mirror of https://gitee.com/openkylin/linux.git
825532 Commits
| Author | SHA1 | Message | Date |
|---|---|---|---|
Ronnie Sahlberg
|
2f94a3125b |
cifs: fix kref underflow in close_shroot()
Fix a bug where we used to not initialize the cached fid structure at all in open_shroot() if the open was successful but we did not get a lease. This would leave the structure uninitialized and later when we close the handle we would in close_shroot() try to kref_put() an uninitialized refcount. Fix this by always initializing this structure if the open was successful but only do the extra get() if we got a lease. This extra get() is only used to hold the structure until we get a lease break from the server at which point we will kref_put() it during lease processing. Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com> Signed-off-by: Steve French <stfrench@microsoft.com> CC: Stable <stable@vger.kernel.org> |
|
|
Linus Torvalds
|
5e7a8ca319 |
Merge branch 'work.aio' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull aio race fixes and cleanups from Al Viro. The aio code had more issues with error handling and races with the aio completing at just the right (wrong) time along with freeing the file descriptor when another thread closes the file. Just a couple of these commits are the actual fixes: the others are cleanups to either make the fixes simpler, or to make the code legible and understandable enough that we hope there's no more fundamental races hiding. * 'work.aio' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: aio: move sanity checks and request allocation to io_submit_one() deal with get_reqs_available() in aio_get_req() itself aio: move dropping ->ki_eventfd into iocb_destroy() make aio_read()/aio_write() return int Fix aio_poll() races aio: store event at final iocb_put() aio: keep io_event in aio_kiocb aio: fold lookup_kiocb() into its sole caller pin iocb through aio. |
|
|
Linus Torvalds
|
db5481e705 |
Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull symlink fixes from Al Viro:
"The ceph fix is already in mainline, Daniel's bpf fix is in bpf tree
(
|
|
|
Al Viro
|
93b919da64 |
debugfs: fix use-after-free on symlink traversal
symlink body shouldn't be freed without an RCU delay. Switch debugfs to ->destroy_inode() and use of call_rcu(); free both the inode and symlink body in the callback. Similar to solution for bpf, only here it's even more obvious that ->evict_inode() can be dropped. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> |
|
|
Al Viro
|
0cdc17ebd2 |
ubifs: fix use-after-free on symlink traversal
free the symlink body after the same RCU delay we have for freeing the struct inode itself, so that traversal during RCU pathwalk wouldn't step into freed memory. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> |
|
|
Al Viro
|
4fdcfab5b5 |
jffs2: fix use-after-free on symlink traversal
free the symlink body after the same RCU delay we have for freeing the struct inode itself, so that traversal during RCU pathwalk wouldn't step into freed memory. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> |
|
|
Linus Torvalds
|
79a3aaa7b8 | Linux 5.1-rc3 | |
|
Linus Torvalds
|
63fc9c2348 |
A collection of x86 and ARM bugfixes, and some improvements to documentation.
On top of this, a cleanup of kvm_para.h headers, which were exported by some architectures even though they not support KVM at all. This is responsible for all the Kbuild changes in the diffstat. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAABAgAGBQJcoM5VAAoJEL/70l94x66DU3EH/A8sYdsfeqALWElm2Sy9TYas mntz+oTWsl3vDy8s8zp1ET2NpF7oBlBEMmCWhVEJaD+1qW3VpTRAseR3Zr9ML9xD k+BQM8SKv47o86ZN+y4XALl30Ckb3DXh/X1xsrV5hF6J3ofC+Ce2tF560l8C9ygC WyHDxwNHMWVA/6TyW3mhunzuVKgZ/JND9+0zlyY1LKmUQ0BQLle23gseIhhI0YDm B4VGIYU2Mf8jCH5Ir3N/rQ8pLdo8U7f5P/MMfgXQafksvUHJBg6B6vOhLJh94dLh J2wixYp1zlT0drBBkvJ0jPZ75skooWWj0o3otEA7GNk/hRj6MTllgfL5SajTHZg= =/A7u -----END PGP SIGNATURE----- Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm Pull KVM fixes from Paolo Bonzini: "A collection of x86 and ARM bugfixes, and some improvements to documentation. On top of this, a cleanup of kvm_para.h headers, which were exported by some architectures even though they not support KVM at all. This is responsible for all the Kbuild changes in the diffstat" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (28 commits) Documentation: kvm: clarify KVM_SET_USER_MEMORY_REGION KVM: doc: Document the life cycle of a VM and its resources KVM: selftests: complete IO before migrating guest state KVM: selftests: disable stack protector for all KVM tests KVM: selftests: explicitly disable PIE for tests KVM: selftests: assert on exit reason in CR4/cpuid sync test KVM: x86: update %rip after emulating IO x86/kvm/hyper-v: avoid spurious pending stimer on vCPU init kvm/x86: Move MSR_IA32_ARCH_CAPABILITIES to array emulated_msrs KVM: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts kvm: don't redefine flags as something else kvm: mmu: Used range based flushing in slot_handle_level_range KVM: export <linux/kvm_para.h> and <asm/kvm_para.h> iif KVM is supported KVM: x86: remove check on nr_mmu_pages in kvm_arch_commit_memory_region() kvm: nVMX: Add a vmentry check for HOST_SYSENTER_ESP and HOST_SYSENTER_EIP fields KVM: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation) KVM: Reject device ioctls from processes other than the VM's creator KVM: doc: Fix incorrect word ordering regarding supported use of APIs KVM: x86: fix handling of role.cr4_pae and rename it to 'gpte_size' KVM: nVMX: Do not inherit quadrant and invalid for the root shadow EPT ... |
|
|
Linus Torvalds
|
915ee0da5e |
Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 fixes from Thomas Gleixner:
"A pile of x86 updates:
- Prevent exceeding he valid physical address space in the /dev/mem
limit checks.
- Move all header content inside the header guard to prevent compile
failures.
- Fix the bogus __percpu annotation in this_cpu_has() which makes
sparse very noisy.
- Disable switch jump tables completely when retpolines are enabled.
- Prevent leaking the trampoline address"
* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/realmode: Make set_real_mode_mem() static inline
x86/cpufeature: Fix __percpu annotation in this_cpu_has()
x86/mm: Don't exceed the valid physical address space
x86/retpolines: Disable switch jump tables when retpolines are enabled
x86/realmode: Don't leak the trampoline kernel address
x86/boot: Fix incorrect ifdeffery scope
x86/resctrl: Remove unused variable
|
|
|
Linus Torvalds
|
590627f755 |
Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull perf tooling fixes from Thomas Gleixner:
"Core libraries:
- Fix max perf_event_attr.precise_ip detection.
- Fix parser error for uncore event alias
- Fixup ordering of kernel maps after obtaining the main kernel map
address.
Intel PT:
- Fix TSC slip where A TSC packet can slip past MTC packets so that
the timestamp appears to go backwards.
- Fixes for exported-sql-viewer GUI conversion to python3.
ARM coresight:
- Fix the build by adding a missing case value for enumeration value
introduced in newer library, that now is the required one.
tool headers:
- Syncronize kernel headers with the kernel, getting new io_uring and
pidfd_send_signal syscalls so that 'perf trace' can handle them"
* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
perf pmu: Fix parser error for uncore event alias
perf scripts python: exported-sql-viewer.py: Fix python3 support
perf scripts python: exported-sql-viewer.py: Fix never-ending loop
perf machine: Update kernel map address and re-order properly
tools headers uapi: Sync powerpc's asm/kvm.h copy with the kernel sources
tools headers: Update x86's syscall_64.tbl and uapi/asm-generic/unistd
tools headers uapi: Update drm/i915_drm.h
tools arch x86: Sync asm/cpufeatures.h with the kernel sources
tools headers uapi: Sync linux/fcntl.h to get the F_SEAL_FUTURE_WRITE addition
tools headers uapi: Sync asm-generic/mman-common.h and linux/mman.h
perf evsel: Fix max perf_event_attr.precise_ip detection
perf intel-pt: Fix TSC slip
perf cs-etm: Add missing case value
|
|
|
Linus Torvalds
|
c29d85417c |
Merge branch 'smp-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull CPU hotplug fixes from Thomas Gleixner:
"Two SMT/hotplug related fixes:
- Prevent crash when HOTPLUG_CPU is disabled and the CPU bringup
aborts. This is triggered with the 'nosmt' command line option, but
can happen by any abort condition. As the real unplug code is not
compiled in, prevent the fail by keeping the CPU in zombie state.
- Enforce HOTPLUG_CPU for SMP on x86 to avoid the above situation
completely. With 'nosmt' being a popular option it's required to
unplug the half brought up sibling CPUs (due to the MCE wreckage)
completely"
* 'smp-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/smp: Enforce CONFIG_HOTPLUG_CPU when SMP=y
cpu/hotplug: Prevent crash when CPU bringup fails on CONFIG_HOTPLUG_CPU=n
|
|
|
Linus Torvalds
|
573efdc5ea |
Merge branch 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull locking fixlet from Thomas Gleixner: "Trivial update to the maintainers file" * 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: MAINTAINERS: Remove deleted file from futex file pattern |
|
|
Linus Torvalds
|
f78b5be2a5 |
Merge branch 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull core fixes from Thomas Gleixner:
"A small set of core updates:
- Make the watchdog respect the selected CPU mask again. That was
broken by the rework of the watchdog thread management and caused
inconsistent state and NMI watchdog being unstoppable.
- Ensure that the objtool build can find the libelf location.
- Remove dead kcore stub code"
* 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
watchdog: Respect watchdog cpumask on CPU hotplug
objtool: Query pkg-config for libelf location
proc/kcore: Remove unused kclist_add_remap()
|
|
|
Linus Torvalds
|
6536c5f2c8 |
powerpc fixes for 5.1 #4
Three non-regression fixes.
Our optimised memcmp could read past the end of one of the buffers and
potentially trigger a page fault leading to an oops.
Some of our code to read energy management data on PowerVM had an endian bug
leading to bogus results.
