| Age | Commit message (Collapse) | Author |
|---|
|
The spinlock is only used to serialize accesses to the DC_CMD_INT_MASK
register. However, this register is accesses either with interrupts
masked (in tegra_crtc_atomic_enable()) or protected by the vbl_lock and
vblank_time_lock spinlocks of the DRM device. Therefore, these accesses
don't need any extra serialization and the lock can be removed.
Signed-off-by: Thierry Reding <treding@nvidia.com>
|
|
Traditionally, windows were accessed indirectly, through a register
selection window that required a global register to be programmed with
the index of the window to access. Since the global register could be
written from modesetting functions as well as the interrupt handler
concurrently, accesses had to be serialized using a lock. Using direct
accesses to the window registers the lock can be avoided.
Signed-off-by: Thierry Reding <treding@nvidia.com>
|
|
Also, split up formats into per-SoC lists because not all generations
support all of them. Note that the list is now exhaustive for all RGB
formats, but not for YUV and indexed formats.
Signed-off-by: Thierry Reding <treding@nvidia.com>
|
|
Sort the fields returned by specifying '-f help' on the command line.
While at it, simplify the code a bit, indent the output and eliminate an
extra blank line at the beginning.
Signed-off-by: Stefan Raspl <raspl@linux.vnet.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
rsm_load_state_64() and rsm_enter_protected_mode() load CR3, then
CR4 & ~PCIDE, then CR0, then CR4.
However, setting CR4.PCIDE fails if CR3[11:0] != 0. It's probably easier
in the long run to replace rsm_enter_protected_mode() with an emulator
callback that sets all the special registers (like KVM_SET_SREGS would
do). For now, set the PCID field of CR3 only after CR4.PCIDE is 1.
Reported-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Fixes: 660a5d517aaab9187f93854425c4c63f4a09195c
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
drm-intel-fixes
gvt-fixes-2017-12-21:
- default pipe enable fix for virtual display (Xiaolin)
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20171221032500.xjofb4xyoihw3wo5@zhen-hp.sh.intel.com
|
|
We added support for EXTPROC back in 2010 in commit 26df6d13406d ("tty:
Add EXTPROC support for LINEMODE") and the intent was to allow it to
override some (all?) ICANON behavior. Quoting from that original commit
message:
There is a new bit in the termios local flag word, EXTPROC.
When this bit is set, several aspects of the terminal driver
are disabled. Input line editing, character echo, and mapping
of signals are all disabled. This allows the telnetd to turn
off these functions when in linemode, but still keep track of
what state the user wants the terminal to be in.
but the problem turns out that "several aspects of the terminal driver
are disabled" is a bit ambiguous, and you can really confuse the n_tty
layer by setting EXTPROC and then causing some of the ICANON invariants
to no longer be maintained.
This fixes at least one such case (TIOCINQ) becoming unhappy because of
the confusion over whether ICANON really means ICANON when EXTPROC is set.
This basically makes TIOCINQ match the case of read: if EXTPROC is set,
we ignore ICANON. Also, make sure to reset the ICANON state ie EXTPROC
changes, not just if ICANON changes.
Fixes: 26df6d13406d ("tty: Add EXTPROC support for LINEMODE")
Reported-by: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Reported-by: syzkaller <syzkaller@googlegroups.com>
Cc: Jiri Slaby <jslaby@suse.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
The commit 4a336a23d619 ("kobject: copy env blob in one go") optimized
constructing uevent data for delivery over netlink by using the raw
environment buffer, instead of reconstructing it from individual
environment pointers. Unfortunately in doing so it broke suppressing
MODALIAS attribute for KOBJ_UNBIND events, as the code that suppressed this
attribute only adjusted the environment pointers, but left the buffer
itself alone. Let's fix it by making sure the offending attribute is
obliterated form the buffer as well.
Reported-by: Tariq Toukan <tariqt@mellanox.com>
Reported-by: Casey Leedom <leedom@chelsio.com>
Fixes: 4a336a23d619 ("kobject: copy env blob in one go")
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
We don't need any active planes during load detection, so just disable
them all. This saves us from having to come up with a suitable
framebuffer. And we also avoid leaving sprite/cursor planes on and
potentially presenting them at a peculiar location during the load
detection.
