Permalink
Commits on Oct 3, 2017
  1. Makefile: prepare for linux4sam 5.7

    noglitch committed Oct 3, 2017
    Signed-off-by: Nicolas Ferre <nicolas.ferre@microchip.com>
Commits on Oct 2, 2017
  1. ARM: at91: sama5_defconfig: add back CONFIG_JUMP_LABEL

    noglitch committed Oct 2, 2017
    Add back this configuration option as it increases a lot the performance
    of the network subsystem.
    Beware: this option changes the binary of the kernel at runtime: pay attention
    if you use the Integrity Check Monitor (ICM) with the kernel image!
    
    Signed-off-by: Nicolas Ferre <nicolas.ferre@microchip.com>
  2. ARM: at91: sama5_defconfig: remove PERF and KALLSYMS

    noglitch committed Oct 2, 2017
    For performance reasons, remove some symbols and perf events to the default
    configuration.
    
    Signed-off-by: Nicolas Ferre <nicolas.ferre@microchip.com>
  3. Merge tag 'v4.9.52' into linux-4.9-at91

    noglitch committed Oct 2, 2017
    This is the 4.9.52 stable release
  4. Revert "Makefile: linux4sam_5.7-rc7"

    noglitch committed Oct 2, 2017
    This reverts commit 8be0870.
    
    Signed-off-by: Nicolas Ferre <nicolas.ferre@microchip.com>
Commits on Sep 28, 2017
  1. ARM: at91: sama5_defconfig: add mtd tests as modules

    noglitch committed Sep 28, 2017
    Signed-off-by: Nicolas Ferre <nicolas.ferre@microchip.com>
Commits on Sep 27, 2017
  1. Linux 4.9.52

    gregkh committed Sep 27, 2017
  2. bcache: fix bch_hprint crash and improve output

    mlyle authored and gregkh committed Sep 6, 2017
    commit 9276717 upstream.
    
    Most importantly, solve a crash where %llu was used to format signed
    numbers.  This would cause a buffer overflow when reading sysfs
    writeback_rate_debug, as only 20 bytes were allocated for this and
    %llu writes 20 characters plus a null.
    
    Always use the units mechanism rather than having different output
    paths for simplicity.
    
    Also, correct problems with display output where 1.10 was a larger
    number than 1.09, by multiplying by 10 and then dividing by 1024 instead
    of dividing by 100.  (Remainders of >= 1000 would print as .10).
    
    Minor changes: Always display the decimal point instead of trying to
    omit it based on number of digits shown.  Decide what units to use
    based on 1000 as a threshold, not 1024 (in other words, always print
    at most 3 digits before the decimal point).
    
    Signed-off-by: Michael Lyle <mlyle@lyle.org>
    Reported-by: Dmitry Yu Okunev <dyokunev@ut.mephi.ru>
    Acked-by: Kent Overstreet <kent.overstreet@gmail.com>
    Reviewed-by: Coly Li <colyli@suse.de>
    Signed-off-by: Jens Axboe <axboe@kernel.dk>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  3. bcache: fix for gc and write-back race

    Tang Junhui authored and gregkh committed Sep 6, 2017
    commit 9baf309 upstream.
    
    gc and write-back get raced (see the email "bcache get stucked" I sended
    before):
    gc thread                               write-back thread
    |                                       |bch_writeback_thread()
    |bch_gc_thread()                        |
    |                                       |==>read_dirty()
    |==>bch_btree_gc()                      |
    |==>btree_root() //get btree root       |
    |                //node write locker    |
    |==>bch_btree_gc_root()                 |
    |                                       |==>read_dirty_submit()
    |                                       |==>write_dirty()
    |                                       |==>continue_at(cl,
    |                                       |               write_dirty_finish,
    |                                       |               system_wq);
    |                                       |==>write_dirty_finish()//excute
    |                                       |               //in system_wq
    |                                       |==>bch_btree_insert()
    |                                       |==>bch_btree_map_leaf_nodes()
    |                                       |==>__bch_btree_map_nodes()
    |                                       |==>btree_root //try to get btree
    |                                       |              //root node read
    |                                       |              //lock
    |                                       |-----stuck here
    |==>bch_btree_set_root()
    |==>bch_journal_meta()
    |==>bch_journal()
    |==>journal_try_write()
    |==>journal_write_unlocked() //journal_full(&c->journal)
    |                            //condition satisfied
    |==>continue_at(cl, journal_write, system_wq); //try to excute
    |                               //journal_write in system_wq
    |                               //but work queue is excuting
    |                               //write_dirty_finish()
    |==>closure_sync(); //wait journal_write execute
    |                   //over and wake up gc,
    |-------------stuck here
    |==>release root node write locker
    
    This patch alloc a separate work-queue for write-back thread to avoid such
    race.
    
