- 21 May, 2017 1 commit
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-traceLinus Torvalds authored
Pull tracing fixes from Steven Rostedt: - Fix a bug caused by not cleaning up the new instance unique triggers when deleting an instance. It also creates a selftest that triggers that bug. - Fix the delayed optimization happening after kprobes boot up self tests being removed by freeing of init memory. - Comment kprobes on why the delay optimization is not a problem for removal of modules, to keep other developers from searching that riddle. - Fix another case of rcu not watching in stack trace tracing. * tag 'trace-v4.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: tracing: Make sure RCU is watching before calling a stack trace kprobes: Document how optimized kprobes are removed from module unload selftests/ftrace: Add test to remove instance with active event triggers selftests/ftrace: Fix bashisms ftrace: Remove #ifdef from code and add clear_ftrace_function_probes() stub ftrace/instances: Clear function triggers when removing instances ftrace: Simplify glob handling in unregister_ftrace_function_probe_func() tracing/kprobes: Enforce kprobes teardown after testing tracing: Move postpone selftests to core from early_initcall
-
- 20 May, 2017 16 commits
-
-
git://git.kernel.dk/linux-blockLinus Torvalds authored
Pull block fixes from Jens Axboe: "A small collection of fixes that should go into this cycle. - a pull request from Christoph for NVMe, which ended up being manually applied to avoid pulling in newer bits in master. Mostly fibre channel fixes from James, but also a few fixes from Jon and Vijay - a pull request from Konrad, with just a single fix for xen-blkback from Gustavo. - a fuseblk bdi fix from Jan, fixing a regression in this series with the dynamic backing devices. - a blktrace fix from Shaohua, replacing sscanf() with kstrtoull(). - a request leak fix for drbd from Lars, fixing a regression in the last series with the kref changes. This will go to stable as well" * 'for-linus' of git://git.kernel.dk/linux-block: nvmet: release the sq ref on rdma read errors nvmet-fc: remove target cpu scheduling flag nvme-fc: stop queues on error detection nvme-fc: require target or discovery role for fc-nvme targets nvme-fc: correct port role bits nvme: unmap CMB and remove sysfs file in reset path blktrace: fix integer parse fuseblk: Fix warning in super_setup_bdi_name() block: xen-blkback: add null check to avoid null pointer dereference drbd: fix request leak introduced by locking/atomic, kref: Kill kref_sub()
-
Vijay Immanuel authored
On rdma read errors, release the sq ref that was taken when the req was initialized. This avoids a hang in nvmet_sq_destroy() when the queue is being freed. Signed-off-by: Vijay Immanuel <vijayi@attalasystems.com> Reviewed-by: Sagi Grimberg <sagi@grimberg.me> Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jens Axboe <axboe@fb.com>
-
James Smart authored
Remove NVMET_FCTGTFEAT_NEEDS_CMD_CPUSCHED. It's unnecessary. Signed-off-by: James Smart <james.smart@broadcom.com> Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de> Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jens Axboe <axboe@fb.com>
-
James Smart authored
Per the recommendation by Sagi on: http://lists.infradead.org/pipermail/linux-nvme/2017-April/009261.html Rather than waiting for reset work thread to stop queues and abort the ios, immediately stop the queues on error detection. Reset thread will restop the queues (as it's called on other paths), but it does not appear to have a side effect. Signed-off-by: James Smart <james.smart@broadcom.com> Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de> Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jens Axboe <axboe@fb.com>
-
James Smart authored
In order to create an association, the remoteport must be serving either a target role or a discovery role. Signed-off-by: James Smart <james.smart@broadcom.com> Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de> Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jens Axboe <axboe@fb.com>
-
James Smart authored
FC Port roles is a bit mask, not individual values. Correct nvme definitions to unique bits. Signed-off-by: James Smart <james.smart@broadcom.com> Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de> Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jens Axboe <axboe@fb.com>
-
Jon Derrick authored
CMB doesn't get unmapped until removal while getting remapped on every reset. Add the unmapping and sysfs file removal to the reset path in nvme_pci_disable to match the mapping path in nvme_pci_enable. Fixes: 202021c1 ("nvme : Add sysfs entry for NVMe CMBs when appropriate") Signed-off-by: Jon Derrick <jonathan.derrick@intel.com> Acked-by: Keith Busch <keith.busch@intel.com> Reviewed-By: Stephen Bates <sbates@raithlin.com> Cc: <stable@vger.kernel.org> # 4.9+ Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jens Axboe <axboe@fb.com>
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/stagingLinus Torvalds authored
Pull staging driver fixes from Greg KH: "Here are a number of staging driver fixes for 4.12-rc2 Most of them are typec driver fixes found by reviewers and users of the code. There are also some removals of files no longer needed in the tree due to the ion driver rewrite in 4.12-rc1, as well as some wifi driver fixes. And to round it out, a MAINTAINERS file update. All have been in linux-next with no reported issues" * tag 'staging-4.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: (22 commits) MAINTAINERS: greybus-dev list is members-only staging: fsl-dpaa2/eth: add ETHERNET dependency staging: typec: fusb302: refactor resume retry mechanism staging: typec: fusb302: reset i2c_busy state in error staging: rtl8723bs: remove re-positioned call to kfree in os_dep/ioctl_cfg80211.c staging: rtl8192e: GetTs Fix invalid TID 7 warning. staging: rtl8192e: rtl92e_get_eeprom_size Fix read size of EPROM_CMD. staging: rtl8192e: fix 2 byte alignment of register BSSIDR. staging: rtl8192e: rtl92e_fill_tx_desc fix write to mapped out memory. staging: vc04_services: Fix bulk cache maintenance staging: ccree: remove extraneous spin_unlock_bh() in error handler staging: typec: Fix sparse warnings about incorrect types staging: typec: fusb302: do not free gpio from managed resource staging: typec: tcpm: Fix Port Power Role field in PS_RDY messages staging: typec: tcpm: Respond to Discover Identity commands staging: typec: tcpm: Set correct flags in PD request messages staging: typec: tcpm: Drop duplicate PD messages staging: typec: fusb302: Fix chip->vbus_present init value staging: typec: fusb302: Fix module autoload staging: typec: tcpci: declare private structure as static ...
