From: Xiyu Yang
commit f872de8185acf1b48b954ba5bd8f9bc0a0d14016 upstream.
batadv_show_throughput_override() invokes batadv_hardif_get_by_netdev(),
which gets a batadv_hard_iface object from net_dev with increased refcnt
and its reference is assigned to a local pointer 'hard_iface'.
When batadv_
From: Jason Gerecke
commit 778fbf4179991e7652e97d7f1ca1f657ef828422 upstream.
We've recently switched from extracting the value of HID_DG_CONTACTMAX
at a fixed offset (which may not be correct for all tablets) to
injecting the report into the driver for the generic codepath to handle.
Unfortunat
From: Eric Dumazet
[ Upstream commit 14695212d4cd8b0c997f6121b6df8520038ce076 ]
My intent was to not let users set a zero drop_batch_size,
it seems I once again messed with min()/max().
Fixes: 9d18562a2278 ("fq_codel: add batch ability to fq_codel_drop()")
Signed-off-by: Eric Dumazet
Acked-by:
From: Josh Poimboeuf
commit 98d0c8ebf77e0ba7c54a9ae05ea588f0e9e3f46e upstream.
If the unwinder is called before the ORC data has been initialized,
orc_find() returns NULL, and it tries to fall back to using frame
pointers. This can cause some unexpected warnings during boot.
Move the 'orc_init
From: Sabrina Dubroca
commit c4e85f73afb6384123e5ef1bba3315b2e3ad031e upstream.
This will be used in the conversion of ipv6_stub to ip6_dst_lookup_flow,
as some modules currently pass a net argument without a socket to
ip6_dst_lookup. This is equivalent to commit 343d60aada5a ("ipv6: change
ipv6
From: Jens Axboe
commit 1f2cac107c591c24b60b115d6050adc213d10fc0 upstream.
sg.c calls into the blktrace functions without holding the proper queue
mutex for doing setup, start/stop, or teardown.
Add internal unlocked variants, and export the ones that do the proper
locking.
Fixes: 6da127ad0918
From: Thierry Reding
commit 29555fa3de865630570b5f53c847b953413daf1a upstream.
Some drivers, such as DWC EQOS on Tegra, need to perform operations that
can sleep under this lock (clk_set_rate() in tegra_eqos_fix_speed()) for
proper operation. Since there is no need for this lock to be a spinlock
From: Vasily Averin
[ Upstream commit 5e698222c70257d13ae0816720dde57c56f81e15 ]
Commit 89163f93c6f9 ("ipc/util.c: sysvipc_find_ipc() should increase
position index") is causing this bug (seen on 5.6.8):
# ipcs -q
-- Message Queues
keymsqid owner perms
From: Dan Carpenter
[ Upstream commit 37e31d2d26a4124506c24e95434e9baf3405a23a ]
The i40iw_arp_table() function can return -EOVERFLOW if
i40iw_alloc_resource() fails so we can't just test for "== -1".
Fixes: 4e9042e647ff ("i40iw: add hw and utils files")
Link: https://lore.kernel.org/r/20200422
From: Andy Shevchenko
[ Upstream commit ccd025eaddaeb99e982029446197c544252108e2 ]
It appears that pin configuration for GPIO chip hasn't been enabled yet
due to absence of ->set_config() callback.
Enable it here for Intel Baytrail.
Fixes: c501d0b149de ("pinctrl: baytrail: Add pin control oper
From: Stefan Hajnoczi
[ Upstream commit 90b5feb8c4bebc76c27fcaf3e1a0e5ca2d319e9e ]
A userspace process holding a file descriptor to a virtio_blk device can
still invoke block_device_operations after hot unplug. This leads to a
use-after-free accessing vblk->vdev in virtblk_getgeo() when
ioctl(H
From: Linus Torvalds
commit 9d82973e032e246ff5663c9805fbb5407ae932e3 upstream.
Due to a bug-report that was compiler-dependent, I updated one of my
machines to gcc-10. That shows a lot of new warnings. Happily they
seem to be mostly the valid kind, but it's going to cause a round of
churn for
From: Chris Wilson
[ Upstream commit 8c539776ac83c0857395e1ccc9c6b516521a2d32 ]
Make a note of the first time we discover the turbo mode has been
disabled by the BIOS, as otherwise we complain every time we try to
update the mode.