When reporting a machine check exception we incorrectly reported TLB multihits
as D-Cache multhits due to a missing entry in the array of causes.
Thanks to:
Chandan Rajendra, Gautham R. Shenoy, Mahesh Salgaonkar, Segher Boessenkool,
Vaidyanathan Srinivasan.
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJcoJG4AAoJEFHr6jzI4aWAwTkP/02lEd3G9MTaLLJUsvPTBG1G
lUKPzTNqoWLvcqdwDqsr4Cfftn/DQvgQRTDXzFZCDPdIhUizDSDKAw0vf49Aue4l
T8rxOiD7O7eFezsbZ86XIKqsRerWmb44NzrE28zkgcW6LEIjJTO6xz7ne6Cd+Xfc
SCji4PBHKSHsL5L3mOU769nm5YDjQDszePN8M6WuYAhW/l7xKbQqWUw6m1zNQf/2
pyy+KOpy1dSANCYgORltSyL3k280G3q75RZFEpqZkI8Yz9vuPImZh41L3CeVo7PU
ktg2t+vy36r1/BXisENPF9NUBqhxUROU3ji56N1hKOhiocm6BBETRx+e/N2cXakB
erKljjF0PMGqjfHgS0L05ZIwqjzme+amMvFDIPmGTW98UVW4+YLViAGMPBtB/NPm
k2uap4VLAiBOsaj4XFPsR7y9WPtUyt56JBkB06e3aftUa9D8rwBP9oxBCR9M+MJ0
V4qGaRUF1TIeAUlngbqJ/MBUqwWw6kcoApq+JX0/kf2Wc/lNjXK1+VCXDHSL3qkh
4+WhEWRCf8XC/uTBM+/2a1ULn6kd8hh7LLZpCTt5X3vI0wXf2wGTbejC01jfTcX3
I+PR/w9bSlxv2FfsiQWnn49l0dV4ZrCgQzTZ4wfiaRFWxnwn3z6CemyOiXn1umu7
NK2/Q/nnNIwqquh7nJo+
=Ugv6
-----END PGP SIGNATURE-----
Merge tag 'powerpc-5.1-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux
Pull powerpc fixes from Michael Ellerman:
"Three non-regression fixes.
- Our optimised memcmp could read past the end of one of the buffers
and potentially trigger a page fault leading to an oops.
- Some of our code to read energy management data on PowerVM had an
endian bug leading to bogus results.
- When reporting a machine check exception we incorrectly reported
TLB multihits as D-Cache multhits due to a missing entry in the
array of causes.
Thanks to: Chandan Rajendra, Gautham R. Shenoy, Mahesh Salgaonkar,
Segher Boessenkool, Vaidyanathan Srinivasan"
* tag 'powerpc-5.1-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
powerpc/pseries/mce: Fix misleading print for TLB mutlihit
powerpc/pseries/energy: Use OF accessor functions to read ibm,drc-indexes
powerpc/64: Fix memcmp reading past the end of src/dest
|
|
|
Linus Torvalds
|
c877b3df85 |
dmaengine-5.10-rc3
dmaengine fixes for v5.10-rc3
- Revert dmaengine: stm32-mdma: Add a check on read_u32_array as that
caused regression
- Fix MAINTAINER file uniphier-mdmac.c file path
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJcoCesAAoJEHwUBw8lI4NHFV0P/2wUq0NH2HZWAb36VuJypALL
wTbo/eGWqw0XJ9HxJkBcTHv6i83wRvIFspZl57u9suyUpLSJ6BRpGduzERFPtCfM
tlzVdhOv7kF7kOOr1b7pPVvn2QpAlCrz+Gbv/WEtYUtTW0M4xjylQMEWVVVkZ8yv
0p0sKDoGNDuAIG1pC2hs/CkS9+tp36RaBxXMERmlaTVUJe0EqEcE/MZZ1vFyOmaZ
x+OFRRYmSOLV0UXj05WFyBnvd/6ZC9ymeKMXEtN4cUU9r05PqPU1l9XhCsdSbo+3
MbOl5JKZlsita8W+pYmAZwGNSMhNGqJI5GhxgnfuRUZhUsPYDFekEbCi9FxxLGD5
cqlMVta2sJx9Agb5+ywx74Bl8N/vHED0oLKF72gGNrdUIz5J4JWzc/gWl65P2L5f
s1BEpRxWGGnHKFpu5/og9f6F6mYdPdKTtg2edGjc8Td9Y+9wxz9rvgZZVcSo8z/I
ClRdm297Lz7xiwy1FvbAWD1++v/PrsOpJh0SW2lvpI9Hf9bsg/0gmZZP+p+jDKW+
0gbC+/oNZASEAaIm2T/ZjS0lKAUWho4AP8BcU/+oKt42GR7gqoXYJ+LNQpbahWto
CCYmYgyjiXXebc0G8QPhKNGoxAqJ6yY8T+8MNqyJRBiiw42c3elMgak4xPPz+XSz
QIwIGBhMz6gaoUUDkRhY
=j940
-----END PGP SIGNATURE-----
Merge tag 'dmaengine-fix-5.1-rc3' of git://git.infradead.org/users/vkoul/slave-dma
Pull dmaengine fixes from Vinod Koul:
- Revert "dmaengine: stm32-mdma: Add a check on read_u32_array" as that
caused regression
- Fix MAINTAINER file uniphier-mdmac.c file path
* tag 'dmaengine-fix-5.1-rc3' of git://git.infradead.org/users/vkoul/slave-dma:
MAINTAINERS: Fix uniphier-mdmac.c file path
dmaengine: stm32-mdma: Revert "dmaengine: stm32-mdma: Add a check on read_u32_array"
|
|
|
Linus Torvalds
|
b5c8314f0e |
LED fixes for 5.1-rc3
-----BEGIN PGP SIGNATURE----- iHUEABYIAB0WIQQUwxxKyE5l/npt8ARiEGxRG/Sl2wUCXJ+ymAAKCRBiEGxRG/Sl 2yIKAQCnxxzaaCfoXtnYnpgtSZApKX+ifpkImh1WOvly+HLE4QEA3i3Bg4pb23ck fClCFU9sahuxJbakWD0pvs4k77I1GQY= =5KCa -----END PGP SIGNATURE----- Merge tag 'led-fixes-for-5.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/j.anaszewski/linux-leds Pull LED fixes from Jacek Anaszewski: - fix refcnt leak on interface rename - use memcpy in device_name_store() to avoid including garbage from a previous, longer value in the device_name - fix a potential NULL pointer dereference in case of_match_device() cannot find a match * tag 'led-fixes-for-5.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/j.anaszewski/linux-leds: leds: trigger: netdev: use memcpy in device_name_store leds: pca9532: fix a potential NULL pointer dereference leds: trigger: netdev: fix refcnt leak on interface rename |
|
|
Linus Torvalds
|
3af9a5256f |
GPIO fixes for the v5.1 series:
- Revert the extended use of gpio_set_config() and think about
how we can do this properly.
- Fix up the SPI CS GPIO handling so it now works properly on
the SPI bus children, as intended.
- Error paths and driver fixes.
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJcn4QVAAoJEEEQszewGV1zhyMP/3E2PeJmi1IKK2YTGJaEdz0+
71Q6++a7xB1jTOa1FKgYBUI+cwjjyhpaFU8Ax7jbNEpcUgTRu+wKFrdAp2of7UZk
iv+7ODzw+d/usdhlLgFSIf+NHUFSytQBZRRS4sSFi2QyavHF49pXzWv2oMFOgGiv
sn/Ke2lU8oT49W1TfH/RjLTyx36eEBhEyWe9JKYCrFuDFCYvykAOmYPP6wULHRG5
UCsRCP/tYktu5aANAavMh+o0SRH6Xik23bPo5adP32iKb4HuKurxy5bl26k+T5tU
crRANm/LD/3fu2GBoKPl3EjI7zQsJINwwvYO65tX44WJpBVZX07MRBiBCZxAex/m
j11x5oA9pBNM8Jn2MP2IIP3+izpyc3ojwJoLn27fM/PizMS3vU4Wp7MetAAjCwmb
qF7Y2ua3IGHn4vay5u4UJjGP/wFptv8YJLlqCO1wkeH2LdJm6ZM3uAhj0R4VOPoA
bTmFSRVCGOVL1DYYW2eWxADXW5zmdXmuKQx+/bmMUiw1s84gDOde8Yg7UGegaT4k
H1FjacvwKU0Q/OMx+4+jv1h6yAb0tF4iTkno5v99WEOAg+WWNnHj85r6aigaWSa7
FVmsMEJbDJbvUF1rEZ9Zq1fmwBKOY3qd3zSRulchimx0wd3LeBw3AKLx8ojk2/Hq
hoLlO5f2ifYTuHQbnHnX
=6ndO
-----END PGP SIGNATURE-----
Merge tag 'gpio-v5.1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio
Pull GPIO fixes from Linus Walleij:
"As you can see [in the git history] I was away on leave and Bartosz
kindly stepped in and collected a slew of fixes, I pulled them into my
tree in two sets and merged some two more fixes (fixing my own caused
bugs) on top.
Summary:
- Revert the extended use of gpio_set_config() and think about how we
can do this properly.
- Fix up the SPI CS GPIO handling so it now works properly on the SPI
bus children, as intended.
- Error paths and driver fixes"
* tag 'gpio-v5.1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
gpio: mockup: use simple_read_from_buffer() in debugfs read callback
gpio: of: Fix of_gpiochip_add() error path
gpio: of: Check for "spi-cs-high" in child instead of parent node
gpio: of: Check propname before applying "cs-gpios" quirks
gpio: mockup: fix debugfs read
Revert "gpio: use new gpio_set_config() helper in more places"
gpio: aspeed: fix a potential NULL pointer dereference
gpio: amd-fch: Fix bogus SPDX identifier
gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input
gpio: exar: add a check for the return value of ida_simple_get fails
|
|
|
Rasmus Villemoes
|
9093464330 |
leds: trigger: netdev: use memcpy in device_name_store
If userspace doesn't end the input with a newline (which can easily
happen if the write happens from a C program that does write(fd,
iface, strlen(iface))), we may end up including garbage from a
previous, longer value in the device_name. For example
# cat device_name
# printf 'eth12' > device_name
# cat device_name
eth12
# printf 'eth3' > device_name
# cat device_name
eth32
I highly doubt anybody is relying on this behaviour, so switch to
simply copying the bytes (we've already checked that size is <
IFNAMSIZ) and unconditionally zero-terminate it; of course, we also
still have to strip a trailing newline.
