1. 16 5月, 2019 3 次提交
  2. 15 5月, 2019 31 次提交
  3. 10 5月, 2019 6 次提交
    • G
      Linux 4.19.42 · 9c2556f4
      Greg Kroah-Hartman 提交于
      9c2556f4
    • W
      arm64: futex: Bound number of LDXR/STXR loops in FUTEX_WAKE_OP · 9ccdbde1
      Will Deacon 提交于
      commit 03110a5cb2161690ae5ac04994d47ed0cd6cef75 upstream.
      
      Our futex implementation makes use of LDXR/STXR loops to perform atomic
      updates to user memory from atomic context. This can lead to latency
      problems if we end up spinning around the LL/SC sequence at the expense
      of doing something useful.
      
      Rework our futex atomic operations so that we return -EAGAIN if we fail
      to update the futex word after 128 attempts. The core futex code will
      reschedule if necessary and we'll try again later.
      
      Cc: <stable@kernel.org>
      Fixes: 6170a974 ("arm64: Atomic operations")
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      9ccdbde1
    • W
      locking/futex: Allow low-level atomic operations to return -EAGAIN · 0f4ef8fb
      Will Deacon 提交于
      commit 6b4f4bc9cb22875f97023984a625386f0c7cc1c0 upstream.
      
      Some futex() operations, including FUTEX_WAKE_OP, require the kernel to
      perform an atomic read-modify-write of the futex word via the userspace
      mapping. These operations are implemented by each architecture in
      arch_futex_atomic_op_inuser() and futex_atomic_cmpxchg_inatomic(), which
      are called in atomic context with the relevant hash bucket locks held.
      
      Although these routines may return -EFAULT in response to a page fault
      generated when accessing userspace, they are expected to succeed (i.e.
      return 0) in all other cases. This poses a problem for architectures
      that do not provide bounded forward progress guarantees or fairness of
      contended atomic operations and can lead to starvation in some cases.
      
      In these problematic scenarios, we must return back to the core futex
      code so that we can drop the hash bucket locks and reschedule if
      necessary, much like we do in the case of a page fault.
      
      Allow architectures to return -EAGAIN from their implementations of
      arch_futex_atomic_op_inuser() and futex_atomic_cmpxchg_inatomic(), which
      will cause the core futex code to reschedule if necessary and return
      back to the architecture code later on.
      
      Cc: <stable@kernel.org>
      Acked-by: NPeter Zijlstra (Intel) <peterz@infradead.org>
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      0f4ef8fb
    • R
      ASoC: Intel: avoid Oops if DMA setup fails · 6fee3987
      Ross Zwisler 提交于
      commit 0efa3334d65b7f421ba12382dfa58f6ff5bf83c4 upstream.
      
      Currently in sst_dsp_new() if we get an error return from sst_dma_new()
      we just print an error message and then still complete the function
      successfully.  This means that we are trying to run without sst->dma
      properly set up, which will result in NULL pointer dereference when
      sst->dma is later used.  This was happening for me in
      sst_dsp_dma_get_channel():
      
              struct sst_dma *dma = dsp->dma;
      	...
              dma->ch = dma_request_channel(mask, dma_chan_filter, dsp);
      
      This resulted in:
      
         BUG: unable to handle kernel NULL pointer dereference at 0000000000000018
         IP: sst_dsp_dma_get_channel+0x4f/0x125 [snd_soc_sst_firmware]
      
      Fix this by adding proper error handling for the case where we fail to
      set up DMA.
      
      This change only affects Haswell and Broadwell systems.  Baytrail
      systems explicilty opt-out of DMA via sst->pdata->resindex_dma_base
      being set to -1.
      Signed-off-by: NRoss Zwisler <zwisler@google.com>
      Cc: stable@vger.kernel.org
      Acked-by: NPierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
      Signed-off-by: NMark Brown <broonie@kernel.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      6fee3987
    • O
      UAS: fix alignment of scatter/gather segments · c3b3955f
      Oliver Neukum 提交于
      commit 3ae62a42090f1ed48e2313ed256a1182a85fb575 upstream.
      
      This is the UAS version of
      
      747668dbc061b3e62bc1982767a3a1f9815fcf0e
      usb-storage: Set virt_boundary_mask to avoid SG overflows
      
      We are not as likely to be vulnerable as storage, as it is unlikelier
      that UAS is run over a controller without native support for SG,
      but the issue exists.
      The issue has been existing since the inception of the driver.
      
      Fixes: 115bb1ff ("USB: Add UAS driver")
      Signed-off-by: NOliver Neukum <oneukum@suse.com>
      Cc: stable <stable@vger.kernel.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      c3b3955f
    • M
      Bluetooth: Align minimum encryption key size for LE and BR/EDR connections · 38f092c4
      Marcel Holtmann 提交于
      commit d5bb334a8e171b262e48f378bd2096c0ea458265 upstream.
      
      The minimum encryption key size for LE connections is 56 bits and to
      align LE with BR/EDR, enforce 56 bits of minimum encryption key size for
      BR/EDR connections as well.
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      38f092c4