From: Wei Fang
commit d2a145252c52792bc59e4767b486b26c430af4bb upstream.
A race between scanning and fc_remote_port_delete() may result in a
permanent stop if the device gets blocked before scsi_sysfs_add_sdev()
and unblocked after. The reason is that blocking a device
From: Wei Fang
commit d2a145252c52792bc59e4767b486b26c430af4bb upstream.
A race between scanning and fc_remote_port_delete() may result in a
permanent stop if the device gets blocked before scsi_sysfs_add_sdev()
and unblocked after. The reason is that blocking a device sets both the
Em Sat, Jun 17, 2017 at 12:46:42PM +0900, Taeung Song escreveu:
> To simplify the code related to 'ret' variable in cmd_config(),
> initialize 'ret' with -1 instead of 0.
Thanks, applied.
> Cc: Jiri Olsa
> Cc: Namhyung Kim
> Signed-off-by: Taeung Song
Em Sat, Jun 17, 2017 at 12:46:42PM +0900, Taeung Song escreveu:
> To simplify the code related to 'ret' variable in cmd_config(),
> initialize 'ret' with -1 instead of 0.
Thanks, applied.
> Cc: Jiri Olsa
> Cc: Namhyung Kim
> Signed-off-by: Taeung Song
> ---
> tools/perf/builtin-config.c |
From: Niklas Söderlund
commit 5d7400c4acbf7fe633a976a89ee845f7333de3e4 upstream.
Always stating PIN_CONFIG_BIAS_DISABLE is supported gives untrue output
when examining /sys/kernel/debug/pinctrl/e606.pfc/pinconf-pins if
the operation get_bias() is
From: Niklas Söderlund
commit 5d7400c4acbf7fe633a976a89ee845f7333de3e4 upstream.
Always stating PIN_CONFIG_BIAS_DISABLE is supported gives untrue output
when examining /sys/kernel/debug/pinctrl/e606.pfc/pinconf-pins if
the operation get_bias() is implemented but the pin is not handled by
From: "col...@suse.de"
commit 03a9e24ef2aaa5f1f9837356aed79c860521407a upstream.
Recently I receive a bug report that on Linux v3.0 based kerenl, hot add
disk to a md linear device causes kernel crash at linear_congested(). From
the crash image analysis, I find in
From: "col...@suse.de"
commit 03a9e24ef2aaa5f1f9837356aed79c860521407a upstream.
Recently I receive a bug report that on Linux v3.0 based kerenl, hot add
disk to a md linear device causes kernel crash at linear_congested(). From
the crash image analysis, I find in linear_congested(),
From: Akinobu Mita
commit 802c03881f29844af0252b6e22be5d2f65f93fd0 upstream.
The sysrq input handler should be attached to the input device which has
a left alt key.
On 32-bit kernels, some input devices which has a left alt key cannot
attach sysrq handler. Because the
From: Bjorn Helgaas
commit 89e9f7bcd8744ea25fcf0ac671b8d72c10d7d790 upstream.
Martin reported that the Supermicro X8DTH-i/6/iF/6F advertises incorrect
host bridge windows via _CRS:
pci_root PNP0A08:00: host bridge window [io 0xf000-0x]
pci_root PNP0A08:01: host
From: Akinobu Mita
commit 802c03881f29844af0252b6e22be5d2f65f93fd0 upstream.
The sysrq input handler should be attached to the input device which has
a left alt key.
On 32-bit kernels, some input devices which has a left alt key cannot
attach sysrq handler. Because the keybit bitmap in struct
From: Bjorn Helgaas
commit 89e9f7bcd8744ea25fcf0ac671b8d72c10d7d790 upstream.