Changes since v1 (Maarten):
- Add missing call to add_all_affected_planes.
Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Signed-off-by: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=102707
Link: https://patchwork.freedesktop.org/patch/msgid/20171220093545.613-4-maarten.lankhorst@linux.intel.com
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
|
|
Patch bd36d3bab2e3d08f80766c86487090dbceed4651 fixed a deadlock in the
failure path of drm_lease_create. This made the partially initialized
lease object visible for a short window of time.
To avoid having the lessee state appear transiently, I've rearranged
the code so that the lessor fields are not filled in until the
parameters are all validated and the function will succeed.
Signed-off-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: https://patchwork.freedesktop.org/patch/msgid/20171221065424.1304-1-keithp@keithp.com
|
|
nft_ct exposes this bit to userspace. This used to be
#define NF_CT_STATE_UNTRACKED_BIT (1 << (IP_CT_NUMBER + 1))
(IP_CT_NUMBER is 5, so this was 0x40)
.. but this got changed to 8 (0x100) when the untracked object got removed.
Replace this with a literal 6 to prevent further incompatible changes
in case IP_CT_NUMBER ever increases.
Fixes: cc41c84b7e7f2 ("netfilter: kill the fake untracked conntrack objects")
Reported-by: Li Shuang <shuali@redhat.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
Daniel Borkmann says:
====================
pull-request: bpf 2017-12-21
The following pull-request contains BPF updates for your *net* tree.
The main changes are:
1) Fix multiple security issues in the BPF verifier mostly related
to the value and min/max bounds tracking rework in 4.14. Issues
range from incorrect bounds calculation in some BPF_RSH cases,
to improper sign extension and reg size handling on 32 bit
ALU ops, missing strict alignment checks on stack pointers, and
several others that got fixed, from Jann, Alexei and Edward.
2) Fix various build failures in BPF selftests on sparc64. More
specifically, librt needed to be added to the libs to link
against and few format string fixups for sizeof, from David.
3) Fix one last remaining issue from BPF selftest build that was
still occuring on s390x from the asm/bpf_perf_event.h include
which could not find the asm/ptrace.h copy, from Hendrik.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
When an I/O is returned with an srb_status of SRB_STATUS_INVALID_LUN
which has zero good_bytes it must be assigned an error. Otherwise the
I/O will be continuously requeued and will cause a deadlock in the case
where disks are being hot added and removed. sd_probe_async will wait
forever for its I/O to complete while holding scsi_sd_probe_domain.
Also returning the default error of DID_TARGET_FAILURE causes multipath
to not retry the I/O resulting in applications receiving I/O errors
before a failover can occur.
Signed-off-by: Cathy Avery <cavery@redhat.com>
Signed-off-by: Long Li <longli@microsoft.com>
Reviewed-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
Do not allow root to convert valid pointers into unknown scalars.
In particular disallow:
ptr &= reg
ptr <<= reg
ptr += ptr
and explicitly allow:
ptr -= ptr
since pkt_end - pkt == length
1.
This minimizes amount of address leaks root can do.
In the future may need to further tighten the leaks with kptr_restrict.
2.
If program has such pointer math it's likely a user mistake and
when verifier complains about it right away instead of many instructions
later on invalid memory access it's easier for users to fix their progs.
3.
when register holding a pointer cannot change to scalar it allows JITs to
optimize better. Like 32-bit archs could use single register for pointers
instead of a pair required to hold 64-bit scalars.
4.
reduces architecture dependent behavior. Since code:
r1 = r10;
r1 &= 0xff;
if (r1 ...)
will behave differently arm64 vs x64 and offloaded vs native.
A significant chunk of ptr mangling was allowed by
commit f1174f77b50c ("bpf/verifier: rework value tracking")
yet some of it was allowed even earlier.