This is also preparation for future patches.
Fixes:
|
|
|
Kangjie Lu
|
0aab8e4df4 |
leds: pca9532: fix a potential NULL pointer dereference
In case of_match_device cannot find a match, return -EINVAL to avoid
NULL pointer dereference.
Fixes:
|
|
|
Linus Torvalds
|
32faca66bd |
Staging driver fixes for 5.1-rc3
Here are some small staging driver fixes for 5.1-rc3, and one driver removal. The biggest thing here is the removal of the mt7621-eth driver as a "real" network driver was merged in 5.1-rc1 for this hardware, so this old driver can now be removed. Other than that, there are just a number of small fixes, all resolving reported issues and some potential corner cases for error handling paths. All of these have been in linux-next with no reported issues. Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> -----BEGIN PGP SIGNATURE----- iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCXJ8vpg8cZ3JlZ0Brcm9h aC5jb20ACgkQMUfUDdst+yksHgCeJATLFpgiWqGvR8K/PfiG2QixudEAoMivMAM2 s1Obj1TFIQK+xTAINt6U =uJaK -----END PGP SIGNATURE----- Merge tag 'staging-5.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging Pull staging driver fixes from Greg KH: "Here are some small staging driver fixes for 5.1-rc3, and one driver removal. The biggest thing here is the removal of the mt7621-eth driver as a "real" network driver was merged in 5.1-rc1 for this hardware, so this old driver can now be removed. Other than that, there are just a number of small fixes, all resolving reported issues and some potential corner cases for error handling paths. All of these have been in linux-next with no reported issues" * tag 'staging-5.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: staging: vt6655: Remove vif check from vnt_interrupt staging: erofs: keep corrupted fs from crashing kernel in erofs_readdir() staging: octeon-ethernet: fix incorrect PHY mode staging: vc04_services: Fix an error code in vchiq_probe() staging: erofs: fix error handling when failed to read compresssed data staging: vt6655: Fix interrupt race condition on device start up. staging: rtlwifi: Fix potential NULL pointer dereference of kzalloc staging: rtl8712: uninitialized memory in read_bbreg_hdl() staging: rtlwifi: rtl8822b: fix to avoid potential NULL pointer dereference staging: rtl8188eu: Fix potential NULL pointer dereference of kcalloc staging, mt7621-pci: fix build without pci support staging: speakup_soft: Fix alternate speech with other synths staging: axis-fifo: add CONFIG_OF dependency staging: olpc_dcon_xo_1: add missing 'const' qualifier staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest staging: erofs: fix to handle error path of erofs_vmap() staging: mt7621-dts: update ethernet settings. staging: remove mt7621-eth |
|
|
Linus Torvalds
|
52afe190ff |
TTY/Serial fixes for 5.1-rc3
Here are some small tty and serial driver fixes for 5.1-rc3. Nothing major here, just a number of potential problems fixes for error handling paths, as well as some other minor bugfixes for reported issues with 5.1-rc1. All of these have been in linux-next with no reported issues. Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> -----BEGIN PGP SIGNATURE----- iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCXJ8wCg8cZ3JlZ0Brcm9h aC5jb20ACgkQMUfUDdst+ylWigCfSPVnxuGsNFTZIN8CUMBH4I5cmjkAnjrN3NdS Sumt55mskpi/Ht+5UWmw =LFqo -----END PGP SIGNATURE----- Merge tag 'tty-5.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty Pull tty/serial fixes from Greg KH: "Here are some small tty and serial driver fixes for 5.1-rc3. Nothing major here, just a number of potential problems fixes for error handling paths, as well as some other minor bugfixes for reported issues with 5.1-rc1. All of these have been in linux-next with no reported issues" * tag 'tty-5.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: tty: fix NULL pointer issue when tty_port ops is not set Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc dt-bindings: serial: Add compatible for Mediatek MT8183 tty/serial: atmel: RS485 HD w/DMA: enable RX after TX is stopped tty/serial: atmel: Add is_half_duplex helper serial: sh-sci: Fix setting SCSCR_TIE while transferring data serial: ar933x_uart: Fix build failure with disabled console tty: serial: qcom_geni_serial: Initialize baud in qcom_geni_console_setup sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init() tty: mxs-auart: fix a potential NULL pointer dereference tty: atmel_serial: fix a potential NULL pointer dereference serial: max310x: Fix to avoid potential NULL pointer dereference serial: mvebu-uart: Fix to avoid a potential NULL pointer dereference |
|
|
Linus Torvalds
|
8d02a9a897 |
USB fixes for 5.1-rc3
Here are some small USB fixes for 5.1-rc3. Nothing major at all here, just a small collection of fixes for reported issues, and potential problems with error handling paths. Also a few new device ids, as normal. All of these have been in linux-next with no reported issues. Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> -----BEGIN PGP SIGNATURE----- iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCXJ8wdQ8cZ3JlZ0Brcm9h aC5jb20ACgkQMUfUDdst+yn4iwCeJJST7rZyr/PO5lD8nm90y6WesawAn0WR2jEZ TR6natKYdZq5SVfLo0y/ =MFul -----END PGP SIGNATURE----- Merge tag 'usb-5.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb Pull USB fixes from Greg KH: "Here are some small USB fixes for 5.1-rc3. Nothing major at all here, just a small collection of fixes for reported issues, and potential problems with error handling paths. Also a few new device ids, as normal. All of these have been in linux-next with no reported issues" * tag 'usb-5.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (25 commits) USB: serial: option: add Olicard 600 USB: serial: cp210x: add new device id usb: u132-hcd: fix resource leak usb: cdc-acm: fix race during wakeup blocking TX traffic usb: mtu3: fix EXTCON dependency usb: usb251xb: fix to avoid potential NULL pointer dereference usb: core: Try generic PHY_MODE_USB_HOST if usb_phy_roothub_set_mode fails phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG PHYs xhci: Don't let USB3 ports stuck in polling state prevent suspend usb: xhci: dbc: Don't free all memory with spinlock held xhci: Fix port resume done detection for SS ports with LPM enabled USB: serial: mos7720: fix mos_parport refcount imbalance on error path USB: gadget: f_hid: fix deadlock in f_hidg_write() usb: gadget: net2272: Fix net2272_dequeue() usb: gadget: net2280: Fix net2280_dequeue() usb: gadget: net2280: Fix overrun of OUT messages usb: dwc3: pci: add support for Comet Lake PCH ID usb: usb251xb: Remove unnecessary comparison of unsigned integer with >= 0 usb: common: Consider only available nodes for dr_mode usb: typec: tcpm: Try PD-2.0 if sink does not respond to 3.0 source-caps ... |
|
|
Linus Torvalds
|
782492a7a4 |
ACPI fix for 5.1-rc3
Correct a previous attempt to make Linux use its own set of ACPI debug flags different from the upstream ACPICA's default (Erik Schmauss). -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAABCAAGBQJcnre0AAoJEILEb/54YlRxNl0QAKX5fcMQDnMqaK0+/fKKLjf3 VS9rknPGa6QAu2CMGj/kz/di3sl2ceEOggwwcqb3l8YwHJBnh9kxB3fZ0Js0cBkY oMONQxPPI74txwkjM11qcRE8Pd2ET7VeXzmsa/4+5b3vh1bCnx3z4oXP5bS/HRSY RCYqD3XRPZzeGEUvtu4hjOLdDCPAl4ILv38XbgYeCfWzuctAfXchWJmTuCYgGqLH 1gsTMEE7zqVVW4WO2B+qppZkoUU8rJkfD3TlWHbvy2gieqzTySUVvNKFjiUTR8q6 Bc9QvMld2EQYTNRUa8KEqVT/qxWQWIEZBNihP5/GC/WrSk5Z+r/0r0d3ascMZSwI Y1gu4RQncSx5NymKuoJZQhztEE37JCt73dJ8AeBPD8yCk9Fabtbcs3a+sc7qAzAm IYMwTvVL5yfCe+7ktid15mbpbAUfV7Kse0oyCWJbFF4tgTtGE46hy/aLjp9ak3Vn tmRkrysmu2qyusO5JPIxGwVsU/E2iNMU6JacArvXrcWV2kacDtP0v98gZioA3CVu P58V/tOcv+nNNhtCogJwQv6X7O5qSZNYtNnHeqEyneSXenLOj5juYlvINjzI1GHt K5liF/opz6NngtXezxlTmvzFsxvS92CCPYHrjzmm8gCrrUK07AuCodmc8tobs3qL H3lS1+4V8d63/99Oj0kU =Ze64 -----END PGP SIGNATURE----- Merge tag 'acpi-5.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull ACPI fix from Rafael Wysocki: "This corrects a previous attempt to make Linux use its own set of ACPI debug flags different from the upstream ACPICA's default (Erik Schmauss)" * tag 'acpi-5.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: ACPI: use different default debug value than ACPICA |
|
|
Linus Torvalds
|
8e377a1c7e |
Power management fixes for 5.1-rc3
- Fix the ACPI CPPC library to actually follow the specification
when decoding the guaranteed performance register information and
make the intel_pstate driver to fall back to the nominal frequency
when reporting the base frequency if the guaranteed performance
register information is not there (Srinivas Pandruvada).
