- 22 Aug, 2017 15 commits
-
-
Cheah Kok Cheong authored
BugLink: http://bugs.launchpad.net/bugs/1710646 commit bf279ece upstream. Move comedi_proc_init to the end to avoid orphaned proc entry if module loading failed. Signed-off-by:
Cheah Kok Cheong <thrust73@gmail.com> Reviewed-by:
Ian Abbott <abbotti@mev.co.uk> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by:
Stefan Bader <stefan.bader@canonical.com> Signed-off-by:
Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
-
Greg Kroah-Hartman authored
BugLink: http://bugs.launchpad.net/bugs/1710646 This reverts commit 8c92870b which is commit ba4a648f upstream. Michal Hocko writes: JFYI. We have encountered a regression after applying this patch on a large ppc machine. While the patch is the right thing to do it doesn't work well with the current vmalloc area size on ppc and large machines where NUMA nodes are very far from each other. Just for the reference the boot fails on such a machine with bunch of warning preceeding it. See http://lkml.kernel.org/r/20170724134240.GL25221@dhcp22.suse.cz It seems the right thing to do is to enlarge the vmalloc space on ppc but this is not the case in the upstream kernel yet AFAIK. It is also questionable whether that is a stable material but I will decision on you here. We have reverted this patch from our 4.4 based kernel. Newer kernels do not have enlarged vmalloc space yet AFAIK so they won't work properly eiter. This bug is quite rare though because you need a specific HW configuration to trigger the issue - namely NUMA nodes have to be far away from each other in the physical memory space. Cc: Michal Hocko <mhocko@kernel.org> Cc: Michael Ellerman <mpe@ellerman.id.au> Cc: Nicholas Piggin <npiggin@gmail.com> Signed-off-by:
-
Paul Mackerras authored
BugLink: http://bugs.launchpad.net/bugs/1710646 commit 7ceaa6dc upstream. At present, HV KVM on POWER8 and POWER9 machines loses any instruction or data breakpoint set in the host whenever a guest is run. Instruction breakpoints are currently only used by xmon, but ptrace and the perf_event subsystem can set data breakpoints as well as xmon. To fix this, we save the host values of the debug registers (CIABR, DAWR and DAWRX) before entering the guest and restore them on exit. To provide space to save them in the stack frame, we expand the stack frame allocated by kvmppc_hv_entry() from 112 to 144 bytes. [paulus@ozlabs.org - Adjusted stack offsets since we aren't saving POWER9-specific registers.] Fixes: b005255e ("KVM: PPC: Book3S HV: Context-switch new POWER8 SPRs", 2014-01-08) Signed-off-by:
Paul Mackerras <paulus@ozlabs.org> Signed-off-by:
-
Paul Mackerras authored
BugLink: http://bugs.launchpad.net/bugs/1710646 Commit 46a704f8 ("KVM: PPC: Book3S HV: Preserve userspace HTM state properly", 2017-06-15) added code which assumes that the kernel is able to handle a TM (transactional memory) unavailable interrupt from userspace by reloading the TM-related registers and enabling TM for the process. That ability was added in the 4.9 kernel; earlier kernel versions simply panic on getting the TM unavailable interrupt. Since commit 46a704f8 has been backported to the 4.4 stable tree as commit 824b9506, 4.4.75 and subsequent versions are vulnerable to a userspace-triggerable panic. This patch fixes the problem by explicitly reloading the TM-related registers before returning to userspace, rather than disabling TM for the process. Commit 46a704f8 also failed to enable TM for the kernel, leading to a TM unavailable interrupt in the kernel, causing an oops. This fixes that problem too, by enabling TM before accessing the TM registers. That problem is fixed upstream by the patch "KVM: PPC: Book3S HV: Enable TM before accessing TM registers". Fixes: 824b9506 ("KVM: PPC: Book3S HV: Preserve userspace HTM state properly") Signed-off-by:
-
Paul Mackerras authored
BugLink: http://bugs.launchpad.net/bugs/1710646 commit 4c3bb4cc upstream. This restores several special-purpose registers (SPRs) to sane values on guest exit that were missed before. TAR and VRSAVE are readable and writable by userspace, and we need to save and restore them to prevent the guest from potentially affecting userspace execution (not that TAR or VRSAVE are used by any known program that run uses the KVM_RUN ioctl). We save/restore these in kvmppc_vcpu_run_hv() rather than on every guest entry/exit. FSCR affects userspace execution in that it can prohibit access to certain facilities by userspace. We restore it to the normal value for the task on exit from the KVM_RUN ioctl. IAMR is normally 0, and is restored to 0 on guest exit. However, with a radix host on POWER9, it is set to a value that prevents the kernel from executing user-accessible memory. On POWER9, we save IAMR on guest entry and restore it on guest exit to the saved value rather than 0. On POWER8 we continue to set it to 0 on guest exit. PSPB is normally 0. We restore it to 0 on guest exit to prevent userspace taking advantage of the guest having set it non-zero (which would allow userspace to set its SMT priority to high). UAMOR is normally 0. We restore it to 0 on guest exit to prevent the AMR from being used as a covert channel between userspace processes, since the AMR is not context-switched at present. [paulus@ozlabs.org - removed IAMR bits that are only needed on POWER9; adjusted FSCR save/restore for lack of fscr field in thread_struct.] Fixes: b005255e ("KVM: PPC: Book3S HV: Context-switch new POWER8 SPRs", 2014-01-08) Signed-off-by:
-
Paul Mackerras authored
BugLink: http://bugs.launchpad.net/bugs/1710646 commit ca8efa1d upstream. This adds code to save the values of three SPRs (special-purpose registers) used by userspace to control event-based branches (EBBs), which are essentially interrupts that get delivered directly to userspace. These registers are loaded up with guest values when entering the guest, and their values are saved when exiting the guest, but we were not saving the host values and restoring them before going back to userspace. On POWER8 this would only affect userspace programs which explicitly request the use of EBBs and also use the KVM_RUN ioctl, since the only source of EBBs on POWER8 is the PMU, and there is an explicit enable bit in the PMU registers (and those PMU registers do get properly context-switched between host and guest). On POWER9 there is provision for externally-generated EBBs, and these are not subject to the control in the PMU registers. Since these registers only affect userspace, we can save them when we first come in from userspace and restore them before returning to userspace, rather than saving/restoring the host values on every guest entry/exit. Similarly, we don't need to worry about their values on offline secondary threads since they execute in the context of the idle task, which never executes in userspace. Fixes: b005255e ("KVM: PPC: Book3S HV: Context-switch new POWER8 SPRs", 2014-01-08) Signed-off-by:
-
Ben Skeggs authored
BugLink: http://bugs.launchpad.net/bugs/1710646 commit 38bcb208 upstream. Bit 30 being set causes the upper half of BAR2 to stay in physical mode, mapped over the end of VRAM, even when the rest of the BAR has been set to virtual mode. We inherited our initial value from RM, but I'm not aware of any reason we need to keep it that way. This fixes severe GPU hang/lockup issues revealed by Wayland on F26. Shout-out to NVIDIA for the quick response with the potential cause! Signed-off-by:
Ben Skeggs <bskeggs@redhat.com> Signed-off-by:
-
Sinclair Yeh authored
BugLink: http://bugs.launchpad.net/bugs/1710646 commit fcfffdd8 upstream. The current code does not look correct, and the reason for it is probably lost. Since this now generates a compiler warning, fix it to what makes sense. Reported-by:
Arnd Bergmann <arnd@arndb.de> Reported-by:
Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by:
Sinclair Yeh <syeh@vmware.com> Reviewed-by:
Brian Paul <brianp@vmware.com> Signed-off-by:
-
Ofer Heifetz authored
BugLink: http://bugs.launchpad.net/bugs/1710646 commit 7e96d559 upstream. Since thread_group worker and raid5d kthread are not in sync, if worker writes stripe before raid5d then requests will be waiting for issue_pendig. Issue observed when building raid5 with ext4, in some build runs jbd2 would get hung and requests were waiting in the HW engine waiting to be issued. Fix this by adding a call to async_tx_issue_pending_all in the raid5_do_work. Signed-off-by:
Ofer Heifetz <oferh@marvell.com> Signed-off-by:
Shaohua Li <shli@fb.com> Signed-off-by:
-
Herbert Xu authored
BugLink: http://bugs.launchpad.net/bugs/1710646 commit 41cdf7a4 upstream. When authencesn is used together with digest_null a crash will occur on the decrypt path. This is because normally we perform a special setup to preserve the ESN, but this is skipped if there is no authentication. However, on the post-authentication path it always expects the preservation to be in place, thus causing a crash when digest_null is used. This patch fixes this by also skipping the post-processing when there is no authentication. Fixes: 104880a6 ("crypto: authencesn - Convert to new AEAD...") Reported-by:
Jan Tluka <jtluka@redhat.com> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by:
-
Laurent Vivier authored
BugLink: http://bugs.launchpad.net/bugs/1710646 commit 4fd1bd44 upstream. As for commit 68baf692 ("powerpc/pseries: Fix of_node_put() underflow during DLPAR remove"), the call to of_node_put() must be removed from pSeries_reconfig_remove_node(). dlpar_detach_node() and pSeries_reconfig_remove_node() both call of_detach_node(), and thus the node should not be released in both cases. Fixes: 0829f6d1 ("of: device_node kobject lifecycle fixes") Signed-off-by:
Laurent Vivier <lvivier@redhat.com> Reviewed-by:
David Gibson <david@gibson.dropbear.id.au> Signed-off-by:
Michael Ellerman <mpe@ellerman.id.au> Signed-off-by:
-
Joel Fernandes authored
BugLink: http://bugs.launchpad.net/bugs/1710646 commit 10970449 upstream. Currently pstore has a global spinlock for all zones. Since the zones are independent and modify different areas of memory, there's no need to have a global lock, so we should use a per-zone lock as introduced here. Also, when ramoops's ftrace use-case has a FTRACE_PER_CPU flag introduced later, which splits the ftrace memory area into a single zone per CPU, it will eliminate the need for locking. In preparation for this, make the locking optional. Signed-off-by:
Joel Fernandes <joelaf@google.com> [kees: updated commit message] Signed-off-by:
Kees Cook <keescook@chromium.org> Cc: Leo Yan <leo.yan@linaro.org> Signed-off-by:
-
Yuejie Shi authored
BugLink: http://bugs.launchpad.net/bugs/1710646 commit 89e357d8 upstream. A dump may come in the middle of another dump, modifying its dump structure members. This race condition will result in NULL pointer dereference in kernel. So add a lock to prevent that race. Fixes: 83321d6b ("[AF_KEY]: Dump SA/SP entries non-atomically") Signed-off-by:
Yuejie Shi <syjcnss@gmail.com> Signed-off-by:
Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by:
Mark Salyzyn <salyzyn@android.com> Signed-off-by:
-
Marcelo Henrique Cerri authored
BugLink: http://bugs.launchpad.net/bugs/1700972 Allow images to be created without the need of an initrd and also allow users to run without an initrd if they want to. Signed-off-by:
Marcelo Henrique Cerri <marcelo.cerri@canonical.com> Acked-by:
Seth Forshee <seth.forshee@canonical.com> Signed-off-by:
Kamal Mostafa <kamal@canonical.com>
-
Thadeu Lima de Souza Cascardo authored
Ignore: yes Signed-off-by:
-
- 11 Aug, 2017 25 commits
-
-
Kleber Sacilotto de Souza authored
Signed-off-by:Kleber Sacilotto de Souza <kleber.souza@canonical.com>
-
Liping Zhang authored
BugLink: http://bugs.launchpad.net/bugs/1709032 If one cpu is doing nf_ct_extend_unregister while another cpu is doing __nf_ct_ext_add_length, then we may hit BUG_ON(t == NULL). Moreover, there's no synchronize_rcu invocation after set nf_ct_ext_types[id] to NULL, so it's possible that we may access invalid pointer. But actually, most of the ct extends are built-in, so the problem listed above will not happen. However, there are two exceptions: NF_CT_EXT_NAT and NF_CT_EXT_SYNPROXY. For _EXT_NAT, the panic will not happen, since adding the nat extend and unregistering the nat extend are located in the same file(nf_nat_core.c), this means that after the nat module is removed, we cannot add the nat extend too. For _EXT_SYNPROXY, synproxy extend may be added by init_conntrack, while synproxy extend unregister will be done by synproxy_core_exit. So after nf_synproxy_core.ko is removed, we may still try to add the synproxy extend, then kernel panic may happen. I know it's very hard to reproduce this issue, but I can play a tricky game to make it happen very easily :) Step 1. Enable SYNPROXY for tcp dport 1234 at FORWARD hook: # iptables -I FORWARD -p tcp --dport 1234 -j SYNPROXY Step 2. Queue the syn packet to the userspace at raw table OUTPUT hook. Also note, in the userspace we only add a 20s' delay, then reinject the syn packet to the kernel: # iptables -t raw -I OUTPUT -p tcp --syn -j NFQUEUE --queue-num 1 Step 3. Using "nc 2.2.2.2 1234" to connect the server. Step 4. Now remove the nf_synproxy_core.ko quickly: # iptables -F FORWARD # rmmod ipt_SYNPROXY # rmmod nf_synproxy_core Step 5. After 20s' delay, the syn packet is reinjected to the kernel. Now you will see the panic like this: kernel BUG at net/netfilter/nf_conntrack_extend.c:91! Call Trace: ? __nf_ct_ext_add_length+0x53/0x3c0 [nf_conntrack] init_conntrack+0x12b/0x600 [nf_conntrack] nf_conntrack_in+0x4cc/0x580 [nf_conntrack] ipv4_conntrack_local+0x48/0x50 [nf_conntrack_ipv4] nf_reinject+0x104/0x270 nfqnl_recv_verdict+0x3e1/0x5f9 [nfnetlink_queue] ? nfqnl_recv_verdict+0x5/0x5f9 [nfnetlink_queue] ? nla_parse+0xa0/0x100 nfnetlink_rcv_msg+0x175/0x6a9 [nfnetlink] [...] One possible solution is to make NF_CT_EXT_SYNPROXY extend built-in, i.e. introduce nf_conntrack_synproxy.c and only do ct extend register and unregister in it, similar to nf_conntrack_timeout.c. But having such a obscure restriction of nf_ct_extend_unregister is not a good idea, so we should invoke synchronize_rcu after set nf_ct_ext_types to NULL, and check the NULL pointer when do __nf_ct_ext_add_length. Then it will be easier if we add new ct extend in the future. Last, we use kfree_rcu to free nf_ct_ext, so rcu_barrier() is unnecessary anymore, remove it too. Signed-off-by:
Liping Zhang <zlpnobody@gmail.com> Acked-by:
Florian Westphal <fw@strlen.de> Signed-off-by:
Pablo Neira Ayuso <pablo@netfilter.org> (cherry picked from commit 9c3f3794) Signed-off-by:
Brad Figg <brad.figg@canonical.com>
-
Kleber Sacilotto de Souza authored
