Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
|
|
|
|
|
|
Remove the out of bound access vulnerability in the qce
driver reachable via ioctl.
Change-Id: I4320cd27334eaae975f4a6ad07fb7b2e5ebccffd
Signed-off-by: Monika Singh <monising@codeaurora.org>
|
|
HDR info frames were not disabled after a hotplug and app closure
or in the event of an unexpected termination of the userspace driver.
Fixed the issue by resetting to HDR_DISABLE state in hdmi bridge disable.
Change-Id: Iead5cfe11512a8c49b6a2183561de427ce16f393
Signed-off-by: Navid Bahrani <nbahrani@codeaurora.org>
|
|
Device assert in ep empty
affecting LPM scenario.
Remove device assert in ep empty check.
which is not really required since IPA BAM
reset is taken care.
Change-Id: I57ae9ada7f15c335a181247675f10b607774fd14
Signed-off-by: Mohammed <mjavid@codeaurora.org>
|
|
Current code checks IN_P3 status (i.e. USB is into U3 or not) with
dwc3_prepare_suspend() API using in_host_mode or vbus_active flag.
With data role swap transition (e.g. dfp -> ufp case), in_host_mode
flag sets to false and vbus_active flag sets to true due to quick
calling of stop host and start peripheral mode from policy engine.
This results into USB doesn't go into LPM with stop host mode (i.e.
USB LPM is aborted due to vbus_active flag seen as true) which
results into no USB enumeration in start peripheral mode. Current
code doesn't perform block reset while stopping USB host mode
functionality. Hence to invoke USB core and PHYs related reset and
init functionality allow USB LPM by replacing vbus_active check with
in_device_mode flag which provides status of USB controller's data
role while going into USB LPM. Start peripheral mode brings USB
out of LPM which performs POR functionality.
Change-Id: I2bbb804bce5f910826ba30a3dda4317bbdb2e1f1
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
Signed-off-by: Ajay Agarwal <ajaya@codeaurora.org>
|
|
Ensure camera driver waits for early camera
handoff from LK to avoid hardware contention.
Change-Id: If301b63b34331285ac3d126543ca3c1d5cae6ba4
Signed-off-by: E V Ravi <evenka@codeaurora.org>
|
|
* refs/heads/tmp-f34ff9e
Linux 4.4.165
xhci: Fix USB3 NULL pointer dereference at logical disconnect.
HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges
new helper: uaccess_kernel()
ACPI / platform: Add SMB0001 HID to forbidden_id_list
drivers/misc/sgi-gru: fix Spectre v1 vulnerability
USB: misc: appledisplay: add 20" Apple Cinema Display
misc: atmel-ssc: Fix section annotation on atmel_ssc_get_driver_data
usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB
USB: quirks: Add no-lpm quirk for Raydium touchscreens
usb: cdc-acm: add entry for Hiro (Conexant) modem
uio: Fix an Oops on load
media: v4l: event: Add subscription to list before calling "add" operation
Revert "Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV"
Revert "media: videobuf2-core: don't call memop 'finish' when queueing"
btrfs: fix pinned underflow after transaction aborted
gfs2: Put bitmap buffers in put_super
SUNRPC: drop pointless static qualifier in xdr_get_next_encode_buffer()
zram: close udev startup race condition as default groups
lib/raid6: Fix arm64 test build
hwmon: (ibmpowernv) Remove bogus __init annotations
netfilter: xt_IDLETIMER: add sysfs filename checking routine
netfilter: ipset: Correct rcu_dereference() call in ip_set_put_comment()
s390/mm: Fix ERROR: "__node_distance" undefined!
netfilter: ipset: actually allow allowable CIDR 0 in hash:net,port,net
s390/vdso: add missing FORCE to build targets
arm64: percpu: Initialize ret in the default case
platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307
clk: samsung: exynos5420: Enable PERIS clocks for suspend
fs/exofs: fix potential memory leak in mount option parsing
um: Give start_idle_thread() a return code
hfsplus: prevent btree data loss on root split
hfs: prevent btree data loss on root split
reiserfs: propagate errors from fill_with_dentries() properly
x86/build: Use cc-option to validate stack alignment parameter
x86/build: Fix stack alignment for CLang
x86/boot: #undef memcpy() et al in string.c
x86/build: Specify stack alignment for clang
x86/build: Use __cc-option for boot code compiler options
kbuild: Add __cc-option macro
x86/mm/kaslr: Use the _ASM_MUL macro for multiplication to work around Clang incompatibility
crypto, x86: aesni - fix token pasting for clang
x86/kbuild: Use cc-option to enable -falign-{jumps/loops}
arm64: Disable asm-operand-width warning for clang
kbuild: allow to use GCC toolchain not in Clang search path
kbuild: set no-integrated-as before incl. arch Makefile
kbuild: clang: disable unused variable warnings only when constant
kbuild: clang: remove crufty HOSTCFLAGS
kbuild: clang: fix build failures with sparse check
kbuild: move cc-option and cc-disable-warning after incl. arch Makefile
kbuild: Set KBUILD_CFLAGS before incl. arch Makefile
kbuild: fix linker feature test macros when cross compiling with Clang
efi/libstub/arm64: Set -fpie when building the EFI stub
efi/libstub/arm64: Force 'hidden' visibility for section markers
crypto: arm64/sha - avoid non-standard inline asm tricks
kbuild: clang: Disable 'address-of-packed-member' warning
modules: mark __inittest/__exittest as __maybe_unused
kbuild: Add support to generate LLVM assembly files
kbuild: use -Oz instead of -Os when using clang
kbuild, LLVMLinux: Add -Werror to cc-option to support clang
kbuild: drop -Wno-unknown-warning-option from clang options
kbuild: fix asm-offset generation to work with clang
kbuild: consolidate redundant sed script ASM offset generation
kbuild: Consolidate header generation from ASM offset information
kbuild: clang: add -no-integrated-as to KBUILD_[AC]FLAGS
kbuild: Add better clang cross build support
ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF
tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths
net-gro: reset skb->pkt_type in napi_reuse_skb()
ip_tunnel: don't force DF when MTU is locked
flow_dissector: do not dissect l4 ports for fragments
Conflicts:
arch/um/os-Linux/skas/process.c
Change-Id: I6587d94332e204c068f7d44428a2ec1280bc3a7f
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
|
|
Changes in 4.4.165
flow_dissector: do not dissect l4 ports for fragments
ip_tunnel: don't force DF when MTU is locked
net-gro: reset skb->pkt_type in napi_reuse_skb()
tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths
ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF
kbuild: Add better clang cross build support
kbuild: clang: add -no-integrated-as to KBUILD_[AC]FLAGS
