Pull sound updates from Takashi Iwai:
"After a heavy storm by syzkaller in 4.5 cycle, we have relatively few
changes in the core at this time while a lot of changes are found in
the driver side, unsurprisingly. Below are some highlights:
ALSA core:
- A few more hardening in ALSA timer codes
- An extension of sequencer API for advertising the card / pid
- Small fixes in compress-offload and jack layers
HD-audio:
- Dynamic PCM assignment in HDMI/DP codec; preparation for upcoming
DP-MST support
- Lots of code refactoring for sharing with ASoC SKL driver
- Regression fixes for Intel HDMI/DP
- Fixups for CX20724 codec, Lenovo AiO
USB-audio:
- Add quirk_alias option to make quirk debugging easier
- Fixes for possible Oops by malformed firmware
Firewire:
- Add support for FW-1804 in tascam driver
- Improvements / changes in card registration, multi stream handling,
etc for DICE
- Lots of code refactoring
ASoC:
- Enhancements of still ongoing topology API
- Lots of commits for Intel Skylake support including HDMI support
- A few Intel Atom driver updates for recent devices
- Lots of improvements to the Renesas drivers
- Capture support for Qualcomm drivers
- Support for TI DaVinci DRA7xxx devices
- New machine drivers for Freescale systems with Cirrus CODECs,
Mediatek systems with RT5650 CODECs
- New CPU drivers for Allwinner S/PDIF controllers
- New CODEC drivers for Maxim MAX9867 and MAX98926 and Realtek RT5514"
* tag 'sound-4.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (291 commits)
ALSA: hda - Fix mutex deadlock at HDMI/DP hotplug
ALSA: ctl: change return value in compatibility layer so that it's the same value in core implementation
ALSA: mixart: silence an uninitialized variable warning
ALSA: usb-audio: Add sanity checks for endpoint accesses
ALSA: usb-audio: Minor code cleanup in create_fixed_stream_quirk()
ALSA: usb-audio: Fix NULL dereference in create_fixed_stream_quirk()
ALSA: hda - Limit i915 HDMI binding only for HSW and later
ALSA: hda - Fix unconditional GPIO toggle via automute
ALSA: mixart: silence unitialized variable warnings
ALSA: hda - Fixes double fault in nvhdmi_chmap_cea_alloc_validate_get_type
ALSA: intel8x0: Add clock quirk entry for AD1981B on IBM ThinkPad X41.
ALSA: hda - Add new GPU codec ID 0x10de0082 to snd-hda
ASoC: rsnd: add simplified module explanation
ASoC: hdac_hdmi: Add broxton device ID
ASoC: Intel: Bxtn: Add Broxton PCI ID
ASoC: Intel: Skylake: Move Skylake dsp ops & loader ops
ASoC: Intel: add dmabuffer to common sst_dsp
ASoC: Intel: Skylake: Unstatify skl_dsp_enable_core
ASoC: Intel: Skylake: Fix whitepsace issues
ASoC: Intel: Skylake: Move module id defines
...
Pull staging driver updates from Greg KH:
"Here is the big staging driver pull request for 4.6-rc1.
Lots of little things here, over 1600 patches or so. Notable is all
of the good Lustre work happening, those developers have finally woken
up and are cleaning up their code greatly. The Outreachy intern
application process is also happening, which brought in another 400 or
so patches. Full details are in the very long shortlog.
All of these have been in linux-next with no reported issues"
* tag 'staging-4.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: (1673 commits)
staging: lustre: fix aligments in lnet selftest
staging: lustre: report minimum of two buffers for LNet selftest load test
staging: lustre: test for proper errno code in lstcon_rpc_trans_abort
staging: lustre: filter remaining extra spacing for lnet selftest
staging: lustre: remove extra spacing when setting variable for lnet selftest
staging: lustre: remove extra spacing of variable declartions for lnet selftest
staging: lustre: fix spacing issues checkpatch reported in lnet selftest
staging: lustre: remove returns in void function for lnet selftest
staging: lustre: fix bogus lst errors for lnet selftest
staging: netlogic: Replacing pr_err with dev_err after the call to devm_kzalloc
staging: mt29f_spinand: Replacing pr_info with dev_info after the call to devm_kzalloc
staging: android: ion: fix up file mode
staging: ion: debugfs invalid gfp mask
staging: rts5208: Replace pci_enable_device with pcim_enable_device
Staging: ieee80211: Place constant on right side of the test.
staging: speakup: Replace del_timer with del_timer_sync
staging: lowmemorykiller: fix 2 checks that checkpatch complained
staging: mt29f_spinand: Drop void pointer cast
staging: rdma: hfi1: file_ops: Replace ALIGN with PAGE_ALIGN
staging: rdma: hfi1: driver: Replace IS_ALIGNED with PAGE_ALIGNED
...