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
into drm-next
* 'drm-next-4.16' of git://people.freedesktop.org/~agd5f/linux: (171 commits)
drm/amdgpu: fix test for shadow page tables
drm/amd/display: Expose dpp1_set_cursor_attributes
drm/amd/display: Update FMT and OPPBUF functions
drm/amd/display: check for null before calling is_blanked
drm/amd/display: dal 3.1.27
drm/amd/display: Fix unused variable warnings.
drm/amd/display: Only blank DCN when we have set_blank implementation
drm/amd/display: Put dcn_mi_registers with other structs
drm/amd/display: hubp refactor
drm/amd/display: integrating optc pseudocode
drm/amd/display: Call validate_fbc should_enable_fbc
drm/amd/display: Clean up DCN cursor code
drm/amd/display: fix 180 full screen pipe split
drm/amd/display: reprogram surface config on scaling change
drm/amd/display: Remove dwbc from pipe_ctx
drm/amd/display: Use the maximum link setting which EDP reported.
drm/amd/display: Add hdr_supported flag
drm/amd/display: fix global sync param retrieval when not pipe splitting
drm/amd/display: Update HUBP
drm/amd/display: fix rotated surface scaling
...
|
|
Alexei Starovoitov says:
====================
This patch set addresses a set of security vulnerabilities
in bpf verifier logic discovered by Jann Horn.
All of the patches are candidates for 4.14 stable.
====================
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
These tests should cover the following cases:
- MOV with both zero-extended and sign-extended immediates
- implicit truncation of register contents via ALU32/MOV32
- implicit 32-bit truncation of ALU32 output
- oversized register source operand for ALU32 shift
- right-shift of a number that could be positive or negative
- map access where adding the operation size to the offset causes signed
32-bit overflow
- direct stack access at a ~4GiB offset
Also remove the F_LOAD_WITH_STRICT_ALIGNMENT flag from a bunch of tests
that should fail independent of what flags userspace passes.
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
There were various issues related to the limited size of integers used in
the verifier:
- `off + size` overflow in __check_map_access()
- `off + reg->off` overflow in check_mem_access()
- `off + reg->var_off.value` overflow or 32-bit truncation of
`reg->var_off.value` in check_mem_access()
- 32-bit truncation in check_stack_boundary()
Make sure that any integer math cannot overflow by not allowing
pointer math with large values.
Also reduce the scope of "scalar op scalar" tracking.
Fixes: f1174f77b50c ("bpf/verifier: rework value tracking")
Reported-by: Jann Horn <jannh@google.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
This could be made safe by passing through a reference to env and checking
for env->allow_ptr_leaks, but it would only work one way and is probably
not worth the hassle - not doing it will not directly lead to program
rejection.
Fixes: f1174f77b50c ("bpf/verifier: rework value tracking")
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
Force strict alignment checks for stack pointers because the tracking of
stack spills relies on it; unaligned stack accesses can lead to corruption
of spilled registers, which is exploitable.
Fixes: f1174f77b50c ("bpf/verifier: rework value tracking")
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
Prevent indirect stack accesses at non-constant addresses, which would
permit reading and corrupting spilled pointers.
Fixes: f1174f77b50c ("bpf/verifier: rework value tracking")
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
32-bit ALU ops operate on 32-bit values and have 32-bit outputs.
Adjust the verifier accordingly.
Fixes: f1174f77b50c ("bpf/verifier: rework value tracking")
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
Properly handle register truncation to a smaller size.
The old code first mirrors the clearing of the high 32 bits in the bitwise
tristate representation, which is correct. But then, it computes the new
arithmetic bounds as the intersection between the old arithmetic bounds and
the bounds resulting from the bitwise tristate representation. Therefore,
when coerce_reg_to_32() is called on a number with bounds
[0xffff'fff8, 0x1'0000'0007], the verifier computes
[0xffff'fff8, 0xffff'ffff] as bounds of the truncated number.
This is incorrect: The truncated number could also be in the range [0, 7],
and no meaningful arithmetic bounds can be computed in that case apart from
the obvious [0, 0xffff'ffff].