kbuild: Consolidate header generation from ASM offset information
kbuild: consolidate redundant sed script ASM offset generation
kbuild: fix asm-offset generation to work with clang
kbuild: drop -Wno-unknown-warning-option from clang options
kbuild, LLVMLinux: Add -Werror to cc-option to support clang
kbuild: use -Oz instead of -Os when using clang
kbuild: Add support to generate LLVM assembly files
modules: mark __inittest/__exittest as __maybe_unused
kbuild: clang: Disable 'address-of-packed-member' warning
crypto: arm64/sha - avoid non-standard inline asm tricks
efi/libstub/arm64: Force 'hidden' visibility for section markers
efi/libstub/arm64: Set -fpie when building the EFI stub
kbuild: fix linker feature test macros when cross compiling with Clang
kbuild: Set KBUILD_CFLAGS before incl. arch Makefile
kbuild: move cc-option and cc-disable-warning after incl. arch Makefile
kbuild: clang: fix build failures with sparse check
kbuild: clang: remove crufty HOSTCFLAGS
kbuild: clang: disable unused variable warnings only when constant
kbuild: set no-integrated-as before incl. arch Makefile
kbuild: allow to use GCC toolchain not in Clang search path
arm64: Disable asm-operand-width warning for clang
x86/kbuild: Use cc-option to enable -falign-{jumps/loops}
crypto, x86: aesni - fix token pasting for clang
x86/mm/kaslr: Use the _ASM_MUL macro for multiplication to work around Clang incompatibility
kbuild: Add __cc-option macro
x86/build: Use __cc-option for boot code compiler options
x86/build: Specify stack alignment for clang
x86/boot: #undef memcpy() et al in string.c
x86/build: Fix stack alignment for CLang
x86/build: Use cc-option to validate stack alignment parameter
reiserfs: propagate errors from fill_with_dentries() properly
hfs: prevent btree data loss on root split
hfsplus: prevent btree data loss on root split
um: Give start_idle_thread() a return code
fs/exofs: fix potential memory leak in mount option parsing
clk: samsung: exynos5420: Enable PERIS clocks for suspend
platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307
arm64: percpu: Initialize ret in the default case
s390/vdso: add missing FORCE to build targets
netfilter: ipset: actually allow allowable CIDR 0 in hash:net,port,net
s390/mm: Fix ERROR: "__node_distance" undefined!
netfilter: ipset: Correct rcu_dereference() call in ip_set_put_comment()
netfilter: xt_IDLETIMER: add sysfs filename checking routine
hwmon: (ibmpowernv) Remove bogus __init annotations
lib/raid6: Fix arm64 test build
zram: close udev startup race condition as default groups
SUNRPC: drop pointless static qualifier in xdr_get_next_encode_buffer()
gfs2: Put bitmap buffers in put_super
btrfs: fix pinned underflow after transaction aborted
Revert "media: videobuf2-core: don't call memop 'finish' when queueing"
Revert "Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV"
media: v4l: event: Add subscription to list before calling "add" operation
uio: Fix an Oops on load
usb: cdc-acm: add entry for Hiro (Conexant) modem
USB: quirks: Add no-lpm quirk for Raydium touchscreens
usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB
misc: atmel-ssc: Fix section annotation on atmel_ssc_get_driver_data
USB: misc: appledisplay: add 20" Apple Cinema Display
drivers/misc/sgi-gru: fix Spectre v1 vulnerability
ACPI / platform: Add SMB0001 HID to forbidden_id_list
new helper: uaccess_kernel()
HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges
xhci: Fix USB3 NULL pointer dereference at logical disconnect.
Linux 4.4.165
Change-Id: I5bd20327e0c1139c46f74e8d5916fa0530a307d3
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
|
commit 2278446e2b7cd33ad894b32e7eb63afc7db6c86e upstream.
Hub driver will try to disable a USB3 device twice at logical disconnect,
racing with xhci_free_dev() callback from the first port disable.
This can be triggered with "udisksctl power-off --block-device <disk>"
or by writing "1" to the "remove" sysfs file for a USB3 device
in 4.17-rc4.
USB3 devices don't have a similar disabled link state as USB2 devices,
and use a U3 suspended link state instead. In this state the port
is still enabled and connected.
hub_port_connect() first disconnects the device, then later it notices
that device is still enabled (due to U3 states) it will try to disable
the port again (set to U3).
The xhci_free_dev() called during device disable is async, so checking
for existing xhci->devs[i] when setting link state to U3 the second time
was successful, even if device was being freed.
The regression was caused by, and whole thing revealed by,
Commit 44a182b9d177 ("xhci: Fix use-after-free in xhci_free_virt_device")
which sets xhci->devs[i]->udev to NULL before xhci_virt_dev() returned.
and causes a NULL pointer dereference the second time we try to set U3.
Fix this by checking xhci->devs[i]->udev exists before setting link state.
The original patch went to stable so this fix needs to be applied there as
well.
Fixes: 44a182b9d177 ("xhci: Fix use-after-free in xhci_free_virt_device")
Cc: <stable@vger.kernel.org>
Reported-by: Jordan Glover <Golden_Miller83@protonmail.ch>
Tested-by: Jordan Glover <Golden_Miller83@protonmail.ch>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Cc: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit 8c01db7619f07c85c5cd81ec5eb83608b56c88f5 upstream.
When a UHID_CREATE command is written to the uhid char device, a
copy_from_user() is done from a user pointer embedded in the command.
When the address limit is KERNEL_DS, e.g. as is the case during
sys_sendfile(), this can read from kernel memory. Alternatively,
information can be leaked from a setuid binary that is tricked to write
to the file descriptor. Therefore, forbid UHID_CREATE in these cases.
No other commands in uhid_char_write() are affected by this bug and
UHID_CREATE is marked as "obsolete", so apply the restriction to
UHID_CREATE only rather than to uhid_char_write() entirely.
Thanks to Dmitry Vyukov for adding uhid definitions to syzkaller and to
Jann Horn for commit 9da3f2b740544 ("x86/fault: BUG() when uaccess
helpers fault on kernel addresses"), allowing this bug to be found.
Reported-by: syzbot+72473edc9bf4eb1c6556@syzkaller.appspotmail.com
Fixes: d365c6cfd337 ("HID: uhid: add UHID_CREATE and UHID_DESTROY events")
Cc: <stable@vger.kernel.org> # v3.6+
Cc: Jann Horn <jannh@google.com>
Cc: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Jann Horn <jannh@google.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit 2bbb5fa37475d7aa5fa62f34db1623f3da2dfdfa upstream.