Martin reported that the Supermicro X8DTH-i/6/iF/6F advertises incorrect
host bridge windows via _CRS:
pci_root PNP0A08:00: host bridge window [io 0xf000-0x]
pci_root PNP0A08:01: host bridge window [io
From: Aurelien Aptel
commit a6b5058fafdf508904bbf16c29b24042cef3c496 upstream.
if, when mounting //HOST/share/sub/dir/foo we can query /sub/dir/foo but
not any of the path components above:
- store the /sub/dir/foo prefix in the cifs super_block info
- in the superblock, set
From: Aurelien Aptel
commit a6b5058fafdf508904bbf16c29b24042cef3c496 upstream.
if, when mounting //HOST/share/sub/dir/foo we can query /sub/dir/foo but
not any of the path components above:
- store the /sub/dir/foo prefix in the cifs super_block info
- in the superblock, set root dentry to the
From: Ilia Mirkin
commit 24bf7ae359b8cca165bb30742d2b1c03a1eb23af upstream.
Based on the xf86-video-nv code, NFORCE (NV1A) and NFORCE2 (NV1F) have a
different way of retrieving clocks. See the
nv_hw.c:nForceUpdateArbitrationSettings function in the original code
for how
From: Ilia Mirkin
commit 24bf7ae359b8cca165bb30742d2b1c03a1eb23af upstream.
Based on the xf86-video-nv code, NFORCE (NV1A) and NFORCE2 (NV1F) have a
different way of retrieving clocks. See the
nv_hw.c:nForceUpdateArbitrationSettings function in the original code
for how these clocks were
From: Julien Grall
commit 24d5373dda7c00a438d26016bce140299fae675e upstream.
The function xen_guest_init is using __alloc_percpu with an alignment
which are not power of two.
However, the percpu allocator never supported alignments which are not power
of two and has
From: Julien Grall
commit 24d5373dda7c00a438d26016bce140299fae675e upstream.
The function xen_guest_init is using __alloc_percpu with an alignment
which are not power of two.
However, the percpu allocator never supported alignments which are not power
of two and has always behaved incorectly
From: Arnd Bergmann
commit 950eabbd6ddedc1b08350b9169a6a51b130ebaaf upstream.
With some gcc versions, we get a warning about the eicon driver,
and that currently shows up as the only remaining warning in one
of the build bots:
In file included from
From: Arnd Bergmann
commit 950eabbd6ddedc1b08350b9169a6a51b130ebaaf upstream.
With some gcc versions, we get a warning about the eicon driver,
and that currently shows up as the only remaining warning in one
of the build bots:
In file included from
From: Thomas Hellstrom
commit 53e16798b0864464c5444a204e1bb93ae246c429 upstream.
The mesa winsys sometimes uses unimplemented parameter requests to
check for features. Remove the error message to avoid bloating the
kernel log.
Signed-off-by: Thomas Hellstrom
From: Thomas Hellstrom
commit 53e16798b0864464c5444a204e1bb93ae246c429 upstream.
The mesa winsys sometimes uses unimplemented parameter requests to
check for features. Remove the error message to avoid bloating the
kernel log.
Signed-off-by: Thomas Hellstrom
Reviewed-by: Brian Paul
From: Arnd Bergmann
commit 0335695dfa4df01edff5bb102b9a82a0668ee51e upstream.
The current_user_ns() macro currently returns _user_ns when user
namespaces are disabled, and that causes several warnings when building
with gcc-6.0 in code that compares the result of the macro to
From: Arnd Bergmann
commit 0335695dfa4df01edff5bb102b9a82a0668ee51e upstream.
The current_user_ns() macro currently returns _user_ns when user
namespaces are disabled, and that causes several warnings when building
with gcc-6.0 in code that compares the result of the macro to
_user_ns itself:
From: Guenter Roeck
commit dcc7620cad5ad1326a78f4031a7bf4f0e5b42984 upstream.
