From: Bob Peterson
[ Upstream commit 4ed0c30811cb4d30ef89850b787a53a84d5d2bcb ]
Before this patch, function gfs2_quota_lock checked if it was called
from a privileged user, and if so, it bypassed the quota check:
superuser can operate outside the quotas.
That's the wrong place for the check beca
From: Christophe JAILLET
[ Upstream commit f058764d19000d98aef72010468db1f69faf9fa0 ]
A call to 'regulator_get()' is hidden in 'twl6030_usb_ldo_init()'. A
corresponding put must be performed in the error handling path, as
already done in the remove function.
While at it, also move a 'free_irq()
From: Stephen Warren
[ Upstream commit 0cf253eed5d2bdf7bb3152457b38f39b012955f7 ]
The driver currently leaves GPIO IRQs unmasked even when the GPIO IRQ
client has released the GPIO IRQ. This allows the HW to raise IRQs, and
SW to process them, after shutdown. Fix this by masking the IRQ when it'
From: Evan Quan
[ Upstream commit f4fcfa4282c1a1bf51475ebb0ffda623eebf1191 ]
Since gfxoff should be disabled first before trying to access those
GC registers.
Signed-off-by: Evan Quan
Reviewed-by: Alex Deucher
Signed-off-by: Alex Deucher
Signed-off-by: Sasha Levin
---
drivers/gpu/drm/amd/p
From: Felix Kuehling
[ Upstream commit 39b3128d7ffd44e400e581e6f49e88cb42bef9a1 ]
Releasing the AMDGPU BO ref directly leads to problems when BOs were
exported as DMA bufs. Releasing the GEM reference makes sure that the
AMDGPU/TTM BO is not freed too early.
Also take a GEM reference when impor
From: Johan Jonker
[ Upstream commit 855bdca1781c79eb661f89c8944c4a719ce720e8 ]
A test with the command below gives these errors:
arch/arm/boot/dts/rk3229-evb.dt.yaml: spi-0:
'#address-cells' is a required property
arch/arm/boot/dts/rk3229-evb.dt.yaml: spi-1:
'#address-cells' is a required prop
From: Denis V. Lunev
[ Upstream commit 856ec7f64688387b100b7083cdf480ce3ac41227 ]
Local variable netdev is not used in these calls.
It should be noted, that this change is required to work in bonded mode.
Otherwise we would get the following assert:
"RTNL: assertion failed at net/core/dev.c (
From: Leo (Hanghong) Ma
[ Upstream commit 650e723cecf2738dee828564396f3239829aba83 ]
[Why]
For MST case: when update_config is called to disable a stream,
this clears the settings for all the streams on that link.
We should only clear the settings for the stream that was disabled.
[How]
Clear t
From: Chuhong Yuan
[ Upstream commit ff8ce319e9c25e920d994cc35236f0bb32dfc8f3 ]
This driver calls kthread_run() in probe, but forgets to call
kthread_stop() in probe failure and remove.
Add the missed kthread_stop() to fix it.
Signed-off-by: Chuhong Yuan
Signed-off-by: David S. Miller
Signed-
From: John Stultz
[ Upstream commit 4bb9d46d47b105a774f9dca642f5271375bca4b2 ]
When I added the expected error testing, I forgot I need to set
the return to zero when we successfully see an error.
Without this change we only end up testing a single heap
before the test quits.
Cc: Shuah Khan
C
From: Grygorii Strashko
[ Upstream commit 4c64b83d03f4aafcdf710caad994cbc855802e74 ]
vlan_for_each() are required to be called with rtnl_lock taken, otherwise
ASSERT_RTNL() warning will be triggered - which happens now during System
resume from suspend:
cpsw_suspend()
|- cpsw_ndo_stop()
From: Johan Jonker
[ Upstream commit b14f3898d2c25a9b47a61fb879d0b1f3af92c59b ]
Dts files with Rockchip 'gpu' nodes were manually verified.
In order to automate this process arm,mali-utgard.txt
has been converted to yaml. In the new setup dtbs_check with
arm,mali-utgard.yaml expects clock-names
From: Masahiro Yamada
[ Upstream commit d13cce757954fa663c69845611957396843ed87a ]
Fix the following cppcheck warnings:
drivers/usb/gadget/legacy/inode.c:1364:8: style: Redundant initialization for
'value'. The initialized value is overwritten$
value = -EOPNOTSUPP;
^
drivers/usb/gadget
From: Tang Bin
commit a7654211d0ffeaa8eb0545ea00f8445242cbce05 upstream.
