From: Andre Przywara
[ Upstream commit 3dd4ce4185df6798dcdcc3669bddb35899d7d5e1 ]
Commit 941432d00768 ("arm64: dts: allwinner: Drop non-removable from
SoPine/LTS SD card") enabled the card detect GPIO for the SOPine module,
along the way with the Pine64-LTS, which share the same base .dtsi.
From: Tony Lindgren
[ Upstream commit fc85dc42a38405099f97aa2af709fe9504a82508 ]
Fix uninitialized sr_inst.
Fixes: fbfa463be8dc ("ARM: OMAP2+: Fix smartreflex init regression after
dropping legacy data")
Reported-by: kernel test robot
Signed-off-by: Tony Lindgren
Signed-off-by: Sasha Levin
Le 16/04/2021 à 12:51, Steven Price a écrit :
On 16/04/2021 11:38, Christophe Leroy wrote:
Le 16/04/2021 à 11:28, Steven Price a écrit :
On 15/04/2021 18:18, Christophe Leroy wrote:
To be honest I don't fully understand why powerpc requires the page_size - it appears to be using
it
From: Vladimir Murzin
[ Upstream commit 45c2f70cba3a7eff34574103b2e2b901a5f771aa ]
for_each_mem_range() uses a loop variable, yet looking into code it is
not just iteration counter but more complex entity which encodes
information about memblock. Thus condition i == 0 looks fragile.
Indeed, it
From: Ard Biesheuvel
[ Upstream commit d624833f5984d484c5e3196f34b926f9e71dafee ]
The debugging code for kmap_local() doubles the number of per-CPU fixmap
slots allocated for kmap_local(), in order to use half of them as guard
regions. This causes the fixmap region to grow downwards beyond the
From: Russell King
[ Upstream commit 30e3b4f256b4e366a61658c294f6a21b8626dda7 ]
Since commit 30fdfb929e82 ("PCI: Add a call to pci_assign_irq() in
pci_device_probe()"), the PCI code will call the IRQ mapping function
whenever a PCI driver is probed. If these are marked as __init, this
causes an
From: Tony Lindgren
[ Upstream commit a3efe3f6d0eb64363f74af4b0e8ba6d19415cef2 ]
Fix warning: no previous prototype for 'omap_init_time_of'.
Fixes: e69b4e1a7577 ("ARM: OMAP2+: Add omap_init_time_of()")
Reported-by: kernel test robot
Signed-off-by: Tony Lindgren
Signed-off-by: Sasha Levin
From: Daniel Borkmann
commit f528819334881fd622fdadeddb3f7edaed8b7c9b upstream.
Add a small sanitize_needed() helper function and move sanitize_val_alu()
out of the main opcode switch. In upcoming work, we'll move sanitize_ptr_alu()
as well out of its opcode switch so this helps to streamline
From: Daniel Borkmann
commit a6aaece00a57fa6f22575364b3903dfbccf5345d upstream.
Consolidate all error handling and provide more user-friendly error messages
from sanitize_ptr_alu() and sanitize_val_alu().
Signed-off-by: Daniel Borkmann
Reviewed-by: John Fastabend
Acked-by: Alexei Starovoitov
From: Daniel Borkmann
[ Upstream commit 6f55b2f2a1178856c19bbce2f71449926e731914 ]
Small refactor to drag off_reg into sanitize_ptr_alu(), so we later on can
use off_reg for generalizing some of the checks for all pointer types.
Signed-off-by: Daniel Borkmann
Reviewed-by: John Fastabend
From: Daniel Borkmann
commit b658bbb844e28f1862867f37e8ca11a8e2aa94a3 upstream.
Small refactor with no semantic changes in order to consolidate the max
ptr_limit boundary check.
Signed-off-by: Daniel Borkmann
Reviewed-by: John Fastabend
Acked-by: Alexei Starovoitov
Signed-off-by: Greg
From: Fredrik Strupe
commit d2f7eca60b29006285d57c7035539e33300e89e5 upstream.
Since uprobes is not supported for thumb, check that the thumb bit is
not set when matching the uprobes instruction hooks.