Starting with v4.14, this is exploitable by unprivileged users as long as
the unprivileged_bpf_disabled sysctl isn't set.
Debian assigned CVE-2017-16996 for this issue.
v2:
- flip the mask during arithmetic bounds calculation (Ben Hutchings)
v3:
- add CVE number (Ben Hutchings)
Fixes: b03c9f9fdc37 ("bpf/verifier: track signed and unsigned min/max values")
Signed-off-by: Jann Horn <jannh@google.com>
Acked-by: Edward Cree <ecree@solarflare.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
Distinguish between
BPF_ALU64|BPF_MOV|BPF_K (load 32-bit immediate, sign-extended to 64-bit)
and BPF_ALU|BPF_MOV|BPF_K (load 32-bit immediate, zero-padded to 64-bit);
only perform sign extension in the first case.
Starting with v4.14, this is exploitable by unprivileged users as long as
the unprivileged_bpf_disabled sysctl isn't set.
Debian assigned CVE-2017-16995 for this issue.
v3:
- add CVE number (Ben Hutchings)
Fixes: 484611357c19 ("bpf: allow access into map value arrays")
Signed-off-by: Jann Horn <jannh@google.com>
Acked-by: Edward Cree <ecree@solarflare.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
Incorrect signed bounds were being computed.
If the old upper signed bound was positive and the old lower signed bound was
negative, this could cause the new upper signed bound to be too low,
leading to security issues.
Fixes: b03c9f9fdc37 ("bpf/verifier: track signed and unsigned min/max values")
Reported-by: Jann Horn <jannh@google.com>
Signed-off-by: Edward Cree <ecree@solarflare.com>
Acked-by: Alexei Starovoitov <ast@kernel.org>
[jannh@google.com: changed description to reflect bug impact]
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
The EOFBLOCKS/COWBLOCKS tags are totally separate things, so track them
with separate i_flags. Right now we're abusing IEOFBLOCKS for both,
which is totally bogus because we won't tag the inode with COWBLOCKS if
IEOFBLOCKS was set by a previous tagging of the inode with EOFBLOCKS.
Found by wiring up clonerange to fsstress in xfs/017.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linux into drm-next
omapdrm changes for v4.16
* support memory bandwidth limits
* DSI command mode panel cleanups for N9
* DMM error handling
* tag 'omapdrm-4.16' of git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linux: (27 commits)
drm: omapdrm: Simplify platform registration
drm: omapdrm: Remove filename from header and fix copyright tag
drm/omap: DMM: Check for DMM readiness after successful transaction commit
drm/omap: DMM: Print information if we received an error interrupt
drm/omap: DMM: In case of error/timeout in wait_status() print the reason
drm/omap: DMM: Fix DMM_IRQSTAT_ERR_MASK definition
drm: omapdrm: Deconstruct the omap_drv.h header.
drm: omapdrm: venc: Return error code on OF parsing failure
drm: omapdrm: dpi: Remove dpi_data port_initialized field
drm: omapdrm: dss: Make dss_dump_clocks() function static
drm: omapdrm: dss: Set the DMA coherent mask
drm: omapdrm: Remove unused omap_dss_find_device() function
drm: omapdrm: Pass drm_device to omap_gem_resume()
drm: omapdrm: dpi: Don't treat GPIO probe deferral as an error
drm/omap: panel-dsi-cm: switch to gpiod
drm/omap: panel-dsi-cm: add external backlight support
drm/omap: panel-dsi-cm: add physical size support
drm/omap: panel-dsi-cm: add regulator support
drm/omap: panel-dsi-cm: fix driver
drm/omap: add support for physical size hints from display drivers
...
|
|
drm/tilcdc changes for 4.16
* tag 'tilcdc-4.16' of https://github.com/jsarha/linux:
drm/tilcdc: make tilcdc_mode_hvtotal() static
drm/tilcdc: Remove drm_framebuffer_get() and *_put() calls
drm/tilcdc: ensure nonatomic iowrite64 is not used
|
|
git://anongit.freedesktop.org/drm/drm-intel into drm-fixes
drm/i915 fixes for v4.15-rc5
* tag 'drm-intel-fixes-2017-12-20' of git://anongit.freedesktop.org/drm/drm-intel:
drm/i915: Protect DDI port to DPLL map from theoretical race.