In the function devm_platform_ioremap_resource(), if get resource
failed, the return value is ERR_PTR() not NULL. Thus it must be
replaced by IS_ERR(), or else it may result in crashes if a critical
error path is encountere
From: Arnd Bergmann
[ Upstream commit 99352c79af3e5f2e4724abf37fa5a2a3299b1c81 ]
I ran into a randconfig build failure with CONFIG_FIXED_PHY=m
and CONFIG_GIANFAR=y:
x86_64-linux-ld: drivers/net/ethernet/freescale/gianfar.o:(.rodata+0x418):
undefined reference to `fixed_phy_change_carrier'
It
This is the start of the stable review cycle for the 5.6.16 release.
There are 177 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Wed, 03 Jun 2020 17:38:19 +.
Anything rec
From: Russell King
[ Upstream commit 747ffc2fcf969eff9309d7f2d1d61cb8b9e1bb40 ]
Consolidate the user access assembly code to asm/uaccess-asm.h. This
moves the csdb, check_uaccess, uaccess_mask_range_ptr, uaccess_enable,
uaccess_disable, uaccess_save, uaccess_restore macros, and creates two
new
From: Dennis YC Hsieh
[ Upstream commit 34c4e4072603ff5c174df73b973896abb76cbb51 ]
Return error code to client if send message fail,
so that client has chance to error handling.
Fixes: 576f1b4bc802 ("soc: mediatek: Add Mediatek CMDQ helper")
Signed-off-by: Dennis YC Hsieh
Reviewed-by: CK Hu
L
From: Johan Jonker
[ Upstream commit 621c8d0c233e260232278a4cfd3380caa3c1da29 ]
A test with the command below gives for example this error:
arch/arm/boot/dts/rk3229-xms6.dt.yaml: phy@0:
'#phy-cells' is a required property
The phy nodename is normally used by a phy-handle.
This node is however
From: Vladimir Oltean
commit bf655ba212dfd10d1c86afeee3f3372dbd731d46 upstream.
ocelot_set_ageing_time has 2 callers:
- felix_set_ageing_time: from drivers/net/dsa/ocelot/felix.c
- ocelot_port_attr_ageing_set: from drivers/net/ethernet/mscc/ocelot.c
The issue described in the fixed commit bel
From: Johan Jonker
[ Upstream commit c617ed88502d0b05149e7f32f3b3fd8a0663f7e2 ]
The status was removed of the '&gmac2phy' node with the apply
of a patch long time ago, so fix status for '&gmac2phy'
in 'rk3328-evb.dts'.
Signed-off-by: Johan Jonker
Link: https://lore.kernel.org/r/20200425122345.
From: Liu Yibin
[ Upstream commit 6633a5aa8eb6bda70eb3a9837efd28a67ccc6e0a ]
Interrupt has been disabled in __schedule() with local_irq_disable()
and enabled in finish_task_switch->finish_lock_switch() with
local_irq_enabled(), So needn't to disable irq here.
Signed-off-by: Liu Yibin
Signed-of
From: Mao Han
[ Upstream commit 229a0ddee1108a3f82a873e6cbbe35c92c540444 ]
[ 5221.974084] Unable to handle kernel paging request at virtual address
0xf000, pc: 0x8002c18e
[ 5221.985929] Oops:
[ 5221.989488]
[ 5221.989488] CURRENT PROCESS:
[ 5221.989488]
[ 5221.992877] COMM=ca
From: Kefeng Wang
[ Upstream commit ab7fbad0c7d7a4f9b320a059a171a92a34b6d409 ]
Fix unmet direct dependencies Warning and fix Kconfig indent.
WARNING: unmet direct dependencies detected for POWER_RESET_SYSCON
Depends on [n]: POWER_RESET [=n] && OF [=y] && HAS_IOMEM [=y]
Selected by [y]:
-
From: Bernard Zhao
[ Upstream commit c54a8f1f329197d83d941ad84c4aa38bf282cbbd ]
pm_resump api did not handle drm_mode_config_helper_resume error.
This change add handle to return drm_mode_config_helper_resume`s
error number. This code logic is aligned with api pm_suspend.