Many HP AMD based laptops contain an SMB0001 device like this:
Device (SMBD)
{
Name (_HID, "SMB0001") // _HID: Hardware ID
Name (_CRS, ResourceTemplate () // _CRS: Current Resource Settings
{
IO (Decode16,
0x0B20, // Range Minimum
0x0B20, // Range Maximum
0x20, // Alignment
0x20, // Length
)
IRQ (Level, ActiveLow, Shared, )
{7}
})
}
The legacy style IRQ resource here causes acpi_dev_get_irqresource() to
be called with legacy=true and this message to show in dmesg:
ACPI: IRQ 7 override to edge, high
This causes issues when later on the AMD0030 GPIO device gets enumerated:
Device (GPIO)
{
Name (_HID, "AMDI0030") // _HID: Hardware ID
Name (_CID, "AMDI0030") // _CID: Compatible ID
Name (_UID, Zero) // _UID: Unique ID
Method (_CRS, 0, NotSerialized) // _CRS: Current Resource Settings
{
Name (RBUF, ResourceTemplate ()
{
Interrupt (ResourceConsumer, Level, ActiveLow, Shared, ,, )
{
0x00000007,
}
Memory32Fixed (ReadWrite,
0xFED81500, // Address Base
0x00000400, // Address Length
)
})
Return (RBUF) /* \_SB_.GPIO._CRS.RBUF */
}
}
Now acpi_dev_get_irqresource() gets called with legacy=false, but because
of the earlier override of the trigger-type acpi_register_gsi() returns
-EBUSY (because we try to register the same interrupt with a different
trigger-type) and we end up setting IORESOURCE_DISABLED in the flags.
The setting of IORESOURCE_DISABLED causes platform_get_irq() to call
acpi_irq_get() which is not implemented on x86 and returns -EINVAL.
resulting in the following in dmesg:
amd_gpio AMDI0030:00: Failed to get gpio IRQ: -22
amd_gpio: probe of AMDI0030:00 failed with error -22
The SMB0001 is a "virtual" device in the sense that the only way the OS
interacts with it is through calling a couple of methods to do SMBus
transfers. As such it is weird that it has IO and IRQ resources at all,
because the driver for it is not expected to ever access the hardware
directly.
The Linux driver for the SMB0001 device directly binds to the acpi_device
through the acpi_bus, so we do not need to instantiate a platform_device
for this ACPI device. This commit adds the SMB0001 HID to the
forbidden_id_list, avoiding the instantiating of a platform_device for it.
Not instantiating a platform_device means we will no longer call
acpi_dev_get_irqresource() for the legacy IRQ resource fixing the probe of
the AMDI0030 device failing.
BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1644013
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=198715
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=199523
Reported-by: Lukas Kahnert <openproggerfreak@gmail.com>
Tested-by: Marc <suaefar@googlemail.com>
Cc: All applicable <stable@vger.kernel.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit fee05f455ceb5c670cbe48e2f9454ebc4a388554 upstream.
req.gid can be indirectly controlled by user-space, hence leading to
a potential exploitation of the Spectre variant 1 vulnerability.
This issue was detected with the help of Smatch:
vers/misc/sgi-gru/grukdump.c:200 gru_dump_chiplet_request() warn:
potential spectre issue 'gru_base' [w]
Fix this by sanitizing req.gid before calling macro GID_TO_GRU, which
uses it to index gru_base.
Notice that given that speculation windows are large, the policy is
to kill the speculation on the first load and not worry if it can be
completed with a dependent load/store [1].
[1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2
Cc: stable@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit f6501f49199097b99e4e263644d88c90d1ec1060 upstream.
Add another Apple Cinema Display to the list of supported displays
Signed-off-by: Mattias Jacobsson <2pi@mok.nu>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit 7c97301285b62a41d6bceded7d964085fc8cc50f upstream.
After building the kernel with Clang, the following section mismatch
warning appears:
WARNING: vmlinux.o(.text+0x3bf19a6): Section mismatch in reference from
the function ssc_probe() to the function
.init.text:atmel_ssc_get_driver_data()
The function ssc_probe() references
the function __init atmel_ssc_get_driver_data().
This is often because ssc_probe lacks a __init
annotation or the annotation of atmel_ssc_get_driver_data is wrong.
Remove __init from atmel_ssc_get_driver_data to get rid of the mismatch.
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit a77112577667cbda7c6292c52d909636aef31fd9 upstream.
Following on from this patch: https://lkml.org/lkml/2017/11/3/516,
Corsair K70 LUX RGB keyboards also require the DELAY_INIT quirk to
start correctly at boot.
Dmesg output:
usb 1-6: string descriptor 0 read error: -110
usb 1-6: New USB device found, idVendor=1b1c, idProduct=1b33
usb 1-6: New USB device strings: Mfr=1, Product=2, SerialNumber=3
usb 1-6: can't set config #1, error -110
Signed-off-by: Emmanuel Pescosta <emmanuelpescosta099@gmail.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit deefd24228a172d1b27d4a9adbfd2cdacd60ae64 upstream.
Raydium USB touchscreen fails to set config if LPM is enabled:
[ 2.030658] usb 1-8: New USB device found, idVendor=2386, idProduct=3119
[ 2.030659] usb 1-8: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[ 2.030660] usb 1-8: Product: Raydium Touch System
[ 2.030661] usb 1-8: Manufacturer: Raydium Corporation
[ 7.132209] usb 1-8: can't set config #1, error -110
Same behavior can be observed on 2386:3114.
Raydium claims the touchscreen supports LPM under Windows, so I used
Microsoft USB Test Tools (MUTT) [1] to check its LPM status. MUTT shows
that the LPM doesn't work under Windows, either. So let's just disable LPM
for Raydium touchscreens.
[1] https://docs.microsoft.com/en-us/windows-hardware/drivers/usbcon/usb-test-tools
Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit 63529eaa6164ef7ab4b907b25ac3648177e5e78f upstream.
The cdc-acm kernel module currently does not support the Hiro (Conexant)
H05228 USB modem. The patch below adds the device specific information:
idVendor 0x0572
idProduct 0x1349
Signed-off-by: Maarten Jacobs <maarten256@outlook.com>
Acked-by: Oliver Neukum <oneukum@suse.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit 432798195bbce1f8cd33d1c0284d0538835e25fb upstream.
