commit a777e9dd40fe85dfd0cc5cb2b6c22a9cd1d08c0d
Author: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon Nov 25 09:53:54 2019 +0100
Linux 4.9.203
commit 9f03d16a950524587640ea2678026824e0f63c59
Author: Pavel Tatashin <pasha.tatashin@soleen.com>
Date: Tue Nov 19 17:10:06 2019 -0500
arm64: uaccess: Ensure PAN is re-enabled after unhandled uaccess fault
commit 94bb804e1e6f0a9a77acf20d7c70ea141c6c821e upstream.
A number of our uaccess routines ('__arch_clear_user()' and
'__arch_copy_{in,from,to}_user()') fail to re-enable PAN if they
encounter an unhandled fault whilst accessing userspace.
For CPUs implementing both hardware PAN and UAO, this bug has no effect
when both extensions are in use by the kernel.
For CPUs implementing hardware PAN but not UAO, this means that a kernel
using hardware PAN may execute portions of code with PAN inadvertently
disabled, opening us up to potential security vulnerabilities that rely
on userspace access from within the kernel which would usually be
prevented by this mechanism. In other words, parts of the kernel run the
same way as they would on a CPU without PAN implemented/emulated at all.
For CPUs not implementing hardware PAN and instead relying on software
emulation via 'CONFIG_ARM64_SW_TTBR0_PAN=y', the impact is unfortunately
much worse. Calling 'schedule()' with software PAN disabled means that
the next task will execute in the kernel using the page-table and ASID
of the previous process even after 'switch_mm()', since the actual
hardware switch is deferred until return to userspace. At this point, or
if there is a intermediate call to 'uaccess_enable()', the page-table
and ASID of the new process are installed. Sadly, due to the changes
introduced by KPTI, this is not an atomic operation and there is a very
small window (two instructions) where the CPU is configured with the
page-table of the old task and the ASID of the new task; a speculative
access in this state is disastrous because it would corrupt the TLB
entries for the new task with mappings from the previous address space.
As Pavel explains:
| I was able to reproduce memory corruption problem on Broadcom's SoC
| ARMv8-A like this:
|
| Enable software perf-events with PERF_SAMPLE_CALLCHAIN so userland's
| stack is accessed and copied.
|
| The test program performed the following on every CPU and forking
| many processes:
|
| unsigned long *map = mmap(NULL, PAGE_SIZE, PROT_READ|PROT_WRITE,
| MAP_SHARED | MAP_ANONYMOUS, -1, 0);
| map[0] = getpid();
| sched_yield();
| if (map[0] != getpid()) {
| fprintf(stderr, "Corruption detected!");
| }
| munmap(map, PAGE_SIZE);
|
| From time to time I was getting map[0] to contain pid for a
| different process.
Ensure that PAN is re-enabled when returning after an unhandled user
fault from our uaccess routines.
Cc: Catalin Marinas <catalin.marinas@arm.com>
Reviewed-by: Mark Rutland <mark.rutland@arm.com>
Tested-by: Mark Rutland <mark.rutland@arm.com>
Cc: <stable@vger.kernel.org>
Fixes: 338d4f49d6f7 ("arm64: kernel: Add support for Privileged Access Never")
Signed-off-by: Pavel Tatashin <pasha.tatashin@soleen.com>
[will: rewrote commit message]
[will: backport for 4.9.y stable kernels]
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 086270db26c6bb03eb4eab06172d4e1a8bcae2db
Author: Roger Quadros <rogerq@ti.com>
Date: Wed Dec 5 19:27:44 2018 +0200
ARM: dts: omap5: Fix dual-role mode on Super-Speed port
[ Upstream commit a763ecc15d0e37c3a15ff6825183061209832685 ]
OMAP5's Super-Speed USB port has a software mailbox register
that needs to be fed with VBUS and ID events from an external
VBUS/ID comparator.
Without this, Host role will not work correctly.
Fixes: 656c1a65ab55 ("ARM: dts: omap5: enable OTG role for DWC3 controller")
Reported-by: H. Nikolaus Schaller <hns@goldelico.com>
Signed-off-by: Roger Quadros <rogerq@ti.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit c5e007b469c9b62807334504f79c3ca100a69a92
Author: Huibin Hong <huibin.hong@rock-chips.com>
Date: Wed Oct 10 11:00:32 2018 +0200
spi: rockchip: initialize dma_slave_config properly
[ Upstream commit dd8fd2cbc73f8650f651da71fc61a6e4f30c1566 ]
The rxconf and txconf structs are allocated on the
stack, so make sure we zero them before filling out
the relevant fields.
Signed-off-by: Huibin Hong <huibin.hong@rock-chips.com>
Signed-off-by: Emil Renner Berthing <kernel@esmil.dk>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit be5c4025706d3e5d558f80fd52ab2c0dc9b5419c
Author: Felix Fietkau <nbd@nbd.name>
Date: Sat Oct 6 19:35:04 2018 +0200
mac80211: minstrel: fix CCK rate group streams value
[ Upstream commit 80df9be67c44cb636bbc92caeddad8caf334c53c ]
Fixes a harmless underflow issue when CCK rates are actively being used
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit b8199f6a79919919fe043f719baffab13c585bf0
Author: zhong jiang <zhongjiang@huawei.com>
Date: Thu Oct 4 13:02:53 2018 +0800
misc: cxl: Fix possible null pointer dereference
[ Upstream commit 3dac3583bf1a61db6aaf31dfd752c677a4400afd ]
It is not safe to dereference an object before a null test. It is
not needed and just remove them. Ftrace can be used instead.
Signed-off-by: zhong jiang <zhongjiang@huawei.com>
Acked-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
Acked-by: Frederic Barrat <fbarrat@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit f3c5e428e08b6e40c9c1f2972ae1f78ab5b4e5c2
Author: Nicolin Chen <nicoleotsuka@gmail.com>
Date: Sat Sep 29 14:44:06 2018 -0700
hwmon: (ina3221) Fix INA3221_CONFIG_MODE macros
[ Upstream commit 791ebc9d34e9d212fc03742c31654b017d385926 ]
The three INA3221_CONFIG_MODE macros are not correctly defined here.
The MODE3-1 bits are located at BIT 2-0 according to the datasheet.
So this patch just fixes them by shifting all of them with a correct
offset. However, this isn't a crital bug fix as the driver does not
use any of them at this point.
Signed-off-by: Nicolin Chen <nicoleotsuka@gmail.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 67592f93ee50b335cf15da64a5221b166a703aba
Author: Thierry Reding <treding@nvidia.com>
Date: Fri Sep 21 12:10:47 2018 +0200
hwmon: (pwm-fan) Silence error on probe deferral
[ Upstream commit 9f67f7583e77fe5dc57aab3a6159c2642544eaad ]
Probe deferrals aren't actual errors, so silence the error message in
case the PWM cannot yet be acquired.
Signed-off-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 4c549f443b2f532023690b49f2e5444eac9b75fc
Author: Colin Ian King <colin.king@canonical.com>
Date: Wed Sep 5 15:54:01 2018 +0100
orangefs: rate limit the client not running info message
[ Upstream commit 2978d873471005577e7b68a528b4f256a529b030 ]
Currently accessing various /sys/fs/orangefs files will spam the
kernel log with the following info message when the client is not
running:
[ 491.489284] sysfs_service_op_show: Client not running :-5:
Rate limit this info message to make it less spammy.
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Mike Marshall <hubcap@omnibond.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 522442b30b124df2056004766872a99636d7745b
Author: Timothy E Baldwin <T.E.Baldwin99@members.leeds.ac.uk>
Date: Mon Oct 8 19:26:48 2018 +0100
ARM: 8802/1: Call syscall_trace_exit even when system call skipped
[ Upstream commit f18aef742c8fbd68e280dff0a63ba0ca6ee8ad85 ]
On at least x86 and ARM64, and as documented in the ptrace man page
a skipped system call will still cause a syscall exit ptrace stop.
Previous to this commit 32-bit ARM did not, resulting in strace
being confused when seccomp skips system calls.
This change also impacts programs that use ptrace to skip system calls.
Fixes: ad75b51459ae ("ARM: 7579/1: arch/allow a scno of -1 to not cause a SIGILL")
Signed-off-by: Timothy E Baldwin <T.E.Baldwin99@members.leeds.ac.uk>
Signed-off-by: Eugene Syromyatnikov <evgsyr@gmail.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Tested-by: Kees Cook <keescook@chromium.org>
Tested-by: Eugene Syromyatnikov <evgsyr@gmail.com>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 2aa7816390d83f72d0e8e7c79b55bb653254bee6
Author: Trent Piepho <tpiepho@impinj.com>
Date: Thu Sep 20 19:18:34 2018 +0000
spi: spidev: Fix OF tree warning logic
[ Upstream commit 605b3bec73cbd74b4ac937b580cd0b47d1300484 ]
spidev will make a big fuss if a device tree node binds a device by
using "spidev" as the node's compatible property.
However, the logic for this isn't looking for "spidev" in the
compatible, but rather checking that the device is NOT compatible with
spidev's list of devices.
This causes a false positive if a device not named "rohm,dh2228fv", etc.
binds to spidev, even if a means other than putting "spidev" in the
device tree was used. E.g., the sysfs driver_override attribute.
Signed-off-by: Trent Piepho <tpiepho@impinj.com>
Reviewed-by: Jan Kundrát <jan.kundrat@cesnet.cz>
Tested-by: Jan Kundrát <jan.kundrat@cesnet.cz>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 054bdd2855a3b8319390870613017cc97dda710b
Author: Marek Vasut <marex@denx.de>
Date: Thu Oct 4 00:52:52 2018 +0200
gpio: syscon: Fix possible NULL ptr usage
[ Upstream commit 70728c29465bc4bfa7a8c14304771eab77e923c7 ]
The priv->data->set can be NULL while flags contains GPIO_SYSCON_FEAT_OUT
and chip->set is valid pointer. This happens in case the controller uses
the default GPIO setter. Always use chip->set to access the setter to avoid
possible NULL pointer dereferencing.
Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit ad04aadb0bc923519820c8132b20911e7ef0e78b
Author: Bjorn Helgaas <bhelgaas@google.com>
Date: Thu Sep 27 09:21:55 2018 -0500
x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error
[ Upstream commit 51fbf14f2528a8c6401290e37f1c893a2412f1d3 ]
The only use of KEXEC_BACKUP_SRC_END is as an argument to
walk_system_ram_res():
int crash_load_segments(struct kimage *image)
{
...
walk_system_ram_res(KEXEC_BACKUP_SRC_START, KEXEC_BACKUP_SRC_END,
image, determine_backup_region);
walk_system_ram_res() expects "start, end" arguments that are inclusive,
i.e., the range to be walked includes both the start and end addresses.
KEXEC_BACKUP_SRC_END was previously defined as (640 * 1024UL), which is the
first address *past* the desired 0-640KB range.
Define KEXEC_BACKUP_SRC_END as (640 * 1024UL - 1) so the KEXEC_BACKUP_SRC
region is [0-0x9ffff], not [0-0xa0000].
Fixes: dd5f726076cc ("kexec: support for kexec on panic using new system call")
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
CC: "H. Peter Anvin" <hpa@zytor.com>
CC: Andrew Morton <akpm@linux-foundation.org>
CC: Brijesh Singh <brijesh.singh@amd.com>
CC: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
CC: Ingo Molnar <mingo@redhat.com>
CC: Lianbo Jiang <lijiang@redhat.com>
CC: Takashi Iwai <tiwai@suse.de>
CC: Thomas Gleixner <tglx@linutronix.de>
CC: Tom Lendacky <thomas.lendacky@amd.com>
CC: Vivek Goyal <vgoyal@redhat.com>
CC: baiyaowei@cmss.chinamobile.com
CC: bhe@redhat.com
CC: dan.j.williams@intel.com
CC: dyoung@redhat.com
CC: kexec@lists.infradead.org
Link: http://lkml.kernel.org/r/153805811578.1157.6948388946904655969.stgit@bhelgaas-glaptop.roam.corp.google.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 97fe3401a6b8475f86bd49b8e4613413e601a109
Author: Colin Ian King <colin.king@canonical.com>
Date: Sat Oct 6 14:01:42 2018 -0400
media: cx231xx: fix potential sign-extension overflow on large shift
[ Upstream commit 32ae592036d7aeaabcccb2b1715373a68639a768 ]
Shifting the u8 value[3] by an int can lead to sign-extension
overflow. For example, if value[3] is 0xff and the shift is 24 then it
is promoted to int and then the top bit is sign-extended so that all
upper 32 bits are set. Fix this by casting value[3] to a u32 before
the shift.
Detected by CoverityScan, CID#1016522 ("Unintended sign extension")
Fixes: e0d3bafd0258 ("V4L/DVB (10954): Add cx231xx USB driver")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 5387916931cd2b2f7965d7318d7791ee30baf0af
Author: Tim Smith <tim.smith@citrix.com>
Date: Mon Oct 8 12:15:40 2018 -0500
GFS2: Flush the GFS2 delete workqueue before stopping the kernel threads
[ Upstream commit 1eb8d7387908022951792a46fa040ad3942b3b08 ]
Flushing the workqueue can cause operations to happen which might
call gfs2_log_reserve(), or get stuck waiting for locks taken by such
operations. gfs2_log_reserve() can io_schedule(). If this happens, it
will never wake because the only thing which can wake it is gfs2_logd()
which was already stopped.
This causes umount of a gfs2 filesystem to wedge permanently if, for
example, the umount immediately follows a large delete operation.
When this occured, the following stack trace was obtained from the
umount command
[<ffffffff81087968>] flush_workqueue+0x1c8/0x520
[<ffffffffa0666e29>] gfs2_make_fs_ro+0x69/0x160 [gfs2]
[<ffffffffa0667279>] gfs2_put_super+0xa9/0x1c0 [gfs2]
[<ffffffff811b7edf>] generic_shutdown_super+0x6f/0x100
[<ffffffff811b7ff7>] kill_block_super+0x27/0x70
[<ffffffffa0656a71>] gfs2_kill_sb+0x71/0x80 [gfs2]
[<ffffffff811b792b>] deactivate_locked_super+0x3b/0x70
[<ffffffff811b79b9>] deactivate_super+0x59/0x60
[<ffffffff811d2998>] cleanup_mnt+0x58/0x80
[<ffffffff811d2a12>] __cleanup_mnt+0x12/0x20
[<ffffffff8108c87d>] task_work_run+0x7d/0xa0
[<ffffffff8106d7d9>] exit_to_usermode_loop+0x73/0x98
[<ffffffff81003961>] syscall_return_slowpath+0x41/0x50
[<ffffffff815a594c>] int_ret_from_sys_call+0x25/0x8f
[<ffffffffffffffff>] 0xffffffffffffffff
Signed-off-by: Tim Smith <tim.smith@citrix.com>
Signed-off-by: Mark Syms <mark.syms@citrix.com>
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 0419fe5b7fed909853c53a81bb401fe268a362d4
Author: Wenwen Wang <wang6495@umn.edu>
Date: Thu Oct 4 11:44:02 2018 -0400
media: isif: fix a NULL pointer dereference bug
[ Upstream commit a26ac6c1bed951b2066cc4b2257facd919e35c0b ]
In isif_probe(), there is a while loop to get the ISIF base address and
linearization table0 and table1 address. In the loop body, the function
platform_get_resource() is called to get the resource. If
platform_get_resource() returns NULL, the loop is terminated and the
execution goes to 'fail_nobase_res'. Suppose the loop is terminated at the
first iteration because platform_get_resource() returns NULL and the
execution goes to 'fail_nobase_res'. Given that there is another while loop
at 'fail_nobase_res' and i equals to 0, one iteration of the second while
loop will be executed. However, the second while loop does not check the
return value of platform_get_resource(). This can cause a NULL pointer
dereference bug if the return value is a NULL pointer.
This patch avoids the above issue by adding a check in the second while
loop after the call to platform_get_resource().
Signed-off-by: Wenwen Wang <wang6495@umn.edu>
Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 089d475a4cdb5848998b3cb37e545413ed054784
Author: He Zhe <zhe.he@windriver.com>
Date: Sun Sep 30 00:45:53 2018 +0800
printk: Give error on attempt to set log buffer length to over 2G
[ Upstream commit e6fe3e5b7d16e8f146a4ae7fe481bc6e97acde1e ]
The current printk() is ready to handle log buffer size up to 2G.
Give an explicit error for users who want to use larger log buffer.
Also fix printk formatting to show the 2G as a positive number.
Link: http://lkml.kernel.org/r/20181008135916.gg4kkmoki5bgtco5@pathway.suse.cz
Cc: rostedt@goodmis.org
Cc: linux-kernel@vger.kernel.org
Suggested-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Signed-off-by: He Zhe <zhe.he@windriver.com>
Reviewed-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
[pmladek: Fixed to the really safe limit 2GB.]
Signed-off-by: Petr Mladek <pmladek@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 8bda8034e0ed45c51843777f0cab1e560a97bd3a
Author: Vignesh R <vigneshr@ti.com>
Date: Sat Jun 30 16:03:16 2018 +0530
mfd: ti_am335x_tscadc: Keep ADC interface on if child is wakeup capable
[ Upstream commit c974ac771479327b5424f60d58845e31daddadea ]
If a child device like touchscreen is wakeup capable, then keep ADC
interface on, so that a touching resistive screen will generate wakeup
event to the system.
Signed-off-by: Vignesh R <vigneshr@ti.com>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 1a103006eb3c61b21fbd49676a361f71b08d7e8a
Author: Nathan Chancellor <natechancellor@gmail.com>
Date: Fri Sep 21 13:21:31 2018 -0700
backlight: lm3639: Unconditionally call led_classdev_unregister
[ Upstream commit 7cea645ae9c5a54aa7904fddb2cdf250acd63a6c ]
Clang warns that the address of a pointer will always evaluated as true
in a boolean context.
drivers/video/backlight/lm3639_bl.c:403:14: warning: address of
'pchip->cdev_torch' will always evaluate to 'true'
[-Wpointer-bool-conversion]
if (&pchip->cdev_torch)
~~ ~~~~~~~^~~~~~~~~~
drivers/video/backlight/lm3639_bl.c:405:14: warning: address of
'pchip->cdev_flash' will always evaluate to 'true'
[-Wpointer-bool-conversion]
if (&pchip->cdev_flash)
~~ ~~~~~~~^~~~~~~~~~
2 warnings generated.
These statements have been present since 2012, introduced by
commit 0f59858d5119 ("backlight: add new lm3639 backlight
driver"). Given that they have been called unconditionally since
then presumably without any issues, removing the always true if
statements to fix the warnings without any real world changes.
Link: https://github.com/ClangBuiltLinux/linux/issues/119
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Reviewed-by: Daniel Thompson <daniel.thompson@linaro.org>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 45d90b93ce95c4db28ad7b8e7cb8606211bc1508
Author: Borislav Petkov <bp@suse.de>
Date: Mon Oct 8 10:05:20 2018 +0200
proc/vmcore: Fix i386 build error of missing copy_oldmem_page_encrypted()
[ Upstream commit cf089611f4c446285046fcd426d90c18f37d2905 ]
Lianbo reported a build error with a particular 32-bit config, see Link
below for details.
Provide a weak copy_oldmem_page_encrypted() function which architectures
can override, in the same manner other functionality in that file is
supplied.
Reported-by: Lianbo Jiang <lijiang@redhat.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
CC: x86@kernel.org
Link: http://lkml.kernel.org/r/710b9d95-2f70-eadf-c4a1-c3dc80ee4ebb@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit d17a2b737d73c6e7f289fecce0bb144569866d50
Author: Vasily Gorbik <gor@linux.ibm.com>
Date: Fri Nov 17 13:02:36 2017 +0100
s390/kasan: avoid vdso instrumentation
[ Upstream commit 348498458505e202df41b6b9a78da448d39298b7 ]
vdso is mapped into user space processes, which won't have kasan
shodow mapped.
Reviewed-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 7919356b728a59987952b9ce71f2ba21ae4c1bf9
Author: Shenghui Wang <shhuiw@foxmail.com>
Date: Mon Oct 8 20:41:15 2018 +0800
bcache: recal cached_dev_sectors on detach
[ Upstream commit 46010141da6677b81cc77f9b47f8ac62bd1cbfd3 ]
Recal cached_dev_sectors on cached_dev detached, as recal done on
cached_dev attached.
Update the cached_dev_sectors before bcache_device_detach called
as bcache_device_detach will set bcache_device->c to NULL.
Signed-off-by: Shenghui Wang <shhuiw@foxmail.com>
Signed-off-by: Coly Li <colyli@suse.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 1012e97fb04ef5fc6728ddc304c1387f6a704547
Author: Geert Uytterhoeven <geert+renesas@glider.be>
Date: Mon Oct 8 13:14:35 2018 +0200
reset: Fix potential use-after-free in __of_reset_control_get()
[ Upstream commit b790c8ea5593d6dc3580adfad8e117eeb56af874 ]
Calling of_node_put() decreases the reference count of a device tree
object, and may free some data.
However, the of_phandle_args structure embedding it is passed to
reset_controller_dev.of_xlate() after that, so it may still be accessed.
Move the call to of_node_put() down to fix this.
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
[p.zabel@pengutronix.de: moved of_node_put after mutex_unlock]
Signed-off-by: Philipp Zabel <p.zabel@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 8077c98ce4c154d2f4dfcabb775daab4f8a3f421
Author: Dan Carpenter <dan.carpenter@oracle.com>
Date: Mon Oct 8 12:57:36 2018 +0200
fbdev: sbuslib: integer overflow in sbusfb_ioctl_helper()
[ Upstream commit e5017716adb8aa5c01c52386c1b7470101ffe9c5 ]
The "index + count" addition can overflow. Both come directly from the
user. This bug leads to an information leak.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Peter Malone <peter.malone@gmail.com>
Cc: Philippe Ombredanne <pombredanne@nexb.com>
Cc: Mathieu Malaterre <malat@debian.org>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit e6bb4dca56e88a78a344c4a4888992874da3d2a1
Author: Dan Carpenter <dan.carpenter@oracle.com>
Date: Mon Oct 8 12:57:36 2018 +0200
fbdev: sbuslib: use checked version of put_user()
[ Upstream commit d8bad911e5e55e228d59c0606ff7e6b8131ca7bf ]
I'm not sure why the code assumes that only the first put_user() needs
an access_ok() check. I have made all the put_user() and get_user()
calls checked.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Philippe Ombredanne <pombredanne@nexb.com>
Cc: Mathieu Malaterre <malat@debian.org>
Cc: Peter Malone <peter.malone@gmail.com>,
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 28818451a7695d9ae4ee6b783482e64a006ab60c
Author: Sara Sharon <sara.sharon@intel.com>
Date: Sun Jul 1 14:52:06 2018 +0300
iwlwifi: mvm: don't send keys when entering D3
[ Upstream commit 8c7fd6a365eb5b2647b2c01918730d0a485b9f85 ]
In the past, we needed to program the keys when entering D3. This was
since we replaced the image. However, now that there is a single
image, this is no longer needed. Note that RSC is sent separately in
a new command. This solves issues with newer devices that support PN
offload. Since driver re-sent the keys, the PN got zeroed and the
receiver dropped the next packets, until PN caught up again.