    (Commit log re-organized by Coly Li to pass checkpatch.pl checking)
    
    Signed-off-by: Tang Junhui <tang.junhui@zte.com.cn>
    Acked-by: Coly Li <colyli@suse.de>
    Signed-off-by: Jens Axboe <axboe@kernel.dk>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  4. bcache: Correct return value for sysfs attach errors

    tasleson authored and gregkh committed Sep 6, 2017
    commit 77fa100 upstream.
    
    If you encounter any errors in bch_cached_dev_attach it will return
    a negative error code.  The variable 'v' which stores the result is
    unsigned, thus user space sees a very large value returned for bytes
    written which can cause incorrect user space behavior.  Utilize 1
    signed variable to use throughout the function to preserve error return
    capability.
    
    Signed-off-by: Tony Asleson <tasleson@redhat.com>
    Acked-by: Coly Li <colyli@suse.de>
    Signed-off-by: Jens Axboe <axboe@kernel.dk>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  5. bcache: correct cache_dirty_target in __update_writeback_rate()

    Tang Junhui authored and gregkh committed Sep 6, 2017
    commit a839409 upstream.
    
    __update_write_rate() uses a Proportion-Differentiation Controller
    algorithm to control writeback rate. A dirty target number is used in
    this PD controller to control writeback rate. A larger target number
    will make the writeback rate smaller, on the versus, a smaller target
    number will make the writeback rate larger.
    
    bcache uses the following steps to calculate the target number,
    1) cache_sectors = all-buckets-of-cache-set * buckets-size
    2) cache_dirty_target = cache_sectors * cached-device-writeback_percent
    3) target = cache_dirty_target *
    (sectors-of-cached-device/sectors-of-all-cached-devices-of-this-cache-set)
    
    The calculation at step 1) for cache_sectors is incorrect, which does
    not consider dirty blocks occupied by flash only volume.
    
    A flash only volume can be took as a bcache device without cached
    device. All data sectors allocated for it are persistent on cache device
    and marked dirty, they are not touched by bcache writeback and garbage
    collection code. So data blocks of flash only volume should be ignore
    when calculating cache_sectors of cache set.
    
    Current code does not subtract dirty sectors of flash only volume, which
    results a larger target number from the above 3 steps. And in sequence
    the cache device's writeback rate is smaller then a correct value,
    writeback speed is slower on all cached devices.
    
    This patch fixes the incorrect slower writeback rate by subtracting
    dirty sectors of flash only volumes in __update_writeback_rate().
    
    (Commit log composed by Coly Li to pass checkpatch.pl checking)
    
    Signed-off-by: Tang Junhui <tang.junhui@zte.com.cn>
    Reviewed-by: Coly Li <colyli@suse.de>
    Signed-off-by: Jens Axboe <axboe@kernel.dk>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  6. bcache: do not subtract sectors_to_gc for bypassed IO

    Tang Junhui authored and gregkh committed Sep 6, 2017
    commit 69daf03 upstream.
    
    Since bypassed IOs use no bucket, so do not subtract sectors_to_gc to
    trigger gc thread.
    
    Signed-off-by: tang.junhui <tang.junhui@zte.com.cn>
    Acked-by: Coly Li <colyli@suse.de>
    Reviewed-by: Eric Wheeler <bcache@linux.ewheeler.net>
    Reviewed-by: Christoph Hellwig <hch@lst.de>
    Signed-off-by: Jens Axboe <axboe@kernel.dk>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  7. bcache: Fix leak of bdev reference

    jankara authored and gregkh committed Sep 6, 2017
    commit 4b758df upstream.
    
    If blkdev_get_by_path() in register_bcache() fails, we try to lookup the
    block device using lookup_bdev() to detect which situation we are in to
    properly report error. However we never drop the reference returned to
    us from lookup_bdev(). Fix that.
    