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usbLinus Torvalds authored
Pull USB fixes from Greg KH: "Here are a number of small USB fixes for 4.12-rc2 Most of them come from Johan, in his valiant quest to fix up all drivers that could be affected by "malicious" USB devices. There's also some fixes for more "obscure" drivers to handle some of the vmalloc stack fallout (which for USB drivers, was always the case, but very few people actually ran those systems...) Other than that, the normal set of xhci and gadget and musb driver fixes as well. All have been in linux-next with no reported issues" * tag 'usb-4.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (42 commits) usb: musb: tusb6010_omap: Do not reset the other direction's packet size usb: musb: Fix trying to suspend while active for OTG configurations usb: host: xhci-plat: propagate return value of platform_get_irq() xhci: Fix command ring stop regression in 4.11 xhci: remove GFP_DMA flag from allocation USB: xhci: fix lock-inversion problem usb: host: xhci-ring: don't need to clear interrupt pending for MSI enabled hcd usb: host: xhci-mem: allocate zeroed Scratchpad Buffer xhci: apply PME_STUCK_QUIRK and MISSING_CAS quirk for Denverton usb: xhci: trace URB before giving it back instead of after USB: serial: qcserial: add more Lenovo EM74xx device IDs USB: host: xhci: use max-port define USB: hub: fix SS max number of ports USB: hub: fix non-SS hub-descriptor handling USB: hub: fix SS hub-descriptor handling USB: usbip: fix nonconforming hub descriptor USB: gadget: dummy_hcd: fix hub-descriptor removable fields doc-rst: fixed kernel-doc directives in usb/typec.rst USB: core: of: document reference taken by companion helper USB: ehci-platform: fix companion-device leak ...
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-miscLinus Torvalds authored
Pull char/misc driver fixes from Greg KH: "Here are five small bugfixes for reported issues with 4.12-rc1 and earlier kernels. Nothing huge here, just a lp, mem, vpd, and uio driver fix, along with a Kconfig fixup for one of the misc drivers. All of these have been in linux-next with no reported issues" * tag 'char-misc-4.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: firmware: Google VPD: Fix memory allocation error handling drivers: char: mem: Check for address space wraparound with mmap() uio: fix incorrect memory leak cleanup misc: pci_endpoint_test: select CRC32 char: lp: fix possible integer overflow in lp_setup()
-
git://www.linux-watchdog.org/linux-watchdogLinus Torvalds authored
Pull watchdog fixes from Wim Van Sebroeck: - orion_wdt compile-test dependencies - sama5d4_wdt: WDDIS handling and a race confition - pcwd_usb: fix NULL-deref at probe - cadence_wdt: fix timeout setting - wdt_pci: fix build error if SOFTWARE_REBOOT is defined - iTCO_wdt: all versions count down twice - zx2967: remove redundant dev_err call in zx2967_wdt_probe() - bcm281xx: Fix use of uninitialized spinlock * git://www.linux-watchdog.org/linux-watchdog: watchdog: bcm281xx: Fix use of uninitialized spinlock. watchdog: zx2967: remove redundant dev_err call in zx2967_wdt_probe() iTCO_wdt: all versions count down twice watchdog: wdt_pci: fix build error if define SOFTWARE_REBOOT watchdog: cadence_wdt: fix timeout setting watchdog: pcwd_usb: fix NULL-deref at probe watchdog: sama5d4: fix race condition watchdog: sama5d4: fix WDDIS handling watchdog: orion: fix compile-test dependencies
-
git://people.freedesktop.org/~airlied/linuxLinus Torvalds authored
Pull drm fixes from Dave Airlie: "Mostly nouveau and i915, fairly quiet as usual for rc2" * tag 'drm-fixes-for-v4.12-rc2' of git://people.freedesktop.org/~airlied/linux: drm/atmel-hlcdc: Fix output initialization gpu: host1x: select IOMMU_IOVA drm/nouveau/fifo/gk104-: Silence a locking warning drm/nouveau/secboot: plug memory leak in ls_ucode_img_load_gr() error path drm/nouveau: Fix drm poll_helper handling drm/i915: don't do allocate_va_range again on PIN_UPDATE drm/i915: Fix rawclk readout for g4x drm/i915: Fix runtime PM for LPE audio drm/i915/glk: Fix DSI "*ERROR* ULPS is still active" messages drm/i915/gvt: avoid unnecessary vgpu switch drm/i915/gvt: not to restore in-context mmio drm/etnaviv: don't put fence in case of submit failure drm/i915/gvt: fix typo: "supporte" -> "support" drm: hdlcd: Fix the calculation of the scanout start address
-
git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsiLinus Torvalds authored
Pull SCSI fixes from James Bottomley: "This is the first sweep of mostly minor fixes. There's one security one: the read past the end of a buffer in qedf, and a panic fix for lpfc SLI-3 adapters, but the rest are a set of include and build dependency tidy ups and assorted other small fixes and updates" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: pmcraid: remove redundant check to see if request_size is less than zero scsi: lpfc: ensure els_wq is being checked before destroying it scsi: cxlflash: Select IRQ_POLL scsi: qedf: Avoid reading past end of buffer scsi: qedf: Cleanup the type of io_log->op scsi: lpfc: double lock typo in lpfc_ns_rsp() scsi: qedf: properly update arguments position in function call scsi: scsi_lib: Add #include <scsi/scsi_transport.h> scsi: MAINTAINERS: update OSD entries scsi: Skip deleted devices in __scsi_device_lookup scsi: lpfc: Fix panic on BFS configuration scsi: libfc: do not flood console with messages 'libfc: queue full ...'