Signed-off-by: Sara Sharon <sara.sharon@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 2b6440486cc363d004be237b23c90f346506f1d7
Author: Ronald Tschalär <ronald@innovation.ch>
Date: Sun Sep 30 19:53:13 2018 -0700
ACPI / SBS: Fix rare oops when removing modules
[ Upstream commit 757c968c442397f1249bb775a7c8c03842e3e0c7 ]
There was a small race when removing the sbshc module where
smbus_alarm() had queued acpi_smbus_callback() for deferred execution
but it hadn't been run yet, so that when it did run hc had been freed
and the module unloaded, resulting in an invalid paging request.
A similar race existed when removing the sbs module with regards to
acpi_sbs_callback() (which is called from acpi_smbus_callback()).
We therefore need to ensure no callbacks are pending or executing before
the cleanups are done and the modules are removed.
Signed-off-by: Ronald Tschalär <ronald@innovation.ch>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit eae3abcef178e8adec3dac62acd813187a0a8571
Author: Radu Solea <radu.solea@nxp.com>
Date: Tue Oct 2 19:01:52 2018 +0000
crypto: mxs-dcp - Fix AES issues
[ Upstream commit fadd7a6e616b89c7f4f7bfa7b824f290bab32c3c ]
The DCP driver does not obey cryptlen, when doing android CTS this
results in passing to hardware input stream lengths which are not
multiple of block size.
Add a check to prevent future erroneous stream lengths from reaching the
hardware and adjust the scatterlist walking code to obey cryptlen.
Also properly copy-out the IV for chaining.
Signed-off-by: Radu Solea <radu.solea@nxp.com>
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
Signed-off-by: Leonard Crestez <leonard.crestez@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit df1ef6f3c9ada27e624fc7ab445e6635ff527073
Author: Radu Solea <radu.solea@nxp.com>
Date: Tue Oct 2 19:01:50 2018 +0000
crypto: mxs-dcp - Fix SHA null hashes and output length
[ Upstream commit c709eebaf5c5faa8a0f140355f9cfe67e8f7afb1 ]
DCP writes at least 32 bytes in the output buffer instead of hash length
as documented. Add intermediate buffer to prevent write out of bounds.
When requested to produce null hashes DCP fails to produce valid output.
Add software workaround to bypass hardware and return valid output.
Signed-off-by: Radu Solea <radu.solea@nxp.com>
Signed-off-by: Leonard Crestez <leonard.crestez@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 70172bc9baab9e655e3c6c90eeb82e8482b5f955
Author: Borislav Petkov <bp@suse.de>
Date: Fri Oct 5 15:13:07 2018 +0200
x86/olpc: Fix build error with CONFIG_MFD_CS5535=m
[ Upstream commit fa112cf1e8bc693d5a666b1c479a2859c8b6e0f1 ]
When building a 32-bit config which has the above MFD item as module
but OLPC_XO1_PM is enabled =y - which is bool, btw - the kernel fails
building with:
ld: arch/x86/platform/olpc/olpc-xo1-pm.o: in function `xo1_pm_remove':
/home/boris/kernel/linux/arch/x86/platform/olpc/olpc-xo1-pm.c:159: undefined reference to `mfd_cell_disable'
ld: arch/x86/platform/olpc/olpc-xo1-pm.o: in function `xo1_pm_probe':
/home/boris/kernel/linux/arch/x86/platform/olpc/olpc-xo1-pm.c:133: undefined reference to `mfd_cell_enable'
make: *** [Makefile:1030: vmlinux] Error 1
Force MFD_CS5535 to y if OLPC_XO1_PM is enabled.
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: Lubomir Rintel <lkundrak@v3.sk>
Cc: x86@kernel.org
Link: http://lkml.kernel.org/r/20181005131750.GA5366@zn.tnic
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit a896200ebdffa925f7b4dc4ae7f9fe0e0f920790
Author: Julian Sax <jsbc@gmx.de>
Date: Fri Oct 5 11:48:31 2018 -0700
Input: silead - try firmware reload after unsuccessful resume
[ Upstream commit dde27443211062e841806feaf690674b7c3a599f ]
A certain silead controller (Chip ID: 0x56810000) loses its firmware
after suspend, causing the resume to fail. This patch tries to load
the firmware, should a resume error occur and retries the resuming.
Signed-off-by: Julian Sax <jsbc@gmx.de>
Acked-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit e031f0a8da1cdb358d63c2081c17e149fa898f94
Author: Martin Kepplinger <martink@posteo.de>
Date: Fri Oct 5 11:44:45 2018 -0700
Input: st1232 - set INPUT_PROP_DIRECT property
[ Upstream commit 20bbb312079494a406c10c90932e3c80837c9d94 ]
This is how userspace checks for touchscreen devices most reliably.
Signed-off-by: Martin Kepplinger <martink@posteo.de>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 87fc52e97f62e5219de9ab8383c864dd8aa00800
Author: Rami Rosen <ramirose@gmail.com>
Date: Fri Oct 5 00:03:10 2018 +0300
dmaengine: ioat: fix prototype of ioat_enumerate_channels
[ Upstream commit f4d34aa8c887a8a2d23ef546da0efa10e3f77241 ]
Signed-off-by: Rami Rosen <ramirose@gmail.com>
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 7b98c74da2faf6ed5831d85e8a39ce7e2875201f
Author: Olga Kornievskaia <kolga@netapp.com>
Date: Thu Oct 4 14:45:00 2018 -0400
NFSv4.x: fix lock recovery during delegation recall
[ Upstream commit 44f411c353bf6d98d5a34f8f1b8605d43b2e50b8 ]
Running "./nfstest_delegation --runtest recall26" uncovers that
client doesn't recover the lock when we have an appending open,
where the initial open got a write delegation.
Instead of checking for the passed in open context against
the file lock's open context. Check that the state is the same.
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit da2397dfb2e0abcaf811bdd701d6fd02e6e95dc1
Author: Florian Fainelli <f.fainelli@gmail.com>
Date: Mon Oct 1 10:43:47 2018 -0700
i2c: brcmstb: Allow enabling the driver on DSL SoCs
[ Upstream commit e1eba2ea54a2de0e4c58d87270d25706bb77b844 ]
ARCH_BCM_63XX which is used by ARM-based DSL SoCs from Broadcom uses the
same controller, make it possible to select the STB driver and update
the Kconfig and help text a bit.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit bc3a4e8b723b326791dabf939ac49336ede85d03
Author: Marek Szyprowski <m.szyprowski@samsung.com>
Date: Tue Oct 2 13:52:10 2018 +0200
clk: samsung: Use clk_hw API for calling clk framework from clk notifiers
[ Upstream commit 1da220e3a5d22fccda0bc8542997abc1d1741268 ]
clk_notifier_register() documentation states, that the provided notifier
callbacks associated with the notifier must not re-enter into the clk
framework by calling any top-level clk APIs. Fix this by replacing
clk_get_rate() calls with clk_hw_get_rate(), which is safe in this
context.
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Sylwester Nawrocki <snawrocki@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 3b18e33c08a598e50d8875b18e13ddb729c2648e
Author: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Date: Thu Sep 27 14:59:49 2018 +0000
brcmfmac: fix full timeout waiting for action frame on-channel tx
[ Upstream commit fbf07000960d9c8a13fdc17c6de0230d681c7543 ]
The driver sends an action frame down and waits for a completion signal
triggered by the received BRCMF_E_ACTION_FRAME_OFF_CHAN_COMPLETE event
to continue the process. However, the action frame could be transmitted
either on the current channel or on an off channel. For the on-channel
case, only BRCMF_E_ACTION_FRAME_COMPLETE event will be received when
the frame is transmitted, which make the driver always wait a full
timeout duration. This patch has the completion signal be triggered by
receiving the BRCMF_E_ACTION_FRAME_COMPLETE event for the on-channel
case.
This change fixes WFA p2p certification 5.1.19 failure.
Signed-off-by: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Signed-off-by: Chi-Hsien Lin <chi-hsien.lin@cypress.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit b2143dc589d24d61ec135eb4f7a2a0d673f28d52
Author: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Date: Thu Sep 27 14:59:44 2018 +0000
brcmfmac: reduce timeout for action frame scan
[ Upstream commit edb6d6885bef82d1eac432dbeca9fbf4ec349d7e ]
Finding a common channel to send an action frame out is required for
some action types. Since a loop with several scan retry is used to find
the channel, a short wait time could be considered for each attempt.
This patch reduces the wait time from 1500 to 450 msec for each action
frame scan.
This patch fixes the WFA p2p certification 5.1.20 failure caused by the
long action frame send time.
Signed-off-by: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Signed-off-by: Chi-Hsien Lin <chi-hsien.lin@cypress.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 6270cc3754f9d94fdf42d859c1acfa5ced8ef08b
Author: Borislav Petkov <bp@suse.de>
Date: Thu Oct 4 19:22:27 2018 +0200
cpu/SMT: State SMT is disabled even with nosmt and without "=force"
[ Upstream commit d0e7d14455d41163126afecd0fcce935463cc512 ]
When booting with "nosmt=force" a message is issued into dmesg to
confirm that SMT has been force-disabled but such a message is not
issued when only "nosmt" is on the kernel command line.
Fix that.
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/20181004172227.10094-1-bp@alien8.de
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 3f3f2f4d865d36697d5976927da82cb6c6fecc9b
Author: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
Date: Thu Oct 4 15:34:45 2018 +0200
mtd: physmap_of: Release resources on error
[ Upstream commit ef0de747f7ad179c7698a5b0e28db05f18ecbf57 ]
During probe, if there was an error the memory region and the memory
map were not properly released.This can lead a system unusable if
deferred probe is in use.
Replace mem_request and map with devm_ioremap_resource
Signed-off-by: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit f62845f5a9139dd86bad0b2c51a9519fa13f3e20
Author: Johan Hovold <johan@kernel.org>
Date: Sun Sep 30 18:03:11 2018 +0200
USB: serial: cypress_m8: fix interrupt-out transfer length
[ Upstream commit 56445eef55cb5904096fed7a73cf87b755dfffc7 ]
Fix interrupt-out transfer length which was being set to the
transfer-buffer length rather than the size of the outgoing packet.
Note that no slab data was leaked as the whole transfer buffer is always
cleared before each transfer.
Fixes: 9aa8dae7b1fa ("cypress_m8: use usb_fill_int_urb where appropriate")
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 958359bb23d76f802e1ec2e4403774406bc093f4
Author: Cameron Kaiser <spectre@floodgap.com>
Date: Tue Jul 31 07:39:21 2018 -0700
KVM: PPC: Book3S PR: Exiting split hack mode needs to fixup both PC and LR
[ Upstream commit 1006284c5e411872333967b1970c2ca46a9e225f ]
When an OS (currently only classic Mac OS) is running in KVM-PR and makes a
linked jump from code with split hack addressing enabled into code that does
not, LR is not correctly updated and reflects the previously munged PC.
To fix this, this patch undoes the address munge when exiting split
hack mode so that code relying on LR being a proper address will now
execute. This does not affect OS X or other operating systems running
on KVM-PR.
Signed-off-by: Cameron Kaiser <spectre@floodgap.com>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit beac87de133ea30a65fe07506051e699abe79d38
Author: Michael Pobega <mpobega@neverware.com>
Date: Thu Oct 4 14:58:21 2018 -0400
ALSA: hda/sigmatel - Disable automute for Elo VuPoint
[ Upstream commit d153135e93a50cdb6f1b52e238909e9965b56056 ]
The Elo VuPoint 15MX has two headphone jacks of which neither work by
default. Disabling automute allows ALSA to work normally with the
speakers & left headphone jack.
Future pin configuration changes may be required in the future to get
the right headphone jack working in tandem.
Signed-off-by: Michael Pobega <mpobega@neverware.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit fff92c365433f88b24f22a0438bd841efea78ac9
Author: Nathan Chancellor <natechancellor@gmail.com>
Date: Fri Sep 21 06:00:45 2018 -0400
media: pxa_camera: Fix check for pdev->dev.of_node
[ Upstream commit 44d7f1a77d8c84f8e42789b5475b74ae0e6d4758 ]
Clang warns that the address of a pointer will always evaluated as true
in a boolean context.
drivers/media/platform/pxa_camera.c:2400:17: warning: address of
'pdev->dev.of_node' will always evaluate to 'true'
[-Wpointer-bool-conversion]
if (&pdev->dev.of_node && !pcdev->pdata) {
~~~~~~~~~~^~~~~~~ ~~
1 warning generated.
Judging from the rest of the kernel, it seems like this was an error and
just the value of of_node should be checked rather than the address.
Reported-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 7e5212afd132b2d7689ecab5dec97c79c2f989ce
Author: Nathan Chancellor <natechancellor@gmail.com>
Date: Wed Oct 3 19:37:54 2018 -0700
ata: ep93xx: Use proper enums for directions
[ Upstream commit 6adde4a36f1b6a562a1057fbb1065007851050e7 ]
Clang warns when one enumerated type is implicitly converted to another.
drivers/ata/pata_ep93xx.c:662:36: warning: implicit conversion from
enumeration type 'enum dma_data_direction' to different enumeration type
'enum dma_transfer_direction' [-Wenum-conversion]
drv_data->dma_rx_data.direction = DMA_FROM_DEVICE;
~ ^~~~~~~~~~~~~~~
drivers/ata/pata_ep93xx.c:670:36: warning: implicit conversion from
enumeration type 'enum dma_data_direction' to different enumeration type
'enum dma_transfer_direction' [-Wenum-conversion]
drv_data->dma_tx_data.direction = DMA_TO_DEVICE;
~ ^~~~~~~~~~~~~
drivers/ata/pata_ep93xx.c:681:19: warning: implicit conversion from
enumeration type 'enum dma_data_direction' to different enumeration type
'enum dma_transfer_direction' [-Wenum-conversion]
conf.direction = DMA_FROM_DEVICE;
~ ^~~~~~~~~~~~~~~
drivers/ata/pata_ep93xx.c:692:19: warning: implicit conversion from
enumeration type 'enum dma_data_direction' to different enumeration type
'enum dma_transfer_direction' [-Wenum-conversion]
conf.direction = DMA_TO_DEVICE;
~ ^~~~~~~~~~~~~
Use the equivalent valued enums from the expected type so that Clang no
longer warns about a conversion.
DMA_TO_DEVICE = DMA_MEM_TO_DEV = 1
DMA_FROM_DEVICE = DMA_DEV_TO_MEM = 2
Acked-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit aa343014d014cc149d29c0fcc3dfe5576702cb7f
Author: Bob Moore <robert.moore@intel.com>
Date: Wed Oct 3 11:45:38 2018 -0700
ACPICA: Never run _REG on system_memory and system_IO
[ Upstream commit 8b1cafdcb4b75c5027c52f1e82b47ebe727ad7ed ]
These address spaces are defined by the ACPI spec to be
"always available", and thus _REG should never be run on them.
Provides compatibility with other ACPI implementations.
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Erik Schmauss <erik.schmauss@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit c7263e711e0f2cb388ac4c448c5b4bc6ed858983
Author: Nathan Chancellor <natechancellor@gmail.com>
Date: Mon Sep 24 12:57:16 2018 -0700
IB/mlx4: Avoid implicit enumerated type conversion
[ Upstream commit b56511c15713ba6c7572e77a41f7ddba9c1053ec ]
Clang warns when one enumerated type is implicitly converted to another.
drivers/infiniband/hw/mlx4/mad.c:1811:41: warning: implicit conversion
from enumeration type 'enum mlx4_ib_qp_flags' to different enumeration
type 'enum ib_qp_create_flags' [-Wenum-conversion]
qp_init_attr.init_attr.create_flags = MLX4_IB_SRIOV_TUNNEL_QP;
~ ^~~~~~~~~~~~~~~~~~~~~~~
drivers/infiniband/hw/mlx4/mad.c:1819:41: warning: implicit conversion
from enumeration type 'enum mlx4_ib_qp_flags' to different enumeration
type 'enum ib_qp_create_flags' [-Wenum-conversion]
qp_init_attr.init_attr.create_flags = MLX4_IB_SRIOV_SQP;
~ ^~~~~~~~~~~~~~~~~
The type mlx4_ib_qp_flags explicitly provides supplemental values to the
type ib_qp_create_flags. Make that clear to Clang by changing the
create_flags type to u32.
Reported-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 312efa12b4b581f4b720fb280534faa8900df834
Author: Wei Yongjun <weiyongjun1@huawei.com>
Date: Sat Sep 29 03:55:16 2018 +0000
IB/mthca: Fix error return code in __mthca_init_one()
[ Upstream commit 39f2495618c5e980d2873ea3f2d1877dd253e07a ]
Fix to return a negative error code from the mthca_cmd_init() error
handling case instead of 0, as done elsewhere in this function.
Fixes: 80fd8238734c ("[PATCH] IB/mthca: Encapsulate command interface init")
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit fe92d894826c1900e6a4863ae8997ad363936b7b
Author: Radoslaw Tyl <radoslawx.tyl@intel.com>
Date: Mon Sep 24 09:24:20 2018 +0200
ixgbe: Fix crash with VFs and flow director on interface flap
[ Upstream commit 5d826d209164b0752c883607be4cdbbcf7cab494 ]
This patch fix crash when we have restore flow director filters after reset
adapter. In ixgbe_fdir_filter_restore() filter->action is outside of the
rx_ring array, as it has a VF identifier in the upper 32 bits.
Signed-off-by: Radoslaw Tyl <radoslawx.tyl@intel.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 57176df1159e67c14ff1542e9c34d2e4dd3b361e
Author: Nathan Chancellor <natechancellor@gmail.com>
Date: Thu Sep 20 16:30:25 2018 -0700
mtd: rawnand: sh_flctl: Use proper enum for flctl_dma_fifo0_transfer
[ Upstream commit e2bfa4ca23d9b5a7bdfcf21319fad9b59e38a05c ]
Clang warns when one enumerated type is converted implicitly to another:
drivers/mtd/nand/raw/sh_flctl.c:483:46: warning: implicit conversion
from enumeration type 'enum dma_transfer_direction' to different
enumeration type 'enum dma_data_direction' [-Wenum-conversion]
flctl_dma_fifo0_transfer(flctl, buf, rlen, DMA_DEV_TO_MEM) > 0)
~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~
drivers/mtd/nand/raw/sh_flctl.c:542:46: warning: implicit conversion
from enumeration type 'enum dma_transfer_direction' to different
enumeration type 'enum dma_data_direction' [-Wenum-conversion]
flctl_dma_fifo0_transfer(flctl, buf, rlen, DMA_MEM_TO_DEV) > 0)
~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~
2 warnings generated.
Use the proper enums from dma_data_direction to satisfy Clang.
DMA_MEM_TO_DEV = DMA_TO_DEVICE = 1
DMA_DEV_TO_MEM = DMA_FROM_DEVICE = 2
Reported-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit d1c9aa8380aaf5ee02e384e3fc7b96e24818f3c5
Author: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
Date: Thu Sep 27 13:40:58 2018 +0530
powerpc/pseries: Fix how we iterate over the DTL entries
[ Upstream commit 9258227e9dd1da8feddb07ad9702845546a581c9 ]
When CONFIG_VIRT_CPU_ACCOUNTING_NATIVE is not set, we look up dtl_idx in
the lppaca to determine the number of entries in the buffer. Since
lppaca is in big endian, we need to do an endian conversion before using
this in our calculation to determine the number of entries in the
buffer. Without this, we do not iterate over the existing entries in the
DTL buffer properly.
Fixes: 7c105b63bd98 ("powerpc: Add CONFIG_CPU_LITTLE_ENDIAN kernel config option.")
Signed-off-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 7fe169985c2e2edc9f55e6e882cd759842f84a8e
Author: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
Date: Thu Sep 27 13:40:57 2018 +0530
powerpc/pseries: Fix DTL buffer registration
[ Upstream commit db787af1b8a6b4be428ee2ea7d409dafcaa4a43c ]
When CONFIG_VIRT_CPU_ACCOUNTING_NATIVE is not set, we register the DTL
buffer for a cpu when the associated file under powerpc/dtl in debugfs
is opened. When doing so, we need to set the size of the buffer being
registered in the second u32 word of the buffer. This needs to be in big
endian, but we are not doing the conversion resulting in the below error
showing up in dmesg:
dtl_start: DTL registration for cpu 0 (hw 0) failed with -4
Fix this in the obvious manner.
Fixes: 7c105b63bd98 ("powerpc: Add CONFIG_CPU_LITTLE_ENDIAN kernel config option.")
Signed-off-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 5c688cf14cc933e42a774f1a2c5ad809b4c599ac
Author: Nathan Chancellor <natechancellor@gmail.com>
Date: Sun Sep 30 20:47:38 2018 -0700
cxgb4: Use proper enum in IEEE_FAUX_SYNC
[ Upstream commit 258b6d141878530ba1f8fc44db683822389de914 ]
Clang warns when one enumerated type is implicitly converted to another.
drivers/net/ethernet/chelsio/cxgb4/cxgb4_dcb.c:390:4: warning: implicit
conversion from enumeration type 'enum cxgb4_dcb_state' to different
enumeration type 'enum cxgb4_dcb_state_input' [-Wenum-conversion]
IEEE_FAUX_SYNC(dev, dcb);
^~~~~~~~~~~~~~~~~~~~~~~~
drivers/net/ethernet/chelsio/cxgb4/cxgb4_dcb.h:70:10: note: expanded
from macro 'IEEE_FAUX_SYNC'
CXGB4_DCB_STATE_FW_ALLSYNCED);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
Use the equivalent value of the expected type to silence Clang while
resulting in no functional change.