Signed-off-by: Chris Wilson
Signed-off-by: Rafael J. Wysocki
S
Similarly to commit 03f219041fdb ("ceph: check i_nlink while converting
a file handle to dentry"), this fixes another corner case with
name_to_handle_at/open_by_handle_at. The issue has been detected by
xfstest generic/467, when doing:
- name_to_handle_at("/cephfs/myfile")
- open("/cephfs/myfil
From: Jens Axboe
commit 2967acbb257a6a9bf912f4778b727e00972eac9b upstream.
A previous commit changed the locking around registration/cleanup,
but direct callers of blk_trace_remove() were missed. This means
that if we hit the error path in setup, we will deadlock on
attempting to re-acquire the
From: Josh Poimboeuf
[ Upstream commit 06a9750edcffa808494d56da939085c35904e618 ]
The PUSH_AND_CLEAR_REGS macro zeroes each register immediately after
pushing it. If an NMI or exception hits after a register is cleared,
but before the UNWIND_HINT_REGS annotation, the ORC unwinder will
wrongly t
From: Cengiz Can
commit 153031a301bb07194e9c37466cfce8eacb977621 upstream.
There was a recent change in blktrace.c that added a RCU protection to
`q->blk_trace` in order to fix a use-after-free issue during access.
However the change missed an edge case that can lead to dereferencing of
`bt` po
On Thu, May 14, 2020 at 8:06 PM Ramuthevar, Vadivel MuruganX
wrote:
>
> Hi Rob,
>
> Thank you for the review comments...
>
> On 14/5/2020 9:03 pm, Rob Herring wrote:
> > On Wed, May 13, 2020 at 06:46:14PM +0800, Ramuthevar,Vadivel MuruganX wrote:
> >> From: Ramuthevar Vadivel Murugan
> >>
>
From: Samu Nuutamo
[ Upstream commit 333e22db228f0bd0c839553015a6a8d3db4ba569 ]
When tsi-as-adc is configured it is possible for in7[0123]_input read to
return an incorrect value if a concurrent read to in[456]_input is
performed. This is caused by a concurrent manipulation of the mux
channel wi
From: Lubomir Rintel
[ Upstream commit 0c89446379218698189a47871336cb30286a7197 ]
When a channel configuration fails, the status of the channel is set to
DEV_ERROR so that an attempt to submit it fails. However, this status
sticks until the heat end of the universe, making it impossible to
recov
From: Christophe JAILLET
[ Upstream commit ee8d2267f0e39a1bfd95532da3a6405004114b27 ]
Should an irq requested with 'devm_request_irq' be released explicitly,
it should be done by 'devm_free_irq()', not 'free_irq()'.
Fixes: 6c821bd9edc9 ("net: Add MOXA ART SoCs ethernet driver")
Signed-off-by: C
On Mon, May 18, 2020 at 8:49 AM Mimi Zohar wrote:
>
> git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git
> next-integrity.fixes
No such head.
It looks like the plain 'fixes' branch has the same commit ID, but
there's no next-integrity.fixes.
Btw, any chance you could sta
From: Tariq Toukan
[ Upstream commit 40e473071dbad04316ddc3613c3a3d1c75458299 ]
When ENOSPC is set the idx is still valid and gets set to the global
MLX4_SINK_COUNTER_INDEX. However gcc's static analysis cannot tell that
ENOSPC is impossible from mlx4_cmd_imm() and gives this warning:
drivers/
From: Jason Gunthorpe
commit 01b2bafe57b19d9119413f138765ef57990921ce upstream.
Aside from good practice, this avoids a warning from gcc 10:
./include/linux/kernel.h:997:3: warning: array subscript -31 is outside array
bounds of ‘struct list_head[1]’ [-Warray-bounds]
997 | ((type *)(__mptr
From: Randall Huang
commit 2777e654371dd4207a3a7f4fb5fa39550053a080 upstream.
When we traverse xattr entries via __find_xattr(),
if the raw filesystem content is faked or any hardware failure occurs,
out-of-bound error can be detected by KASAN.
Fix the issue by introducing boundary check.
