- 02 Jun, 2017 8 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/soundLinus Torvalds authored
Pull sound fixes from Takashi Iwai: "This contains the fixes for a few reported regression for HD-audio and USB-audio. All small, trivial, and boring" * tag 'sound-4.12-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ALSA: hda - Fix applying MSI dual-codec mobo quirk ALSA: usb: Avoid VLA in mixer_us16x08.c ALSA: usb: Fix a typo in Tascam US-16x08 mixer element Revert "ALSA: usb-audio: purge needless variable length array"
-
git://git.infradead.org/users/vkoul/slave-dmaLinus Torvalds authored
Pull dmaengine fixes from Vinod Koul: "Here is the dmaengine fixes request for 4.12. Fixes bunch of issues in the driver, npthing exciting though.. - mv_xor_v2 driver fixes for handling descriptors, tx_submit implementation, removing interrupt coalescing and setting DMA mask properly - fix usb-dmac DMAOR AE bit definition - fix ep93xx start buffer from BASE0 and not drain the transfers in terminate_all - fix rcar-dmac to use right descriptor pointer for residue calculation - pl330 fix warn for irq freeup" * tag 'dmaengine-fix-4.12-rc4' of git://git.infradead.org/users/vkoul/slave-dma: dmaengine: pl330: fix warning in pl330_remove rcar-dmac: fixup descriptor pointer for descriptor mode dmaengine: ep93xx: Don't drain the transfers in terminate_all() dmaengine: ep93xx: Always start from BASE0 dmaengine: usb-dmac: Fix DMAOR AE bit definition dmaengine: mv_xor_v2: set DMA mask to 40 bits dmaengine: mv_xor_v2: remove interrupt coalescing dmaengine: mv_xor_v2: fix tx_submit() implementation dmaengine: mv_xor_v2: enable XOR engine after its configuration dmaengine: mv_xor_v2: do not use descriptors not acked by async_tx dmaengine: mv_xor_v2: properly handle wrapping in the array of HW descriptors dmaengine: mv_xor_v2: handle mv_xor_v2_prep_sw_desc() error properly
-
git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hidLinus Torvalds authored
Pull HID fixes from Jiri Kosina: - corner-case oops fixes for Asus and Wacom drivers from Carlo Caione and Jason Gerecke - power management fix (reported on SIS0817 touchscreen) for i2c-hid devices from Hans de Goede - device-id-specific fixes and quirks from Hans de Goede, Diego Elio Pettenò and Che-Liang Chiou * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid: HID: asus: Stop underlying hardware on remove HID: i2c: Call acpi_device_fix_up_power for ACPI-enumerated devices HID: asus: Add support for T100 keyboard HID: elecom: extend to fix the descriptor for DEFT trackballs HID: magicmouse: Set multi-touch keybits for Magic Mouse HID: wacom: Have wacom_tpc_irq guard against possible NULL dereference
-
git://git.kernel.org/pub/scm/linux/kernel/git/jikos/livepatchingLinus Torvalds authored
Pull livepatching fix from Jiri Kosina: "Kconfig dependency fix for livepatching infrastructure from Miroslav Benes" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/livepatching: livepatch: Make livepatch dependent on !TRIM_UNUSED_KSYMS
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull x86 fixes from Ingo Molnar: "Misc fixes: - revert a broken PAT commit that broke a number of systems - fix two preemptability warnings/bugs that can trigger under certain circumstances, in the debug code and in the microcode loader" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: Revert "x86/PAT: Fix Xorg regression on CPUs that don't support PAT" x86/debug/32: Convert a smp_processor_id() call to raw to avoid DEBUG_PREEMPT warning x86/microcode/AMD: Change load_microcode_amd()'s param to bool to fix preemptibility bug
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull EFI fixes from Ingo Molnar: "Misc fixes: - three boot crash fixes for uncommon configurations - silence a boot warning under virtualization - plus a GCC 7 related (harmless) build warning fix" * 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: efi/bgrt: Skip efi_bgrt_init() in case of non-EFI boot x86/efi: Correct EFI identity mapping under 'efi=old_map' when KASLR is enabled x86/efi: Disable runtime services on kexec kernel if booted with efi=old_map efi: Remove duplicate 'const' specifiers efi: Don't issue error message when booted under Xen