CXGB4_DCB_STATE_FW_ALLSYNCED = CXGB4_DCB_INPUT_FW_ALLSYNCED = 3
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit cd2b7f830b2c6bbf691023df9c7ac2cf0c84c927
Author: Nathan Chancellor <natechancellor@gmail.com>
Date: Sun Sep 30 20:51:43 2018 -0700
cxgb4: Use proper enum in cxgb4_dcb_handle_fw_update
[ Upstream commit 3b0b8f0d9a259f6a428af63e7a77547325f8e081 ]
Clang warns when one enumerated type is implicitly converted to another.
drivers/net/ethernet/chelsio/cxgb4/cxgb4_dcb.c:303:7: warning: implicit
conversion from enumeration type 'enum cxgb4_dcb_state' to different
enumeration type 'enum cxgb4_dcb_state_input' [-Wenum-conversion]
? CXGB4_DCB_STATE_FW_ALLSYNCED
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/net/ethernet/chelsio/cxgb4/cxgb4_dcb.c:304:7: warning: implicit
conversion from enumeration type 'enum cxgb4_dcb_state' to different
enumeration type 'enum cxgb4_dcb_state_input' [-Wenum-conversion]
: CXGB4_DCB_STATE_FW_INCOMPLETE);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2 warnings generated.
Use the equivalent value of the expected type to silence Clang while
resulting in no functional change.
CXGB4_DCB_STATE_FW_INCOMPLETE = CXGB4_DCB_INPUT_FW_INCOMPLETE = 2
CXGB4_DCB_STATE_FW_ALLSYNCED = CXGB4_DCB_INPUT_FW_ALLSYNCED = 3
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit a87ccca317a82577e856d14131d2bb4b868d4097
Author: Dan Carpenter <dan.carpenter@oracle.com>
Date: Mon Oct 1 19:44:41 2018 +0300
mei: samples: fix a signedness bug in amt_host_if_call()
[ Upstream commit 185647813cac080453cb73a2e034a8821049f2a7 ]
"out_buf_sz" needs to be signed for the error handling to work.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit a8de090710deb7503ee757330befd79c37818873
Author: Nathan Chancellor <natechancellor@gmail.com>
Date: Tue Sep 11 16:20:25 2018 -0700
dmaengine: timb_dma: Use proper enum in td_prep_slave_sg
[ Upstream commit 5e621f5d538985f010035c6f3e28c22829d36db1 ]
Clang warns when implicitly converting from one enumerated type to
another. Avoid this by using the equivalent value from the expected
type.
drivers/dma/timb_dma.c:548:27: warning: implicit conversion from
enumeration type 'enum dma_transfer_direction' to different enumeration
type 'enum dma_data_direction' [-Wenum-conversion]
td_desc->desc_list_len, DMA_MEM_TO_DEV);
^~~~~~~~~~~~~~
1 warning generated.
Reported-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 70390678b7090de4055231a8be0492c301609372
Author: Nathan Chancellor <natechancellor@gmail.com>
Date: Tue Sep 11 16:40:20 2018 -0700
dmaengine: ep93xx: Return proper enum in ep93xx_dma_chan_direction
[ Upstream commit 9524d6b265f9b2b9a61fceb2ee2ce1c2a83e39ca ]
Clang warns when implicitly converting from one enumerated type to
another. Avoid this by using the equivalent value from the expected
type.
In file included from drivers/dma/ep93xx_dma.c:30:
./include/linux/platform_data/dma-ep93xx.h:88:10: warning: implicit
conversion from enumeration type 'enum dma_data_direction' to different
enumeration type 'enum dma_transfer_direction' [-Wenum-conversion]
return DMA_NONE;
~~~~~~ ^~~~~~~~
1 warning generated.
Reported-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 594bc9ac4e0d75af19a987e88e9bad3a88f92202
Author: Andrew Zaborowski <andrew.zaborowski@intel.com>
Date: Mon Sep 24 18:10:22 2018 +0200
nl80211: Fix a GET_KEY reply attribute
[ Upstream commit efdfce7270de85a8706d1ea051bef3a7486809ff ]
Use the NL80211_KEY_IDX attribute inside the NL80211_ATTR_KEY in
NL80211_CMD_GET_KEY responses to comply with nl80211_key_policy.
This is unlikely to affect existing userspace.
Signed-off-by: Andrew Zaborowski <andrew.zaborowski@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit cb1083af7740f04820e70f412302c473644c8877
Author: Jia-Ju Bai <baijiaju1990@gmail.com>
Date: Sat Sep 15 11:04:40 2018 +0800
usb: gadget: udc: fotg210-udc: Fix a sleep-in-atomic-context bug in fotg210_get_status()
[ Upstream commit 2337a77c1cc86bc4e504ecf3799f947659c86026 ]
The driver may sleep in an interrupt handler.
The function call path (from bottom to top) in Linux-4.17 is:
[FUNC] fotg210_ep_queue(GFP_KERNEL)
drivers/usb/gadget/udc/fotg210-udc.c, 744:
fotg210_ep_queue in fotg210_get_status
drivers/usb/gadget/udc/fotg210-udc.c, 768:
fotg210_get_status in fotg210_setup_packet
drivers/usb/gadget/udc/fotg210-udc.c, 949:
fotg210_setup_packet in fotg210_irq (interrupt handler)
To fix this bug, GFP_KERNEL is replaced with GFP_ATOMIC.
If possible, spin_unlock() and spin_lock() around fotg210_ep_queue()
can be also removed.
This bug is found by my static analysis tool DSAC.
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 4178fcfb55ec762982bfeafd8db7c827b6a52690
Author: Simon Wunderlich <sw@simonwunderlich.de>
Date: Mon Oct 1 17:26:59 2018 +0300
ath9k: fix reporting calculated new FFT upper max
[ Upstream commit 4fb5837ac2bd46a85620b297002c704e9958f64d ]
Since the debug print code is outside of the loop, it shouldn't use the loop
iterator anymore but instead print the found maximum index.
Cc: Nick Kossifidis <mickflemm@gmail.com>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 465966a9251ac2ceb30b16d8b13bb5883b7f27ce
Author: Florian Fainelli <f.fainelli@gmail.com>
Date: Mon Oct 1 10:33:02 2018 -0700
ata: ahci_brcm: Allow using driver or DSL SoCs
[ Upstream commit 7fb44929cb0e5cdcde143e1ca3ca57b5b8247db0 ]
The Broadcom STB AHCI controller is the same as the one found on DSL
SoCs, so we will utilize the same driver on these systems as well.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit a1c6ef58dab2b21d02cc805cf2024edda1c0fc42
Author: Ben Greear <greearb@candelatech.com>
Date: Thu Sep 6 19:46:20 2018 +0300
ath10k: fix vdev-start timeout on error
[ Upstream commit 833fd34d743c728afe6d127ef7bee67e7d9199a8 ]
The vdev-start-response message should cause the
completion to fire, even in the error case. Otherwise,
the user still gets no useful information and everything
is blocked until the timeout period.
Add some warning text to print out the invalid status
code to aid debugging, and propagate failure code.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 9a59633411727ad7dde49915a4e37a3621177ae3
Author: Anshuman Khandual <anshuman.khandual@arm.com>
Date: Sat Sep 22 21:09:55 2018 +0530
arm64/numa: Report correct memblock range for the dummy node
[ Upstream commit 77cfe950901e5c13aca2df6437a05f39dd9a929b ]
The dummy node ID is marked into all memory ranges on the system. So the
dummy node really extends the entire memblock.memory. Hence report correct
extent information for the dummy node using memblock range helper functions
instead of the range [0LLU, PFN_PHYS(max_pfn) - 1)].
Fixes: 1a2db30034 ("arm64, numa: Add NUMA support for arm64 platforms")
Acked-by: Punit Agrawal <punit.agrawal@arm.com>
Signed-off-by: Anshuman Khandual <anshuman.khandual@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 3f73f94aca98a7ed0fc5025fc86b7bc13a65f1bc
Author: Suzuki K Poulose <suzuki.poulose@arm.com>
Date: Wed Sep 26 17:32:37 2018 +0100
kvm: arm/arm64: Fix stage2_flush_memslot for 4 level page table
[ Upstream commit d2db7773ba864df6b4e19643dfc54838550d8049 ]
So far we have only supported 3 level page table with fixed IPA of
40bits, where PUD is folded. With 4 level page tables, we need
to check if the PUD entry is valid or not. Fix stage2_flush_memslot()
to do this check, before walking down the table.
Acked-by: Christoffer Dall <cdall@kernel.org>
Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 3d827805a11e9d31681f9b32968e34bd9b01ff1d
Author: Trond Myklebust <trond.myklebust@hammerspace.com>
Date: Sat Sep 8 22:09:48 2018 -0400
SUNRPC: Fix priority queue fairness
[ Upstream commit f42f7c283078ce3c1e8368b140e270755b1ae313 ]
Fix up the priority queue to not batch by owner, but by queue, so that
we allow '1 << priority' elements to be dequeued before switching to
the next priority queue.
The owner field is still used to wake up requests in round robin order
by owner to avoid single processes hogging the RPC layer by loading the
queues.
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 1a8c4305dd5a4d349115ce30c2d875ba729f3ba9
Author: Jaegeuk Kim <jaegeuk@kernel.org>
Date: Tue Sep 25 15:25:21 2018 -0700
f2fs: return correct errno in f2fs_gc
[ Upstream commit 61f7725aa148ee870436a29d3a24d5c00ab7e9af ]
This fixes overriding error number in f2fs_gc.
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit c12fec7d493774c458f70cf0b1f86455dd5a34c1
Author: H. Nikolaus Schaller <hns@goldelico.com>
Date: Fri Sep 28 17:54:00 2018 +0200
ARM: dts: omap5: enable OTG role for DWC3 controller
[ Upstream commit 656c1a65ab555ee5c7cd0d6aee8ab82ca3c1795f ]
Since SMPS10 and OTG cable detection extcon are described here, and
work to enable OTG power when an OTG cable is plugged in, we can
define OTG mode in the controller (which is disabled by default in
omap5.dtsi).
Tested on OMAP5EVM and Pyra.
Suggested-by: Roger Quadros <rogerq@ti.com>
Signed-off-by: H. Nikolaus Schaller <hns@goldelico.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit b72184ef2130fd2ba18db9f3f7c333d70009b105
Author: YueHaibing <yuehaibing@huawei.com>
Date: Wed Sep 26 17:18:14 2018 +0800
net: xen-netback: fix return type of ndo_start_xmit function
[ Upstream commit a9ca7f17c6d240e269a24cbcd76abf9a940309dd ]
The method ndo_start_xmit() is defined as returning an 'netdev_tx_t',
which is a typedef for an enum type, so make sure the implementation in
this driver has returns 'netdev_tx_t' value, and change the function
return type to netdev_tx_t.
Found by coccinelle.
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 1a7704e7718398ee0c3a0e6f658cd06ff993826e
Author: YueHaibing <yuehaibing@huawei.com>
Date: Wed Sep 26 17:15:38 2018 +0800
net: ovs: fix return type of ndo_start_xmit function
[ Upstream commit eddf11e18dff0e8671e06ce54e64cfc843303ab9 ]
The method ndo_start_xmit() is defined as returning an 'netdev_tx_t',
which is a typedef for an enum type, so make sure the implementation in
this driver has returns 'netdev_tx_t' value, and change the function
return type to netdev_tx_t.
Found by coccinelle.
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 31941e54e35295e66fa1a6e749f5faf0332bc7f5
Author: Jens Axboe <axboe@kernel.dk>
Date: Wed Aug 7 12:20:52 2019 -0600
libata: have ata_scsi_rw_xlat() fail invalid passthrough requests
commit 2d7271501720038381d45fb3dcbe4831228fc8cc upstream.
For passthrough requests, libata-scsi takes what the user passes in
as gospel. This can be problematic if the user fills in the CDB
incorrectly. One example of that is in request sizes. For read/write
commands, the CDB contains fields describing the transfer length of
the request. These should match with the SG_IO header fields, but
libata-scsi currently does no validation of that.
Check that the number of blocks in the CDB for passthrough requests
matches what was mapped into the request. If the CDB asks for more
data then the validated SG_IO header fields, error it.
Reported-by: Krishna Ram Prakash R <krp@gtux.in>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit f3216243df6758ee8c80f63b95b9be424abb0ce2
Author: Christoph Hellwig <hch@lst.de>
Date: Tue Jan 31 16:57:29 2017 +0100
block: introduce blk_rq_is_passthrough
commit 57292b58ddb58689e8c3b4c6eadbef10d9ca44dd upstream.
This can be used to check for fs vs non-fs requests and basically
removes all knowledge of BLOCK_PC specific from the block layer,
as well as preparing for removing the cmd_type field in struct request.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jens Axboe <axboe@fb.com>
[only take the blkdev.h changes as we only want the function for backported
patches - gregkh]
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit edb9044165918050c4429e5450f0ef44c95b3726
Author: Daniel Vetter <daniel.vetter@ffwll.ch>
Date: Sun Jul 21 22:19:56 2019 +0200
fbdev: Ditch fb_edid_add_monspecs
commit 3b8720e63f4a1fc6f422a49ecbaa3b59c86d5aaf upstream.
It's dead code ever since
commit 34280340b1dc74c521e636f45cd728f9abf56ee2
Author: Geert Uytterhoeven <geert+renesas@glider.be>
Date: Fri Dec 4 17:01:43 2015 +0100
fbdev: Remove unused SH-Mobile HDMI driver
Also with this gone we can remove the cea_modes db. This entire thing
is massively incomplete anyway, compared to the CEA parsing that
drm_edid.c does.
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Tavis Ormandy <taviso@gmail.com>
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20190721201956.941-1-daniel.vetter@ffwll.ch
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit a5fb7af5e257443fc623472238440212d49756f0
Author: Masami Hiramatsu <mhiramat@kernel.org>
Date: Wed May 9 21:58:45 2018 +0900
uprobes/x86: Prohibit probing on MOV SS instruction
commit 13ebe18c94f5b0665c01ae7fad2717ae959f4212 upstream.
Since MOV SS and POP SS instructions will delay the exceptions until the
next instruction is executed, single-stepping on it by uprobes must be
prohibited.
uprobe already rejects probing on POP SS (0x1f), but allows probing on MOV
SS (0x8e and reg == 2). This checks the target instruction and if it is
MOV SS or POP SS, returns -ENOTSUPP to reject probing.
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Oleg Nesterov <oleg@redhat.com>
Cc: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
Cc: Francis Deslauriers <francis.deslauriers@efficios.com>
Cc: Alexei Starovoitov <ast@kernel.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: "H . Peter Anvin" <hpa@zytor.com>
Cc: Yonghong Song <yhs@fb.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: "David S . Miller" <davem@davemloft.net>
Link: https://lkml.kernel.org/r/152587072544.17316.5950935243917346341.stgit@devbox
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 01ac2122008bdf8d9ba73bbfa9922c2eef1e2b59
Author: Masami Hiramatsu <mhiramat@kernel.org>
Date: Wed May 9 21:58:15 2018 +0900
kprobes/x86: Prohibit probing on exception masking instructions
commit ee6a7354a3629f9b65bc18dbe393503e9440d6f5 upstream.
Since MOV SS and POP SS instructions will delay the exceptions until the
next instruction is executed, single-stepping on it by kprobes must be
prohibited.
However, kprobes usually executes those instructions directly on trampoline
buffer (a.k.a. kprobe-booster), except for the kprobes which has
post_handler. Thus if kprobe user probes MOV SS with post_handler, it will
do single-stepping on the MOV SS.
This means it is safe that if it is used via ftrace or perf/bpf since those
don't use the post_handler.
Anyway, since the stack switching is a rare case, it is safer just
rejecting kprobes on such instructions.
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
Cc: Francis Deslauriers <francis.deslauriers@efficios.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Alexei Starovoitov <ast@kernel.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: "H . Peter Anvin" <hpa@zytor.com>
Cc: Yonghong Song <yhs@fb.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: "David S . Miller" <davem@davemloft.net>
Link: https://lkml.kernel.org/r/152587069574.17316.3311695234863248641.stgit@devbox
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 7b94b70ccb6937fa149e96115e11df0cc3193d65
Author: Peter Zijlstra <peterz@infradead.org>
Date: Wed Apr 24 13:38:23 2019 +0200
x86/atomic: Fix smp_mb__{before,after}_atomic()
commit 69d927bba39517d0980462efc051875b7f4db185 upstream.
Recent probing at the Linux Kernel Memory Model uncovered a
'surprise'. Strongly ordered architectures where the atomic RmW
primitive implies full memory ordering and
smp_mb__{before,after}_atomic() are a simple barrier() (such as x86)
fail for:
*x = 1;
atomic_inc(u);
smp_mb__after_atomic();
r0 = *y;
Because, while the atomic_inc() implies memory order, it
(surprisingly) does not provide a compiler barrier. This then allows
the compiler to re-order like so:
atomic_inc(u);
*x = 1;
smp_mb__after_atomic();
r0 = *y;
Which the CPU is then allowed to re-order (under TSO rules) like:
atomic_inc(u);
r0 = *y;
*x = 1;
And this very much was not intended. Therefore strengthen the atomic
RmW ops to include a compiler barrier.
NOTE: atomic_{or,and,xor} and the bitops already had the compiler
barrier.
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Jari Ruusu <jari.ruusu@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 4a4c61759b36a14e2ba01c64704293b988ead07b
Author: Dan Carpenter <dan.carpenter@oracle.com>
Date: Wed Nov 13 21:28:31 2019 +0300
net: cdc_ncm: Signedness bug in cdc_ncm_set_dgram_size()
commit a56dcc6b455830776899ce3686735f1172e12243 upstream.
This code is supposed to test for negative error codes and partial
reads, but because sizeof() is size_t (unsigned) type then negative
error codes are type promoted to high positive values and the condition
doesn't work as expected.
Fixes: 332f989a3b00 ("CDC-NCM: handle incomplete transfer of MTU")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Nobuhiro Iwamatsu <nobuhiro1.iwamatsu@toshiba.co.jp>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit bd73035fd84ab8dce1cb1fe71a0b724b3b40cdc1
Author: Jouni Hogander <jouni.hogander@unikie.com>
Date: Wed Nov 13 12:08:01 2019 +0200
slcan: Fix memory leak in error path
commit ed50e1600b4483c049ce76e6bd3b665a6a9300ed upstream.
This patch is fixing memory leak reported by Syzkaller:
BUG: memory leak unreferenced object 0xffff888067f65500 (size 4096):
comm "syz-executor043", pid 454, jiffies 4294759719 (age 11.930s)
hex dump (first 32 bytes):
73 6c 63 61 6e 30 00 00 00 00 00 00 00 00 00 00 slcan0..........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<00000000a06eec0d>] __kmalloc+0x18b/0x2c0
[<0000000083306e66>] kvmalloc_node+0x3a/0xc0
[<000000006ac27f87>] alloc_netdev_mqs+0x17a/0x1080
[<0000000061a996c9>] slcan_open+0x3ae/0x9a0
[<000000001226f0f9>] tty_ldisc_open.isra.1+0x76/0xc0
[<0000000019289631>] tty_set_ldisc+0x28c/0x5f0
[<000000004de5a617>] tty_ioctl+0x48d/0x1590
[<00000000daef496f>] do_vfs_ioctl+0x1c7/0x1510
[<0000000059068dbc>] ksys_ioctl+0x99/0xb0
[<000000009a6eb334>] __x64_sys_ioctl+0x78/0xb0
[<0000000053d0332e>] do_syscall_64+0x16f/0x580
[<0000000021b83b99>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[<000000008ea75434>] 0xffffffffffffffff
Cc: Wolfgang Grandegger <wg@grandegger.com>
Cc: Marc Kleine-Budde <mkl@pengutronix.de>
Cc: Lukas Bulwahn <lukas.bulwahn@gmail.com>
Signed-off-by: Jouni Hogander <jouni.hogander@unikie.com>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Cc: Oliver Hartkopp <socketcan@hartkopp.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit e0088cfbd8c94554f96b9b20897d9c3496305a09
Author: zhong jiang <zhongjiang@huawei.com>
Date: Mon Nov 18 11:26:10 2019 +0800
memfd: Use radix_tree_deref_slot_protected to avoid the warning.
The commit 3ce6b467b9b2 ("memfd: Fix locking when tagging pins")
introduces the following warning messages.
*WARNING: suspicious RCU usage in memfd_wait_for_pins*
It is because we still use radix_tree_deref_slot without read_rcu_lock.
We should use radix_tree_deref_slot_protected instead in the case.
Cc: stable@vger.kernel.org
Fixes: 3ce6b467b9b2 ("memfd: Fix locking when tagging pins")
Signed-off-by: zhong jiang <zhongjiang@huawei.com>
Reviewed-by: Matthew Wilcox (Oracle) <willy@infradead.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 6988feec3da07e2c67a4ef8ab015fab23ea33c6e
Author: Israel Rukshin <israelr@mellanox.com>
Date: Wed Sep 26 09:44:18 2018 +0000
IB/iser: Fix possible NULL deref at iser_inv_desc()
[ Upstream commit 65f07f5a09dacf3b60619f196f096ea3671a5eda ]
In case target remote invalidates bogus rkey and signature is not used,
pi_ctx is NULL deref.
The commit also fails the connection on bogus remote invalidation.
Fixes: 59caaed7a72a ("IB/iser: Support the remote invalidation exception")
Signed-off-by: Israel Rukshin <israelr@mellanox.com>
Reviewed-by: Max Gurtovoy <maxg@mellanox.com>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit c0c3f27fe1af279590da27cc2b816fb4e7e8ccbb
Author: Kirill Tkhai <ktkhai@virtuozzo.com>
Date: Mon Aug 27 18:29:29 2018 +0300
fuse: use READ_ONCE on congestion_threshold and max_background
[ Upstream commit 2a23f2b8adbe4bd584f936f7ac17a99750eed9d7 ]
Since they are of unsigned int type, it's allowed to read them
unlocked during reporting to userspace. Let's underline this fact
with READ_ONCE() macroses.
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 6bce2b94291a3ffa1e62196c518abf130428547d
Author: Chunfeng Yun <chunfeng.yun@mediatek.com>
Date: Thu Sep 20 19:13:32 2018 +0300
usb: xhci-mtk: fix ISOC error when interval is zero
[ Upstream commit 87173acc0d8f0987bda8827da35fff67f52ad15d ]
If the interval equal zero, needn't round up to power of two
for the number of packets in each ESIT, so fix it.
