3.16.85-rc1 review patch. If anyone has any objections, please let me know.
--
From: Johannes Thumshirn
commit 48ae8484e9fc324b4968d33c585e54bc98e44d61 upstream.
If the list search in sg_get_rq_mark() fails to find a valid request, we
return a bogus element. This then can late
On 09/06/2020 18:56, Joe Perches wrote:
> These are _not_ netif_ control flags. Some are though.
> For instance:
>
> $ git grep "MODULE_PARM.*\bdebug\b" drivers/net | head -10
> [...]
>
> These are all level/class output controls.
TIL, thanks! I should have looked deeperrather than assuming
they
Mark
On 6/9/20 12:52 PM, Mark Brown wrote:
On Tue, Jun 09, 2020 at 12:28:39PM -0500, Dan Murphy wrote:
These programs and configurations are selectable via files under the I2C dev
node. There may be a better way to select this through ALSA controls but I was
unable to find a good example of t
3.16.85-rc1 review patch. If anyone has any objections, please let me know.
--
From: Li Bin
commit 849f8583e955dbe3a1806e03ecacd5e71cce0a08 upstream.
If the dxfer_len is greater than 256M then the request is invalid and we
need to call sg_remove_request in sg_common_write.
Li
3.16.85-rc1 review patch. If anyone has any objections, please let me know.
--
From: "Eric W. Biederman"
commit d1e7fd6462ca9fc76650fbe6ca800e35b24267da upstream.
Replace the 32bit exec_id with a 64bit exec_id to make it impossible
to wrap the exec_id counter. With care an at
3.16.85-rc1 review patch. If anyone has any objections, please let me know.
--
From: Hannes Reinecke
commit 4759df905a474d245752c9dc94288e779b8734dd upstream.
Factor out sg_fill_request_table() for better readability.
[mkp: typos, applied by hand]
Signed-off-by: Hannes Reine
3.16.85-rc1 review patch. If anyone has any objections, please let me know.
--
From: Mark Gross
commit 7222a1b5b87417f22265c92deea76a6aecd0fb0f upstream.
Add documentation for the SRBDS vulnerability and its mitigation.
[ bp: Massage.
jpoimboe: sysfs table strings. ]
Sig
3.16.85-rc1 review patch. If anyone has any objections, please let me know.
--
From: Johannes Thumshirn
commit 28676d869bbb5257b5f14c0c95ad3af3a7019dd5 upstream.
Check for a valid direction before starting the request, otherwise we
risk running into an assertion in the scsi mi
On 6/9/2020 10:49 AM, Nicolas Saenz Julienne wrote:
> The firmware running on the RPi VideoCore can be used to reset and
> initialize HW controlled by the firmware.
>
> Signed-off-by: Nicolas Saenz Julienne
>
> ---
>
> Changes since v1:
> - Correct cells binding as per Florian's comment
>
3.16.85-rc1 review patch. If anyone has any objections, please let me know.
--
From: Johannes Thumshirn
commit 68c59fcea1f2c6a54c62aa896cc623c1b5bc9b47 upstream.
SG_DXFER_FROM_DEV transfers do not necessarily have a dxferp as we set
it to NULL for the old sg_io read/write inte
3.16.85-rc1 review patch. If anyone has any objections, please let me know.
--
From: Hannes Reinecke
commit 1bc0eb0446158cc76562176b80623aa119afee5b upstream.
The 'reserved' page array is used as a short-cut for mapping data,
saving us to allocate pages per request. However, t
3.16.85-rc1 review patch. If anyone has any objections, please let me know.
--
From: Mark Gross
commit 7e5b3c267d256822407a22fdce6afdf9cd13f9fb upstream.
SRBDS is an MDS-like speculative side channel that can leak bits from the
random number generator (RNG) across cores and th
3.16.85-rc1 review patch. If anyone has any objections, please let me know.
--
From: "Jason A. Donenfeld"
commit 69efea712f5b0489e67d07565aad5c94e09a3e52 upstream.