Upstream commit 98d74f9ceaef ("xhci: fix 10 second timeout on removal of
PCI hotpluggable xhci controllers") fixes a problem with hot pluggable PCI
xhci controllers which can result in excessive
From: Takashi Iwai
commit 37a7ea4a9b81f6a864c10a7cb0b96458df5310a3 upstream.
snd_seq_pool_done() syncs with closing of all opened threads, but it
aborts the wait loop with a timeout, and proceeds to the release
resource even if not all threads have been closed. The timeout was 5
From: Guenter Roeck
commit dcc7620cad5ad1326a78f4031a7bf4f0e5b42984 upstream.
Upstream commit 98d74f9ceaef ("xhci: fix 10 second timeout on removal of
PCI hotpluggable xhci controllers") fixes a problem with hot pluggable PCI
xhci controllers which can result in excessive timeouts, to the point
From: Takashi Iwai
commit 37a7ea4a9b81f6a864c10a7cb0b96458df5310a3 upstream.
snd_seq_pool_done() syncs with closing of all opened threads, but it
aborts the wait loop with a timeout, and proceeds to the release
resource even if not all threads have been closed. The timeout was 5
seconds, and
From: Tariq Saeed
commit 3d46a44a0c01b15d385ccaae24b56f619613c256 upstream.
PID: 614TASK: 882a739da580 CPU: 3 COMMAND: "ocfs2dc"
#0 [882ecc3759b0] machine_kexec at 8103b35d
#1 [882ecc375a20] crash_kexec at 810b95b5
#2
On Sat, Jun 17, 2017 at 09:38:15PM +0200, Greg KH wrote:
> On Tue, Jun 13, 2017 at 09:40:11PM +0200, Luis R. Rodriguez wrote:
> > On Tue, Jun 13, 2017 at 11:05:48AM +0200, Greg KH wrote:
> > > On Mon, Jun 05, 2017 at 02:39:33PM -0700, Luis R. Rodriguez wrote:
> > > > As the firmware API evolves we
From: Tariq Saeed
commit 3d46a44a0c01b15d385ccaae24b56f619613c256 upstream.
PID: 614TASK: 882a739da580 CPU: 3 COMMAND: "ocfs2dc"
#0 [882ecc3759b0] machine_kexec at 8103b35d
#1 [882ecc375a20] crash_kexec at 810b95b5
#2 [882ecc375af0] oops_end at
On Sat, Jun 17, 2017 at 09:38:15PM +0200, Greg KH wrote:
> On Tue, Jun 13, 2017 at 09:40:11PM +0200, Luis R. Rodriguez wrote:
> > On Tue, Jun 13, 2017 at 11:05:48AM +0200, Greg KH wrote:
> > > On Mon, Jun 05, 2017 at 02:39:33PM -0700, Luis R. Rodriguez wrote:
> > > > As the firmware API evolves we
From: John Johansen
commit bd35db8b8ca6e27fc17a9057ef78e1ddfc0de351 upstream.
Internal mounts are not mounted anywhere and as such should be treated
as disconnected paths.
Signed-off-by: John Johansen
Acked-by: Seth Arnold
From: John Johansen
commit bd35db8b8ca6e27fc17a9057ef78e1ddfc0de351 upstream.
Internal mounts are not mounted anywhere and as such should be treated
as disconnected paths.
Signed-off-by: John Johansen
Acked-by: Seth Arnold
Signed-off-by: Jiri Slaby
Signed-off-by: Willy Tarreau
---
From: Reiter Wolfgang
commit 3b48ab2248e61408910e792fe84d6ec466084c1a upstream.
Final nlmsg_len field update must reflect inserted net_dm_drop_point
data.
This patch depends on previous patch:
"drop_monitor: add missing call to genlmsg_end"
Signed-off-by: Reiter Wolfgang
From: Trond Myklebust
commit 809fd143de8805970eec02c27c0bc2622a6ecbda upstream.
If the OPEN rpc call to the server fails with an ENOENT call, nfs_atomic_open
will create a negative dentry for that file, however it currently fails
to call nfs_set_verifier(), thus
From: Reiter Wolfgang
commit 3b48ab2248e61408910e792fe84d6ec466084c1a upstream.
