<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/drivers/char/ipmi, branch v4.14.44</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>ipmi/powernv: Fix error return code in ipmi_powernv_probe()</title>
<updated>2018-04-26T09:02:08+00:00</updated>
<author>
<name>Wei Yongjun</name>
<email>weiyongjun1@huawei.com</email>
</author>
<published>2018-01-18T01:43:19+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=fb5d97a19fc39d9fd5238af989a45cc56b4c2b9a'/>
<id>fb5d97a19fc39d9fd5238af989a45cc56b4c2b9a</id>
<content type='text'>
[ Upstream commit e749d328b0b450aa78d562fa26a0cd8872325dd9 ]

Fix to return a negative error code from the request_irq() error
handling case instead of 0, as done elsewhere in this function.

Fixes: dce143c3381c ("ipmi/powernv: Convert to irq event interface")
Signed-off-by: Wei Yongjun &lt;weiyongjun1@huawei.com&gt;
Reviewed-by: Alexey Kardashevskiy &lt;aik@ozlabs.ru&gt;
Signed-off-by: Corey Minyard &lt;cminyard@mvista.com&gt;
Signed-off-by: Sasha Levin &lt;alexander.levin@microsoft.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit e749d328b0b450aa78d562fa26a0cd8872325dd9 ]

Fix to return a negative error code from the request_irq() error
handling case instead of 0, as done elsewhere in this function.

Fixes: dce143c3381c ("ipmi/powernv: Convert to irq event interface")
Signed-off-by: Wei Yongjun &lt;weiyongjun1@huawei.com&gt;
Reviewed-by: Alexey Kardashevskiy &lt;aik@ozlabs.ru&gt;
Signed-off-by: Corey Minyard &lt;cminyard@mvista.com&gt;
Signed-off-by: Sasha Levin &lt;alexander.levin@microsoft.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ipmi: use dynamic memory for DMI driver override</title>
<updated>2018-02-16T19:23:06+00:00</updated>
<author>
<name>John Garry</name>
<email>john.garry@huawei.com</email>
</author>
<published>2018-01-17T16:36:57+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=765ae618ad9f106f6231570f29d0d5be3b56d269'/>
<id>765ae618ad9f106f6231570f29d0d5be3b56d269</id>
<content type='text'>
commit 5516e21a1e95e9b9f39985598431a25477d91643 upstream.

Currently a crash can be seen if we reach the "err"
label in dmi_add_platform_ipmi(), calling
platform_device_put(), like here:
[    7.270584]  (null): ipmi:dmi: Unable to add resources: -16
[    7.330229] ------------[ cut here ]------------
[    7.334889] kernel BUG at mm/slub.c:3894!
[    7.338936] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
[    7.344475] Modules linked in:
[    7.347556] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 4.15.0-rc2-00004-gbe9cb7b-dirty #114
[    7.355907] Hardware name: Huawei Taishan 2280 /D05, BIOS Hisilicon D05 IT17 Nemo 2.0 RC0 11/29/2017
[    7.365137] task: 00000000c211f6d3 task.stack: 00000000f276e9af
[    7.371116] pstate: 60000005 (nZCv daif -PAN -UAO)
[    7.375957] pc : kfree+0x194/0x1b4
[    7.379389] lr : platform_device_release+0xcc/0xd8
[    7.384225] sp : ffff0000092dba90
[    7.387567] x29: ffff0000092dba90 x28: ffff000008a83000
[    7.392933] x27: ffff0000092dbc10 x26: 00000000000000e6
[    7.398297] x25: 0000000000000003 x24: ffff0000085b51e8
[    7.403662] x23: 0000000000000100 x22: ffff7e0000234cc0
[    7.409027] x21: ffff000008af3660 x20: ffff8017d21acc10
[    7.414392] x19: ffff8017d21acc00 x18: 0000000000000002
[    7.419757] x17: 0000000000000001 x16: 0000000000000008
[    7.425121] x15: 0000000000000001 x14: 6666666678303d65
[    7.430486] x13: 6469727265766f5f x12: 7265766972642e76
[    7.435850] x11: 6564703e2d617020 x10: 6530326435373638
[    7.441215] x9 : 3030303030303030 x8 : 3d76656420657361
[    7.446580] x7 : ffff000008f59df8 x6 : ffff8017fbe0ea50
[    7.451945] x5 : 0000000000000000 x4 : 0000000000000000
[    7.457309] x3 : ffffffffffffffff x2 : 0000000000000000
[    7.462674] x1 : 0fffc00000000800 x0 : ffff7e0000234ce0
[    7.468039] Process swapper/0 (pid: 1, stack limit = 0x00000000f276e9af)
[    7.474809] Call trace:
[    7.477272]  kfree+0x194/0x1b4
[    7.480351]  platform_device_release+0xcc/0xd8
[    7.484837]  device_release+0x34/0x90
[    7.488531]  kobject_put+0x70/0xcc
[    7.491961]  put_device+0x14/0x1c
[    7.495304]  platform_device_put+0x14/0x1c
[    7.499439]  dmi_add_platform_ipmi+0x348/0x3ac
[    7.503923]  scan_for_dmi_ipmi+0xfc/0x10c
[    7.507970]  do_one_initcall+0x38/0x124
[    7.511840]  kernel_init_freeable+0x188/0x228
[    7.516238]  kernel_init+0x10/0x100
[    7.519756]  ret_from_fork+0x10/0x18
[    7.523362] Code: f94002c0 37780080 f94012c0 37000040 (d4210000)
[    7.529552] ---[ end trace 11750e4787deef9e ]---
[    7.534228] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
[    7.534228]

This is because when the device is released in
platform_device_release(), we try to free
pdev.driver_override. This is a const string, hence
the crash.
Fix by using dynamic memory for pdev-&gt;driver_override.