Signed-off-by: Chunfeng Yun <chunfeng.yun@mediatek.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit c899deb493d351f95d00a81ae52287907e31d0eb
Author: Rob Herring <robh@kernel.org>
Date: Thu Sep 13 13:12:33 2018 -0500
ARM: dts: lpc32xx: Fix SPI controller node names
[ Upstream commit 11236ef582b8d66290bb3b3710e03ca1d85d8ad8 ]
SPI controller nodes should be named 'spi' rather than 'ssp'. Fixing the
name enables dtc SPI bus checks.
Cc: Vladimir Zapolskiy <vz@mleia.com>
Cc: Sylvain Lemieux <slemieux.tyco@gmail.com>
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 0a5c2bfb02c369578e7bea3516c7a5d05d8d9793
Author: Rob Herring <robh@kernel.org>
Date: Thu Sep 13 13:12:44 2018 -0500
arm64: dts: lg: Fix SPI controller node names
[ Upstream commit 09bae3b64cb580c95329bd8d16f08f0a5cb81ec9 ]
SPI controller nodes should be named 'spi' rather than 'ssp'. Fixing the
name enables dtc SPI bus checks.
Cc: Chanho Min <chanho.min@lge.com>
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 047c3645e7559aff0c643c83d79419f84153f370
Author: Rob Herring <robh@kernel.org>
Date: Thu Sep 13 13:12:40 2018 -0500
arm64: dts: amd: Fix SPI bus warnings
[ Upstream commit e9f0878c4b2004ac19581274c1ae4c61ae3ca70e ]
dtc has new checks for SPI buses. Fix the warnings in node names.
arch/arm64/boot/dts/amd/amd-overdrive.dtb: Warning (spi_bus_bridge): /smb/ssp@e1030000: node name for SPI buses should be 'spi'
arch/arm64/boot/dts/amd/amd-overdrive-rev-b0.dtb: Warning (spi_bus_bridge): /smb/ssp@e1030000: node name for SPI buses should be 'spi'
arch/arm64/boot/dts/amd/amd-overdrive-rev-b1.dtb: Warning (spi_bus_bridge): /smb/ssp@e1030000: node name for SPI buses should be 'spi'
Cc: Brijesh Singh <brijeshkumar.singh@amd.com>
Cc: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 9e47acea96d0e5f79e47ca7e3f48a5a8df60d101
Author: Finn Thain <fthain@telegraphics.com.au>
Date: Thu Sep 27 11:17:11 2018 +1000
scsi: NCR5380: Handle BUS FREE during reselection
[ Upstream commit ca694afad707cb3ae2fdef3b28454444d9ac726e ]
The X3T9.2 specification (draft) says, under "6.1.4.2 RESELECTION time-out
procedure", that a target may assert RST or go to BUS FREE phase if the
initiator does not respond within 200 us. Something like this has been
observed with AztecMonster II target. When it happens, all we can do is wait
for the target to try again.
Tested-by: Michael Schmitz <schmitzmic@gmail.com>
Signed-off-by: Finn Thain <fthain@telegraphics.com.au>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit bbef21812f054b765c8d9906594ebbb1c86bbdb8
Author: Finn Thain <fthain@telegraphics.com.au>
Date: Thu Sep 27 11:17:11 2018 +1000
scsi: NCR5380: Don't call dsprintk() following reselection interrupt
[ Upstream commit 08267216b3f8aa5adc204bdccf8deb72c1cd7665 ]
The X3T9.2 specification (draft) says, under "6.1.4.1 RESELECTION",
... The reselected initiator shall then assert the BSY signal
within a selection abort time of its most recent detection of being
reselected; this is required for correct operation of the time-out
procedure.
The selection abort time is only 200 us which may be insufficient time for a
printk() call. Move the diagnostics to the error paths.
Tested-by: Michael Schmitz <schmitzmic@gmail.com>
Signed-off-by: Finn Thain <fthain@telegraphics.com.au>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 155edd4ae8512807c2c27f56040cba80788ba7a2
Author: Finn Thain <fthain@telegraphics.com.au>
Date: Thu Sep 27 11:17:11 2018 +1000
scsi: NCR5380: Don't clear busy flag when abort fails
[ Upstream commit 45ddc1b24806cc8f1a09f23dd4e7b6e4a8ae36e1 ]
When NCR5380_abort() returns FAILED, the driver forgets that the target is
still busy. Hence, further commands may be sent to the target, which may fail
during selection and produce the error message, "reselection after won
arbitration?". Prevent this by leaving the busy flag set when NCR5380_abort()
fails.
Tested-by: Michael Schmitz <schmitzmic@gmail.com>
Signed-off-by: Finn Thain <fthain@telegraphics.com.au>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit f876c37ef29630f24481488c6648e7b96077bb12
Author: Finn Thain <fthain@telegraphics.com.au>
Date: Thu Sep 27 11:17:11 2018 +1000
scsi: NCR5380: Check for invalid reselection target
[ Upstream commit 7ef55f6744c45e3d7c85a3f74ada39b67ac741dd ]
The X3T9.2 specification (draft) says, under "6.1.4.1 RESELECTION", that "the
initiator shall not respond to a RESELECTION phase if other than two SCSI ID
bits are on the DATA BUS." This issue (too many bits set) has been observed in
the wild, so add a check.
Tested-by: Michael Schmitz <schmitzmic@gmail.com>
Signed-off-by: Finn Thain <fthain@telegraphics.com.au>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit acef2f05863c5678618ec9fd061adca6d5f67b08
Author: Finn Thain <fthain@telegraphics.com.au>
Date: Thu Sep 27 11:17:11 2018 +1000
scsi: NCR5380: Use DRIVER_SENSE to indicate valid sense data
[ Upstream commit 070356513963be6196142acff56acc8359069fa1 ]
When sense data is valid, call set_driver_byte(cmd, DRIVER_SENSE). Otherwise
some callers of scsi_execute() will ignore sense data. Don't set DID_ERROR or
DID_RESET just because sense data is missing.
Tested-by: Michael Schmitz <schmitzmic@gmail.com>
Signed-off-by: Finn Thain <fthain@telegraphics.com.au>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 64684e0f99dfd2b62523664b6f97e91404251ea6
Author: Hannes Reinecke <hare@suse.com>
Date: Thu Sep 27 11:17:11 2018 +1000
scsi: NCR5380: Clear all unissued commands on host reset
[ Upstream commit 1aeeeed7f03c576f096eede7b0384f99a98f588c ]
When doing a host reset we should be clearing all outstanding commands, not
just the command triggering the reset.
[mkp: adjusted Hannes' SoB address]
Signed-off-by: Hannes Reinecke <hare@suse.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Cc: Ondrey Zary <linux@rainbow-software.org>
Signed-off-by: Finn Thain <fthain@telegraphics.com.au>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 3d9fb62dbe7cc2d19632470a588a5ee38b8d3c7f
Author: Dan Aloni <dan@kernelim.com>
Date: Mon Sep 17 20:24:32 2018 +0300
crypto: fix a memory leak in rsa-kcs1pad's encryption mode
[ Upstream commit 3944f139d5592790b70bc64f197162e643a8512b ]
The encryption mode of pkcs1pad never uses out_sg and out_buf, so
there's no need to allocate the buffer, which presently is not even
being freed.
CC: Herbert Xu <herbert@gondor.apana.org.au>
CC: linux-crypto@vger.kernel.org
CC: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Dan Aloni <dan@kernelim.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 85b914581083bb94b89f4accf52fdf862c53e7f3
Author: Christoph Manszewski <c.manszewski@samsung.com>
Date: Mon Sep 17 17:09:28 2018 +0200
crypto: s5p-sss: Fix Fix argument list alignment
[ Upstream commit 6c12b6ba45490eeb820fdceccf5a53f42a26799c ]
Fix misalignment of continued argument list.
Signed-off-by: Christoph Manszewski <c.manszewski@samsung.com>
Reviewed-by: Krzysztof Kozlowski <krzk@kernel.org>
Acked-by: Kamil Konieczny <k.konieczny@partner.samsung.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 203ec3c3cb9c45f30df4f650d66c7686ee9915a0
Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date: Tue Sep 4 13:39:22 2018 +0300
Bluetooth: L2CAP: Detect if remote is not able to use the whole MPS
[ Upstream commit a5c3021bb62b970713550db3f7fd08aa70665d7e ]
If the remote is not able to fully utilize the MPS choosen recalculate
the credits based on the actual amount it is sending that way it can
still send packets of MTU size without credits dropping to 0.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 3477b4fb0b789a30e4f5db1f67be64ffc327d5b4
Author: Rob Herring <robh@kernel.org>
Date: Thu Sep 13 13:12:26 2018 -0500
ARM: dts: realview: Fix SPI controller node names
[ Upstream commit 016add12977bcc30f77d7e48fc9a3a024cb46645 ]
SPI controller nodes should be named 'spi' rather than 'ssp'. Fixing the
name enables dtc SPI bus checks.
Cc: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 4d29f08baf4fab35db948ebd1046d8ecf5b86f57
Author: Justin Ernst <justin.ernst@hpe.com>
Date: Tue Sep 25 09:34:49 2018 -0500
EDAC: Raise the maximum number of memory controllers
[ Upstream commit 6b58859419554fb824e09cfdd73151a195473cbc ]
We observe an oops in the skx_edac module during boot:
EDAC MC0: Giving out device to module skx_edac controller Skylake Socket#0 IMC#0
EDAC MC1: Giving out device to module skx_edac controller Skylake Socket#0 IMC#1
EDAC MC2: Giving out device to module skx_edac controller Skylake Socket#1 IMC#0
...
EDAC MC13: Giving out device to module skx_edac controller Skylake Socket#0 IMC#1
EDAC MC14: Giving out device to module skx_edac controller Skylake Socket#1 IMC#0
EDAC MC15: Giving out device to module skx_edac controller Skylake Socket#1 IMC#1
Too many memory controllers: 16
EDAC MC: Removed device 0 for skx_edac Skylake Socket#0 IMC#0
We observe there are two memory controllers per socket, with a limit
of 16. Raise the maximum number of memory controllers from 16 to 2 *
MAX_NUMNODES (1024).
[ bp: This is just a band-aid fix until we've sorted out the whole issue
with the bus_type association and handling in EDAC and can get rid of
this arbitrary limit. ]
Signed-off-by: Justin Ernst <justin.ernst@hpe.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Acked-by: Russ Anderson <russ.anderson@hpe.com>
Cc: Mauro Carvalho Chehab <mchehab@kernel.org>
Cc: linux-edac@vger.kernel.org
Link: https://lkml.kernel.org/r/20180925143449.284634-1-justin.ernst@hpe.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit c1014c6a9b4f8e7480d20c2a747ddbab142e4c6f
Author: YueHaibing <yuehaibing@huawei.com>
Date: Wed Sep 26 17:06:29 2018 +0800
net: smsc: fix return type of ndo_start_xmit function
[ Upstream commit 6323d57f335ce1490d025cacc83fc10b07792130 ]
The method ndo_start_xmit() is defined as returning an 'netdev_tx_t',
which is a typedef for an enum type, so make sure the implementation in
this driver has returns 'netdev_tx_t' value, and change the function
return type to netdev_tx_t.
Found by coccinelle.
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 74e505aed14b18a6437d553485d885669dfc8e5c
Author: Marc Dietrich <marvin24@gmx.de>
Date: Thu Aug 2 10:45:40 2018 +0200
ARM: dts: paz00: fix wakeup gpio keycode
[ Upstream commit ebea2a43fdafdbce918bd7e200b709d6c33b9f3b ]
The power key is controlled solely by the EC, which only tiggeres this
gpio after wakeup.
Fixes immediately return to suspend after wake from LP1.
Signed-off-by: Marc Dietrich <marvin24@gmx.de>
Tested-by: Nicolas Chauvet <kwizart@gmail.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 7530785a3b49d8f5175ad06f8d54c3a3aaaba67a
Author: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Date: Fri Aug 31 18:37:43 2018 +0200
ARM: tegra: apalis_t30: fix mmc1 cmd pull-up
[ Upstream commit 1c997fe4becdc6fcbc06e23982ceb65621e6572a ]
Fix MMC1 cmd pin pull-up causing issues on carrier boards without
external pull-up.
Signed-off-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit cfd81f1acad5673e95e9274bec05185adecac256
Author: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Date: Fri Aug 31 14:42:33 2018 +0200
ARM: dts: tegra30: fix xcvr-setup-use-fuses
[ Upstream commit 564706f65cda3de52b09e51feb423a43940fe661 ]
There was a dot instead of a comma. Fix this.
Signed-off-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 83e597884338f11cfe6986b5aeff732a2f22b665
Author: Jason Yan <yanaijie@huawei.com>
Date: Tue Sep 25 10:56:52 2018 +0800
scsi: libsas: always unregister the old device if going to discover new
[ Upstream commit 32c850bf587f993b2620b91e5af8a64a7813f504 ]
If we went into sas_rediscover_dev() the attached_sas_addr was already insured
not to be zero. So it's unnecessary to check if the attached_sas_addr is zero.
And although if the sas address is not changed, we always have to unregister
the old device when we are going to register a new one. We cannot just leave
the device there and bring up the new.
Signed-off-by: Jason Yan <yanaijie@huawei.com>
CC: chenxiang <chenxiang66@hisilicon.com>
CC: John Garry <john.garry@huawei.com>
CC: Johannes Thumshirn <jthumshirn@suse.de>
CC: Ewan Milne <emilne@redhat.com>
CC: Christoph Hellwig <hch@lst.de>
CC: Tomas Henzl <thenzl@redhat.com>
CC: Dan Williams <dan.j.williams@intel.com>
CC: Hannes Reinecke <hare@suse.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 03c3736e79150e878d612a4c88919a8bf3123ab6
Author: Alex Williamson <alex.williamson@redhat.com>
Date: Tue Sep 25 13:01:27 2018 -0600
vfio/pci: Mask buggy SR-IOV VF INTx support
[ Upstream commit db04264fe9bc0f2b62e036629f9afb530324b693 ]
The SR-IOV spec requires that VFs must report zero for the INTx pin
register as VFs are precluded from INTx support. It's much easier for
the host kernel to understand whether a device is a VF and therefore
whether a non-zero pin register value is bogus than it is to do the
same in userspace. Override the INTx count for such devices and
virtualize the pin register to provide a consistent view of the device
to the user.
As this is clearly a spec violation, warn about it to support hardware
validation, but also provide a known whitelist as it doesn't do much
good to continue complaining if the hardware vendor doesn't plan to
fix it.
Known devices with this issue: 8086:270c
Tested-by: Gage Eads <gage.eads@intel.com>
Reviewed-by: Ashok Raj <ashok.raj@intel.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit be363e27ec3c3a99793da2be6c07eafb95709c6b
Author: Li Qiang <liq3ea@gmail.com>
Date: Tue Sep 25 13:01:27 2018 -0600
vfio/pci: Fix potential memory leak in vfio_msi_cap_len
[ Upstream commit 30ea32ab1951c80c6113f300fce2c70cd12659e4 ]
Free allocated vdev->msi_perm in error path.
Signed-off-by: Li Qiang <liq3ea@gmail.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 19d875ecbd055b616880d00a5292334ed78a6385
Author: zhong jiang <zhongjiang@huawei.com>
Date: Thu Sep 20 10:29:13 2018 +0800
misc: genwqe: should return proper error value.
[ Upstream commit 02241995b004faa7d9ff628e97f24056190853f8 ]
The function should return -EFAULT when copy_from_user fails. Even
though the caller does not distinguish them. but we should keep backward
compatibility.
Signed-off-by: zhong jiang <zhongjiang@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 4f15bdce673e56b0fa863d604fb9c5a03581a96c
Author: Laura Abbott <labbott@redhat.com>
Date: Tue Sep 11 10:44:03 2018 -0700
misc: kgdbts: Fix restrict error
[ Upstream commit fa0218ef733e6f247a1a3986e3eb12460064ac77 ]
kgdbts current fails when compiled with restrict:
drivers/misc/kgdbts.c: In function ‘configure_kgdbts’:
drivers/misc/kgdbts.c:1070:2: error: ‘strcpy’ source argument is the same as destination [-Werror=restrict]
strcpy(config, opt);
^~~~~~~~~~~~~~~~~~~
As the error says, config is being used in both the source and destination.
Refactor the code to avoid the extra copy and put the parsing closer to
the actual location.
Signed-off-by: Laura Abbott <labbott@redhat.com>
Acked-by: Daniel Thompson <daniel.thompson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 8c3d23bd86884379902b9de8c0461a5f52ed3b4c
Author: Leo Yan <leo.yan@linaro.org>
Date: Thu Sep 20 13:18:02 2018 -0600
coresight: tmc: Fix byte-address alignment for RRP
[ Upstream commit e7753f3937610633a540f2be81be87531f96ff04 ]
>From the comment in the code, it claims the requirement for byte-address
alignment for RRP register: 'for 32-bit, 64-bit and 128-bit wide trace
memory, the four LSBs must be 0s. For 256-bit wide trace memory, the
five LSBs must be 0s'. This isn't consistent with the program, the
program sets five LSBs as zeros for 32/64/128-bit wide trace memory and
set six LSBs zeros for 256-bit wide trace memory.
After checking with the CoreSight Trace Memory Controller technical
reference manual (ARM DDI 0461B, section 3.3.4 RAM Read Pointer
Register), it proves the comment is right and the program does wrong
setting.
This patch fixes byte-address alignment for RRP by following correct
definition in the technical reference manual.
Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
Cc: Mike Leach <mike.leach@linaro.org>
Signed-off-by: Leo Yan <leo.yan@linaro.org>
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 6b32261826811cb53a49cc679c982c0733de3a51
Author: Tomasz Nowicki <tnowicki@caviumnetworks.com>
Date: Thu Sep 20 13:18:00 2018 -0600
coresight: etm4x: Configure EL2 exception level when kernel is running in HYP
[ Upstream commit b860801e3237ec4c74cf8de0be4816996757ae5c ]
For non-VHE systems host kernel runs at EL1 and jumps to EL2 whenever
hypervisor code should be executed. In this case ETM4x driver must
restrict configuration to EL1 when it setups kernel tracing.
However, there is no separate hypervisor privilege level when VHE
is enabled, the host kernel runs at EL2.
This patch fixes configuration of TRCACATRn register for VHE systems
so that ETM_EXLEVEL_NS_HYP bit is used instead of ETM_EXLEVEL_NS_OS
to on/off kernel tracing. At the same time, it moves common code
to new helper.
Signed-off-by: Tomasz Nowicki <tnowicki@caviumnetworks.com>
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit e834a0f8ebb02527bf60076c4b400cd149c63318
Author: Suzuki K Poulose <suzuki.poulose@arm.com>
Date: Thu Sep 20 13:17:45 2018 -0600
coresight: Fix handling of sinks
[ Upstream commit c71369de02b285d9da526a526d8f2affc7b17c59 ]
The coresight components could be operated either in sysfs mode or in perf
mode. For some of the components, the mode of operation doesn't matter as
they simply relay the data to the next component in the trace path. But for
sinks, they need to be able to provide the trace data back to the user.
Thus we need to make sure that "mode" is handled appropriately. e.g,
the sysfs mode could have multiple sources driving the trace data, while
perf mode doesn't allow sharing the sink.
The coresight_enable_sink() however doesn't really allow this check to
trigger as it skips the "enable_sink" callback if the component is
already enabled, irrespective of the mode. This could cause mixing
of data from different modes or even same mode (in perf), if the
sources are different. Also, if we fail to enable the sink while
enabling a path (where sink is the first component enabled),
we could end up in disabling the components in the "entire"
path which were not enabled in this trial, causing disruptions
in the existing trace paths.
Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 1f3745afb9d749681f752a726d5296429e65e989
Author: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Date: Fri Aug 10 15:44:57 2018 +0300
usb: gadget: uvc: Only halt video streaming endpoint in bulk mode
[ Upstream commit 8dbf9c7abefd5c1434a956d5c6b25e11183061a3 ]
When USB requests for video data fail to be submitted, the driver
signals a problem to the host by halting the video streaming endpoint.
This is only valid in bulk mode, as isochronous transfers have no
handshake phase and can't thus report a stall. The usb_ep_set_halt()
call returns an error when using isochronous endpoints, which we happily
ignore, but some UDCs complain in the kernel log. Fix this by only
trying to halt the endpoint in bulk mode.
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Reviewed-by: Paul Elder <paul.elder@ideasonboard.com>
Tested-by: Paul Elder <paul.elder@ideasonboard.com>
Reviewed-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 28ff0fa765e10bd7478902da5a1c9d90761a9e2b
Author: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Date: Fri Aug 10 15:42:03 2018 +0300
usb: gadget: uvc: Factor out video USB request queueing
[ Upstream commit 9d1ff5dcb3cd3390b1e56f1c24ae42c72257c4a3 ]
USB requests for video data are queued from two different locations in
the driver, with the same code block occurring twice. Factor it out to a
function.
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Reviewed-by: Paul Elder <paul.elder@ideasonboard.com>
Tested-by: Paul Elder <paul.elder@ideasonboard.com>
Reviewed-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 0623749e14dded79af478f2d5edef8e49071d9e0
Author: Andreas Kemnade <andreas@kemnade.info>
Date: Sat Sep 22 11:44:05 2018 +0200
phy: phy-twl4030-usb: fix denied runtime access
[ Upstream commit 6c7103aa026094a4ee2c2708ec6977a6dfc5331d ]
When runtime is not enabled, pm_runtime_get_sync() returns -EACCESS,
the counter will be incremented but the resume callback not called,
so enumeration and charging will not start properly.
To avoid that happen, disable irq on suspend and recheck on resume.
Practically this happens when the device is woken up from suspend by
plugging in usb.
Signed-off-by: Andreas Kemnade <andreas@kemnade.info>
Signed-off-by: Kishon Vijay Abraham I <kishon@ti.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit bfdb08934b2c10f9d3a7a054067b49d54dc247d0
Author: Joel Pepper <joel.pepper@rwth-aachen.de>
Date: Tue May 29 21:02:12 2018 +0200
usb: gadget: uvc: configfs: Prevent format changes after linking header
[ Upstream commit cb2200f7af8341aaf0c6abd7ba37e4c667c41639 ]
While checks are in place to avoid attributes and children of a format
being manipulated after the format is linked into the streaming header,
the linked flag was never actually set, invalidating the protections.
Update the flag as appropriate in the header link calls.