Final nlmsg_len field update must reflect inserted net_dm_drop_point
data.
This patch depends on previous patch:
"drop_monitor: add missing call to genlmsg_end"
Signed-off-by: Reiter Wolfgang
Acked-by: Neil
From: Trond Myklebust
commit 809fd143de8805970eec02c27c0bc2622a6ecbda upstream.
If the OPEN rpc call to the server fails with an ENOENT call, nfs_atomic_open
will create a negative dentry for that file, however it currently fails
to call nfs_set_verifier(), thus causing the dentry to be
From: Geoff Levand
commit 6dff5b67054e17c91bd630bcdda17cfca5aa4215 upstream.
GCC 5 generates different code for this bootwrapper null check that
causes the PS3 to hang very early in its bootup. This check is of
limited value, so just get rid of it.
Signed-off-by: Geoff
From: Geoff Levand
commit 6dff5b67054e17c91bd630bcdda17cfca5aa4215 upstream.
GCC 5 generates different code for this bootwrapper null check that
causes the PS3 to hang very early in its bootup. This check is of
limited value, so just get rid of it.
Signed-off-by: Geoff Levand
Signed-off-by:
From: Alan Stern
commit faab50984fe6636e616c7cc3d30308ba391d36fd upstream.
Andrey Konovalov reports that fuzz testing with syzkaller causes a
KASAN warning in gadgetfs:
BUG: KASAN: slab-out-of-bounds in dev_config+0x86f/0x1190 at addr
88003c47e160
Write of size
From: Alan Stern
commit faab50984fe6636e616c7cc3d30308ba391d36fd upstream.
Andrey Konovalov reports that fuzz testing with syzkaller causes a
KASAN warning in gadgetfs:
BUG: KASAN: slab-out-of-bounds in dev_config+0x86f/0x1190 at addr
88003c47e160
Write of size 65537 by task
From: "Darrick J. Wong"
commit 2aa6ba7b5ad3189cc27f14540aa2f57f0ed8df4b upstream.
If we try to allocate memory pages to back an xfs_buf that we're trying
to read, it's possible that we'll be so short on memory that the page
allocation fails. For a blocking read we'll
From: "Darrick J. Wong"
commit 2aa6ba7b5ad3189cc27f14540aa2f57f0ed8df4b upstream.
If we try to allocate memory pages to back an xfs_buf that we're trying
to read, it's possible that we'll be so short on memory that the page
allocation fails. For a blocking read we'll just wait, but for
From: Kai-Heng Feng
commit 45838660e34d90db8d4f7cbc8fd66e8aff79f4fe upstream.
The aux port does not get detected without noloop quirk, so external PS/2
mouse cannot work as result.
The PS/2 mouse can work with this quirk.
BugLink:
From: Boris Ostrovsky
commit 30faaafdfa0c754c91bac60f216c9f34a2bfdf7e upstream.
Commit 9c17d96500f7 ("xen/gntdev: Grant maps should not be subject to
NUMA balancing") set VM_IO flag to prevent grant maps from being
subjected to NUMA balancing.
It was discovered
From: Kai-Heng Feng
commit 45838660e34d90db8d4f7cbc8fd66e8aff79f4fe upstream.
The aux port does not get detected without noloop quirk, so external PS/2
mouse cannot work as result.
The PS/2 mouse can work with this quirk.
BugLink: https://bugs.launchpad.net/bugs/1591053
Signed-off-by:
From: Boris Ostrovsky
commit 30faaafdfa0c754c91bac60f216c9f34a2bfdf7e upstream.
Commit 9c17d96500f7 ("xen/gntdev: Grant maps should not be subject to
NUMA balancing") set VM_IO flag to prevent grant maps from being
subjected to NUMA balancing.
It was discovered recently that this flag causes
From: Dave Martin
commit d3805c546b275c8cc7d40f759d029ae92c7175f2 upstream.
