| Age | Commit message (Collapse) | Author |
|---|
|
git://git.kernel.org/pub/scm/linux/kernel/git/lee/backlight
Pull backlight updates from Lee Jones:
- handle 32bit overflow in pwm_bl
- remove redundant code/checks in tps65217_bl and ili922x
* tag 'backlight-next-4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/backlight:
backlight: ili922x: Remove redundant variable len
backlight: tps65217_bl: Remove unnecessary default brightness check
backlight: pwm_bl: Fix overflow condition
|
|
Reorganize nvmet_fc_handle_fcp_rqst() so that the nvmet req.transfer_len
field is set after the call nvmet_req_init(). An update to nvmet now
has nvmet_req_init() clearing the field, thus the fc transport was losing
the value.
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: James Smart <james.smart@broadcom.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd
Pull MFD updates from Lee Jones:
"New drivers:
- Add support for Cherry Trail Dollar Cove TI PMIC
- Add support for Add Spreadtrum SC27xx series PMICs
New device support:
- Add support Regulator to axp20x
New functionality:
- Add DT support; aspeed-scu sc27xx-pmic
- Add power saving support; rts5249
Fix-ups:
- DT clean-up/rework; tps65217, max77693, iproc-cdru, iproc-mhb, tps65218
- Staticise/constify; stw481x
- Use new succinct IRQ API; fsl-imx25-tsadc
- Kconfig fix-ups; MFD_TPS65218
- Identify SPI method; lpc_ich
- Use managed resources (devm_*) calls; ssbi
- Remove unused/obsolete code/documentation; mc13xxx
Bug fixes:
- Fix typo in MAINTAINERS
- Fix error handling; mxs-lradc
- Clean-up IRQs on .remove; fsl-imx25-tsadc"
* tag 'mfd-next-4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd: (21 commits)
dt-bindings: mfd: mc13xxx: Remove obsolete property
mfd: axp20x: Add axp20x-regulator cell for AXP813
mfd: Add Spreadtrum SC27xx series PMICs driver
dt-bindings: mfd: Add Spreadtrum SC27xx PMIC documentation
mfd: ssbi: Use devm_of_platform_populate()
mfd: fsl-imx25: Clean up irq settings during removal
mfd: mxs-lradc: Fix error handling in mxs_lradc_probe()
mfd: lpc_ich: Avoton/Rangeley uses SPI_BYT method
mfd: tps65218: Introduce dependency on CONFIG_OF
mfd: tps65218: Correct the config description
MAINTAINERS: Fix Dialog search term for watchdog binding file
mfd: fsl-imx25: Set irq handler and data in one go
mfd: rts5249: Add support for RTS5250S power saving
ACPI / PMIC: Add opregion driver for Intel Dollar Cove TI PMIC
mfd: Add support for Cherry Trail Dollar Cove TI PMIC
syscon: dt-bindings: Add binding document for iProc MHB block
syscon: dt-bindings: Add binding doc for Broadcom iProc CDRU
mfd: max77693: Add muic of_compatible in mfd_cell
mfd: stw481x: Make three arrays static const, reduces object code size
mfd: tps65217: Introduce dependency on CONFIG_OF
...
|
|
ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
Pull char/misc updates from Greg KH:
"Here is the big set of char/misc and other driver subsystem patches
for 4.15-rc1.
There are small changes all over here, hyperv driver updates, pcmcia
driver updates, w1 driver updats, vme driver updates, nvmem driver
updates, and lots of other little one-off driver updates as well. The
shortlog has the full details.