[ 3
From: Zefan Li
[ Upstream commit 090e28b229af92dc5b40786ca673999d59e73056 ]
If systemd is configured to use hybrid mode which enables the use of
both cgroup v1 and v2, systemd will create new cgroup on both the default
root (v2) and netprio_cgroup hierarchy (v1) for a new session and attach
task
From: "Maciej Żenczykowski"
[ Upstream commit 09454fd0a4ce23cb3d8af65066c91a1bf27120dd ]
This reverts commit 19bda36c4299ce3d7e5bce10bebe01764a655a6d:
| ipv6: add mtu lock check in __ip6_rt_update_pmtu
|
| Prior to this patch, ipv6 didn't do mtu lock check in ip6_update_pmtu.
| It leaded to tha
From: Chao Yu
commit 63840695f68c20735df8861062343cf1faa3768d upstream.
Commit ba38c27eb93e ("f2fs: enhance lookup xattr") introduces
lookup_all_xattrs duplicating from read_all_xattrs, which leaves
lots of similar codes in between them, so introduce new help
read_xattr_block to clean up redunda
Hi Enric/Chun-Kuang.
> >
> > My point is: when do you attach panel to a connector?
> > In this patch,
> >
> > ret = drm_bridge_attach(&dsi->encoder, &dsi->bridge, NULL,
> > DRM_BRIDGE_ATTACH_NO_CONNECTOR);
> >
> > it would call into mtk_dsi_bridge_attach()
Use a temporary buffer to avoid multiple pr_cont uses.
Signed-off-by: Joe Perches
---
> > > Ugh, as I already applied this series, should I just revert them all, or
> > > are you going to send fix-ups on top of what I have applied instead?
> >
> > I was about to send a new series, but I can jus
From: Linus Torvalds
commit 5a76021c2eff7fcf2f0918a08fd8a37ce7922921 upstream.
This is the final array bounds warning removal for gcc-10 for now.
Again, the warning is good, and we should re-enable all these warnings
when we have converted all the legacy array declaration cases to
flexible arra
Hello,
syzbot found the following crash on:
HEAD commit:a58741ac kmsan: don't compile memmove
git tree: https://github.com/google/kmsan.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=12def203e0
kernel config: https://syzkaller.appspot.com/x/.config?x=abbc202e1
From: Li Jun
commit 1449cb2c2253d37d998c3714aa9b95416d16d379 upstream.
While removing the host (e.g. for USB role switch from host to device),
if runtime pm is enabled by user, below oops occurs on dwc3 and cdns3
platforms.
Keeping the xhci-plat device active during host removal, and disabling
r
From: Fabio Estevam
commit 0caf34350a25907515d929a9c77b9b206aac6d1e upstream.
The I2C2 pins are already used and the following errors are seen:
imx27-pinctrl 10015000.iomuxc: pin MX27_PAD_I2C2_SDA already requested by
10012000.i2c; cannot claim for 1001d000.i2c
imx27-pinctrl 10015000.iomuxc: p
From: Chen-Yu Tsai
commit 83b994129fb4c18a8460fd395864a28740e5e7fb upstream.
In some board device tree files, "rk805" was used for the RK805 PMIC's
node name. However the policy for device trees is that generic names
should be used.
Replace the "rk805" node name with the generic "pmic" name.
F
Hello,
syzbot found the following crash on:
HEAD commit:5a9ffb95 Merge tag '5.7-rc5-smb3-fixes' of git://git.samba..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=175e90d610
kernel config: https://syzkaller.appspot.com/x/.config?x=c14212794ed9ad24
das
From: Geert Uytterhoeven
commit 0f739fdfe9e5ce668bd6d3210f310df282321837 upstream.
The R-Mobile APE6 Compare Match Timer 1 generates 8 interrupts, one for
each channel, but currently only 1 is described.
Fix this by adding the missing interrupts.
Fixes: f7b65230019b9dac ("ARM: shmobile: r8a73a4
From: Eugeniu Rosca
commit 76e1ef1d81a4129d7e2fb8c48c83b166d1c8e040 upstream.
On Tue, May 12, 2020 at 09:36:07PM +0800, Kai-Heng Feng wrote [1]:
> This patch prevents my Raven Ridge xHCI from getting runtime suspend.