I was trying to solve a double free but I introduced a more serious
NULL dereference bug. The problem is that if there is an IRQ which
triggers immediately, then we need "info->uio_dev" but it's not set yet.
This patch puts the original initialization back to how it was and just
sets info->uio_dev to NULL on the error path so it should solve both
the Oops and the double free.
Fixes: f019f07ecf6a ("uio: potential double frees if __uio_register_device() fails")
Reported-by: Mathias Thore <Mathias.Thore@infinera.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: stable <stable@vger.kernel.org>
Tested-by: Mathias Thore <Mathias.Thore@infinera.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit 92539d3eda2c090b382699bbb896d4b54e9bdece upstream.
Patch ad608fbcf166 changed how events were subscribed to address an issue
elsewhere. As a side effect of that change, the "add" callback was called
before the event subscription was added to the list of subscribed events,
causing the first event queued by the add callback (and possibly other
events arriving soon afterwards) to be lost.
Fix this by adding the subscription to the list before calling the "add"
callback, and clean up afterwards if that fails.
Fixes: ad608fbcf166 ("media: v4l: event: Prevent freeing event subscriptions while accessed")
Reported-by: Dave Stevenson <dave.stevenson@raspberrypi.org>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Tested-by: Dave Stevenson <dave.stevenson@raspberrypi.org>
Reviewed-by: Hans Verkuil <hans.verkuil@cisco.com>
Tested-by: Hans Verkuil <hans.verkuil@cisco.com>
Cc: stable@vger.kernel.org (for 4.14 and up)
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
[Sakari Ailus: Backported to v4.9 stable]
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
This reverts commit 5824d86b50b8c5f9ecd725f2d74381a23ab1c63b which is
commit 6c3711ec64fd23a9abc8aaf59a9429569a6282df upstream.
You Ling writes that this config option isn't even in 4.4.y yet, so it
causes a regression. Revert the patch because of this.
Reported-by: youling 257 <youling257@gmail.com>
Cc: Johan Hedberg <johan.hedberg@intel.com>
Cc: Marcel Holtmann <marcel@holtmann.org>
Cc: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
This reverts commit 46431d9c28f6859f8e568ac7db92137f1da31100.
This commit fixes a bug in upstream commit a136f59c0a1f ("vb2: Move
buffer cache synchronisation to prepare from queue") which isn't
present in 4.4.
So as a result you get an UNBALANCED message in the kernel log if
this patch is applied:
vb2: counters for queue ffffffc0f3687478, buffer 3: UNBALANCED!
vb2: buf_init: 1 buf_cleanup: 1 buf_prepare: 805 buf_finish: 805
vb2: buf_queue: 806 buf_done: 806
vb2: alloc: 0 put: 0 prepare: 806 finish: 805 mmap: 0
vb2: get_userptr: 0 put_userptr: 0
vb2: attach_dmabuf: 1 detach_dmabuf: 1 map_dmabuf: 805 unmap_dmabuf: 805
vb2: get_dmabuf: 0 num_users: 1609 vaddr: 0 cookie: 805
Reverting this patch solves this regression.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
|
commit fef912bf860e upstream.
commit 98af4d4df889 upstream.
I got a report from Howard Chen that he saw zram and sysfs race(ie,
zram block device file is created but sysfs for it isn't yet)
when he tried to create new zram devices via hotadd knob.
v4.20 kernel fixes it by [1, 2] but it's too large size to merge
into -stable so this patch fixes the problem by registering defualt
group by Greg KH's approach[3].
This patch should be applied to every stable tree [3.16+] currently
existing from kernel.org because the problem was introduced at 2.6.37
by [4].
[1] fef912bf860e, block: genhd: add 'groups' argument to device_add_disk
[2] 98af4d4df889, zram: register default groups with device_add_disk()
[3] http://kroah.com/log/blog/2013/06/26/how-to-create-a-sysfs-file-correctly/
[4] 33863c21e69e9, Staging: zram: Replace ioctls with sysfs interface
Cc: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Cc: Hannes Reinecke <hare@suse.com>
Tested-by: Howard Chen <howardsoc@google.com>
Signed-off-by: Minchan Kim <minchan@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
|
[ Upstream commit e3e61f01d755188cb6c2dcf5a244b9c0937c258e ]
If gcc decides not to inline make_sensor_label():
WARNING: vmlinux.o(.text+0x4df549c): Section mismatch in reference from the function .create_device_attrs() to the function .init.text:.make_sensor_label()
The function .create_device_attrs() references
the function __init .make_sensor_label().
This is often because .create_device_attrs lacks a __init
annotation or the annotation of .make_sensor_label is wrong.
As .probe() can be called after freeing of __init memory, all __init
annotiations in the driver are bogus, and should be removed.
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
|
[ Upstream commit 684238d79ad85c5e19a71bb5818e77e329912fbc ]
To fix:
acerhdf: unknown (unsupported) BIOS version Gateway /LT31 /v1.3307 , please report, aborting!
As can be seen in the context, the BIOS registers haven't changed in
the previous versions, so the assumption is they won't have changed
in this last update for this somewhat older platform either.
Cc: Peter Feuerer <peter@piie.net>
Cc: Darren Hart <dvhart@infradead.org>
Cc: Andy Shevchenko <andy@infradead.org>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Peter Feuerer <peter@piie.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
|
[ Upstream commit b33228029d842269e17bba591609e83ed422005d ]
Ensure that clocks for core SoC modules (including TZPC0..9 modules)
are enabled for suspend/resume cycle. This fixes suspend/resume
support on Exynos5422-based Odroid XU3/XU4 boards.
Suggested-by: Joonyoung Shim <jy0922.shim@samsung.com>
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Sylwester Nawrocki <snawrocki@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
|
commit 91ee5b21ee026c49e4e7483de69b55b8b47042be upstream.
Clang may emit absolute symbol references when building in non-PIC mode,
even when using the default 'small' code model, which is already mostly
position independent to begin with, due to its use of adrp/add pairs
that have a relative range of +/- 4 GB. The remedy is to pass the -fpie
flag, which can be done safely now that the code has been updated to avoid
GOT indirections (which may be emitted due to the compiler assuming that
the PIC/PIE code may end up in a shared library that is subject to ELF
symbol preemption)
Passing -fpie when building code that needs to execute at an a priori
unknown offset is arguably an improvement in any case, and given that
the recent visibility changes allow the PIC build to pass with GCC as
well, let's add -fpie for all arm64 builds rather than only for Clang.