Pull char/misc updates from Greg KH:
"Here is the big char/misc driver update for 4.6-rc1.
The majority of the patches here is hwtracing and some new mic
drivers, but there's a lot of other driver updates as well. Full
details in the shortlog.
All have been in linux-next for a while with no reported issues"
* tag 'char-misc-4.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (238 commits)
goldfish: Fix build error of missing ioremap on UM
nvmem: mediatek: Fix later provider initialization
nvmem: imx-ocotp: Fix return value of imx_ocotp_read
nvmem: Fix dependencies for !HAS_IOMEM archs
char: genrtc: replace blacklist with whitelist
drivers/hwtracing: make coresight-etm-perf.c explicitly non-modular
drivers: char: mem: fix IS_ERROR_VALUE usage
char: xillybus: Fix internal data structure initialization
pch_phub: return -ENODATA if ROM can't be mapped
Drivers: hv: vmbus: Support kexec on ws2012 r2 and above
Drivers: hv: vmbus: Support handling messages on multiple CPUs
Drivers: hv: utils: Remove util transport handler from list if registration fails
Drivers: hv: util: Pass the channel information during the init call
Drivers: hv: vmbus: avoid unneeded compiler optimizations in vmbus_wait_for_unload()
Drivers: hv: vmbus: remove code duplication in message handling
Drivers: hv: vmbus: avoid wait_for_completion() on crash
Drivers: hv: vmbus: don't loose HVMSG_TIMER_EXPIRED messages
misc: at24: replace memory_accessor with nvmem_device_read
eeprom: 93xx46: extend driver to plug into the NVMEM framework
eeprom: at25: extend driver to plug into the NVMEM framework
...
Pull read-only kernel memory updates from Ingo Molnar:
"This tree adds two (security related) enhancements to the kernel's
handling of read-only kernel memory:
- extend read-only kernel memory to a new class of formerly writable
kernel data: 'post-init read-only memory' via the __ro_after_init
attribute, and mark the ARM and x86 vDSO as such read-only memory.
This kind of attribute can be used for data that requires a once
per bootup initialization sequence, but is otherwise never modified
after that point.
This feature was based on the work by PaX Team and Brad Spengler.
(by Kees Cook, the ARM vDSO bits by David Brown.)
- make CONFIG_DEBUG_RODATA always enabled on x86 and remove the
Kconfig option. This simplifies the kernel and also signals that
read-only memory is the default model and a first-class citizen.
(Kees Cook)"
* 'mm-readonly-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
ARM/vdso: Mark the vDSO code read-only after init
x86/vdso: Mark the vDSO code read-only after init
lkdtm: Verify that '__ro_after_init' works correctly
arch: Introduce post-init read-only memory
x86/mm: Always enable CONFIG_DEBUG_RODATA and remove the Kconfig option
mm/init: Add 'rodata=off' boot cmdline parameter to disable read-only kernel mappings
asm-generic: Consolidate mark_rodata_ro()
Some SRAM users may require non-bufferable access to the memory, which is
impossible, because devm_ioremap_wc() is used for setting sram->virt_base.
This commit adds optional flag 'no-memory-wc', which allow to choose remap
method, using DT property. Documentation is updated accordingly.