The Arm UDF instructions used for uprobes triggering
(UPROBE_SWBP_ARM_INSN and
From: Daniel Borkmann
[ Upstream commit 24c109bb1537c12c02aeed2d51a347b4d6a9b76e ]
The mixed signed bounds check really belongs into retrieve_ptr_limit()
instead of outside of it in adjust_ptr_min_max_vals(). The reason is
that this check is not tied to PTR_TO_MAP_VALUE only, but to all pointer
From: Eric Dumazet
commit 38ec4944b593fd90c5ef4253e66ae5769d04 upstream.
After commit 0f6925b3e8da ("virtio_net: Do not pull payload in skb->head")
Guenter Roeck reported one failure in his tests using sh architecture.
After much debugging, we have been able to spot silent unaligned
From: Heiner Kallweit
[ Upstream commit 5e00e16cb98935bcf06f51931876d898c226f65c ]
So far we don't increase the max read request size if we switch to
jumbo mode before bringing up the interface for the first time.
Let's change this.
Signed-off-by: Heiner Kallweit
Signed-off-by: Jakub Kicinski
From: Heiner Kallweit
[ Upstream commit 453a77894efa4d9b6ef9644d74b9419c47ac427c ]
It has been reported [0] that using pause frames in jumbo mode impacts
performance. There's no available chip documentation, but vendor
drivers r8168 and r8125 don't advertise pause in jumbo mode. So let's
do the
From: Walter Wu
[ Upstream commit 02c587733c8161355a43e6e110c2e29bd0acff72 ]
CONFIG_KASAN_STACK and CONFIG_KASAN_STACK_ENABLE both enable KASAN stack
instrumentation, but we should only need one config, so that we remove
CONFIG_KASAN_STACK_ENABLE and make CONFIG_KASAN_STACK workable. see [1].
From: Arnd Bergmann
[ Upstream commit 5c595ac4c776c44b5c59de22ab43b3fe256d9fbb ]
gcc-11 adds support for -fsanitize=kernel-hwaddress, so it becomes
possible to enable CONFIG_KASAN_SW_TAGS.
Unfortunately this fails to build at the moment, because the
corresponding command line arguments use
From: Reiji Watanabe
[ Upstream commit 04c4f2ee3f68c9a4bf1653d15f1a9a435ae33f7a ]
__vmx_handle_exit() uses vcpu->run->internal.ndata as an index for
an array access. Since vcpu->run is (can be) mapped to a user address
space with a writer permission, the 'ndata' could be updated by the
user
From: Sean Christopherson
[ Upstream commit 8e53324021645f820a01bf8aa745711c802c8542 ]
Convert vcpu_vmx.exit_reason from a u32 to a union (of size u32). The
full VM_EXIT_REASON field is comprised of a 16-bit basic exit reason in
bits 15:0, and single-bit modifiers in bits 31:16.
Historically,
On 2021/4/19 17:07, Daniel Thompson wrote:
> On Sat, Apr 17, 2021 at 06:17:10PM +0800, Yicong Yang wrote:
>> Document the introduction and usage of HiSilicon PTT device driver.
>>
>> Signed-off-by: Yicong Yang
>> ---
>> Documentation/trace/hisi-ptt.rst | 326
>>
From: Vinay Kumar Yadav
commit e8a4155567b3c903f49cbf89b8017e9cc22c4fe4 upstream.
snd_una update should not be done when the same skb is being
sent out.chcr_short_record_handler() sends it again even
though SND_UNA update is already sent for the skb in
chcr_ktls_xmit(), which causes mismatch in
From: Daniel Borkmann
[ Upstream commit 9601148392520e2e134936e76788fc2a6371e7be ]
We forbid adding unknown scalars with mixed signed bounds due to the
spectre v1 masking mitigation. Hence this also needs bypass_spec_v1
flag instead of allow_ptr_leaks.
Fixes: 2c78ee898d8f ("bpf: Implement
From: Peter Collingbourne
commit 185f2e5f51c2029efd9dd26cceb968a44fe053c6 upstream.
The inline asm's addr operand is marked as input-only, however in
the case where an exception is taken it may be modified by the BIC
instruction on the exception path. Fix the problem by using a temporary
From: Vinay Kumar Yadav
commit 1a73e427b824133940c2dd95ebe26b6dce1cbf10 upstream.