Signed-off-by: John Garry &lt;john.garry@huawei.com&gt;
[Removed the free of driver_override from ipmi_si_remove_by_dev().  The
 free is done in platform_device_release(), and would result in a double
 free, and ipmi_si_remove_by_dev() is called by non-platform devices.]
Signed-off-by: Corey Minyard &lt;cminyard@mvista.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 5516e21a1e95e9b9f39985598431a25477d91643 upstream.

Currently a crash can be seen if we reach the "err"
label in dmi_add_platform_ipmi(), calling
platform_device_put(), like here:
[    7.270584]  (null): ipmi:dmi: Unable to add resources: -16
[    7.330229] ------------[ cut here ]------------
[    7.334889] kernel BUG at mm/slub.c:3894!
[    7.338936] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
[    7.344475] Modules linked in:
[    7.347556] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 4.15.0-rc2-00004-gbe9cb7b-dirty #114
[    7.355907] Hardware name: Huawei Taishan 2280 /D05, BIOS Hisilicon D05 IT17 Nemo 2.0 RC0 11/29/2017
[    7.365137] task: 00000000c211f6d3 task.stack: 00000000f276e9af
[    7.371116] pstate: 60000005 (nZCv daif -PAN -UAO)
[    7.375957] pc : kfree+0x194/0x1b4
[    7.379389] lr : platform_device_release+0xcc/0xd8
[    7.384225] sp : ffff0000092dba90
[    7.387567] x29: ffff0000092dba90 x28: ffff000008a83000
[    7.392933] x27: ffff0000092dbc10 x26: 00000000000000e6
[    7.398297] x25: 0000000000000003 x24: ffff0000085b51e8
[    7.403662] x23: 0000000000000100 x22: ffff7e0000234cc0
[    7.409027] x21: ffff000008af3660 x20: ffff8017d21acc10
[    7.414392] x19: ffff8017d21acc00 x18: 0000000000000002
[    7.419757] x17: 0000000000000001 x16: 0000000000000008
[    7.425121] x15: 0000000000000001 x14: 6666666678303d65
[    7.430486] x13: 6469727265766f5f x12: 7265766972642e76
[    7.435850] x11: 6564703e2d617020 x10: 6530326435373638
[    7.441215] x9 : 3030303030303030 x8 : 3d76656420657361
[    7.446580] x7 : ffff000008f59df8 x6 : ffff8017fbe0ea50
[    7.451945] x5 : 0000000000000000 x4 : 0000000000000000
[    7.457309] x3 : ffffffffffffffff x2 : 0000000000000000
[    7.462674] x1 : 0fffc00000000800 x0 : ffff7e0000234ce0
[    7.468039] Process swapper/0 (pid: 1, stack limit = 0x00000000f276e9af)
[    7.474809] Call trace:
[    7.477272]  kfree+0x194/0x1b4
[    7.480351]  platform_device_release+0xcc/0xd8
[    7.484837]  device_release+0x34/0x90
[    7.488531]  kobject_put+0x70/0xcc
[    7.491961]  put_device+0x14/0x1c
[    7.495304]  platform_device_put+0x14/0x1c
[    7.499439]  dmi_add_platform_ipmi+0x348/0x3ac
[    7.503923]  scan_for_dmi_ipmi+0xfc/0x10c
[    7.507970]  do_one_initcall+0x38/0x124
[    7.511840]  kernel_init_freeable+0x188/0x228
[    7.516238]  kernel_init+0x10/0x100
[    7.519756]  ret_from_fork+0x10/0x18
[    7.523362] Code: f94002c0 37780080 f94012c0 37000040 (d4210000)
[    7.529552] ---[ end trace 11750e4787deef9e ]---
[    7.534228] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
[    7.534228]

This is because when the device is released in
platform_device_release(), we try to free
pdev.driver_override. This is a const string, hence
the crash.
Fix by using dynamic memory for pdev-&gt;driver_override.

Signed-off-by: John Garry &lt;john.garry@huawei.com&gt;
[Removed the free of driver_override from ipmi_si_remove_by_dev().  The
 free is done in platform_device_release(), and would result in a double
 free, and ipmi_si_remove_by_dev() is called by non-platform devices.]
Signed-off-by: Corey Minyard &lt;cminyard@mvista.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>Revert "ipmi_si: fix memory leak on new_smi"</title>
<updated>2017-12-29T16:53:49+00:00</updated>
<author>
<name>John Einar Reitan</name>
<email>john.einar@gmail.com</email>
</author>
<published>2017-12-23T23:03:44+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=af1eddcc176e36104f50abf32b14cb979385d9f6'/>
<id>af1eddcc176e36104f50abf32b14cb979385d9f6</id>
<content type='text'>
This reverts commit c97e41076a298dbc4e910c33048e553658388eed, which
incorrectly was taken from upstream c0a32fe13cd323ca9420500b16fd69589c9ba91e.

The referenced memory leak doesn't exist on the 4.14 stable branch as
the new logic of doing the kzalloc hasn't moved to this function.
By adding this kfree we actually end up doing double kfree as all callers of
smi_add does a kfree on error.