Signed-off-by: Marcin Wojtas <mw@semihalf.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Add a check at the beginning of cxl_probe function to ignore virtual pci
devices created for each afu registered. This fixes the the errors
messages logged about missing CXL vsec, when cxl probe is unable to
find necessary vsec entries in device pci config space. The error
message logged are of the form :
cxl-pci 0004:00:00.0: ABORTING: CXL VSEC not found!
cxl-pci 0004:00:00.0: cxl_init_adapter failed: -19
Cc: Ian Munsie <imunsie@au1.ibm.com>
Cc: Frederic Barrat <fbarrat@linux.vnet.ibm.com>
Signed-off-by: Vaibhav Jain <vaibhav@linux.vnet.ibm.com>
Reviewed-by: fbarrat@linux.vnet.ibm.com
Reviewed-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
Acked-by: Ian Munsie <imunsie@au1.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
The cxl_get_phys_dev() API returns a struct device pointer which could
belong to either a struct pci_dev (bare-metal) or platform_device
(powerVM). To avoid potential problems in drivers, remove that API. It
was introduced to allow drivers to read the VPD of the adapter, but
the cxl driver now provides the cxl_pci_read_adapter_vpd() API for
that purpose.
Co-authored-by: Christophe Lombard <clombard@linux.vnet.ibm.com>
Signed-off-by: Frederic Barrat <fbarrat@linux.vnet.ibm.com>
Signed-off-by: Christophe Lombard <clombard@linux.vnet.ibm.com>
Acked-by: Ian Munsie <imunsie@au1.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Check the AFU state whenever an API is called. The hypervisor may
issue a reset of the adapter when it detects a fault. When it happens,
it launches an error recovery which will either move the AFU to a
permanent failure state, or in the disabled state.
If the AFU is found to be disabled, detach all existing contexts from
it before issuing a AFU reset to re-enable it.
Before detaching contexts, notify any kernel driver through the EEH
callbacks of the AFU pci device.
Co-authored-by: Frederic Barrat <fbarrat@linux.vnet.ibm.com>
Signed-off-by: Frederic Barrat <fbarrat@linux.vnet.ibm.com>
Signed-off-by: Christophe Lombard <clombard@linux.vnet.ibm.com>
Reviewed-by: Manoj Kumar <manoj@linux.vnet.ibm.com>
Acked-by: Ian Munsie <imunsie@au1.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Like on bare-metal, the cxl driver creates a virtual PHB and a pci
device for the AFU. The configuration space of the device is mapped to
the configuration record of the AFU.
Reuse the code defined in afu_cr_read8|16|32() when reading the
configuration space of the AFU device.
Even though the (virtual) AFU device is a pci device, the adapter is
not. So a driver using the cxl kernel API cannot read the VPD of the
adapter through the usual PCI interface. Therefore, we add a call to
the cxl kernel API:
ssize_t cxl_read_adapter_vpd(struct pci_dev *dev, void *buf, size_t count);
Co-authored-by: Christophe Lombard <clombard@linux.vnet.ibm.com>
Signed-off-by: Frederic Barrat <fbarrat@linux.vnet.ibm.com>
Signed-off-by: Christophe Lombard <clombard@linux.vnet.ibm.com>
Reviewed-by: Manoj Kumar <manoj@linux.vnet.ibm.com>
Acked-by: Ian Munsie <imunsie@au1.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
The new flash.c file contains the logic to flash a new image on the
adapter, through a hcall. It is an iterative process, with chunks of
data of 1M at a time. There are also 2 phases: write and verify. The
flash operation itself is driven from a user-land tool.
Once flashing is successful, an rtas call is made to update the device
tree with the new properties values for the adapter and the AFU(s)
Add a new char device for the adapter, so that the flash tool can
access the card, even if there is no valid AFU on it.
Co-authored-by: Frederic Barrat <fbarrat@linux.vnet.ibm.com>
Signed-off-by: Frederic Barrat <fbarrat@linux.vnet.ibm.com>
Signed-off-by: Christophe Lombard <clombard@linux.vnet.ibm.com>
Reviewed-by: Manoj Kumar <manoj@linux.vnet.ibm.com>
Acked-by: Ian Munsie <imunsie@au1.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
The new of.c file contains code to parse the device tree to find out
about cxl adapters and AFUs.
guest.c implements the guest-specific callbacks for the backend API.
The process element ID is not known until the context is attached, so
we have to separate the context ID assigned by the cxl driver from the
process element ID visible to the user applications. In bare-metal,
the 2 IDs match.