Taking page refcount is not ideal and causes kernel panic
sometimes. It's better to take tx_ctx lock for the complete
skb transmit, to avoid page cleanup if ACK received in middle.
Fixes: 5a4b9fe7fece
From: Yongxin Liu
commit debb9df311582c83fe369baa35fa4b92e8a9c58a upstream.
pci_disable_device() called in __ixgbe_shutdown() decreases
dev->enable_cnt by 1. pci_enable_device_mem() which increases
dev->enable_cnt by 1, was removed from ixgbe_resume() in commit
6f82b2558735 ("ixgbe: use generic
From: Pablo Neira Ayuso
commit 0e07e25b481aa021e4b48085ecb8a049e9614510 upstream.
Fix out-of-bound access in the address array.
Fixes: 5c27d8d76ce8 ("netfilter: nf_flow_table_offload: add IPv6 support")
Signed-off-by: Pablo Neira Ayuso
Signed-off-by: Greg Kroah-Hartman
---
From: Alexander Duyck
commit 31166efb1cee348eb6314e9c0095d84cbeb66b9d upstream.
The ixgbe driver currently generates a NULL pointer dereference when
performing the ethtool loopback test. This is due to the fact that there
isn't a q_vector associated with the test ring when it is setup as
From: Zack Rusin
commit ab4d9913632b1e5ffcf3365783e98718b3c83c7f upstream.
We were not correctly unpinning no longer needed buffers. In particular
vmw_buffer_object, which is internally often pinned on creation wasn't
unpinned on destruction and none of the internal MOB buffers were
unpinned
From: Kefeng Wang
commit 199fc6b8dee7d6d50467a57e0dc7e3e1b7d59966 upstream.
There is a spelling mistake when SPARSEMEM Kconfig copy.
Fixes: a5406a7ff56e ("riscv: Correct SPARSEMEM configuration")
Cc: sta...@vger.kernel.org
Signed-off-by: Kefeng Wang
Signed-off-by: Palmer Dabbelt
From: Jolly Shah
commit 176ddd89171ddcf661862d90c5d257877f7326d6 upstream.
When the cache_type for the SCSI device is changed, the SCSI layer issues a
MODE_SELECT command. The caching mode details are communicated via a
request buffer associated with the SCSI command with data direction set as
From: Lijun Pan
commit d3a6abccbd272aea7dc2c6f984bb5a2c11278e44 upstream.
During adapter reset, do_reset/do_hard_reset calls ibmvnic_open(),
which will calls napi_schedule if previous state is VNIC_CLOSED
(i.e, the reset case, and "ifconfig down" case). So there is no need
for do_reset to call
From: Vinay Kumar Yadav
commit bc16efd2430652f894ae34b1de5eccc3bf0d2810 upstream.
When sge queue is full and chcr_ktls_xmit_wr_complete()
returns failure, skb is not freed if it is not the last tls record in
this skb, causes refcount never gets freed and tls_dev_del()
never gets called on this
From: Lijun Pan
commit 7c451f3ef676c805a4b77a743a01a5c21a250a73 upstream.
Remove the unnecessary napi_schedule() call in __ibmvnic_open() since
interrupt_rx() calls napi_schedule_prep/__napi_schedule during every
receive interrupt.
Fixes: ed651a10875f ("ibmvnic: Updated reset handling")
From: Lijun Pan
commit 0775ebc4cf8554bdcd2c212669a0868ab68df5c0 upstream.
__ibmvnic_open calls napi_disable without checking whether NAPI polling
has already been disabled or not. This could cause napi_disable
being called twice, which could generate deadlock. For example,
the first
From: Randy Dunlap
commit 19d000d93303e05bd7b1326e3de9df05a41b25b5 upstream.
Fix ia64 generic_defconfig duplicate entries, as warned by:
arch/ia64/configs/generic_defconfig: warning: override: reassigning to symbol
ATA: => 58
arch/ia64/configs/generic_defconfig: warning: override:
From: John Paul Adrian Glaubitz
commit 17786fea414393813b56e33a1a01b2dfa03c0915 upstream.
