18 Apr, 2019
1 commit
-
Enable ion driver on Linux platform for Kernel 4.14.
Signed-off-by: Song Bing
[Arul: Fix merge conflicts]
Signed-off-by: Arulpandiyan Vadivel
06 Apr, 2019
1 commit
-
[ Upstream commit 46c337872f34bc6387b0c29a4964f562c70139e3 ]
This patch adds a return code check on device_reset() and removes the
compile warning.Signed-off-by: Stefan Roese
Cc: Mark Brown
Cc: Sankalp Negi
Cc: Chuanhong Guo
Cc: John Crispin
Reviewed-by: NeilBrown
Signed-off-by: Greg Kroah-Hartman
Signed-off-by: Sasha Levin
03 Apr, 2019
7 commits
-
commit 33bac912840fe64dbc15556302537dc6a17cac63 upstream.
After commit 419d6efc50e9, kernel cannot be crashed in the namei
path. However, corrupted nameoff can do harm in the process of
readdir for scenerios without dm-verity as well. Fix it now.Fixes: 3aa8ec716e52 ("staging: erofs: add directory operations")
Cc: # 4.19+
Signed-off-by: Gao Xiang
Reviewed-by: Chao Yu
Signed-off-by: Greg Kroah-Hartman -
commit b6391ac73400eff38377a4a7364bd3df5efb5178 upstream.
Complete read error handling paths for all three kinds of
compressed pages:1) For cache-managed pages, PG_uptodate will be checked since
read_endio will unlock and SetPageUptodate for these pages;2) For inplaced pages, read_endio cannot SetPageUptodate directly
since it should be used to mark the final decompressed data,
PG_error will be set with page locked for IO error instead;3) For staging pages, PG_error is used, which is similar to
what we do for inplaced pages.Fixes: 3883a79abd02 ("staging: erofs: introduce VLE decompression support")
Cc: # 4.19+
Reviewed-by: Chao Yu
Signed-off-by: Gao Xiang
Signed-off-by: Greg Kroah-Hartman -
commit 8bce6dcede65139a087ff240127e3f3c01363eed upstream.
erofs_vmap() wrapped vmap() and vm_map_ram() to return virtual
continuous memory, but both of them can failed due to a lot of
reason, previously, erofs_vmap()'s callers didn't handle them,
which can potentially cause NULL pointer access, fix it.Fixes: 3883a79abd02 ("staging: erofs: introduce VLE decompression support")
Fixes: 0d40d6e399c1 ("staging: erofs: add a generic z_erofs VLE decompressor")
Cc: # 4.19+
Signed-off-by: Gao Xiang
Signed-off-by: Chao Yu
Signed-off-by: Greg Kroah-Hartman -
commit 3b9c2f2e0e99bb67c96abcb659b3465efe3bee1f upstream.
It appears on some slower systems that the driver can find its way
out of the workqueue while the interrupt is disabled by continuous polling
by it.Move MACvIntEnable to vnt_interrupt_work so that it is always enabled
on all routes out of vnt_interrupt_process.Move MACvIntDisable so that the device doesn't keep polling the system
while the workqueue is being processed.Signed-off-by: Malcolm Priestley
CC: stable@vger.kernel.org # v4.2+
Signed-off-by: Greg Kroah-Hartman -
commit cc26358f89c3e493b54766b1ca56cfc6b14db78a upstream.
A check for vif is made in vnt_interrupt_work.
There is a small chance of leaving interrupt disabled while vif
is NULL and the work hasn't been scheduled.Signed-off-by: Malcolm Priestley
CC: stable@vger.kernel.org # v4.2+
Signed-off-by: Greg Kroah-Hartman -
commit 45ac7b31bc6c4af885cc5b5d6c534c15bcbe7643 upstream.
When switching from speakup_soft to another synth, speakup_soft would
keep calling synth_buffer_getc() from softsynthx_read.Let's thus make synth.c export the knowledge of the current synth, so
that speakup_soft can determine whether it should be running.speakup_soft also needs to set itself alive, otherwise the switch would
let it remain silent.Signed-off-by: Samuel Thibault
Cc: stable
Signed-off-by: Greg Kroah-Hartman -
commit bafd9c64056cd034a1174dcadb65cd3b294ff8f6 upstream.