It turns out that RDRAND is pretty slow. Comparing these two
constructions:
for (i = 0; i < CHACHA_BLOCK_SIZE;
Mark
On 6/9/20 12:58 PM, Mark Brown wrote:
On Tue, Jun 09, 2020 at 12:35:50PM -0500, Dan Murphy wrote:
On 6/9/20 12:31 PM, Mark Brown wrote:
Why not just use a standard name for the firmware? If the firmwares
vary per-board then building it using the machine compatible (or DMI
info) could han
3.16.85-rc1 review patch. If anyone has any objections, please let me know.
--
From: Alexander Potapenko
commit 1d605416fb7175e1adf094251466caa52093b413 upstream.
KMSAN reported uninitialized data being written to disk when dumping
core. As a result, several kilobytes of kmal
3.16.85-rc1 review patch. If anyone has any objections, please let me know.
--
From: Theodore Ts'o
commit 345c0dbf3a30872d9b204db96b5857cd00808cae upstream.
Add the blocks which belong to the journal inode to block_validity's
system zone so attempts to deallocate or overwrite
3.16.85-rc1 review patch. If anyone has any objections, please let me know.
--
From: Hannes Reinecke
commit 97d27b0dd015e980ade63fda111fd1353276e28b upstream.
sg_remove_sfp_usercontext() is clearing any sg requests, but needs to
take 'rq_list_lock' when modifying the list.
Re
3.16.85-rc1 review patch. If anyone has any objections, please let me know.
--
From: Hannes Reinecke
commit 136e57bf43dc4babbfb8783abbf707d483cacbe3 upstream.
Unused.
Signed-off-by: Hannes Reinecke
Reviewed-by: Johannes Thumshirn
Tested-by: Johannes Thumshirn
Reviewed-by:
3.16.85-rc1 review patch. If anyone has any objections, please let me know.
--
From: David Mosberger
commit 98b74b0ee57af1bcb6e8b2e76e707a71c5ef8ec9 upstream.
usb_submit_urb() may take quite long to execute. For example, a
single sg list may have 30 or more entries, possibly
3.16.85-rc1 review patch. If anyone has any objections, please let me know.
--
From: Hannes Reinecke
commit 3e0097499839e0fe3af380410eababe5a47c4cf9 upstream.
When calling SG_GET_REQUEST_TABLE ioctl only a half-filled table is
returned; the remaining part will then contain sta
3.16.85-rc1 review patch. If anyone has any objections, please let me know.
--
From: Jia Zhang
commit b399151cb48db30ad1e0e93dd40d68c6d007b637 upstream.
x86_mask is a confusing name which is hard to associate with the
processor's stepping.
Additionally, correct an indent issu
3.16.85-rc1 review patch. If anyone has any objections, please let me know.
--
From: Marek Milkovic
commit cded3fffbeab777e6ad2ec05d4a3b62c5caca0f3 upstream.
This prints the 'sclass' field as string instead of index in unrecognized
netlink message.
The textual representation
This is the start of the stable review cycle for the 3.16.85 release.
There are 61 patches in this series, which will be posted as responses
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Thu Jun 11 18:03:51 UTC 2020.
Anything recei
3.16.85-rc1 review patch. If anyone has any objections, please let me know.
--
From: Johannes Thumshirn
commit f930c7043663188429cd9b254e9d761edfc101ce upstream.
Don't make any assumptions on the sg_io_hdr_t::dxfer_direction or the
sg_io_hdr_t::dxferp in order to determine if
3.16.85-rc1 review patch. If anyone has any objections, please let me know.
--
From: Alan Stern
commit 056ad39ee9253873522f6469c3364964a322912b upstream.
FuzzUSB (a variant of syzkaller) found a free-while-still-in-use bug
in the USB scatter-gather library:
BUG: KASAN: use-af
* Drew Fustini [200608 12:52]:
> This patch causes pcs_parse_pinconf() to return -ENOTSUPP when no
> pinctrl_map is added. The current behavior is to return 0 when
> !PCS_HAS_PINCONF or !nconfs. Thus pcs_parse_one_pinctrl_entry()
> incorrectly assumes that a map was added and sets num_maps = 2.
3.16.85-rc1 review patch. If anyone has any objections, please let me know.
--
From: Hannes Reinecke
commit 109bade9c625c89bb5ea753aaa1a0a97e6fbb548 upstream.