drm/i915/lpe: Remove double-encapsulation of info string
|
|
git://anongit.freedesktop.org/drm/drm-intel into drm-next
- Fix documentation build issues (Randy, Markus)
- Fix timestamp frequency calculation for perf on CNL (Lionel)
- New DMC firmware for Skylake (Anusha)
- GTT flush fixes and other GGTT write track and refactors (Chris)
- Taint kernel when GPU reset fails (Chris)
- Display workarounds organization (Lucas)
- GuC and HuC initialization clean-up and fixes (Michal)
- Other fixes around GuC submission (Michal)
- Execlist clean-ups like caching ELSP reg offset and improving log readability (Chri\
s)
- Many other improvements on our logs and dumps (Chris)
- Restore GT performance in headless mode with DMC loaded (Tvrtko)
- Stop updating legacy fb parameters since FBC is not using anymore (Daniel)
- More selftest improvements (Chris)
- Preemption fixes and improvements (Chris)
- x86/early-quirks improvements for Intel graphics stolen memory. (Joonas, Matthew)
- Other improvements on Stolen Memory code to be resource centric. (Matthew)
- Improvements and fixes on fence allocation/release (Chris).
GVT:
- fixes for two coverity scan errors (Colin)
- mmio switch code refine (Changbin)
- more virtual display dmabuf fixes (Tina/Gustavo)
- misc cleanups (Pei)
- VFIO mdev display dmabuf interface and gvt support (Tina)
- VFIO mdev opregion support/fixes (Tina/Xiong/Chris)
- workload scheduling optimization (Changbin)
- preemption fix and temporal workaround (Zhenyu)
- and misc fixes after refactor (Chris)
* tag 'drm-intel-next-2017-12-14' of git://anongit.freedesktop.org/drm/drm-intel: (87 commits)
drm/i915: Update DRIVER_DATE to 20171214
drm/i915: properly init lockdep class
drm/i915: Show engine state when hangcheck detects a stall
drm/i915: make CS frequency read support missing more obvious
drm/i915/guc: Extract doorbell verification into a function
drm/i915/guc: Extract clients allocation to submission_init
drm/i915/guc: Extract doorbell creation from client allocation
drm/i915/guc: Call invalidate after changing the vfunc
drm/i915/guc: Extract guc_init from guc_init_hw
drm/i915/guc: Move GuC workqueue allocations outside of the mutex
drm/i915/guc: Move shared data allocation away from submission path
drm/i915: Unwind i915_gem_init() failure
drm/i915: Ratelimit request allocation under oom
drm/i915: Allow fence allocations to fail
drm/i915: Mark up potential allocation paths within i915_sw_fence as might_sleep
drm/i915: Don't check #active_requests from i915_gem_wait_for_idle()
drm/i915/fence: Use rcu to defer freeing of irq_work
drm/i915: Dump the engine state before declaring wedged from wait_for_engines()
drm/i915: Bump timeout for wait_for_engines()
drm/i915: Downgrade misleading "Memory usable" message
...
|
|
nouveau memleak fix
* 'linux-4.15' of git://github.com/skeggsb/linux:
drm/nouveau: fix obvious memory leak
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
Pull SCSI fixes from James Bottomley:
"Two simple fixes: one for sparse warnings that were introduced by the
merge window conversion to blist_flags_t and the other to fix dropped
I/O during reset in aacraid"
* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
scsi: aacraid: Fix I/O drop during reset
scsi: core: Use blist_flags_t consistently
|
|
Pull ARM fix from Russell King:
"Just one fix for a problem in the csum_partial_copy_from_user()
implementation when software PAN is enabled"
* 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm:
ARM: 8731/1: Fix csum_partial_copy_from_user() stack mismatch
|
|
Current code advertises (on the modifiers blob property) support for CCS
modifier for pipe C on GLK, only to reject it later when validating the
request before the atomic commit.