`ni_cdio_cmdtest()` validates Comedi asynchronous commands for the DIO
subdevice (subdevice 2) of supported National Instruments M-series
cards. It is called when handling the `COMEDI_CMD` and `COMEDI_CMDTEST`
ioctls for this subdevice. There are two causes for a possible
divide-by-zero error when validating that the `stop_arg` member of the
passed-in command is not too large.The first cause for the divide-by-zero is that calls to
`comedi_bytes_per_scan()` are only valid once the command has been
copied to `s->async->cmd`, but that copy is only done for the
`COMEDI_CMD` ioctl. For the `COMEDI_CMDTEST` ioctl, it will use
whatever was left there by the previous `COMEDI_CMD` ioctl, if any.
(This is very likely, as it is usual for the application to use
`COMEDI_CMDTEST` before `COMEDI_CMD`.) If there has been no previous,
valid `COMEDI_CMD` for this subdevice, then `comedi_bytes_per_scan()`
will return 0, so the subsequent division in `ni_cdio_cmdtest()` of
`s->async->prealloc_bufsz / comedi_bytes_per_scan(s)` will be a
divide-by-zero error. To fix this error, call a new function
`comedi_bytes_per_scan_cmd(s, cmd)`, based on the existing
`comedi_bytes_per_scan(s)` but using a specified `struct comedi_cmd` for
its calculations. (Also refactor `comedi_bytes_per_scan()` to call the
new function.)Once the first cause for the divide-by-zero has been fixed, the second
cause is that `comedi_bytes_per_scan_cmd()` can legitimately return 0 if
the `scan_end_arg` member of the `struct comedi_cmd` being tested is 0.
Fix it by only performing the division (and validating that `stop_arg`
is no more than the maximum value) if `comedi_bytes_per_scan_cmd()`
returns a non-zero value.The problem was reported on the COMEDI mailing list here:
https://groups.google.com/forum/#!topic/comedi_list/4t9WlHzMhKMReported-by: Ivan Vasilyev
Tested-by: Ivan Vasilyev
Fixes: f164cbf98fa8 ("staging: comedi: ni_mio_common: add finite regeneration to dio output")
Cc: # 4.6+
Cc: Spencer E. Olson
Signed-off-by: Ian Abbott
Signed-off-by: Greg Kroah-Hartman
24 Mar, 2019
3 commits
-
commit 4bc1ab41eee9d02ad2483bf8f51a7b72e3504eba upstream.
Move upstream stream off to just after receiving the last EOF completion
and disabling the CSI (and thus before disabling the IDMA channel) in
csi_stop(). For symmetry also move upstream stream on to beginning of
csi_start().Doing this makes csi_s_stream() more symmetric with prp_s_stream() which
will require the same change to fix a hard lockup.Signed-off-by: Steve Longerbeam
Cc: stable@vger.kernel.org # for 4.13 and up
Signed-off-by: Hans Verkuil
Signed-off-by: Mauro Carvalho Chehab
Signed-off-by: Greg Kroah-Hartman -
commit 2e0fe66e0a136252f4d89dbbccdcb26deb867eb8 upstream.
Disable the CSI immediately after receiving the last EOF before stream
off (and thus before disabling the IDMA channel). Do this by moving the
wait for EOF completion into a new function csi_idmac_wait_last_eof().This fixes a complete system hard lockup on the SabreAuto when streaming
from the ADV7180, by repeatedly sending a stream off immediately followed
by stream on:while true; do v4l2-ctl -d4 --stream-mmap --stream-count=3; done
Eventually this either causes the system lockup or EOF timeouts at all
subsequent stream on, until a system reset.The lockup occurs when disabling the IDMA channel at stream off. Disabling
the CSI before disabling the IDMA channel appears to be a reliable fix for
the hard lockup.Fixes: 4a34ec8e470cb ("[media] media: imx: Add CSI subdev driver")
Reported-by: Gaël PORTAY
Signed-off-by: Steve Longerbeam
Cc: stable@vger.kernel.org # for 4.13 and up
Signed-off-by: Hans Verkuil
Signed-off-by: Mauro Carvalho Chehab
Signed-off-by: Greg Kroah-Hartman -
commit a19c22677377b87e4354f7306f46ad99bc982a9f upstream.