All of these have been in linux-next for quite a while with no
reported issues"
* tag 'char-misc-4.15-rc1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (90 commits)
VME: Return -EBUSY when DMA list in use
w1: keep balance of mutex locks and refcnts
MAINTAINERS: Update VME subsystem tree.
nvmem: sunxi-sid: add support for A64/H5's SID controller
nvmem: imx-ocotp: Update module description
nvmem: imx-ocotp: Enable i.MX7D OTP write support
nvmem: imx-ocotp: Add i.MX7D timing write clock setup support
nvmem: imx-ocotp: Move i.MX6 write clock setup to dedicated function
nvmem: imx-ocotp: Add support for banked OTP addressing
nvmem: imx-ocotp: Pass parameters via a struct
nvmem: imx-ocotp: Restrict OTP write to IMX6 processors
nvmem: uniphier: add UniPhier eFuse driver
dt-bindings: nvmem: add description for UniPhier eFuse
nvmem: set nvmem->owner to nvmem->dev->driver->owner if unset
nvmem: qfprom: fix different address space warnings of sparse
nvmem: mtk-efuse: fix different address space warnings of sparse
nvmem: mtk-efuse: use stack for nvmem_config instead of malloc'ing it
nvmem: imx-iim: use stack for nvmem_config instead of malloc'ing it
thunderbolt: tb: fix use after free in tb_activate_pcie_devices
MAINTAINERS: Add git tree for Thunderbolt development
...
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
Pull driver core updates from Greg KH:
"Here is the set of driver core / debugfs patches for 4.15-rc1.
Not many here, mostly all are debugfs fixes to resolve some
long-reported problems with files going away with references to them
in userspace. There's also some SPDX cleanups for the debugfs code, as
well as a few other minor driver core changes for issues reported by
people.
All of these have been in linux-next for a week or more with no
reported issues"
* tag 'driver-core-4.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
driver core: Fix device link deferred probe
debugfs: Remove redundant license text
debugfs: add SPDX identifiers to all debugfs files
debugfs: defer debugfs_fsdata allocation to first usage
debugfs: call debugfs_real_fops() only after debugfs_file_get()
debugfs: purge obsolete SRCU based removal protection
IB/hfi1: convert to debugfs_file_get() and -put()
debugfs: convert to debugfs_file_get() and -put()
debugfs: debugfs_real_fops(): drop __must_hold sparse annotation
debugfs: implement per-file removal protection
debugfs: add support for more elaborate ->d_fsdata
driver core: Move device_links_purge() after bus_remove_device()
arch_topology: Fix section miss match warning due to free_raw_capacity()
driver-core: pr_err() strings should end with newlines
|
|
Commit 429f203eb712 ("arm64: dts: uniphier: route on-board device IRQ
to GPIO controller") missed to update this DTS. It becames a real
problem when arm and arm64 trees are merged together.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
|
|
In my view, it is not helpful to have a separate file just for
the coccicheck help message. Merge scripts/Makefile.help into
the top-level Makefile.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Acked-by: Julia Lawall <julia.lawall@lip6.fr>
|
|
These files are copied from arch/sh/lib, so should be ignored by git.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
|
|
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
|
|
Remove unused parameter from the call function,
which I accidentally added.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
|
|
erp_memwait only occurs in seldom memory pressure situations.
The typical case never uses the associated timer and thus also
does not need to initialize the timer.
Also, we don't want to re-initialize the timer each time we re-use an
erp_action in zfcp_erp_setup_act() [see also v4.14-rc7 commit ab31fd0ce65e
("scsi: zfcp: fix erp_action use-before-initialize in REC action trace")
for erp_action life cycle].
Hence, retain the lazy inintialization of zfcp_erp_action.timer
in zfcp_erp_strategy_memwait().
Add an empty line after declarations in zfcp_erp_timeout_handler()
and zfcp_fsf_request_timeout_handler() even though it was also missing
before the timer conversion.
Fix checkpatch warning:
WARNING: function definition argument 'struct timer_list *' should also have an identifier name
+extern void zfcp_erp_timeout_handler(struct timer_list *);
Depends-on: v4.14-rc3 commit 686fef928bba ("timer: Prepare to change timer callback argument type")
Signed-off-by: Steffen Maier <maier@linux.vnet.ibm.com>
Reviewed-by: Jens Remus <jremus@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
|
|
In preparation for unconditionally passing the struct timer_list pointer to
all timer callbacks, switch to using the new timer_setup() and from_timer()
to pass the timer pointer explicitly.