-
Carlo Caione authored
We are missing a call to hid_hw_stop() on the remove hook. Among other things this is causing an Oops when (re-)starting GNOME / upowerd / ... after the module has been already rmmod-ed. Signed-off-by: Carlo Caione <carlo@endlessm.com> Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
-
Jean-Philippe Brucker authored
When removing a device with less than 9 IRQs (AMBA_NR_IRQS), we'll get a big WARN_ON from devres.c because pl330_remove calls devm_free_irqs for unallocated irqs. Similarly to pl330_probe, check that IRQ number is present before calling devm_free_irq. Signed-off-by: Jean-Philippe Brucker <jean-philippe.brucker@arm.com> Signed-off-by: Vinod Koul <vinod.koul@intel.com>
-
- 01 Jun, 2017 14 commits
-
-
git://linux-nfs.org/~bfields/linuxLinus Torvalds authored
Pull nfsd fixes from Bruce Fields: "Revert patch accidentally included in the merge window pull request, and fix a crash that was likely a result of buggy client behavior" * tag 'nfsd-4.12-1' of git://linux-nfs.org/~bfields/linux: nfsd4: fix null dereference on replay nfsd: Revert "nfsd: check for oversized NFSv2/v3 arguments"
-
git://git.kernel.org/pub/scm/linux/kernel/git/kees/linuxLinus Torvalds authored
Pull gcc-plugin prepwork from Kees Cook: "Use designated initializers for mtk-vcodec, powerplay, amdgpu, and sgi-xp. Use ERR_CAST() to avoid cross-structure cast in ocf2, ntfs, and NFS. Christoph Hellwig recommended that I send these fixes now, rather than waiting for the v4.13 merge window. These are all initializer and cast fixes needed for the future randstruct plugin that haven't been picked up by the respective maintainers" * tag 'gcc-plugins-v4.12-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: mtk-vcodec: Use designated initializers drm/amd/powerplay: Use designated initializers drm/amdgpu: Use designated initializers sgi-xp: Use designated initializers ocfs2: Use ERR_CAST() to avoid cross-structure cast ntfs: Use ERR_CAST() to avoid cross-structure cast NFS: Use ERR_CAST() to avoid cross-structure cast
-
git://git.kernel.org/pub/scm/virt/kvm/kvmLinus Torvalds authored
Pull KVM fixes from Paolo Bonzini: "Many small x86 bug fixes: SVM segment registers access rights, nested VMX, preempt notifiers, LAPIC virtual wire mode, NMI injection" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: KVM: x86: Fix nmi injection failure when vcpu got blocked KVM: SVM: do not zero out segment attributes if segment is unusable or not present KVM: SVM: ignore type when setting segment registers KVM: nVMX: fix nested_vmx_check_vmptr failure paths under debugging KVM: x86: Fix virtual wire mode KVM: nVMX: Fix handling of lmsw instruction KVM: X86: Fix preempt the preemption timer cancel
-
git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fsLinus Torvalds authored
Pull Reiserfs and GFS2 fixes from Jan Kara: "Fixes to GFS2 & Reiserfs for the fallout of the recent WRITE_FUA cleanup from Christoph. Fixes for other filesystems were already merged by respective maintainers." * 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs: reiserfs: Make flush bios explicitely sync gfs2: Make flush bios explicitely sync
-
git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pendingLinus Torvalds authored
Pull SCSI target fixes from Nicholas Bellinger: "Here are the target-pending fixes for v4.12-rc4: - ibmviscsis ABORT_TASK handling fixes that missed the v4.12 merge window. (Bryant Ly and Michael Cyr) - Re-add a target-core check enforcing WRITE overflow reject that was relaxed in v4.3, to avoid unsupported iscsi-target immediate data overflow. (nab) - Fix a target-core-user OOPs during device removal. (MNC + Bryant Ly) - Fix a long standing iscsi-target potential issue where kthread exit did not wait for kthread_should_stop(). (Jiang Yi) - Fix a iscsi-target v3.12.y regression OOPs involving initial login PDU processing during asynchronous TCP connection close. (MNC + nab) This is a little larger than usual for an -rc4, primarily due to the iscsi-target v3.12.y regression OOPs bug-fix. However, it's an important patch as MNC + Hannes where both able to trigger it using a reduced iscsi initiator login timeout combined with a backend taking a long time to complete I/Os during iscsi login driven session reinstatement" * git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending: iscsi-target: Always wait for kthread_should_stop() before kthread exit iscsi-target: Fix initial login PDU asynchronous socket close OOPs tcmu: fix crash during device removal target: Re-add check to reject control WRITEs with overflow data ibmvscsis: Fix the incorrect req_lim_delta ibmvscsis: Clear left-over abort_cmd pointers