The problem described in v5.6 commit 1208f9e1d758c9 ("USB: hub: Fix the
broken
On Mon, May 18, 2020 at 7:34 AM Marco Elver wrote:
>
> On Mon, 18 May 2020 at 14:44, Marco Elver wrote:
> >
> > [+Cc clang-built-linux FYI]
> >
> > On Mon, 18 May 2020 at 12:11, Marco Elver wrote:
> > >
> > > On Sun, 17 May 2020 at 05:47, Paul E. McKenney wrote:
> > > >
> > > > On Sun, May 17,
From: Florian Fainelli
commit 55f53567afe5f0cd2fd9e006b174c08c31c466f8 upstream.
Our statistics strings are allocated at initialization without being
bound to a specific size, yet, we would copy ETH_GSTRING_LEN bytes using
memcpy() which would create out of bounds accesses, this was flagged by
K
On Mon, May 18, 2020 at 07:18:25PM +0100, Al Viro wrote:
> On Sun, May 17, 2020 at 11:13:47PM +0100, Al Viro wrote:
>
> > Is virtio-blk-pci more resilent to lost interrupt bug introduced in
> > "sun4u: update PCI topology to include simba PCI bridges"? I hadn't tried
> > it yet (reverted to
From: Borislav Petkov
commit a9a3ed1eff3601b63aea4fb462d8b3b92c7c1e7e upstream.
... or the odyssey of trying to disable the stack protector for the
function which generates the stack canary value.
The whole story started with Sergei reporting a boot crash with a kernel
built with gcc-10:
Ker
From: Justin Swartz
commit cec9d101d70a3509da9bd2e601e0b242154ce616 upstream.
The following changes prevent the unrecoverable freezes and rcu_sched
stall warnings experienced in each of my attempts to take advantage of
lima.
Replace the COMPOSITE_NOGATE definition of aclk_gpu_pre with a
COMPOSI
From: Christophe JAILLET
commit 19b94c1f9c9a16d41a8de3ccbdb8536cf1aecdbf upstream.
If 'usb_otg_descriptor_alloc()' fails, we must return an error code, not 0.
Fixes: 56023ce0fd70 ("usb: gadget: audio: allocate and init otg descriptor by
otg capabilities")
Reviewed-by: Peter Chen
Signed-off-by
The pull request you sent on Mon, 18 May 2020 13:58:09 +0900:
> git://git.kernel.org/pub/scm/linux/kernel/git/linkinjeon/exfat.git
> tags/for-5.7-rc7
has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/45088963ca9cdc3df50dd7b1b63e1dc9dcc6375e
Thank you!
--
Deet-doot-dot
From: Kai-Heng Feng
commit f41224efcf8aafe80ea47ac870c5e32f3209ffc8 upstream.
This reverts commit 3b36b13d5e69d6f51ff1c55d1b404a74646c9757.
Enable power save node breaks some systems with ACL225. Revert the patch
and use a platform specific quirk for the original issue isntead.
Fixes: 3b36b13d
From: Chen-Yu Tsai
commit 190c7f6fd43a776d4a6da1dac44408104649e9b7 upstream.
The device tree compiler complains that the dwc3 nodes have regs
properties but no matching unit addresses.
Add the unit addresses to the device node name. While at it, also rename
the nodes from "dwc3" to "usb", as gu
From: Kelly Littlepage
[ Upstream commit cc4de047b33be247f9c8150d3e496743a49642b8 ]
The stated intent of the original commit is to is to "return the timestamp
corresponding to the highest sequence number data returned." The current
implementation returns the timestamp for the last byte of the la
From: "Maciej Żenczykowski"
[ Upstream commit 09454fd0a4ce23cb3d8af65066c91a1bf27120dd ]
This reverts commit 19bda36c4299ce3d7e5bce10bebe01764a655a6d:
| ipv6: add mtu lock check in __ip6_rt_update_pmtu
|
| Prior to this patch, ipv6 didn't do mtu lock check in ip6_update_pmtu.
| It leaded to tha
From: Sergei Trofimovich
commit b1112139a103b4b1101d0d2d72931f2d33d8c978 upstream.
gcc-10 will rename --param=allow-store-data-races=0
to -fno-allow-store-data-races.
The flag change happened at https://gcc.gnu.org/PR92046.
Signed-off-by: Sergei Trofimovich
Acked-by: Jiri Kosina
Signed-off-b
From: Paolo Abeni
[ Upstream commit 57644431a6c2faac5d754ebd35780cf43a531b1a ]
In commit b406472b5ad7 ("net: ipv4: avoid mixed n_redirects and
rate_tokens usage") I missed the fact that a 0 'rate_tokens' will
bypass the backoff algorithm.