Cc: Steffen Maier <maier@linux.vnet.ibm.com>
Cc: Benjamin Block <bblock@linux.vnet.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: linux-s390@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
|
|
The hardware sampler creates samples that are processed at a later
point in time. The PID and TID values of the perf samples that are
created for hardware samples are initialized with values from the
current task. Hence, the PID and TID values are not correct and
perf samples are associated with wrong processes.
The PID and TID values are obtained from the Host Program Parameter
(HPP) field in the basic-sampling data entries. These PIDs are
valid in the init PID namespace. Ensure that the PIDs in the perf
samples are resolved considering the PID namespace in which the
perf event was created.
To correct the PID and TID values in the created perf samples,
a special overflow handler is installed. It replaces the default
overflow handler and does not become effective if any other
overflow handler is used. With the special overflow handler most
of the perf samples are associated with the right processes.
For processes, that are no longer exist, the association might
still be wrong.
Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
|
|
The lpp instruction is used to place the PID of the current
task in the program-parameter (PP) register. The register
contents is then included in the sampling data entries.
The lpp instruction loads the PP register only when at least
one sampling function is enabled. Otherwise it is executed
as a no-op.
Linux calls lpp at context switch. If the context switch
happens before the sampler is enabled, the PP register is
empty. That means, the PID of the task that is sampled is
not stored in sampling data until the next context switch.
Hence, always call lpp when enabling the sampler.
Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
|
|
For correct unwinding of user space processes, the floating-point
register contents are required. For example, leaf functions might
use fp registers to temporarily store the return address.
Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Reviewed-and-tested-by: Thomas Richter <tmricht@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
|
|
Extend the perf register support to also export floating-point register
contents for user space tasks. Floating-point registers might be used
in leaf functions to contain the return address. Hence, they are required
for proper DWARF unwinding.
Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Reviewed-and-tested-by: Thomas Richter <tmricht@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
|
|
Instead of defining DWARF register to string table in dwarf-regs-table.h
and dwarf-regs.c, use a common table in dwarf-regs-table.h.
Ensure that the DWARF register table is up-to-date with
http://refspecs.linuxfoundation.org/ELF/zSeries/lzsabi0_s390/x1542.html.
For unwinding with libdw, also ensure to correctly setup the DWARF
register frame according to the register mappings. Currently, libdw
supports up to 32 registers only.
Suggested-by: Thomas Richter <tmricht@linux.vnet.ibm.com>
Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Reviewed-and-tested-by: Thomas Richter <tmricht@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
|
|
With support for perf_regs and libdw, you can record and report
call graphs for user space programs. Simply invoke perf with
the --call-graph=dwarf command line option.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
[brueckner: added dwfl_thread_state_register_pc() call]
Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Reviewed-and-tested-by: Thomas Richter <tmricht@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
|
|
Add s390 support to dump user stack to user space for DWARF
stack unwinding.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Reviewed-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Reviewed-and-tested-by: Thomas Richter <tmricht@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
|
|
Previously, the cpum_sf PMU was registered even if there is no
sampling mode authorized. Add a check and register cpum_sf only
at least one sampling mode is authorized.
Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
|
|
Raw sample was implemented to export the diagnostic samples.
With having this achieved with AUX buffers, there is no requirement
for basic samples to export raw data. In particular, most basic
sampling information are consumed for creating the perf event sample.
Signed-off-by: Pu Hou <bjhoupu@linux.vnet.ibm.com>
Reviewed-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
|
|
Perf tool need implement a callback to enable using AUX buffer. Perf
will do another mmap() to trigger the setup of AUX buffer in kernel
if there is such callback. The default size of the AUX buffer is set
properly according to the sampling frequency to avoid overflow. It
could also be manually set by -m option of perf.
The interface of perf is not changed. Diagnostic mode sampling
could be started by `perf record -e rBD000` like before.
Signed-off-by: Pu Hou <bjhoupu@linux.vnet.ibm.com>
Reviewed-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
|
|
Modify PMU callback to use AUX buffer for diagnostic mode sampling.
Basic-mode sampling still use orignal way.
Signed-off-by: Pu Hou <bjhoupu@linux.vnet.ibm.com>
Reviewed-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
|
|
Current implementation uses a private buffer for cpumf to dump samples.