'Sg_request' is using a private list implementation; convert it to
standard lists.
Signed-off-by: Hannes Reinecke
Re
3.16.85-rc1 review patch. If anyone has any objections, please let me know.
--
From: Vladis Dronov
commit 76319946f321e30872dd72af7de867cb26e7a373 upstream.
Any process is able to send netlink messages with invalid types.
Make the warning rate-limited to prevent too much log s
3.16.85-rc1 review patch. If anyone has any objections, please let me know.
--
From: Tony Battersby
commit c170e5a8d222537e98aa8d4fddb667ff7a2ee114 upstream.
Fix a minor memory leak when there is an error opening a /dev/sg device.
Fixes: cc833acbee9d ("sg: O_EXCL and other lo
From: Srinivas Kandagatla
commit 8d9eb0d6d59a5d7028c80a30831143d3e75515a7 upstream.
qfprom has different address spaces for read and write. Reads are
always done from corrected address space, where as writes are done
on raw address space.
Writing to corrected address space is invalid and ignored
From: Daniele Palmas
[ Upstream commit 591612aa578cd7148b7b9d74869ef40118978389 ]
Add support for Telit LE910C1-EUX composition
0x1031: tty, tty, tty, rmnet
Signed-off-by: Daniele Palmas
Acked-by: Bjørn Mork
Signed-off-by: David S. Miller
Signed-off-by: Greg Kroah-Hartman
---
drivers/net/u
From: Josh Poimboeuf
commit 3798cc4d106e91382bfe016caa2edada27c2bb3f upstream
Make the docs match the code.
Signed-off-by: Josh Poimboeuf
Signed-off-by: Thomas Gleixner
Signed-off-by: Greg Kroah-Hartman
---
Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst |
7
From: Chuhong Yuan
[ Upstream commit 3decabdc714ca56c944f4669b4cdec5c2c1cea23 ]
st21nfca_tm_send_atr_res() misses to call kfree_skb() in an error path.
Add the missed function call to fix it.
Fixes: 1892bf844ea0 ("NFC: st21nfca: Adding P2P support to st21nfca in
Initiator & Target mode")
Signe
From: Oleg Nesterov
commit 013b2deba9a6b80ca02f4fafd7dedf875e9b4450 upstream.
uprobe_write_opcode() must not cross page boundary; prepare_uprobe()
relies on arch_uprobe_analyze_insn() which should validate "vaddr" but
some architectures (csky, s390, and sparc) don't do this.
We can remove the B
From: Greg Kroah-Hartman
This reverts commit 95fde2e46860c183f6f47a99381a3b9bff488bd5 which is
commit 9ca415399dae133b00273a4283ef31d003a6818d upstream.
It was backported incorrectly, Paul writes at:
https://lore.kernel.org/r/20200607203425.gd23...@windriver.com
I happened to no
From: Yang Yingliang
[ Upstream commit 1b49cd71b52403822731dc9f283185d1da355f97 ]
When devinet_sysctl_register() failed, the memory allocated
in neigh_parms_alloc() should be freed.
Fixes: 20e61da7ffcf ("ipv4: fail early when creating netdev named all or
default")
Signed-off-by: Yang Yingliang
Commit 0e764a01015d ("iommu/arm-smmu: Allow client devices to select
direct mapping") sets the initial domain type to SMMU_DOMAIN_IDENTITY
for devices that select direct mapping. This ends up setting the domain
as ARM_SMMU_DOMAIN_BYPASS which causes the stream ID mappings
for the device to be progr
From: Eric Dumazet
[ Upstream commit d9a81a225277686eb629938986d97629ea102633 ]
syzbot was able to trigger a crash after using an ISDN socket
and fool l2tp.
Fix this by making sure the UDP socket is of the proper family.
BUG: KASAN: slab-out-of-bounds in setup_udp_tunnel_sock+0x465/0x540
net/
From: Daniele Palmas
commit 399ad9477c523f721f8e51d4f824bdf7267f120c upstream.