There is no longer an ia64-specific version of the errno.h header below
arch/ia64/include/uapi/asm/, so trying to build tools/bpf fails with:
CC /usr/src/linux/tools/bpf/bpftool/btf_dumper.o
From: Jakub Kicinski
commit 16756d3e77ad58cd07e36cbed724aa13ae5a0278 upstream.
The intention was for pause statistics to not be reported
when driver does not have the relevant callback (only
report an empty netlink nest). What happens currently
we report all 0s instead. Make sure statistics are
From: Christian A. Ehrhardt
commit 909290786ea335366e21d7f1ed5812b90f2f0a92 upstream.
When mmaping an extra device region verify that the region index
derived from the mmap offset is valid.
Fixes: a15b1883fee1 ("vfio_pci: Allow mapping extra regions")
Cc: sta...@vger.kernel.org
Signed-off-by:
From: Jason Xing
commit 4e39a072a6a0fc422ba7da5e4336bdc295d70211 upstream.
Fix this panic by adding more rules to calculate the value of @rss_size_max
which could be used in allocating the queues when bpf is loaded, which,
however, could cause the failure and then trigger the NULL pointer of
From: Lijun Pan
commit ca09bf7bb109a37a7ff05f230bb3fa3627e6625f upstream.
It is more correct to use dev_kfree_skb_irq when packets are dropped,
and to use dev_consume_skb_irq when packets are consumed.
Fixes: 0d973388185d ("ibmvnic: Introduce xmit_more support using batched subCRQ
hcalls")
From: Jonathon Reinhart
commit 97684f0970f6e112926de631fdd98d9693c7e5c1 upstream.
Currently, tcp_allowed_congestion_control is global and writable;
writing to it in any net namespace will leak into all other net
namespaces.
tcp_available_congestion_control and tcp_allowed_congestion_control
From: Christophe Leroy
commit 458376913d86bed2fb781b4952eb6861675ef3be upstream.
READ_ONCE() cannot be used for reading PTEs. Use ptep_get() instead, to
avoid the following errors:
CC mm/ptdump.o
In file included from :
mm/ptdump.c: In function 'ptdump_pte_entry':
From: Hristo Venev
commit 610f8c0fc8d46e0933955ce13af3d64484a4630a upstream.
A sit interface created without a local or a remote address is linked
into the `sit_net::tunnels_wc` list of its original namespace. When
deleting a network namespace, delete the devices that have been moved.
The
From: Hristo Venev
commit 941ea91e87a6e879ed82dad4949f6234f2702bec upstream.
Similarly to the sit case, we need to remove the tunnels with no
addresses that have been moved to another network namespace.
Fixes: 0bd8762824e73 ("ip6tnl: add x-netns support")
Signed-off-by: Hristo Venev
From: Christophe JAILLET
commit 31457db3750c0b0ed229d836f2609fdb8a5b790e upstream.
When the probe fails, we must disable the regulator that was previously
enabled.
This patch is a follow-up to commit ac88c531a5b3
("net: davicom: Fix regulator not turned off on failed probe") which missed
one
From: Pali Rohár
commit 1fe976d308acb6374c899a4ee8025a0a016e453e upstream.
Since commit fee2d546414d ("net: phy: marvell: mv88e6390 temperature
sensor reading"), Linux reports the temperature of Topaz hwmon as
constant -75°C.
This is because switches from the Topaz family (88E6141 / 88E6341)
From: Aya Levin
commit 7a320c9db3e73fb6c4f9a331087df9df18767221 upstream.
Change register setting from bit number to bit mask.
Fixes: b5ede32d3329 ("net/mlx5e: Add support for FEC modes based on 50G per
lane links")
Signed-off-by: Aya Levin
Reviewed-by: Eran Ben Elisha
Signed-off-by: Saeed
On Mon, 19 Apr 2021 07:02:18 +1000, Alistair Francis wrote:
> Initial support for the Silergy SY7636A Power Management chip
> and regulator.