-
Ingo Molnar authored
This reverts commit cbed27cd. As Andy Lutomirski observed: "I think this patch is bogus. pat_enabled() sure looks like it's supposed to return true if PAT is *enabled*, and these days PAT is 'enabled' even if there's no HW PAT support." Reported-by: Bernhard Held <berny156@gmx.de> Reported-by: Chris Wilson <chris@chris-wilson.co.uk> Acked-by: Andy Lutomirski <luto@kernel.org> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Borislav Petkov <bp@alien8.de> Cc: Brian Gerst <brgerst@gmail.com> Cc: Denys Vlasenko <dvlasenk@redhat.com> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Josh Poimboeuf <jpoimboe@redhat.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Luis R. Rodriguez <mcgrof@suse.com> Cc: Mikulas Patocka <mpatocka@redhat.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Toshi Kani <toshi.kani@hp.com> Cc: stable@vger.kernel.org # v4.2+ Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar <mingo@kernel.org>
-
ZhuangYanying authored
When spin_lock_irqsave() deadlock occurs inside the guest, vcpu threads, other than the lock-holding one, would enter into S state because of pvspinlock. Then inject NMI via libvirt API "inject-nmi", the NMI could not be injected into vm. The reason is: 1 It sets nmi_queued to 1 when calling ioctl KVM_NMI in qemu, and sets cpu->kvm_vcpu_dirty to true in do_inject_external_nmi() meanwhile. 2 It sets nmi_queued to 0 in process_nmi(), before entering guest, because cpu->kvm_vcpu_dirty is true. It's not enough just to check nmi_queued to decide whether to stay in vcpu_block() or not. NMI should be injected immediately at any situation. Add checking nmi_pending, and testing KVM_REQ_NMI replaces nmi_queued in vm_vcpu_has_events(). Do the same change for SMIs. Signed-off-by: Zhuang Yanying <ann.zhuangyanying@huawei.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-
Roman Pen authored
This is a fix for the problem [1], where VMCB.CPL was set to 0 and interrupt was taken on userspace stack. The root cause lies in the specific AMD CPU behaviour which manifests itself as unusable segment attributes on SYSRET. The corresponding work around for the kernel is the following: 61f01dd9 ("x86_64, asm: Work around AMD SYSRET SS descriptor attribute issue") In other turn virtualization side treated unusable segment incorrectly and restored CPL from SS attributes, which were zeroed out few lines above. In current patch it is assured only that P bit is cleared in VMCB.save state and segment attributes are not zeroed out if segment is not presented or is unusable, therefore CPL can be safely restored from DPL field. This is only one part of the fix, since QEMU side should be fixed accordingly not to zero out attributes on its side. Corresponding patch will follow. [1] Message id: CAJrWOzD6Xq==b-zYCDdFLgSRMPM-NkNuTSDFEtX=7MreT45i7Q@mail.gmail.com Signed-off-by: Roman Pen <roman.penyaev@profitbricks.com> Signed-off-by: Mikhail Sennikovskii <mikhail.sennikovskii@profitbricks.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Radim KrÄmáÅ
™ <rkrcmar@redhat.com> Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> -
Takashi Iwai authored
The previous commit [63691587: ALSA: hda - Apply dual-codec quirk for MSI Z270-Gaming mobo] attempted to apply the existing dual-codec quirk for a MSI mobo. But it turned out that this isn't applied properly due to the MSI-vendor quirk before this entry. I overlooked such two MSI entries just because they were put in the wrong position, although we have a list ordered by PCI SSID numbers. This patch fixes it by rearranging the unordered entries. Fixes: 63691587 ("ALSA: hda - Apply dual-codec quirk for MSI Z270-Gaming mobo") Reported-by: Rudolf Schmidt <info@rudolfschmidt.com> Signed-off-by: Takashi Iwai <tiwai@suse.de>