After this change, the
From: Paul Cercueil
[ Upstream commit a53bcc19876498bdd3b4ef796c787295dcc498b4 ]
The code was comparing the SoC's maximum height with the mode's width,
and vice-versa. D'oh.
Cc: sta...@vger.kernel.org # v5.6
Fixes: a7c909b7c037 ("gpu/drm: ingenic: Check for display size in CRTC atomic
check")
From: Johan Jonker
[ Upstream commit 287e0d538fcec2f6e8eb1e565bf0749f3b90186d ]
A test with the command below gives for example this error:
arch/arm/boot/dts/rk3228-evb.dt.yaml: phy@0:
'#phy-cells' is a required property
The phy nodename is normally used by a phy-handle.
This node is however c
From: Srinivas Kandagatla
[ Upstream commit 7710f80ecd9c74544a22557ab581cf603e713f51 ]
After patch f864edff110d ("ASoC: qdsp6: q6routing: remove default routing")
and 9b60441692d9 ("ASoC: qdsp6: q6asm-dai: only enable dais from device tree")
asm dais and routing needs to be properly specified at
From: Kefeng Wang
[ Upstream commit 9a6630aef93394ac54494c7e273e9bc026509375 ]
riscv64-none-linux-gnu-ld: mm/page_alloc.o: in function `.L0 ':
page_alloc.c:(.text+0xd34): undefined reference to `__kernel_map_pages'
riscv64-none-linux-gnu-ld: page_alloc.c:(.text+0x104a): undefined reference to
`
From: Kefeng Wang
[ Upstream commit fa8174aa225fe3d53b37552e5066e6f0301dbabd ]
Some drivers use PAGE_SHARED, pgprot_writecombine()/pgprot_device(),
add the defination to fix build error if NOMMU.
Reported-by: Hulk Robot
Signed-off-by: Kefeng Wang
Signed-off-by: Palmer Dabbelt
Signed-off-by:
From: Takashi Iwai
[ Upstream commit 333830aa149a87cabeb5d30fbcf12eecc8040d2c ]
The commit 7ecced0934e5 ("gpio: exar: add a check for the return value
of ida_simple_get fails") added a goto jump to the common error
handler for ida_simple_get() error, but this is wrong in two ways:
it doesn't set
From: Kefeng Wang
[ Upstream commit 0502bee37cdef755d63eee60236562e5605e2480 ]
Drop static declaration to fix following build error if FRAME_POINTER disabled,
riscv64-linux-ld: arch/riscv/kernel/perf_callchain.o: in function `.L0':
perf_callchain.c:(.text+0x2b8): undefined reference to `walk
From: Liu Yibin
[ Upstream commit 165f2d2858013253042809df082b8df7e34e86d7 ]
Just as comment mentioned, the msa format:
cr<30/31, 15> MSA register format:
31 - 29 | 28 - 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0
BA Reserved SH WA B SO SEC C D V
So we should shift 29 bits not 28
From: Hamish Martin
[ Upstream commit be0ec060b54f0481fb95d59086c1484a949c903c ]
These error messages are output when booting on a BCM HR2 system:
GIC: PPI11 is secure or misconfigured
GIC: PPI13 is secure or misconfigured
Per ARM documentation these interrupts are triggered on a rising
From: Lubomir Rintel
[ Upstream commit 24cf6eef79a7e85cfd2ef9dea52f769c9192fc6e ]
"usb-nop-xceiv" is good enough if we don't lose the configuration done
by the firmware, but we'd really prefer a real driver.
Unfortunately, the PHY core is odd in that when the node is compatible
with "usb-nop-xc
From: Kailang Yang
[ Upstream commit 630e36126e420e1756378b3427b42711ce0b9ddd ]
Enable new codec supported for ALC287.
Signed-off-by: Kailang Yang
Cc:
Link: https://lore.kernel.org/r/dcf5ce5507104d0589a917cbb71dc...@realtek.com
Signed-off-by: Takashi Iwai
Signed-off-by: Sasha Levin
---
sou
From: Takashi Iwai
[ Upstream commit 399c01aa49e548c82d40f8161915a5941dd3c60e ]
We fixed the regression of the speaker volume for some Thinkpad models
(e.g. T570) by the commit 54947cd64c1b ("ALSA: hda/realtek - Fix
speaker output regression on Thinkpad T570"). Essentially it fixes
the DAC / pi
From: Lubomir Rintel
[ Upstream commit ec7d12faf81de983efce8ff23f41c5d1bff14c41 ]
Clocks are in fact slightly different on MMP3. In particular, PLL2 is
fixed to a different frequency, there's an extra PLL3, and the GPU
clocks are configured differently.