Since rate_tokens is cleared after a redirect silence, a
From: Luo bin
[ Upstream commit e8a1b0efd632d1c9db7d4e93da66377c7b524862 ]
if some function in ndo_stop interface returns failure because of
hardware fault, must go on excuting rest steps rather than return
failure directly, otherwise will cause memory leak.And bump the
timeout for SET_FUNC_STAT
From: Arnd Bergmann
[ Upstream commit dc30b4059f6e2abf3712ab537c8718562b21c45d ]
The current gcc-10 snapshot produces a false-positive warning:
net/core/drop_monitor.c: In function 'trace_drop_common.constprop':
cc1: error: writing 8 bytes into a region of size 0 [-Werror=stringop-overflow=]
In
On Fri, May 08, 2020 at 01:52:59PM +0300, Serge Semin wrote:
> Modern device tree bindings are supposed to be created as YAML-files
> in accordance with dt-schema. This commit replaces the Synopsis
> Designware DMA controller legacy bare text bindings with YAML file.
> The only required prorties ar
From: Paolo Abeni
[ Upstream commit eead1c2ea2509fd754c6da893a94f0e69e83ebe4 ]
The cipso and calipso code can set the MLS_CAT attribute on
successful parsing, even if the corresponding catmap has
not been allocated, as per current configuration and external
input.
Later, selinux code tries to a
From: Eric Dumazet
[ Upstream commit 24adbc1676af4e134e709ddc7f34cf2adc2131e4 ]
We autotune rcvbuf whenever SO_RCVLOWAT is set to account for 100%
overhead in tcp_set_rcvlowat()
This works well when skb->len/skb->truesize ratio is bigger than 0.5
But if we receive packets with small MSS, we ca
From: "Michael S. Tsirkin"
[ Upstream commit 01c3259818a11f3cc3cd767adbae6b45849c03c1 ]
When we fill up a receive VQ, try_fill_recv currently tries to count
kicks using a 64 bit stats counter. Turns out, on a 32 bit kernel that
uses a seqcount. sequence counts are "lock" constructs where you nee
From: Eric Dumazet
[ Upstream commit e776af608f692a7a647455106295fa34469e7475 ]
If user provides wrong virtual address in TCP_ZEROCOPY_RECEIVE
operation we want to return -EINVAL error.
But depending on zc->recv_skip_hint content, we might return
-EIO error if the socket has SOCK_DONE set.
Mak
From: Chris Wilson
[ Upstream commit 8c539776ac83c0857395e1ccc9c6b516521a2d32 ]
Make a note of the first time we discover the turbo mode has been
disabled by the BIOS, as otherwise we complain every time we try to
update the mode.
Signed-off-by: Chris Wilson
Signed-off-by: Rafael J. Wysocki
S
From: Linus Torvalds
commit 5c45de21a2223fe46cf9488c99a7fbcf01527670 upstream.
This is a fine warning, but we still have a number of zero-length arrays
in the kernel that come from the traditional gcc extension. Yes, they
are getting converted to flexible arrays, but in the meantime the gcc-10
On Fri, 2020-05-15 at 16:36 +0200, Christoph Hellwig wrote:
> C6x needs almost no cache flushing routines of its own. Rely on
> asm-generic/cacheflush.h for the defaults.
>
> Signed-off-by: Christoph Hellwig
> ---
> arch/c6x/include/asm/cacheflush.h | 19 +--
> 1 file changed, 1
From: Veerabhadrarao Badiganti
[ Upstream commit e6bfb1bf00852b55f4c771f47ae67004c04d3c87 ]
In the request completion path with CQE, request type is being checked
after the request is getting completed. This is resulting in returning
the wrong request type and leading to the IO hang issue.
ASYN
From: Dave Wysochanski
[ Upstream commit d9bfced1fbcb35b28d8fbed4e785d2807055ed2b ]
Commit 402cb8dda949 ("fscache: Attach the index key and aux data to
the cookie") added the index_key and index_key_len parameters to
fscache_acquire_cookie(), and updated the callers in the NFS client.
One of the
From: Arnd Bergmann
[ Upstream commit 6e31ded6895adfca9728cc9b72236e8f6d53 ]
nfs currently behaves differently on 32-bit and 64-bit kernels regarding
the on-disk format of nfs_fscache_inode_auxdata.