-
git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimmLinus Torvalds authored
Pull libnvdimm fixes from Dan Williams: "A couple of compile fixes. With the removal of the ->direct_access() method from block_device_operations in favor of a new dax_device + dax_operations we broke two configurations. The CONFIG_BLOCK=n case is fixed by compiling out the block+dax helpers in the dax core. Configurations with FS_DAX=n EXT4=y / XFS=y and DAX=m fail due to the helpers the builtin filesystem needs being in a module, so we stub out the helpers in the FS_DAX=n case." * 'libnvdimm-for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm: dax, xfs, ext4: compile out iomap-dax paths in the FS_DAX=n case dax: fix false CONFIG_BLOCK dependency
-
git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linuxLinus Torvalds authored
Pull i2c fix from Wolfram Sang: "A regression fix for I2C that would be great to have in rc2" * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: i2c: designware: don't infer timings described by ACPI from clock rate
-
git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommuLinus Torvalds authored
Pull IOMMU fixes from Joerg Roedel: - another compile-fix as a fallout of the recent header-file cleanup - add a missing IO/TLB flush to the Intel VT-d kdump code path - a fix for ARM64 dma code to only access initialized iova_domain members * tag 'iommu-fixes-v4.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu: iommu/mediatek: Include linux/dma-mapping.h iommu/vt-d: Flush the IOTLB to get rid of the initial kdump mappings iommu/dma: Don't touch invalid iova_domain members
-
- 19 May, 2017 23 commits
-
-
git://git.kernel.org/pub/scm/virt/kvm/kvmLinus Torvalds authored
Pull KVM fixes from Radim Krčmář: "ARM: - a fix for a build failure introduced in -rc1 when tracepoints are enabled on 32-bit ARM. - disable use of stack pointer protection in the hyp code which can cause panics. - a handful of VGIC fixes. - a fix to the init of the redistributors on GICv3 systems that prevented boot with kvmtool on GICv3 systems introduced in -rc1. - a number of race conditions fixed in our MMU handling code. - a fix for the guest being able to program the debug extensions for the host on the 32-bit side. PPC: - fixes for build failures with PR KVM configurations. - a fix for a host crash that can occur on POWER9 with radix guests. x86: - fixes for nested PML and nested EPT. - a fix for crashes caused by reserved bits in SSE MXCSR that could have been set by userspace. - an optimization of halt polling that fixes high CPU overhead. - fixes for four reports from Dan Carpenter's static checker. - a protection around code that shouldn't have been preemptible. - a fix for port IO emulation" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (27 commits) KVM: x86: prevent uninitialized variable warning in check_svme() KVM: x86/vPMU: fix undefined shift in intel_pmu_refresh() KVM: x86: zero base3 of unusable segments KVM: X86: Fix read out-of-bounds vulnerability in kvm pio emulation KVM: x86: Fix potential preemption when get the current kvmclock timestamp KVM: Silence underflow warning in avic_get_physical_id_entry() KVM: arm/arm64: Hold slots_lock when unregistering kvm io bus devices KVM: arm/arm64: Fix bug when registering redist iodevs KVM: x86: lower default for halt_poll_ns kvm: arm/arm64: Fix use after free of stage2 page table kvm: arm/arm64: Force reading uncached stage2 PGD KVM: nVMX: fix EPT permissions as reported in exit qualification KVM: VMX: Don't enable EPT A/D feature if EPT feature is disabled KVM: x86: Fix load damaged SSEx MXCSR register kvm: nVMX: off by one in vmx_write_pml_buffer() KVM: arm: rename pm_fake handler to trap_raz_wi KVM: arm: plug potential guest hardware debug leakage kvm: arm/arm64: Fix race in resetting stage2 PGD KVM: arm/arm64: vgic-v3: Use PREbits to infer the number of ICH_APxRn_EL2 registers KVM: arm/arm64: vgic-v3: Do not use Active+Pending state for a HW interrupt ...