Add Telit LE910C1-EUX compositions:
0x1031: tty, tty, tty, rmnet
0x1033: tty, tty, tty, ecm
Signed-off-by: Daniele Palmas
Link: https://lore.kernel.org/r/20200525211106.27338-1-dnl...@gmail.com
Cc:
From: Eric Dumazet
[ Upstream commit 7c6d2ecbda83150b2036a2b36b21381ad4667762 ]
Recent change in virtio_net_hdr_to_skb() broke some packetdrill tests.
When --mss=XXX option is set, packetdrill always provide gso_type & gso_size
for its inbound packets, regardless of packet size.
if (pa
From: Willem de Bruijn
[ Upstream commit 6dd912f82680761d8fb6b1bb274a69d4c7010988 ]
Syzkaller again found a path to a kernel crash through bad gso input:
a packet with gso size exceeding len.
These packets are dropped in tcp_gso_segment and udp[46]_ufo_fragment.
But they may affect gso size cal
From: Stefano Garzarella
[ Upstream commit 7e0afbdfd13d1e708fe96e31c46c4897101a6a43 ]
The accept(2) is an "input" socket interface, so we should use
SO_RCVTIMEO instead of SO_SNDTIMEO to set the timeout.
So this patch replace sock_sndtimeo() with sock_rcvtimeo() to
use the right timeout in the
From: Mathieu Othacehe
commit 18dfb5326370991c81a6d1ed6d1aeee055cb8c05 upstream.
The bytes returned by the i2c reading need to be swapped
unconditionally. Otherwise, on be16 platforms, an incorrect value will be
returned.
Taking the slow path via next merge window as its been around a while
and
From: Bin Liu
commit 986c1748c84d7727defeaeca74a73b37f7d5cce1 upstream.
usb_wwan_indat_callback() shouldn't resubmit rx urb if the previous urb
status is a fatal error. Or the usb controller would keep processing the
new urbs then run into interrupt storm, and has no chance to recover.
Fixes: 6
Gidday,
The Linux man-pages maintainer proudly announces:
man-pages-5.07 - man pages for Linux
This release resulted from patches, bug reports, reviews, and
comments from over 80 people, with over 380 commits making changes
to more than 380 pages. One new page was added in this
release, and
From: Mark Gross
commit e9d7144597b10ff13ff2264c059f7d4a7fbc89ac upstream
Intel uses the same family/model for several CPUs. Sometimes the
stepping must be checked to tell them apart.
On x86 there can be at most 16 steppings. Add a steppings bitmask to
x86_cpu_id and a X86_MATCH_VENDOR_FAMILY_M
From: Srinivas Kandagatla
commit 8d9eb0d6d59a5d7028c80a30831143d3e75515a7 upstream.
qfprom has different address spaces for read and write. Reads are
always done from corrected address space, where as writes are done
on raw address space.
Writing to corrected address space is invalid and ignored
From: Oliver Neukum
commit 97fe809934dd2b0b37dfef3a2fc70417f485d7af upstream.
If buffers are iterated over in the error case, the lower limits
for quirky devices must be heeded.
Signed-off-by: Oliver Neukum
Reported-by: Jean Rene Dawin
Fixes: a4e7279cd1d19 ("cdc-acm: introduce a cool down")
C
On 6/9/20 10:35 AM, Steve Grubb wrote:
If it is added, it should be appended to the end of the record since it
is an existing record format, then in the case of res=1, errno= should
still be present (not swing in and out) and just contain zero. (Or
another value if there is a non-fatal warning?
From: Chuhong Yuan
[ Upstream commit 3decabdc714ca56c944f4669b4cdec5c2c1cea23 ]
st21nfca_tm_send_atr_res() misses to call kfree_skb() in an error path.
Add the missed function call to fix it.
Fixes: 1892bf844ea0 ("NFC: st21nfca: Adding P2P support to st21nfca in
Initiator & Target mode")
Signe
From: Eric Dumazet
[ Upstream commit 02c71b144c811bcdd865e0a1226d0407d11357e8 ]
syzbot recently found a way to crash the kernel [1]
Issue here is that inet_hash() & inet_unhash() are currently
only meant to be used by TCP & DCCP, since only these protocols
provide the needed hashinfo pointer.