Link: https://lore.kernel.org/r/202004191
From: Tiezhu Yang
[ Upstream commit 558ab2e8155e5f42ca0a6407957cd4173dc166cc ]
When call function devm_platform_ioremap_resource(), we should use IS_ERR()
to check the return value and return PTR_ERR() if failed.
Fixes: 542c25b7a209 ("drivers: gpio: pxa: use devm_platform_ioremap_resource()")
S
From: Lubomir Rintel
[ Upstream commit 233cbffaa0b9ca874731efee67a11f005da1f87c ]
I've managed to get about everything wrong while digging these out of
OEM's board file.
Correct the bus numbers, the exact model of the NOR flash, polarity of
the chip selects and align the SPI frequency with the
From: Jerry Lee
[ Upstream commit 890bd0f8997ae6ac0a367dd5146154a3963306dd ]
OSD client should ignore cache/overlay flag if got redirect reply.
Otherwise, the client hangs when the cache tier is in forward mode.
[ idryomov: Redirects are effectively deprecated and no longer
used or tested. T
From: Chris Chiu
[ Upstream commit 4020d1ccbe55bdf67b31d718d2400506eaf4b43f ]
The Asus USB DAC is a USB type-C audio dongle for connecting to
the headset and headphone. The volume minimum value -23040 which
is 0xa600 in hexadecimal with the resolution value 1 indicates
this should be endianness
From: Peng Hao
[ Upstream commit 202500d21654874aa03243e91f96de153ec61860 ]
The data structure member “rpmb->md” was passed to a call of the function
“mmc_blk_put” after a call of the function “put_device”. Reorder these
function calls to keep the data accesses consistent.
Fixes: 1c87f7357849 (
From: Changming Liu
[ Upstream commit fb8cd6481ffd126f35e9e146a0dcf0c4e8899f2e ]
The "info.index" variable can be 31 in "1 << info.index".
This might trigger an undefined behavior since 1 is signed.
Fix this by casting 1 to 1u just to be sure "1u << 31" is defined.
Signed-off-by: Changming Liu
From: Evan Green
[ Upstream commit d5a5e5b5fa7b86c05bf073acc0ba98fa280174ec ]
Fix a use-after-free noticed by running with KASAN enabled. If
rmi_irq_fn() is run twice in a row, then rmi_f11_attention() (among
others) will end up reading from drvdata->attn_data.data, which was
freed and left dang
From: Anthony Koo
[ Upstream commit bbf5f6c3f83bedd71006473849138a446ad4d9a3 ]
[Why]
Eventually want to lock at a higher level in stack.
To do this, we need to be able to isolate the parts that need to be done
after pipe unlock.
[How]
Split out programming that is done post unlock.
Signed-off-
From: Łukasz Patron
[ Upstream commit 764f7f911bf72450c51eb74cbb262ad9933741d8 ]
Sending [ 0x05, 0x20, 0x00, 0x0f, 0x06 ] packet for Xbox One S controllers
fixes an issue where controller is stuck in Bluetooth mode and not sending
any inputs.
Signed-off-by: Łukasz Patron
Reviewed-by: Cameron G
From: Christophe JAILLET
[ Upstream commit 38347374ae3f1ec4df56dd688bd603a64e79a0ed ]
According to the file name and Kconfig, a 'k' is missing in this driver
name. It should be "dlink-dir685-touchkeys".
Fixes: 131b3de7016b ("Input: add D-Link DIR-685 touchkeys driver")
Signed-off-by: Christophe
From: Simon Ser
[ Upstream commit f7d5991b92ff824798693ddf231cf814c9d5a88b ]
get_cursor_position already handles the case where the cursor has
negative off-screen coordinates by not setting
dc_cursor_position.enabled.