    Signed-off-by: Jan Kara <jack@suse.cz>
    Acked-by: Coly Li <colyli@suse.de>
    Signed-off-by: Jens Axboe <axboe@kernel.dk>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  8. bcache: initialize dirty stripes in flash_dev_run()

    Tang Junhui authored and gregkh committed Sep 6, 2017
    commit 175206c upstream.
    
    bcache uses a Proportion-Differentiation Controller algorithm to control
    writeback rate to cached devices. In the PD controller algorithm, dirty
    stripes of thin flash device should not be counted in, because flash only
    volumes never write back dirty data.
    
    Currently dirty stripe counter for thin flash device is not initialized
    when the thin flash device starts. Which means the following calculation
    in PD controller will reference an undefined dirty stripes number, and
    all cached devices attached to the same cache set where the thin flash
    device lies on may have an inaccurate writeback rate.
    
    This patch calles bch_sectors_dirty_init() in flash_dev_run(), to
    correctly initialize dirty stripe counter when the thin flash device
    starts to run. This patch also does following parameter data type change,
     -void bch_sectors_dirty_init(struct cached_dev *dc);
     +void bch_sectors_dirty_init(struct bcache_device *);
    to call this function conveniently in flash_dev_run().
    
    (Commit log is composed by Coly Li)
    
    Signed-off-by: Tang Junhui <tang.junhui@zte.com.cn>
    Reviewed-by: Coly Li <colyli@suse.de>
    Signed-off-by: Jens Axboe <axboe@kernel.dk>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  9. PM / devfreq: Fix memory leak when fail to register device

    Chanwoo Choi authored and gregkh committed Aug 24, 2017
    commit 9e14de1 upstream.
    
    When the devfreq_add_device fails to register deivce, the memory
    leak of devfreq instance happen. So, this patch fix the memory
    leak issue. Before freeing the devfreq instance checks whether
    devfreq instance is NULL or not because the device_unregister()
    frees the devfreq instance when jumping to the 'err_init'.
    It is to prevent the duplicate the kfee(devfreq).
    
    Fixes: ac4b281 ("PM / devfreq: fix duplicated kfree on devfreq pointer")
    Signed-off-by: Chanwoo Choi <cw00.choi@samsung.com>
    Signed-off-by: MyungJoo Ham <myungjoo.ham@samsung.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  10. media: uvcvideo: Prevent heap overflow when accessing mapped controls

    groeck authored and gregkh committed Aug 8, 2017
    commit 7e09f7d upstream.
    
    The size of uvc_control_mapping is user controlled leading to a
    potential heap overflow in the uvc driver. This adds a check to verify
    the user provided size fits within the bounds of the defined buffer
    size.
    
    Originally-from: Richard Simmons <rssimmo@amazon.com>
    
    Signed-off-by: Guenter Roeck <linux@roeck-us.net>
    Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
    Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
    Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  11. media: v4l2-compat-ioctl32: Fix timespec conversion

    danielmentzgoogle authored and gregkh committed Aug 3, 2017
    commit 9c7ba1d upstream.
    
    Certain syscalls like recvmmsg support 64 bit timespec values for the
    X32 ABI. The helper function compat_put_timespec converts a timespec
    value to a 32 bit or 64 bit value depending on what ABI is used. The
    v4l2 compat layer, however, is not designed to support 64 bit timespec
    values and always uses 32 bit values. Hence, compat_put_timespec must
    not be used.
    
    Without this patch, user space will be provided with bad timestamp
    values from the VIDIOC_DQEVENT ioctl. Also, fields of the struct
    v4l2_event32 that come immediately after timestamp get overwritten,
    namely the field named id.
    
    Fixes: 81993e8 ("compat: Get rid of (get|put)_compat_time(val|spec)")
    Cc: H. Peter Anvin <hpa@linux.intel.com>
    Cc: Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>
    Cc: Tiffany Lin <tiffany.lin@mediatek.com>
    Cc: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
    Cc: Sakari Ailus <sakari.ailus@linux.intel.com>
    Signed-off-by: Daniel Mentz <danielmentz@google.com>
    Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
    Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  12. s390/mm: fix race on mm->context.flush_mm

    Martin Schwidefsky authored and gregkh committed Aug 17, 2017
    commit 60f07c8 upstream.
    
    The order in __tlb_flush_mm_lazy is to flush TLB first and then clear
    the mm->context.flush_mm bit. This can lead to missed flushes as the
    bit can be set anytime, the order needs to be the other way aronud.
    
    But this leads to a different race, __tlb_flush_mm_lazy may be called
    on two CPUs concurrently. If mm->context.flush_mm is cleared first then
    another CPU can bypass __tlb_flush_mm_lazy although the first CPU has
    not done the flush yet. In a virtualized environment the time until the
    flush is finally completed can be arbitrarily long.
    