Upstream must be stopped immediately after receiving the last EOF and
before disabling the IDMA channel. This can be accomplished by moving
upstream stream off to just after receiving the last EOF completion in
prp_stop(). For symmetry also move upstream stream on to end of
prp_start().This fixes a complete system hard lockup on the SabreAuto when streaming
from the ADV7180, by repeatedly sending a stream off immediately followed
by stream on:while true; do v4l2-ctl -d1 --stream-mmap --stream-count=3; done
Eventually this either causes the system lockup or EOF timeouts at all
subsequent stream on, until a system reset.The lockup occurs when disabling the IDMA channel at stream off. Stopping
the video data stream entering the IDMA channel before disabling the
channel itself appears to be a reliable fix for the hard lockup.Fixes: f0d9c8924e2c3 ("[media] media: imx: Add IC subdev drivers")
Reported-by: Gaël PORTAY
Tested-by: Gaël PORTAY
Signed-off-by: Steve Longerbeam
Cc: stable@vger.kernel.org # for 4.13 and up
Signed-off-by: Hans Verkuil
Signed-off-by: Mauro Carvalho Chehab
Signed-off-by: Greg Kroah-Hartman
19 Mar, 2019
1 commit
-
commit 51232df5e4b268936beccde5248f312a316800be upstream.
When the managed cache is enabled, the last reference count
of a workgroup must be used for its workstation.Otherwise, it could lead to incorrect (un)freezes in
the reclaim path, and it would be harmful.A typical race as follows:
Thread 1 (In the reclaim path) Thread 2
workgroup_freeze(grp, 1) refcnt = 1
...
workgroup_unfreeze(grp, 1) refcnt = 1
workgroup_get(grp) refcnt = 2 (x)
workgroup_put(grp) refcnt = 1 (x)
...unexpected behaviors* grp is detached but still used, which violates cache-managed
freeze constraint.Reviewed-by: Chao Yu
Signed-off-by: Gao Xiang
Signed-off-by: Greg Kroah-Hartman
14 Mar, 2019
5 commits
-
commit 419d6efc50e94bcf5d6b35cd8c71f79edadec564 upstream.
As Al pointed out, "
... and while we are at it, what happens to
unsigned int nameoff = le16_to_cpu(de[mid].nameoff);
unsigned int matched = min(startprfx, endprfx);struct qstr dname = QSTR_INIT(data + nameoff,
unlikely(mid >= ndirents - 1) ?
maxsize - nameoff :
le16_to_cpu(de[mid + 1].nameoff) - nameoff);/* string comparison without already matched prefix */
int ret = dirnamecmp(name, &dname, &matched);
if le16_to_cpu(de[...].nameoff) is not monotonically increasing? I.e.
what's to prevent e.g. (unsigned)-1 ending up in dname.len?Corrupted fs image shouldn't oops the kernel.. "
Revisit the related lookup flow to address the issue.
Fixes: d72d1ce60174 ("staging: erofs: add namei functions")
Cc: # 4.19+
Suggested-by: Al Viro
Signed-off-by: Gao Xiang
Signed-off-by: Greg Kroah-Hartman -
commit 62dc45979f3f8cb0ea67302a93bff686f0c46c5a upstream.
In real scenario, there could be several threads accessing xattrs
of the same xattr-uninitialized inode, and init_inode_xattrs()
almost at the same time.That's actually an unexpected behavior, this patch closes the race.
Fixes: b17500a0fdba ("staging: erofs: introduce xattr & acl support")
Cc: # 4.19+
Reviewed-by: Chao Yu
Signed-off-by: Gao Xiang
Signed-off-by: Greg Kroah-Hartman -
From: Sheng Yong
commit 3b1b5291f79d040d549d7c746669fc30e8045b9b upstream.
If it fails to read a shared xattr page, the inode's shared xattr array
is not freed. The next time the inode's xattr is accessed, the previously
allocated array is leaked.Signed-off-by: Sheng Yong
Fixes: b17500a0fdba ("staging: erofs: introduce xattr & acl support")
Cc: # 4.19+
Reviewed-by: Gao Xiang
Signed-off-by: Gao Xiang
Signed-off-by: Greg Kroah-Hartman -
commit 7077fffcb0b0b65dc75e341306aeef4d0e7f2ec6 upstream.
Currently, this will hit a BUG_ON for these symlinks as follows:
- kernel message
------------[ cut here ]------------
kernel BUG at drivers/staging/erofs/xattr.c:59!