- Fix use-after-free in the exit callback of the scpi-cpufreq left
after an update during the 5.0 development cycle (Vincent Stehlé).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJcnrgVAAoJEILEb/54YlRxd2gP+wVnP59rau3k6ek+b8E3c0bR
zPTUY4dKH+26gvqNWC1BR65annmUsBB0ow440Gvcr4Azk5H++xtTNmBLHyN3UJYx
V8ioKzOyKAUZ7OvpH2NCdV21kM8D8XpKM2E3+4GtqoxPhEu9SnxMOzk4Cqj462gy
ABVd9wE+okH4PFdtFL6GIhInqlKwgvRX/r/ssrb+dVJok0O6qjlWBOiDqfx18uXY
Z3nf/dpsscVoQKp28FAcXTlCY1Cq9yhd+2BVyA01FiJ3t3P2tyS0CWnSWxEaDgJR
AvrBibv9pKLGkH7MfgozQR9AOHHWFeyytPlbvgvOUjhr/Mg8lnZJXIFdUyKLk6hE
VRCIowqNGgEQxDwFFMlDKl8te7N9ay2K84bwnladI+YVKP4r3DNepD60dlBy90lh
f2+PO+l8Xs+8HGT5uNRk+0gbKL9ZZ/9GsQ0cON0KAO5B5XVJMk/zz+V6/L0jsIeN
sdRMiv+eia/x3uDX9PA4YXX/wRIOqgZSR6QZP2+xibPMdG14DU/tGPKUmPerlAo5
SqA8g2TR45U+fcX+dMvMIscuXVVy3/NuuLDEX6WVx4QxXNvgUdDratpl05wSrYQ3
nJ5WERblXUr/GX3MtWCP2om0/xph3XFJiFpMxLF0NFVJ+EK/+YFoBhDD4gLqx0id
rr47o4gjU0BvVL/hdU9f
=mhtx
-----END PGP SIGNATURE-----
Merge tag 'pm-5.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull power management fixes from Rafael Wysocki:
"These fix CPU base frequency reporting in the intel_pstate driver and
a use-after-free in the scpi-cpufreq driver.
Specifics:
- Fix the ACPI CPPC library to actually follow the specification when
decoding the guaranteed performance register information and make
the intel_pstate driver to fall back to the nominal frequency when
reporting the base frequency if the guaranteed performance register
information is not there (Srinivas Pandruvada).
- Fix use-after-free in the exit callback of the scpi-cpufreq left
after an update during the 5.0 development cycle (Vincent Stehlé)"
* tag 'pm-5.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
cpufreq: scpi: Fix use after free
cpufreq: intel_pstate: Also use CPPC nominal_perf for base_frequency
ACPI / CPPC: Fix guaranteed performance handling
|
|
|
Linus Torvalds
|
12195302ee |
Merge branch 'fixes-v5.1-a' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security layer fixes from James Morris: "Yama and LSM config fixes" * 'fixes-v5.1-a' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: LSM: Revive CONFIG_DEFAULT_SECURITY_* for "make oldconfig" Yama: mark local symbols as static |
|
|
Linus Torvalds
|
922c010cf2 |
Merge branch 'akpm' (patches from Andrew)
Merge misc fixes from Andrew Morton:
"22 fixes"
* emailed patches from Andrew Morton <akpm@linux-foundation.org>: (22 commits)
fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links
fs: fs_parser: fix printk format warning
checkpatch: add %pt as a valid vsprintf extension
mm/migrate.c: add missing flush_dcache_page for non-mapped page migrate
drivers/block/zram/zram_drv.c: fix idle/writeback string compare
mm/page_isolation.c: fix a wrong flag in set_migratetype_isolate()
mm/memory_hotplug.c: fix notification in offline error path
ptrace: take into account saved_sigmask in PTRACE{GET,SET}SIGMASK
fs/proc/kcore.c: make kcore_modules static
include/linux/list.h: fix list_is_first() kernel-doc
mm/debug.c: fix __dump_page when mapping->host is not set
mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified
include/linux/hugetlb.h: convert to use vm_fault_t
iommu/io-pgtable-arm-v7s: request DMA32 memory, and improve debugging
mm: add support for kmem caches in DMA32 zone
ocfs2: fix inode bh swapping mixup in ocfs2_reflink_inodes_lock
mm/hotplug: fix offline undo_isolate_page_range()
fs/open.c: allow opening only regular files during execve()
mailmap: add Changbin Du
mm/debug.c: add a cast to u64 for atomic64_read()
...
|
|
|
Linus Torvalds
|
f9007cc601 |
Use memblock_alloc() instead of memblock_alloc_low() in
request_standard_resources(), the latter being limited to the low 4G memory range on arm64. -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE5RElWfyWxS+3PLO2a9axLQDIXvEFAlyeaiMACgkQa9axLQDI XvH/dQ/+OI/klueavPAEueHruTrMYlpILzbIkXwM9tEUt/+SNPdST0Cp7nac5Zz6 EamlhJsQFO3hiULrRmdXBUvOrl281y2INgaYms2gTI8YPZje79q/Iu/xssBZnh02 WNyHgQlMv9J4rUIogjiRBJJSgVCAMRAbZ1yL68p26Gpnqg/8o5pcFUlJ+f9V+IGo RhSQ0VPvfaMxtGGKIGjeI6A0RYf9hp3UTEpv6bStwBEVZdzABjQ/7y5CcU+9Wzwz N4q1IyxESuy5P4pwZs+dE0L/Jj/Xh0JMKvX0wziNxfaiqpOXlyJxDWuy01nq/DIq ltTsBrib/5KhaiV6MtA3rAQ5CkVAKYS40Ujtk5xeOYETLXnLCx75jwSukFd0nGwR OSypb1BLoEI9zNzWDDdeXDqy6QCZLDLX56SzAhxhykKnrs6yvmtP5dIznGdssMeT FHRbXWn5nEpLbYrM+v/kF3YuH1bCFe3l62LgBWfx7MW6IOxzYRtaLL8hcwAhVypY Ikkt1WQgWwsrcfkr3EtmRddWWXXGce0SlhA/7+BUZw6oYXbH+RR67/sxDuo+kv3y 9n45T5LXK2bQ80amH01r1AqP0xSAvdq1dTzehhl8ciQqXdHQmI12/BGUzcBOAfE4 zWnTAaWCEqBy8bHyuyD15rFxiB+R21yT6QV38xr886T+CT4yxbI= =c25Z -----END PGP SIGNATURE----- Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 fix from Catalin Marinas: "Use memblock_alloc() instead of memblock_alloc_low() in request_standard_resources(), the latter being limited to the low 4G memory range on arm64" * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: arm64: replace memblock_alloc_low with memblock_alloc |
|
|
Linus Torvalds
|
c0b7f2a5fb |
IOMMU Fixes for Linux v5.1-rc3
Including: - Fix a bug in the AMD IOMMU driver not handling exclusion ranges correctly. In fact the driver did not reserve these ranges for IOVA allocations, so that dma-handles could be allocated in an exclusion range, leading to data corruption. Exclusion ranges have not been used by any firmware up to now, so this issue remained undiscovered for quite some time. - Fix wrong warning messages that the IOMMU core code prints when it tries to allocate the default domain for an iommu group and the driver does not support any of the default domain types (like Intel VT-d). -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEr9jSbILcajRFYWYyK/BELZcBGuMFAlyeRXwACgkQK/BELZcB GuMQZBAAx3x0217aR5Gu9IrpW4ippM96czOLYJZvacDUujHyoTYTrNe7DlG90jYC Cx0/zxycxmd7nknVWm8uRIqPy1iPnsD+Sb5TsCYewIV5RkcnXLUCUGFyq7aQpgqw xw5nto1MwO9blLJLleFKT1Cs8fuojYvBg7zszgjtkQKtNJK7Vm6kO86VegDujtPj gDSWjDUQ/S3o07We17qYuFwJ4fTC5ItP+GwW72dGIeGJFNRG6SF4YQs44G+yUpZD Vsbyjs0F983IOiRblYONlOqiROxm1vptJgr4ZfOxwZ7+htx+g/YW9UbP52HKPlCP WEpsNl+AK6GnW0wCxEzeSQ6pO6EXGiBdA6darx73hjeviImWYs5MirRUF4b/+IMR YLXVT4zb3DHqXGf7qCu4yAFnrtzU7uEw0+S/J/0R5A1ILYhDWVRiPP6Ph/8n4fLp XUYieFNX/2uNJOZratvrKY/H+ccA2HZBhXbftXkfCbxnZfZTEX7ay0FrOvNbMz/t 70PscX1+SF28Hk4ejqjYT8HZf7YU+6QY9PZZi+PjwtqCiWww/tde7Ej/4h8v98vY 1qhxBS2ZeAraTYo1dL4vaMSFuyaJfTuF4a04nl65CoKi9KLs1/6Rwq7/383XJYCT OH/AqwY69LgVczjQzQ/HPGbuMieNRFtR+N+KXXccC31StYdtz3w= =HY4V -----END PGP SIGNATURE----- Merge tag 'iommu-fixes-v5.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu Pull IOMMU fixes from Joerg Roedel: - Fix a bug in the AMD IOMMU driver not handling exclusion ranges correctly. In fact the driver did not reserve these ranges for IOVA allocations, so that dma-handles could be allocated in an exclusion range, leading to data corruption. Exclusion ranges have not been used by any firmware up to now, so this issue remained undiscovered for quite some time. - Fix wrong warning messages that the IOMMU core code prints when it tries to allocate the default domain for an iommu group and the driver does not support any of the default domain types (like Intel VT-d). * tag 'iommu-fixes-v5.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu: iommu/amd: Reserve exclusion range in iova-domain iommu: Don't print warning when IOMMU driver only supports unmanaged domains |
|
|
Linus Torvalds
|
eed4897dfe |
Driver core patch for 5.1-rc3