    Add a spinlock to serialize __tlb_flush_mm_lazy and use the function
    in finish_arch_post_lock_switch as well.
    
    Reviewed-by: Heiko Carstens <heiko.carstens@de.ibm.com>
    Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  13. s390/mm: fix local TLB flushing vs. detach of an mm address space

    Martin Schwidefsky authored and gregkh committed Aug 16, 2017
    commit b3e5dc4 upstream.
    
    The local TLB flushing code keeps an additional mask in the mm.context,
    the cpu_attach_mask. At the time a global flush of an address space is
    done the cpu_attach_mask is copied to the mm_cpumask in order to avoid
    future global flushes in case the mm is used by a single CPU only after
    the flush.
    
    Trouble is that the reset of the mm_cpumask is racy against the detach
    of an mm address space by switch_mm. The current order is first the
    global TLB flush and then the copy of the cpu_attach_mask to the
    mm_cpumask. The order needs to be the other way around.
    
    Reviewed-by: Heiko Carstens <heiko.carstens@de.ibm.com>
    Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  14. net/netfilter/nf_conntrack_core: Fix net_conntrack_lock()

    manfred-colorfu authored and gregkh committed Jul 6, 2017
    commit 3ef0c7a upstream.
    
    As we want to remove spin_unlock_wait() and replace it with explicit
    spin_lock()/spin_unlock() calls, we can use this to simplify the
    locking.
    
    In addition:
    - Reading nf_conntrack_locks_all needs ACQUIRE memory ordering.
    - The new code avoids the backwards loop.
    
    Only slightly tested, I did not manage to trigger calls to
    nf_conntrack_all_lock().
    
    V2: With improved comments, to clearly show how the barriers
        pair.
    
    Fixes: b16c291 ("netfilter: nf_conntrack: use safer way to lock all buckets")
    Signed-off-by: Manfred Spraul <manfred@colorfullife.com>
    Cc: Alan Stern <stern@rowland.harvard.edu>
    Cc: Sasha Levin <sasha.levin@oracle.com>
    Cc: Pablo Neira Ayuso <pablo@netfilter.org>
    Cc: netfilter-devel@vger.kernel.org
    Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  15. PCI: pciehp: Report power fault only once until we clear it

    keithbusch authored and gregkh committed Aug 1, 2017
    commit 7612b3b upstream.
    
    When a power fault occurs, the power controller sets Power Fault Detected
    in the Slot Status register, and pciehp_isr() queues an INT_POWER_FAULT
    event to handle it.
    
    It also clears Power Fault Detected, but since nothing has yet changed to
    correct the power fault, the power controller will likely set it again
    immediately, which may cause an infinite loop when pcie_isr() rechecks
    Slot Status.
    
    Fix that by masking off Power Fault Detected from new events if the driver
    hasn't seen the power fault clear from the previous handling attempt.
    
    Fixes: fad214b ("PCI: pciehp: Process all hotplug events before looking for new ones")
    Signed-off-by: Keith Busch <keith.busch@intel.com>
    [bhelgaas: changelog, pull test out and add comment]
    Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
    Cc: Mayurkumar Patel <mayurkumar.patel@intel.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  16. PCI: shpchp: Enable bridge bus mastering if MSI is enabled

    zuban32 authored and gregkh committed Jul 18, 2017
    commit 48b79a1 upstream.
    
    An SHPC may generate MSIs to notify software about slot or controller
    events (SHPC spec r1.0, sec 4.7).  A PCI device can only generate an MSI if
    it has bus mastering enabled.
    
    Enable bus mastering if the bridge contains an SHPC that uses MSI for event
    notifications.
    
    Signed-off-by: Aleksandr Bezzubikov <zuban32s@gmail.com>
    [bhelgaas: changelog]
    Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
    Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
    Acked-by: Michael S. Tsirkin <mst@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  17. ARC: Re-enable MMU upon Machine Check exception

    Jose Abreu authored and gregkh committed Sep 1, 2017
    commit 1ee55a8 upstream.
    
    I recently came upon a scenario where I would get a double fault
    machine check exception tiriggered by a kernel module.
    However the ensuing crash stacktrace (ksym lookup) was not working
    correctly.
    
    Turns out that machine check auto-disables MMU while modules are allocated
    in kernel vaddr spapce.
    
    This patch re-enables the MMU before start printing the stacktrace
    making stacktracing of modules work upon a fatal exception.
    