Signed-off-by: Joel Pepper <joel.pepper@rwth-aachen.de>
Reviewed-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 013cf51fac80840e381f15616e960d8be2df2f12
Author: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Date: Thu Aug 2 00:14:00 2018 +0300
usb: gadget: uvc: configfs: Drop leaked references to config items
[ Upstream commit 86f3daed59bceb4fa7981d85e89f63ebbae1d561 ]
Some of the .allow_link() and .drop_link() operations implementations
call config_group_find_item() and then leak the reference to the
returned item. Fix this by dropping those references where needed.
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Reviewed-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 699e597923ada4e0d77565c63e816b088e43a136
Author: Nathan Chancellor <natechancellor@gmail.com>
Date: Sat Sep 15 02:16:15 2018 -0400
media: davinci: Fix implicit enum conversion warning
[ Upstream commit 4158757395b300b6eb308fc20b96d1d231484413 ]
Clang warns when one enumerated type is implicitly converted to another.
drivers/media/platform/davinci/vpbe_display.c:524:24: warning: implicit
conversion from enumeration type 'enum osd_v_exp_ratio' to different
enumeration type 'enum osd_h_exp_ratio' [-Wenum-conversion]
layer_info->h_exp = V_EXP_6_OVER_5;
~ ^~~~~~~~~~~~~~
1 warning generated.
This appears to be a copy and paste error judging from the couple of
lines directly above this statement and the way that height is handled
in the if block above this one.
Reported-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit c6b1c9d7835d03e247a70f373982c1083530ca3a
Author: Brad Love <brad@nextdimension.cc>
Date: Thu Sep 6 17:07:49 2018 -0400
media: au0828: Fix incorrect error messages
[ Upstream commit f347596f2bf114a3af3d80201c6e6bef538d884f ]
Correcting red herring error messages.
Where appropriate, replaces au0282_dev_register with:
- au0828_analog_register
- au0828_dvb_register
Signed-off-by: Brad Love <brad@nextdimension.cc>
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 7a40880aa0fa3b76c9546186970f54c821a3892c
Author: Jia-Ju Bai <baijiaju1990@gmail.com>
Date: Sat Sep 1 07:44:09 2018 -0400
media: pci: ivtv: Fix a sleep-in-atomic-context bug in ivtv_yuv_init()
[ Upstream commit 8d11eb847de7d89c2754988c944d51a4f63e219b ]
The driver may sleep in a interrupt handler.
The function call paths (from bottom to top) in Linux-4.16 are:
[FUNC] kzalloc(GFP_KERNEL)
drivers/media/pci/ivtv/ivtv-yuv.c, 938:
kzalloc in ivtv_yuv_init
drivers/media/pci/ivtv/ivtv-yuv.c, 960:
ivtv_yuv_init in ivtv_yuv_next_free
drivers/media/pci/ivtv/ivtv-yuv.c, 1126:
ivtv_yuv_next_free in ivtv_yuv_setup_stream_frame
drivers/media/pci/ivtv/ivtv-irq.c, 827:
ivtv_yuv_setup_stream_frame in ivtv_irq_dec_data_req
drivers/media/pci/ivtv/ivtv-irq.c, 1013:
ivtv_irq_dec_data_req in ivtv_irq_handler
To fix this bug, GFP_KERNEL is replaced with GFP_ATOMIC.
This bug is found by my static analysis tool DSAC.
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 2dc1504b4fb96d0f662d1ea507c7556a60770b75
Author: Dengcheng Zhu <dzhu@wavecomp.com>
Date: Tue Sep 11 14:49:23 2018 -0700
MIPS: kexec: Relax memory restriction
[ Upstream commit a6da4d6fdf8bd512c98d3ac7f1d16bc4bb282919 ]
We can rely on the system kernel and the dump capture kernel themselves in
memory usage.
Being restrictive with 512MB limit may cause kexec tool failure on some
platforms.
Tested-by: Rachel Mozes <rachel.mozes@intel.com>
Reported-by: Rachel Mozes <rachel.mozes@intel.com>
Signed-off-by: Dengcheng Zhu <dzhu@wavecomp.com>
Signed-off-by: Paul Burton <paul.burton@mips.com>
Patchwork: https://patchwork.linux-mips.org/patch/20568/
Cc: pburton@wavecomp.com
Cc: ralf@linux-mips.org
Cc: linux-mips@linux-mips.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit ec6eb73fb87e72608b738734d19034dfea3d9e9c
Author: Matthew Whitehead <tedheadster@gmail.com>
Date: Fri Sep 21 17:20:40 2018 -0400
x86/CPU: Use correct macros for Cyrix calls
[ Upstream commit 03b099bdcdf7125d4a63dc9ddeefdd454e05123d ]
There are comments in processor-cyrix.h advising you to _not_ make calls
using the deprecated macros in this style:
setCx86_old(CX86_CCR4, getCx86_old(CX86_CCR4) | 0x80);
This is because it expands the macro into a non-functioning calling
sequence. The calling order must be:
outb(CX86_CCR2, 0x22);
inb(0x23);
From the comments:
* When using the old macros a line like
* setCx86(CX86_CCR2, getCx86(CX86_CCR2) | 0x88);
* gets expanded to:
* do {
* outb((CX86_CCR2), 0x22);
* outb((({
* outb((CX86_CCR2), 0x22);
* inb(0x23);
* }) | 0x88), 0x23);
* } while (0);
The new macros fix this problem, so use them instead.
Signed-off-by: Matthew Whitehead <tedheadster@gmail.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Andy Lutomirski <luto@amacapital.net>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Jia Zhang <qianyue.zj@alibaba-inc.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Philippe Ombredanne <pombredanne@nexb.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/20180921212041.13096-2-tedheadster@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 49c9fe4957d003e24e9cb5755fb1326e6c9e047c
Author: YueHaibing <yuehaibing@huawei.com>
Date: Fri Sep 21 10:42:15 2018 +0800
net: micrel: fix return type of ndo_start_xmit function
[ Upstream commit 2b49117a5abee8478b0470cba46ac74f93b4a479 ]
The method ndo_start_xmit() is defined as returning an 'netdev_tx_t',
which is a typedef for an enum type, so make sure the implementation in
this driver has returns 'netdev_tx_t' value, and change the function
return type to netdev_tx_t.
Found by coccinelle.
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 1bba9352c04b8dbb14967894b070f1d60e0eaa1f
Author: Shahed Shaikh <Shahed.Shaikh@cavium.com>
Date: Thu Sep 20 11:22:51 2018 -0700
bnx2x: Ignore bandwidth attention in single function mode
[ Upstream commit 75a110a1783ef8324ffd763b24f4ac268253cbca ]
This is a workaround for FW bug -
MFW generates bandwidth attention in single function mode, which
is only expected to be generated in multi function mode.
This undesired attention in SF mode results in incorrect HW
configuration and resulting into Tx timeout.
Signed-off-by: Shahed Shaikh <Shahed.Shaikh@cavium.com>
Signed-off-by: Ariel Elior <ariel.elior@cavium.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit cb0105ed84d323910a087eefec222f9994f75af3
Author: Rob Herring <robh@kernel.org>
Date: Thu Sep 13 13:12:31 2018 -0500
ARM: dts: marvell: Fix SPI and I2C bus warnings
[ Upstream commit cf680cc5251487b9a39919c3cda31a108af19cf8 ]
dtc has new checks for I2C and SPI buses. Fix the warnings in node names
and unit-addresses.
arch/arm/boot/dts/dove-cubox.dtb: Warning (i2c_bus_reg): /i2c-mux/i2c@0/clock-generator: I2C bus unit address format error, expected "60"
arch/arm/boot/dts/dove-cubox-es.dtb: Warning (i2c_bus_reg): /i2c-mux/i2c@0/clock-generator: I2C bus unit address format error, expected "60"
arch/arm/boot/dts/dove-cubox.dtb: Warning (spi_bus_bridge): /mbus/internal-regs/spi-ctrl@10600: node name for SPI buses should be 'spi'
arch/arm/boot/dts/dove-cubox-es.dtb: Warning (spi_bus_bridge): /mbus/internal-regs/spi-ctrl@10600: node name for SPI buses should be 'spi'
arch/arm/boot/dts/dove-dove-db.dtb: Warning (spi_bus_bridge): /mbus/internal-regs/spi-ctrl@10600: node name for SPI buses should be 'spi'
arch/arm/boot/dts/dove-sbc-a510.dtb: Warning (spi_bus_bridge): /mbus/internal-regs/spi-ctrl@10600: node name for SPI buses should be 'spi'
arch/arm/boot/dts/dove-sbc-a510.dtb: Warning (spi_bus_bridge): /mbus/internal-regs/spi-ctrl@14600: node name for SPI buses should be 'spi'
arch/arm/boot/dts/orion5x-kuroboxpro.dtb: Warning (i2c_bus_reg): /soc/internal-regs/i2c@11000/rtc: I2C bus unit address format error, expected "32"
arch/arm/boot/dts/orion5x-linkstation-lschl.dtb: Warning (i2c_bus_reg): /soc/internal-regs/i2c@11000/rtc: I2C bus unit address format error, expected "32"
arch/arm/boot/dts/orion5x-linkstation-lsgl.dtb: Warning (i2c_bus_reg): /soc/internal-regs/i2c@11000/rtc: I2C bus unit address format error, expected "32"
arch/arm/boot/dts/orion5x-linkstation-lswtgl.dtb: Warning (i2c_bus_reg): /soc/internal-regs/i2c@11000/rtc: I2C bus unit address format error, expected "32"
Cc: Jason Cooper <jason@lakedaemon.net>
Cc: Andrew Lunn <andrew@lunn.ch>
Cc: Sebastian Hesselbarth <sebastian.hesselbarth@gmail.com>
Cc: Gregory Clement <gregory.clement@bootlin.com>
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 79a266352c41bc8076f94f14fd24a7c5cb7cbd9b
Author: Stefan Agner <stefan@agner.ch>
Date: Sat Sep 15 21:38:24 2018 -0700
cpufeature: avoid warning when compiling with clang
[ Upstream commit c785896b21dd8e156326ff660050b0074d3431df ]
The table id (second) argument to MODULE_DEVICE_TABLE is often
referenced otherwise. This is not the case for CPU features. This
leads to warnings when building the kernel with Clang:
arch/arm/crypto/aes-ce-glue.c:450:1: warning: variable
'cpu_feature_match_AES' is not needed and will not be emitted
[-Wunneeded-internal-declaration]
module_cpu_feature_match(AES, aes_init);
^
Avoid warnings by using __maybe_unused, similar to commit 1f318a8bafcf
("modules: mark __inittest/__exittest as __maybe_unused").
Fixes: 67bad2fdb754 ("cpu: add generic support for CPU feature based module autoloading")
Signed-off-by: Stefan Agner <stefan@agner.ch>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 8c701e704c7215b8e8323d5b49b09a897dc96652
Author: Nathan Chancellor <natechancellor@gmail.com>
Date: Thu Sep 20 16:13:37 2018 -0700
spi: pic32: Use proper enum in dmaengine_prep_slave_rg
[ Upstream commit 8cfde7847d5ed0bb77bace41519572963e43cd17 ]
Clang warns when one enumerated type is converted implicitly to another:
drivers/spi/spi-pic32.c:323:8: warning: implicit conversion from
enumeration type 'enum dma_data_direction' to different enumeration type
'enum dma_transfer_direction' [-Wenum-conversion]
DMA_FROM_DEVICE,
^~~~~~~~~~~~~~~
drivers/spi/spi-pic32.c:333:8: warning: implicit conversion from
enumeration type 'enum dma_data_direction' to different enumeration type
'enum dma_transfer_direction' [-Wenum-conversion]
DMA_TO_DEVICE,
^~~~~~~~~~~~~
2 warnings generated.
Use the proper enums from dma_transfer_direction (DMA_FROM_DEVICE =
DMA_DEV_TO_MEM = 2, DMA_TO_DEVICE = DMA_MEM_TO_DEV = 1) to satify Clang.
Link: https://github.com/ClangBuiltLinux/linux/issues/159
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 5e4cf0e73925baa4d412598fb8df99437c743aca
Author: Rob Herring <robh@kernel.org>
Date: Thu Sep 13 13:12:34 2018 -0500
ARM: dts: ste: Fix SPI controller node names
[ Upstream commit 2f967f9e9fa076affb711da1a8389b5d33814fc6 ]
SPI controller nodes should be named 'spi' rather than 'ssp'. Fixing the
name enables dtc SPI bus checks.
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 30ef1cc278fc7d9345dfe7f434ff2ba75e5c0131
Author: Linus Walleij <linus.walleij@linaro.org>
Date: Tue Jul 3 10:30:03 2018 +0200
ARM: dts: ux500: Fix LCDA clock line muxing
[ Upstream commit ecde29569e3484e1d0a032bf4074449bce4d4a03 ]
The "lcdaclk_b_1" group is muxed with the function "lcd"
but needs a separate entry to be muxed in with "lcda"
rather than "lcd".
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 6666c91486074a9b3cd9b02c7bab9801267e5b34
Author: Geert Uytterhoeven <geert+renesas@glider.be>
Date: Tue Jun 26 09:50:09 2018 +0200
ARM: dts: ux500: Correct SCU unit address
[ Upstream commit 2f217d24ecaec2012e628d21e244eef0608656a4 ]
The unit address of the Cortex-A9 SCU device node contains one zero too
many. Remove it.
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 1bbb59cd92cb01d963426973a5ff871ce495138b
Author: Chao Yu <yuchao0@huawei.com>
Date: Thu Sep 20 17:41:30 2018 +0800
f2fs: fix to recover inode's uid/gid during POR
[ Upstream commit dc4cd1257c86451cec3e8e352cc376348e4f4af4 ]
Step to reproduce this bug:
1. logon as root
2. mount -t f2fs /dev/sdd /mnt;
3. touch /mnt/file;
4. chown system /mnt/file; chgrp system /mnt/file;
5. xfs_io -f /mnt/file -c "fsync";
6. godown /mnt;
7. umount /mnt;
8. mount -t f2fs /dev/sdd /mnt;
After step 8) we will expect file's uid/gid are all system, but during
recovery, these two fields were not been recovered, fix it.
Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 5bd3bc76611ad0c8a1dd043ec00fb373981cdd25
Author: Grygorii Strashko <grygorii.strashko@ti.com>
Date: Sat Sep 8 17:33:40 2018 -0500
ARM: dts: am335x-evm: fix number of cpsw
[ Upstream commit dcbf6b18d81bcdc51390ca1b258c17e2e13b7d0c ]
am335x-evm has only one CPSW external port physically wired, but DT defines
2 ext. ports. As result, PHY connection failure reported for the second
ext. port.
Update DT to reflect am335x-evm board HW configuration, and, while here,
switch to use phy-handle instead of phy_id.
Signed-off-by: Grygorii Strashko <grygorii.strashko@ti.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit a59c40c132f3251eaa2270e36902db1e2e5deb1b
Author: Petr Machata <petrm@mellanox.com>
Date: Thu Sep 20 09:21:24 2018 +0300
mlxsw: spectrum: Init shaper for TCs 8..15
[ Upstream commit a9f36656b519a9a21309793c306941a3cd0eeb8f ]
With introduction of MC-aware mode to mlxsw, it became necessary to
configure TCs above 7 as well. There is now code in mlxsw to disable ETS
for these higher classes, but disablement of max shaper was neglected.
By default, max shaper is currently disabled to begin with, so the
problem is just cosmetic. However, for symmetry, do like we do for ETS
configuration, and call mlxsw_sp_port_ets_maxrate_set() for both TC i
and i + 8.
Signed-off-by: Petr Machata <petrm@mellanox.com>
Reviewed-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 51194214cb6cff43b0604cb969d2ee10c2c2419b
Author: Loic Poulain <loic.poulain@linaro.org>
Date: Tue Sep 4 17:18:58 2018 +0200
usb: chipidea: Fix otg event handler
[ Upstream commit 59739131e0ca06db7560f9073fff2fb83f6bc2a5 ]
At OTG work running time, it's possible that several events need to be
addressed (e.g. ID and VBUS events). The current implementation handles
only one event at a time which leads to ignoring the other one. Fix it.
Signed-off-by: Loic Poulain <loic.poulain@linaro.org>
Signed-off-by: Peter Chen <peter.chen@nxp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 7cd6a13e203251caef4759eca16a7542510624a1
Author: Nicolas Adell <nicolas.adell@actia.fr>
Date: Mon Aug 27 15:59:56 2018 +0200
usb: chipidea: imx: enable OTG overcurrent in case USB subsystem is already started
[ Upstream commit 1dedbdf2bbb1ede8d96f35f9845ecae179dc1988 ]
When initializing the USB subsystem before starting the kernel,
OTG overcurrent detection is disabled. In case the OTG polarity of
overcurrent is low active, the overcurrent detection is never enabled
again and events cannot be reported as expected. Because imx usb
overcurrent polarity is low active by default, only detection needs
to be enable in usbmisc init function.
Signed-off-by: Nicolas Adell <nicolas.adell@actia.fr>
Signed-off-by: Peter Chen <peter.chen@nxp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 4605e4686d6cf8715cd239b720696a14c0ad2bb1
Author: YueHaibing <yuehaibing@huawei.com>
Date: Wed Sep 19 18:50:17 2018 +0800
net: amd: fix return type of ndo_start_xmit function
[ Upstream commit fe72352e37ae8478f4c97975a9831f0c50f22e73 ]
The method ndo_start_xmit() is defined as returning an 'netdev_tx_t',
which is a typedef for an enum type, so make sure the implementation in
this driver has returns 'netdev_tx_t' value, and change the function
return type to netdev_tx_t.
Found by coccinelle.
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 15c30fd65075db48006d6490f0fd29066d17af7e
Author: YueHaibing <yuehaibing@huawei.com>
Date: Wed Sep 19 18:45:12 2018 +0800
net: broadcom: fix return type of ndo_start_xmit function
[ Upstream commit 0c13b8d1aee87c35a2fbc1d85a1f766227cf54b5 ]
The method ndo_start_xmit() is defined as returning an 'netdev_tx_t',
which is a typedef for an enum type, so make sure the implementation in
this driver has returns 'netdev_tx_t' value, and change the function
return type to netdev_tx_t.
Found by coccinelle.
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 3659166e8d30659bd6e29adb41a93f28b769b817
Author: YueHaibing <yuehaibing@huawei.com>
Date: Wed Sep 19 18:32:40 2018 +0800
net: xilinx: fix return type of ndo_start_xmit function
[ Upstream commit 81255af8d9d5565004792c295dde49344df450ca ]
The method ndo_start_xmit() is defined as returning an 'netdev_tx_t',
which is a typedef for an enum type, so make sure the implementation in
this driver has returns 'netdev_tx_t' value, and change the function
return type to netdev_tx_t.
Found by coccinelle.
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit b8c543c5de38e8fb904747b3b00fff7b0d888917
Author: YueHaibing <yuehaibing@huawei.com>
Date: Wed Sep 19 18:23:39 2018 +0800
net: toshiba: fix return type of ndo_start_xmit function
[ Upstream commit bacade822524e02f662d88f784d2ae821a5546fb ]
The method ndo_start_xmit() is defined as returning an 'netdev_tx_t',
which is a typedef for an enum type, so make sure the implementation in
this driver has returns 'netdev_tx_t' value, and change the function
return type to netdev_tx_t.
Found by coccinelle.
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 7119b54f6cb581c7e10210cd194e54e02e4cb00b
Author: Andreas Kemnade <andreas@kemnade.info>
Date: Mon Sep 17 07:00:07 2018 +0200
power: supply: twl4030_charger: disable eoc interrupt on linear charge
[ Upstream commit 079cdff3d0a09c5da10ae1be35def7a116776328 ]
This avoids getting woken up from suspend after power interruptions
when the bci wrongly thinks the battery is full just because
of input current going low because of low input power
Signed-off-by: Andreas Kemnade <andreas@kemnade.info>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit d6e9e55c0dcf0db0d18a360e67ac30c2276aa09c
Author: Andreas Kemnade <andreas@kemnade.info>
Date: Mon Sep 17 07:20:35 2018 +0200
power: supply: twl4030_charger: fix charging current out-of-bounds
[ Upstream commit 8314c212f995bc0d06b54ad02ef0ab4089781540 ]
the charging current uses unsigned int variables, if we step back
if the current is still low, we would run into negative which
means setting the target to a huge value.
Better add checks here.
Signed-off-by: Andreas Kemnade <andreas@kemnade.info>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 63ce52b6ee1685f3a3bac8e62dd526662adc89a3
Author: Rob Herring <robh@kernel.org>
Date: Thu Sep 13 15:16:22 2018 -0500
libfdt: Ensure INT_MAX is defined in libfdt_env.h
[ Upstream commit 53dd9dce6979bc54d64a3a09a2fb20187a025be7 ]
The next update of libfdt has a new dependency on INT_MAX. Update the
instances of libfdt_env.h in the kernel to either include the necessary
header with the definition or define it locally.
Cc: Russell King <linux@armlinux.org.uk>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: linux-arm-kernel@lists.infradead.org
Cc: linuxppc-dev@lists.ozlabs.org
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit ab5f8536a384abc22fece26c4f3cfe34fbdd7fd8
Author: Håkon Bugge <Haakon.Bugge@oracle.com>
Date: Mon Sep 17 16:07:07 2018 +0200
RDMA/i40iw: Fix incorrect iterator type
[ Upstream commit 802fa45cd320de319e86c93bca72abec028ba059 ]
Commit f27b4746f378 ("i40iw: add connection management code") uses an
incorrect rcu iterator, whilst holding the rtnl_lock. Since the
critical region invokes i40iw_manage_qhash(), which is a sleeping
function, the rcu locking and traversal cannot be used.
Signed-off-by: Håkon Bugge <haakon.bugge@oracle.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 3e6636c924297a2a4e1e8aa2f22c7481a01ce6f3
Author: Nathan Fontenot <nfont@linux.vnet.ibm.com>
Date: Mon Sep 17 14:14:02 2018 -0500
powerpc/pseries: Disable CPU hotplug across migrations
[ Upstream commit 85a88cabad57d26d826dd94ea34d3a785824d802 ]
When performing partition migrations all present CPUs must be online
as all present CPUs must make the H_JOIN call as part of the migration
process. Once all present CPUs make the H_JOIN call, one CPU is returned
to make the rtas call to perform the migration to the destination system.
During testing of migration and changing the SMT state we have found
instances where CPUs are offlined, as part of the SMT state change,
before they make the H_JOIN call. This results in a hung system where
every CPU is either in H_JOIN or offline.
To prevent this this patch disables CPU hotplug during the migration
process.