-
git://git.kernel.org/pub/scm/linux/kernel/git/xen/tipLinus Torvalds authored
Pull xen fixes from Juergen Gross: "Some fixes for the new Xen 9pfs frontend and some minor cleanups" * tag 'for-linus-4.12b-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip: xen: make xen_flush_tlb_all() static xen: cleanup pvh leftovers from pv-only sources xen/9pfs: p9_trans_xen_init and p9_trans_xen_exit can be static xen/9pfs: fix return value check in xen_9pfs_front_probe()
-
git://git.kernel.org/pub/scm/linux/kernel/git/robh/linuxLinus Torvalds authored
Pull DeviceTree fixes from Rob Herring: - fix missing allocation failure handling in fdt code - fix dtc compile error on 32-bit hosts - revert bad sparse changes causing GCC7 warnings * tag 'devicetree-fixes-for-4.12' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux: of: fdt: add missing allocation-failure check dtc: check.c fix compile error Partially Revert "of: fix sparse warnings in fdt, irq, reserved mem, and resolver code"
-
git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-socLinus Torvalds authored
Pull ARM SoC fixes from Olof Johansson: "We had a small batch of fixes before -rc1, but here is a larger one. It contains a backmerge of 4.12-rc1 since some of the downstream branches we merge had that as base; at the same time we already had merged contents before -rc1 and rebase wasn't the right solution. A mix of random smaller fixes and a few things worth pointing out: - We've started telling people to avoid cross-tree shared branches if all they're doing is picking up one or two DT-used constants from a shared include file, and instead to use the numeric values on first submission. Follow-up moving over to symbolic names are sent in right after -rc1, i.e. here. It's only a few minor patches of this type. - Linus Walleij and others are resurrecting the 'Gemini' platform, and wanted a cut-down platform-specific defconfig for it. So I picked that up for them. - Rob Herring ran 'savedefconfig' on arm64, it's a bit churny but it helps people to prepare patches since it's a pain when defconfig and current savedefconfig contents differs too much. - Devicetree additions for some pinctrl drivers for Armada that were merged this window. I'd have preferred to see those earlier but it's not a huge deail. The biggest change worth pointing out though since it's touching other parts of the tree: We added prefixes to be used when cross-including DT contents between arm64 and arm, allowing someone to #include <arm/foo.dtsi> from arm64, and likewise. As part of that, we needed arm/foo.dtsi to work on arm as well. The way I suggested this to Heiko resulted in a recursive symlink. Instead, I've now moved it out of arch/*/boot/dts/include, into a shared location under scripts/dtc. While I was at it, I consolidated so all architectures now behave the same way in this manner. Rob Herring (DT maintainer) has acked it. I cc:d most other arch maintainers but nobody seems to care much; it doesn't really affect them since functionality is unchanged for them by default" * tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (29 commits) arm64: dts: rockchip: fix include reference firmware: ti_sci: fix strncat length check ARM: remove duplicate 'const' annotations' arm64: defconfig: enable options needed for QCom DB410c board arm64: defconfig: sync with savedefconfig ARM: configs: add a gemini defconfig devicetree: Move include prefixes from arch to separate directory ARM: dts: dra7: Reduce cpu thermal shutdown temperature memory: omap-gpmc: Fix debug output for access width ARM: dts: LogicPD Torpedo: Fix camera pin mux ARM: dts: omap4: enable CEC pin for Pandaboard A4 and ES ARM: dts: gta04: fix polarity of clocks for mcbsp4 ARM: dts: dra7: Add power hold and power controller properties to palmas soc: imx: add PM dependency for IMX7_PM_DOMAINS ARM: dts: imx6sx-sdb: Remove OPP override ARM: dts: imx53-qsrb: Pulldown PMIC IRQ pin soc: bcm: brcmstb: Correctly match 7435 SoC tee: add ARM_SMCCC dependency ARM: omap2+: make omap4_get_cpu1_ns_pa_addr declaration usable ARM64: dts: mediatek: configure some fixed mmc parameters ...