Sample with SLAB_FREELIST_HARDENED=y:

ipmi_si: Adding ACPI-specified kcs state machine
IPMI System Interface driver.
ipmi_si: probing via SPMI
ipmi_si: SPMI: io 0xca2 regsize 1 spacing 1 irq 0
(NULL device *): SPMI-specified kcs state machine: duplicate
------------[ cut here ]------------
kernel BUG at mm/slub.c:295!
invalid opcode: 0000 [#1] SMP
Modules linked in:
CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.14.8-gentoo-r1 #5
Hardware name: Supermicro X9SCL/X9SCM/X9SCL/X9SCM, BIOS 2.2 02/20/2015
task: ffff88080c208000 task.stack: ffffc90000020000
RIP: 0010:kfree+0xf5/0x157
RSP: 0000:ffffc90000023e58 EFLAGS: 00010246
RAX: ffff88080b2e6200 RBX: ffff88080b2e6200 RCX: ffff88080b2e6200
RDX: 000000000000008e RSI: ffff88082fc1cd60 RDI: ffff88080c003080
RBP: ffffc90000002808 R08: 000000000001cd60 R09: ffffffff814da10e
R10: ffffea00202cb980 R11: 000000000000005c R12: ffffffff814da10e
R13: 00000000ffffffed R14: ffffffff82317bd0 R15: 0000000000000003
FS:  0000000000000000(0000) GS:ffff88082fc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 0000000002e09001 CR4: 00000000001606f0
Call Trace:
 init_ipmi_si+0x493/0x5c7
 ? cleanup_ipmi_si+0x84/0x84
 ? set_debug_rodata+0xc/0xc
 ? kthread+0x4c/0x11c
 do_one_initcall+0x94/0x13d
 ? set_debug_rodata+0xc/0xc
 kernel_init_freeable+0x112/0x18e
 ? rest_init+0xa0/0xa0
 kernel_init+0x5/0xe1
 ret_from_fork+0x22/0x30
Code: 24 18 49 8b 7a 30 48 8b 37 65 48 8b 56 08 65 48 03 35 3a 29 e2 7e 4c 3b 56 10 75 39 48 8b 0e 48 63 47 20 48 01 d8 48 39 cb 75 02 &lt;0f&gt; 0b 49 89 c0 4c 33
 87 40 01 00 00 4c 31 c1 48 89 08 48 8d 4a
---[ end trace 4ac2e2c100842676 ]---

Signed-off-by: John Einar Reitan &lt;john.einar@gmail.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This reverts commit c97e41076a298dbc4e910c33048e553658388eed, which
incorrectly was taken from upstream c0a32fe13cd323ca9420500b16fd69589c9ba91e.

The referenced memory leak doesn't exist on the 4.14 stable branch as
the new logic of doing the kzalloc hasn't moved to this function.
By adding this kfree we actually end up doing double kfree as all callers of
smi_add does a kfree on error.

Sample with SLAB_FREELIST_HARDENED=y:

ipmi_si: Adding ACPI-specified kcs state machine
IPMI System Interface driver.
ipmi_si: probing via SPMI
ipmi_si: SPMI: io 0xca2 regsize 1 spacing 1 irq 0
(NULL device *): SPMI-specified kcs state machine: duplicate
------------[ cut here ]------------
kernel BUG at mm/slub.c:295!
invalid opcode: 0000 [#1] SMP
Modules linked in:
CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.14.8-gentoo-r1 #5
Hardware name: Supermicro X9SCL/X9SCM/X9SCL/X9SCM, BIOS 2.2 02/20/2015
task: ffff88080c208000 task.stack: ffffc90000020000
RIP: 0010:kfree+0xf5/0x157
RSP: 0000:ffffc90000023e58 EFLAGS: 00010246
RAX: ffff88080b2e6200 RBX: ffff88080b2e6200 RCX: ffff88080b2e6200
RDX: 000000000000008e RSI: ffff88082fc1cd60 RDI: ffff88080c003080
RBP: ffffc90000002808 R08: 000000000001cd60 R09: ffffffff814da10e
R10: ffffea00202cb980 R11: 000000000000005c R12: ffffffff814da10e
R13: 00000000ffffffed R14: ffffffff82317bd0 R15: 0000000000000003
FS:  0000000000000000(0000) GS:ffff88082fc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 0000000002e09001 CR4: 00000000001606f0
Call Trace:
 init_ipmi_si+0x493/0x5c7
 ? cleanup_ipmi_si+0x84/0x84
 ? set_debug_rodata+0xc/0xc
 ? kthread+0x4c/0x11c
 do_one_initcall+0x94/0x13d
 ? set_debug_rodata+0xc/0xc
 kernel_init_freeable+0x112/0x18e
 ? rest_init+0xa0/0xa0
 kernel_init+0x5/0xe1
 ret_from_fork+0x22/0x30
Code: 24 18 49 8b 7a 30 48 8b 37 65 48 8b 56 08 65 48 03 35 3a 29 e2 7e 4c 3b 56 10 75 39 48 8b 0e 48 63 47 20 48 01 d8 48 39 cb 75 02 &lt;0f&gt; 0b 49 89 c0 4c 33
 87 40 01 00 00 4c 31 c1 48 89 08 48 8d 4a
---[ end trace 4ac2e2c100842676 ]---

Signed-off-by: John Einar Reitan &lt;john.einar@gmail.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ipmi_si: fix memory leak on new_smi</title>
<updated>2017-12-20T09:10:35+00:00</updated>
<author>
<name>Colin Ian King</name>
<email>colin.king@canonical.com</email>
</author>
<published>2017-10-17T15:54:52+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=c97e41076a298dbc4e910c33048e553658388eed'/>
<id>c97e41076a298dbc4e910c33048e553658388eed</id>
<content type='text'>
[ Upstream commit c0a32fe13cd323ca9420500b16fd69589c9ba91e ]

The error exit path omits kfree'ing the allocated new_smi, causing a memory
leak.  Fix this by kfree'ing new_smi.