This fixes the tests igt@kms_ccs@pipe-c-*, which should skip on GLK for
pipe C (see bug 104096).
A relevant discussion is archived at:
https://lists.freedesktop.org/archives/intel-gfx/2017-December/150646.html
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=104096
Signed-off-by: Gabriel Krisman Bertazi <krisman@collabora.co.uk>
Cc: Ben Widawsky <ben@bwidawsk.net>
Reviewed-by: Ben Widawsky <ben@bwidawsk.net>
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20171220002410.5604-1-krisman@collabora.co.uk
|
|
gcc toggle -fisolate-erroneous-paths-dereference (default at -O2
onwards) isolates faulty code paths such as null pointer access, divide
by zero etc by emitting __builtin_trap()
Newer ARC gcc generates TRAP_S 5 instruction which needs to be handled
and treated like any other unexpected exception
- user mode : task terminated with a SEGV
- kernel mode: die() called after register and stack dump
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
|
|
ctx->chain may be null now that we have very large object names,
so we cannot check for ctx->chain[0] here.
Fixes: b7263e071aba7 ("netfilter: nf_tables: Allow table names of up to 255 chars")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Acked-by: Phil Sutter <phil@nwl.cc>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull ACPI fixes from Rafael Wysocki:
"These fix a recently introduced issue in the ACPI CPPC driver and an
obscure error hanling bug in the APEI code.
Specifics:
- Fix an error handling issue in the ACPI APEI implementation of the
>read callback in struct pstore_info (Takashi Iwai).
- Fix a possible out-of-bounds arrar read in the ACPI CPPC driver
(Colin Ian King)"
* tag 'acpi-4.15-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
ACPI: APEI / ERST: Fix missing error handling in erst_reader()
ACPI: CPPC: remove initial assignment of pcc_ss_data
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull power management fixes from Rafael Wysocki:
"These fix a regression in the ondemand and conservative cpufreq
governors that was introduced during the 4.13 cycle, a recent
regression in the imx6q cpufreq driver and a regression in the PCI
handling of hibernation from the 4.14 cycle.
Specifics:
- Fix an issue in the PCI handling of the "thaw" transition during
hibernation (after creating an image), introduced by a bug fix from
the 4.13 cycle and exposed by recent changes in the IRQ subsystem,
that caused pci_restore_state() to be called for devices in
low-power states in some cases which is incorrect and breaks MSI
management on some systems (Rafael Wysocki).
- Fix a recent regression in the imx6q cpufreq driver that broke
speed grading on i.MX6 QuadPlus by omitting checks causing invalid
operating performance points (OPPs) to be disabled on that SoC as
appropriate (Lucas Stach).
- Fix a regression introduced during the 4.14 cycle in the ondemand
and conservative cpufreq governors that causes the sampling
interval used by them to be shorter than the tick period in some
cases which leads to incorrect decisions (Rafael Wysocki)"
* tag 'pm-4.15-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
cpufreq: governor: Ensure sufficiently large sampling intervals
cpufreq: imx6q: fix speed grading regression on i.MX6 QuadPlus
PCI / PM: Force devices to D0 in pci_pm_thaw_noirq()
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi
Pull spi fixes from Mark Brown:
"A bunch of really small fixes here, all driver specific and mostly in
error handling and remove paths.