-
git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linuxLinus Torvalds authored
Pull arm64 fixes/cleanups from Catalin Marinas: - Avoid taking a mutex in the secondary CPU bring-up path when interrupts are disabled - Ignore perf exclude_hv when the kernel is running in Hyp mode - Remove redundant instruction in cmpxchg * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: arm64/cpufeature: don't use mutex in bringup path arm64: perf: Ignore exclude_hv when kernel is running in HYP arm64: Remove redundant mov from LL/SC cmpxchg
-
git://linux-arm.org/linux-ldDave Airlie authored
single hdlcd fix * 'for-upstream/hdlcd' of git://linux-arm.org/linux-ld: drm: hdlcd: Fix the calculation of the scanout start address
-
git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linuxLinus Torvalds authored
Pull powerpc fixes from Michael Ellerman: "The headliner is a fix for FP/VMX register corruption when using transactional memory, and a new selftest to go with it. Then there's the virt_addr_valid() fix, currently HARDENDED_USERCOPY is tripping on that causing some machines to crash. A few other fairly minor fixes for long tail things, and a couple of fixes for code we just merged. Thanks to: Breno Leitao, Gautham Shenoy, Michael Neuling, Naveen Rao. Nicholas Piggin, Paul Mackerras" * tag 'powerpc-4.12-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: powerpc/mm: Fix virt_addr_valid() etc. on 64-bit hash powerpc/mm: Fix crash in page table dump with huge pages powerpc/kprobes: Fix handling of instruction emulation on probe re-entry powerpc/powernv: Set NAPSTATELOST after recovering paca on P9 DD1 selftests/powerpc: Test TM and VMX register state powerpc/tm: Fix FP and VMX register corruption powerpc/modules: If mprofile-kernel is enabled add it to vermagic
-
Radim Krčmář authored
get_msr() of MSR_EFER is currently always going to succeed, but static checker doesn't see that far. Don't complicate stuff and just use 0 for the fallback -- it means that the feature is not present. Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: David Hildenbrand <david@redhat.com> Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
-
Radim Krčmář authored
Static analysis noticed that pmu->nr_arch_gp_counters can be 32 (INTEL_PMC_MAX_GENERIC) and therefore cannot be used to shift 'int'. I didn't add BUILD_BUG_ON for it as we have a better checker. Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Fixes: 25462f7f ("KVM: x86/vPMU: Define kvm_pmu_ops to support vPMU function dispatch") Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: David Hildenbrand <david@redhat.com> Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
-
Radim Krčmář authored
Static checker noticed that base3 could be used uninitialized if the segment was not present (useable). Random stack values probably would not pass VMCS entry checks. Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Fixes: 1aa36616 ("KVM: x86 emulator: consolidate segment accessors") Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: David Hildenbrand <david@redhat.com> Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
-
Wanpeng Li authored
Huawei folks reported a read out-of-bounds vulnerability in kvm pio emulation. - "inb" instruction to access PIT Mod/Command register (ioport 0x43, write only, a read should be ignored) in guest can get a random number. - "rep insb" instruction to access PIT register port 0x43 can control memcpy() in emulator_pio_in_emulated() to copy max 0x400 bytes but only read 1 bytes, which will disclose the unimportant kernel memory in host but no crash. The similar test program below can reproduce the read out-of-bounds vulnerability: void hexdump(void *mem, unsigned int len) { unsigned int i, j; for(i = 0; i < len + ((len % HEXDUMP_COLS) ? (HEXDUMP_COLS - len % HEXDUMP_COLS) : 0); i++) { /* print offset */ if(i % HEXDUMP_COLS == 0) { printf("0x%06x: ", i); } /* print hex data */ if(i < len) { printf("%02x ", 0xFF & ((char*)mem)[i]); } else /* end of block, just aligning for ASCII dump */ { printf(" "); } /* print ASCII dump */ if(i % HEXDUMP_COLS == (HEXDUMP_COLS - 1)) { for(j = i - (HEXDUMP_COLS - 1); j <= i; j++) { if(j >= len) /* end of block, not really printing */ { putchar(' '); } else if(isprint(((char*)mem)[j])) /* printable char */ { putchar(0xFF & ((char*)mem)[j]); } else /* other char */ { putchar('.'); } } putchar('\n'); } } } int main(void) { int i; if (iopl(3)) { err(1, "set iopl unsuccessfully\n"); return -1; } static char buf[0x40]; /* test ioport 0x40,0x41,0x42,0x43,0x44,0x45 */ memset(buf, 0xab, sizeof(buf)); asm volatile("push %rdi;"); asm volatile("mov %0, %%rdi;"::"q"(buf)); asm volatile ("mov $0x40, %rdx;"); asm volatile ("in %dx,%al;"); asm volatile ("stosb;"); asm volatile ("mov $0x41, %rdx;"); asm volatile ("in %dx,%al;"); asm volatile ("stosb;"); asm volatile ("mov $0x42, %rdx;"); asm volatile ("in %dx,%al;"); asm volatile ("stosb;"); asm volatile ("mov $0x43, %rdx;"); asm volatile ("in %dx,%al;"); asm