Detected by CoverityScan, CID#14582571 ("Resource Leak")

Fixes: 7e030d6dff71 ("ipmi: Prefer ACPI system interfaces over SMBIOS ones")
Signed-off-by: Colin Ian King &lt;colin.king@canonical.com&gt;
Signed-off-by: Corey Minyard &lt;cminyard@mvista.com&gt;
Signed-off-by: Sasha Levin &lt;alexander.levin@verizon.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit c0a32fe13cd323ca9420500b16fd69589c9ba91e ]

The error exit path omits kfree'ing the allocated new_smi, causing a memory
leak.  Fix this by kfree'ing new_smi.

Detected by CoverityScan, CID#14582571 ("Resource Leak")

Fixes: 7e030d6dff71 ("ipmi: Prefer ACPI system interfaces over SMBIOS ones")
Signed-off-by: Colin Ian King &lt;colin.king@canonical.com&gt;
Signed-off-by: Corey Minyard &lt;cminyard@mvista.com&gt;
Signed-off-by: Sasha Levin &lt;alexander.levin@verizon.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ipmi: Stop timers before cleaning up the module</title>
<updated>2017-12-17T14:07:59+00:00</updated>
<author>
<name>Masamitsu Yamazaki</name>
<email>m-yamazaki@ah.jp.nec.com</email>
</author>
<published>2017-11-15T07:33:14+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=7a33cd0ef9dda4692cb15fb37eb2e5ab0ef19609'/>
<id>7a33cd0ef9dda4692cb15fb37eb2e5ab0ef19609</id>
<content type='text'>
commit 4f7f5551a760eb0124267be65763008169db7087 upstream.

System may crash after unloading ipmi_si.ko module
because a timer may remain and fire after the module cleaned up resources.

cleanup_one_si() contains the following processing.

        /*
         * Make sure that interrupts, the timer and the thread are
         * stopped and will not run again.
         */
        if (to_clean-&gt;irq_cleanup)
                to_clean-&gt;irq_cleanup(to_clean);
        wait_for_timer_and_thread(to_clean);

        /*
         * Timeouts are stopped, now make sure the interrupts are off
         * in the BMC.  Note that timers and CPU interrupts are off,
         * so no need for locks.
         */
        while (to_clean-&gt;curr_msg || (to_clean-&gt;si_state != SI_NORMAL)) {
                poll(to_clean);
                schedule_timeout_uninterruptible(1);
        }

si_state changes as following in the while loop calling poll(to_clean).

  SI_GETTING_MESSAGES
    =&gt; SI_CHECKING_ENABLES
     =&gt; SI_SETTING_ENABLES
      =&gt; SI_GETTING_EVENTS
       =&gt; SI_NORMAL

As written in the code comments above,
timers are expected to stop before the polling loop and not to run again.
But the timer is set again in the following process
when si_state becomes SI_SETTING_ENABLES.

  =&gt; poll
     =&gt; smi_event_handler
       =&gt; handle_transaction_done
          // smi_info-&gt;si_state == SI_SETTING_ENABLES
         =&gt; start_getting_events
           =&gt; start_new_msg
            =&gt; smi_mod_timer
              =&gt; mod_timer

As a result, before the timer set in start_new_msg() expires,
the polling loop may see si_state becoming SI_NORMAL
and the module clean-up finishes.

For example, hard LOCKUP and panic occurred as following.
smi_timeout was called after smi_event_handler,
kcs_event and hangs at port_inb()
trying to access I/O port after release.

    [exception RIP: port_inb+19]
    RIP: ffffffffc0473053  RSP: ffff88069fdc3d80  RFLAGS: 00000006
    RAX: ffff8806800f8e00  RBX: ffff880682bd9400  RCX: 0000000000000000
    RDX: 0000000000000ca3  RSI: 0000000000000ca3  RDI: ffff8806800f8e40
    RBP: ffff88069fdc3d80   R8: ffffffff81d86dfc   R9: ffffffff81e36426
    R10: 00000000000509f0  R11: 0000000000100000  R12: 0000000000]:000000
    R13: 0000000000000000  R14: 0000000000000246  R15: ffff8806800f8e00
    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0000
 --- &lt;NMI exception stack&gt; ---

To fix the problem I defined a flag, timer_can_start,
as member of struct smi_info.
The flag is enabled immediately after initializing the timer
and disabled immediately before waiting for timer deletion.

Fixes: 0cfec916e86d ("ipmi: Start the timer and thread on internal msgs")
Signed-off-by: Yamazaki Masamitsu &lt;m-yamazaki@ah.jp.nec.com&gt;
[Some fairly major changes went into the IPMI driver in 4.15, so this
 required a backport as the code had changed and moved to a different
 file.]
Signed-off-by: Corey Minyard &lt;cminyard@mvista.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 4f7f5551a760eb0124267be65763008169db7087 upstream.

System may crash after unloading ipmi_si.ko module
because a timer may remain and fire after the module cleaned up resources.

cleanup_one_si() contains the following processing.