Ensure that if userspace supplies insufficient data to PTRACE_SETREGSET
to fill all the registers, the thread's old registers are preserved.
Signed-off-by: Dave Martin
From: Dave Martin
commit d3805c546b275c8cc7d40f759d029ae92c7175f2 upstream.
Ensure that if userspace supplies insufficient data to PTRACE_SETREGSET
to fill all the registers, the thread's old registers are preserved.
Signed-off-by: Dave Martin
Acked-by: David S. Miller
Signed-off-by: Linus
From: Todd Fujinaka
commit 5bc8c230e2a993b49244f9457499f17283da9ec7 upstream.
i210 and i211 share the same PHY but have different PCI IDs. Don't
forget i211 for any i210 workarounds.
Signed-off-by: Todd Fujinaka
Tested-by: Aaron Brown
From: RafaÅ MiÅecki
commit a971df0b9d04674e325346c17de9a895425ca5e1 upstream.
This allows tracking device state and e.g. makes devm work as expected.
Signed-off-by: RafaÅ MiÅecki
Signed-off-by: Kalle Valo
Signed-off-by: Willy
From: Todd Fujinaka
commit 5bc8c230e2a993b49244f9457499f17283da9ec7 upstream.
i210 and i211 share the same PHY but have different PCI IDs. Don't
forget i211 for any i210 workarounds.
Signed-off-by: Todd Fujinaka
Tested-by: Aaron Brown
Signed-off-by: Jeff Kirsher
Signed-off-by: Sasha Levin
From: RafaÅ MiÅecki
commit a971df0b9d04674e325346c17de9a895425ca5e1 upstream.
This allows tracking device state and e.g. makes devm work as expected.
Signed-off-by: RafaÅ MiÅecki
Signed-off-by: Kalle Valo
Signed-off-by: Willy Tarreau
---
drivers/bcma/main.c | 4
1 file changed, 4
From: Michel Dänzer
commit 239ac65fa5ffab71adf66e642750f940e7241d99 upstream.
The current caching state may not be tt_cached, even though the
placement contains TTM_PL_FLAG_CACHED, because placement can contain
multiple caching flags. Trying to swap out such a BO would
From: Michel Dänzer
commit 239ac65fa5ffab71adf66e642750f940e7241d99 upstream.
The current caching state may not be tt_cached, even though the
placement contains TTM_PL_FLAG_CACHED, because placement can contain
multiple caching flags. Trying to swap out such a BO would trip up the
From: Theodore Ts'o
commit 2ba3e6e8afc9b6188b471f27cf2b5e3cf34e7af2 upstream.
It is OK for s_first_meta_bg to be equal to the number of block group
descriptor blocks. (It rarely happens, but it shouldn't cause any
problems.)
https://bugzilla.kernel.org/show_bug.cgi?id=194567
From: Theodore Ts'o
commit 2ba3e6e8afc9b6188b471f27cf2b5e3cf34e7af2 upstream.
It is OK for s_first_meta_bg to be equal to the number of block group
descriptor blocks. (It rarely happens, but it shouldn't cause any
problems.)
https://bugzilla.kernel.org/show_bug.cgi?id=194567
Fixes:
From: Eric Dumazet
commit ff9f8a7cf935468a94d9927c68b00daae701667e upstream.
We perform the conversion between kernel jiffies and ms only when
exporting kernel value to user space.
We need to do the opposite operation when value is written by user.
Only matters when HZ !=
From: Eric Dumazet
commit ff9f8a7cf935468a94d9927c68b00daae701667e upstream.
We perform the conversion between kernel jiffies and ms only when
exporting kernel value to user space.
We need to do the opposite operation when value is written by user.
Only matters when HZ != 1000
Signed-off-by:
From: Dan Carpenter
commit d7cf0c34af067555737193b6c1aa7abaa677f29c upstream.
At first glance it looks like there is a missing curly brace but
actually the code works the same either way. I have adjusted the
indenting but left the code the same.