    Signed-off-by: Jose Abreu <joabreu@synopsys.com>
    Reviewed-by: Alexey Brodkin <abrodkin@synopsys.com>
    Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
    [vgupta: moved code into low level handler to avoid in 2 places]
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  18. tracing: Apply trace_clock changes to instance max buffer

    baohongliu authored and gregkh committed Sep 5, 2017
    commit 170b3b1 upstream.
    
    Currently trace_clock timestamps are applied to both regular and max
    buffers only for global trace. For instance trace, trace_clock
    timestamps are applied only to regular buffer. But, regular and max
    buffers can be swapped, for example, following a snapshot. So, for
    instance trace, bad timestamps can be seen following a snapshot.
    Let's apply trace_clock timestamps to instance max buffer as well.
    
    Link: http://lkml.kernel.org/r/ebdb168d0be042dcdf51f81e696b17fabe3609c1.1504642143.git.tom.zanussi@linux.intel.com
    
    Fixes: 277ba04 ("tracing: Add interface to allow multiple trace buffers")
    Signed-off-by: Baohong Liu <baohong.liu@intel.com>
    Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  19. tracing: Add barrier to trace_printk() buffer nesting modification

    rostedt authored and gregkh committed Sep 5, 2017
    commit 3d9622c upstream.
    
    trace_printk() uses 4 buffers, one for each context (normal, softirq, irq
    and NMI), such that it does not need to worry about one context preempting
    the other. There's a nesting counter that gets incremented to figure out
    which buffer to use. If the context gets preempted by another context which
    calls trace_printk() it will increment the counter and use the next buffer,
    and restore the counter when it is finished.
    
    The problem is that gcc may optimize the modification of the buffer nesting
    counter and it may not be incremented in memory before the buffer is used.
    If this happens, and the context gets interrupted by another context, it
    could pick the same buffer and corrupt the one that is being used.
    
    Compiler barriers need to be added after the nesting variable is incremented
    and before it is decremented to prevent usage of the context buffers by more
    than one context at the same time.
    
    Cc: Andy Lutomirski <luto@kernel.org>
    Fixes: e2ace00 ("tracing: Choose static tp_printk buffer by explicit nesting count")
    Hat-tip-to: Peter Zijlstra <peterz@infradead.org>
    Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  20. ftrace: Fix memleak when unregistering dynamic ops when tracing disabled

    rostedt authored and gregkh committed Sep 1, 2017
    commit edb096e upstream.
    
    If function tracing is disabled by the user via the function-trace option or
    the proc sysctl file, and a ftrace_ops that was allocated on the heap is
    unregistered, then the shutdown code exits out without doing the proper
    clean up. This was found via kmemleak and running the ftrace selftests, as
    one of the tests unregisters with function tracing disabled.
    
     # cat kmemleak
    unreferenced object 0xffffffffa0020000 (size 4096):
      comm "swapper/0", pid 1, jiffies 4294668889 (age 569.209s)
      hex dump (first 32 bytes):
        55 ff 74 24 10 55 48 89 e5 ff 74 24 18 55 48 89  U.t$.UH...t$.UH.
        e5 48 81 ec a8 00 00 00 48 89 44 24 50 48 89 4c  .H......H.D$PH.L
      backtrace:
        [<ffffffff81d64665>] kmemleak_vmalloc+0x85/0xf0
        [<ffffffff81355631>] __vmalloc_node_range+0x281/0x3e0
        [<ffffffff8109697f>] module_alloc+0x4f/0x90
        [<ffffffff81091170>] arch_ftrace_update_trampoline+0x160/0x420
        [<ffffffff81249947>] ftrace_startup+0xe7/0x300
        [<ffffffff81249bd2>] register_ftrace_function+0x72/0x90
        [<ffffffff81263786>] trace_selftest_ops+0x204/0x397
        [<ffffffff82bb8971>] trace_selftest_startup_function+0x394/0x624
        [<ffffffff81263a75>] run_tracer_selftest+0x15c/0x1d7
        [<ffffffff82bb83f1>] init_trace_selftests+0x75/0x192
        [<ffffffff81002230>] do_one_initcall+0x90/0x1e2
        [<ffffffff82b7d620>] kernel_init_freeable+0x350/0x3fe
        [<ffffffff81d61ec3>] kernel_init+0x13/0x122
        [<ffffffff81d72c6a>] ret_from_fork+0x2a/0x40
        [<ffffffffffffffff>] 0xffffffffffffffff
    
    Fixes: 12cce59 ("ftrace/x86: Allow !CONFIG_PREEMPT dynamic ops to use allocated trampolines")
    Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  21. ftrace: Fix selftest goto location on error

    rostedt authored and gregkh committed Sep 1, 2017
    commit 46320a6 upstream.
    