Samples first go to this buffer. Then copy to ring buffer allocated
by perf core. With AUX buffer, this copy is not needed. AUX buffer is
shared and zero-copy mapped to user space. The trailer information at
the end of each SDB(sample data block) is also exported to user space.
AUX buffer is used when diagnostic sampling mode is enabled.
This patch contains functions to setup/free AUX buffer or to begin/end
sampling per-cpu. Also include function called in interrupt to
collect samples.
Signed-off-by: Pu Hou <bjhoupu@linux.vnet.ibm.com>
Reviewed-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
|
|
Alexandar Potapenko while testing the kernel with KMSAN and syzkaller
discovered that in some configurations sctp would leak 4 bytes of
kernel stack.
Working with his reproducer I discovered that those 4 bytes that
are leaked is the scope id of an ipv6 address returned by recvmsg.
With a little code inspection and a shrewd guess I discovered that
sctp_inet6_skb_msgname only initializes the scope_id field for link
local ipv6 addresses to the interface index the link local address
pertains to instead of initializing the scope_id field for all ipv6
addresses.
That is almost reasonable as scope_id's are meaniningful only for link
local addresses. Set the scope_id in all other cases to 0 which is
not a valid interface index to make it clear there is nothing useful
in the scope_id field.
There should be no danger of breaking userspace as the stack leak
guaranteed that previously meaningless random data was being returned.
Fixes: 372f525b495c ("SCTP: Resync with LKSCTP tree.")
History-tree: https://git.kernel.org/pub/scm/linux/kernel/git/tglx/history.git
Reported-by: Alexander Potapenko <glider@google.com>
Tested-by: Alexander Potapenko <glider@google.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
This patch try to fix the building error on MIPS. The reason is MIPS
has already defined the LONG macro, which conflicts with the LONG enum
in drivers/net/ethernet/fealnx.c.
Signed-off-by: Huacai Chen <chenhc@lemote.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux
KVM: s390: fixes and improvements for 4.15
- Some initial preparation patches for exitless interrupts and crypto
- New capability for AIS migration
- Fixes
- merge of the sthyi tree from the base s390 team, which moves the sthyi
out of KVM into a shared function also for non-KVM
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec
Steffen Klassert says:
====================
1) Copy policy family in clone_policy, otherwise this can
trigger a BUG_ON in af_key. From Herbert Xu.
2) Revert "xfrm: Fix stack-out-of-bounds read in xfrm_state_find."
This added a regression with transport mode when no addresses
are configured on the policy template.
Both patches are stable candidates.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Arvind Yadav says:
====================
isdn: hisax: Fix pnp_irq's error checking
The pnp_irq() function returns -1 if an error occurs.
pnp_irq() error checking for zero is not correct.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
The pnp_irq() function returns -1 if an error occurs.
pnp_irq() error checking for zero is not correct.
Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
The pnp_irq() function returns -1 if an error occurs.
pnp_irq() error checking for zero is not correct.
Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
The pnp_irq() function returns -1 if an error occurs.
pnp_irq() error checking for zero is not correct.
Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
The pnp_irq() function returns -1 if an error occurs.
pnp_irq() error checking for zero is not correct.
Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
The pnp_irq() function returns -1 if an error occurs.
pnp_irq() error checking for zero is not correct.
Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
pnp_irq() and pnp_port_start() can fail here and we must check
its return value.
Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
The pnp_irq() function returns -1 if an error occurs.
pnp_irq() error checking for zero is not correct.
Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
The pnp_irq() function returns -1 if an error occurs.
pnp_irq() error checking for zero is not correct.
Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
The pnp_irq() function returns -1 if an error occurs.
pnp_irq() error checking for zero is not correct.
Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
The pnp_irq() function returns -1 if an error occurs.
pnp_irq() error checking for zero is not correct.
Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
The pnp_irq() function returns -1 if an error occurs.
pnp_irq() error checking for zero is not correct.
Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
The pnp_irq() function returns -1 if an error occurs.
pnp_irq() error checking for zero is not correct.
Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Current buffer size of 64 is too small. objdump shows that there are
instructions which would require up to 75 bytes buffer (with current
formating). 128 bytes "ought to be enough for anybody".
Also replaces 8 spaces with a single tab to reduce the memory footprint.
Fixes the following KASAN finding:
BUG: KASAN: stack-out-of-bounds in number+0x3fe/0x538
Write of size 1 at addr 000000005a4a75a0 by task bash/1282
CPU: 1 PID: 1282 Comm: bash Not tainted 4.14.0+ #215
Hardware name: IBM 2964 N96 702 (z/VM 6.4.0)
Call Trace:
([<000000000011eeb6>] show_stack+0x56/0x88)
[<0000000000e1ce1a>] dump_stack+0x15a/0x1b0
[<00000000004e2994>] print_address_description+0xf4/0x288
[<00000000004e2cf2>] kasan_report+0x13a/0x230
[<0000000000e38ae6>] number+0x3fe/0x538
[<0000000000e3dfe4>] vsnprintf+0x194/0x948
[<0000000000e3ea42>] sprintf+0xa2/0xb8
[<00000000001198dc>] print_insn+0x374/0x500
[<0000000000119346>] show_code+0x4ee/0x538
[<000000000011f234>] show_registers+0x34c/0x388
[<000000000011f2ae>] show_regs+0x3e/0xa8
[<000000000011f502>] die+0x1ea/0x2e8
[<0000000000138f0e>] do_no_context+0x106/0x168
[<0000000000139a1a>] do_protection_exception+0x4da/0x7d0
[<0000000000e55914>] pgm_check_handler+0x16c/0x1c0
[<000000000090639e>] sysrq_handle_crash+0x46/0x58
([<0000000000000007>] 0x7)
[<00000000009073fa>] __handle_sysrq+0x102/0x218
[<0000000000907c06>] write_sysrq_trigger+0xd6/0x100
[<000000000061d67a>] proc_reg_write+0xb2/0x128
[<0000000000520be6>] __vfs_write+0xee/0x368
[<0000000000521222>] vfs_write+0x21a/0x278
[<000000000052156a>] SyS_write+0xda/0x178
[<0000000000e555cc>] system_call+0xc4/0x270
The buggy address belongs to the page:
page:000003d1016929c0 count:0 mapcount:0 mapping: (null) index:0x0
flags: 0x0()
raw: 0000000000000000 0000000000000000 0000000000000000 ffffffff00000000
raw: 0000000000000100 0000000000000200 0000000000000000 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
000000005a4a7480: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
000000005a4a7500: 00 00 00 00 00 00 00 00 f2 f2 f2 f2 00 00 00 00
>000000005a4a7580: 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00 00 00 00
^
000000005a4a7600: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f8 f8
000000005a4a7680: f2 f2 f2 f2 f2 f2 f8 f8 f2 f2 f3 f3 f3 f3 00 00
==================================================================
Cc: <stable@vger.kernel.org>
Signed-off-by: Vasily Gorbik <gor@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
|
|
When running the crash tool on a s390 live system we get a kernel panic
for reading memory within the kernel image:
# uname -a
Linux r3545011 4.14.0-rc8-00066-g1c9dbd4615fd #45 SMP PREEMPT Fri Nov 10 16:16:22 CET 2017 s390x s390x s390x GNU/Linux
# crash /boot/vmlinux-devel /dev/mem
# crash> rd 0x100000
usercopy: kernel memory exposure attempt detected from 0000000000100000 (<kernel text>) (8 bytes)
------------[ cut here ]------------
kernel BUG at mm/usercopy.c:72!
illegal operation: 0001 ilc:1 [#1] PREEMPT SMP.