Signed-off-by: Dan
From: Dan Carpenter
commit d7cf0c34af067555737193b6c1aa7abaa677f29c upstream.
At first glance it looks like there is a missing curly brace but
actually the code works the same either way. I have adjusted the
indenting but left the code the same.
Signed-off-by: Dan Carpenter
Acked-by: Daniel
From: Corey Minyard
commit c80e1b62ffca52e2d1d865ee58bc79c4c0c55005 upstream.
As part of handling a crash on an SMP system, an IPI is send to
all other CPUs to save their current registers and stop. It was
using task_pt_regs(current) to get the registers, but that will
From: Corey Minyard
commit c80e1b62ffca52e2d1d865ee58bc79c4c0c55005 upstream.
As part of handling a crash on an SMP system, an IPI is send to
all other CPUs to save their current registers and stop. It was
using task_pt_regs(current) to get the registers, but that will
only be accurate if the
From: Eric Dumazet
commit 06425c308b92eaf60767bc71d359f4cbc7a561f8 upstream.
syszkaller fuzzer was able to trigger a divide by zero, when
TCP window scaling is not enabled.
SO_RCVBUF can be used not only to increase sk_rcvbuf, also
to decrease it below current receive
From: Davidlohr Bueso
commit 95e91b831f87ac8e1f8ed50c14d709089b4e01b8 upstream.
The issue is described here, with a nice testcase:
https://bugzilla.kernel.org/show_bug.cgi?id=192931
The problem is that shmat() calls do_mmap_pgoff() with MAP_FIXED, and
the address
From: Eric Dumazet
commit 06425c308b92eaf60767bc71d359f4cbc7a561f8 upstream.
syszkaller fuzzer was able to trigger a divide by zero, when
TCP window scaling is not enabled.
SO_RCVBUF can be used not only to increase sk_rcvbuf, also
to decrease it below current receive buffers utilization.
If
From: Davidlohr Bueso
commit 95e91b831f87ac8e1f8ed50c14d709089b4e01b8 upstream.
The issue is described here, with a nice testcase:
https://bugzilla.kernel.org/show_bug.cgi?id=192931
The problem is that shmat() calls do_mmap_pgoff() with MAP_FIXED, and
the address rounded down to 0. For
> Check the stuff already in tip/timers/core; at the very least it overlaps
> considerably with your series. And your variant is a lot more convoluted -
> there's no need to have a separate compat restart, etc.
Thanks, I see there were updates last week to the tree.
For the nanosleep part, I
> Check the stuff already in tip/timers/core; at the very least it overlaps
> considerably with your series. And your variant is a lot more convoluted -
> there's no need to have a separate compat restart, etc.
Thanks, I see there were updates last week to the tree.
For the nanosleep part, I
From: Con Kolivas
commit 82ffb6fc637150b279f49e174166d2aa3853eaf4 upstream.
The Logitech QuickCam Communicate Deluxe/S7500 microphone fails with the
following warning.
[6.778995] usb 2-1.2.2.2: Warning! Unlikely big volume range (=3072),
cval->res is probably wrong.
[
From: Eric Dumazet
commit 48481c8fa16410ffa45939b13b6c53c2ca609e5f upstream.
Dmitry posted a nice reproducer of a bug triggering in neigh_probe()
when dereferencing a NULL neigh->ops->solicit method.
This can happen for arp_direct_ops/ndisc_direct_ops and similar,
which
From: Con Kolivas
commit 82ffb6fc637150b279f49e174166d2aa3853eaf4 upstream.
The Logitech QuickCam Communicate Deluxe/S7500 microphone fails with the
following warning.
[6.778995] usb 2-1.2.2.2: Warning! Unlikely big volume range (=3072),
cval->res is probably wrong.
[6.778996] usb
From: Eric Dumazet
commit 48481c8fa16410ffa45939b13b6c53c2ca609e5f upstream.