-
git://people.freedesktop.org/~airlied/linuxLinus Torvalds authored
Pull drm fixes from Dave Airlie: "This is the main set of fixes for rc4, one amdgpu fix, some exynos regression fixes, some msm fixes and some i915 and GVT fixes. I've got a second regression fix for some DP chips that might be a bit large, but I think we'd like to land it now, I'll send it along tomorrow, once you are happy with this set" * tag 'drm-fixes-for-v4.12-rc4' of git://people.freedesktop.org/~airlied/linux: (24 commits) drm/amdgpu: Program ring for vce instance 1 at its register space drm/exynos: clean up description of exynos_drm_crtc drm/exynos: dsi: Remove bridge node reference in removal drm/exynos: dsi: Fix the parse_dt function drm/exynos: Merge pre/postclose hooks drm/msm: Fix the check for the command size drm/msm: Take the mutex before calling msm_gem_new_impl drm/msm: for array in-fences, check if all backing fences are from our own context before waiting drm/msm: constify irq_domain_ops drm/msm/mdp5: release hwpipe(s) for unused planes drm/msm: Reuse dma_fence_release. drm/msm: Expose our reservation object when exporting a dmabuf. drm/msm/gpu: check legacy clk names in get_clocks() drm/msm/mdp5: use __drm_atomic_helper_plane_duplicate_state() drm/msm: select PM_OPP drm/i915: Stop pretending to mask/unmask LPE audio interrupts drm/i915/selftests: Silence compiler warning in igt_ctx_exec Revert "drm/i915: Restore lost "Initialized i915" welcome message" drm/i915/gvt: clean up unsubmited workloads before destroying kmem cache drm/i915/gvt: Disable compression workaround for Gen9 ...
-
Dave Airlie authored
Merge tag 'exynos-drm-fixes-for-v4.12' of git://git.kernel.org/pub/scm/linux/kernel/git/daeinki/drm-exynos into drm-fixes - Fix a regression to description of exynos_drm_crtc - Remove preclose hook of Exynos . This was a exynos change of the patch series[1] merged already. - Fix one dt broken issue - Make sure to release bridge_node of Exynos MIPI-DSI driver. [1] https://lists.freedesktop.org/archives/dri-devel/2017-March/135111.html * tag 'exynos-drm-fixes-for-v4.12' of git://git.kernel.org/pub/scm/linux/kernel/git/daeinki/drm-exynos: drm/exynos: clean up description of exynos_drm_crtc drm/exynos: dsi: Remove bridge node reference in removal drm/exynos: dsi: Fix the parse_dt function drm/exynos: Merge pre/postclose hooks
-
git://people.freedesktop.org/~agd5f/linuxDave Airlie authored
* 'drm-fixes-4.12' of git://people.freedesktop.org/~agd5f/linux: drm/amdgpu: Program ring for vce instance 1 at its register space
-
git://people.freedesktop.org/~robclark/linuxDave Airlie authored
a few fixes for 4.12.. * 'msm-fixes-4.12-rc4' of git://people.freedesktop.org/~robclark/linux: drm/msm: Fix the check for the command size drm/msm: Take the mutex before calling msm_gem_new_impl drm/msm: for array in-fences, check if all backing fences are from our own context before waiting drm/msm: constify irq_domain_ops drm/msm/mdp5: release hwpipe(s) for unused planes drm/msm: Reuse dma_fence_release. drm/msm: Expose our reservation object when exporting a dmabuf. drm/msm/gpu: check legacy clk names in get_clocks() drm/msm/mdp5: use __drm_atomic_helper_plane_duplicate_state() drm/msm: select PM_OPP
-
Dave Airlie authored
Merge tag 'drm-intel-fixes-2017-05-29' of git://anongit.freedesktop.org/git/drm-intel into drm-fixes drm/i915 fixes for v4.12-rc4 * tag 'drm-intel-fixes-2017-05-29' of git://anongit.freedesktop.org/git/drm-intel: drm/i915: Stop pretending to mask/unmask LPE audio interrupts drm/i915/selftests: Silence compiler warning in igt_ctx_exec Revert "drm/i915: Restore lost "Initialized i915" welcome message" drm/i915/gvt: clean up unsubmited workloads before destroying kmem cache drm/i915/gvt: Disable compression workaround for Gen9 drm/i915: set initialised only when init_context callback is NULL drm/i915: Fix new -Wint-in-bool-context gcc compiler warning drm/i915: use vma->size for appgtt allocate_va_range drm/i915: Do not sync RCU during shrinking
-
- 31 May, 2017 7 commits
-
-
Jiang Yi authored