The most important fixes are for the a3700 clock configuration and a
fix for a nasty stall which could potentially cause data corruption
with the xilinx driver"
* tag 'spi-fix-v4.15-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi:
spi: atmel: fixed spin_lock usage inside atmel_spi_remove
spi: sun4i: disable clocks in the remove function
spi: rspi: Do not set SPCR_SPE in qspi_set_config_register()
spi: Fix double "when"
spi: a3700: Fix clk prescaling for coefficient over 15
spi: xilinx: Detect stall with Unknown commands
spi: imx: Update device tree binding documentation
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd
Pull MDF bugfixes from Lee Jones:
- Fix message timing issues and report correct state when an error
occurs in cros_ec_spi
- Reorder enums used for Power Management in rtsx_pci
- Use correct OF helper for obtaining child nodes in twl4030-audio and
twl6040
* tag 'mfd-fixes-4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd:
mfd: Fix RTS5227 (and others) powermanagement
mfd: cros ec: spi: Fix "in progress" error signaling
mfd: twl6040: Fix child-node lookup
mfd: twl4030-audio: Fix sibling-node lookup
mfd: cros ec: spi: Don't send first message too soon
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"All stable fixes here:
- a regression fix of USB-audio for the previous hardening patch
- a potential UAF fix in rawmidi
- HD-audio and USB-audio quirks, the missing new ID"
* tag 'sound-4.15-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: usb-audio: Fix the missing ctl name suffix at parsing SU
ALSA: hda/realtek - Fix Dell AIO LineOut issue
ALSA: rawmidi: Avoid racy info ioctl via ctl device
ALSA: hda - Add vendor id for Cannonlake HDMI codec
ALSA: usb-audio: Add native DSD support for Esoteric D-05X
|
|
They don't work 100% correctly at the moment.
Reviewed-and-Tested-by: Michel Dänzer <michel.daenzer@amd.com>
Signed-off-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
|
|
This used to setup the LP_COUNT register automatically, but now has been
removed.
There was an earlier fix 3c7c7a2fc8811 which fixed instance in delay.h but
somehow missed this one as gcc change had not made its way into
production toolchains and was not pedantic as it is now !
Cc: stable@vger.kernel.org
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
|
|
Refactor the quad core DT quirk code:
get rid of waste division and multiplication by 1000000 constant.
Acked-by: Stephen Boyd <sboyd@codeaurora.org>
Signed-off-by: Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
|
|
Set initial core pll output frequency specified in device tree to
100MHz for SMP configuration and 90MHz for UP configuration.
It will be applied at the core pll driver probing.
Update platform quirk for decreasing core frequency for quad core
configuration.
Acked-by: Stephen Boyd <sboyd@codeaurora.org>
Signed-off-by: Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
|
|
Get rid of core pll frequency set in platform code as we set it via
device tree using 'assigned-clock-rates' property.
Acked-by: Stephen Boyd <sboyd@codeaurora.org>
Signed-off-by: Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
|
|
Set initial core pll output frequency specified in device tree to
1GHz. It will be applied at the core pll driver probing.
Acked-by: Stephen Boyd <sboyd@codeaurora.org>
Signed-off-by: Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
|
|
Currently there're 2 different implementations of the driver for
DisplayLink USB2.0-to-HDMI/DVI adapters: older FBDEV and modern true
DRM.
We initially decided to use FBDEV version just because with it
/dev/fbX is usable from user-space while in DRM version
with DRM_FBDEV_EMULATION user-space cannot draw anything on a real
screen, for more info read [1].
But today /dev/fbX is not that important as more and more software
projects switch to use of DRI (/dev/dri/cardX).
But what's even more important DRM driver allows building of complicated
graphics processing chains. The most important for us is rendering of
3D on a dedicated GPU while outputting video through a simpler
bitstreamer like DisplayLink. So let's use much more future-proof
driver from now on.
[1] https://lists.freedesktop.org/archives/dri-devel/2017-December/159519.html
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
|
|
__print_symbol() uses extra stack space to sprintf() symbol
information and then to feed that buffer to printk()
char buffer[KSYM_SYMBOL_LEN];
sprint_symbol(buffer, address);
printk(fmt, buffer);
Replace __print_symbol() with a direct printk("%pS") call.
Signed-off-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
|
|
Commit 966a967116e6 randomly added alignment to this structure, but
it's actually detrimental to performance of null_blk. Test case:
Running on both the home and remote node shows a ~5% degradation
in performance.
While in there, move blk_status_t to the hole after the integer tag
in the nullb_cmd structure. After this patch, we shrink the size
from 192 to 152 bytes.
Fixes: 966a967116e69 ("smp: Avoid using two cache lines for struct call_single_data")
Signed-off-by: Jens Axboe <axboe@kernel.dk>
|