From: Fugang Duan
[ Upstream commit f2fb6b6275eba9d312957ca44c487bd780da6169 ]
For rx filter 'HWTSTAMP_FILTER_PTP_V2_EVENT', it should be
PTP v2/802.AS1, any layer, any kind of event packet, but HW only
take timestamp snapshot for below PTP message: sync, Pdelay_req,
Pdelay_resp.
Then it causes
From: Jonathan Cameron
commit a5bf6fdd19c327bcfd9073a8740fa19ca4525fd4 upstream.
One of a class of bugs pointed out by Lars in a recent review.
iio_push_to_buffers_with_timestamp assumes the buffer used is aligned
to the size of the timestamp (8 bytes). This is not guaranteed in
this driver whi
From: Oliver Neukum
commit 97fe809934dd2b0b37dfef3a2fc70417f485d7af upstream.
If buffers are iterated over in the error case, the lower limits
for quirky devices must be heeded.
Signed-off-by: Oliver Neukum
Reported-by: Jean Rene Dawin
Fixes: a4e7279cd1d19 ("cdc-acm: introduce a cool down")
C
From: Mark Gross
commit e9d7144597b10ff13ff2264c059f7d4a7fbc89ac upstream
Intel uses the same family/model for several CPUs. Sometimes the
stepping must be checked to tell them apart.
On x86 there can be at most 16 steppings. Add a steppings bitmask to
x86_cpu_id and a X86_MATCH_VENDOR_FAMILY_M
From: Mark Gross
commit 7222a1b5b87417f22265c92deea76a6aecd0fb0f upstream
Add documentation for the SRBDS vulnerability and its mitigation.
[ bp: Massage.
jpoimboe: sysfs table strings. ]
Signed-off-by: Mark Gross
Signed-off-by: Borislav Petkov
Reviewed-by: Tony Luck
Reviewed-by: Josh P
From: Josh Poimboeuf
commit 3798cc4d106e91382bfe016caa2edada27c2bb3f upstream
Make the docs match the code.
Signed-off-by: Josh Poimboeuf
Signed-off-by: Thomas Gleixner
Signed-off-by: Greg Kroah-Hartman
---
Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst |
7
From: Bin Liu
commit 986c1748c84d7727defeaeca74a73b37f7d5cce1 upstream.
usb_wwan_indat_callback() shouldn't resubmit rx urb if the previous urb
status is a fatal error. Or the usb controller would keep processing the
new urbs then run into interrupt storm, and has no chance to recover.
Fixes: 6
From: Jonathan Cameron
commit 13e945631c2ffb946c0af342812a3cd39227de6e upstream.
One of a class of bugs pointed out by Lars in a recent review.
iio_push_to_buffers_with_timestamp assumes the buffer used is aligned
to the size of the timestamp (8 bytes). This is not guaranteed in
this driver whi
From: Yang Yingliang
[ Upstream commit 1b49cd71b52403822731dc9f283185d1da355f97 ]
When devinet_sysctl_register() failed, the memory allocated
in neigh_parms_alloc() should be freed.
Fixes: 20e61da7ffcf ("ipv4: fail early when creating netdev named all or
default")
Signed-off-by: Yang Yingliang
From: Mark Bloch
[ Upstream commit 8fc3e29be9248048f449793502c15af329f35c6e ]
Currently a Linux system with the mlx5 NIC always crashes upon
hibernation - suspend/resume.
Add basic callbacks so the NIC could be suspended and resumed.
Fixes: 9603b61de1ee ("mlx5: Move pci device handling from ml
From: Bin Liu
commit 7f88a5ac393f39319f69b8b20cc8d5759878d1a1 upstream.
Commit 17539f2f4f0b ("usb: musb: fix enumeration after resume") replaced
musb_start() in musb_resume() to not override softconnect bit, but it
doesn't restart the session for host port which was done in musb_start().
The ses
From: Yang Yingliang
[ Upstream commit 1b49cd71b52403822731dc9f283185d1da355f97 ]
When devinet_sysctl_register() failed, the memory allocated
in neigh_parms_alloc() should be freed.
Fixes: 20e61da7ffcf ("ipv4: fail early when creating netdev named all or
default")
Signed-off-by: Yang Yingliang
This is the start of the stable review cycle for the 5.6.18 release.
There are 41 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Thu, 11 Jun 2020 17:40:51 +.