Tested-by: Matthias Kaehlcke <mka@chromium.org>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/20170818194947.19347-5-ard.biesheuvel@linaro.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit 0426a4e68f18d75515414361de9e3e1445d2644e upstream.
To prevent the compiler from emitting absolute references to the section
markers when running in PIC mode, override the visibility to 'hidden' for
all contents of asm/sections.h
Tested-by: Matthias Kaehlcke <mka@chromium.org>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/20170818194947.19347-4-ard.biesheuvel@linaro.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
[nc: Fix conflict due to lack of commit 42b55734030c1 in linux-4.4.y]
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
[ Upstream commit 59663e42199c93d1d7314d1446f6782fc4b1eb81 ]
This patch has the fix to avoid PHY lockup with 5717/5719/5720 in change
ring and flow control paths. This patch solves the RX hang while doing
continuous ring or flow control parameters with heavy traffic from peer.
Signed-off-by: Siva Reddy Kallam <siva.kallam@broadcom.com>
Acked-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
|
|
|
|
Because of napi not disabled during rmnet ipa interface going down,
when interface coming up napi will be in wrong state, it leads to
device assert. Added changed to disable napi for the rmnet_ipa
interface when the interface goes down.
Change-Id: Ia6c7cd6fe9f60c58ffd178dbbf877ab3b38a2f4b
Acked-by: Praveen Kurapati <pkurapat@qti.qualcomm.com>
Acked-by: Ashok Vuyyuru <avuyyuru@qti.qualcomm.com>
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
|
|
|
|
Early domain in LK runs in parallel with kernel
with some memory and cpu core(s) reserved for it.
LK updates the status of early services on a shared
memory location. In Kernel, this driver provides
new APIs to check any early service's status and to
communicate with them. It hot adds the reserved
cpu(s) and frees lk text once all early services end.
Change-Id: I0b29b1886abea3280543d76492044c8946d7690e
Signed-off-by: Vivek Kumar <vivekuma@codeaurora.org>
|
|
Changes the naming convention and adds
PID as suffix to the debugfs files.
Adds debugfs file data in the tabular format and also
creates global file in /sys/kernel/debug/adsprpc directory.
Change-Id: I25f3f7ea59dd39c9d44d99c8503f431f10072c33
Signed-off-by: Mohammed Nayeem Ur Rahman <mohara@codeaurora.org>
|
|
systems"
|
|
|
|
* refs/heads/tmp-564ce1b
Linux 4.4.164
drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values
drm/dp_mst: Check if primary mstb is null
drm/rockchip: Allow driver to be shutdown on reboot/kexec
mm: migration: fix migration of huge PMD shared pages
hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444!
configfs: replace strncpy with memcpy
fuse: fix leaked notify reply
rtc: hctosys: Add missing range error reporting
sunrpc: correct the computation for page_ptr when truncating
mount: Prevent MNT_DETACH from disconnecting locked mounts
mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts
mount: Retest MNT_LOCKED in do_umount
ext4: fix buffer leak in __ext4_read_dirblock() on error path
ext4: fix buffer leak in ext4_xattr_move_to_block() on error path
ext4: release bs.bh before re-using in ext4_xattr_block_find()
ext4: fix possible leak of sbi->s_group_desc_leak in error path
ext4: avoid possible double brelse() in add_new_gdb() on error path
ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing
ext4: avoid buffer leak in ext4_orphan_add() after prior errors
ext4: fix possible inode leak in the retry loop of ext4_resize_fs()
ext4: avoid potential extra brelse in setup_new_flex_group_blocks()
ext4: add missing brelse() add_new_gdb_meta_bg()'s error path
ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path
ext4: add missing brelse() update_backups()'s error path
clockevents/drivers/i8253: Add support for PIT shutdown quirk
Btrfs: fix data corruption due to cloning of eof block
arch/alpha, termios: implement BOTHER, IBSHIFT and termios2
termios, tty/tty_baudrate.c: fix buffer overrun
mtd: docg3: don't set conflicting BCH_CONST_PARAMS option
mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings
ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry
vhost/scsi: truncate T10 PI iov_iter to prot_bytes
mach64: fix image corruption due to reading accelerator registers
mach64: fix display corruption on big endian machines
libceph: bump CEPH_MSG_MAX_DATA_LEN
clk: s2mps11: Fix matching when built as module and DT node contains compatible
xtensa: fix boot parameters address translation
xtensa: make sure bFLT stack is 16 byte aligned
xtensa: add NOTES section to the linker script
MIPS: Loongson-3: Fix BRIDGE irq delivery problem
MIPS: Loongson-3: Fix CPU UART irq delivery problem
bna: ethtool: Avoid reading past end of buffer
e1000: fix race condition between e1000_down() and e1000_watchdog
e1000: avoid null pointer dereference on invalid stat type
mm: do not bug_on on incorrect length in __mm_populate()
fs, elf: make sure to page align bss in load_elf_library
mm: refuse wrapped vm_brk requests
binfmt_elf: fix calculations for bss padding
mm, elf: handle vm_brk error
fuse: set FR_SENT while locked
fuse: fix blocked_waitq wakeup
fuse: Fix use-after-free in fuse_dev_do_write()
fuse: Fix use-after-free in fuse_dev_do_read()
scsi: qla2xxx: Fix incorrect port speed being set for FC adapters
cdrom: fix improper type cast, which can leat to information leak.
