cfg_base+0x64/0x84 pc : [<c041d7b4>] lr : [<c04309a0>] psr: 600d0093 sp : eb58fe98 ip : c041d750 fp : 00000008 r10: c0e2283c r9 : 00000000 r8 : 600d0013 r7 : 00000008 r6 : eb58fed6 r5 : 00000002 r4 : eb58feb4 r3 : 00000000 r2 : 00000044 r1 : 00000008 r0 : 00000000 Flags: nZCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user Control: 30c5387d Table: 6a9f6c80 DAC: 55555555 Process kworker/1:1 (pid: 20, stack limit = 0xeb58e210) Stack: (0xeb58fe98 to 0xeb590000) fe80: 00000002 00000044 fea0: eb6f5800 c041d9b0 eb58feb4 00000008 00000044 00000000 eb78a000 eb78a000 fec0: 00000044 00000000 eb9aff00 c0424bf0 eb78a000 00000000 eb78a000 c0e22830 fee0: ea8a6fc0 c0424c5c eaae79c0 c0424ce0 eb55f380 c0e22838 eb9a9800 c0235fbc ff00: eb55f380 c0e22838 eb55f380 eb9a9800 eb9a9800 eb58e000 eb9a9824 c0e02100 ff20: eb55f398 c02366c4 eb56e140 eb5631c0 00000000 eb55f380 c023641c 00000000 ff40: 00000000 00000000 00000000 c023a928 cd105598 00000000 40506a34 eb55f380 ff60: 00000000 00000000 dead4ead ffffffff ffffffff eb58ff74 eb58ff74 00000000 ff80: 00000000 dead4ead ffffffff ffffffff eb58ff90 eb58ff90 eb58ffac eb5631c0 ffa0: c023a844 00000000 00000000 c0206d68 00000000 00000000 00000000 00000000 ffc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 ffe0: 00000000 00000000 00000000 00000000 00000013 00000000 3a81336c 10ccd1dd [<c041d7b4>] (pci_generic_config_read) from [<c041d9b0>] (pci_bus_read_config_word+0x58/0x80) [<c041d9b0>] (pci_bus_read_config_word) from [<c0424bf0>] (pci_check_pme_status+0x34/0x78) [<c0424bf0>] (pci_check_pme_status) from [<c0424c5c>] (pci_pme_wakeup+0x28/0x54) [<c0424c5c>] (pci_pme_wakeup) from [<c0424ce0>] (pci_pme_list_scan+0x58/0xb4) [<c0424ce0>] (pci_pme_list_scan) from [<c0235fbc>] (process_one_work+0x1bc/0x308) [<c0235fbc>] (process_one_work) from [<c02366c4>] (worker_thread+0x2a8/0x3e0) [<c02366c4>] (worker_thread) from [<c023a928>] (kthread+0xe4/0xfc) [<c023a928>] (kthread) from [<c0206d68>] (ret_from_fork+0x14/0x2c) Code: ea000000 e5903000 f57ff04f e3a00000 (e5843000) ---[ end trace 667d43ba3aa9e589 ]--- Fixes: df17e62e ("PCI: Add support for polling PME state on suspended legacy PCI devices") Reported-and-tested-by:
Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com> Reported-and-tested-by:
Geert Uytterhoeven <geert+renesas@glider.be> Signed-off-by:
Lukas Wunner <lukas@wunner.de> Signed-off-by:
Bjorn Helgaas <bhelgaas@google.com> Reviewed-by:
Laurent Pinchart <laurent.pinchart@ideasonboard.com> Acked-by:
Rafael J. Wysocki <rafael.j.wysocki@intel.com> Cc: Mika Westerberg <mika.westerberg@linux.intel.com> Cc: Niklas Söderlund <niklas.soderlund+renesas@ragnatech.se> Cc: Simon Horman <horms+renesas@verge.net.au> Cc: Yinghai Lu <yinghai@kernel.org> Cc: Matthew Garrett <mjg59@srcf.ucam.org> Signed-off-by:
-
David Woodhouse authored
BugLink: http://bugs.launchpad.net/bugs/1694621 commit 6bccc7f4 upstream. In the PCI_MMAP_PROCFS case when the address being passed by the user is a 'user visible' resource address based on the bus window, and not the actual contents of the resource, that's what we need to be checking it against. Signed-off-by:
David Woodhouse <dwmw@amazon.co.uk> Signed-off-by:
-
Thomas Gleixner authored
BugLink: http://bugs.launchpad.net/bugs/1694621 commit 30e7d894 upstream. Enabling the tracer selftest triggers occasionally the warning in text_poke(), which warns when the to be modified page is not marked reserved. The reason is that the tracer selftest installs kprobes on functions marked __init for testing. These probes are removed after the tests, but that removal schedules the delayed kprobes_optimizer work, which will do the actual text poke. If the work is executed after the init text is freed, then the warning triggers. The bug can be reproduced reliably when the work delay is increased. Flush the optimizer work and wait for the optimizing/unoptimizing lists to become empty before returning from the kprobes tracer selftest. That ensures that all operations which were queued due to the probes removal have completed. Link: http://lkml.kernel.org/r/20170516094802.76a468bb@gandalf.local.homeSigned-off-by:
Thomas Gleixner <tglx@linutronix.de> Acked-by:
Masami Hiramatsu <mhiramat@kernel.org> Fixes: 6274de49 ("kprobes: Support delayed unoptimizing") Signed-off-by:
Steven Rostedt (VMware) <rostedt@goodmis.org> Signed-off-by:
-
Al Viro authored
BugLink: http://bugs.launchpad.net/bugs/1694621 commit a8c39544 upstream. failing sys_wait4() won't fill struct rusage... Signed-off-by:
Al Viro <viro@zeniv.linux.org.uk> Signed-off-by:
-
Thomas Gleixner authored
BugLink: http://bugs.launchpad.net/bugs/1694621 commit 2c4569ca upstream. irq_set_chained_handler_and_data() sets up the chained interrupt and then stores the handler data. That's racy against an immediate interrupt which gets handled before the store of the handler data happened. The handler will dereference a NULL pointer and crash. Cure it by storing handler data before installing the chained handler. Reported-by:
Borislav Petkov <bp@alien8.de> Signed-off-by:
-
Johan Hovold authored
BugLink: http://bugs.launchpad.net/bugs/1694621 commit 41318a2b upstream. Add missing endianness conversion when using the USB device-descriptor idProduct field to apply a hardware quirk. Fixes: 1ba47da5 ("uwb: add the i1480 DFU driver") Signed-off-by:
Johan Hovold <johan@kernel.org> Signed-off-by:
-