SMP PTI
CPU: 1 PID: 1170 Comm: getllxattr Not tainted 4.20.0-rc6+ #92
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-2.fc27 04/01/2014
RIP: 0010:init_inode_xattrs+0x22b/0x270
Code: 48 0f 45 ea f0 ff 4d 34 74 0d 41 83 4c 24 e0 01 31 c0 e9 00 fe ff ff 48 89 ef e8 e0 31 9e ff eb e9 89 e8 e9 ef fd ff ff 0f 0$
0b 48 89 ef e8 fb f6 9c ff 48 8b 45 08 a8 01 75 24 f0 ff 4d 34
RSP: 0018:ffffa03ac026bdf8 EFLAGS: 00010246
------------[ cut here ]------------
...
Call Trace:
erofs_listxattr+0x30/0x2c0
? selinux_inode_listxattr+0x5a/0x80
? kmem_cache_alloc+0x33/0x170
? security_inode_listxattr+0x27/0x40
listxattr+0xaf/0xc0
path_listxattr+0x5a/0xa0
do_syscall_64+0x43/0xf0
entry_SYSCALL_64_after_hwframe+0x44/0xa9
...
---[ end trace 3c24b49408dc0c72 ]---Fix it by checking ->xattr_isize in init_inode_xattrs(),
and it also fixes improper return value -ENOTSUPP
(it should be -ENODATA if xattr is enabled) for those inodes.Fixes: b17500a0fdba ("staging: erofs: introduce xattr & acl support")
Cc: # 4.19+
Reported-by: Li Guifu
Tested-by: Li Guifu
Reviewed-by: Chao Yu
Signed-off-by: Gao Xiang
Signed-off-by: Greg Kroah-Hartman -
commit cadf1ccf1b0021d0b7a9347e102ac5258f9f98c8 upstream.
This patch enhances the missing error handling code for
xattr submodule, which improves the stability for the rare cases.Reviewed-by: Chao Yu
Signed-off-by: Chao Yu
Signed-off-by: Gao Xiang
Signed-off-by: Greg Kroah-Hartman
10 Mar, 2019
8 commits
-
commit ecd182cbf4e107928077866399100228d2359c60 upstream.
ashmem_pin() is calling range_shrink() without checking whether
range_alloc() succeeded. Also, doing memory allocation with ashmem_mutex
held should be avoided because ashmem_shrink_scan() tries to hold it.Therefore, move memory allocation for range_alloc() to ashmem_pin_unpin()
and make range_alloc() not to fail.This patch is mostly meant for backporting purpose for fuzz testing on
stable/distributor kernels, for there is a plan to remove this code in
near future.Signed-off-by: Tetsuo Handa
Cc: stable@vger.kernel.org
Reviewed-by: Joel Fernandes
Signed-off-by: Greg Kroah-Hartman -
commit fb4415a12632f0b9078a0aa80c16745d48fcfc74 upstream.
syzbot is hitting lockdep warnings [1][2][3]. This patch tries to fix
the warning by eliminating ashmem_shrink_scan() => {shmem|vfs}_fallocate()
sequence.[1] https://syzkaller.appspot.com/bug?id=87c399f6fa6955006080b24142e2ce7680295ad4
[2] https://syzkaller.appspot.com/bug?id=7ebea492de7521048355fc84210220e1038a7908
[3] https://syzkaller.appspot.com/bug?id=e02419c12131c24e2a957ea050c2ab6dcbbc3270Reported-by: syzbot
Reported-by: syzbot
Reported-by: syzbot
Signed-off-by: Tetsuo Handa
Cc: stable@vger.kernel.org
Acked-by: Joel Fernandes (Google)
Signed-off-by: Greg Kroah-Hartman -
commit 9bcf065e28122588a6cbee08cf847826dacbb438 upstream.
In the first loop, gfp_flags will be modified to high_order_gfp_flags,
and there will be no chance to change back to low_order_gfp_flags.Fixes: e7f63771b60e ("ION: Sys_heap: Add cached pool to spead up cached buffer alloc")
Signed-off-by: Qing Xia
Cc: stable
Signed-off-by: Jing Xia
Reviewed-by: Yuming Han
Reviewed-by: Zhaoyang Huang
Reviewed-by: Orson Zhai
Signed-off-by: Greg Kroah-Hartman -
commit dda037057a572f5c82ac2499eb4e6fb17600ba3e upstream.