Co-authored-by: Frederic Barrat <fbarrat@linux.vnet.ibm.com>
Signed-off-by: Frederic Barrat <fbarrat@linux.vnet.ibm.com>
Signed-off-by: Christophe Lombard <clombard@linux.vnet.ibm.com>
Reviewed-by: Manoj Kumar <manoj@linux.vnet.ibm.com>
Acked-by: Ian Munsie <imunsie@au1.ibm.com>
[mpe: Fix SMP=n build, fix PSERIES=n build, minor whitespace fixes]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
The hypervisor calls provide an interface with a coherent platform
facility and function. It matches version 0.16 of the 'PAPR changes'
document.
The following hcalls are supported:
H_ATTACH_CA_PROCESS Attach a process element to a coherent platform
function.
H_DETACH_CA_PROCESS Detach a process element from a coherent
platform function.
H_CONTROL_CA_FUNCTION Allow the partition to manipulate or query
certain coherent platform function behaviors.
H_COLLECT_CA_INT_INFO Collect interrupt info about a coherent.
platform function after an interrupt occurred
H_CONTROL_CA_FAULTS Control the operation of a coherent platform
function after a fault occurs.
H_DOWNLOAD_CA_FACILITY Support for downloading a base adapter image to
the coherent platform facility, and for
validating the entire image after the download.
H_CONTROL_CA_FACILITY Allow the partition to manipulate or query
certain coherent platform facility behaviors.
Co-authored-by: Frederic Barrat <fbarrat@linux.vnet.ibm.com>
Signed-off-by: Frederic Barrat <fbarrat@linux.vnet.ibm.com>
Signed-off-by: Christophe Lombard <clombard@linux.vnet.ibm.com>
Reviewed-by: Manoj Kumar <manoj@linux.vnet.ibm.com>
Acked-by: Ian Munsie <imunsie@au1.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
The PSL interrupt cannot be multiplexed in a guest, as it is not
supported by the hypervisor. So an interrupt will be allocated
for it for each context. It will still be the first interrupt found in
the first interrupt range, but is treated almost like any other AFU
interrupt when creating/deleting the context. Only the handler is
different. Rework the code so that the range 0 is treated like the
other ranges.
Co-authored-by: Christophe Lombard <clombard@linux.vnet.ibm.com>
Signed-off-by: Frederic Barrat <fbarrat@linux.vnet.ibm.com>
Signed-off-by: Christophe Lombard <clombard@linux.vnet.ibm.com>
Reviewed-by: Manoj Kumar <manoj@linux.vnet.ibm.com>
Acked-by: Ian Munsie <imunsie@au1.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Rename a few functions, changing the 'cxl_' prefix to either
'cxl_pci_' or 'cxl_native_', to make clear that the implementation is
bare-metal specific.
Those functions will have an equivalent implementation for a guest in
a later patch.
Co-authored-by: Christophe Lombard <clombard@linux.vnet.ibm.com>
Signed-off-by: Frederic Barrat <fbarrat@linux.vnet.ibm.com>
Signed-off-by: Christophe Lombard <clombard@linux.vnet.ibm.com>
Reviewed-by: Manoj Kumar <manoj@linux.vnet.ibm.com>
Acked-by: Ian Munsie <imunsie@au1.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
The backend API (in cxl.h) lists some low-level functions whose
implementation is different on bare-metal and in a guest. Each
environment implements its own functions, and the common code uses
them through function pointers, defined in cxl_backend_ops
Co-authored-by: Christophe Lombard <clombard@linux.vnet.ibm.com>
Signed-off-by: Frederic Barrat <fbarrat@linux.vnet.ibm.com>
Signed-off-by: Christophe Lombard <clombard@linux.vnet.ibm.com>
Reviewed-by: Manoj Kumar <manoj@linux.vnet.ibm.com>
Acked-by: Ian Munsie <imunsie@au1.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
CXL kernel API was defining the process problem state area during
context initialization, making it possible to map the problem state
area before attaching the context. This won't work on a powerVM
guest. So force the logical behavior, like in userspace: attach first,
then map the problem state area.
Remove calls to cxl_assign_psn_space during init. The function is
already called on the attach paths.
Co-authored-by: Christophe Lombard <clombard@linux.vnet.ibm.com>
Signed-off-by: Frederic Barrat <fbarrat@linux.vnet.ibm.com>
Signed-off-by: Christophe Lombard <clombard@linux.vnet.ibm.com>
Reviewed-by: Manoj Kumar <manoj@linux.vnet.ibm.com>
Acked-by: Ian Munsie <imunsie@au1.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Move a few functions around to better separate code specific to
bare-metal environment from code which will be commonly used between
guest and bare-metal.