That format should really be the same on any kernel, and we should avoid
the 'timespec' type
From: Samu Nuutamo
[ Upstream commit 333e22db228f0bd0c839553015a6a8d3db4ba569 ]
When tsi-as-adc is configured it is possible for in7[0123]_input read to
return an incorrect value if a concurrent read to in[456]_input is
performed. This is caused by a concurrent manipulation of the mux
channel wi
From: Adrian Hunter
[ Upstream commit c077dc5e0620508a29497dac63a2822324ece52a ]
First, it should be noted that the CQE timeout (60 seconds) is substantial
so a CQE request that times out is really stuck, and the race between
timeout and completion is extremely unlikely. Nevertheless this patch
From: Andreas Gruenbacher
[ Upstream commit 566a2ab3c9005f62e784bd39022d58d34ef4365c ]
Make sure we don't walk past the end of the metadata in gfs2_walk_metadata: the
inode holds fewer pointers than indirect blocks.
Slightly clean up gfs2_iomap_get.
Fixes: a27a0c9b6a20 ("gfs2: gfs2_walk_metada
From: Jack Morgenstein
[ Upstream commit 6693ca95bd4330a0ad7326967e1f9bcedd6b0800 ]
In the mlx4_ib_post_send() flow, some functions call ib_get_cached_pkey()
without checking its return value. If ib_get_cached_pkey() returns an
error code, these functions should return failure.
Fixes: 1ffeb2eb8
From: Vasily Averin
[ Upstream commit 5e698222c70257d13ae0816720dde57c56f81e15 ]
Commit 89163f93c6f9 ("ipc/util.c: sysvipc_find_ipc() should increase
position index") is causing this bug (seen on 5.6.8):
# ipcs -q
-- Message Queues
keymsqid owner perms
From: Christoph Hellwig
[ Upstream commit d51c214541c5154dda3037289ee895ea3ded5ebd ]
The second argument is the end "pointer", not the length.
Fixes: d28f6df1305a ("arm64/kexec: Add core kexec support")
Cc: # 4.8.x-
Signed-off-by: Christoph Hellwig
Signed-off-by: Catalin Marinas
Signed-off-b
From: Arnd Bergmann
[ Upstream commit 2c407aca64977ede9b9f35158e919773cae2082f ]
gcc-10 warns around a suspicious access to an empty struct member:
net/netfilter/nf_conntrack_core.c: In function '__nf_conntrack_alloc':
net/netfilter/nf_conntrack_core.c:1522:9: warning: array subscript 0 is outs
On Mon, May 18, 2020 at 11:09:46AM -0700, Guenter Roeck wrote:
> On 5/18/20 7:23 AM, Mike Rapoport wrote:
> > On Mon, May 18, 2020 at 02:48:18AM -0700, Guenter Roeck wrote:
> >> On 5/18/20 1:37 AM, Will Deacon wrote:
> >>> On Sat, May 16, 2020 at 05:07:50PM -0700, Guenter Roeck wrote:
> On Sat
From: Sriharsha Allenki
commit 3c6f8cb92c9178fc0c66b580ea3df1fa3ac1155a upstream.
On platforms with IOMMU enabled, multiple SGs can be coalesced into one
by the IOMMU driver. In that case the SG list processing as part of the
completion of a urb on a bulk endpoint can result into a NULL pointer
Hi Weiyi,
On 15/5/20 5:35, Weiyi Lu wrote:
> On Mon, 2020-05-11 at 14:02 +0800, Weiyi Lu wrote:
>> On Wed, 2020-05-06 at 23:01 +0200, Enric Balletbo i Serra wrote:
>>> Hi Weiyi,
>>>
>>> Thank you for your patch.
>>>
>>> On 6/5/20 10:15, Weiyi Lu wrote:
Try to stop extending the clk_id or clk_
From: Kai Vehmanen
[ Upstream commit ca76282b6faffc83601c25bd2a95f635c03503ef ]
A race exists between build_pcms() and build_controls() phases of codec
setup. Build_pcms() sets up notifier for jack events. If a monitor event
is received before build_controls() is run, the initial jack state is
l
From: Kishon Vijay Abraham I
commit 90d4d3f4ea45370d482fa609dbae4d2281b4074f upstream.