        /*
         * Make sure that interrupts, the timer and the thread are
         * stopped and will not run again.
         */
        if (to_clean-&gt;irq_cleanup)
                to_clean-&gt;irq_cleanup(to_clean);
        wait_for_timer_and_thread(to_clean);

        /*
         * Timeouts are stopped, now make sure the interrupts are off
         * in the BMC.  Note that timers and CPU interrupts are off,
         * so no need for locks.
         */
        while (to_clean-&gt;curr_msg || (to_clean-&gt;si_state != SI_NORMAL)) {
                poll(to_clean);
                schedule_timeout_uninterruptible(1);
        }

si_state changes as following in the while loop calling poll(to_clean).

  SI_GETTING_MESSAGES
    =&gt; SI_CHECKING_ENABLES
     =&gt; SI_SETTING_ENABLES
      =&gt; SI_GETTING_EVENTS
       =&gt; SI_NORMAL

As written in the code comments above,
timers are expected to stop before the polling loop and not to run again.
But the timer is set again in the following process
when si_state becomes SI_SETTING_ENABLES.

  =&gt; poll
     =&gt; smi_event_handler
       =&gt; handle_transaction_done
          // smi_info-&gt;si_state == SI_SETTING_ENABLES
         =&gt; start_getting_events
           =&gt; start_new_msg
            =&gt; smi_mod_timer
              =&gt; mod_timer

As a result, before the timer set in start_new_msg() expires,
the polling loop may see si_state becoming SI_NORMAL
and the module clean-up finishes.

For example, hard LOCKUP and panic occurred as following.
smi_timeout was called after smi_event_handler,
kcs_event and hangs at port_inb()
trying to access I/O port after release.

    [exception RIP: port_inb+19]
    RIP: ffffffffc0473053  RSP: ffff88069fdc3d80  RFLAGS: 00000006
    RAX: ffff8806800f8e00  RBX: ffff880682bd9400  RCX: 0000000000000000
    RDX: 0000000000000ca3  RSI: 0000000000000ca3  RDI: ffff8806800f8e40
    RBP: ffff88069fdc3d80   R8: ffffffff81d86dfc   R9: ffffffff81e36426
    R10: 00000000000509f0  R11: 0000000000100000  R12: 0000000000]:000000
    R13: 0000000000000000  R14: 0000000000000246  R15: ffff8806800f8e00
    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0000
 --- &lt;NMI exception stack&gt; ---

To fix the problem I defined a flag, timer_can_start,
as member of struct smi_info.
The flag is enabled immediately after initializing the timer
and disabled immediately before waiting for timer deletion.

Fixes: 0cfec916e86d ("ipmi: Start the timer and thread on internal msgs")
Signed-off-by: Yamazaki Masamitsu &lt;m-yamazaki@ah.jp.nec.com&gt;
[Some fairly major changes went into the IPMI driver in 4.15, so this
 required a backport as the code had changed and moved to a different
 file.]
Signed-off-by: Corey Minyard &lt;cminyard@mvista.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>ipmi: Prefer ACPI system interfaces over SMBIOS ones</title>
<updated>2017-11-24T07:37:05+00:00</updated>
<author>
<name>Corey Minyard</name>
<email>cminyard@mvista.com</email>
</author>
<published>2017-09-08T19:05:58+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=8d8564fce80dfafa8e90c345161aff734d9730cd'/>
<id>8d8564fce80dfafa8e90c345161aff734d9730cd</id>
<content type='text'>
commit 7e030d6dff713250c7dcfb543cad2addaf479b0e upstream.

The recent changes to add SMBIOS (DMI) IPMI interfaces as platform
devices caused DMI to be selected before ACPI, causing ACPI type
of operations to not work.

Signed-off-by: Corey Minyard &lt;cminyard@mvista.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 7e030d6dff713250c7dcfb543cad2addaf479b0e upstream.

The recent changes to add SMBIOS (DMI) IPMI interfaces as platform
devices caused DMI to be selected before ACPI, causing ACPI type
of operations to not work.

Signed-off-by: Corey Minyard &lt;cminyard@mvista.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>ipmi: fix unsigned long underflow</title>
<updated>2017-11-24T07:37:04+00:00</updated>
<author>
<name>Corey Minyard</name>
<email>cminyard@mvista.com</email>
</author>
<published>2017-07-30T02:14:55+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=3a46857604044d129dd7ac35f913c50627d37c4e'/>
<id>3a46857604044d129dd7ac35f913c50627d37c4e</id>
<content type='text'>
commit 392a17b10ec4320d3c0e96e2a23ebaad1123b989 upstream.

When I set the timeout to a specific value such as 500ms, the timeout
event will not happen in time due to the overflow in function
check_msg_timeout:
...
	ent-&gt;timeout -= timeout_period;
	if (ent-&gt;timeout &gt; 0)
		return;
...

The type of timeout_period is long, but ent-&gt;timeout is unsigned long.
This patch makes the type consistent.

Reported-by: Weilong Chen &lt;chenweilong@huawei.com&gt;
Signed-off-by: Corey Minyard &lt;cminyard@mvista.com&gt;
Tested-by: Weilong Chen &lt;chenweilong@huawei.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 392a17b10ec4320d3c0e96e2a23ebaad1123b989 upstream.

When I set the timeout to a specific value such as 500ms, the timeout
event will not happen in time due to the overflow in function
check_msg_timeout:
...
	ent-&gt;timeout -= timeout_period;
	if (ent-&gt;timeout &gt; 0)
		return;
...