There are three timing problems in the kthread usages of iscsi_target_mod: - np_thread of struct iscsi_np - rx_thread and tx_thread of struct iscsi_conn In iscsit_close_connection(), it calls send_sig(SIGINT, conn->tx_thread, 1); kthread_stop(conn->tx_thread); In conn->tx_thread, which is iscsi_target_tx_thread(), when it receive SIGINT the kthread will exit without checking the return value of kthread_should_stop(). So if iscsi_target_tx_thread() exit right between send_sig(SIGINT...) and kthread_stop(...), the kthread_stop() will try to stop an already stopped kthread. This is invalid according to the documentation of kthread_stop(). (Fix -ECONNRESET logout handling in iscsi_target_tx_thread and early iscsi_target_rx_thread failure case - nab) Signed-off-by: Jiang Yi <jiangyilism@gmail.com> Cc: <stable@vger.kernel.org> # v3.12+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
-
Nicholas Bellinger authored
This patch fixes a OOPs originally introduced by: commit bb048357 Author: Nicholas Bellinger <nab@linux-iscsi.org> Date: Thu Sep 5 14:54:04 2013 -0700 iscsi-target: Add sk->sk_state_change to cleanup after TCP failure which would trigger a NULL pointer dereference when a TCP connection was closed asynchronously via iscsi_target_sk_state_change(), but only when the initial PDU processing in iscsi_target_do_login() from iscsi_np process context was blocked waiting for backend I/O to complete. To address this issue, this patch makes the following changes. First, it introduces some common helper functions used for checking socket closing state, checking login_flags, and atomically checking socket closing state + setting login_flags. Second, it introduces a LOGIN_FLAGS_INITIAL_PDU bit to know when a TCP connection has dropped via iscsi_target_sk_state_change(), but the initial PDU processing within iscsi_target_do_login() in iscsi_np context is still running. For this case, it sets LOGIN_FLAGS_CLOSED, but doesn't invoke schedule_delayed_work(). The original NULL pointer dereference case reported by MNC is now handled by iscsi_target_do_login() doing a iscsi_target_sk_check_close() before transitioning to FFP to determine when the socket has already closed, or iscsi_target_start_negotiation() if the login needs to exchange more PDUs (eg: iscsi_target_do_login returned 0) but the socket has closed. For both of these cases, the cleanup up of remaining connection resources will occur in iscsi_target_start_negotiation() from iscsi_np process context once the failure is detected. Finally, to handle to case where iscsi_target_sk_state_change() is called after the initial PDU procesing is complete, it now invokes conn->login_work -> iscsi_target_do_login_rx() to perform cleanup once existing iscsi_target_sk_check_close() checks detect connection failure. For this case, the cleanup of remaining connection resources will occur in iscsi_target_do_login_rx() from delayed workqueue process context once the failure is detected. Reported-by: Mike Christie <mchristi@redhat.com> Reviewed-by: Mike Christie <mchristi@redhat.com> Tested-by: Mike Christie <mchristi@redhat.com> Cc: Mike Christie <mchristi@redhat.com> Reported-by: Hannes Reinecke <hare@suse.com> Cc: Hannes Reinecke <hare@suse.com> Cc: Sagi Grimberg <sagi@grimberg.me> Cc: Varun Prakash <varun@chelsio.com> Cc: <stable@vger.kernel.org> # v3.12+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
-
Leo Liu authored
We need program ring buffer on instance 1 register space domain, when only if instance 1 available, with two instances or instance 0, and we need only program instance 0 regsiter space domain for ring. Signed-off-by: Leo Liu <leo.liu@amd.com> Reviewed-by: Alex Deucher <alexander.deucher@amd.com> Cc: stable@vger.kernel.org Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
-
git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfsLinus Torvalds authored
Pull overlayfs fixes from Miklos Szeredi: "Fix regressions: - missing CONFIG_EXPORTFS dependency - failure if upper fs doesn't support xattr - bad error cleanup This also adds the concept of "impure" directories complementing the "origin" marking introduced in -rc1. Together they enable getting consistent st_ino and d_ino for directory listings. And there's a bug fix and a cleanup as well" * 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs: ovl: filter trusted xattr for non-admin ovl: mark upper merge dir with type origin entries "impure" ovl: mark upper dir with type origin entries "impure" ovl: remove unused arg from ovl_lookup_temp() ovl: handle rename when upper doesn't support xattr ovl: don't fail copy-up if upper doesn't support xattr ovl: check on mount time if upper fs supports setting xattr ovl: fix creds leak in copy up error path ovl: select EXPORTFS