>
> Signed-off-by: Alistair Francis
> ---
> v5:
> - Improve the documentation
>
> .../bindings/mfd/silergy,sy7636a.yaml | 70 +++
From: Pablo Neira Ayuso
commit 4d8f9065830e526c83199186c5f56a6514f457d2 upstream.
memcpy() breaks when using connlimit in set elements. Use
nft_expr_clone() to initialize the connlimit expression list, otherwise
connlimit garbage collector crashes when walking on the list head copy.
[
From: Nathan Chancellor
commit 22315a2296f4c251fa92aec45fbbae37e9301b6c upstream.
After commit 2decad92f473 ("arm64: mte: Ensure TIF_MTE_ASYNC_FAULT is
set atomically"), LLVM's integrated assembler fails to build entry.S:
:5:7: error: expected assembly-time absolute expression
.org . -
From: Eric Dumazet
commit b895bdf5d643b6feb7c60856326dd4feb6981560 upstream.
div_u64() divides u64 by u32.
nft_limit_init() wants to divide u64 by u64, use the appropriate
math function (div64_u64)
divide error: [#1] PREEMPT SMP KASAN
CPU: 1 PID: 8390 Comm: syz-executor188 Not tainted
From: Ciara Loftus
commit afd0be7299533bb2e2b09104399d8a467ecbd2c5 upstream.
Wait until after the UMEM is checked for null to dereference it.
Fixes: 43f1bc1efff1 ("libbpf: Restore umem state after socket create failure")
Signed-off-by: Ciara Loftus
Signed-off-by: Daniel Borkmann
Link:
From: Florian Westphal
commit d163a925ebbc6eb5b562b0f1d72c7e817aa75c40 upstream.
Same problem that also existed in iptables/ip(6)tables, when
arptable_filter is removed there is no longer a wait period before the
table/ruleset is free'd.
Unregister the hook in pre_exit, then remove the table
From: Florian Westphal
commit 7ee3c61dcd28bf6e290e06ad382f13511dc790e9 upstream.
Just like ip/ip6/arptables, the hooks have to be removed, then
synchronize_rcu() has to be called to make sure no more packets are being
processed before the ruleset data is released.
Place the hook unregistration
From: wenxu
commit e3e0f9b279705154b951d579dc3d8b7041710e24 upstream.
In the nft_offload there is the mate flow_dissector with no
ingress_ifindex but with ingress_iftype that only be used
in the software. So if the mask of ingress_ifindex in meta is
0, this meta check should be bypass.
Fixes:
From: Hans de Goede
commit aee6f25e9c911323aa89a200e1bb160c1613ed3d upstream.
After the recently added commit fe0f1e3bfdfe ("drm/i915: Shut down
displays gracefully on reboot"), the DSI panel on a Cherry Trail based
Predia Basic tablet would no longer properly light up after reboot.
I've
From: Claudiu Beznea
commit a714e27ea8bdee2b238748029d31472d0a65b611 upstream.
Commit a14d273ba159 ("net: macb: restore cmp registers on resume path")
introduces the restore of CMP registers on resume path. In case the IP
doesn't support type 2 screeners (zero on DCFG8 register) the
struct
From: Colin Ian King
commit ef963ae427aa4669905e0a96b3bd9d44dc85db32 upstream.
A for-loop is using a u8 loop counter that is being compared to
a u32 cmp_dcbcfg->numapp to check for the end of the loop. If
cmp_dcbcfg->numapp is larger than 255 then the counter j will wrap
around to zero and
From: Ryan Lee
[ Upstream commit a23f9099ff1541f15704e96b784d3846d2a4483d ]
0x20FF(amp global enable) register was defined as non-volatile,
but it is not. Overheating, overcurrent can cause amp shutdown
in hardware.
'regmap_write' compare register readback value before writing
to avoid same
From: Vaibhav Jain
commit a2948b17f6b936fc52f86c0f92c46d2f91928b79 upstream.
In case a platform doesn't provide explicit flush-hints but provides an
explicit flush callback via ND_REGION_ASYNC region flag, then
nvdimm_has_flush() still returns '0' indicating that writes do not
require flushing.
From: Catalin Marinas
commit 2decad92f4731fac9755a083fcfefa66edb7d67d upstream.