Signed-off-by: Simon Ser
Fixes: 626bf90fe03f ("drm/amd/display: add basic at
From: Linus Walleij
[ Upstream commit e9bdf7e655b9ee81ee912fae1d59df48ce7311b6 ]
We provided the right semantics on open drain lines being
by definition output but incidentally the irq set up function
would only allow IRQs on lines that were "not output".
Fix the semantics to allow output open
From: Madhuparna Bhowmik
[ Upstream commit 95f59bf88bb75281cc626e283ecefdd5d5641427 ]
This patch fixes the following warning:
=
WARNING: suspicious RCU usage
5.7.0-rc5-next-20200514-syzkaller #0 Not tainted
-
drivers/net/hamradio/bpqether.c
From: Sabrina Dubroca
commit 9f0cadc32d738f0f0c8e30be83be7087c7b85ee5 upstream.
When ESP encapsulation is enabled on a TCP socket, I'm replacing the
existing ->sk_destruct callback with espintcp_destruct. We still need to
call the old callback to perform the other cleanups when the socket is
des
From: Al Viro
commit 9e4636545933131de15e1ecd06733538ae939b2f upstream.
copy the corresponding pieces of init_fpstate into the gaps instead.
Cc: sta...@kernel.org
Tested-by: Alexander Potapenko
Acked-by: Borislav Petkov
Signed-off-by: Al Viro
Signed-off-by: Greg Kroah-Hartman
---
arch/x86
From: Xin Long
commit afcaf61be9d1dbdee5ec186d1dcc67b6b692180f upstream.
For beet mode, when it's ipv6 inner address with nexthdrs set,
the packet format might be:
| outer | | dest | | | ESP| ESP |
| IP hdr | ES
From: Johannes Berg
commit 0bbab5f0301587cad4e923ccc49bb910db86162c upstream.
Removing the "if (IS_ERR(dir)) dir = NULL;" check only works
if we adjust the remaining code to not rely on it being NULL.
Check IS_ERR_OR_NULL() before attempting to dereference it.
I'm not actually entirely sure thi
From: Linus Lüssing
commit e2d4a80f93fcfaf72e2e20daf6a28e39c3b90677 upstream.
On a non-forwarding 802.11s link between two fairly busy
neighboring nodes (iperf with -P 16 at ~850MBit/s TCP;
1733.3 MBit/s VHT-MCS 9 80MHz short GI VHT-NSS 4), so with
frequent PREQ retries, usually after around 30-
From: Xin Long
commit a204aef9fd77dce1efd9066ca4e44eede99cd858 upstream.
An use-after-free crash can be triggered when sending big packets over
vxlan over esp with esp offload enabled:
[] BUG: KASAN: use-after-free in ipv6_gso_pull_exthdrs.part.8+0x32c/0x4e0
[] Call Trace:
[] dump_stack+
From: Qiushi Wu
[ Upstream commit 7cc31613734c4870ae32f5265d576ef296621343 ]
kobject_init_and_add() takes reference even when it fails.
Thus, when kobject_init_and_add() returns an error,
kobject_put() must be called to properly clean up the kobject.
Fixes: d72e31c93746 ("iommu: IOMMU Groups")
From: Xin Long
commit db87668ad1e4917cfe04e217307ba6ed9390716e upstream.
This xfrm_state_put call in esp4/6_gro_receive() will cause
double put for state, as in out_reset path secpath_reset()
will put all states set in skb sec_path.
So fix it by simply remove the xfrm_state_put call.
Fixes: 6e
From: Xin Long
commit f6a23d85d078c2ffde79c66ca81d0a1dde451649 upstream.
This patch is to fix a crash:
[ ] kasan: GPF could be caused by NULL-ptr deref or user memory access
[ ] general protection fault: [#1] SMP KASAN PTI
[ ] RIP: 0010:ipv6_local_error+0xac/0x7a0
[ ] Call Trace:
From: Phil Sutter
commit a164b95ad6055c50612795882f35e0efda1f1390 upstream.
If IPSET_FLAG_SKIP_SUBCOUNTER_UPDATE is set, user requested to not
update counters in sub sets. Therefore IPSET_FLAG_SKIP_COUNTER_UPDATE
must be set, not unset.
Fixes: 6e01781d1c80e ("netfilter: ipset: set match: add su
From: Eric Dumazet
commit a4976a3ef844c510ae9120290b23e9f3f47d6bce upstream.