volatile ("stosb;"); asm volatile ("mov $0x44, %rdx;"); asm volatile ("in %dx,%al;"); asm volatile ("stosb;"); asm volatile ("mov $0x45, %rdx;"); asm volatile ("in %dx,%al;"); asm volatile ("stosb;"); asm volatile ("pop %rdi;"); hexdump(buf, 0x40); printf("\n"); /* ins port 0x40 */ memset(buf, 0xab, sizeof(buf)); asm volatile("push %rdi;"); asm volatile("mov %0, %%rdi;"::"q"(buf)); asm volatile ("mov $0x20, %rcx;"); asm volatile ("mov $0x40, %rdx;"); asm volatile ("rep insb;"); asm volatile ("pop %rdi;"); hexdump(buf, 0x40); printf("\n"); /* ins port 0x43 */ memset(buf, 0xab, sizeof(buf)); asm volatile("push %rdi;"); asm volatile("mov %0, %%rdi;"::"q"(buf)); asm volatile ("mov $0x20, %rcx;"); asm volatile ("mov $0x43, %rdx;"); asm volatile ("rep insb;"); asm volatile ("pop %rdi;"); hexdump(buf, 0x40); printf("\n"); return 0; } The vcpu->arch.pio_data buffer is used by both in/out instrutions emulation w/o clear after using which results in some random datas are left over in the buffer. Guest reads port 0x43 will be ignored since it is write only, however, the function kernel_pio() can't distigush this ignore from successfully reads data from device's ioport. There is no new data fill the buffer from port 0x43, however, emulator_pio_in_emulated() will copy the stale data in the buffer to the guest unconditionally. This patch fixes it by clearing the buffer before in instruction emulation to avoid to grant guest the stale data in the buffer. In addition, string I/O is not supported for in kernel device. So there is no iteration to read ioport %RCX times for string I/O. The function kernel_pio() just reads one round, and then copy the io size * %RCX to the guest unconditionally, actually it copies the one round ioport data w/ other random datas which are left over in the vcpu->arch.pio_data buffer to the guest. This patch fixes it by introducing the string I/O support for in kernel device in order to grant the right ioport datas to the guest. Before the patch: 0x000000: fe 38 93 93 ff ff ab ab .8...... 0x000008: ab ab ab ab ab ab ab ab ........ 0x000010: ab ab ab ab ab ab ab ab ........ 0x000018: ab ab ab ab ab ab ab ab ........ 0x000020: ab ab ab ab ab ab ab ab ........ 0x000028: ab ab ab ab ab ab ab ab ........ 0x000030: ab ab ab ab ab ab ab ab ........ 0x000038: ab ab ab ab ab ab ab ab ........ 0x000000: f6 00 00 00 00 00 00 00 ........ 0x000008: 00 00 00 00 00 00 00 00 ........ 0x000010: 00 00 00 00 4d 51 30 30 ....MQ00 0x000018: 30 30 20 33 20 20 20 20 00 3 0x000020: ab ab ab ab ab ab ab ab ........ 0x000028: ab ab ab ab ab ab ab ab ........ 0x000030: ab ab ab ab ab ab ab ab ........ 0x000038: ab ab ab ab ab ab ab ab ........ 0x000000: f6 00 00 00 00 00 00 00 ........ 0x000008: 00 00 00 00 00 00 00 00 ........ 0x000010: 00 00 00 00 4d 51 30 30 ....MQ00 0x000018: 30 30 20 33 20 20 20 20 00 3 0x000020: ab ab ab ab ab ab ab ab ........ 0x000028: ab ab ab ab ab ab ab ab ........ 0x000030: ab ab ab ab ab ab ab ab ........ 0x000038: ab ab ab ab ab ab ab ab ........ After the patch: 0x000000: 1e 02 f8 00 ff ff ab ab ........ 0x000008: ab ab ab ab ab ab ab ab ........ 0x000010: ab ab ab ab ab ab ab ab ........ 0x000018: ab ab ab ab ab ab ab ab ........ 0x000020: ab ab ab ab ab ab ab ab ........ 0x000028: ab ab ab ab ab ab ab ab ........ 0x000030: ab ab ab ab ab ab ab ab ........ 0x000038: ab ab ab ab ab ab ab ab ........ 0x000000: d2 e2 d2 df d2 db d2 d7 ........ 0x000008: d2 d3 d2 cf d2 cb d2 c7 ........ 0x000010: d2 c4 d2 c0 d2 bc d2 b8 ........ 0x000018: d2 b4 d2 b0 d2 ac d2 a8 ........ 0x000020: ab ab ab ab ab ab ab ab ........ 0x000028: ab ab ab ab ab ab ab ab ........ 0x000030: ab ab ab ab ab ab ab ab ........ 0x000038: ab ab ab ab ab ab ab ab ........ 0x000000: 00 00 00 00 00 00 00 00 ........ 0x000008: 00 00 00 00 00 00 00 00 ........ 0x000010: 00 00 00 00 00 00 00 00 ........ 0x000018: 00 00 00 00 00 00 00 00 ........ 0x000020: ab ab ab ab ab ab ab ab ........ 0x000028: ab ab ab ab ab ab ab ab ........ 0x000030: ab ab ab ab ab ab ab ab ........ 0x000038: ab ab ab ab ab ab ab ab ........ Reported-by: Moguofang <moguofang@huawei.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Radim Krčmář <rkrcmar@redhat.com> Cc: Moguofang <moguofang@huawei.com> Signed-off-by: Wanpeng Li <wanpeng.li@hotmail.com> Cc: stable@vger.kernel.org Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
-
Wanpeng Li authored