Signed-off-by: Nathan Fontenot <nfont@linux.vnet.ibm.com>
Reviewed-by: Tyrel Datwyler <tyreld@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 2fd5485d93edab99ccea2e9abba038dc3f15a145
Author: Nicholas Piggin <npiggin@gmail.com>
Date: Sat Sep 15 01:30:45 2018 +1000
powerpc/64s/hash: Fix stab_rr off by one initialization
[ Upstream commit 09b4438db13fa83b6219aee5993711a2aa2a0c64 ]
This causes SLB alloation to start 1 beyond the start of the SLB.
There is no real problem because after it wraps it stats behaving
properly, it's just surprisig to see when looking at SLB traces.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 3faa1d3b2350239a6292fb8e7379f80b5af70ee4
Author: Breno Leitao <leitao@debian.org>
Date: Tue Aug 21 15:44:48 2018 -0300
powerpc/iommu: Avoid derefence before pointer check
[ Upstream commit 984ecdd68de0fa1f63ce205d6c19ef5a7bc67b40 ]
The tbl pointer is being derefenced by IOMMU_PAGE_SIZE prior the check
if it is not NULL.
Just moving the dereference code to after the check, where there will
be guarantee that 'tbl' will not be NULL.
Signed-off-by: Breno Leitao <leitao@debian.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit be9a5ecdd40ea505af3631e4c85e20af8afcb4bb
Author: Anton Vasilyev <vasilyev@ispras.ru>
Date: Tue Aug 7 13:59:05 2018 +0300
serial: mxs-auart: Fix potential infinite loop
[ Upstream commit 5963e8a3122471cadfe0eba41c4ceaeaa5c8bb4d ]
On the error path of mxs_auart_request_gpio_irq() is performed
backward iterating with index i of enum type. Underline enum type
may be unsigned char. In this case check (--i >= 0) will be always
true and error handling goes into infinite loop.
The patch changes the check so that it is valid for signed and unsigned
types.
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Anton Vasilyev <vasilyev@ispras.ru>
Acked-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 99722d146c94de7d470576141dfe6a459515f997
Author: Sinan Kaya <okaya@kernel.org>
Date: Fri Aug 10 04:32:11 2018 +0000
PCI/ACPI: Correct error message for ASPM disabling
[ Upstream commit 1ad61b612b95980a4d970c52022aa01dfc0f6068 ]
If _OSC execution fails today for platforms without an _OSC entry, code is
printing a misleading message saying disabling ASPM as follows:
acpi PNP0A03:00: _OSC failed (AE_NOT_FOUND); disabling ASPM
We need to ensure that platform supports ASPM to begin with.
Reported-by: Michael Kelley <mikelley@microsoft.com>
Signed-off-by: Sinan Kaya <okaya@kernel.org>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit ebaf6c4a1ed9135fc93d5d996e19fc16736eb702
Author: Julian Wiedmann <jwi@linux.ibm.com>
Date: Mon Sep 17 17:36:06 2018 +0200
s390/qeth: invoke softirqs after napi_schedule()
[ Upstream commit 4d19db777a2f32c9b76f6fd517ed8960576cb43e ]
Calling napi_schedule() from process context does not ensure that the
NET_RX softirq is run in a timely fashion. So trigger it manually.
This is no big issue with current code. A call to ndo_open() is usually
followed by a ndo_set_rx_mode() call, and for qeth this contains a
spin_unlock_bh(). Except for OSN, where qeth_l2_set_rx_mode() bails out
early.
Nevertheless it's best to not depend on this behaviour, and just fix
the issue at its source like all other drivers do. For instance see
commit 83a0c6e58901 ("i40e: Invoke softirqs after napi_reschedule").
Fixes: a1c3ed4c9ca0 ("qeth: NAPI support for l2 and l3 discipline")
Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 55b8644dfd624506d1f9ddb20f0bee94c029643b
Author: Dan Carpenter <dan.carpenter@oracle.com>
Date: Fri Oct 19 23:08:43 2018 +0300
ath9k: Fix a locking bug in ath9k_add_interface()
[ Upstream commit 461cf036057477805a8a391e5fd0f5264a5e56a8 ]
We tried to revert commit d9c52fd17cb4 ("ath9k: fix tx99 with monitor
mode interface") but accidentally missed part of the locking change.
The lock has to be held earlier so that we're holding it when we do
"sc->tx99_vif = vif;" and also there in the current code there is a
stray unlock before we have taken the lock.
Fixes: 6df0580be8bc ("ath9k: add back support for using active monitor interfaces for tx99")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit c88208f9e6eec7352e99c54435114614dd2bfb31
Author: Rob Herring <robh@kernel.org>
Date: Thu Sep 13 13:12:36 2018 -0500
ARM: dts: rockchip: Fix erroneous SPI bus dtc warnings on rk3036
[ Upstream commit 131c3eb428ccd5f0c784b9edb4f72ec296a045d2 ]
dtc has new checks for SPI buses. The rk3036 dts file has a node named
spi' which causes false positive warnings. As the node is a pinctrl child
node, change the node name to be 'spi-pins' to fix the warnings.
arch/arm/boot/dts/rk3036-evb.dtb: Warning (spi_bus_bridge): /pinctrl/spi: incorrect #address-cells for SPI bus
arch/arm/boot/dts/rk3036-kylin.dtb: Warning (spi_bus_bridge): /pinctrl/spi: incorrect #address-cells for SPI bus
arch/arm/boot/dts/rk3036-evb.dtb: Warning (spi_bus_bridge): /pinctrl/spi: incorrect #size-cells for SPI bus
arch/arm/boot/dts/rk3036-kylin.dtb: Warning (spi_bus_bridge): /pinctrl/spi: incorrect #size-cells for SPI bus
Cc: Heiko Stuebner <heiko@sntech.de>
Cc: linux-rockchip@lists.infradead.org
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 5394976b6f44b94da867a1e469cf52ec430008c5
Author: Haishuang Yan <yanhaishuang@cmss.chinamobile.com>
Date: Fri Sep 14 12:26:47 2018 +0800
ip_gre: fix parsing gre header in ipgre_err
[ Upstream commit b0350d51f001e6edc13ee4f253b98b50b05dd401 ]
gre_parse_header stops parsing when csum_err is encountered, which means
tpi->key is undefined and ip_tunnel_lookup will return NULL improperly.
This patch introduce a NULL pointer as csum_err parameter. Even when
csum_err is encountered, it won't return error and continue parsing gre
header as expected.
Fixes: 9f57c67c379d ("gre: Remove support for sharing GRE protocol hook.")
Reported-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: Haishuang Yan <yanhaishuang@cmss.chinamobile.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 90b3fec68335dd619b0c37f1160b65ebd41a23a8
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Sat Jul 7 17:52:47 2018 +0000
kernfs: Fix range checks in kernfs_get_target_path
[ Upstream commit a75e78f21f9ad4b810868c89dbbabcc3931591ca ]
The terminating NUL byte is only there because the buffer is
allocated with kzalloc(PAGE_SIZE, GFP_KERNEL), but since the
range-check is off-by-one, and PAGE_SIZE==PATH_MAX, the
returned string may not be zero-terminated if it is exactly
PATH_MAX characters long. Furthermore also the initial loop
may theoretically exceed PATH_MAX and cause a fault.
Signed-off-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Acked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit e44864233f2ff15a1fe78cfd3fe9eaca2f1959b7
Author: Banajit Goswami <bgoswami@codeaurora.org>
Date: Mon Aug 27 21:15:39 2018 -0700
component: fix loop condition to call unbind() if bind() fails
[ Upstream commit bdae566d5d9733b6e32b378668b84eadf28a94d4 ]
During component_bind_all(), if bind() fails for any
particular component associated with a master, unbind()
should be called for all previous components in that
master's match array, whose bind() might have completed
successfully. As per the current logic, if bind() fails
for the component at position 'n' in the master's match
array, it would start calling unbind() from component in
'n'th position itself and work backwards, and will always
skip calling unbind() for component in 0th position in the
master's match array.
Fix this by updating the loop condition, and the logic to
refer to the components in master's match array, so that
unbind() is called for all components starting from 'n-1'st
position in the array, until (and including) component in
0th position.
Signed-off-by: Banajit Goswami <bgoswami@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 58236481a87f10eb924032928c334af261c9271f
Author: Tomasz Figa <tomasz.figa@gmail.com>
Date: Tue Jul 17 18:05:07 2018 +0200
power: supply: max8998-charger: Fix platform data retrieval
[ Upstream commit cb90a2c6f77fe9b43d1e3f759bb2f13fe7fa1811 ]
Since the max8998 MFD driver supports instantiation by DT, platform data
retrieval is handled in MFD probe and cell drivers should get use
the pdata field of max8998_dev struct to obtain them.
Fixes: ee999fb3f17f ("mfd: max8998: Add support for Device Tree")
Signed-off-by: Tomasz Figa <tomasz.figa@gmail.com>
Signed-off-by: Paweł Chmiel <pawel.mikolaj.chmiel@gmail.com>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit c8dc500fac020debfc198aab0ace2d6a5b7ed236
Author: Claudiu Beznea <claudiu.beznea@microchip.com>
Date: Thu Aug 30 14:50:11 2018 +0300
power: reset: at91-poweroff: do not procede if at91_shdwc is allocated
[ Upstream commit 9f1e44774be578fb92776add95f1fcaf8284d692 ]
There should be only one instance of struct shdwc in the system. This is
referenced through at91_shdwc. Return in probe if at91_shdwc is already
allocated.
Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
Acked-by: Nicolas Ferre <nicolas.ferre@microchip.com>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit c83c60771e3bf2445fad590a97111ff418831527
Author: Dan Carpenter <dan.carpenter@oracle.com>
Date: Mon Sep 10 11:39:04 2018 +0300
power: supply: ab8500_fg: silence uninitialized variable warnings
[ Upstream commit 54baff8d4e5dce2cef61953b1dc22079cda1ddb1 ]
If kstrtoul() fails then we print "charge_full" when it's uninitialized.
The debug printk doesn't add anything so I deleted it and cleaned these
two functions up a bit.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit c5e8cbc9ab94d646577576ce6e4db1dbfeec98a4
Author: Ganesh Goudar <ganeshgr@chelsio.com>
Date: Fri Sep 14 14:36:27 2018 +0530
cxgb4: Fix endianness issue in t4_fwcache()
[ Upstream commit 0dc235afc59a226d951352b0adf4a89b532a9d13 ]
Do not put host-endian 0 or 1 into big endian feild.
Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Ganesh Goudar <ganeshgr@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit f2cb74d17d91765e964fa1bf000a44991fa26a6c
Author: Ludovic Desroches <ludovic.desroches@microchip.com>
Date: Thu Sep 13 14:42:13 2018 +0200
pinctrl: at91: don't use the same irqchip with multiple gpiochips
[ Upstream commit 0c3dfa176912b5f87732545598200fb55e9c1978 ]
Sharing the same irqchip with multiple gpiochips is not a good
practice. For instance, when installing hooks, we change the state
of the irqchip. The initial state of the irqchip for the second
gpiochip to register is then disrupted.
Signed-off-by: Ludovic Desroches <ludovic.desroches@microchip.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 6713c5d18eb3de2845380338f117b8fcae7f1969
Author: Dinh Nguyen <dinguyen@kernel.org>
Date: Thu Sep 13 23:52:49 2018 -0500
ARM: dts: socfpga: Fix I2C bus unit-address error
[ Upstream commit cbbc488ed85061a765cf370c3e41f383c1e0add6 ]
dtc has new checks for I2C buses. Fix the warnings in unit-addresses.
arch/arm/boot/dts/socfpga_cyclone5_de0_sockit.dtb: Warning (i2c_bus_reg): /soc/i2c@ffc04000/adxl345@0: I2C bus unit address format error, expected "53"
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Dinh Nguyen <dinguyen@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 039eb3d5d06cab7eabca8557973a2bce783d84e3
Author: Alan Modra <amodra@gmail.com>
Date: Fri Sep 14 13:10:04 2018 +0930
powerpc/vdso: Correct call frame information
[ Upstream commit 56d20861c027498b5a1112b4f9f05b56d906fdda ]
Call Frame Information is used by gdb for back-traces and inserting
breakpoints on function return for the "finish" command. This failed
when inside __kernel_clock_gettime. More concerning than difficulty
debugging is that CFI is also used by stack frame unwinding code to
implement exceptions. If you have an app that needs to handle
asynchronous exceptions for some reason, and you are unlucky enough to
get one inside the VDSO time functions, your app will crash.
What's wrong: There is control flow in __kernel_clock_gettime that
reaches label 99 without saving lr in r12. CFI info however is
interpreted by the unwinder without reference to control flow: It's a
simple matter of "Execute all the CFI opcodes up to the current
address". That means the unwinder thinks r12 contains the return
address at label 99. Disabuse it of that notion by resetting CFI for
the return address at label 99.
Note that the ".cfi_restore lr" could have gone anywhere from the
"mtlr r12" a few instructions earlier to the instruction at label 99.
I put the CFI as late as possible, because in general that's best
practice (and if possible grouped with other CFI in order to reduce
the number of CFI opcodes executed when unwinding). Using r12 as the
return address is perfectly fine after the "mtlr r12" since r12 on
that code path still contains the return address.
__get_datapage also has a CFI error. That function temporarily saves
lr in r0, and reflects that fact with ".cfi_register lr,r0". A later
use of r0 means the CFI at that point isn't correct, as r0 no longer
contains the return address. Fix that too.
Signed-off-by: Alan Modra <amodra@gmail.com>
Tested-by: Reza Arbab <arbab@linux.ibm.com>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 0b6bc03692b9cbb8b5535018bbe1009feb61b999
Author: Christian Lamparter <chunkeey@gmail.com>
Date: Wed Jul 25 10:37:47 2018 +0200
ARM: dts: qcom: ipq4019: fix cpu0's qcom,saw2 reg value
[ Upstream commit bd73a3dd257fb838bd456a18eeee0ef0224b7a40 ]
while compiling an ipq4019 target, dtc will complain:
regulator@b089000 unit address format error, expected "2089000"
The saw0 regulator reg value seems to be
copied and pasted from qcom-ipq8064.dtsi.
This patch fixes the reg value to match that of the
unit address which in turn silences the warning.
(There is no driver for qcom,saw2 right now.
So this went unnoticed)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Andy Gross <andy.gross@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 7228cb8d997fac5813e78cfd17740d51773962c0
Author: Cong Wang <xiyou.wangcong@gmail.com>
Date: Tue Sep 11 11:42:06 2018 -0700
llc: avoid blocking in llc_sap_close()
[ Upstream commit 9708d2b5b7c648e8e0a40d11e8cea12f6277f33c ]
llc_sap_close() is called by llc_sap_put() which
could be called in BH context in llc_rcv(). We can't
block in BH.
There is no reason to block it here, kfree_rcu() should
be sufficient.
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 1d642b3f9e68ff34a4d0f5e7e88b8454f460eab1
Author: Dan Carpenter <dan.carpenter@oracle.com>
Date: Mon Sep 10 11:37:45 2018 +0300
pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map()
[ Upstream commit b97760ae8e3dc8bb91881c13425a0bff55f2bd85 ]
Smatch complains about this condition:
if (has_config && num_pins >= 1)
The "has_config" variable is either uninitialized or true. The
"num_pins" variable is unsigned and we verified that it is non-zero on
the lines before so we know "num_pines >= 1" is true. Really, we could
just check "num_configs" directly and remove the "has_config" variable.
Fixes: 776180848b57 ("pinctrl: introduce driver for Atmel PIO4 controller")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Ludovic Desroches <ludovic.desroches@microchip.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 84c2f1e2289b7b9b802e146cfd08600cc33d7cc4
Author: Takashi Iwai <tiwai@suse.de>
Date: Tue Aug 28 16:39:10 2018 +0200
ALSA: intel8x0m: Register irq handler after register initializations
[ Upstream commit 7064f376d4a10686f51c879401a569bb4babf9c6 ]
The interrupt handler has to be acquired after the other resource
initialization when allocated with IRQF_SHARED. Otherwise it's
triggered before the resource gets ready, and may lead to unpleasant
behavior.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 8b7623080aeae27eeab446d0a2857561e644fb51
Author: Arnd Bergmann <arnd@arndb.de>
Date: Mon Aug 27 15:56:21 2018 -0400
media: dvb: fix compat ioctl translation
[ Upstream commit 1ccbeeb888ac33627d91f1ccf0b84ef3bcadef24 ]
The VIDEO_GET_EVENT and VIDEO_STILLPICTURE was added back in 2005 but
it never worked because the command number is wrong.
Using the right command number means we have a better chance of them
actually doing the right thing, though clearly nobody has ever tried
it successfully.
I noticed these while auditing the remaining users of compat_time_t
for y2038 bugs. This one is fine in that regard, it just never did
anything.
Fixes: 6e87abd0b8cb ("[DVB]: Add compat ioctl handling.")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 3aa18ec542c913233fdba8b9c23823a0afd06e11
Author: Lao Wei <zrlw@qq.com>
Date: Mon Jul 9 08:15:53 2018 -0400
media: fix: media: pci: meye: validate offset to avoid arbitrary access
[ Upstream commit eac7230fdb4672c2cb56f6a01a1744f562c01f80 ]
Motion eye video4linux driver for Sony Vaio PictureBook desn't validate user-controlled parameter
'vma->vm_pgoff', a malicious process might access all of kernel memory from user space by trying
pass different arbitrary address.
Discussion: http://www.openwall.com/lists/oss-security/2018/07/06/1
Signed-off-by: Lao Wei <zrlw@qq.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 1bf24e95f6b11b1b4bcf622ab92de43fe66aa310
Author: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Date: Tue Aug 7 13:19:35 2018 +0100
nvmem: core: return error code instead of NULL from nvmem_device_get
[ Upstream commit ca6ac25cecf0e740d7cc8e03e0ebbf8acbeca3df ]
nvmem_device_get() should return ERR_PTR() on error or valid pointer
on success, but one of the code path seems to return NULL, so fix it.
Reported-by: Niklas Cassel <niklas.cassel@linaro.org>
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 679791f36e95c53ab4e5e8ba1e7d298cd188f96d
Author: Masami Hiramatsu <mhiramat@kernel.org>
Date: Tue Sep 11 19:21:09 2018 +0900
kprobes: Don't call BUG_ON() if there is a kprobe in use on free list
[ Upstream commit cbdd96f5586151e48317d90a403941ec23f12660 ]
Instead of calling BUG_ON(), if we find a kprobe in use on free kprobe
list, just remove it from the list and keep it on kprobe hash list
as same as other in-use kprobes.
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com>
Cc: David S . Miller <davem@davemloft.net>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Naveen N . Rao <naveen.n.rao@linux.vnet.ibm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/153666126882.21306.10738207224288507996.stgit@devbox
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 86c5cc2a5e196a4c6df7fdf4d9bffe7f2da1593c
Author: Deepak Ukey <deepak.ukey@microchip.com>
Date: Tue Sep 11 14:18:04 2018 +0530
scsi: pm80xx: Fixed system hang issue during kexec boot
[ Upstream commit 72349b62a571effd6faadd0600b8e657dd87afbf ]
When the firmware is not responding, execution of kexec boot causes a system
hang. When firmware assertion happened, driver get notified with interrupt
vector updated in MPI configuration table. Then, the driver will read
scratchpad register and set controller_fatal_error flag to true.
Signed-off-by: Deepak Ukey <deepak.ukey@microchip.com>
Signed-off-by: Viswas G <Viswas.G@microchip.com>
Acked-by: Jack Wang <jinpu.wang@profitbricks.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 89f4fa1abd20df363e1c6790ca5d29d007ce4bea
Author: Deepak Ukey <deepak.ukey@microchip.com>
Date: Tue Sep 11 14:18:03 2018 +0530
scsi: pm80xx: Corrected dma_unmap_sg() parameter
[ Upstream commit 76cb25b058034d37244be6aca97a2ad52a5fbcad ]
For the function dma_unmap_sg(), the <nents> parameter should be number of
elements in the scatter list prior to the mapping, not after the mapping.
Signed-off-by: Deepak Ukey <deepak.ukey@microchip.com>
Signed-off-by: Viswas G <Viswas.G@microchip.com>
Acked-by: Jack Wang <jinpu.wang@profitbricks.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 674d72a288fd0a8627aebe3db3e56cd1e6ed763f
Author: Oleksij Rempel <o.rempel@pengutronix.de>
Date: Thu Aug 2 12:34:21 2018 +0200
ARM: imx6: register pm_power_off handler if "fsl,pmic-stby-poweroff" is set
[ Upstream commit 8148d2136002da2e2887caf6a07bbd9c033f14f3 ]
One of the Freescale recommended sequences for power off with external
PMIC is the following:
...
3. SoC is programming PMIC for power off when standby is asserted.
4. In CCM STOP mode, Standby is asserted, PMIC gates SoC supplies.
See:
http://www.nxp.com/assets/documents/data/en/reference-manuals/IMX6DQRM.pdf
page 5083
This patch implements step 4. of this sequence.
Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 7d2c6b89e23f6b63f24fa53e6cbcdfe6086a7fb5
Author: George Kennedy <george.kennedy@oracle.com>
Date: Wed Aug 29 11:38:16 2018 -0400
scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir()
[ Upstream commit 288315e95264b6355e26609e9dec5dc4563d4ab0 ]
sym_int_sir() in sym_hipd.c does not check the command pointer for NULL before
using it in debug message prints.
Suggested-by: Matthew Wilcox <matthew.wilcox@oracle.com>
Signed-off-by: George Kennedy <george.kennedy@oracle.com>
Reviewed-by: Mark Kanda <mark.kanda@oracle.com>
Acked-by: Matthew Wilcox <matthew.wilcox@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit bb3af019e1c15a03c9d8bbcc359920111fc93187
Author: Chao Yu <yuchao0@huawei.com>
Date: Wed Sep 5 14:54:02 2018 +0800
f2fs: fix memory leak of percpu counter in fill_super()
[ Upstream commit 4a70e255449c9a13eed7a6eeecc85a1ea63cef76 ]
In fill_super -> init_percpu_info, we should destroy percpu counter
in error path, otherwise memory allcoated for percpu counter will
leak.
Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 75c36953ade7411eec249431fdcd8372e61ee20b
Author: Eric W. Biederman <ebiederm@xmission.com>
Date: Thu Jul 19 20:48:30 2018 -0500
signal: Properly deliver SIGSEGV from x86 uprobes
[ Upstream commit 4a63c1ffd384ebdce40aac9c997dab68379137be ]
For userspace to tell the difference between an random signal
and an exception, the exception must include siginfo information.