Code specific to bare-metal is meant to be in native.c or pci.c
only. It's basically anything which touches the card p1 registers,
some p2 registers not needed from a guest and the PCI interface.
Co-authored-by: Christophe Lombard <clombard@linux.vnet.ibm.com>
Signed-off-by: Frederic Barrat <fbarrat@linux.vnet.ibm.com>
Signed-off-by: Christophe Lombard <clombard@linux.vnet.ibm.com>
Reviewed-by: Manoj Kumar <manoj@linux.vnet.ibm.com>
Acked-by: Ian Munsie <imunsie@au1.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Pull powerpc fixes from Michael Ellerman:
- cxl: Fix PSL timebase synchronization detection from Frederic Barrat
- Fix oops when destroying hw_breakpoint event from Ravi Bangoria
- Avoid lbarx on e5500 from Scott Wood
* tag 'powerpc-4.5-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
powerpc/fsl-book3e: Avoid lbarx on e5500
powerpc/hw_breakpoint: Fix oops when destroying hw_breakpoint event
cxl: Fix PSL timebase synchronization detection
The error return err is not initialized for the case when pci_map_rom
fails and no ROM can me mapped. Fix this by setting ret to -ENODATA;
(this is the same error value that is returned if the ROM data is
successfully mapped but does not match the expected ROM signature.).
Issue found from static code analysis using CoverityScan.
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cpu_dai id always equals 0, can't distinguish the
different SSC. Use platform_device id to record
and distinguish the different SSC.
Signed-off-by: Songjun Wu <songjun.wu@atmel.com>
Signed-off-by: Nicolas Ferre <nicolas.ferre@atmel.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Add a regmap for accessing the EEPROM, and then use that with the
NVMEM framework. Enable backward compatibility in the NVMEM config
structure, so that the 'eeprom' file in sys is provided by the
framework.
Signed-off-by: Andrew Lunn <andrew@lunn.ch>
Acked-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Add a regmap for accessing the EEPROM, and then use that with the
NVMEM framework. Enable backwards compatibility in the NVMEM config,
so that the 'eeprom' file in sys is provided by the framework.
Signed-off-by: Andrew Lunn <andrew@lunn.ch>
Acked-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The setup() callback is not used by any in kernel code. Remove it.
Any new code which requires access to the eeprom can use the NVMEM
API.
Signed-off-by: Andrew Lunn <andrew@lunn.ch>
Acked-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Acked-by: Wolfram Sang <wsa@the-dreams.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Add a regmap for accessing the EEPROM, and then use that with the
NVMEM framework. Set the NVMEM config structure to enable backward, so
that the 'eeprom' file in sys is provided by the framework.
Signed-off-by: Andrew Lunn <andrew@lunn.ch>
Acked-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Tested-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Currently writing the attributes with "echo" will result in comparing:
"enabled\n" with "enabled\0" and attribute is always set to false.
Use the sysfs_streq() instead because it treats both NUL and
new-line-then-NUL as equivalent string terminations.
Signed-off-by: Dan Bogdan Nechita <dan.bogdan.nechita@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fix RDAC read back errors caused by a typo. Value must shift by 2.
Fixes: a4bd394956 ("drivers/misc/ad525x_dpot.c: new features")
Signed-off-by: Michael Hennerich <michael.hennerich@analog.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This improves the order of operations on the use-after-free tests to
try to make sure we've executed any available sanity-checking code,
and to report the poisoning that was found.
Signed-off-by: Kees Cook <keescook@chromium.org>
The current tests for read/write after free work on slab
allocated memory. Memory straight from the buddy allocator
may behave slightly differently and have a different set
of parameters to test. Add tests for those cases as well.