BUG: using __this_cpu_read() in preemptible [00000000] code: qemu-system-x86/2809 caller is __this_cpu_preempt_check+0x13/0x20 CPU: 2 PID: 2809 Comm: qemu-system-x86 Not tainted 4.11.0+ #13 Call Trace: dump_stack+0x99/0xce check_preemption_disabled+0xf5/0x100 __this_cpu_preempt_check+0x13/0x20 get_kvmclock_ns+0x6f/0x110 [kvm] get_time_ref_counter+0x5d/0x80 [kvm] kvm_hv_process_stimers+0x2a1/0x8a0 [kvm] ? kvm_hv_process_stimers+0x2a1/0x8a0 [kvm] ? kvm_arch_vcpu_ioctl_run+0xac9/0x1ce0 [kvm] kvm_arch_vcpu_ioctl_run+0x5bf/0x1ce0 [kvm] kvm_vcpu_ioctl+0x384/0x7b0 [kvm] ? kvm_vcpu_ioctl+0x384/0x7b0 [kvm] ? __fget+0xf3/0x210 do_vfs_ioctl+0xa4/0x700 ? __fget+0x114/0x210 SyS_ioctl+0x79/0x90 entry_SYSCALL_64_fastpath+0x23/0xc2 RIP: 0033:0x7f9d164ed357 ? __this_cpu_preempt_check+0x13/0x20 This can be reproduced by run kvm-unit-tests/hyperv_stimer.flat w/ CONFIG_PREEMPT and CONFIG_DEBUG_PREEMPT enabled. Safe access to per-CPU data requires a couple of constraints, though: the thread working with the data cannot be preempted and it cannot be migrated while it manipulates per-CPU variables. If the thread is preempted, the thread that replaces it could try to work with the same variables; migration to another CPU could also cause confusion. However there is no preemption disable when reads host per-CPU tsc rate to calculate the current kvmclock timestamp. This patch fixes it by utilizing get_cpu/put_cpu pair to guarantee both __this_cpu_read() and rdtsc() are not preempted. Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Radim Krčmář <rkrcmar@redhat.com> Signed-off-by: Wanpeng Li <wanpeng.li@hotmail.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Cc: stable@vger.kernel.org Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
-
Shaohua Li authored
sscanf is a very poor way to parse integer. For example, I input "discard" for act_mask, it gets 0xd and completely messes up. Using correct API to do integer parse. This patch also makes attributes accept any base of integer. Signed-off-by: Shaohua Li <shli@fb.com> Signed-off-by: Jens Axboe <axboe@fb.com>
-
Ard Biesheuvel authored
Commit bd698d24 ("i2c: designware: Get selected speed mode sda-hold-time via ACPI") updated the logic that reads the timing parameters for various I2C bus rates from the DSDT, to only read the timing parameters for the currently selected mode. This causes a WARN_ON() splat on platforms that legally omit the clock frequency from the ACPI description, because in the new situation, the core I2C designware driver still accesses the fields in the driver struct that we no longer populate, and proceeds to calculate them from the clock frequency. Since the clock frequency is unspecified, the driver complains loudly using a WARN_ON(). So revert back to the old situation, where the struct fields for all timings are populated, but retain the new logic which chooses the SDA hold time from the timing mode that is currently in use. Fixes: bd698d24 ("i2c: designware: Get selected speed mode ...") Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reported-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com> Acked-by: Jarkko Nikula <jarkko.nikula@linux.intel.com> Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
-
Arnd Bergmann authored
The way we handle include paths for DT has changed a bit, which broke a file that had an unconventional way to reference a common header file: arch/arm64/boot/dts/rockchip/rk3399-gru-kevin.dts:47:10: fatal error: include/dt-bindings/input/linux-event-codes.h: No such file or directory This removes the leading "include/" from the path name, which fixes it. Fixes: d5d332d3 ("devicetree: Move include prefixes from arch to separate directory") Signed-off-by: Arnd Bergmann <arnd@arndb.de>
-
Eric Anholt authored
The bcm_kona_wdt_set_resolution_reg() call takes the spinlock, so initialize it earlier. Fixes a warning at boot with lock debugging enabled. Fixes: 6adb730d ("watchdog: bcm281xx: Watchdog Driver") Signed-off-by: Eric Anholt <eric@anholt.net> Reviewed-by: Florian Fainelli <f.fainelli@gmail.com> Reviewed-by: Guenter Roeck <linux@roeck-us.net> Signed-off-by: Guenter Roeck <linux@roeck-us.net> Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
-
Wei Yongjun authored
There is a error message within devm_ioremap_resource already, so remove the dev_err call to avoid redundant error message. Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com> Reviewed-by: Guenter Roeck <linux@roeck-us.net> Signed-off-by: Guenter Roeck <linux@roeck-us.net> Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
-
Paolo Bonzini authored
The ICH9 is listed as having TCO v2, and indeed the behavior in the datasheet corresponds to v2 (for example the NO_REBOOT flag is accessible via the 16KiB-aligned Root Complex Base Address). However, the TCO counts twice just like in v1; the documentation of the SECOND_TO_STS bit says: "ICH9 sets this bit to 1 to indicate that the TIMEOUT bit had been (or is currently) set and a second timeout occurred before the TCO_RLD register was written. If this bit is set and the NO_REBOOT config bit is 0, then the ICH9 will reboot the system after the second timeout. The same can be found in the BayTrail (Atom E3800) datasheet, and even HOWTOs around the Internet say that it will reboot after _twice_ the specified heartbeat. I did not find the Apollo Lake datasheet, but because v4/v5 has a SECOND_TO_STS bit just like the previous version I'm enabling this for Apollo Lake as well. Cc: linux-watchdog@vger.kernel.org Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Guenter Roeck <linux@roeck-us.net> Signed-off-by: Guenter Roeck <linux@roeck-us.net> Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