Here is a single driver core patch for 5.1-rc3. After 5.1-rc1, all of the users of BUS_ATTR() are finally removed, so we can now drop this macro from include/linux/device.h so that no more new users will be created. This patch has been in linux-next for a while, with no reported issues. Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> -----BEGIN PGP SIGNATURE----- iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCXJ5skg8cZ3JlZ0Brcm9h aC5jb20ACgkQMUfUDdst+ylp3wCfT73IbPPjeSxWZjyPLOBiz31YfTEAnjajShZl gQk7H0O5Ovv5ntsyk0bM =CRS4 -----END PGP SIGNATURE----- Merge tag 'driver-core-5.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core Pull driver core fix from Greg KH: "Here is a single driver core patch for 5.1-rc3. After 5.1-rc1, all of the users of BUS_ATTR() are finally removed, so we can now drop this macro from include/linux/device.h so that no more new users will be created. This patch has been in linux-next for a while, with no reported issues" * tag 'driver-core-5.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core: driver core: remove BUS_ATTR() |
|
|
Linus Torvalds
|
6f51092301 |
Char/Misc driver fixes for 5.1-rc3
Here are some binder, habanalabs, and vboxguest driver fixes for 5.1-rc3. The Binder fixes resolve some reported issues found by testing, first by the selinux developers, and then earlier today by syzbot. The habanalabs fixes are all minor, resolving a number of tiny things. The vboxguest patches are a bit larger. They resolve the fact that virtual box decided to change their api in their latest release in a way that broke the existing kernel code, despite saying that they were never going to do that. So this is a bit of a "new feature", but is good to get merged so that 5.1 will work with the latest release. The changes are not large and of course virtual box "swears" they will not break this again, but no one is holding their breath here. All of these have been in linux-next for a while with no reported issues. Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> -----BEGIN PGP SIGNATURE----- iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCXJ50KA8cZ3JlZ0Brcm9h aC5jb20ACgkQMUfUDdst+ykGsgCgtDaSHl+qjalyC3SegP9s6fUfoXwAoKuKS2Ti ROSQqZKSRNWvAqCwWUT4 =K3ll -----END PGP SIGNATURE----- Merge tag 'char-misc-5.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc Pull char/misc driver fixes from Greg KH: "Here are some binder, habanalabs, and vboxguest driver fixes for 5.1-rc3. The Binder fixes resolve some reported issues found by testing, first by the selinux developers, and then earlier today by syzbot. The habanalabs fixes are all minor, resolving a number of tiny things. The vboxguest patches are a bit larger. They resolve the fact that virtual box decided to change their api in their latest release in a way that broke the existing kernel code, despite saying that they were never going to do that. So this is a bit of a "new feature", but is good to get merged so that 5.1 will work with the latest release. The changes are not large and of course virtual box "swears" they will not break this again, but no one is holding their breath here. All of these have been in linux-next for a while with no reported issues" * tag 'char-misc-5.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: virt: vbox: Implement passing requestor info to the host for VirtualBox 6.0.x binder: fix race between munmap() and direct reclaim binder: fix BUG_ON found by selinux-testsuite habanalabs: cast to expected type habanalabs: prevent host crash during suspend/resume habanalabs: perform accounting for active CS habanalabs: fix mapping with page size bigger than 4KB habanalabs: complete user context cleanup before hard reset habanalabs: fix bug when mapping very large memory area habanalabs: fix MMU number of pages calculation |
|
|
Linus Torvalds
|
3467b90737 |
SCSI fixes on 20190329
13 Fixes, 7 of which are for IBM fibre channel and three additional for fairly serious bugs in drivers (qla2xxx, mpt3sas, aacraid). Of the three core fixes, the most significant is probably the missed run queue causing an indefinite hang. The others are fixing a potential use after free on device close and silencing an incorrect warning. Signed-off-by: James E.J. Bottomley <jejb@linux.ibm.com> -----BEGIN PGP SIGNATURE----- iJwEABMIAEQWIQTnYEDbdso9F2cI+arnQslM7pishQUCXJ5iYiYcamFtZXMuYm90 dG9tbGV5QGhhbnNlbnBhcnRuZXJzaGlwLmNvbQAKCRDnQslM7pishQ4GAP99uutL UuDJ4pLfcl7N3PgUy1/HtvZ5CXcNGjK3Tu1V7wD9FJ/rC0EKSmc+s01/w51iSytt /9QaDbK+R/RV6Rg/QJc= =4AwN -----END PGP SIGNATURE----- Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi Pull SCSI fixes from James Bottomley: "Thirteen fixes, seven of which are for IBM fibre channel and three additional for fairly serious bugs in drivers (qla2xxx, mpt3sas, aacraid). Of the three core fixes, the most significant is probably the missed run queue causing an indefinite hang. The others are fixing a potential use after free on device close and silencing an incorrect warning" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: ibmvfc: Clean up transport events scsi: ibmvfc: Byte swap status and error codes when logging scsi: ibmvfc: Add failed PRLI to cmd_status lookup array scsi: ibmvfc: Remove "failed" from logged errors scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host scsi: sd: Quiesce warning if device does not report optimal I/O size scsi: sd: Fix a race between closing an sd device and sd I/O scsi: core: Run queue when state is set to running after being blocked scsi: qla4xxx: fix a potential NULL pointer dereference scsi: aacraid: Insure we don't access PCIe space during AER/EEH scsi: mpt3sas: Fix kernel panic during expander reset |
|
|
Linus Torvalds
|
4ad528360c |
Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux
Pull i2c fixes from Wolfram Sang: "A new ID for the i801 driver and some Documentation fixes to make it easier for people to find the bindings (which is also a basis for further improvements in that area)" * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: i2c: wmt: make bindings file name match the driver i2c: sun6i-p2wi: make bindings file name match the driver i2c: stu300: make bindings file name match the driver i2c: mt65xx: make bindings file name match the driver i2c: iop3xx: make bindings file name match the driver i2c: i801: Add support for Intel Comet Lake |
|
|
Linus Torvalds
|
9a4a6f0dc1 |
sound fixes for 5.1-rc3
The important fixes at this time are a couple fixes in ALSA core: a fix for PCM is about the OOB access in PCM OSS plugins that has been for long time, but hasn't hit so often until now just because we allocated a large buffer via vmalloc(), and surfaced more often after switching to kvmalloc(). Another fix is for a long-standing PCM problem wrt racy PM resume. Others are trivial nospec coverage and usual HD-audio quirks. -----BEGIN PGP SIGNATURE----- iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAlydRhoOHHRpd2FpQHN1 c2UuZGUACgkQLtJE4w1nLE8ypw/7B4I6nNTXx9Yar084dRYOPWUC2zslOUVwUm2f 0ZsmdAULB9QUQ89yw5QsfXe5twZzbU13fpWbGFd2ipXUHjv8Fn3ritu90ogm1mpZ kpqemd4rNe4so1ZaZGAznyakC1U9pgE9SIwQxf7QCLUIQJLwBVM1uoD/fRRqX0oC 604C2kj1mIxMdKoeyc0UrxwYw1gfX3bZv7dP1JvZPGVTyPGst49bcR5ym98l1j0V K4hEMniOA1RM+33iD9OBln/15fVN9mlFGiPjv2HZLagdmrBs1uLzHVF4Tm23yAWu 9m1QSrQ3wLfltVkWU6xaDGoFYCJ3AYY2+KfvjU6m2JH43aZE4XGeBFL9qzu2AGv0 CzwLN3V/Yh5b07PX/fssQddxGm8uWIx+j8vMkDXvwd/056jbAJPRqjiAOVp7Doxf BrvDCrMCf/izW2qqSdbzH+WJBOj2tPwTFOd4lyN1diVyZfGa9c7CAIjVrcnNFZ9j YbN+ZWzVU89NHCtf/T9Wo+6ypHkk8Yt8NZ1Qx3xX1qJ2wXUExYmvP8ijkNPYQ3BM pAtfg14p1Ew5U79PsATMlxbBKnvhpiwHG96UDAooV3uu4MnH/MeBvTGfU2XTzbAt OlNp7rRKmEGYOCTa5ZjgJxenDDWz62/PR5K5XcTYsMlUn0qLFcn7bWsXH+wzKmz8 2oU+TuQ= =R8s8 -----END PGP SIGNATURE----- Merge tag 'sound-5.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound Pull sound fixes from Takashi Iwai: "The important fixes at this time are a couple fixes in ALSA core: a fix for PCM is about the OOB access in PCM OSS plugins that has been for long time, but hasn't hit so often until now just because we allocated a large buffer via vmalloc(), and surfaced more often after switching to kvmalloc(). Another fix is for a long-standing PCM problem wrt racy PM resume. Others are trivial nospec coverage and usual HD-audio quirks" * tag 'sound-5.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ALSA: hda/realtek - Fix speakers on Acer Predator Helios 500 Ryzen laptops ALSA: pcm: Don't suspend stream in unrecoverable PCM state ALSA: hda/ca0132 - Simplify alt firmware loading code ALSA: pcm: Fix possible OOB access in PCM oss plugins ALSA: hda/realtek: Enable headset MIC of ASUS X430UN and X512DK with ALC256 ALSA: hda/realtek: Enable headset mic of ASUS P5440FF with ALC256 ALSA: hda/realtek: Enable ASUS X441MB and X705FD headset MIC with ALC256 ALSA: hda/realtek - Add support for Acer Aspire E5-523G/ES1-432 headset mic ALSA: hda/realtek: Enable headset MIC of Acer Aspire Z24-890 with ALC286 ALSA: seq: oss: Fix Spectre v1 vulnerability ALSA: rawmidi: Fix potential Spectre v1 vulnerability |