Even though commit cfb5d65f2595 ("ARM: dts: dra7: Add bus_dma_limit
for L3 bus") added bus_dma_limit for L3 bus, the PCIe controller
gets incorrect value of bus_dma_limit.
Fix it by adding empty dma-ranges pr
From: Adam McCoy
commit a48137996063d22ffba77e077425f49873856ca5 upstream.
Failed async writes that are requeued may not clean up a refcount
on the file, which can result in a leaked open. This scenario arises
very reliably when using persistent handles and a reconnect occurs
while writing.
cif
From: Linus Torvalds
commit 5a76021c2eff7fcf2f0918a08fd8a37ce7922921 upstream.
This is the final array bounds warning removal for gcc-10 for now.
Again, the warning is good, and we should re-enable all these warnings
when we have converted all the legacy array declaration cases to
flexible arra
From: Fabio Estevam
commit 0caf34350a25907515d929a9c77b9b206aac6d1e upstream.
The I2C2 pins are already used and the following errors are seen:
imx27-pinctrl 10015000.iomuxc: pin MX27_PAD_I2C2_SDA already requested by
10012000.i2c; cannot claim for 1001d000.i2c
imx27-pinctrl 10015000.iomuxc: p
From: John Stultz
commit 00e21763f2c8cab21b7befa52996d1b18bde5c42 upstream.
The check for the HWO flag in dwc3_gadget_ep_reclaim_trb_sg()
causes us to break out of the loop before we call
dwc3_gadget_ep_reclaim_completed_trb(), which is what likely
should be clearing the HWO flag.
This can caus
From: Grace Kao
[ Upstream commit 69388e15f5078c961b9e5319e22baea4c57deff1 ]
According to Braswell NDA Specification Update (#557593),
concurrent read accesses may result in returning 0x and write
instructions may be dropped. We have an established format for the
commit references, i.e.
From: Jim Mattson
commit c4e0e4ab4cf3ec2b3f0b628ead108d677644ebd9 upstream.
Bank_num is a one-based count of banks, not a zero-based index. It
overflows the allocated space only when strictly greater than
KVM_MAX_MCE_BANKS.
Fixes: a9e38c3e01ad ("KVM: x86: Catch potential overrun in MCE setup")
Sasha Levin writes:
> +unsigned long x86_gsbase_read_cpu_inactive(void)
> +{
> + unsigned long gsbase;
> +
> + if (static_cpu_has(X86_FEATURE_FSGSBASE)) {
> + bool need_restore = false;
> + unsigned long flags;
> +
> + /*
> + * We read the i
t;
> Signed-off-by: Vinod Koul
Hi, I got a build error when I built an arm64 allmodconfig kernel.
building obj-arm64-next-20200518
aarch64-linux-gnu-ld: drivers/usb/host/xhci-pci.o: in function
`xhci_pci_remove':
/srv/src/kernel/next/obj-arm64-next-20200518/../drivers/usb/host/xhci-pci.c:4
From: Wei Yongjun
commit e8f7f9e3499a6d96f7f63a4818dc7d0f45a7783b upstream.
If 'usb_otg_descriptor_alloc()' fails, we must return a
negative error code -ENOMEM, not 0.
Fixes: ab6796ae9833 ("usb: gadget: cdc2: allocate and init otg descriptor by
otg capabilities")
Reported-by: Hulk Robot
Signe
From: Marc Zyngier
commit 018d4671b9bbd4a5c55cf6eab3e1dbc70a50b66e upstream.
On failing to prepare or enable a clock, remove the core structure
from the list it has been inserted as it is about to be freed.
This otherwise leads to random crashes when subsequent clocks get
registered, during whi
From: Sergei Trofimovich
commit b1112139a103b4b1101d0d2d72931f2d33d8c978 upstream.
gcc-10 will rename --param=allow-store-data-races=0
to -fno-allow-store-data-races.
The flag change happened at https://gcc.gnu.org/PR92046.