Set correct value in '->vif_num' for the total number of interfaces and
set '->idx' value using 'i'.Fixes: 735bb39ca3be ("staging: wilc1000: simplify vif[i]->ndev accesses")
Fixes: 0e490657c721 ("staging: wilc1000: Fix problem with wrong vif index")
Cc:
Suggested-by: Dan Carpenter
Reviewed-by: Dan Carpenter
Signed-off-by: Greg Kroah-Hartman
Signed-off-by: Greg Kroah-Hartman -
commit 479826cc86118e0d87e5cefb3df5b748e0480924 upstream.
Add missing break statement in order to prevent the code from falling
through to the default case and return -EINVAL every time.This bug was found thanks to the ongoing efforts to enable
-Wimplicit-fallthrough.Fixes: aa94f2888825 ("staging: comedi: ni_660x: tidy up ni_660x_set_pfi_routing()")
Cc: stable@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva
Reviewed-by: Ian Abbott
Signed-off-by: Greg Kroah-Hartman -
commit af692e117cb8cd9d3d844d413095775abc1217f9 upstream.
This patch resolves the following page use-after-free issue,
z_erofs_vle_unzip:
...
for (i = 0; i < nr_pages; ++i) {
...
z_erofs_onlinepage_endio(page); (1)
}for (i = 0; i < clusterpages; ++i) {
page = compressed_pages[i];if (page->mapping == mngda) (2)
continue;
/* recycle all individual staging pages */
(void)z_erofs_gather_if_stagingpage(page_pool, page); (3)
WRITE_ONCE(compressed_pages[i], NULL);
}
...After (1) is executed, page is freed and could be then reused, if
compressed_pages is scanned after that, it could fall info (2) or
(3) by mistake and that could finally be in a mess.This patch aims to solve the above issue only with little changes
as much as possible in order to make the fix backport easier.Fixes: 3883a79abd02 ("staging: erofs: introduce VLE decompression support")
Cc: # 4.19+
Signed-off-by: Gao Xiang
Reviewed-by: Chao Yu
Signed-off-by: Greg Kroah-Hartman -
commit 1e5ceeab6929585512c63d05911d6657064abf7b upstream.
Considering a read request with two decompressed file pages,
If a decompression work cannot be started on the previous page
due to memory pressure but in-memory LTP map lookup is done,
builder->work should be still NULL.Moreover, if the current page also belongs to the same map,
it won't try to start the decompression work again and then
run into trouble.This patch aims to solve the above issue only with little changes
as much as possible in order to make the fix backport easier.kernel message is:
[1051408.015930s]SLUB: Unable to allocate memory on node -1, gfp=0x2408040(GFP_NOFS|__GFP_ZERO)
[1051408.015930s] cache: erofs_compress, object size: 144, buffer size: 144, default order: 0, min order: 0
[1051408.015930s] node 0: slabs: 98, objs: 2744, free: 0
* Cannot allocate the decompression work[1051408.015960s]erofs: z_erofs_vle_normalaccess_readpages, readahead error at page 1008 of nid 5391488
* Note that the previous page was failed to read[1051408.015960s]Internal error: Accessing user space memory outside uaccess.h routines: 96000005 [#1] PREEMPT SMP
...
[1051408.015991s]Hardware name: kirin710 (DT)
...
[1051408.016021s]PC is at z_erofs_vle_work_add_page+0xa0/0x17c
[1051408.016021s]LR is at z_erofs_do_read_page+0x12c/0xcf0
...
[1051408.018096s][] z_erofs_vle_work_add_page+0xa0/0x17c
[1051408.018096s][] z_erofs_vle_normalaccess_readpages+0x1a0/0x37c
[1051408.018096s][] read_pages+0x70/0x190
[1051408.018127s][] __do_page_cache_readahead+0x194/0x1a8
[1051408.018127s][] filemap_fault+0x398/0x684
[1051408.018127s][] __do_fault+0x8c/0x138
[1051408.018127s][] handle_pte_fault+0x730/0xb7c
[1051408.018127s][] __handle_mm_fault+0xac/0xf4
[1051408.018157s][] handle_mm_fault+0x7c/0x118
[1051408.018157s][] do_page_fault+0x354/0x474
[1051408.018157s][] do_translation_fault+0x40/0x48
[1051408.018157s][] do_mem_abort+0x80/0x100
[1051408.018310s]---[ end trace 9f4009a3283bd78b ]---Fixes: 3883a79abd02 ("staging: erofs: introduce VLE decompression support")
Cc: # 4.19+
Signed-off-by: Gao Xiang
Reviewed-by: Chao Yu
Signed-off-by: Greg Kroah-Hartman
Signed-off-by: Greg Kroah-Hartman -
commit a112152f6f3a2a88caa6f414d540bd49e406af60 upstream.