|
|
Linus Torvalds
|
0e40da3efe |
Kbuild fixes for v5.1
- Remove harmful -Oz option of Clang
- Get back the original behavior (no recursion for in-tree build)
for GNU Make 4.x
- Some minor fixes for coccinelle patches
- Do not overwrite .gitignore in the output directory in case
it is version-controlled
- Fix missed record-mcount bug for dynamic ftrace
- Fix endianness bug in modversions for relative CRC
- Cater to '^H' key code in Kconfig ncurses programs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJcniYbAAoJED2LAQed4NsGD7gP/jfPDVUekRMycnE4X/D2UkjP
cBCVy/679Mk8pJbfeygKXXG0vHQWBkaq96Q2JGHiEGBMvF0xSCutEBTnexM7+H9d
wrqe4lozHkdBanoVhhKlFmNZsHmdCfeFtYmhgyFSHi2+afoRO2Fd7KJaRil35uIe
RZJsqiTYmjH8LvqXWUo9RN1gia25fNCSsBU7VplthhsZbHulC2gxJJRElTRk0qTn
Kad/bJQRQ48MqZO4dWLw/BzCJuOppZxs8kwa8vErgmcBIU3foutKQRCLqxcfIYGk
Y6kgU3+cfKpPiZC4Gnf2RuiSV5GOPHjeizIuQ+fDJTJsUr6P/nTZU22Rrs7NPhO5
808XTO0krYNtJRPia58/NCCjNNm4jUSQF+JyDPiOfHzr30SI19SM57V1K0ZAmItv
5yF0o3953sJCnk2IVaErG5VA9E/O35dBg1SOjSeODexklynrcOsv4z+SYlgbzgXm
T+OLLR6BeZnxYYVLih9WTvnMahCnF08bxJj64CcwYJ03UE+pIcwlU2s3PWTBVpBv
+Ij8H4KvrFhpUBq20KHfQhciAC8OxpayvHEWwA6LA3IHUxkl1T9UnKtlQA+l+Nxj
SO4JtbS2zgI5rVt9S/hVMHPTeUXvMaFVMYhSRTnMYQL6fzuzaFijOkcFwUqDdsM2
CH+HyvWpjLWNjWZ/DNcD
=6tE2
-----END PGP SIGNATURE-----
Merge tag 'kbuild-fixes-v5.1' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
Pull Kbuild fixes from Masahiro Yamada:
- Remove harmful -Oz option of Clang
- Get back the original behavior (no recursion for in-tree build) for
GNU Make 4.x
- Some minor fixes for coccinelle patches
- Do not overwrite .gitignore in the output directory in case it is
version-controlled
- Fix missed record-mcount bug for dynamic ftrace
- Fix endianness bug in modversions for relative CRC
- Cater to '^H' key code in Kconfig ncurses programs
* tag 'kbuild-fixes-v5.1' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild:
kconfig/[mn]conf: handle backspace (^H) key
kbuild: modversions: Fix relative CRC byte order interpretation
scripts: coccinelle: Fix description of badty.cocci
kbuild: strip whitespace in cmd_record_mcount findstring
kbuild: do not overwrite .gitignore in output directory
kbuild: skip parsing pre sub-make code for recursion
coccinelle: put_device: reduce false positives
kbuild: skip sub-make for in-tree build with GNU Make 4.x
Revert "kbuild: use -Oz instead of -Os when using clang"
|
|
|
Linus Torvalds
|
ffb8e45cf3 |
for-linus-20190329
-----BEGIN PGP SIGNATURE-----
iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAlyeQn8QHGF4Ym9lQGtl
cm5lbC5kawAKCRD301j7KXHgpnqwD/0bqoixqUEicnpvCE8V6eze3HYHK0T8jWtr
32hZXWMihtZpDBq4LXWWJOjHevOP2+NN0uvJDtwhvJAaJM+Xfg/Yh2iPWHYn40rI
tjtVoszBA+w50EyCG8u+JjmYPxdgmwIfowkGiYf7ZJbY8LQqXQQCVzwjjJjbmBAZ
XrbJRPl6HFNGMA4cHoL+beHK5kgKwi+V0LMRNjoigE9J129Co6fyjJRw1cC+IHvP
DPb/Lncjzzuy59fIGXSfRcbs43vHQncLS2DdzsISkTgKlnB52rh7XPlvp2JxvN+N
ReTblAeq2CJAQoSijmPh2/qwhiRm7OWmw54dkE6gRveJUFmjV9u+Pyf1c68kMz83
kGOQqobYuzL95UJYJTxQV4988bqqrnboimjARUGosagcYy0vQHNUnEODlWToZCqO
uGwGfPWALi9CNkfJm5rSH0VcXUytmzm0BHg+haal9LKfHOdgeBQcnex3O1RiBBI2
PLW1sF4VGgpLQuGFwNZM3yVpXhQl7QO8cbN7/qD2xby1Rn/8d/Zk0yCKqONNq9tt
jmQiVvA47DiuOUQWVQduB0qaYn/vYv0uvw6BLMUzPfX9wSG/j1COSGBtl0XmrU5D
a8woZwWyYbu/diqB9QdbWTEoqKfPWQY1NQSafH3FYAkuFVQtdrIFdALdjbwf16Rt
jkWltGv1Fw==
=3chO
-----END PGP SIGNATURE-----
Merge tag 'for-linus-20190329' of git://git.kernel.dk/linux-block
Pull block fixes from Jens Axboe:
"Small set of fixes that should go into this series. This contains:
- compat signal mask fix for io_uring (Arnd)
- EAGAIN corner case for direct vs buffered writes for io_uring
(Roman)
- NVMe pull request from Christoph with various little fixes
- sbitmap ws_active fix, which caused a perf regression for shared
tags (me)
- sbitmap bit ordering fix (Ming)
- libata on-stack DMA fix (Raymond)"
* tag 'for-linus-20190329' of git://git.kernel.dk/linux-block:
nvmet: fix error flow during ns enable
nvmet: fix building bvec from sg list
nvme-multipath: relax ANA state check
nvme-tcp: fix an endianess miss-annotation
libata: fix using DMA buffers on stack
io_uring: offload write to async worker in case of -EAGAIN
sbitmap: order READ/WRITE freed instance and setting clear bit
blk-mq: fix sbitmap ws_active for shared tags
io_uring: fix big-endian compat signal mask handling
blk-mq: update comment for blk_mq_hctx_has_pending()
blk-mq: use blk_mq_put_driver_tag() to put tag
|
|
|
Linus Torvalds
|
7376e39ad9 |
A patch to avoid choking on multipage bvecs in the messenger and
a small use-after-free fix. -----BEGIN PGP SIGNATURE----- iQFHBAABCAAxFiEEydHwtzie9C7TfviiSn/eOAIR84sFAlyeRsgTHGlkcnlvbW92 QGdtYWlsLmNvbQAKCRBKf944AhHzi8i6B/9wP90ZLGzdAZDIlfWKXjGB1PUrFdeN WCA5p68Hl7yh1RbY6cvbZcTF5Bo3DhjxjxTFjXHPXLxsARlxbCXon9R6Lo2lDgA4 Bk/W8dcR3onU3nspifG91Him/WnImWB80pyVgZog2PTiwsZJ0rRknXXbRU9ARCpk 8vjg19O4wHwXgtMXAN3vxjQ7v8T8wk8vDb08efPcmMPLDYMaTUL1z2JoqyRfMTbo OpZoXSjHXqVFfz0mJ5EN7+92eK39oDcQIDSuuqePDCI09ZmrcQd/xSvG5tBfPoXr 1mR3ojkKRURW5RKGClbSoAt90vIuYJH5Cncmemzsr6m4FETH6XthGbJl =twzl -----END PGP SIGNATURE----- Merge tag 'ceph-for-5.1-rc3' of git://github.com/ceph/ceph-client Pull ceph fixes from Ilya Dryomov: "A patch to avoid choking on multipage bvecs in the messenger and a small use-after-free fix" * tag 'ceph-for-5.1-rc3' of git://github.com/ceph/ceph-client: ceph: fix use-after-free on symlink traversal libceph: fix breakage caused by multipage bvecs |
|
|
Linus Torvalds
|
c6503f12d1 |
Changes since last update:
- Fix a bunch of static checker complaints about uninitialized variables
and insufficient range checks.
- Avoid a crash when incore extent map data are corrupt.
- Disallow FITRIM when we haven't recovered the log and know the
metadata are stale.
- Fix a data corruption when doing unaligned overlapping dio writes.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEUzaAxoMeQq6m2jMV+H93GTRKtOsFAlyaSCwACgkQ+H93GTRK
tOsBSRAAoD6npxZjzApGk7y0y2d+8+/f3BBXdyOHhzg8G/VTcVW+ZQsVibeXEYYm
d02iu3RCQ3AsJVN3Z2FUgAUkf+2duS6QWJH6hL29+fn9aeHb8CYDtlZU9uW6Mf2K
DKuWR3v3aesXEKzL8DVbJa825UWy3fyfggQWvRUvMD+uO/Td2gZEpUSQeBLAUFMZ
4Yj0q1zjWVfi3lcsQDY+gsL3+8hGBD4YldyoX8eUCI78/WMeXzwP4WECNnSBfmM7
Ke63AniGKeAkAMX0PtwiOTITjD6c2Msa9jbriSdUSkX1xnnq5CDbqQHJ7sEefyYT
ff8INci0hL/8kZx63CjrpNZQ5hB5+rIusz2tScmJ/hBnGtAMLg8Duq98ZmQSlSOy
fVV1L+roDGRHO+SEaF4xko2dwMu4iSJmGW50PrXjCJdCgZ7tBaL87k5GQ/W1A0KX
EFje3OPBbGYKHdPdk0TqRoIs2qgOuAYERlLZWcgLLscnOp7XwhgSrvwThV7I7TNB
eu8+xEH7H3V+BHa+OuLgLDFklj1UhyQR8DLKXs/j+DyhD1f5xh6sXVnVhNAZdhbU
OLlgjKT9BkfIsNOgWcjg9SO2EoU/Oi3InDkNz8mSebFpixEG+bvXyguzB+Y2IgA8
8btKHyLOnxJJ1Zb4dnZLFgVWV3QMUip4AlFBXSkzOefDznjGPms=
=iNqS
-----END PGP SIGNATURE-----
Merge tag 'xfs-5.1-fixes-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux
Pull xfs fixes from Darrick Wong:
"Here are a few fixes for some corruption bugs and uninitialized
variable problems. The few patches here have gone through a few days
worth of fstest runs with no new problems observed.
Changes since last update:
- Fix a bunch of static checker complaints about uninitialized
variables and insufficient range checks.