The type of timeout_period is long, but ent-&gt;timeout is unsigned long.
This patch makes the type consistent.

Reported-by: Weilong Chen &lt;chenweilong@huawei.com&gt;
Signed-off-by: Corey Minyard &lt;cminyard@mvista.com&gt;
Tested-by: Weilong Chen &lt;chenweilong@huawei.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>License cleanup: add SPDX GPL-2.0 license identifier to files with no license</title>
<updated>2017-11-02T10:10:55+00:00</updated>
<author>
<name>Greg Kroah-Hartman</name>
<email>gregkh@linuxfoundation.org</email>
</author>
<published>2017-11-01T14:07:57+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=b24413180f5600bcb3bb70fbed5cf186b60864bd'/>
<id>b24413180f5600bcb3bb70fbed5cf186b60864bd</id>
<content type='text'>
Many source files in the tree are missing licensing information, which
makes it harder for compliance tools to determine the correct license.

By default all files without license information are under the default
license of the kernel, which is GPL version 2.

Update the files which contain no license information with the 'GPL-2.0'
SPDX license identifier.  The SPDX identifier is a legally binding
shorthand, which can be used instead of the full boiler plate text.

This patch is based on work done by Thomas Gleixner and Kate Stewart and
Philippe Ombredanne.

How this work was done:

Patches were generated and checked against linux-4.14-rc6 for a subset of
the use cases:
 - file had no licensing information it it.
 - file was a */uapi/* one with no licensing information in it,
 - file was a */uapi/* one with existing licensing information,

Further patches will be generated in subsequent months to fix up cases
where non-standard license headers were used, and references to license
had to be inferred by heuristics based on keywords.

The analysis to determine which SPDX License Identifier to be applied to
a file was done in a spreadsheet of side by side results from of the
output of two independent scanners (ScanCode &amp; Windriver) producing SPDX
tag:value files created by Philippe Ombredanne.  Philippe prepared the
base worksheet, and did an initial spot review of a few 1000 files.

The 4.13 kernel was the starting point of the analysis with 60,537 files
assessed.  Kate Stewart did a file by file comparison of the scanner
results in the spreadsheet to determine which SPDX license identifier(s)
to be applied to the file. She confirmed any determination that was not
immediately clear with lawyers working with the Linux Foundation.

Criteria used to select files for SPDX license identifier tagging was:
 - Files considered eligible had to be source code files.
 - Make and config files were included as candidates if they contained &gt;5
   lines of source
 - File already had some variant of a license header in it (even if &lt;5
   lines).

All documentation files were explicitly excluded.

The following heuristics were used to determine which SPDX license
identifiers to apply.

 - when both scanners couldn't find any license traces, file was
   considered to have no license information in it, and the top level
   COPYING file license applied.

   For non */uapi/* files that summary was:

   SPDX license identifier                            # files
   ---------------------------------------------------|-------
   GPL-2.0                                              11139

   and resulted in the first patch in this series.

   If that file was a */uapi/* path one, it was "GPL-2.0 WITH
   Linux-syscall-note" otherwise it was "GPL-2.0".  Results of that was:

   SPDX license identifier                            # files
   ---------------------------------------------------|-------
   GPL-2.0 WITH Linux-syscall-note                        930

   and resulted in the second patch in this series.

 - if a file had some form of licensing information in it, and was one
   of the */uapi/* ones, it was denoted with the Linux-syscall-note if
   any GPL family license was found in the file or had no licensing in
   it (per prior point).  Results summary:

   SPDX license identifier                            # files
   ---------------------------------------------------|------
   GPL-2.0 WITH Linux-syscall-note                       270
   GPL-2.0+ WITH Linux-syscall-note                      169
   ((GPL-2.0 WITH Linux-syscall-note) OR BSD-2-Clause)    21
   ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause)    17
   LGPL-2.1+ WITH Linux-syscall-note                      15
   GPL-1.0+ WITH Linux-syscall-note                       14
   ((GPL-2.0+ WITH Linux-syscall-note) OR BSD-3-Clause)    5
   LGPL-2.0+ WITH Linux-syscall-note                       4
   LGPL-2.1 WITH Linux-syscall-note                        3
   ((GPL-2.0 WITH Linux-syscall-note) OR MIT)              3
   ((GPL-2.0 WITH Linux-syscall-note) AND MIT)             1

   and that resulted in the third patch in this series.

 - when the two scanners agreed on the detected license(s), that became
   the concluded license(s).

 - when there was disagreement between the two scanners (one detected a
   license but the other didn't, or they both detected different
   licenses) a manual inspection of the file occurred.

 - In most cases a manual inspection of the information in the file
   resulted in a clear resolution of the license that should apply (and
   which scanner probably needed to revisit its heuristics).

 - When it was not immediately clear, the license identifier was
   confirmed with lawyers working with the Linux Foundation.

 - If there was any question as to the appropriate license identifier,
   the file was flagged for further research and to be revisited later
   in time.

In total, over 70 hours of logged manual review was done on the
spreadsheet to determine the SPDX license identifiers to apply to the
source files by Kate, Philippe, Thomas and, in some cases, confirmation
by lawyers working with the Linux Foundation.

Kate also obtained a third independent scan of the 4.13 code base from
FOSSology, and compared selected files where the other two scanners
disagreed against that SPDX file, to see if there was new insights.  The
Windriver scanner is based on an older version of FOSSology in part, so
they are related.

Thomas did random spot checks in about 500 files from the spreadsheets
for the uapi headers and agreed with SPDX license identifier in the
files he inspected. For the non-uapi files Thomas did random spot checks
in about 15000 files.