-
Takashi Iwai authored
This is another attempt to work around the VLA used in mixer_us16x08.c. Basically the temporary array is used individually for two cases, and we can declare locally in each block, instead of hackish max() usage. Signed-off-by: Takashi Iwai <tiwai@suse.de>
-
Takashi Iwai authored
A mixer element created in a quirk for Tascam US-16x08 contains a typo: it should be "EQ MidLow Q" instead of "EQ MidQLow Q". Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=195875 Fixes: d2bb390a ("ALSA: usb-audio: Tascam US-16x08 DSP mixer quirk") Cc: <stable@vger.kernel.org> # v4.11+ Signed-off-by: Takashi Iwai <tiwai@suse.de>
-
Takashi Iwai authored
This reverts commit 89b593c3 ("ALSA: usb-audio: purge needless variable length array"). The patch turned out to cause a severe regression, triggering an Oops at snd_usb_ctl_msg(). It was overseen that snd_usb_ctl_msg() writes back the response to the given buffer, while the patch changed it to a read-only const buffer. (One should always double-check when an extra pointer cast is present...) As a simple fix, just revert the affected commit. It was merely a cleanup. Although it brings VLA again, it's clearer as a fix. We'll address the VLA later in another patch. Fixes: 89b593c3 ("ALSA: usb-audio: purge needless variable length array") Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=195875 Cc: <stable@vger.kernel.org> # v4.11+ Signed-off-by: Takashi Iwai <tiwai@suse.de>
-
- 30 May, 2017 4 commits
-
-
Linus Torvalds authored
This effectively reverts commit 8ee74a91 ("proc: try to remove use of FOLL_FORCE entirely") It turns out that people do depend on FOLL_FORCE for the /proc/<pid>/mem case, and we're talking not just debuggers. Talking to the affected people, the use-cases are: Keno Fischer: "We used these semantics as a hardening mechanism in the julia JIT. By opening /proc/self/mem and using these semantics, we could avoid needing RWX pages, or a dual mapping approach. We do have fallbacks to these other methods (though getting EIO here actually causes an assert in released versions - we'll updated that to make sure to take the fall back in that case). Nevertheless the /proc/self/mem approach was our favored approach because it a) Required an attacker to be able to execute syscalls which is a taller order than getting memory write and b) didn't double the virtual address space requirements (as a dual mapping approach would). I think in general this feature is very useful for anybody who needs to precisely control the execution of some other process. Various debuggers (gdb/lldb/rr) certainly fall into that category, but there's another class of such processes (wine, various emulators) which may want to do that kind of thing. Now, I suspect most of these will have the other process under ptrace control, so maybe allowing (same_mm || ptraced) would be ok, but at least for the sandbox/remote-jit use case, it would be perfectly reasonable to not have the jit server be a ptracer" Robert O'Callahan: "We write to readonly code and data mappings via /proc/.../mem in lots of different situations, particularly when we're adjusting program state during replay to match the recorded execution. Like Julia, we can add workarounds, but they could be expensive." so not only do people use FOLL_FORCE for both reads and writes, but they use it for both the local mm and remote mm. With these comments in mind, we likely also cannot add the "are we actively ptracing" check either, so this keeps the new code organization and does not do a real revert that would add back the original comment about "Maybe we should limit FOLL_FORCE to actual ptrace users?" Reported-by: Keno Fischer <keno@juliacomputing.com> Reported-by: Robert O'Callahan <robert@ocallahan.org> Cc: Kees Cook <keescook@chromium.org> Cc: Andy Lutomirski <luto@amacapital.net> Cc: Eric Biederman <ebiederm@xmission.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Gioh Kim authored