Modules linked in:
CPU: 0 PID: 1461 Comm: crash Not tainted 4.14.0-rc8-00066-g1c9dbd4615fd-dirty #46
Hardware name: IBM 2827 H66 706 (z/VM 6.3.0)
task: 000000001ad10100 task.stack: 000000001df78000
Krnl PSW : 0704d00180000000 000000000038165c (__check_object_size+0x164/0x1d0)
R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:1 PM:0 RI:0 EA:3
Krnl GPRS: 0000000012440e1d 0000000080000000 0000000000000061 00000000001cabc0
00000000001cc6d6 0000000000000000 0000000000cc4ed2 0000000000001000
000003ffc22fdd20 0000000000000008 0000000000100008 0000000000000001
0000000000000008 0000000000100000 0000000000381658 000000001df7bc90
Krnl Code: 000000000038164c: c020004a1c4a larl %r2,cc4ee0
0000000000381652: c0e5fff2581b brasl %r14,1cc688
#0000000000381658: a7f40001 brc 15,38165a
>000000000038165c: eb42000c000c srlg %r4,%r2,12
0000000000381662: eb32001c000c srlg %r3,%r2,28
0000000000381668: c0110003ffff lgfi %r1,262143
000000000038166e: ec31ff752065 clgrj %r3,%r1,2,381558
0000000000381674: a7f4ff67 brc 15,381542
Call Trace:
([<0000000000381658>] __check_object_size+0x160/0x1d0)
[<000000000082263a>] read_mem+0xaa/0x130.
[<0000000000386182>] __vfs_read+0x42/0x168.
[<000000000038632e>] vfs_read+0x86/0x140.
[<0000000000386a26>] SyS_read+0x66/0xc0.
[<0000000000ace6a4>] system_call+0xc4/0x2b0.
INFO: lockdep is turned off.
Last Breaking-Event-Address:
[<0000000000381658>] __check_object_size+0x160/0x1d0
Kernel panic - not syncing: Fatal exception: panic_on_oops
With CONFIG_HARDENED_USERCOPY copy_to_user() checks in __check_object_size()
if the source address is within the kernel image. When the crash tool reads
from 0x100000, this check leads to the kernel BUG().
So disable the kernel config option until this bug is fixed.
Corresponding bug report on LKML: https://lkml.org/lkml/2017/11/10/341
Signed-off-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
|
|
Since i2c_unregister_device() became NULL-aware we may remove duplicate
NULL check.
Cc: Rudolf Marek <r.marek@assembler.cz>
Cc: Jean Delvare <jdelvare@suse.com>
Cc: Guenter Roeck <linux@roeck-us.net>
Cc: linux-hwmon@vger.kernel.org
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Jean Delvare <jdelvare@suse.de>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
|
|
Since i2c_unregister_device() became NULL-aware we may remove duplicate
NULL check.
Cc: Jean Delvare <jdelvare@suse.com>
Cc: Guenter Roeck <linux@roeck-us.net>
Cc: linux-hwmon@vger.kernel.org
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Jean Delvare <jdelvare@suse.de>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
|
|
Since i2c_unregister_device() became NULL-aware we may remove duplicate
NULL check.
Cc: Marc Hulsman <m.hulsman@tudelft.nl>
Cc: Jean Delvare <jdelvare@suse.com>
Cc: Guenter Roeck <linux@roeck-us.net>
Cc: linux-hwmon@vger.kernel.org
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Jean Delvare <jdelvare@suse.de>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
|
|
Since i2c_unregister_device() became NULL-aware we may remove duplicate
NULL check.
Cc: Jean Delvare <jdelvare@suse.com>
Cc: Guenter Roeck <linux@roeck-us.net>
Cc: linux-hwmon@vger.kernel.org
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Jean Delvare <jdelvare@suse.de>
Acked-by: Wolfram Sang <wsa@the-dreams.de>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
|
|
Ryzen 1600X is a Ryzen 5 processor.
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
|
|
As the GLINK driver is ticking the txdone of the mailbox channel (to
implement the doorbell) it needs to set knows_txdone.
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
|
|
Once blk_set_queue_dying() is done in blk_cleanup_queue(), we call
blk_freeze_queue() and wait for q->q_usage_counter becoming zero. But
if there are tasks blocked in get_request(), q->q_usage_counter can
never become zero. So we have to wake up all these tasks in
blk_set_queue_dying() first.
Fixes: 3ef28e83ab157997 ("block: generic request_queue reference counting")
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
|