- Avoid a crash when incore extent map data are corrupt.
- Disallow FITRIM when we haven't recovered the log and know the
metadata are stale.
- Fix a data corruption when doing unaligned overlapping dio writes"
* tag 'xfs-5.1-fixes-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
xfs: serialize unaligned dio writes against all other dio writes
xfs: prohibit fstrim in norecovery mode
xfs: always init bma in xfs_bmapi_write
xfs: fix btree scrub checking with regards to root-in-inode
xfs: dabtree scrub needs to range-check level
xfs: don't trip over uninitialized buffer on extent read of corrupted inode
|
|
|
Kees Cook
|
2623c4fbe2 |
LSM: Revive CONFIG_DEFAULT_SECURITY_* for "make oldconfig"
Commit |
|
|
Thomas Gleixner
|
22261fdf68 |
perf/urgent fixes:
Core libraries:
Jiri Olsa:
- Fix max perf_event_attr.precise_ip detection.
Kan Liang:
- Fix parser error for uncore event alias
Wei Lin:
- Fixup ordering of kernel maps after obtaining the main kernel map address.
Intel PT:
Adrian Hunter:
- Fix TSC slip where A TSC packet can slip past MTC packets so that the
timestamp appears to go backwards.
- Fixes for exported-sql-viewer GUI conversion to python3.
ARM coresight:
Solomon Tan:
- Fix the build by adding a missing case value for enumeration value introduced
in newer library, that now is the required one.
tool headers:
Arnaldo Carvalho de Melo:
- Syncronize kernel headers with the kernel, getting new io_uring and
pidfd_send_signal syscalls so that 'perf trace' can handle them.
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQR2GiIUctdOfX2qHhGyPKLppCJ+JwUCXJ4eoQAKCRCyPKLppCJ+
J2HgAP9QsIB6UlfcsNtttJa2b5yMEcOvfA6xfr37Ihu9uWin1gEAhDbbb7MW5fNv
0fjY7Q7YvfiwRWvVpr32BW//5FKnaQI=
=j989
-----END PGP SIGNATURE-----
Merge tag 'perf-urgent-for-mingo-5.1-20190329' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/urgent
Pull perf/urgent fixes from Arnaldo:
Core libraries:
Jiri Olsa:
- Fix max perf_event_attr.precise_ip detection.
Kan Liang:
- Fix parser error for uncore event alias
Wei Lin:
- Fixup ordering of kernel maps after obtaining the main kernel map address.
Intel PT:
Adrian Hunter:
- Fix TSC slip where A TSC packet can slip past MTC packets so that the
timestamp appears to go backwards.
- Fixes for exported-sql-viewer GUI conversion to python3.
ARM coresight:
Solomon Tan:
- Fix the build by adding a missing case value for enumeration value introduced
in newer library, that now is the required one.
tool headers:
Arnaldo Carvalho de Melo:
- Syncronize kernel headers with the kernel, getting new io_uring and
pidfd_send_signal syscalls so that 'perf trace' can handle them.
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
|
|
|
Linus Torvalds
|
9df0ef6ca9 |
drm amdgpu, i915, meson, udl, tegra fixes
-----BEGIN PGP SIGNATURE----- iQIcBAABAgAGBQJcnZWiAAoJEAx081l5xIa+0SEQAIECjILAICp/h0CitVe09fvU NB1TimOsJwjhbJSHdUX4l/FqHRz6xczxnW3yDjteOdg5a/LLtyI+C0ZBaF/RYVK5 dXk8xNiu3Hoem/+W2shfLjTKKjxSp6Hul4Mx8BL/svClo33K76VuMrcoOAhrYq4G dVbjB6iTSkT8IiYUsNfcddKj2S7rpObAoPindPavHqye2yzGrCDuRmYy5gxszpHs IcKN+6f0voT0caijiXRDwQ/F97f6YghKVTizXsuwbbFa5wQuvNlZhCdT6ltORoab n05/VA8diP+ttu85d+HGlUKtUcB01nkVqr4qAPOHq44CmLbsJKs+wp1zMN88xInT koMR/ElG1DmwXQgbrNI7hrcJsh6N0DB9MUG2gGrz+Sa46aAYweb1c6YVdseR3o4x cisMhIzxJ0IVlBI5fV7qxZrUrhzYzqtX7sBosVDiszs92EU8MvCcqMjIwXmOZexE du6Exxq61Cx4xvBJIPTDWFvNHZVq9xKepCzgxmeKJmYx5yTZiS+hXJ5G+PL+JVri I1O9esPfbXeW9Y7j/sm/pe3udoha9D6sg0/hnPNpUCGx0P7d/DhiIyUF7zEy+/CN N3xKWxslpbwfNg6bbscxE01ToLGz/TX+R2ANcAmLQeWPFfs3CIfJzs9flncMvi8A 9reKUm+OZBeJ9q0nEYdb =6CNL -----END PGP SIGNATURE----- Merge tag 'drm-fixes-2019-03-29' of git://anongit.freedesktop.org/drm/drm Pull drm fixes from Dave Airlie: "Weekly fixes roundup, nothing two serious, some usb device regressions are fixed, and i915 GVT has a bigger fix but otherwise not really much happening here. core: - fb bpp check regression fix - release/unplug fix - use after free fixes i915: - fix mmap range checks - fix gvt ppgtt mm LRU list access races - fix selftest error pointer check - fix a macro definition (pre-emptive for potential further backports) - fix one AML SKU ULX status amdgpu: - one variable refresh rate fix udl: - fix EDID reading tegra: - build/warning fixes meson: - cleanup path fixes - TMDS clock filter fix rockchip: - NV12 buffers and scalar fix" * tag 'drm-fixes-2019-03-29' of git://anongit.freedesktop.org/drm/drm: (22 commits) drm/i915/icl: Fix VEBOX mismatch BUG_ON() drm/i915/selftests: Fix an IS_ERR() vs NULL check drm/i915: Mark AML 0x87CA as ULX drm/meson: fix TMDS clock filtering for DMT monitors drm/meson: Uninstall IRQ handler drm/meson: Fix invalid pointer in meson_drv_unbind() drm/udl: Refactor edid retrieving in UDL driver (v2) drm: Fix drm_release() and device unplug drm/fb: avoid setting 0 depth. drm/tegra: vic: Fix implicit function declaration warning drm/tegra: hub: Fix dereference before check drm/i915/icl: Fix the TRANS_DDI_FUNC_CTL2 bitfield macro drm/amd/display: Only allow VRR when vrefresh is within supported range drm/rockchip: vop: reset scale mode when win is disabled drm/vkms: fix use-after-free when drm_gem_handle_create() fails drm/vgem: fix use-after-free when drm_gem_handle_create() fails drm/i915/gvt: Add mutual lock for ppgtt mm LRU list drm/i915/gvt: Only assign ppgtt root at dispatch time drm/i915/gvt: Don't submit request for error workload dispatch drm/i915/gvt: stop scheduling workload when vgpu is inactive ... |
|
|
YueHaibing
|
23da958803 |
fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links
Syzkaller reports:
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN PTI
CPU: 1 PID: 5373 Comm: syz-executor.0 Not tainted 5.0.0-rc8+ #3
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
RIP: 0010:put_links+0x101/0x440 fs/proc/proc_sysctl.c:1599
Code: 00 0f 85 3a 03 00 00 48 8b 43 38 48 89 44 24 20 48 83 c0 38 48 89 c2 48 89 44 24 28 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 fe 02 00 00 48 8b 74 24 20 48 c7 c7 60 2a 9d 91
RSP: 0018:ffff8881d828f238 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffff8881e01b1140 RCX: ffffffff8ee98267
RDX: 0000000000000007 RSI: ffffc90001479000 RDI: ffff8881e01b1178
RBP: dffffc0000000000 R08: ffffed103ee27259 R09: ffffed103ee27259
R10: 0000000000000001 R11: ffffed103ee27258 R12: fffffffffffffff4
R13: 0000000000000006 R14: ffff8881f59838c0 R15: dffffc0000000000
FS: 00007f072254f700(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fff8b286668 CR3: 00000001f0542002 CR4: 00000000007606e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
drop_sysctl_table+0x152/0x9f0 fs/proc/proc_sysctl.c:1629
get_subdir fs/proc/proc_sysctl.c:1022 [inline]
__register_sysctl_table+0xd65/0x1090 fs/proc/proc_sysctl.c:1335
br_netfilter_init+0xbc/0x1000 [br_netfilter]
do_one_initcall+0xfa/0x5ca init/main.c:887
do_init_module+0x204/0x5f6 kernel/module.c:3460
load_module+0x66b2/0x8570 kernel/module.c:3808
__do_sys_finit_module+0x238/0x2a0 kernel/module.c:3902
do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x462e99
Code: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f072254ec58 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
RAX: ffffffffffffffda RBX: 000000000073bf00 RCX: 0000000000462e99
RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003
RBP: 00007f072254ec70 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f072254f6bc
R13: 00000000004bcefa R14: 00000000006f6fb0 R15: 0000000000000004
Modules linked in: br_netfilter(+) dvb_usb_dibusb_mc_common dib3000mc dibx000_common dvb_usb_dibusb_common dvb_usb_dw2102 dvb_usb classmate_laptop palmas_regulator cn videobuf2_v4l2 v4l2_common snd_soc_bd28623 mptbase snd_usb_usx2y snd_usbmidi_lib snd_rawmidi wmi libnvdimm lockd sunrpc grace rc_kworld_pc150u rc_core rtc_da9063 sha1_ssse3 i2c_cros_ec_tunnel adxl34x_spi adxl34x nfnetlink lib80211 i5500_temp dvb_as102 dvb_core videobuf2_common videodev media videobuf2_vmalloc videobuf2_memops udc_core lnbp22 leds_lp3952 hid_roccat_ryos s1d13xxxfb mtd vport_geneve openvswitch nf_conncount nf_nat_ipv6 nsh geneve udp_tunnel ip6_udp_tunnel snd_soc_mt6351 sis_agp phylink snd_soc_adau1761_spi snd_soc_adau1761 snd_soc_adau17x1 snd_soc_core snd_pcm_dmaengine ac97_bus snd_compress snd_soc_adau_utils snd_soc_sigmadsp_regmap snd_soc_sigmadsp raid_class hid_roccat_konepure hid_roccat_common hid_roccat c2port_duramar2150 core mdio_bcm_unimac iptable_security iptable_raw iptable_mangle
iptable_nat nf_nat_ipv4 nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 iptable_filter bpfilter ip6_vti ip_vti ip_gre ipip sit tunnel4 ip_tunnel hsr veth netdevsim devlink vxcan batman_adv cfg80211 rfkill chnl_net caif nlmon dummy team bonding vcan bridge stp llc ip6_gre gre ip6_tunnel tunnel6 tun crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel joydev mousedev ide_pci_generic piix aesni_intel aes_x86_64 ide_core crypto_simd atkbd cryptd glue_helper serio_raw ata_generic pata_acpi i2c_piix4 floppy sch_fq_codel ip_tables x_tables ipv6 [last unloaded: lm73]
Dumping ftrace buffer:
(ftrace buffer empty)
---[ end trace 770020de38961fd0 ]---
A new dir entry can be created in get_subdir and its 'header->parent' is
set to NULL. Only after insert_header success, it will be set to 'dir',
otherwise 'header->parent' is set to NULL and drop_sysctl_table is called.