Dmitry posted a nice reproducer of a bug triggering in neigh_probe()
when dereferencing a NULL neigh->ops->solicit method.
This can happen for arp_direct_ops/ndisc_direct_ops and similar,
which can be used for
From: Theodore Ts'o
commit 97abd7d4b5d9c48ec15c425485f054e1c15e591b upstream.
If the journal is aborted, the needs_recovery feature flag should not
be removed. Otherwise, it's the journal might not get replayed and
this could lead to more data getting lost.
Signed-off-by:
From: Theodore Ts'o
commit 97abd7d4b5d9c48ec15c425485f054e1c15e591b upstream.
If the journal is aborted, the needs_recovery feature flag should not
be removed. Otherwise, it's the journal might not get replayed and
this could lead to more data getting lost.
Signed-off-by: Theodore Ts'o
From: Kees Cook
commit a4866aa812518ed1a37d8ea0c881dc946409de94 upstream.
Under CONFIG_STRICT_DEVMEM, reading System RAM through /dev/mem is
disallowed. However, on x86, the first 1MB was always allowed for BIOS
and similar things, regardless of it actually being System
From: Kees Cook
commit a4866aa812518ed1a37d8ea0c881dc946409de94 upstream.
Under CONFIG_STRICT_DEVMEM, reading System RAM through /dev/mem is
disallowed. However, on x86, the first 1MB was always allowed for BIOS
and similar things, regardless of it actually being System RAM. It was
possible for
From: Theodore Ts'o
commit 5aee0f8a3f42c94c5012f1673420aee96315925a upstream.
Fix a large number of problems with how we handle mount options in the
superblock. For one, if the string in the superblock is long enough
that it is not null terminated, we could run off the end of
From: Uwe Kleine-König
commit ac4d4f65bbcba478309de36929016d2618421ba1 upstream.
The rtc core calls the .read_alarm with all fields initialized to 0. As
the s35390a driver doesn't touch some fields the returned date is
interpreted as a date in January 1900. So make sure
From: Theodore Ts'o
commit 5aee0f8a3f42c94c5012f1673420aee96315925a upstream.
Fix a large number of problems with how we handle mount options in the
superblock. For one, if the string in the superblock is long enough
that it is not null terminated, we could run off the end of the string
and
From: Uwe Kleine-König
commit ac4d4f65bbcba478309de36929016d2618421ba1 upstream.
The rtc core calls the .read_alarm with all fields initialized to 0. As
the s35390a driver doesn't touch some fields the returned date is
interpreted as a date in January 1900. So make sure all fields are set
to
From: Hannes Frederic Sowa
commit 72ef9c4125c7b257e3a714d62d778ab46583d6a3 upstream.
This patch fixes a memory leak, which happens if the connection request
is not fulfilled between parsing the DCCP options and handling the SYN
(because e.g. the backlog is full),
From: Xin Long
commit 34b2789f1d9bf8dcca9b5cb553d076ca2cd898ee upstream.
Now sctp doesn't check sock's state before listening on it. It could
even cause changing a sock with any state to become a listening sock
when doing sctp_listen.
This patch is to fix it by checking
From: "Jason A. Donenfeld"
commit de5540d088fe97ad583cc7d396586437b32149a5 upstream.
Under extremely heavy uses of padata, crashes occur, and with list
debugging turned on, this happens instead:
[87487.298728] WARNING: CPU: 1 PID: 882 at lib/list_debug.c:33
From: Hannes Frederic Sowa
commit 72ef9c4125c7b257e3a714d62d778ab46583d6a3 upstream.
This patch fixes a memory leak, which happens if the connection request
is not fulfilled between parsing the DCCP options and handling the SYN
(because e.g. the backlog is full), because we forgot to free the
From: Xin Long
commit 34b2789f1d9bf8dcca9b5cb553d076ca2cd898ee upstream.
Now sctp doesn't check sock's state before listening on it. It could
even cause changing a sock with any state to become a listening sock
when doing sctp_listen.