Anything rece
On Mon, Jun 08, 2020 at 02:57:17PM +0200, Frederic Weisbecker wrote:
> On Thu, Jun 04, 2020 at 09:36:55AM -0700, Paul E. McKenney wrote:
> > On Thu, Jun 04, 2020 at 01:41:22PM +0200, Frederic Weisbecker wrote:
> > > On Fri, May 22, 2020 at 10:57:39AM -0700, Paul E. McKenney wrote:
> > > > On Wed, M
From: Daniele Palmas
[ Upstream commit 591612aa578cd7148b7b9d74869ef40118978389 ]
Add support for Telit LE910C1-EUX composition
0x1031: tty, tty, tty, rmnet
Signed-off-by: Daniele Palmas
Acked-by: Bjørn Mork
Signed-off-by: David S. Miller
Signed-off-by: Greg Kroah-Hartman
---
drivers/net/u
From: Eric Dumazet
[ Upstream commit d9a81a225277686eb629938986d97629ea102633 ]
syzbot was able to trigger a crash after using an ISDN socket
and fool l2tp.
Fix this by making sure the UDP socket is of the proper family.
BUG: KASAN: slab-out-of-bounds in setup_udp_tunnel_sock+0x465/0x540
net/
On Tue, Jun 09, 2020 at 12:28:39PM -0500, Dan Murphy wrote:
> These programs and configurations are selectable via files under the I2C dev
> node. There may be a better way to select this through ALSA controls but I
> was
> unable to find a good example of this. This is why this is an RFC patch
From: Bin Liu
commit 986c1748c84d7727defeaeca74a73b37f7d5cce1 upstream.
usb_wwan_indat_callback() shouldn't resubmit rx urb if the previous urb
status is a fatal error. Or the usb controller would keep processing the
new urbs then run into interrupt storm, and has no chance to recover.
Fixes: 6
From: Chuhong Yuan
[ Upstream commit 3decabdc714ca56c944f4669b4cdec5c2c1cea23 ]
st21nfca_tm_send_atr_res() misses to call kfree_skb() in an error path.
Add the missed function call to fix it.
Fixes: 1892bf844ea0 ("NFC: st21nfca: Adding P2P support to st21nfca in
Initiator & Target mode")
Signe
From: Stefano Garzarella
[ Upstream commit 7e0afbdfd13d1e708fe96e31c46c4897101a6a43 ]
The accept(2) is an "input" socket interface, so we should use
SO_RCVTIMEO instead of SO_SNDTIMEO to set the timeout.
So this patch replace sock_sndtimeo() with sock_rcvtimeo() to
use the right timeout in the
From: Heinrich Kuhn
[ Upstream commit 5b186cd60f033110960a3db424ffbd6de4cee528 ]
Prior to this change the correct value for the used counter is calculated
but not stored nor, therefore, propagated to user-space. In use-cases such
as OVS use-case at least this results in active flows being remove
From: Jonathan Cameron
commit 13e945631c2ffb946c0af342812a3cd39227de6e upstream.
One of a class of bugs pointed out by Lars in a recent review.
iio_push_to_buffers_with_timestamp assumes the buffer used is aligned
to the size of the timestamp (8 bytes). This is not guaranteed in
this driver whi
From: Matt Jolly
commit 3429444abdd9dbd5faebd9bee552ec6162b17ad6 upstream.
Add support for Dell Wireless 5816e Download Mode (AKA boot & hold mode /
QDL download mode) to drivers/usb/serial/qcserial.c
This is required to update device firmware.
Signed-off-by: Matt Jolly
Cc: sta...@vger.kernel
From: Michael Hanselmann
commit c404bf4aa9236cb4d1068e499ae42acf48a6ff97 upstream.
A subset of CH341 devices does not support all features, namely the
prescaler is limited to a reduced precision and there is no support for
sending a RS232 break condition. This patch adds a detection function
whi
From: Jonathan Cameron
commit a5bf6fdd19c327bcfd9073a8740fa19ca4525fd4 upstream.