9p: clear dangling pointers in p9stat_free
9p locks: fix glock.client_id leak in do_lock
media: tvp5150: fix width alignment during set_selection()
sc16is7xx: Fix for multi-channel stall
powerpc/boot: Ensure _zimage_start is a weak symbol
MIPS: kexec: Mark CPU offline before disabling local IRQ
media: pci: cx23885: handle adding to list failure
drm/omap: fix memory barrier bug in DMM driver
powerpc/nohash: fix undefined behaviour when testing page size support
tty: check name length in tty_find_polling_driver()
MD: fix invalid stored role for a disk - try2
btrfs: set max_extent_size properly
Btrfs: fix null pointer dereference on compressed write path error
btrfs: qgroup: Dirty all qgroups before rescan
Btrfs: fix wrong dentries after fsync of file that got its parent replaced
btrfs: make sure we create all new block groups
btrfs: reset max_extent_size on clear in a bitmap
btrfs: wait on caching when putting the bg cache
btrfs: don't attempt to trim devices that don't support it
btrfs: iterate all devices during trim, instead of fs_devices::alloc_list
btrfs: locking: Add extra check in btrfs_init_new_buffer() to avoid deadlock
btrfs: Handle owner mismatch gracefully when walking up tree
soc/tegra: pmc: Fix child-node lookup
arm64: dts: stratix10: Correct System Manager register size
Cramfs: fix abad comparison when wrap-arounds occur
ext4: avoid running out of journal credits when appending to an inline file
media: em28xx: make v4l2-compliance happier by starting sequence on zero
media: em28xx: fix input name for Terratec AV 350
media: em28xx: use a default format if TRY_FMT fails
xen: fix xen_qlock_wait()
kgdboc: Passing ekgdboc to command line causes panic
TC: Set DMA masks for devices
MIPS: OCTEON: fix out of bounds array access on CN68XX
powerpc/msi: Fix compile error on mpc83xx
dm ioctl: harden copy_params()'s copy_from_user() from malicious users
lockd: fix access beyond unterminated strings in prints
nfsd: Fix an Oops in free_session()
NFSv4.1: Fix the r/wsize checking
genirq: Fix race on spurious interrupt detection
printk: Fix panic caused by passing log_buf_len to command line
smb3: on kerberos mount if server doesn't specify auth type use krb5
smb3: do not attempt cifs operation in smb3 query info error path
smb3: allow stats which track session and share reconnects to be reset
w1: omap-hdq: fix missing bus unregister at removal
iio: adc: at91: fix wrong channel number in triggered buffer mode
iio: adc: at91: fix acking DRDY irq on simple conversions
kbuild: fix kernel/bounds.c 'W=1' warning
hugetlbfs: dirty pages as they are added to pagecache
ima: fix showing large 'violations' or 'runtime_measurements_count'
crypto: lrw - Fix out-of bounds access on counter overflow
signal/GenWQE: Fix sending of SIGKILL
PCI: Add Device IDs for Intel GPU "spurious interrupt" quirk
HID: hiddev: fix potential Spectre v1
ext4: initialize retries variable in ext4_da_write_inline_data_begin()
gfs2_meta: ->mount() can get NULL dev_name
jbd2: fix use after free in jbd2_log_do_checkpoint()
libnvdimm: Hold reference on parent while scheduling async init
net/ipv4: defensive cipso option parsing
xen: make xen_qlock_wait() nestable
xen: fix race in xen_qlock_wait()
tpm: Restore functionality to xen vtpm driver.
xen-swiotlb: use actually allocated size on check physical continuous
ALSA: hda: Check the non-cached stream buffers more explicitly
dmaengine: dma-jz4780: Return error if not probed from DT
signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init
scsi: lpfc: Correct soft lockup when running mds diagnostics
uio: ensure class is registered before devices
driver/dma/ioat: Call del_timer_sync() without holding prep_lock
usb: chipidea: Prevent unbalanced IRQ disable
MD: fix invalid stored role for a disk
ext4: fix argument checking in EXT4_IOC_MOVE_EXT
tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated
scsi: megaraid_sas: fix a missing-check bug
scsi: esp_scsi: Track residual for PIO transfers
ath10k: schedule hardware restart if WMI command times out
pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant
pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant
pinctrl: qcom: spmi-mpp: Fix drive strength setting
ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers
kprobes: Return error if we fail to reuse kprobe instead of BUG_ON()
pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux
x86: boot: Fix EFI stub alignment
Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth
mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01
perf tools: Cleanup trace-event-info 'tdata' leak
perf tools: Free temporary 'sys' string in read_event_files()
tun: Consistently configure generic netdev params via rtnetlink
swim: fix cleanup on setup error
ataflop: fix error handling during setup
locking/lockdep: Fix debug_locks off performance problem
selftests: ftrace: Add synthetic event syntax testcase
net: qla3xxx: Remove overflowing shift statement
x86/fpu: Remove second definition of fpu in __fpu__restore_sig()
sparc: Fix single-pcr perf event counter management.
x86/kconfig: Fall back to ticket spinlocks
x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided
ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops
ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905)
parisc: Fix map_pages() to not overwrite existing pte entries
parisc: Fix address in HPMC IVA
ipmi: Fix timer race with module unload
pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges
jffs2: free jffs2_sb_info through jffs2_kill_sb()
hwmon: (pmbus) Fix page count auto-detection.
bcache: fix miss key refill->end in writeback
ANDROID: zram: set comp_len to PAGE_SIZE when page is huge
Conflicts:
drivers/hid/usbhid/hiddev.c
Change-Id: I42874613e3b4102ef4ed051e1e8ed25b2d4ae7f2
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
|
|
Changes in 4.4.164
bcache: fix miss key refill->end in writeback
hwmon: (pmbus) Fix page count auto-detection.
jffs2: free jffs2_sb_info through jffs2_kill_sb()
pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges
ipmi: Fix timer race with module unload
parisc: Fix address in HPMC IVA
parisc: Fix map_pages() to not overwrite existing pte entries
ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905)
ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops
x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided
x86/kconfig: Fall back to ticket spinlocks
sparc: Fix single-pcr perf event counter management.
x86/fpu: Remove second definition of fpu in __fpu__restore_sig()
net: qla3xxx: Remove overflowing shift statement
selftests: ftrace: Add synthetic event syntax testcase
locking/lockdep: Fix debug_locks off performance problem
ataflop: fix error handling during setup
swim: fix cleanup on setup error
tun: Consistently configure generic netdev params via rtnetlink
perf tools: Free temporary 'sys' string in read_event_files()
perf tools: Cleanup trace-event-info 'tdata' leak
mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01
Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth
x86: boot: Fix EFI stub alignment
pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux
kprobes: Return error if we fail to reuse kprobe instead of BUG_ON()
ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers
pinctrl: qcom: spmi-mpp: Fix drive strength setting
pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant
pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant
ath10k: schedule hardware restart if WMI command times out
scsi: esp_scsi: Track residual for PIO transfers
scsi: megaraid_sas: fix a missing-check bug
tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated
ext4: fix argument checking in EXT4_IOC_MOVE_EXT
MD: fix invalid stored role for a disk
usb: chipidea: Prevent unbalanced IRQ disable
driver/dma/ioat: Call del_timer_sync() without holding prep_lock
uio: ensure class is registered before devices
scsi: lpfc: Correct soft lockup when running mds diagnostics
signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init
dmaengine: dma-jz4780: Return error if not probed from DT
ALSA: hda: Check the non-cached stream buffers more explicitly
xen-swiotlb: use actually allocated size on check physical continuous
tpm: Restore functionality to xen vtpm driver.