Using SEND_SIG_FORCED for SIGSEGV is thus wrong, and it will result in
userspace seeing si_code == SI_USER (like a random signal) instead of
si_code == SI_KERNEL or a more specific si_code as all exceptions
deliver.
Therefore replace force_sig_info(SIGSEGV, SEND_SIG_FORCE, current)
with force_sig(SIG_SEGV, current) which gets this right and is shorter
and easier to type.
Fixes: 791eca10107f ("uretprobes/x86: Hijack return address")
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit dbe380adfce2fd036d77a6077831831e5dea00e2
Author: Eric W. Biederman <ebiederm@xmission.com>
Date: Thu Jul 19 20:33:53 2018 -0500
signal: Properly deliver SIGILL from uprobes
[ Upstream commit 55a3235fc71bf34303e34a95eeee235b2d2a35dd ]
For userspace to tell the difference between a random signal and an
exception, the exception must include siginfo information.
Using SEND_SIG_FORCED for SIGILL is thus wrong, and it will result
in userspace seeing si_code == SI_USER (like a random signal) instead
of si_code == SI_KERNEL or a more specific si_code as all exceptions
deliver.
Therefore replace force_sig_info(SIGILL, SEND_SIG_FORCE, current)
with force_sig(SIG_ILL, current) which gets this right and is
shorter and easier to type.
Fixes: 014940bad8e4 ("uprobes/x86: Send SIGILL if arch_uprobe_post_xol() fails")
Fixes: 0b5256c7f173 ("uprobes: Send SIGILL if handle_trampoline() fails")
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 1f7d8a28b65fa5a0885e30ebf9575cad5976aa58
Author: Eric W. Biederman <ebiederm@xmission.com>
Date: Thu Jul 19 19:47:27 2018 -0500
signal: Always ignore SIGKILL and SIGSTOP sent to the global init
[ Upstream commit 86989c41b5ea08776c450cb759592532314a4ed6 ]
If the first process started (aka /sbin/init) receives a SIGKILL it
will panic the system if it is delivered. Making the system unusable
and undebugable. It isn't much better if the first process started
receives SIGSTOP.
So always ignore SIGSTOP and SIGKILL sent to init.
This is done in a separate clause in sig_task_ignored as force_sig_info
can clear SIG_UNKILLABLE and this protection should work even then.
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 463950f5539e0b6499dcc19cc07f853a37a0dbfc
Author: Felix Fietkau <nbd@nbd.name>
Date: Sat Sep 22 18:49:05 2018 +0200
ath9k: add back support for using active monitor interfaces for tx99
[ Upstream commit 6df0580be8bc30803c4d8b2ed9c2230a2740c795 ]
Various documented examples on how to set up tx99 with ath9k rely
on setting up a regular monitor interface for setting the channel.
My previous patch "ath9k: fix tx99 with monitor mode interface" made
it possible to set it up this way again. However, it was removing support
for using an active monitor interface, which is required for controlling
the bitrate as well, since the bitrate is not passed down with a regular
monitor interface.
This patch partially reverts the previous one, but keeps support for using
a regular monitor interface to keep documented steps working in cases
where the bitrate does not matter
Fixes: d9c52fd17cb48 ("ath9k: fix tx99 with monitor mode interface")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 635a8eb884c6f6d9568fde9ad8374aa4afb182b8
Author: Daniel Silsby <dansilsby@gmail.com>
Date: Wed Aug 29 23:32:56 2018 +0200
dmaengine: dma-jz4780: Further residue status fix
[ Upstream commit 83ef4fb7556b6a673f755da670cbacab7e2c7f1b ]
Func jz4780_dma_desc_residue() expects the index to the next hw
descriptor as its last parameter. Caller func jz4780_dma_tx_status(),
however, applied modulus before passing it. When the current hw
descriptor was last in the list, the index passed became zero.
The resulting excess of reported residue especially caused problems
with cyclic DMA transfer clients, i.e. ALSA AIC audio output, which
rely on this for determining current DMA location within buffer.
Combined with the recent and related residue-reporting fixes, spurious
ALSA audio underruns on jz4770 hardware are now fixed.
Signed-off-by: Daniel Silsby <dansilsby@gmail.com>
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Tested-by: Mathieu Malaterre <malat@debian.org>
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit c2bddaafed8beb720fed5bfe5d3d00556cf7a2ec
Author: Paul Cercueil <paul@crapouillou.net>
Date: Wed Aug 29 23:32:48 2018 +0200
dmaengine: dma-jz4780: Don't depend on MACH_JZ4780
[ Upstream commit c558ecd21c852c97ff98dc6c61f715ba420ec251 ]
If we make this driver depend on MACH_JZ4780, that means it can be
enabled only if we're building a kernel specially crafted for a
JZ4780-based board, while most GNU/Linux distributions will want one
generic MIPS kernel that works on multiple boards.
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 1d22d1cec7308dd94b3faf9fa93d0e9ef248019d
Author: H. Nikolaus Schaller <hns@goldelico.com>
Date: Tue Jul 31 09:11:14 2018 +0200
ARM: dts: omap3-gta04: keep vpll2 always on
[ Upstream commit 1ae00833e30c9b4af5cbfda65d75b1de12f74013 ]
This is needed to make the display and venc work properly.
Compare to omap3-beagle.dts.
Signed-off-by: H. Nikolaus Schaller <hns@goldelico.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit fffef133abc660ee568c86d04020956e94476b70
Author: H. Nikolaus Schaller <hns@goldelico.com>
Date: Tue Jul 31 09:11:12 2018 +0200
ARM: dts: omap3-gta04: make NAND partitions compatible with recent U-Boot
[ Upstream commit fa99c21ecb3cd4021a60d0e8bf880e78b5bd0729 ]
Vendor defined U-Boot has changed the partition scheme a while ago:
* kernel partition 6MB
* file system partition uses the remainder up to end of the NAND
* increased size of the environment partition (to get an OneNAND compatible base address)
* shrink the U-Boot partition
Let's be compatible (e.g. Debian kernel built from upstream).
Signed-off-by: H. Nikolaus Schaller <hns@goldelico.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 7d9898491ddd9599cc4bd90831504f6357a93b5c
Author: H. Nikolaus Schaller <hns@goldelico.com>
Date: Tue Jul 31 09:11:10 2018 +0200
ARM: dts: omap3-gta04: fix touchscreen tsc2007
[ Upstream commit 7384a24248eda140a234d356b6c840701ee9f055 ]
we fix penirq polarity, add penirq pinmux and touchscreen
properties.
Signed-off-by: H. Nikolaus Schaller <hns@goldelico.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit edb200c74abbc9ca89bd383b6258b332c81d0232
Author: H. Nikolaus Schaller <hns@goldelico.com>
Date: Tue Jul 31 09:11:09 2018 +0200
ARM: dts: omap3-gta04: tvout: enable as display1 alias
[ Upstream commit 8905592b6e50cec905e6c6035bbd36201a3bfac1 ]
The omap dss susbystem takes the display aliases to find
out which displays exist. To enable tv-out we must define
an alias.
Signed-off-by: H. Nikolaus Schaller <hns@goldelico.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit f15960ca3387f8213f17d192f75dd540d6df76fe
Author: H. Nikolaus Schaller <hns@goldelico.com>
Date: Tue Jul 31 09:11:07 2018 +0200
ARM: dts: omap3-gta04: fixes for tvout / venc
[ Upstream commit f6591391373dbff2c0200e1055d4ff86191578d2 ]
* fix connector compatibility (composite)
* add comment for gpio1 23
* add proper #address-cells
* we use only one venc_out channel for composite
Signed-off-by: H. Nikolaus Schaller <hns@goldelico.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 8378573eb072a0e466e044bb0679a8084946fc1c
Author: H. Nikolaus Schaller <hns@goldelico.com>
Date: Tue Jul 31 09:11:06 2018 +0200
ARM: dts: omap3-gta04: give spi_lcd node a label so that we can overwrite in other DTS files
[ Upstream commit fa0d7dc355c890725b6178dab0cc11b194203afa ]
needed for device variants based on GTA04 board but with
different display panel (driver).
Signed-off-by: H. Nikolaus Schaller <hns@goldelico.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 30efd0c2ef108d5138fcc1b8b5b8d5207909820e
Author: Rob Herring <robh@kernel.org>
Date: Mon Aug 27 09:50:09 2018 -0500
of: make PowerMac cache node search conditional on CONFIG_PPC_PMAC
[ Upstream commit f6707fd6241e483f6fea2caae82d876e422bb11a ]
Cache nodes under the cpu node(s) is PowerMac specific according to the
comment above, so make the code enforce that.
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 19223f9d87c7888353177727f1359d4eddcef376
Author: Yong Zhi <yong.zhi@intel.com>
Date: Tue Aug 7 12:19:16 2018 -0500
ASoC: Intel: hdac_hdmi: Limit sampling rates at dai creation
[ Upstream commit 3b857472f34faa7d11001afa5e158833812c98d7 ]
Playback of 44.1Khz contents with HDMI plugged returns
"Invalid pipe config" because HDMI paths in the FW
topology are configured to operate at 48Khz.
This patch filters out sampling rates not supported
at hdac_hdmi_create_dais() to let user space SRC
to do the converting.
Signed-off-by: Yong Zhi <yong.zhi@intel.com>
Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Reviewed-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 782f1f81e7a4bd76b9667a37dd56de148d693f49
Author: Ding Xiang <dingxiang@cmss.chinamobile.com>
Date: Thu Sep 6 12:19:19 2018 +0800
mips: txx9: fix iounmap related issue
[ Upstream commit c6e1241a82e6e74d1ae5cc34581dab2ffd6022d0 ]
if device_register return error, iounmap should be called, also iounmap
need to call before put_device.
Signed-off-by: Ding Xiang <dingxiang@cmss.chinamobile.com>
Reviewed-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp>
Signed-off-by: Paul Burton <paul.burton@mips.com>
Patchwork: https://patchwork.linux-mips.org/patch/20476/
Cc: ralf@linux-mips.org
Cc: jhogan@kernel.org
Cc: linux-mips@linux-mips.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 0468e351f01f04b36e654c31b846519f85fc9eb9
Author: Erik Stromdahl <erik.stromdahl@gmail.com>
Date: Tue Sep 4 15:07:07 2018 +0300
ath10k: wmi: disable softirq's while calling ieee80211_rx
[ Upstream commit 37f62c0d5822f631b786b29a1b1069ab714d1a28 ]
This is done in order not to trig the below warning in
ieee80211_rx_napi:
WARN_ON_ONCE(softirq_count() == 0);
ieee80211_rx_napi requires that softirq's are disabled during
execution.
The High latency bus drivers (SDIO and USB) sometimes call the wmi
ep_rx_complete callback from non softirq context, resulting in a trigger
of the above warning.
Calling ieee80211_rx_ni with softirq's already disabled (e.g., from
softirq context) should be safe as the local_bh_disable and
local_bh_enable functions (called from ieee80211_rx_ni) are fully
reentrant.
Signed-off-by: Erik Stromdahl <erik.stromdahl@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 9d394b004f154adca29f28d305cf85c506d3ae05
Author: Marek Szyprowski <m.szyprowski@samsung.com>
Date: Thu Sep 6 17:41:35 2018 +0200
ARM: dts: exynos: Disable pull control for S5M8767 PMIC
[ Upstream commit ef2ecab9af5feae97c47b7f61cdd96f7f49b2c23 ]
S5M8767 PMIC interrupt line on Exynos5250-based Arndale board has
external pull-up resistors, so disable any pull control for it in
in controller node. This fixes support for S5M8767 interrupts and
enables operation of wakeup from S5M8767 RTC alarm.
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit f5003a477216acd36c7968fd995bf8dab84f7009
Author: Colin Ian King <colin.king@canonical.com>
Date: Thu Sep 6 11:41:52 2018 +0100
ASoC: sgtl5000: avoid division by zero if lo_vag is zero
[ Upstream commit 9ab708aef61f5620113269a9d1bdb1543d1207d0 ]
In the case where lo_vag <= SGTL5000_LINE_OUT_GND_BASE, lo_vag
is set to zero and later vol_quot is computed by dividing by
lo_vag causing a division by zero error. Fix this by avoiding
a zero division and set vol_quot to zero in this specific case
so that the lowest setting for i is correctly set.
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 904513aa78c2c29751b645a7f2047b96252905fb
Author: Stefan Wahren <stefan.wahren@i2se.com>
Date: Tue Sep 4 19:29:09 2018 +0200
net: lan78xx: Bail out if lan78xx_get_endpoints fails
[ Upstream commit fa8cd98c06407b5798b927cd7fd14d30f360ed02 ]
We need to bail out if lan78xx_get_endpoints() fails, otherwise the
result is overwritten.
Fixes: 55d7de9de6c3 ("Microchip's LAN7800 family USB 2/3 to 10/100/1000 Ethernet")
Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com>
Reviewed-by: Raghuram Chary Jallipalli <raghuramchary.jallipalli@microchip.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit aa79ce4783d7c2d692c13b071189c6ccb078c371
Author: Larry Finger <Larry.Finger@lwfinger.net>
Date: Mon Aug 20 13:48:31 2018 -0500
rtl8187: Fix warning generated when strncpy() destination length matches the sixe argument
[ Upstream commit 199ba9faca909e77ac533449ecd1248123ce89e7 ]
In gcc8, when the 3rd argument (size) of a call to strncpy() matches the
length of the first argument, the compiler warns of the possibility of an
unterminated string. Using strlcpy() forces a null at the end.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit a92b7adf6ac5964626d0080cd5c6454c991341bf
Author: Marcel Ziswiler <marcel@ziswiler.com>
Date: Fri Aug 31 14:03:09 2018 +0200
ARM: dts: pxa: fix power i2c base address
[ Upstream commit 8a1ecc01a473b75ab97be9b36f623e4551a6e9ae ]
There is one too many zeroes in the Power I2C base address. Fix this.
Signed-off-by: Marcel Ziswiler <marcel@ziswiler.com>
Signed-off-by: Robert Jarzmik <robert.jarzmik@free.fr>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 2b3be9f4defb85d54271f7232ed77df06c7120bd
Author: Sara Sharon <sara.sharon@intel.com>
Date: Tue May 1 15:12:08 2018 +0300
iwlwifi: mvm: avoid sending too many BARs
[ Upstream commit 1a19c139be18ed4d6d681049cc48586fae070120 ]
When we receive TX response, we may release a few packets
due to a hole that was closed in the transmission window.
However, if that frame failed, we will mark all the released
frames as failed and will send multiple BARs.
This affects statistics badly, and cause unnecessary frames
transmission.
Instead, mark all the following packets as success, with the
desired result of sending a bar for the failed frame only.
Signed-off-by: Sara Sharon <sara.sharon@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit b31b2dfbe6175c9ba188aad342db0f1390f7d5e7
Author: Vijay Immanuel <vijayi@attalasystems.com>
Date: Wed Jun 13 18:48:07 2018 -0700
IB/rxe: fixes for rdma read retry
[ Upstream commit 030e46e495af855a13964a0aab9753ea82a96edc ]
When a read request is retried for the remaining partial
data, the response may restart from read response first
or read response only. So support those cases.
Do not advance the comp psn beyond the current wqe's last_psn
as that could skip over an entire read wqe and will cause the
req_retry() logic to set an incorrect req psn.
An example sequence is as follows:
Write PSN 40 -- this is the current WQE.
Read request PSN 41
Write PSN 42
Receive ACK PSN 42 -- this will complete the current WQE
for PSN 40, and set the comp psn to 42 which is a problem
because the read request at PSN 41 has been skipped over.
So when req_retry() tries to retransmit the read request,
it sets the req psn to 42 which is incorrect.
When retrying a read request, calculate the number of psns
completed based on the dma resid instead of the wqe first_psn.
The wqe first_psn could have moved if the read request was
retried multiple times.
Set the reth length to the dma resid to handle read retries for
the remaining partial data.
Signed-off-by: Vijay Immanuel <vijayi@attalasystems.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 23580e8d8d32d63bf6fc50c90bccee10e1a31801
Author: Patryk Małek <patryk.malek@intel.com>
Date: Tue Aug 28 10:16:09 2018 -0700
i40e: Prevent deleting MAC address from VF when set by PF
[ Upstream commit 5907cf6c5bbe78be2ed18b875b316c6028b20634 ]
To prevent VF from deleting MAC address that was assigned by the
PF we need to check for that scenario when we try to delete a MAC
address from a VF.
Signed-off-by: Patryk Małek <patryk.malek@intel.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 0d4ee364269d6ae07a90a4024816fa167529fd8b
Author: Patryk Małek <patryk.malek@intel.com>
Date: Tue Aug 28 10:16:03 2018 -0700
i40e: hold the rtnl lock on clearing interrupt scheme
[ Upstream commit 5cba17b14182696d6bb0ec83a1d087933f252241 ]
Hold the rtnl lock when we're clearing interrupt scheme
in i40e_shutdown and in i40e_remove.
Signed-off-by: Patryk Małek <patryk.malek@intel.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 6c57a63cb84f2bdfe30d76112c1785766557ecf3
Author: Mitch Williams <mitch.a.williams@intel.com>
Date: Mon Aug 20 08:12:30 2018 -0700
i40e: use correct length for strncpy
[ Upstream commit 7eb74ff891b4e94b8bac48f648a21e4b94ddee64 ]
Caught by GCC 8. When we provide a length for strncpy, we should not
include the terminating null. So we must tell it one less than the size
of the destination buffer.
Signed-off-by: Mitch Williams <mitch.a.williams@intel.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 95fc1d6ce2c10be305a03aeb99f215e3b5bd9bd2
Author: Marek Szyprowski <m.szyprowski@samsung.com>
Date: Fri Aug 10 10:04:25 2018 +0200
ARM: dts: exynos: Fix regulators configuration on Peach Pi/Pit Chromebooks
[ Upstream commit f8f3b7fc21b1cb59385b780acd9b9a26d04cb7b2 ]
Regulators, which are marked as 'on-in-suspend' seems to be critical for
board operation, thus they must not be disabled anytime. This can be
only assured by marking them as 'always-on', because otherwise some
actions of their clients might result in turning them off. This patch
restores suspend/resume operation on Peach-Pit Chromebook board. It
partially reverts 'always-on' property removal done by the commit
mentioned in the Fixes tag.
Fixes: 665c441eea3d ("ARM: dts: exynos: Remove unneded always-on for regulators on Peach boards")
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Tested-by: Tomasz Figa <tfiga@chromium.org>
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit f0d33cc0ca5031b24de1ceeb1baeca406af94470
Author: Marek Szyprowski <m.szyprowski@samsung.com>
Date: Fri Aug 3 12:55:32 2018 +0200
ARM: dts: exynos: Fix sound in Snow-rev5 Chromebook
[ Upstream commit 64858773d78e820003a94e5a7179d368213655d6 ]
This patch adds missing properties to the CODEC and sound nodes, so the
audio will work also on Snow rev5 Chromebook. This patch is an extension
to the commit e9eefc3f8ce0 ("ARM: dts: exynos: Add missing clock and
DAI properties to the max98095 node in Snow Chromebook")
and commit 6ab569936d60 ("ARM: dts: exynos: Enable HDMI audio on Snow
Chromebook"). It has been reported that such changes work fine on the
rev5 board too.
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
[krzk: Fixed typo in phandle to &max98090]
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit ba2c41fccaf0acede0d83b0e4f2f115b8cdf3ff1
Author: Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>
Date: Sun Aug 19 22:20:23 2018 +0300
MIPS: BCM47XX: Enable USB power on Netgear WNDR3400v3
[ Upstream commit feef7918667b84f9d5653c501542dd8d84ae32af ]
Setting GPIO 21 high seems to be required to enable power to USB ports
on the WNDR3400v3. As there is already similar code for WNR3500L,
make the existing USB power GPIO code generic and use that.
Signed-off-by: Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Paul Burton <paul.burton@mips.com>
Patchwork: https://patchwork.linux-mips.org/patch/20259/
Cc: Rafał Miłecki <zajec5@gmail.com>
Cc: linux-mips@linux-mips.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 807bd32150bb6c431205bd73bad5f684ba81a991
Author: Charles Keepax <ckeepax@opensource.cirrus.com>
Date: Mon Aug 27 14:26:47 2018 +0100
ASoC: dpcm: Properly initialise hw->rate_max
[ Upstream commit e33ffbd9cd39da09831ce62c11025d830bf78d9e ]
If the CPU DAI does not initialise rate_max, say if using
using KNOT or CONTINUOUS, then the rate_max field will be
initialised to 0. A value of zero in the rate_max field of
the hardware runtime will cause the sound card to support no
sample rates at all. Obviously this is not desired, just a
different mechanism is being used to apply the constraints. As
such update the setting of rate_max in dpcm_init_runtime_hw
to be consistent with the non-DPCM cases and set rate_max to
UINT_MAX if nothing is defined on the CPU DAI.
Signed-off-by: Charles Keepax <ckeepax@opensource.cirrus.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 89a4a131246a98ee0f1986b10a92ca55af022187
Author: Bob Peterson <rpeterso@redhat.com>
Date: Thu Aug 16 10:32:13 2018 -0500
gfs2: Don't set GFS2_RDF_UPTODATE when the lvb is updated
[ Upstream commit 4f36cb36c9d14340bb200d2ad9117b03ce992cfe ]
The GFS2_RDF_UPTODATE flag in the rgrp is used to determine when
a rgrp buffer is valid. It's cleared when the glock is invalidated,
signifying that the buffer data is now invalid. But before this
patch, function update_rgrp_lvb was setting the flag when it
determined it had a valid lvb. But that's an invalid assumption:
just because you have a valid lvb doesn't mean you have valid
buffers. After all, another node may have made the lvb valid,
and this node just fetched it from the glock via dlm.
Consider this scenario:
1. The file system is mounted with RGRPLVB option.
2. In gfs2_inplace_reserve it locks the rgrp glock EX, but thanks
to GL_SKIP, it skips the gfs2_rgrp_bh_get.
3. Since loops == 0 and the allocation target (ap->target) is
bigger than the largest known chunk of blocks in the rgrp
(rs->rs_rbm.rgd->rd_extfail_pt) it skips that rgrp and bypasses
the call to gfs2_rgrp_bh_get there as well.