The entry from EL0 code checks the TFSRE0_EL1 register for any
asynchronous tag check faults in user space and sets the
TIF_MTE_ASYNC_FAULT flag. This is not done atomically, potentially
racing with another CPU
From: Pablo Neira Ayuso
commit fbea31808ca124dd73ff6bb1e67c9af4607c3e32 upstream.
/proc/net/nf_conntrack shows icmpv6 as unknown.
Fixes: 09ec82f5af99 ("netfilter: conntrack: remove protocol name from l4proto
struct")
Signed-off-by: Pablo Neira Ayuso
Signed-off-by: Greg Kroah-Hartman
---
From: Arnd Bergmann
[ Upstream commit 28399a5a6d569c9bdb612345e4933046ca37cde5 ]
The clang integrated assembler fails to build one file with
a complex asm instruction:
arch/arm/mach-omap1/ams-delta-fiq-handler.S:249:2: error: invalid instruction,
any one of the following would fix this:
mov
From: Rob Clark
[ Upstream commit 9fbd3088351b92e8c2cef6e37a39decb12a8d5bb ]
They were reading a counter that was configured to ALWAYS_COUNT (ie.
cycles that the GPU is doing something) rather than ALWAYS_ON. This
isn't the thing that userspace is looking for.
Signed-off-by: Rob Clark
From: Arnd Bergmann
[ Upstream commit 844b85dda2f569943e1e018fdd63b6f7d1d6f08e ]
clang warns about an impossible condition when building with 32-bit
phys_addr_t:
arch/arm/mach-keystone/keystone.c:79:16: error: result of comparison of
constant 51539607551 with expression of type 'phys_addr_t'
From: Tong Zhu
[ Upstream commit d47ec7a0a7271dda08932d6208e4ab65ab0c987c ]
After a short network outage, the dst_entry is timed out and put
in DST_OBSOLETE_DEAD. We are in this code because arp reply comes
from this neighbour after network recovers. There is a potential
race condition that
From: Christophe Leroy
[ Upstream commit acca57217c688c5bbbd5140974533d81e8757cc9 ]
PPC32 encounters a KUAP fault when trying to handle a signal with
VDSO unmapped.
Kernel attempted to read user page (7fc07ec0) - exploit attempt? (uid:
0)
BUG: Unable to handle kernel data
From: Jiri Olsa
[ Upstream commit 861de02e5f3f2a104eecc5af1d248cb7bf8c5f75 ]
Currently module can be unloaded even if there's a trampoline
register in it. It's easily reproduced by running in parallel:
# while :; do ./test_progs -t module_attach; done
# while :; do rmmod bpf_testmod; sleep
From: Ville Syrjälä
commit bf52dc49ba0101f648b4c3ea26b812061406b0d4 upstream.
Don't zero out the watermarks for the Y plane since we've already
computed them when computing the UV plane's watermarks (since the
UV plane always appears before ethe Y plane when iterating through
the planes).
This
From: Linus Torvalds
commit 0c93ac69407d63a85be0129aa55ffaec27ffebd3 upstream.
This does the directory entry name verification for the legacy
"fillonedir" (and compat) interface that goes all the way back to the
dark ages before we had a proper dirent, and the readdir() system call
returned
From: Arnd Bergmann
commit daa58c8eec0a65ac8e2e77ff3ea8a233d8eec954 upstream.
The Zenbook Flip entry that was added overwrites a previous one
because of a typo:
In file included from drivers/input/serio/i8042.h:23,
from drivers/input/serio/i8042.c:131:
From: Jaegeuk Kim
commit 8ca7cab82bda4eb0b8064befeeeaa38106cac637 upstream.
commit df7b59ba9245 ("dm verity: fix FEC for RS roots unaligned to
block size") introduced the possibility for misaligned roots IO
relative to the underlying device's logical block size. E.g. Android's
default RS
From: Ping Cheng
commit 276559d8d02c2709281578976ca2f53bc62063d4 upstream.
Valid HID_GENERIC type of devices set EV_KEY and EV_ABS by wacom_map_usage.
When *_input_capabilities are reached, those devices should already have
their proper EV_* set. EV_KEY and EV_ABS only need to be set for
From: Caleb Connolly
commit 30b3f68715595dee7fe4d9bd91a2252c3becdf0a upstream.