In initial set of patches against 4.14-rc6, 3 files were found to have
copy/paste license identifier errors, and have been fixed to reflect the
correct identifier.

Additionally Philippe spent 10 hours this week doing a detailed manual
inspection and review of the 12,461 patched files from the initial patch
version early this week with:
 - a full scancode scan run, collecting the matched texts, detected
   license ids and scores
 - reviewing anything where there was a license detected (about 500+
   files) to ensure that the applied SPDX license was correct
 - reviewing anything where there was no detection but the patch license
   was not GPL-2.0 WITH Linux-syscall-note to ensure that the applied
   SPDX license was correct

This produced a worksheet with 20 files needing minor correction.  This
worksheet was then exported into 3 different .csv files for the
different types of files to be modified.

These .csv files were then reviewed by Greg.  Thomas wrote a script to
parse the csv files and add the proper SPDX tag to the file, in the
format that the file expected.  This script was further refined by Greg
based on the output to detect more types of files automatically and to
distinguish between header and source .c files (which need different
comment types.)  Finally Greg ran the script using the .csv files to
generate the patches.

Reviewed-by: Kate Stewart &lt;kstewart@linuxfoundation.org&gt;
Reviewed-by: Philippe Ombredanne &lt;pombredanne@nexb.com&gt;
Reviewed-by: Thomas Gleixner &lt;tglx@linutronix.de&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Many source files in the tree are missing licensing information, which
makes it harder for compliance tools to determine the correct license.

By default all files without license information are under the default
license of the kernel, which is GPL version 2.

Update the files which contain no license information with the 'GPL-2.0'
SPDX license identifier.  The SPDX identifier is a legally binding
shorthand, which can be used instead of the full boiler plate text.

This patch is based on work done by Thomas Gleixner and Kate Stewart and
Philippe Ombredanne.

How this work was done:

Patches were generated and checked against linux-4.14-rc6 for a subset of
the use cases:
 - file had no licensing information it it.
 - file was a */uapi/* one with no licensing information in it,
 - file was a */uapi/* one with existing licensing information,

Further patches will be generated in subsequent months to fix up cases
where non-standard license headers were used, and references to license
had to be inferred by heuristics based on keywords.

The analysis to determine which SPDX License Identifier to be applied to
a file was done in a spreadsheet of side by side results from of the
output of two independent scanners (ScanCode &amp; Windriver) producing SPDX
tag:value files created by Philippe Ombredanne.  Philippe prepared the
base worksheet, and did an initial spot review of a few 1000 files.

The 4.13 kernel was the starting point of the analysis with 60,537 files
assessed.  Kate Stewart did a file by file comparison of the scanner
results in the spreadsheet to determine which SPDX license identifier(s)
to be applied to the file. She confirmed any determination that was not
immediately clear with lawyers working with the Linux Foundation.

Criteria used to select files for SPDX license identifier tagging was:
 - Files considered eligible had to be source code files.
 - Make and config files were included as candidates if they contained &gt;5
   lines of source
 - File already had some variant of a license header in it (even if &lt;5
   lines).

All documentation files were explicitly excluded.

The following heuristics were used to determine which SPDX license
identifiers to apply.

 - when both scanners couldn't find any license traces, file was
   considered to have no license information in it, and the top level
   COPYING file license applied.

   For non */uapi/* files that summary was:

   SPDX license identifier                            # files
   ---------------------------------------------------|-------
   GPL-2.0                                              11139

   and resulted in the first patch in this series.

   If that file was a */uapi/* path one, it was "GPL-2.0 WITH
   Linux-syscall-note" otherwise it was "GPL-2.0".  Results of that was:

   SPDX license identifier                            # files
   ---------------------------------------------------|-------
   GPL-2.0 WITH Linux-syscall-note                        930

   and resulted in the second patch in this series.

 - if a file had some form of licensing information in it, and was one
   of the */uapi/* ones, it was denoted with the Linux-syscall-note if
   any GPL family license was found in the file or had no licensing in
   it (per prior point).  Results summary:

   SPDX license identifier                            # files
   ---------------------------------------------------|------
   GPL-2.0 WITH Linux-syscall-note                       270
   GPL-2.0+ WITH Linux-syscall-note                      169
   ((GPL-2.0 WITH Linux-syscall-note) OR BSD-2-Clause)    21
   ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause)    17
   LGPL-2.1+ WITH Linux-syscall-note                      15
   GPL-1.0+ WITH Linux-syscall-note                       14
   ((GPL-2.0+ WITH Linux-syscall-note) OR BSD-3-Clause)    5
   LGPL-2.0+ WITH Linux-syscall-note                       4
   LGPL-2.1 WITH Linux-syscall-note                        3
   ((GPL-2.0 WITH Linux-syscall-note) OR MIT)              3
   ((GPL-2.0 WITH Linux-syscall-note) AND MIT)             1

   and that resulted in the third patch in this series.

 - when the two scanners agreed on the detected license(s), that became
   the concluded license(s).

 - when there was disagreement between the two scanners (one detected a
   license but the other didn't, or they both detected different
   licenses) a manual inspection of the file occurred.

 - In most cases a manual inspection of the information in the file
   resulted in a clear resolution of the license that should apply (and
   which scanner probably needed to revisit its heuristics).

 - When it was not immediately clear, the license identifier was
   confirmed with lawyers working with the Linux Foundation.

 - If there was any question as to the appropriate license identifier,
   the file was flagged for further research and to be revisited later
   in time.