4. update_rgrp_lvb sees the lvb MAGIC number is valid, so bypasses
gfs2_rgrp_bh_get, but it still sets sets GFS2_RDF_UPTODATE due
to this invalid assumption.
5. The next time update_rgrp_lvb is called, it sees the bit is set
and just returns 0, assuming both the lvb and rgrp are both
uptodate. But since this is a smaller allocation, or space has
been freed by another node, thus adjusting the lvb values,
it decides to use the rgrp for allocations, with invalid rd_free
due to the fact it was never updated.
This patch changes update_rgrp_lvb so it doesn't set the UPTODATE
flag anymore. That way, it has no choice but to fetch the latest
values.
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 33dcd8451679413c9b8d8bc0b7924400deb1fd55
Author: Felix Fietkau <nbd@nbd.name>
Date: Mon Aug 20 11:37:51 2018 +0200
ath9k: fix tx99 with monitor mode interface
[ Upstream commit d9c52fd17cb483bd8a470398afcb79f86c1b77c8 ]
Tx99 is typically configured via a monitor mode interface, which does
not get added to the driver as a vif. Since the code currently expects
a configured virtual interface for tx99, enabling tx99 via debugfs fails.
Since the vif is not needed anyway, remove all checks for it.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
[kvalo@codeaurora.org: s/CPTCFG/CONFIG/]
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit dad1ab7690a8012c5eaa1f590317ec9dcf311755
Author: Takashi Iwai <tiwai@suse.de>
Date: Tue Aug 28 12:49:43 2018 +0200
ALSA: seq: Do error checks at creating system ports
[ Upstream commit b8e131542b47b81236ecf6768c923128e1f5db6e ]
snd_seq_system_client_init() doesn't check the errors returned from
its port creations. Let's do it properly and handle the error paths.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 20d24e464672cb84690c0d99497ef7677f00aa71
Author: Rajeev Kumar Sirasanagandla <rsirasan@codeaurora.org>
Date: Tue Jul 10 18:46:13 2018 +0530
cfg80211: Avoid regulatory restore when COUNTRY_IE_IGNORE is set
[ Upstream commit 7417844b63d4b0dc8ab23f88259bf95de7d09b57 ]
When REGULATORY_COUNTRY_IE_IGNORE is set, __reg_process_hint_country_ie()
ignores the country code change request from __cfg80211_connect_result()
via regulatory_hint_country_ie().
After Disconnect, similar to above, country code should not be reset to
world when country IE ignore is set. But this is violated and restore of
regulatory settings is invoked by cfg80211_disconnect_work via
regulatory_hint_disconnect().
To address this, avoid regulatory restore from regulatory_hint_disconnect()
when COUNTRY_IE_IGNORE is set.
Note: Currently, restore_regulatory_settings() takes care of clearing
beacon hints. But in the proposed change, regulatory restore is avoided.
Therefore, explicitly clear beacon hints when DISABLE_BEACON_HINTS
is not set.
Signed-off-by: Rajeev Kumar Sirasanagandla <rsirasan@codeaurora.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit acf8b403b71ac7ca586b2b30f0f613010af39abe
Author: Jay Foster <jayfoster@ieee.org>
Date: Mon Aug 20 11:42:01 2018 +0200
ARM: dts: at91/trivial: Fix USART1 definition for at91sam9g45
[ Upstream commit 10af10db8c76fa5b9bf1f52a895c1cb2c0ac24da ]
Fix a typo. No functional change made by this patch.
Signed-off-by: Jay Foster <jayfoster@ieee.org>
Signed-off-by: Nicolas Ferre <nicolas.ferre@microchip.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit c1efc7c7239c7be14ea7fbd4d0eeeec1e128c9c3
Author: Aapo Vienamo <avienamo@nvidia.com>
Date: Fri Aug 10 21:08:35 2018 +0300
arm64: dts: tegra210-p2180: Correct sdmmc4 vqmmc-supply
[ Upstream commit 6ff7705da8806de45ca1490194f0b4eb07725804 ]
On p2180 sdmmc4 is powered from a fixed 1.8 V regulator.
Signed-off-by: Aapo Vienamo <avienamo@nvidia.com>
Reviewed-by: Mikko Perttunen <mperttunen@nvidia.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 2ec852b9c121309c3d869c7204cc9cce3c2389d5
Author: Dan Carpenter <dan.carpenter@oracle.com>
Date: Mon Aug 27 12:21:45 2018 +0300
ALSA: pcm: signedness bug in snd_pcm_plug_alloc()
[ Upstream commit 6f128fa41f310e1f39ebcea9621d2905549ecf52 ]
The "frames" variable is unsigned so the error handling doesn't work
properly.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit b7f8108a1cd47a12fd1f9d432d69ad4f049d0582
Author: Marcus Folkesson <marcus.folkesson@gmail.com>
Date: Fri Aug 24 22:24:40 2018 +0200
iio: dac: mcp4922: fix error handling in mcp4922_write_raw
[ Upstream commit 0833627fc3f757a0dca11e2a9c46c96335a900ee ]
Do not try to write negative values and make sure that the write goes well.
Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 35940da897ed4760608b7fb01850a9923fd0965f
Author: Tamizh chelvam <tamizhr@codeaurora.org>
Date: Mon Aug 6 12:39:01 2018 +0300
ath10k: fix kernel panic by moving pci flush after napi_disable
[ Upstream commit bd1d395070cca4f42a93e520b0597274789274a4 ]
When continuously running wifi up/down sequence, the napi poll
can be scheduled after the CE buffers being freed by ath10k_pci_flush
Steps:
In a certain condition, during wifi down below scenario might occur.
ath10k_stop->ath10k_hif_stop->napi_schedule->ath10k_pci_flush->napi_poll(napi_synchronize).
In the above scenario, CE buffer entries will be freed up and become NULL in
ath10k_pci_flush. And the napi_poll has been invoked after the flush process
and it will try to get the skb from the CE buffer entry and perform some action on that.
Since the CE buffer already cleaned by pci flush this action will create NULL
pointer dereference and trigger below kernel panic.
Unable to handle kernel NULL pointer dereference at virtual address 0000005c
PC is at ath10k_pci_htt_rx_cb+0x64/0x3ec [ath10k_pci]
ath10k_pci_htt_rx_cb [ath10k_pci]
ath10k_ce_per_engine_service+0x74/0xc4 [ath10k_pci]
ath10k_ce_per_engine_service [ath10k_pci]
ath10k_ce_per_engine_service_any+0x74/0x80 [ath10k_pci]
ath10k_ce_per_engine_service_any [ath10k_pci]
ath10k_pci_napi_poll+0x48/0xec [ath10k_pci]
ath10k_pci_napi_poll [ath10k_pci]
net_rx_action+0xac/0x160
net_rx_action
__do_softirq+0xdc/0x208
__do_softirq
irq_exit+0x84/0xe0
irq_exit
__handle_domain_irq+0x80/0xa0
__handle_domain_irq
gic_handle_irq+0x38/0x5c
gic_handle_irq
__irq_usr+0x44/0x60
Tested on QCA4019 and firmware version 10.4.3.2.1.1-00010
Signed-off-by: Tamizh chelvam <tamizhr@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 3bd30f0239f24faa40ce143bbf2deb0f63243d9f
Author: Eugen Hristev <eugen.hristev@microchip.com>
Date: Thu Nov 14 12:59:26 2019 +0000
mmc: sdhci-of-at91: fix quirk2 overwrite
commit fed23c5829ecab4ddc712d7b0046e59610ca3ba4 upstream.
The quirks2 are parsed and set (e.g. from DT) before the quirk for broken
HS200 is set in the driver.
The driver needs to enable just this flag, not rewrite the whole quirk set.
Fixes: 7871aa60ae00 ("mmc: sdhci-of-at91: add quirk for broken HS200")
Signed-off-by: Eugen Hristev <eugen.hristev@microchip.com>
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
Cc: stable@vger.kernel.org
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 91e5252e0ee98fbccca850c28e15f066c9b37e61
Author: Roman Gushchin <guro@fb.com>
Date: Fri Nov 15 17:34:46 2019 -0800
mm: hugetlb: switch to css_tryget() in hugetlb_cgroup_charge_cgroup()
commit 0362f326d86c645b5e96b7dbc3ee515986ed019d upstream.
An exiting task might belong to an offline cgroup. In this case an
attempt to grab a cgroup reference from the task can end up with an
infinite loop in hugetlb_cgroup_charge_cgroup(), because neither the
cgroup will become online, neither the task will be migrated to a live
cgroup.
Fix this by switching over to css_tryget(). As css_tryget_online()
can't guarantee that the cgroup won't go offline, in most cases the
check doesn't make sense. In this particular case users of
hugetlb_cgroup_charge_cgroup() are not affected by this change.
A similar problem is described by commit 18fa84a2db0e ("cgroup: Use
css_tryget() instead of css_tryget_online() in task_get_css()").
Link: http://lkml.kernel.org/r/20191106225131.3543616-2-guro@fb.com
Signed-off-by: Roman Gushchin <guro@fb.com>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Acked-by: Tejun Heo <tj@kernel.org>
Reviewed-by: Shakeel Butt <shakeelb@google.com>
Cc: Michal Hocko <mhocko@kernel.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 7a2bec6b4bed15735d91570e6111179e477efa2b
Author: Roman Gushchin <guro@fb.com>
Date: Fri Nov 15 17:34:43 2019 -0800
mm: memcg: switch to css_tryget() in get_mem_cgroup_from_mm()
commit 00d484f354d85845991b40141d40ba9e5eb60faf upstream.
We've encountered a rcu stall in get_mem_cgroup_from_mm():
rcu: INFO: rcu_sched self-detected stall on CPU
rcu: 33-....: (21000 ticks this GP) idle=6c6/1/0x4000000000000002 softirq=35441/35441 fqs=5017
(t=21031 jiffies g=324821 q=95837) NMI backtrace for cpu 33
<...>
RIP: 0010:get_mem_cgroup_from_mm+0x2f/0x90
<...>
__memcg_kmem_charge+0x55/0x140
__alloc_pages_nodemask+0x267/0x320
pipe_write+0x1ad/0x400
new_sync_write+0x127/0x1c0
__kernel_write+0x4f/0xf0
dump_emit+0x91/0xc0
writenote+0xa0/0xc0
elf_core_dump+0x11af/0x1430
do_coredump+0xc65/0xee0
get_signal+0x132/0x7c0
do_signal+0x36/0x640
exit_to_usermode_loop+0x61/0xd0
do_syscall_64+0xd4/0x100
entry_SYSCALL_64_after_hwframe+0x44/0xa9
The problem is caused by an exiting task which is associated with an
offline memcg. We're iterating over and over in the do {} while
(!css_tryget_online()) loop, but obviously the memcg won't become online
and the exiting task won't be migrated to a live memcg.
Let's fix it by switching from css_tryget_online() to css_tryget().
As css_tryget_online() cannot guarantee that the memcg won't go offline,
the check is usually useless, except some rare cases when for example it
determines if something should be presented to a user.
A similar problem is described by commit 18fa84a2db0e ("cgroup: Use
css_tryget() instead of css_tryget_online() in task_get_css()").
Johannes:
: The bug aside, it doesn't matter whether the cgroup is online for the
: callers. It used to matter when offlining needed to evacuate all charges
: from the memcg, and so needed to prevent new ones from showing up, but we
: don't care now.
Link: http://lkml.kernel.org/r/20191106225131.3543616-1-guro@fb.com
Signed-off-by: Roman Gushchin <guro@fb.com>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Acked-by: Tejun Heo <tj@kernel.org>
Reviewed-by: Shakeel Butt <shakeeb@google.com>
Cc: Michal Hocko <mhocko@kernel.org>
Cc: Michal Koutn <mkoutny@suse.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 40192358bf34eb64685437d0c5a26aa54702431b
Author: Eric Auger <eric.auger@redhat.com>
Date: Fri Nov 8 16:58:03 2019 +0100
iommu/vt-d: Fix QI_DEV_IOTLB_PFSID and QI_DEV_EIOTLB_PFSID macros
commit 4e7120d79edb31e4ee68e6f8421448e4603be1e9 upstream.
For both PASID-based-Device-TLB Invalidate Descriptor and
Device-TLB Invalidate Descriptor, the Physical Function Source-ID
value is split according to this layout:
PFSID[3:0] is set at offset 12 and PFSID[15:4] is put at offset 52.
Fix the part laid out at offset 52.
Fixes: 0f725561e1684 ("iommu/vt-d: Add definitions for PFSID")
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Acked-by: Jacob Pan <jacob.jun.pan@linux.intel.com>
Cc: stable@vger.kernel.org # v4.19+
Acked-by: Lu Baolu <baolu.lu@linux.intel.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 5772d851bcb5594316df1e80a3d8c886125f605a
Author: Al Viro <viro@zeniv.linux.org.uk>
Date: Sun Nov 3 13:55:43 2019 -0500
ecryptfs_lookup_interpose(): lower_dentry->d_parent is not stable either
commit 762c69685ff7ad5ad7fee0656671e20a0c9c864d upstream.
We need to get the underlying dentry of parent; sure, absent the races
it is the parent of underlying dentry, but there's nothing to prevent
losing a timeslice to preemtion in the middle of evaluation of
lower_dentry->d_parent->d_inode, having another process move lower_dentry
around and have its (ex)parent not pinned anymore and freed on memory
pressure. Then we regain CPU and try to fetch ->d_inode from memory
that is freed by that point.
dentry->d_parent *is* stable here - it's an argument of ->lookup() and
we are guaranteed that it won't be moved anywhere until we feed it
to d_add/d_splice_alias. So we safely go that way to get to its
underlying dentry.
Cc: stable@vger.kernel.org # since 2009 or so
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 99eef2576e1906c4e1ce3b859ce3dc42b47c26e4
Author: Al Viro <viro@zeniv.linux.org.uk>
Date: Sun Nov 3 13:45:04 2019 -0500
ecryptfs_lookup_interpose(): lower_dentry->d_inode is not stable
commit e72b9dd6a5f17d0fb51f16f8685f3004361e83d0 upstream.
lower_dentry can't go from positive to negative (we have it pinned),
but it *can* go from negative to positive. So fetching ->d_inode
into a local variable, doing a blocking allocation, checking that
now ->d_inode is non-NULL and feeding the value we'd fetched
earlier to a function that won't accept NULL is not a good idea.
Cc: stable@vger.kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit cb53789fc940e2937aee14d463c2668f146040e9
Author: James Erwin <james.erwin@intel.com>
Date: Fri Nov 1 15:20:59 2019 -0400
IB/hfi1: Ensure full Gen3 speed in a Gen4 system
commit a9c3c4c597704b3a1a2b9bef990e7d8a881f6533 upstream.
If an hfi1 card is inserted in a Gen4 systems, the driver will avoid the
gen3 speed bump and the card will operate at half speed.
This is because the driver avoids the gen3 speed bump when the parent bus
speed isn't identical to gen3, 8.0GT/s. This is not compatible with gen4
and newer speeds.
Fix by relaxing the test to explicitly look for the lower capability
speeds which inherently allows for gen4 and all future speeds.
Fixes: 7724105686e7 ("IB/hfi1: add driver files")
Link: https://lore.kernel.org/r/20191101192059.106248.1699.stgit@awfm-01.aw.intel.com
Cc: <stable@vger.kernel.org>
Reviewed-by: Dennis Dalessandro <dennis.dalessandro@intel.com>
Reviewed-by: Kaike Wan <kaike.wan@intel.com>
Signed-off-by: James Erwin <james.erwin@intel.com>
Signed-off-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: Dennis Dalessandro <dennis.dalessandro@intel.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit be6995447d130c46b2af9a2f66837432a1676e63
Author: Chuhong Yuan <hslester96@gmail.com>
Date: Fri Nov 15 11:32:36 2019 -0800
Input: synaptics-rmi4 - destroy F54 poller workqueue when removing
commit ba60cf9f78f0d7c8e73c7390608f7f818ee68aa0 upstream.
The driver forgets to destroy workqueue in remove() similarly to what is
done when probe() fails. Add a call to destroy_workqueue() to fix it.
Since unregistration will wait for the work to finish, we do not need to
cancel/flush the work instance in remove().
Signed-off-by: Chuhong Yuan <hslester96@gmail.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20191114023405.31477-1-hslester96@gmail.com
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 2d7d639e7b72d40ecb81ca9a4f09c57a0a574197
Author: Lucas Stach <l.stach@pengutronix.de>
Date: Tue Nov 12 16:47:08 2019 -0800
Input: synaptics-rmi4 - clear IRQ enables for F54
commit 549766ac2ac1f6c8bb85906bbcea759541bb19a2 upstream.
The driver for F54 just polls the status and doesn't even have a IRQ
handler registered. Make sure to disable all F54 IRQs, so we don't crash
the kernel on a nonexistent handler.
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
Link: https://lore.kernel.org/r/20191105114402.6009-1-l.stach@pengutronix.de
Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 23eb66fb194d53f239485620d74c7dbb3a267072
Author: Lucas Stach <l.stach@pengutronix.de>
Date: Mon Nov 4 15:58:34 2019 -0800
Input: synaptics-rmi4 - fix video buffer size
commit 003f01c780020daa9a06dea1db495b553a868c29 upstream.
The video buffer used by the queue is a vb2_v4l2_buffer, not a plain
vb2_buffer. Using the wrong type causes the allocation of the buffer
storage to be too small, causing a out of bounds write when
__init_vb2_v4l2_buffer initializes the buffer.
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
Fixes: 3a762dbd5347 ("[media] Input: synaptics-rmi4 - add support for F54 diagnostics")
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20191104114454.10500-1-l.stach@pengutronix.de
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 1ce4561d12a08be9de2f2ef8ace700e55fc4835c
Author: Oliver Neukum <oneukum@suse.com>
Date: Fri Nov 15 11:35:05 2019 -0800
Input: ff-memless - kill timer in destroy()
commit fa3a5a1880c91bb92594ad42dfe9eedad7996b86 upstream.
No timer must be left running when the device goes away.
Signed-off-by: Oliver Neukum <oneukum@suse.com>
Reported-and-tested-by: syzbot+b6c55daa701fc389e286@syzkaller.appspotmail.com
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/1573726121.17351.3.camel@suse.com
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit ed417231360a819427cd0879478b6d5deb8f81e2
Author: Henry Lin <henryl@nvidia.com>
Date: Wed Nov 13 10:14:19 2019 +0800
ALSA: usb-audio: not submit urb for stopped endpoint
commit 528699317dd6dc722dccc11b68800cf945109390 upstream.
While output urb's snd_complete_urb() is executing, calling
prepare_outbound_urb() may cause endpoint stopped before
prepare_outbound_urb() returns and result in next urb submitted
to stopped endpoint. usb-audio driver cannot re-use it afterwards as
the urb is still hold by usb stack.
This change checks EP_FLAG_RUNNING flag after prepare_outbound_urb() again
to let snd_complete_urb() know the endpoint already stopped and does not
submit next urb. Below kind of error will be fixed:
[ 213.153103] usb 1-2: timeout: still 1 active urbs on EP #1
[ 213.164121] usb 1-2: cannot submit urb 0, error -16: unknown error
Signed-off-by: Henry Lin <henryl@nvidia.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20191113021420.13377-1-henryl@nvidia.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 40157318921f0e4efc8ed5aafa3c1eaa35007d95
Author: Takashi Iwai <tiwai@suse.de>
Date: Sat Nov 9 19:16:58 2019 +0100
ALSA: usb-audio: Fix missing error check at mixer resolution test
commit 167beb1756791e0806365a3f86a0da10d7a327ee upstream.
A check of the return value from get_cur_mix_raw() is missing at the
resolution test code in get_min_max_with_quirks(), which may leave the
variable untouched, leading to a random uninitialized value, as
detected by syzkaller fuzzer.
Add the missing return error check for fixing that.
Reported-and-tested-by: syzbot+abe1ab7afc62c6bb6377@syzkaller.appspotmail.com
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20191109181658.30368-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit b4272b0f82928145a6f6f7ffc48a4aebda25eebd
Author: Jouni Hogander <jouni.hogander@unikie.com>
Date: Wed Nov 13 13:45:02 2019 +0200
slip: Fix memory leak in slip_open error path
[ Upstream commit 3b5a39979dafea9d0cd69c7ae06088f7a84cdafa ]
Driver/net/can/slcan.c is derived from slip.c. Memory leak was detected
by Syzkaller in slcan. Same issue exists in slip.c and this patch is
addressing the leak in slip.c.
Here is the slcan memory leak trace reported by Syzkaller:
BUG: memory leak unreferenced object 0xffff888067f65500 (size 4096):
comm "syz-executor043", pid 454, jiffies 4294759719 (age 11.930s)
hex dump (first 32 bytes):
73 6c 63 61 6e 30 00 00 00 00 00 00 00 00 00 00 slcan0..........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<00000000a06eec0d>] __kmalloc+0x18b/0x2c0
[<0000000083306e66>] kvmalloc_node+0x3a/0xc0
[<000000006ac27f87>] alloc_netdev_mqs+0x17a/0x1080
[<0000000061a996c9>] slcan_open+0x3ae/0x9a0
[<000000001226f0f9>] tty_ldisc_open.isra.1+0x76/0xc0
[<0000000019289631>] tty_set_ldisc+0x28c/0x5f0
[<000000004de5a617>] tty_ioctl+0x48d/0x1590
[<00000000daef496f>] do_vfs_ioctl+0x1c7/0x1510
[<0000000059068dbc>] ksys_ioctl+0x99/0xb0
[<000000009a6eb334>] __x64_sys_ioctl+0x78/0xb0
[<0000000053d0332e>] do_syscall_64+0x16f/0x580
[<0000000021b83b99>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[<000000008ea75434>] 0xfffffffffffffff
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Oliver Hartkopp <socketcan@hartkopp.net>
Cc: Lukas Bulwahn <lukas.bulwahn@gmail.com>
Signed-off-by: Jouni Hogander <jouni.hogander@unikie.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 53c7892e5886394ad20fd356a92c1b9c4129e6b0
Author: Oliver Neukum <oneukum@suse.com>
Date: Thu Nov 14 11:16:01 2019 +0100
ax88172a: fix information leak on short answers
[ Upstream commit a9a51bd727d141a67b589f375fe69d0e54c4fe22 ]
If a malicious device gives a short MAC it can elicit up to
5 bytes of leaked memory out of the driver. We need to check for
ETH_ALEN instead.
Reported-by: syzbot+a8d4acdad35e6bbca308@syzkaller.appspotmail.com
Signed-off-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>