One of a class of bugs pointed out by Lars in a recent review.
iio_push_to_buffers_with_timestamp assumes the buffer used is aligned
to the size of the timestamp (8 bytes). This is not guaranteed in
this driver whi
From: Fabrice Gasnier
commit 10134ec3f8cefa6a40fe84987f1795e9e0da9715 upstream.
A wrong error message is printed out currently, like on STM32MP15:
- stm32-adc-core 48003000.adc: IRQ index 2 not found.
This is seen since commit 7723f4c5ecdb ("driver core: platform: Add an
error message to platfo
From: Heinrich Kuhn
[ Upstream commit 5b186cd60f033110960a3db424ffbd6de4cee528 ]
Prior to this change the correct value for the used counter is calculated
but not stored nor, therefore, propagated to user-space. In use-cases such
as OVS use-case at least this results in active flows being remove
From: Bin Liu
commit 7f88a5ac393f39319f69b8b20cc8d5759878d1a1 upstream.
Commit 17539f2f4f0b ("usb: musb: fix enumeration after resume") replaced
musb_start() in musb_resume() to not override softconnect bit, but it
doesn't restart the session for host port which was done in musb_start().
The ses
Thanks Dan for the consideration and taking time to look into this.
My responses below:
Dan Williams writes:
> On Mon, Jun 8, 2020 at 5:16 PM kernel test robot wrote:
>>
>> Hi Vaibhav,
>>
>> Thank you for the patch! Perhaps something to improve:
>>
>> [auto build test WARNING on powerpc/next]
From: Tony W Wang-oc
commit 1e41a766c98b481400ab8c5a7aa8ea63a1bb03de upstream.
New Zhaoxin family 7 CPUs are not affected by SPECTRE_V2. So define a
separate cpu_vuln_whitelist bit NO_SPECTRE_V2 and add these CPUs to the cpu
vulnerability whitelist.
Signed-off-by: Tony W Wang-oc
Signed-off-by:
From: Dinghao Liu
commit e4befc121df03dc8ed2ac1031c98f9538e244bae upstream.
When copy_from_user() returns an error code, there
is a runtime PM usage counter imbalance.
Fix this by moving copy_from_user() to the beginning
of this function.
Fixes: 7b6c1b4c0e1e ("usb: musb: fix runtime PM in debu
From: Oliver Neukum
commit 97fe809934dd2b0b37dfef3a2fc70417f485d7af upstream.
If buffers are iterated over in the error case, the lower limits
for quirky devices must be heeded.
Signed-off-by: Oliver Neukum
Reported-by: Jean Rene Dawin
Fixes: a4e7279cd1d19 ("cdc-acm: introduce a cool down")
C
From: Jiri Slaby
commit 24eb2377f977fe06d84fca558f891f95bc28a449 upstream.
hvc_open sets tty->driver_data to NULL when open fails at some point.
Typically, the failure happens in hp->ops->notifier_add(). If there is
a racing process which tries to open such mangled tty, which was not
closed yet,
From: Srinivas Kandagatla
commit 8d9eb0d6d59a5d7028c80a30831143d3e75515a7 upstream.
qfprom has different address spaces for read and write. Reads are
always done from corrected address space, where as writes are done
on raw address space.
Writing to corrected address space is invalid and ignored
From: Dmitry Torokhov
commit b86dab054059b970111b5516ae548efaae5b3aae upstream.
When k_ascii is invoked several times in a row there is a potential for
signed integer overflow:
UBSAN: Undefined behaviour in drivers/tty/vt/keyboard.c:888:19 signed integer
overflow:
10 * 11 cannot be rep
From: Stefano Garzarella
[ Upstream commit 7e0afbdfd13d1e708fe96e31c46c4897101a6a43 ]
The accept(2) is an "input" socket interface, so we should use
SO_RCVTIMEO instead of SO_SNDTIMEO to set the timeout.
So this patch replace sock_sndtimeo() with sock_rcvtimeo() to
use the right timeout in the
Add emulation/spoofing of SLDT and STR for both 32- and 64-bit
processes.
Wine users have found a small number of Windows apps using SLDT that
were crashing when run on UMIP-enabled systems.