EROFS has an optimized path called TAIL merging, which is designed
to merge multiple reads and the corresponding decompressions into
one if these requests read continuous pages almost at the same time.In general, it behaves as follows:
________________________________________________________________
... | TAIL . HEAD | PAGE | PAGE | TAIL . HEAD | ...
_____|_combined page A_|________|________|_combined page B_|____
1 ] -> [ 2 ] -> [ 3
If the above three reads are requested in the order 1-2-3, it will
generate a large work chain rather than 3 individual work chains
to reduce scheduling overhead and boost up sequential read.However, if Read 2 is processed slightly earlier than Read 1,
currently it still generates 2 individual work chains (chain 1, 2)
but it does in-place decompression for combined page A, moreover,
if chain 2 decompresses ahead of chain 1, it will be a race and
lead to corrupted decompressed page. This patch fixes it.Fixes: 3883a79abd02 ("staging: erofs: introduce VLE decompression support")
Cc: # 4.19+
Signed-off-by: Gao Xiang
Reviewed-by: Chao Yu
Signed-off-by: Greg Kroah-Hartman
06 Mar, 2019
2 commits
-
[ Upstream commit 31eb79db420a3f94c4c45a8c0a05cd30e333f981 ]
Often userspace doesn't know when the kernel will be calling dma_buf_detach
on the buffer.
If userpace starts its CPU access at the same time as the sg list is being
freed it could end up accessing the sg list after it has been freed.Thread A Thread B
- DMA_BUF_IOCTL_SYNC IOCT
- ion_dma_buf_begin_cpu_access
- list_for_each_entry
- ion_dma_buf_detatch
- free_duped_table
- dma_sync_sg_for_cpuFix this by getting the ion_buffer lock before freeing the sg table memory.
Fixes: 2a55e7b5e544 ("staging: android: ion: Call dma_map_sg for syncing and mapping")
Signed-off-by: Liam Mark
Acked-by: Laura Abbott
Acked-by: Andrew F. Davis
Signed-off-by: Greg Kroah-Hartman
Signed-off-by: Sasha Levin -
[ Upstream commit 97715058b70da1262fd07798c8b2e3e894f759dd ]
When CONFIG_NO_AUTO_INLINE was present in linux-next (which added
'-fno-inline-functions' to KBUILD_CFLAGS), an allyesconfig build with
Clang failed at the modpost stage:ERROR: "is_broadcast_mac_addr" [drivers/staging/rtl8723bs/r8723bs.ko] undefined!
ERROR: "is_zero_mac_addr" [drivers/staging/rtl8723bs/r8723bs.ko] undefined!
ERROR: "is_multicast_mac_addr" [drivers/staging/rtl8723bs/r8723bs.ko] undefined!These functions were marked as extern inline, meaning that if inlining
doesn't happen, the function will be undefined, as it is above.This happens to work with GCC because the '-fno-inline-functions' option
respects the __inline attribute so all instances of these functions are
inlined as expected and the definition doesn't actually matter. However,
with Clang and '-fno-inline-functions', a function has to be marked with
the __always_inline attribute to be considered for inlining, which none
of these functions are. Clang tries to find the symbol definition
elsewhere as it was told and fails, which trickles down to modpost.To make sure that this code compiles regardless of compiler and make the
intention of the code clearer, use 'static' to ensure these functions
are always defined, regardless of inlining. Additionally, silence a
checkpatch warning by switching from '__inline' to 'inline'.Signed-off-by: Nathan Chancellor
Signed-off-by: Greg Kroah-Hartman
Signed-off-by: Sasha Levin
27 Feb, 2019
11 commits
-
commit b8e076a6ef253e763bfdb81e5c72bcc828b0fbeb upstream.
remove all redundant BUG_ONs, and turn the rest
useful usages to DBG_BUGONs.Signed-off-by: Gao Xiang
Reviewed-by: Chao Yu
Signed-off-by: Greg Kroah-Hartman -
commit 70b17991d89554cdd16f3e4fb0179bcc03c808d9 upstream.
remove all redundant BUG_ONs, and turn the rest
useful usages to DBG_BUGONs.Signed-off-by: Gao Xiang
Reviewed-by: Chao Yu
Signed-off-by: Greg Kroah-Hartman -
commit 8b987bca2d09649683cbe496419a011df8c08493 upstream.
remove all redundant BUG_ONs, and turn the rest
useful usages to DBG_BUGONs.Signed-off-by: Gao Xiang
Signed-off-by: Greg Kroah-Hartman -
commit 948bbdb1818b7ad6e539dad4fbd2dd4650793ea9 upstream.