Commit 19bca6ab ("KVM: SVM: Fix cross vendor migration issue with unusable bit") added checking type when setting unusable. So unusable can be set if present is 0 OR type is 0. According to the AMD processor manual, long mode ignores the type value in segment descriptor. And type can be 0 if it is read-only data segment. Therefore type value is not related to unusable flag. This patch is based on linux-next v4.12.0-rc3. Signed-off-by: Gioh Kim <gi-oh.kim@profitbricks.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-
Radim Krčmář authored
kvm_skip_emulated_instruction() will return 0 if userspace is single-stepping the guest. kvm_skip_emulated_instruction() uses return status convention of exit handler: 0 means "exit to userspace" and 1 means "continue vm entries". The problem is that nested_vmx_check_vmptr() return status means something else: 0 is ok, 1 is error. This means we would continue executing after a failure. Static checker noticed it because vmptr was not initialized. Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Fixes: 6affcbed ("KVM: x86: Add kvm_skip_emulated_instruction and use it.") Signed-off-by: Radim Krčmář <rkrcmar@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-
Kuninori Morimoto authored
In descriptor mode, the descriptor running pointer is not maintained by the interrupt handler, thus, driver finds the running descriptor from the descriptor pointer field in the CHCRB register. But, CHCRB::DPTR indicates *next* descriptor pointer, not current. Thus, The residue calculation will be missed. This patch fixup it. Signed-off-by: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com> Signed-off-by: Vinod Koul <vinod.koul@intel.com>
-
- 29 May, 2017 7 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrlLinus Torvalds authored
Pull pin control fixes from Linus Walleij: "Here is an overdue pull request for pin control fixes, the most prominent feature is to make Intel Chromebooks (and I suspect any other Cherryview-based Intel thing) happy again, which we really want to see. There is a patch hitting drivers/firmware/* that I was uncertain to who actually manages, but I got Andy Shevchenko's and Dmitry Torokov's review tags on it and I trust them both 100% to do the right thing for Intel platform drivers. Summary: - Make a few Intel Chromebooks with Cherryview DMI firmware work smoothly. - A fix for some bogus allocations in the generic group management code. - Some GPIO descriptor lookup table stubs. Merged through the pin control tree for administrative reasons. - Revert the "bi-directional" and "output-enable" generic properties: we need more discussions around this. It seems other SoCs are using input/output gate enablement and these terms are not correct. - Fix mux and drive strength atomically in the MXS driver. - Fix the SPDIF function on sunxi A83T. - OF table terminators and other small fixes" * tag 'pinctrl-v4.12-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl: pinctrl: sunxi: Fix SPDIF function name for A83T pinctrl: mxs: atomically switch mux and drive strength config pinctrl: cherryview: Extend the Chromebook DMI quirk to Intel_Strago systems firmware: dmi: Add DMI_PRODUCT_FAMILY identification string pinctrl: core: Fix warning by removing bogus code gpiolib: Add stubs for gpiod lookup table interface Revert "pinctrl: generic: Add bi-directional and output-enable" pinctrl: cherryview: Add terminate entry for dmi_system_id tables
-
Vegard Nossum authored