TCP tp->lsndtime unit/base is tcp_jiffies32, not tcp_time_stamp()
Fixes: 36bedb3f2e5b ("crypto: chtls - Inline TLS record Tx")
Signed-off-by: Eric Dumazet
Cc: Ayush Sawal
Cc: Vinay Kumar Yadav
Signed-off-by: David S
From: Aric Cyr
[ Upstream commit 4e5183200d9b66695c754ef214933402056e7b95 ]
[Why]
If VUPDATE_END is before VUPDATE_START the delay calculated can become
very large, causing a soft hang.
[How]
Take the absolute value of the difference between START and END.
Signed-off-by: Aric Cyr
Reviewed-by:
From: Valentine Fatiev
[ Upstream commit 1acba6a817852d4aa7916d5c4f2c82f702ee9224 ]
When connected mode is set, and we have connected and datagram traffic in
parallel, ipoib might crash with double free of datagram skb.
The current mechanism assumes that the order in the completion queue is
the
From: Michael Braun
commit e9c284ec4b41c827f4369973d2792992849e4fa5 upstream.
Currently, using the bridge reject target with tagged packets
results in untagged packets being sent back.
Fix this by mirroring the vlan id as well.
Fixes: 85f5b3086a04 ("netfilter: bridge: add reject support")
Sign
From: Antony Antony
commit 29e4276667e24ee6b91d9f91064d8fda9a210ea1 upstream.
s/xfrm_state_offload/xfrm_user_offload/
Fixes: d77e38e612a ("xfrm: Add an IPsec hardware offloading API")
Signed-off-by: Antony Antony
Signed-off-by: Steffen Klassert
Signed-off-by: Greg Kroah-Hartman
---
include
From: Konstantin Khlebnikov
[ Upstream commit 6988f31d558aa8c744464a7f6d91d34ada48ad12 ]
Replace superfluous VM_BUG_ON() with comment about correct usage.
Technically reverts commit 1d148e218a0d ("mm: add VM_BUG_ON_PAGE() to
page_mapcount()"), but context lines have changed.
Function isolate_m
From: Xin Long
commit 3c96ec56828922e3fe5477f75eb3fc02f98f98b5 upstream.
For transport mode, when ipv6 nexthdr is set, the packet format might
be like:
|| dest | | | | ESP| ESP |
| IP6 hdr| opts.| ESP | T
From: Anthony Koo
[ Upstream commit acdac228c4d1b9ff8ac778835719d3381c198aad ]
[Why]
DSC updates only set type to FULL UPDATE, but doesn't
flag the change
[How]
Add DSC flag update flag
Signed-off-by: Anthony Koo
Reviewed-by: Aric Cyr
Acked-by: Bhawanpreet Lakha
Signed-off-by: Alex Deucher
From: David Ahern
commit ac21753a5c2c9a6a2019997481a2ac12bbde48c8 upstream.
Move nh_grp dereference and check for removing nexthop group due to
all members gone into remove_nh_grp_entry.
Fixes: 430a049190de ("nexthop: Add support for nexthop groups")
Signed-off-by: David Ahern
Acked-by: Nikola
From: Edwin Peer
commit 2a5a8800fa915bd9bc272c91ca64728e6aa84c0a upstream.
The explicit mask and shift is not the appropriate way to parse fields
out of a little endian struct. The length field is internally __le16
and the strategy employed only happens to work on little endian machines
because
From: David Ahern
commit 1fd1c768f3624a5e66766e7b4ddb9b607cd834a5 upstream.
Similar to the last path, need to fix fib_info_nh_uses_dev for
external nexthops to avoid referencing multiple nh_grp structs.
Move the device check in fib_info_nh_uses_dev to a helper and
create a nexthop version that i
From: Nicholas Kazlauskas
[ Upstream commit 31ecebee9c36d5e5e113a357a655d993fa916174 ]
[Why]
We dropped the delay after changed the cursor functions locking the
entire pipe to locking just the CURSOR registers to fix page flip
stuttering - this introduced cursor stuttering instead, and an underf
From: Pablo Neira Ayuso
commit 703acd70f2496537457186211c2f03e792409e68 upstream.
Restore helper data size initialization and fix memcopy of the helper
data size.
Fixes: 157eb5dc ("netfilter: nfnetlink_cthelper: reject too large userspace
allocation requests")
Reviewed-by: Florian Westphal
From: Vladimir Oltean
commit 2b86cb8299765688c5119fd18d5f436716c81010 upstream.