    In the second iteration of trace_selftest_ops(), the error goto label is
    wrong in the case where trace_selftest_test_global_cnt is off. In the
    case of error, it leaks the dynamic ops that was allocated.
    
    Fixes: 95950c2 ("ftrace: Add self-tests for multiple function trace users")
    Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  22. scsi: qla2xxx: Fix an integer overflow in sysfs code

    Dan Carpenter authored and gregkh committed Aug 30, 2017
    commit e6f7754 upstream.
    
    The value of "size" comes from the user.  When we add "start + size" it
    could lead to an integer overflow bug.
    
    It means we vmalloc() a lot more memory than we had intended.  I believe
    that on 64 bit systems vmalloc() can succeed even if we ask it to
    allocate huge 4GB buffers.  So we would get memory corruption and likely
    a crash when we call ha->isp_ops->write_optrom() and ->read_optrom().
    
    Only root can trigger this bug.
    
    Link: https://bugzilla.kernel.org/show_bug.cgi?id=194061
    
    Fixes: b7cc176 ("[SCSI] qla2xxx: Allow region-based flash-part accesses.")
    Reported-by: shqking <shqking@gmail.com>
    Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
    Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  23. scsi: qla2xxx: Correction to vha->vref_count timeout

    Joe Carnuccio authored and gregkh committed Aug 23, 2017
    commit 6e98095 upstream.
    
    Fix incorrect second argument for wait_event_timeout()
    
    Fixes: c4a9b53 ("qla2xxx: Allow vref count to timeout on vport delete.")
    Signed-off-by: Joe Carnuccio <joe.carnuccio@cavium.com>
    Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
    Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  24. scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE

    hreinecke authored and gregkh committed Sep 15, 2017
    commit 3e00974 upstream.
    
    When calling SG_GET_REQUEST_TABLE ioctl only a half-filled table is
    returned; the remaining part will then contain stale kernel memory
    information.  This patch zeroes out the entire table to avoid this
    issue.
    
    Signed-off-by: Hannes Reinecke <hare@suse.com>
    Reviewed-by: Bart Van Assche <bart.vanassche@wdc.com>
    Reviewed-by: Christoph Hellwig <hch@lst.de>
    Reviewed-by: Eric Dumazet <edumazet@google.com>
    Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  25. scsi: sg: factor out sg_fill_request_table()

    hreinecke authored and gregkh committed Sep 15, 2017
    commit 4759df9 upstream.
    
    Factor out sg_fill_request_table() for better readability.
    
    [mkp: typos, applied by hand]
    
    Signed-off-by: Hannes Reinecke <hare@suse.com>
    Reviewed-by: Bart Van Assche <bart.vanassche@wdc.com>
    Reviewed-by: Christoph Hellwig <hch@lst.de>
    Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  26. scsi: sg: off by one in sg_ioctl()

    Dan Carpenter authored and gregkh committed Aug 17, 2017
    commit bd46fc4 upstream.
    
    If "val" is SG_MAX_QUEUE then we are one element beyond the end of the
    "rinfo" array so the > should be >=.
    
    Fixes: 109bade ("scsi: sg: use standard lists for sg_requests")
    Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
    Acked-by: Douglas Gilbert <dgilbert@interlog.com>
    Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  27. scsi: sg: use standard lists for sg_requests

    hreinecke authored and gregkh committed Apr 7, 2017
    commit 109bade upstream.
    
    'Sg_request' is using a private list implementation; convert it to
    standard lists.
    
    Signed-off-by: Hannes Reinecke <hare@suse.com>
    Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
    Tested-by: Johannes Thumshirn <jthumshirn@suse.de>
    Reviewed-by: Christoph Hellwig <hch@lst.de>
    Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  28. scsi: sg: remove 'save_scat_len'

    hreinecke authored and gregkh committed Apr 7, 2017
    commit 136e57b upstream.
    
    Unused.
    
    Signed-off-by: Hannes Reinecke <hare@suse.com>
    Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
    Tested-by: Johannes Thumshirn <jthumshirn@suse.de>
    Reviewed-by: Christoph Hellwig <hch@lst.de>
    Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>