The touch coordinate register contains the following:
byte 3 byte 2 byte 1
+++ +-+ +-+
||| | | |
From: Xin Long
[ Upstream commit 68dc022d04eb0fd60a540e242dcb11ec1bee07e2 ]
BEET mode replaces the IP(6) Headers with new IP(6) Headers when sending
packets. However, when it's a fragment before the replacement, currently
kernel keeps the fragment flag and replace the address field then encaps
From: Hauke Mehrtens
[ Upstream commit 2fb164f0ce95e504e2688b4f984893c29ebd19ab ]
This fixes NAND_OP_WAITRDY_INSTR operation in the driver. Without this
change the driver waits till the system is busy, but we should wait till
the busy flag is cleared. The readl_poll_timeout() function gets a
From: Fabian Vogt
[ Upstream commit 69d5ff3e9e51e23d5d81bf48480aa5671be67a71 ]
The driver registers an interrupt handler in _probe, but didn't configure
them until later when the _open function is called. In between, the keypad
can fire an IRQ due to touchpad activity, which the handler
From: Julian Braha
[ Upstream commit 7d37cb2c912dc5c25ffac784a4f9b98c06c6bd08 ]
When LATENCYTOP, LOCKDEP, or FAULT_INJECTION_STACKTRACE_FILTER is
enabled and ARCH_WANT_FRAME_POINTERS is disabled, Kbuild gives a warning
such as:
WARNING: unmet direct dependencies detected for FRAME_POINTER
From: Tetsuo Handa
[ Upstream commit 3a85969e9d912d5dd85362ee37b5f81266e00e77 ]
Since this message is printed when dynamically allocated spinlocks (e.g.
kzalloc()) are used without initialization (e.g. spin_lock_init()),
suggest to developers to check whether initialization functions for
From: Or Cohen
commit b166a20b07382b8bc1dcee2a448715c9c2c81b5b upstream.
If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock
held and sp->do_auto_asconf is true, then an element is removed
from the auto_asconf_splist without any proper locking.
This can happen in the
From: Lv Yunlong
[ Upstream commit 52762efa2b256ed1c5274e5177cbd52ee11a2f6a ]
In function displback_changed, has the call chain
displback_connect(front_info)->xen_drm_drv_init(front_info).
We can see that drm_info is assigned to front_info->drm_info
and drm_info is freed in fail branch in
From: Seevalamuthu Mariappan
[ Upstream commit dd0b45538146cb6a54d6da7663b8c3afd16ebcfd ]
In some race conditions, with more clients and traffic configuration,
below crash is seen when making the interface down. sta->fast_rx wasn't
cleared when STA gets removed from 4-addr AP_VLAN interface.
From: A. Cody Schuffelen
[ Upstream commit b57aa17f07c9270e576ef7df09f142978b5a75f0 ]
cfg80211_inform_bss expects to receive a TSF value, but is given the
time since boot in nanoseconds. TSF values are expected to be at
microsecond scale rather than nanosecond scale.
Signed-off-by: A. Cody
From: Qingqing Zhuo
[ Upstream commit df7232c4c676be29f1cf45058ec156c1183539ff ]
[Why]
DCN3 is not reusing DCN1 mask_sh_list, causing
SURFACE_FLIP_INT_MASK missing in the mapping.
[How]
Add the corresponding entry to DCN3 list.
Signed-off-by: Qingqing Zhuo
Reviewed-by: Nicholas Kazlauskas
From: Zheng Yongjun
[ Upstream commit a79ace4b312953c5835fafb12adc3cb6878b26bd ]
These patches fix a series of spelling errors in net/tipc module.
Reported-by: Hulk Robot
Signed-off-by: Zheng Yongjun
Signed-off-by: David S. Miller
Signed-off-by: Sasha Levin
---
net/tipc/bearer.h | 6
From: Aditya Pakki
[ Upstream commit 0c85a7e87465f2d4cbc768e245f4f45b2f299b05 ]
In case of rs failure in rds_send_remove_from_sock(), the 'rm' resource
is freed and later under spinlock, causing potential use-after-free.
Set the free pointer to NULL to avoid undefined behavior.