Reported-by: Andreas Rammhold
Originally-by: Ricardo Neri
Signed-off-by: Brendan Shanks
---
v4: Use br
From: Davide Caratti
[ Upstream commit bb2f930d6dd708469a587dc9ed1efe1ef969c0bf ]
this command hangs forever:
# tc qdisc add dev eth0 root fq_pie flows 65536
watchdog: BUG: soft lockup - CPU#1 stuck for 23s! [tc:1028]
[...]
CPU: 1 PID: 1028 Comm: tc Not tainted 5.7.0-rc6+ #167
RIP: 0010:f
From: Jonas Falkevik
[ Upstream commit 45ebf73ebcec88a34a778f5feaa0b82b1c76069e ]
Make sure SCTP_ADDR_{MADE_PRIM,ADDED} are sent only for associations
that have been established.
These events are described in rfc6458#section-6.1
SCTP_PEER_ADDR_CHANGE:
This tag indicates that an address that is
From: Jia He
[ Upstream commit 8692cefc433f282228fd44938dd4d26ed38254a2 ]
When client on the host tries to connect(SOCK_STREAM, O_NONBLOCK) to the
server on the guest, there will be a panic on a ThunderX2 (armv8a server):
[ 463.718844] Unable to handle kernel NULL pointer dereference at virtua
From: Josh Poimboeuf
commit 3798cc4d106e91382bfe016caa2edada27c2bb3f upstream
Make the docs match the code.
Signed-off-by: Josh Poimboeuf
Signed-off-by: Thomas Gleixner
Signed-off-by: Greg Kroah-Hartman
---
Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst |
7
From: Oleg Nesterov
commit 013b2deba9a6b80ca02f4fafd7dedf875e9b4450 upstream.
uprobe_write_opcode() must not cross page boundary; prepare_uprobe()
relies on arch_uprobe_analyze_insn() which should validate "vaddr" but
some architectures (csky, s390, and sparc) don't do this.
We can remove the B
From: Bin Liu
commit 986c1748c84d7727defeaeca74a73b37f7d5cce1 upstream.
usb_wwan_indat_callback() shouldn't resubmit rx urb if the previous urb
status is a fatal error. Or the usb controller would keep processing the
new urbs then run into interrupt storm, and has no chance to recover.
Fixes: 6
From: Greg Kroah-Hartman
This reverts commit 9b035b08e7e5fe7b2e75636324edf41ee30c5f94 which is
commit 9ca415399dae133b00273a4283ef31d003a6818d upstream.
It was backported incorrectly, Paul writes at:
https://lore.kernel.org/r/20200607203425.gd23...@windriver.com
I happened to no
From: Dinghao Liu
commit e4befc121df03dc8ed2ac1031c98f9538e244bae upstream.
When copy_from_user() returns an error code, there
is a runtime PM usage counter imbalance.
Fix this by moving copy_from_user() to the beginning
of this function.
Fixes: 7b6c1b4c0e1e ("usb: musb: fix runtime PM in debu
From: Jiri Slaby
commit 24eb2377f977fe06d84fca558f891f95bc28a449 upstream.
hvc_open sets tty->driver_data to NULL when open fails at some point.
Typically, the failure happens in hp->ops->notifier_add(). If there is
a racing process which tries to open such mangled tty, which was not
closed yet,
From: Bin Liu
commit 7f88a5ac393f39319f69b8b20cc8d5759878d1a1 upstream.
Commit 17539f2f4f0b ("usb: musb: fix enumeration after resume") replaced
musb_start() in musb_resume() to not override softconnect bit, but it
doesn't restart the session for host port which was done in musb_start().
The ses
From: Jonathan Cameron
commit a5bf6fdd19c327bcfd9073a8740fa19ca4525fd4 upstream.
One of a class of bugs pointed out by Lars in a recent review.
iio_push_to_buffers_with_timestamp assumes the buffer used is aligned
to the size of the timestamp (8 bytes). This is not guaranteed in
this driver whi
From: Mathieu Othacehe
commit 18dfb5326370991c81a6d1ed6d1aeee055cb8c05 upstream.
The bytes returned by the i2c reading need to be swapped
unconditionally. Otherwise, on be16 platforms, an incorrect value will be
returned.
Taking the slow path via next merge window as its been around a while
and
601 - 700 of 1572 matches
Mail list logo