This fixes a regression in commit 4d6501dc where I didn't notice that MIPS and OpenRISC were reinitialising p->{set,clear}_child_tid to NULL after our initialisation in copy_process(). We can simply get rid of the arch-specific initialisation here since it is now always done in copy_process() before hitting copy_thread{,_tls}(). Review notes: - As far as I can tell, copy_process() is the only user of copy_thread_tls(), which is the only caller of copy_thread() for architectures that don't implement copy_thread_tls(). - After this patch, there is no arch-specific code touching p->set_child_tid or p->clear_child_tid whatsoever. - It may look like MIPS/OpenRISC wanted to always have these fields be NULL, but that's not true, as copy_process() would unconditionally set them again _after_ calling copy_thread_tls() before commit 4d6501dc. Fixes: 4d6501dc ("kthread: Fix use-after-free if kthread fork fails") Reported-by: Guenter Roeck <linux@roeck-us.net> Tested-by: Guenter Roeck <linux@roeck-us.net> # MIPS only Acked-by: Stafford Horne <shorne@gmail.com> Acked-by: Oleg Nesterov <oleg@redhat.com> Cc: Ralf Baechle <ralf@linux-mips.org> Cc: linux-mips@linux-mips.org Cc: Jonas Bonn <jonas@southpole.se> Cc: Stefan Kristiansson <stefan.kristiansson@saunalahti.fi> Cc: openrisc@lists.librecores.org Cc: Jamie Iles <jamie.iles@oracle.com> Cc: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Miklos Szeredi authored
Filesystems filter out extended attributes in the "trusted." domain for unprivlieged callers. Overlay calls underlying filesystem's method with elevated privs, so need to do the filtering in overlayfs too. Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
-
Hans de Goede authored
For ACPI devices which do not have a _PSC method, the ACPI subsys cannot query their initial state at boot, so these devices are assumed to have been put in D0 by the BIOS, but for touchscreens that is not always true. This commit adds a call to acpi_device_fix_up_power to explicitly put devices without a _PSC method into D0 state (for devices with a _PSC method it is a nop). Note we only need to do this on probe, after a resume the ACPI subsys knows the device is in D3 and will properly put it in D0. This fixes the SIS0817 i2c-hid touchscreen on a Peaq C1010 2-in-1 device failing to probe with a "hid_descr_cmd failed" error. Acked-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
-
Amir Goldstein authored
An upper dir is marked "impure" to let ovl_iterate() know that this directory may contain non pure upper entries whose d_ino may need to be read from the origin inode. We already mark a non-merge dir "impure" when moving a non-pure child entry inside it, to let ovl_iterate() know not to iterate the non-merge dir directly. Mark also a merge dir "impure" when moving a non-pure child entry inside it and when copying up a child entry inside it. This can be used to optimize ovl_iterate() to perform a "pure merge" of upper and lower directories, merging the content of the directories, without having to read d_ino from origin inodes. Signed-off-by: Amir Goldstein <amir73il@gmail.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
-
Borislav Petkov authored
... to raw_smp_processor_id() to not trip the BUG: using smp_processor_id() in preemptible [00000000] code: swapper/0/1 check. The reasoning behind it is that __warn() already uses the raw_ variants but the show_regs() path on 32-bit doesn't. Signed-off-by: Borislav Petkov <bp@suse.de> Cc: Josh Poimboeuf <jpoimboe@redhat.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Link: http://lkml.kernel.org/r/20170528092212.fiod7kygpjm23m3o@pd.tnicSigned-off-by: Ingo Molnar <mingo@kernel.org>
-
Borislav Petkov authored
With CONFIG_DEBUG_PREEMPT enabled, I get: BUG: using smp_processor_id() in preemptible [00000000] code: swapper/0/1 caller is debug_smp_processor_id CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.12.0-rc2+ #2 Call Trace: dump_stack check_preemption_disabled debug_smp_processor_id save_microcode_in_initrd_amd ? microcode_init save_microcode_in_initrd ... because, well, it says it above, we're using smp_processor_id() in preemptible code. But passing the CPU number is not really needed. It is only used to determine whether we're on the BSP, and, if so, to save the microcode patch for early loading. [ We don't absolutely need to do it on the BSP but we do that customarily there. ] Instead, convert that function parameter to a boolean which denotes whether the patch should be saved or not, thereby avoiding the use of smp_processor_id() in preemptible code. Signed-off-by: Borislav Petkov <bp@suse.de> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Link: http://lkml.kernel.org/r/20170528200414.31305-1-bp@alien8.deSigned-off-by: Ingo Molnar <mingo@kernel.org>
-