Signed-off-by:
From: Guenter Roeck
[ Upstream commit 66c3f05ddc538ee796321210c906b6ae6fc0792a ]
pci_resource_start() is not a good indicator to determine if a PCI
resource exists or not, since the resource may start at address 0.
This is seen when trying to instantiate the driver in qemu for riscv32
or
From: Alexander Aring
[ Upstream commit 9ec87e322428d4734ac647d1a8e507434086993d ]
This patch forbids to add llsec seclevel for monitor interfaces which we
don't support yet. Otherwise we will access llsec mib which isn't
initialized for monitors.
Signed-off-by: Alexander Aring
Link:
From: Wang Qing
[ Upstream commit 46e152186cd89d940b26726fff11eb3f4935b45a ]
The copy_to_user() function returns the number of bytes remaining to be
copied, but we want to return -EFAULT if the copy doesn't complete.
Signed-off-by: Wang Qing
Signed-off-by: Vineet Gupta
Signed-off-by: Sasha
From: Alexander Aring
[ Upstream commit a347b3b394868fef15b16f143719df56184be81d ]
This patch forbids to add llsec devkey for monitor interfaces which we
don't support yet. Otherwise we will access llsec mib which isn't
initialized for monitors.
Signed-off-by: Alexander Aring
Link:
From: Daniel Mack
[ Upstream commit de9c7854e6e1589f639c6352112956d08243b659 ]
In setups with fixed-link settings there is no mdio node in DTS.
axienet_probe() already handles that gracefully but lp->mii_bus is
then NULL.
Fix code that tries to blindly grab the MDIO lock by introducing two
From: Alexander Aring
[ Upstream commit 4c9b4f55ad1f5a4b6206ac4ea58f273126d21925 ]
This patch stops dumping llsec seclevels for monitors which we don't
support yet. Otherwise we will access llsec mib which isn't initialized
for monitors.
Signed-off-by: Alexander Aring
Link:
From: Alexander Aring
[ Upstream commit ad8f9de1f3566686af35b1c6b43240726541da61 ]
This patch forbids to del llsec dev for monitor interfaces which we
don't support yet. Otherwise we will access llsec mib which isn't
initialized for monitors.
Signed-off-by: Alexander Aring
Link:
From: Alexander Aring
[ Upstream commit 6fb8045319ef172dc88a8142e7f8b58c7608137e ]
This patch forbids to del llsec devkey for monitor interfaces which we
don't support yet. Otherwise we will access llsec mib which isn't
initialized for monitors.
Signed-off-by: Alexander Aring
Link:
From: Alexander Aring
[ Upstream commit 080d1a57a94d93e70f84b7a360baa351388c574f ]
This patch stops dumping llsec devkeys for monitors which we don't support
yet. Otherwise we will access llsec mib which isn't initialized for
monitors.
Signed-off-by: Alexander Aring
Link:
From: Alexander Aring
[ Upstream commit 5303f956b05a2886ff42890908156afaec0f95ac ]
This patch forbids to add llsec dev for monitor interfaces which we
don't support yet. Otherwise we will access llsec mib which isn't
initialized for monitors.
Signed-off-by: Alexander Aring
Link:
From: Alexander Aring
[ Upstream commit 08470c5453339369bd3d590c4cbb0b5961cdcbb6 ]
This patch forbids to add llsec key for monitor interfaces which we
don't support yet. Otherwise we will access llsec mib which isn't
initialized for monitors.
Signed-off-by: Alexander Aring
Link:
From: Alexander Aring
[ Upstream commit 5582d641e6740839c9b83efd1fbf9bcd00b6f5fc ]
This patch stops dumping llsec devs for monitors which we don't support
yet. Otherwise we will access llsec mib which isn't initialized for
monitors.
Signed-off-by: Alexander Aring
Link:
From: Alexander Aring
[ Upstream commit b6e2949544a183f590ae6f3ef2d12c44e38a ]
This patch forbids to del llsec key for monitor interfaces which we
don't support yet. Otherwise we will access llsec mib which isn't
initialized for monitors.
Signed-off-by: Alexander Aring
Link:
901 - 1000 of 1444 matches
Mail list logo