In total, over 70 hours of logged manual review was done on the
spreadsheet to determine the SPDX license identifiers to apply to the
source files by Kate, Philippe, Thomas and, in some cases, confirmation
by lawyers working with the Linux Foundation.

Kate also obtained a third independent scan of the 4.13 code base from
FOSSology, and compared selected files where the other two scanners
disagreed against that SPDX file, to see if there was new insights.  The
Windriver scanner is based on an older version of FOSSology in part, so
they are related.

Thomas did random spot checks in about 500 files from the spreadsheets
for the uapi headers and agreed with SPDX license identifier in the
files he inspected. For the non-uapi files Thomas did random spot checks
in about 15000 files.

In initial set of patches against 4.14-rc6, 3 files were found to have
copy/paste license identifier errors, and have been fixed to reflect the
correct identifier.

Additionally Philippe spent 10 hours this week doing a detailed manual
inspection and review of the 12,461 patched files from the initial patch
version early this week with:
 - a full scancode scan run, collecting the matched texts, detected
   license ids and scores
 - reviewing anything where there was a license detected (about 500+
   files) to ensure that the applied SPDX license was correct
 - reviewing anything where there was no detection but the patch license
   was not GPL-2.0 WITH Linux-syscall-note to ensure that the applied
   SPDX license was correct

This produced a worksheet with 20 files needing minor correction.  This
worksheet was then exported into 3 different .csv files for the
different types of files to be modified.

These .csv files were then reviewed by Greg.  Thomas wrote a script to
parse the csv files and add the proper SPDX tag to the file, in the
format that the file expected.  This script was further refined by Greg
based on the output to detect more types of files automatically and to
distinguish between header and source .c files (which need different
comment types.)  Finally Greg ran the script using the .csv files to
generate the patches.

Reviewed-by: Kate Stewart &lt;kstewart@linuxfoundation.org&gt;
Reviewed-by: Philippe Ombredanne &lt;pombredanne@nexb.com&gt;
Reviewed-by: Thomas Gleixner &lt;tglx@linutronix.de&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>parisc/ipmi_si_intf: Fix section mismatches on parisc platform</title>
<updated>2017-08-22T14:34:37+00:00</updated>
<author>
<name>Helge Deller</name>
<email>deller@gmx.de</email>
</author>
<published>2017-08-21T20:07:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=0618cdfaeb0733e82d296d9db746b0fe0f07fefe'/>
<id>0618cdfaeb0733e82d296d9db746b0fe0f07fefe</id>
<content type='text'>
Additionally add a MODULE_DEVICE_TABLE entry so that udev
can load the driver automatically.

Signed-off-by: Helge Deller &lt;deller@gmx.de&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Additionally add a MODULE_DEVICE_TABLE entry so that udev
can load the driver automatically.

Signed-off-by: Helge Deller &lt;deller@gmx.de&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge tag 'for-linus-4.13-v2' of git://github.com/cminyard/linux-ipmi</title>
<updated>2017-07-10T17:59:29+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2017-07-10T17:59:29+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=9eb788800510ae1a6bc419636a66071ee4deafd5'/>
<id>9eb788800510ae1a6bc419636a66071ee4deafd5</id>
<content type='text'>
Pull IPMI updates from Corey Minyard:
 "Some small fixes for IPMI, and one medium sized changed.

  The medium sized change is adding a platform device for IPMI entries
  in the DMI table. Otherwise there is no auto loading for IPMI devices
  if they are only in the DMI table"

* tag 'for-linus-4.13-v2' of git://github.com/cminyard/linux-ipmi:
  ipmi:ssif: Add missing unlock in error branch
  char: ipmi: constify bmc_dev_attr_group and bmc_device_type
  ipmi:ssif: Check dev before setting drvdata
  ipmi: Convert DMI handling over to a platform device
  ipmi: Create a platform device for a DMI-specified IPMI interface
  ipmi: use rcu lock around call to intf-&gt;handlers-&gt;sender()
  ipmi:ssif: Use i2c_adapter_id instead of adapter-&gt;nr
  ipmi: Use the proper default value for register size in ACPI
  ipmi_ssif: remove redundant null check on array client-&gt;adapter-&gt;name
  ipmi/watchdog: fix watchdog timeout set on reboot
  ipmi_ssif: unlock on allocation failure
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull IPMI updates from Corey Minyard:
 "Some small fixes for IPMI, and one medium sized changed.

  The medium sized change is adding a platform device for IPMI entries
  in the DMI table. Otherwise there is no auto loading for IPMI devices
  if they are only in the DMI table"

* tag 'for-linus-4.13-v2' of git://github.com/cminyard/linux-ipmi:
  ipmi:ssif: Add missing unlock in error branch
  char: ipmi: constify bmc_dev_attr_group and bmc_device_type
  ipmi:ssif: Check dev before setting drvdata
  ipmi: Convert DMI handling over to a platform device
  ipmi: Create a platform device for a DMI-specified IPMI interface
  ipmi: use rcu lock around call to intf-&gt;handlers-&gt;sender()
  ipmi:ssif: Use i2c_adapter_id instead of adapter-&gt;nr
  ipmi: Use the proper default value for register size in ACPI
  ipmi_ssif: remove redundant null check on array client-&gt;adapter-&gt;name
  ipmi/watchdog: fix watchdog timeout set on reboot
  ipmi_ssif: unlock on allocation failure
</pre>
</div>
</content>
</entry>
</feed>