xen: fix race in xen_qlock_wait()
xen: make xen_qlock_wait() nestable
net/ipv4: defensive cipso option parsing
libnvdimm: Hold reference on parent while scheduling async init
jbd2: fix use after free in jbd2_log_do_checkpoint()
gfs2_meta: ->mount() can get NULL dev_name
ext4: initialize retries variable in ext4_da_write_inline_data_begin()
HID: hiddev: fix potential Spectre v1
PCI: Add Device IDs for Intel GPU "spurious interrupt" quirk
signal/GenWQE: Fix sending of SIGKILL
crypto: lrw - Fix out-of bounds access on counter overflow
ima: fix showing large 'violations' or 'runtime_measurements_count'
hugetlbfs: dirty pages as they are added to pagecache
kbuild: fix kernel/bounds.c 'W=1' warning
iio: adc: at91: fix acking DRDY irq on simple conversions
iio: adc: at91: fix wrong channel number in triggered buffer mode
w1: omap-hdq: fix missing bus unregister at removal
smb3: allow stats which track session and share reconnects to be reset
smb3: do not attempt cifs operation in smb3 query info error path
smb3: on kerberos mount if server doesn't specify auth type use krb5
printk: Fix panic caused by passing log_buf_len to command line
genirq: Fix race on spurious interrupt detection
NFSv4.1: Fix the r/wsize checking
nfsd: Fix an Oops in free_session()
lockd: fix access beyond unterminated strings in prints
dm ioctl: harden copy_params()'s copy_from_user() from malicious users
powerpc/msi: Fix compile error on mpc83xx
MIPS: OCTEON: fix out of bounds array access on CN68XX
TC: Set DMA masks for devices
kgdboc: Passing ekgdboc to command line causes panic
xen: fix xen_qlock_wait()
media: em28xx: use a default format if TRY_FMT fails
media: em28xx: fix input name for Terratec AV 350
media: em28xx: make v4l2-compliance happier by starting sequence on zero
ext4: avoid running out of journal credits when appending to an inline file
Cramfs: fix abad comparison when wrap-arounds occur
arm64: dts: stratix10: Correct System Manager register size
soc/tegra: pmc: Fix child-node lookup
btrfs: Handle owner mismatch gracefully when walking up tree
btrfs: locking: Add extra check in btrfs_init_new_buffer() to avoid deadlock
btrfs: iterate all devices during trim, instead of fs_devices::alloc_list
btrfs: don't attempt to trim devices that don't support it
btrfs: wait on caching when putting the bg cache
btrfs: reset max_extent_size on clear in a bitmap
btrfs: make sure we create all new block groups
Btrfs: fix wrong dentries after fsync of file that got its parent replaced
btrfs: qgroup: Dirty all qgroups before rescan
Btrfs: fix null pointer dereference on compressed write path error
btrfs: set max_extent_size properly
MD: fix invalid stored role for a disk - try2
tty: check name length in tty_find_polling_driver()
powerpc/nohash: fix undefined behaviour when testing page size support
drm/omap: fix memory barrier bug in DMM driver
media: pci: cx23885: handle adding to list failure
MIPS: kexec: Mark CPU offline before disabling local IRQ
powerpc/boot: Ensure _zimage_start is a weak symbol
sc16is7xx: Fix for multi-channel stall
media: tvp5150: fix width alignment during set_selection()
9p locks: fix glock.client_id leak in do_lock
9p: clear dangling pointers in p9stat_free
cdrom: fix improper type cast, which can leat to information leak.
scsi: qla2xxx: Fix incorrect port speed being set for FC adapters
fuse: Fix use-after-free in fuse_dev_do_read()
fuse: Fix use-after-free in fuse_dev_do_write()
fuse: fix blocked_waitq wakeup
fuse: set FR_SENT while locked
mm, elf: handle vm_brk error
binfmt_elf: fix calculations for bss padding
mm: refuse wrapped vm_brk requests
fs, elf: make sure to page align bss in load_elf_library
mm: do not bug_on on incorrect length in __mm_populate()
e1000: avoid null pointer dereference on invalid stat type
e1000: fix race condition between e1000_down() and e1000_watchdog
bna: ethtool: Avoid reading past end of buffer
MIPS: Loongson-3: Fix CPU UART irq delivery problem
MIPS: Loongson-3: Fix BRIDGE irq delivery problem
xtensa: add NOTES section to the linker script
xtensa: make sure bFLT stack is 16 byte aligned
xtensa: fix boot parameters address translation
clk: s2mps11: Fix matching when built as module and DT node contains compatible
libceph: bump CEPH_MSG_MAX_DATA_LEN
mach64: fix display corruption on big endian machines
mach64: fix image corruption due to reading accelerator registers
vhost/scsi: truncate T10 PI iov_iter to prot_bytes
ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry
mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings
mtd: docg3: don't set conflicting BCH_CONST_PARAMS option
termios, tty/tty_baudrate.c: fix buffer overrun
arch/alpha, termios: implement BOTHER, IBSHIFT and termios2
Btrfs: fix data corruption due to cloning of eof block
clockevents/drivers/i8253: Add support for PIT shutdown quirk
ext4: add missing brelse() update_backups()'s error path
ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path
ext4: add missing brelse() add_new_gdb_meta_bg()'s error path
ext4: avoid potential extra brelse in setup_new_flex_group_blocks()
ext4: fix possible inode leak in the retry loop of ext4_resize_fs()
ext4: avoid buffer leak in ext4_orphan_add() after prior errors
ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing
ext4: avoid possible double brelse() in add_new_gdb() on error path
ext4: fix possible leak of sbi->s_group_desc_leak in error path
ext4: release bs.bh before re-using in ext4_xattr_block_find()
ext4: fix buffer leak in ext4_xattr_move_to_block() on error path
ext4: fix buffer leak in __ext4_read_dirblock() on error path
mount: Retest MNT_LOCKED in do_umount
mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts
mount: Prevent MNT_DETACH from disconnecting locked mounts
sunrpc: correct the computation for page_ptr when truncating
rtc: hctosys: Add missing range error reporting
fuse: fix leaked notify reply
configfs: replace strncpy with memcpy
hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444!
mm: migration: fix migration of huge PMD shared pages
drm/rockchip: Allow driver to be shutdown on reboot/kexec
drm/dp_mst: Check if primary mstb is null
drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values
Linux 4.4.164
Change-Id: I55f9e5e33efd8c8ae2609d2393696c810f49f33e
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
|
commit 6503493145cba4413ecd3d4d153faeef4a1e9b85 upstream.