Be there a platform with the following layout:
Regular NIC
|
+> DSA master for switch port
|
+> DSA master for another switch port
After changing DSA back t
From: Pablo Neira Ayuso
commit 4946ea5c1237036155c3b3a24f049fd5f849f8f6 upstream.
>> include/linux/netfilter/nf_conntrack_pptp.h:13:20: warning: 'const' type
>> qualifier on return type has no effect [-Wignored-qualifiers]
extern const char *const pptp_msg_name(u_int16_t msg);
^~
Reported-
From: Pablo Neira Ayuso
commit 94945ad2b330207cded0fd8d4abebde43a776dfb upstream.
net/netfilter/nf_conntrack_core.c: In function nf_confirm_cthelper:
net/netfilter/nf_conntrack_core.c:2117:15: warning: comparison of unsigned
expression in < 0 is always false [-Wtype-limits]
2117 | if (protof
From: Dmitry Torokhov
commit f4dec2d6160976b14e54be9c3950ce0f52385741 upstream.
This reverts commit 18931506465a762ffd3f4803d36a18d336a67da9. From Kevin
Locke:
"... nomux only appeared to fix the issue because the controller
continued working after warm reboots. After more thorough testing from
From: Nikolay Aleksandrov
commit 90f33bffa382598a32cc82abfeb20adc92d041b6 upstream.
We must avoid modifying published nexthop groups while they might be
in use, otherwise we might see NULL ptr dereferences. In order to do
that we allocate 2 nexthoup group structures upon nexthop creation
and swa
From: Nathan Chancellor
commit 46c1e0621a72e0469ec4edfdb6ed4d387ec34f8a upstream.
Clang warns:
net/netfilter/nf_conntrack_core.c:2068:21: warning: variable 'ctinfo' is
uninitialized when used here [-Wuninitialized]
nf_ct_set(skb, ct, ctinfo);
^~
net/netfil
From: Björn Töpel
commit b16a87d0aef7a6be766f6618976dc5ff2c689291 upstream.
The npgs member of struct xdp_umem is an u32 entity, and stores the
number of pages the UMEM consumes. The calculation of npgs
npgs = size / PAGE_SIZE
can overflow.
To avoid overflow scenarios, the division is now f
From: Pradeep Kumar Chitrapu
commit d031781bdabe1027858a3220f868866586bf6e7c upstream.
Fixes bitmask for HE opration's default PE duration.
Fixes: daa5b83513a7 ("mac80211: update HE operation fields to D3.0")
Signed-off-by: Pradeep Kumar Chitrapu
Link: https://lore.kernel.org/r/20200506102430.
From: Arnd Bergmann
[ Upstream commit 4377748c7b5187c3342a60fa2ceb60c8a57a8488 ]
drivers/hwmon/amd_energy.c:195:15: error: invalid operands to binary expression
('void' and 'int')
(channel - data->nr_cpus));
~~~
From: Petr Mladek
commit d195b1d1d1196681ac4775e0361e9cca70f740c2 upstream.
The commit 0ebeea8ca8a4d1d453a ("bpf: Restrict bpf_probe_read{, str}() only
to archs where they work") caused that bpf_probe_read{, str}() functions
were not longer available on architectures where the same logical addre
From: David Ahern
commit 0b5e2e39739e861fa5fc84ab27a35dbe62a15330 upstream.
I got too fancy consolidating checks on multipath type. The result
is that path lookups can access 2 different nh_grp structs as exposed
by Nik's torture tests. Expand nexthop_is_multipath within nexthop.h to
avoid multi
From: Hugh Dickins
[ Upstream commit 2f33a706027c94cd4f70fcd3e3f4a17c1ce4ea4b ]
When collapse_file() calls try_to_release_page(), it has already isolated
the page: so if releasing buffers happens to fail (as it sometimes does),
remember to putback_lru_page(): otherwise that page is left unreclai
From: Qiushi Wu
commit a068aab42258e25094bc2c159948d263ed7d7a77 upstream.
kobject_init_and_add() takes reference even when it fails.
If this function returns an error, kobject_put() must be called to
properly clean up the memory associated with the object. Previous
commit "b8eb718348b8" fixed a
From: Pablo Neira Ayuso
commit 4c559f15efcc43b996f4da528cd7f9483aaca36d upstream.