This patch is to fix it by checking sock's state in
From: "Jason A. Donenfeld"
commit de5540d088fe97ad583cc7d396586437b32149a5 upstream.
Under extremely heavy uses of padata, crashes occur, and with list
debugging turned on, this happens instead:
[87487.298728] WARNING: CPU: 1 PID: 882 at lib/list_debug.c:33
__list_add+0xae/0x130
[87487.301868]
From: Al Viro
commit c0cf3ef5e0f47e385920450b245d22bead93e7ad upstream.
What matters when deciding if we should make a page uptodate is
not how much we _wanted_ to copy, but how much we actually have
copied. As it is, on architectures that do not zero tail on
short
From: Gerald Schaefer
commit 5457e03de918f7a3e294eb9d26a608ab8a579976 upstream.
The buffer for iucv_message_receive() needs to be below 2 GB. In
__iucv_message_receive(), the buffer address is casted to an u32, which
would result in either memory corruption or an
From: Al Viro
commit c0cf3ef5e0f47e385920450b245d22bead93e7ad upstream.
What matters when deciding if we should make a page uptodate is
not how much we _wanted_ to copy, but how much we actually have
copied. As it is, on architectures that do not zero tail on
short copy we can leave
From: Gerald Schaefer
commit 5457e03de918f7a3e294eb9d26a608ab8a579976 upstream.
The buffer for iucv_message_receive() needs to be below 2 GB. In
__iucv_message_receive(), the buffer address is casted to an u32, which
would result in either memory corruption or an addressing exception when
using
From: Ravi Bangoria
commit c21a493a2b44650707d06741601894329486f2ad upstream.
Currently xmon data-breakpoint feature is broken.
Whenever there is a watchpoint match occurs, hw_breakpoint_handler will
be called by do_break via notifier chains mechanism. If
From: Ravi Bangoria
commit c21a493a2b44650707d06741601894329486f2ad upstream.
Currently xmon data-breakpoint feature is broken.
Whenever there is a watchpoint match occurs, hw_breakpoint_handler will
be called by do_break via notifier chains mechanism. If watchpoint is
registered by xmon,
From: Alexey Khoroshilov
commit 070c0b17f6a1ba39dff9be112218127e7e8fd456 upstream.
If acm_submit_read_urbs() fails in acm_port_activate(), error handling
code calls usb_autopm_put_interface() while it is already called
before acm_submit_read_urbs(). The patch reorganizes
From: Hugh Dickins
commit 1be7107fbe18eed3e319a6c3e83c78254b693acb upstream.
Stack guard page is a useful feature to reduce a risk of stack smashing
into a different mapping. We have been using a single page gap which
is sufficient to prevent having stack adjacent to a
From: Alexey Khoroshilov
commit 070c0b17f6a1ba39dff9be112218127e7e8fd456 upstream.
If acm_submit_read_urbs() fails in acm_port_activate(), error handling
code calls usb_autopm_put_interface() while it is already called
before acm_submit_read_urbs(). The patch reorganizes error handling code
to
From: Hugh Dickins
commit 1be7107fbe18eed3e319a6c3e83c78254b693acb upstream.
Stack guard page is a useful feature to reduce a risk of stack smashing
into a different mapping. We have been using a single page gap which
is sufficient to prevent having stack adjacent to a different mapping.
But
From: Felipe Balbi
commit e8f29bb719b47a234f33b0af62974d7a9521a52c upstream.
usb_endpoint_maxp() returns wMaxPacketSize in its
raw form. Without taking into consideration that it
also contains other bits reserved for isochronous
endpoints.
This patch fixes one
From: John Johansen
commit 23ca7b640b4a55f8747301b6bd984dd05545f6a7 upstream.
Signed-off-by: John Johansen
Acked-by: Seth Arnold
Signed-off-by: Jiri Slaby
Signed-off-by: Willy Tarreau
901 - 1000 of 3154 matches
Mail list logo