Signed-off-by: Sergei Trofimovich
Acked-by: Jiri Kosina
Signed-off-b
From: "Maciej Żenczykowski"
[ Upstream commit 09454fd0a4ce23cb3d8af65066c91a1bf27120dd ]
This reverts commit 19bda36c4299ce3d7e5bce10bebe01764a655a6d:
| ipv6: add mtu lock check in __ip6_rt_update_pmtu
|
| Prior to this patch, ipv6 didn't do mtu lock check in ip6_update_pmtu.
| It leaded to tha
From: Hugh Dickins
[ Upstream commit ea0dfeb4209b4eab954d6e00ed136bc6b48b380d ]
Recent commit 71725ed10c40 ("mm: huge tmpfs: try to split_huge_page()
when punching hole") has allowed syzkaller to probe deeper, uncovering a
long-standing lockdep issue between the irq-unsafe shmlock_user_lock,
the
From: Cong Wang
[ Upstream commit dd912306ff008891c82cd9f63e8181e47a9cb2fb ]
syzbot managed to trigger a recursive NETDEV_FEAT_CHANGE event
between bonding master and slave. I managed to find a reproducer
for this:
ip li set bond0 up
ifenslave bond0 eth0
brctl addbr br0
ethtool -K eth0
From: Ioana Ciornei
[ Upstream commit efa6a7d07523ffbbf6503c1a7eeb52201c15c0e3 ]
Depending on the WRIOP version, the buffer size on the RX path must by a
multiple of 64 or 256. Handle this restriction properly by aligning down
the buffer size to the necessary value. Also, use the new buffer size
From: Wu Bo
commit 83c6f2390040f188cc25b270b4befeb5628c1aee upstream.
If the __copy_from_user function failed we need to call sg_remove_request
in sg_write.
Link: https://lore.kernel.org/r/610618d9-e983-fd56-ed0f-639428343...@huawei.com
Acked-by: Douglas Gilbert
Signed-off-by: Wu Bo
Signed-of
On Mon, 2020-05-18 at 14:40 -0300, Ezequiel Garcia wrote:
> [PATCH 3/3] media: rkvdec: Add the VP9 backend
Oops, ^ should be v4 here.
Thanks,
Ezequiel
From: Borislav Petkov
commit a9a3ed1eff3601b63aea4fb462d8b3b92c7c1e7e upstream.
... or the odyssey of trying to disable the stack protector for the
function which generates the stack canary value.
The whole story started with Sergei reporting a boot crash with a kernel
built with gcc-10:
Ker
From: Stefan Hajnoczi
[ Upstream commit 90b5feb8c4bebc76c27fcaf3e1a0e5ca2d319e9e ]
A userspace process holding a file descriptor to a virtio_blk device can
still invoke block_device_operations after hot unplug. This leads to a
use-after-free accessing vblk->vdev in virtblk_getgeo() when
ioctl(H
From: Arnd Bergmann
[ Upstream commit 3a3a71f97c30983f1627c2c550d43566e9b634d2 ]
Older compilers warn about initializers with incorrect curly
braces:
drivers/gpu/drm/sun4i/sun6i_mipi_dsi.c: In function 'sun6i_dsi_encoder_enable':
drivers/gpu/drm/sun4i/sun6i_mipi_dsi.c:720:8: error: missing brac
From: Florian Fainelli
commit 86f8b1c01a0a537a73d2996615133be63cdf75db upstream.
Prior to 1d27732f411d ("net: dsa: setup and teardown ports"), we would
not treat failures to set-up an user port as fatal, but after this
commit we would, which is a regression for some systems where interfaces
may
From: Adam Ford
[ Upstream commit dc87f6dd058a648cd2a35e4aa04592dccdc9f0c2 ]
pca953x_gpio_set_config is setup to support pull-up/down
bias. Currently the driver uses a variable called 'config' to
determine which options to use. Unfortunately, this is incorrect.
This patch uses function pincon
From: Chuck Lever
[ Upstream commit 31c9590ae468478fe47dc0f5f0d3562b2f69450e ]
Refactor: This is a pre-requisite to fixing the client-side ralign
computation in gss_unwrap_resp_priv().
The length value is passed in explicitly rather that as the value
of buf->len. This will subsequently allow gs
From: Eric Dumazet
[ Upstream commit 24adbc1676af4e134e709ddc7f34cf2adc2131e4 ]
We autotune rcvbuf whenever SO_RCVLOWAT is set to account for 100%
overhead in tcp_set_rcvlowat()
This works well when skb->len/skb->truesize ratio is bigger than 0.5
But if we receive packets with small MSS, we ca
601 - 700 of 2060 matches
Mail list logo