On a basic x86 boot:
# echo WRITE_BUDDY_AFTER_FREE > /sys/kernel/debug/provoke-crash/DIRECT
[ 22.291950] lkdtm: Performing direct entry WRITE_BUDDY_AFTER_FREE
[ 22.292983] lkdtm: Writing to the buddy page before free
[ 22.293950] lkdtm: Attempting bad write to the buddy page after free
# echo READ_BUDDY_AFTER_FREE > /sys/kernel/debug/provoke-crash/DIRECT
[ 32.375601] lkdtm: Performing direct entry READ_BUDDY_AFTER_FREE
[ 32.379896] lkdtm: Value in memory before free: 12345678
[ 32.383854] lkdtm: Attempting to read from freed memory
[ 32.389309] lkdtm: Buddy page was not poisoned
On x86 with CONFIG_DEBUG_PAGEALLOC and debug_pagealloc=on:
# echo WRITE_BUDDY_AFTER_FREE > /sys/kernel/debug/provoke-crash/DIRECT
[ 17.475533] lkdtm: Performing direct entry WRITE_BUDDY_AFTER_FREE
[ 17.477360] lkdtm: Writing to the buddy page before free
[ 17.479089] lkdtm: Attempting bad write to the buddy page after free
[ 17.480904] BUG: unable to handle kernel paging request at
ffff88000ebd8000
# echo READ_BUDDY_AFTER_FREE > /sys/kernel/debug/provoke-crash/DIRECT
[ 14.606433] lkdtm: Performing direct entry READ_BUDDY_AFTER_FREE
[ 14.607447] lkdtm: Value in memory before free: 12345678
[ 14.608161] lkdtm: Attempting to read from freed memory
[ 14.608860] BUG: unable to handle kernel paging request at
ffff88000eba3000
Note that arches without ARCH_SUPPORTS_DEBUG_PAGEALLOC may not
produce the same crash.
Signed-off-by: Laura Abbott <labbott@fedoraproject.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
The SLUB allocator may use the first word of a freed block to store the
freelist information. This may make it harder to test poisoning
features. Change the WRITE_AFTER_FREE test to better match what
the READ_AFTER_FREE test does and also print out a big more information.
Signed-off-by: Laura Abbott <labbott@fedoraproject.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
In a similar manner to WRITE_AFTER_FREE, add a READ_AFTER_FREE
test to test free poisoning features. Sample output when
no sanitization is present:
# echo READ_AFTER_FREE > /sys/kernel/debug/provoke-crash/DIRECT
[ 17.542473] lkdtm: Performing direct entry READ_AFTER_FREE
[ 17.543866] lkdtm: Value in memory before free: 12345678
[ 17.545212] lkdtm: Attempting bad read from freed memory
[ 17.546542] lkdtm: Memory was not poisoned
with slub_debug=P:
# echo READ_AFTER_FREE > /sys/kernel/debug/provoke-crash/DIRECT
[ 22.415531] lkdtm: Performing direct entry READ_AFTER_FREE
[ 22.416366] lkdtm: Value in memory before free: 12345678
[ 22.417137] lkdtm: Attempting bad read from freed memory
[ 22.417897] lkdtm: Memory correctly poisoned, calling BUG
Signed-off-by: Laura Abbott <labbott@fedoraproject.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
The PSL timebase synchronization is seemingly failing for
configuration not including VIRT_CPU_ACCOUNTING_NATIVE. The driver
shows the following trace in dmesg:
PSL: Timebase sync: giving up!
The PSL timebase register is actually syncing correctly, but the cxl
driver is not detecting it. Fix is to use the proper timebase-to-time
conversion.
Signed-off-by: Frederic Barrat <fbarrat@linux.vnet.ibm.com>
Cc: <stable@vger.kernel.org> # 4.3+
Acked-by: Michael Neuling <mikey@neuling.org>
Reviewed-by: Matthew R. Ochs <mrochs@linux.vnet.ibm.com>
Acked-by: Ian Munsie <imunsie@au1.ibm.com>
Reviewed-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
Reviewed-by: Vaibhav Jain <vaibhav@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
This resolves the merge issues and confusions people were having with
the goldfish drivers due to changes for them showing up in two different
trees.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
buf_idx type was changed to size_t, and few places
missed out to change the print format from %ld to %zu.
Use also uz for buf.size which is also of size_t
Fixes:
commit 56988f22e097 ("mei: fix possible integer overflow issue")'
Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Static checkers complain that the this is a potential array overflow.
We verify that it's not on the next line so this code is OK, but
static checker warnings are annoying.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Swap the printk and kfree() to avoid a use after free bug.
Fixes: 61e9c905df ('misc: mic: Enable VOP host side functionality')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