BugLink: http://bugs.launchpad.net/bugs/1709032 This reverts commit f58e6473. Signed-off-by:
-
Willem de Bruijn authored
CVE-2017-1000112 When iteratively building a UDP datagram with MSG_MORE and that datagram exceeds MTU, consistently choose UFO or fragmentation. Once skb_is_gso, always apply ufo. Conversely, once a datagram is split across multiple skbs, do not consider ufo. Sendpage already maintains the first invariant, only add the second. IPv6 does not have a sendpage implementation to modify. A gso skb must have a partial checksum, do not follow sk_no_check_tx in udp_send_skb. Found by syzkaller. Fixes: e89e9cf5 ("[IPv4/IPv6]: UFO Scatter-gather approach") Reported-by:
Andrey Konovalov <andreyknvl@google.com> Signed-off-by:
Willem de Bruijn <willemb@google.com> Signed-off-by:
David S. Miller <davem@davemloft.net> (cherry picked from commit 85f1bd9a) Signed-off-by:
-
Willem de Bruijn authored
CVE-2017-1000111 Updates to tp_reserve can race with reads of the field in packet_set_ring. Avoid this by holding the socket lock during updates in setsockopt PACKET_RESERVE. This bug was discovered by syzkaller. Fixes: 8913336a ("packet: add PACKET_RESERVE sockopt") Reported-by:
-
Kleber Sacilotto de Souza authored
This reverts commit ccf7bb73. CVE-2017-1000111 Signed-off-by:
-
Kleber Sacilotto de Souza authored
This reverts commit 840d468d. CVE-2017-1000112 Signed-off-by:
-
Peter Hurley authored
BugLink: http://bugs.launchpad.net/bugs/1709126 Currently, when the tty is hungup, the ldisc is re-instanced; ie., the current instance is destroyed and a new instance is created. The purpose of this design was to guarantee a valid, open ldisc for the lifetime of the tty. However, now that tty buffers are owned by and have lifetime equivalent to the tty_port (since v3.10), any data received immediately after the ldisc is re-instanced may cause continued driver i/o operations concurrently with the driver's hangup() operation. For drivers that shutdown h/w on hangup, this is unexpected and usually bad. For example, the serial core may free the xmit buffer page concurrently with an in-progress write() operation (triggered by echo). With the existing stable and robust ldisc reference handling, the cleaned-up tty_reopen(), the straggling unsafe ldisc use cleaned up, and the preparation to properly handle a NULL tty->ldisc, the ldisc instance can be destroyed and only re-instanced when the tty is re-opened. If the tty was opened as /dev/console or /dev/tty0, the original behavior of re-instancing the ldisc is retained (the 'reinit' parameter to tty_ldisc_hangup() is true). This is required since those file descriptors are never hungup. This patch has neglible impact on userspace; the tty file_operations ptr is changed to point to the hungup file operations _before_ the ldisc instance is destroyed, so only racing file operations might now retrieve a NULL ldisc reference (which is simply handled as if the hungup file operation had been called instead -- see "tty: Prepare for destroying line discipline on hangup"). This resolves a long-standing FIXME and several crash reports. Signed-off-by:
Peter Hurley <peter@hurleysoftware.com> Signed-off-by:
Benjamin M Romer <benjamin.romer@canonical.com> Signed-off-by:
-
Peter Hurley authored
BugLink: http://bugs.launchpad.net/bugs/1709126 At tty hangup, the line discipline instance is reinitialized by closing the current ldisc instance and opening a new instance. This operation is complicated by error recovery: if the attempt to reinit the current line discipline fails, the line discipline is reset to N_TTY (which should not but can fail). Re-purpose tty_ldisc_reinit() to return a valid, open line discipline instance, or otherwise, an error. Signed-off-by:
-
Peter Hurley authored
BugLink: http://bugs.launchpad.net/bugs/1709126 tty->ldisc is a ptr to struct tty_ldisc, but unfortunately 'ldisc' is also used as a parameter or local name to refer to the line discipline index value (ie, N_TTY, N_GSM, etc.); instead prefer the name used by the line discipline registration/ref counting functions. Signed-off-by:
-
Peter Hurley authored
BugLink: http://bugs.launchpad.net/bugs/1709126 In preparation for destroying the line discipline instance on hangup, move tty_ldisc_kill() to eliminate needless forward declarations. No functional change. Signed-off-by:
-
Peter Hurley authored
BugLink: http://bugs.launchpad.net/bugs/1709126 In preparation of destroying line discipline on hangup, fix ldisc core operations to properly handle when the tty's ldisc is NULL. Signed-off-by:
-
Peter Hurley authored
BugLink: http://bugs.launchpad.net/bugs/1709126 After the ldisc is released, but before the tty is destroyed, the termios is saved (in tty_free_termios()); this termios is restored if a new tty is created on next open(). However, the line discipline is always reset, which is not obvious in the current method. Instead, reset as part of the restore. Restore the original line discipline, which may not have been N_TTY. Signed-off-by:
-
Peter Hurley authored
BugLink: http://bugs.launchpad.net/bugs/1709126 Perform common exit for both successful and error exit handling in tty_set_ldisc(). Fixes unlikely possibility of failing to restart input kworker when switching to the same line discipline (noop case). Signed-off-by:
-
Laura Abbott authored
BugLink: http://bugs.launchpad.net/bugs/1706833 We've received a number of reports of warnings when coming out of suspend with certain bluetooth firmware configurations: WARNING: CPU: 3 PID: 3280 at drivers/base/firmware_class.c:1126 _request_firmware+0x558/0x810() Modules linked in: ccm ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw ip6table_filter ip6_tables iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security iptable_raw binfmt_misc bnep intel_rapl iosf_mbi arc4 x86_pkg_temp_thermal snd_hda_codec_hdmi coretemp kvm_intel joydev snd_hda_codec_realtek iwldvm snd_hda_codec_generic kvm iTCO_wdt mac80211 iTCO_vendor_support snd_hda_intel snd_hda_controller snd_hda_codec crct10dif_pclmul snd_hwdep crc32_pclmul snd_seq crc32c_intel ghash_clmulni_intel uvcvideo snd_seq_device iwlwifi btusb videobuf2_vmalloc snd_pcm videobuf2_core serio_raw bluetooth cfg80211 videobuf2_memops sdhci_pci v4l2_common videodev thinkpad_acpi sdhci i2c_i801 lpc_ich mfd_core wacom mmc_core media snd_timer tpm_tis hid_logitech_hidpp wmi tpm rfkill snd mei_me mei shpchp soundcore nfsd auth_rpcgss nfs_acl lockd grace sunrpc i915 i2c_algo_bit drm_kms_helper e1000e drm hid_logitech_dj ptp pps_core video CPU: 3 PID: 3280 Comm: kworker/u17:0 Not tainted 3.19.3-200.fc21.x86_64 Hardware name: LENOVO 343522U/343522U, BIOS GCET96WW (2.56 ) 10/22/2013 Workqueue: hci0 hci_power_on [bluetooth] 0000000000000000 0000000089944328 ffff88040acffb78 ffffffff8176e215 0000000000000000 0000000000000000 ffff88040acffbb8 ffffffff8109bc1a 0000000000000000 ffff88040acffcd0 00000000fffffff5 ffff8804076bac40 Call Trace: [<ffffffff8176e215>] dump_stack+0x45/0x57 [<ffffffff8109bc1a>] warn_slowpath_common+0x8a/0xc0 [<ffffffff8109bd4a>] warn_slowpath_null+0x1a/0x20 [<ffffffff814dbe78>] _request_firmware+0x558/0x810 [<ffffffff814dc165>] request_firmware+0x35/0x50 [<ffffffffa03a7886>] btusb_setup_bcm_patchram+0x86/0x590 [btusb] [<ffffffff814d40e6>] ? rpm_idle+0xd6/0x230 [<ffffffffa04d4801>] hci_dev_do_open+0xe1/0xa90 [bluetooth] [<ffffffff810c51dd>] ? ttwu_do_activate.constprop.90+0x5d/0x70 [<ffffffffa04d5980>] hci_power_on+0x40/0x200 [bluetooth] [<ffffffff810b487c>] process_one_work+0x14c/0x3f0 [<ffffffff810b52f3>] worker_thread+0x53/0x470 [<ffffffff810b52a0>] ? rescuer_thread+0x300/0x300 [<ffffffff810ba548>] kthread+0xd8/0xf0 [<ffffffff810ba470>] ? kthread_create_on_node+0x1b0/0x1b0 [<ffffffff81774958>] ret_from_fork+0x58/0x90 [<ffffffff810ba470>] ? kthread_create_on_node+0x1b0/0x1b0 This occurs after every resume. When resuming, the bluetooth stack calls hci_register_dev, allocates a new workqueue, and immediately schedules the power_on on the newly created workqueue. Since the new workqueue is not freezable, the work runs immediately and triggers the warning since resume is still happening and usermodehelper has not yet been re-enabled. Fix this by making the request workqueue freezable. This ensures the work will not run until unfreezing occurs and usermodehelper is re-enabled. Signed-off-by:
Laura Abbott <labbott@fedoraproject.org> Signed-off-by:
AceLan Kao <acelan.kao@canonical.com> Acked-by:
-
Benjamin Tissoires authored
BugLink: https://bugs.launchpad.net/bugs/1708372 According to https://msdn.microsoft.com/en-us/library/windows/hardware/mt604195(v=vs.85).aspx external buttons have some weird usage mapping: - Button 2 Indicates Button State for external button for primary (default left) clicking. - Button 3 Indicates Button State for external button for secondary (default right) clicking. So in the current state, the buttons are mapped to right and middle. Move the usage by one to correctly map the external buttons. Tested-by:
Chris Chiu <chiu@endlessm.com> Signed-off-by:
Benjamin Tissoires <benjamin.tissoires@redhat.com> Signed-off-by:
Jiri Kosina <jkosina@suse.cz> (cherry picked from commit 594312b8) Signed-off-by:
Po-Hsu Lin <po-hsu.lin@canonical.com> Acked-by:
-
Seth Forshee authored
BugLink: http://bugs.launchpad.net/bugs/1703430 This changed from y to m after trusty without justification. Having it built as a module causes issues with booting on some ARM systems. Signed-off-by:
Paolo Pisati <paolo.pisati@canonical.com> Signed-off-by:
-
Brian Foster authored
BugLink: https://bugs.launchpad.net/bugs/1706132 If the filesystem has shut down, xfs_end_io() currently sets an error on the ioend and proceeds to ioend destruction. The ioend might contain a truncate transaction if the I/O extended the size of the file. This transaction is only cleaned up in xfs_setfilesize_ioend(), however, which is skipped in this case. This results in an xfs_log_ticket leak message when the associate cache slab is destroyed (e.g., on rmmod). This was originally reproduced by xfs/141 on a distro kernel. The problem is reproducible on an upstream kernel, but not easily detected in current upstream if the xfs_log_ticket cache happens to be merged with another cache. This can be reproduced more deterministically with the 'slab_nomerge' kernel boot option. Update xfs_end_io() to proceed with normal end I/O processing after an error is set on an ioend due to fs shutdown. The I/O type-based processing is already designed to handle an I/O error and ensure that the ioend is cleaned up correctly. Signed-off-by:
Brian Foster <bfoster@redhat.com> Reviewed-by:
Dave Chinner <dchinner@redhat.com> Signed-off-by:
Dave Chinner <david@fromorbit.com> (cherry picked from commit af055e37) Signed-off-by:
Rafael David Tinoco <rafael.tinoco@canonical.com> Acked-by:
-
Andy Whitcroft authored
BugLink: http://bugs.launchpad.net/bugs/1705495Signed-off-by:
Andy Whitcroft <apw@canonical.com> Acked-by:
-
Jan Kara authored