-
Arnd Bergmann authored
gcc-7 notices that the length we pass to strncat is wrong: drivers/firmware/ti_sci.c: In function 'ti_sci_probe': drivers/firmware/ti_sci.c:204:32: error: specified bound 50 equals the size of the destination [-Werror=stringop-overflow=] Instead of the total length, we must pass the length of the remaining space here. Fixes: aa276781 ("firmware: Add basic support for TI System Control Interface (TI-SCI) protocol") Cc: stable@vger.kernel.org Acked-by: Nishanth Menon <nm@ti.com> Acked-by: Santosh Shilimkar <ssantosh@kernel.org> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
-
Arnd Bergmann authored
gcc-7 warns about some declarations that are more 'const' than necessary: arch/arm/mach-at91/pm.c:338:34: error: duplicate 'const' declaration specifier [-Werror=duplicate-decl-specifier] static const struct of_device_id const ramc_ids[] __initconst = { arch/arm/mach-bcm/bcm_kona_smc.c:36:34: error: duplicate 'const' declaration specifier [-Werror=duplicate-decl-specifier] static const struct of_device_id const bcm_kona_smc_ids[] __initconst = { arch/arm/mach-spear/time.c:207:34: error: duplicate 'const' declaration specifier [-Werror=duplicate-decl-specifier] static const struct of_device_id const timer_of_match[] __initconst = { arch/arm/mach-omap2/prm_common.c:714:34: error: duplicate 'const' declaration specifier [-Werror=duplicate-decl-specifier] static const struct of_device_id const omap_prcm_dt_match_table[] __initconst = { arch/arm/mach-omap2/vc.c:562:35: error: duplicate 'const' declaration specifier [-Werror=duplicate-decl-specifier] static const struct i2c_init_data const omap4_i2c_timing_data[] __initconst = { The ones in arch/arm were apparently all introduced accidentally by one commit that correctly marked a lot of variables as __initconst. Fixes: 19c233b7 ("ARM: appropriate __init annotation for const data") Acked-by: Alexandre Belloni <alexandre.belloni@free-electrons.com> Acked-by: Tony Lindgren <tony@atomide.com> Acked-by: Nicolas Pitre <nico@linaro.org> Acked-by: Florian Fainelli <f.fainelli@gmail.com> Acked-by: Viresh Kumar <viresh.kumar@linaro.org> Acked-by: Krzysztof Hałasa <khalasa@piap.pl> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
-
Greg Kroah-Hartman authored
Merge tag 'usb-serial-4.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/johan/usb-serial into usb-linus Johan writes: USB-serial fixes for v4.12-rc2 Here's a fix for a long-standing issue in the ftdi_sio driver that prevented unprivileged users from updating the low-latency flag, something which became apparent after a recent change that restored the older setting of not using low-latency mode by default. A run of sparse revealed a couple of endianness issues that are now fixed, and addressed is also a user-triggerable division-by-zero in io_ti when debugging is enabled. Finally there are some new device ids, including a simplification of how we deal with a couple of older Olimex JTAG adapters. All have been in linux-next with no reported issues. Signed-off-by: Johan Hovold <johan@kernel.org>
-
Olof Johansson authored
Merge tag 'omap-for-v4.12/fixes-v2-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into fixes Fixes for omaps for v4.12-rc cycle most consisting of few minor dts fixes for various devices. Also included is a memory controller (GPMC) debug output fix as without that the shown bootloader configured GPMC bus width will be wrong and won't work for kernel timings: - Add dra7 powerhold configuration to be able to shut down pmic correctly - Fix polarity for gta04 mcbsp4 clocks for modem - Fix Pandaboard CEC pin pull making it usable - Fix LogicPD Torpedo camera pin mux - Fix GPMC debug bus width - Reduce cpu thermal shutdown temperature * tag 'omap-for-v4.12/fixes-v2-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap: ARM: dts: dra7: Reduce cpu thermal shutdown temperature memory: omap-gpmc: Fix debug output for access width ARM: dts: LogicPD Torpedo: Fix camera pin mux ARM: dts: omap4: enable CEC pin for Pandaboard A4 and ES ARM: dts: gta04: fix polarity of clocks for mcbsp4 ARM: dts: dra7: Add power hold and power controller properties to palmas Signed-off-by: Olof Johansson <olof@lixom.net>
-
Olof Johansson authored
Merge tag 'imx-fixes-4.12' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux into fixes i.MX fixes for 4.12: - A fix on GPCv2 power domain driver Kconfig which causes a build failure when CONFIG_PM is not set. - Pull down PMIC IRQ pin for imx53-qsrb board to prevent spurious PMIC interrupts from happening. - Remove board level OPP override for imx6sx-sdb to fix a boot crash seen on Rev.C boards. * tag 'imx-fixes-4.12' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux: soc: imx: add PM dependency for IMX7_PM_DOMAINS ARM: dts: imx6sx-sdb: Remove OPP override ARM: dts: imx53-qsrb: Pulldown PMIC IRQ pin Signed-off-by: Olof Johansson <olof@lixom.net>
-