Dan Carpenter says: "Smatch complains that the value for "cmd" comes
from the network and can't be trusted."
Add pptp_msg_name() helper function that checks for the array boundary.
Fixes: f09943fefe6b ("[NETFILTE
From: Qiushi Wu
commit 15c973858903009e995b2037683de29dfe968621 upstream.
In function qlcnic_83xx_interrupt_test(), function
qlcnic_83xx_diag_alloc_res() is not handled by function
qlcnic_83xx_diag_free_res() after a call of the function
qlcnic_alloc_mbx_args() failed. Fix this issue by adding
a
From: Jay Lang
commit 4bfe6cce133cad82cea04490c308795275857782 upstream.
In the copy_process() routine called by _do_fork(), failure to allocate
a PID (or further along in the function) will trigger an invocation to
exit_thread(). This is done to clean up from an earlier call to
copy_thread_tls(
From: Alexander Potapenko
[ Upstream commit 1d605416fb7175e1adf094251466caa52093b413 ]
KMSAN reported uninitialized data being written to disk when dumping
core. As a result, several kilobytes of kmalloc memory may be written
to the core file and then read by a non-privileged user.
Reported-by
From: Michael Chan
commit b8056e8434b037fdab08158fea99ed7bc8ef3a74 upstream.
We have logic to maintain network counters across resets by storing
the counters in bp->net_stats_prev before reset. But not all resets
will clear the counters. Certain resets that don't need to change
the number of r
From: Xin Long
commit 976eba8ab596bab94b9714cd46d38d5c6a2c660d upstream.
In Commit dd9ee3444014 ("vti4: Fix a ipip packet processing bug in
'IPCOMP' virtual tunnel"), it tries to receive IPIP packets in vti
by calling xfrm_input(). This case happens when a small packet or
frag sent by peer is to
From: Xin Long
commit 06a0afcfe2f551ff755849ea2549b0d8409fd9a0 upstream.
For transport mode, when ipv6 nexthdr is set, the packet format might
be like:
|| dest | | | | ESP| ESP |
| IP6 hdr| opts.| ESP | T
From: Jens Axboe
[ Upstream commit b0beb28097fa04177b3769f4bb7a0d0d9c4ae76e ]
This reverts commit c58c1f83436b501d45d4050fd1296d71a9760bcb.
io_uring does do the right thing for this case, and we're still returning
-EAGAIN to userspace for the cases we don't support. Revert this change
to avoid
From: Alexander Dahl
commit 88743470668ef5eb6b7ba9e0f99888e5999bf172 upstream.
The intermediate result of the old term (4UL * 1024 * 1024 * 1024) is
4 294 967 296 or 0x1 which is no problem on 64 bit systems.
The patch does not change the later overall result of 0x10 for
MAX_DMA32_PF
From: Aric Cyr
[ Upstream commit b2a7b0ce0773bfa4406bc0a78e41979532a1edd7 ]
[Why]
Current locking scheme for cursor can result in a flip missing
its vsync, deferring it for one or more vsyncs. Result is a
potential for stuttering when cursor is moved.
[How]
Use cursor update lock so that flips
From: Pablo Neira Ayuso
commit ee04805ff54a63ffd90bc6749ebfe73473734ddb upstream.
Florian Westphal says:
"Problem is that after the helper hook was merged back into the confirm
one, the queueing itself occurs from the confirm hook, i.e. we queue
from the last netfilter callback in the hook-list
From: Xin Long
commit ed17b8d377eaf6b4a01d46942b4c647378a79bdd upstream.
This waring can be triggered simply by:
# ip xfrm policy update src 192.168.1.1/24 dst 192.168.1.2/24 dir in \
priority 1 mark 0 mask 0x10 #[1]
# ip xfrm policy update src 192.168.1.1/24 dst 192.168.1.2/24 dir in
From: Helge Deller
[ Upstream commit bf71bc16e02162388808949b179d59d0b571b965 ]
The Debian kernel v5.6 triggers this kernel panic:
Kernel panic - not syncing: Bad Address (null pointer deref?)
Bad Address (null pointer deref?): Code=26 (Data memory access rights trap) at
addr 000
901 - 1000 of 1740 matches
Mail list logo