CVE-2017-7495 Huang has reported that in his powerfail testing he is seeing stale block contents in some of recently allocated blocks although he mounts ext4 in data=ordered mode. After some investigation I have found out that indeed when delayed allocation is used, we don't add inode to transaction's list of inodes needing flushing before commit. Originally we were doing that but commit f3b59291 removed the logic with a flawed argument that it is not needed. The problem is that although for delayed allocated blocks we write their contents immediately after allocating them, there is no guarantee that the IO scheduler or device doesn't reorder things and thus transaction allocating blocks and attaching them to inode can reach stable storage before actual block contents. Actually whenever we attach freshly allocated blocks to inode using a written extent, we should add inode to transaction's ordered inode list to make sure we properly wait for block contents to be written before committing the transaction. So that is what we do in this patch. This also handles other cases where stale data exposure was possible - like filling hole via mmap in data=ordered,nodelalloc mode. The only exception to the above rule are extending direct IO writes where blkdev_direct_IO() waits for IO to complete before increasing i_size and thus stale data exposure is not possible. For now we don't complicate the code with optimizing this special case since the overhead is pretty low. In case this is observed to be a performance problem we can always handle it using a special flag to ext4_map_blocks(). CC: stable@vger.kernel.org Fixes: f3b59291Reported-by:
"HUANG Weller (CM/ESW12-CN)" <Weller.Huang@cn.bosch.com> Tested-by:
Jan Kara <jack@suse.cz> Signed-off-by:
Theodore Ts'o <tytso@mit.edu> (backported from commit 06bd3c36) Signed-off-by:
Shrirang Bagul <shrirang.bagul@canonical.com> Acked-by:
-
Pavani Muthyala authored
BugLink: https://bugs.launchpad.net/bugs/1706991 This patch configures specific uapsd parameters. This setting gives better downlink WLAN throughput when radio is shared between WLAN and BT. Signed-off-by:
Pavani Muthyala <pavani.muthyala@redpinesignals.com> Signed-off-by:
Amitkumar Karwar <amit.karwar@redpinesignals.com> Acked-by:
-
Prameela Rani Garnepudi authored
BugLink: https://bugs.launchpad.net/bugs/1706991 When Coex mode is enabled, enabling power save will improve radio sharing. Hence PS on by default flag is set. Signed-off-by:
Prameela Rani Garnepudi <prameela.j04cs@gmail.com> Signed-off-by:
-
Haiyang Zhang authored
BugLink: http://bugs.launchpad.net/bugs/1690174 Azure hosts are not supporting non-TCP port numbers in vRSS hashing for now. For example, UDP packet loss rate will be high if port numbers are also included in vRSS hash. So, we created this patch to use only IP numbers for hashing in non-TCP traffic. Signed-off-by:
Haiyang Zhang <haiyangz@microsoft.com> Reviewed-by:
Stephen Hemminger <sthemmin@microsoft.com> Signed-off-by:
-
Norik Dzhandzhapanyan authored
BugLink: http://bugs.launchpad.net/bugs/1706531 Report per chain RSSI to mac80211. Signed-off-by:
Norik Dzhandzhapanyan <norikd@gmail.com> [kvalo@qca.qualcomm.com: fix conflicts and style] Signed-off-by:
Kalle Valo <kvalo@qca.qualcomm.com> (cherry picked from commit 8241253d) Signed-off-by:
-
Yang Jiaxun authored
BugLink: https://bugs.launchpad.net/linux/+bug/1705378 Some Lenovo ideapad models do not have hardware rfkill switches, but trying to read the rfkill switches through the ideapad-laptop module. It caused to always reported blocking breaking wifi. Fix it by adding those models to no_hw_rfkill_list. Signed-off-by:
Yang Jiaxun <yjx@flygoat.com> Signed-off-by:
Andy Shevchenko <andriy.shevchenko@linux.intel.com> (backported from commit 710c059c) Signed-off-by:
Aaron Ma <aaron.ma@canonical.com> Acked-by:
-