Just like other generic locks, insert a full barrier
in case of memory reorder.Reviewed-by: Chao Yu
Signed-off-by: Gao Xiang
Signed-off-by: Greg Kroah-Hartman -
commit 73f5c66df3e26ab750cefcb9a3e08c71c9f79cad upstream.
There are two minor issues in the current freeze interface:
1) Freeze interfaces have not related with CONFIG_DEBUG_SPINLOCK,
therefore fix the incorrect conditions;2) For SMP platforms, it should also disable preemption before
doing atomic_cmpxchg in case that some high priority tasks
preempt between atomic_cmpxchg and disable_preempt, then spin
on the locked refcount later.Reviewed-by: Chao Yu
Signed-off-by: Gao Xiang
Signed-off-by: Greg Kroah-Hartman -
commit df134b8d17b90c1e7720e318d36416b57424ff7a upstream.
It's better to use atomic_cond_read_relaxed, which is implemented
in hardware instructions to monitor a variable changes currently
for ARM64, instead of open-coded busy waiting.Reviewed-by: Chao Yu
Signed-off-by: Gao Xiang
Signed-off-by: Greg Kroah-Hartman -
commit e9c892465583c8f42d61fafe30970d36580925df upstream.
There is actually no need at all to d_rehash() for the root dentry
as Al pointed out, fix it.Reported-by: Al Viro
Cc: Al Viro
Signed-off-by: Gao Xiang
Signed-off-by: Greg Kroah-Hartman -
commit e5e3abbadf0dbd1068f64f8abe70401c5a178180 upstream.
Multiref support means that a compressed page could have
more than one reference, which is designed for on-disk data
deduplication. However, mkfs doesn't support this mode
at this moment, and the kernel implementation is also broken.Let's drop multiref support. If it is fully implemented
in the future, it can be reverted later.Signed-off-by: Gao Xiang
Reviewed-by: Chao Yu
Signed-off-by: Greg Kroah-Hartman -
commit 9141b60cf6a53c99f8a9309bf8e1c6650a6785c1 upstream.
This patch replace BUG_ON with DBG_BUGON in data.c, and add necessary
error handler.Signed-off-by: Chen Gong
Reviewed-by: Gao Xiang
Reviewed-by: Chao Yu
Signed-off-by: Gao Xiang
Signed-off-by: Greg Kroah-Hartman -
commit 1e05ff36e6921ca61bdbf779f81a602863569ee3 upstream.
This patch completes error handing code of z_erofs_do_read_page.
PG_error will be set when some read error happens, therefore
z_erofs_onlinepage_endio will unlock this page without setting
PG_uptodate.Reviewed-by: Chao Yu
Signed-off-by: Gao Xiang
Signed-off-by: Greg Kroah-Hartman -
commit 0734ffbf574ee813b20899caef2fe0ed502bb783 upstream.
As described in Kconfig, the last compressed pack should be cached
for further reading for either `EROFS_FS_ZIP_CACHE_UNIPOLAR' or
`EROFS_FS_ZIP_CACHE_BIPOLAR' by design.However, there is a bug in z_erofs_do_read_page, it will
switch `initial' to `false' at the very beginning before it decides
to cache the last compressed pack.caching strategy should work properly after appling this patch.
Reviewed-by: Chao Yu
Signed-off-by: Gao Xiang
Signed-off-by: Greg Kroah-Hartman
13 Feb, 2019
1 commit
-
commit a1960e0f1639cb1f7a3d94521760fc73091f6640 upstream.
The send_xchar() and tiocmset() tty operations are optional. Add the
missing sanity checks to prevent user-space triggerable NULL-pointer
dereferences.Fixes: 6b9ad1c742bf ("staging: speakup: add send_xchar, tiocmset and input functionality for tty")
Cc: stable # 4.13
Cc: Okash Khawaja
Cc: Samuel Thibault
Signed-off-by: Johan Hovold
Reviewed-by: Samuel Thibault
Signed-off-by: Greg Kroah-Hartman