HDMI 2.0 594Mhz modes were incorrectly selecting 25.200Mhz Automatic N value
mode instead of HDMI specification values.
V2: Fix 88.2 Hz N value
Cc: Jani Nikula <jani.nikula@linux.intel.com>
Cc: stable@vger.kernel.org
Signed-off-by: Clint Taylor <clinton.a.taylor@intel.com>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/1540493521-1746-2-git-send-email-clinton.a.taylor@intel.com
(cherry picked from commit 5a400aa3c562c4a726b4da286e63c96db905ade1)
Signed-off-by: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit 23d8003907d094f77cf959228e2248d6db819fa7 upstream.
Unfortunately drm_dp_get_mst_branch_device which is called from both
drm_dp_mst_handle_down_rep and drm_dp_mst_handle_up_rep seem to rely
on that mgr->mst_primary is not NULL, which seem to be wrong as it can be
cleared with simultaneous mode set, if probing fails or in other case.
mgr->lock mutex doesn't protect against that as it might just get
assigned to NULL right before, not simultaneously.
There are currently bugs 107738, 108616 bugs which crash in
drm_dp_get_mst_branch_device, caused by this issue.
v2: Refactored the code, as it was nicely noticed.
Fixed Bugzilla bug numbers(second was 108616, but not 108816)
and added links.
[changed title and added stable cc]
Signed-off-by: Lyude Paul <lyude@redhat.com>
Signed-off-by: Stanislav Lisovskiy <stanislav.lisovskiy@intel.com>
Cc: stable@vger.kernel.org
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=108616
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=107738
Link: https://patchwork.freedesktop.org/patch/msgid/20181109090012.24438-1-stanislav.lisovskiy@intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit 7f3ef5dedb146e3d5063b6845781ad1bb59b92b5 upstream.
Leaving the DRM driver enabled on reboot or kexec has the annoying
effect of leaving the display generating transactions whilst the
IOMMU has been shut down.
In turn, the IOMMU driver (which shares its interrupt line with
the VOP) starts warning either on shutdown or when entering the
secondary kernel in the kexec case (nothing is expected on that
front).
A cheap way of ensuring that things are nicely shut down is to
register a shutdown callback in the platform driver.
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Tested-by: Vicente Bergas <vicencb@gmail.com>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20180805124807.18169-1-marc.zyngier@arm.com
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit 7ce9a992ffde8ce93d5ae5767362a5c7389ae895 upstream.
Fix an issue with the 32-bit range error path in `rtc_hctosys' where no
error code is set and consequently the successful preceding call result
from `rtc_read_time' is propagated to `rtc_hctosys_ret'. This in turn
makes any subsequent call to `hctosys_show' incorrectly report in sysfs
that the system time has been set from this RTC while it has not.
Set the error to ERANGE then if we can't express the result due to an
overflow.
Signed-off-by: Maciej W. Rozycki <macro@linux-mips.org>
Fixes: b3a5ac42ab18 ("rtc: hctosys: Ensure system time doesn't overflow time_t")
Cc: stable@vger.kernel.org # 4.17+
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit 35b69a420bfb56b7b74cb635ea903db05e357bec upstream.
Add support for platforms where pit_shutdown() doesn't work because of a
quirk in the PIT emulation. On these platforms setting the counter register
to zero causes the PIT to start running again, negating the shutdown.
Provide a global variable that controls whether the counter register is
zero'ed, which platform specific code can override.
Signed-off-by: Michael Kelley <mikelley@microsoft.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: "gregkh@linuxfoundation.org" <gregkh@linuxfoundation.org>
Cc: "devel@linuxdriverproject.org" <devel@linuxdriverproject.org>
Cc: "daniel.lezcano@linaro.org" <daniel.lezcano@linaro.org>
Cc: "virtualization@lists.linux-foundation.org" <virtualization@lists.linux-foundation.org>
Cc: "jgross@suse.com" <jgross@suse.com>
Cc: "akataria@vmware.com" <akataria@vmware.com>
Cc: "olaf@aepfle.de" <olaf@aepfle.de>
Cc: "apw@canonical.com" <apw@canonical.com>
Cc: vkuznets <vkuznets@redhat.com>
Cc: "jasowang@redhat.com" <jasowang@redhat.com>
Cc: "marcelo.cerri@canonical.com" <marcelo.cerri@canonical.com>
Cc: KY Srinivasan <kys@microsoft.com>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/1541303219-11142-2-git-send-email-mikelley@microsoft.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit 991a25194097006ec1e0d2e0814ff920e59e3465 upstream.
On architectures with CBAUDEX == 0 (Alpha and PowerPC), the code in tty_baudrate.c does
not do any limit checking on the tty_baudrate[] array, and in fact a
buffer overrun is possible on both architectures. Add a limit check to
prevent that situation.
This will be followed by a much bigger cleanup/simplification patch.
Signed-off-by: H. Peter Anvin (Intel) <hpa@zytor.com>
Requested-by: Cc: Johan Hovold <johan@kernel.org>
Cc: Jiri Slaby <jslaby@suse.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
Cc: Matt Turner <mattst88@gmail.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Kate Stewart <kstewart@linuxfoundation.org>
Cc: Philippe Ombredanne <pombredanne@nexb.com>
Cc: Eugene Syromiatnikov <esyr@redhat.com>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit be2e1c9dcf76886a83fb1c433a316e26d4ca2550 upstream.
I noticed during the creation of another bugfix that the BCH_CONST_PARAMS
option that is set by DOCG3 breaks setting variable parameters for any
other users of the BCH library code.
The only other user we have today is the MTD_NAND software BCH
implementation (most flash controllers use hardware BCH these days
and are not affected). I considered removing BCH_CONST_PARAMS entirely
because of the inherent conflict, but according to the description in
lib/bch.c there is a significant performance benefit in keeping it.
To avoid the immediate problem of the conflict between MTD_NAND_BCH
and DOCG3, this only sets the constant parameters if MTD_NAND_BCH
is disabled, which should fix the problem for all cases that
are affected. This should also work for all stable kernels.
Note that there is only one machine that actually seems to use the
DOCG3 driver (arch/arm/mach-pxa/mioa701.c), so most users should have
the driver disabled, but it almost certainly shows up if we wanted
to test random kernels on machines that use software BCH in MTD.
Fixes: d13d19ece39f ("mtd: docg3: add ECC correction code")
Cc: stable@vger.kernel.org
Cc: Robert Jarzmik <robert.jarzmik@free.fr>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|