However in err handling path of get_subdir, drop_sysctl_table also be
called on 'new->header' regardless its value of parent pointer. Then
put_links is called, which triggers NULL-ptr deref when access member of
header->parent.
In fact we have multiple error paths which call drop_sysctl_table() there,
upon failure on insert_links() we also call drop_sysctl_table().And even
in the successful case on __register_sysctl_table() we still always call
drop_sysctl_table().This patch fix it.
Link: http://lkml.kernel.org/r/20190314085527.13244-1-yuehaibing@huawei.com
Fixes:
|
|
|
Randy Dunlap
|
2620327852 |
fs: fs_parser: fix printk format warning
Fix printk format warning (seen on i386 builds) by using ptrdiff format specifier (%t): fs/fs_parser.c:413:6: warning: format `%lu' expects argument of type `long unsigned int', but argument 3 has type `int' [-Wformat=] Link: http://lkml.kernel.org/r/19432668-ffd3-fbb2-af4f-1c8e48f6cc81@infradead.org Signed-off-by: Randy Dunlap <rdunlap@infradead.org> Acked-by: Geert Uytterhoeven <geert@linux-m68k.org> Cc: David Howells <dhowells@redhat.com> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
|
|
Alexandre Belloni
|
4462996ea3 |
checkpatch: add %pt as a valid vsprintf extension
Commit
|
|
|
Lars Persson
|
d2b2c6dd22 |
mm/migrate.c: add missing flush_dcache_page for non-mapped page migrate
Our MIPS 1004Kc SoCs were seeing random userspace crashes with SIGILL and SIGSEGV that could not be traced back to a userspace code bug. They had all the magic signs of an I/D cache coherency issue. Now recently we noticed that the /proc/sys/vm/compact_memory interface was quite efficient at provoking this class of userspace crashes. Studying the code in mm/migrate.c there is a distinction made between migrating a page that is mapped at the instant of migration and one that is not mapped. Our problem turned out to be the non-mapped pages. For the non-mapped page the code performs a copy of the page content and all relevant meta-data of the page without doing the required D-cache maintenance. This leaves dirty data in the D-cache of the CPU and on the 1004K cores this data is not visible to the I-cache. A subsequent page-fault that triggers a mapping of the page will happily serve the process with potentially stale code. What about ARM then, this bug should have seen greater exposure? Well ARM became immune to this flaw back in 2010, see commit |
|
|
Minchan Kim
|
0bc9f5d14a |
drivers/block/zram/zram_drv.c: fix idle/writeback string compare
Makoto report a below KASAN error: zram does out-of-bounds read. Because
strscpy copies from source up to count bytes unconditionally. It could
cause out-of-bounds read on next object in slab.
To prevent it, use strlcpy which checks source's length automatically.
BUG: KASAN: slab-out-of-bounds in strscpy+0x68/0x154
Read of size 8 at addr ffffffc0c3495a00 by task system_server/1314
..
Call trace:
strscpy+0x68/0x154
idle_store+0xc4/0x34c
dev_attr_store+0x50/0x6c
sysfs_kf_write+0x98/0xb4
kernfs_fop_write+0x198/0x260
__vfs_write+0x10c/0x338
vfs_write+0x114/0x238
SyS_write+0xc8/0x168
__sys_trace_return+0x0/0x4
Allocated by task 1314:
__kmalloc+0x280/0x318
kernfs_fop_write+0xac/0x260
__vfs_write+0x10c/0x338
vfs_write+0x114/0x238
SyS_write+0xc8/0x168
__sys_trace_return+0x0/0x4
Freed by task 2855:
kfree+0x138/0x630
kernfs_put_open_node+0x10c/0x124
kernfs_fop_release+0xd8/0x114
__fput+0x130/0x2a4
____fput+0x1c/0x28
task_work_run+0x16c/0x1c8
do_notify_resume+0x2bc/0x107c
work_pending+0x8/0x10
The buggy address belongs to the object at ffffffc0c3495a00
which belongs to the cache kmalloc-128 of size 128
The buggy address is located 0 bytes inside of
128-byte region [ffffffc0c3495a00, ffffffc0c3495a80)
The buggy address belongs to the page:
page:ffffffbf030d2500 count:1 mapcount:0 mapping: (null) index:0x0 compound_mapcount: 0
flags: 0x4000000000010200(slab|head)
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffffffc0c3495900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffffffc0c3495980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffffffc0c3495a00: 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
^
ffffffc0c3495a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffffffc0c3495b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Link: http://lkml.kernel.org/r/20190319231911.145968-1-minchan@kernel.org
Cc: <stable@vger.kernel.org> [5.0]
Signed-off-by: Minchan Kim <minchan@kernel.org>
Reported-by: Makoto Wu <makotowu@google.com>
Reviewed-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
|
Qian Cai
|
f5777bc2d9 |
mm/page_isolation.c: fix a wrong flag in set_migratetype_isolate()
Due to has_unmovable_pages() taking an incorrect irqsave flag instead of
the isolation flag in set_migratetype_isolate(), there are issues with
HWPOSION and error reporting where dump_page() is not called when there
is an unmovable page.
Link: http://lkml.kernel.org/r/20190320204941.53731-1-cai@lca.pw
Fixes:
|
|
|
Qian Cai
|
c4efe484b5 |
mm/memory_hotplug.c: fix notification in offline error path
When start_isolate_page_range() returned -EBUSY in __offline_pages(), it
calls memory_notify(MEM_CANCEL_OFFLINE, &arg) with an uninitialized
"arg". As the result, it triggers warnings below. Also, it is only
necessary to notify MEM_CANCEL_OFFLINE after MEM_GOING_OFFLINE.
page:ffffea0001200000 count:1 mapcount:0 mapping:0000000000000000
index:0x0
flags: 0x3fffe000001000(reserved)
raw: 003fffe000001000 ffffea0001200008 ffffea0001200008 0000000000000000
raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
page dumped because: unmovable page
WARNING: CPU: 25 PID: 1665 at mm/kasan/common.c:665
kasan_mem_notifier+0x34/0x23b
CPU: 25 PID: 1665 Comm: bash Tainted: G W 5.0.0+ #94
Hardware name: HP ProLiant DL180 Gen9/ProLiant DL180 Gen9, BIOS U20
10/25/2017
RIP: 0010:kasan_mem_notifier+0x34/0x23b
RSP: 0018:ffff8883ec737890 EFLAGS: 00010206
RAX: 0000000000000246 RBX: ff10f0f4435f1000 RCX: f887a7a21af88000
RDX: dffffc0000000000 RSI: 0000000000000020 RDI: ffff8881f221af88
RBP: ffff8883ec737898 R08: ffff888000000000 R09: ffffffffb0bddcd0
R10: ffffed103e857088 R11: ffff8881f42b8443 R12: dffffc0000000000
R13: 00000000fffffff9 R14: dffffc0000000000 R15: 0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000560fbd31d730 CR3: 00000004049c6003 CR4: 00000000001606a0
Call Trace:
notifier_call_chain+0xbf/0x130
__blocking_notifier_call_chain+0x76/0xc0
blocking_notifier_call_chain+0x16/0x20
memory_notify+0x1b/0x20
__offline_pages+0x3e2/0x1210
offline_pages+0x11/0x20
memory_block_action+0x144/0x300
memory_subsys_offline+0xe5/0x170
device_offline+0x13f/0x1e0
state_store+0xeb/0x110
dev_attr_store+0x3f/0x70
sysfs_kf_write+0x104/0x150
kernfs_fop_write+0x25c/0x410
__vfs_write+0x66/0x120
vfs_write+0x15a/0x4f0
ksys_write+0xd2/0x1b0
__x64_sys_write+0x73/0xb0
do_syscall_64+0xeb/0xb78
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f14f75cc3b8
RSP: 002b:00007ffe84d01d68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00007f14f75cc3b8
RDX: 0000000000000008 RSI: 0000563f8e433d70 RDI: 0000000000000001
RBP: 0000563f8e433d70 R08: 000000000000000a R09: 00007ffe84d018f0
R10: 000000000000000a R11: 0000000000000246 R12: 00007f14f789e780
R13: 0000000000000008 R14: 00007f14f7899740 R15: 0000000000000008
Link: http://lkml.kernel.org/r/20190320204255.53571-1-cai@lca.pw
Fixes:
|
|
|
Andrei Vagin
|
fcfc2aa018 |
ptrace: take into account saved_sigmask in PTRACE{GET,SET}SIGMASK
There are a few system calls (pselect, ppoll, etc) which replace a task
sigmask while they are running in a kernel-space
When a task calls one of these syscalls, the kernel saves a current
sigmask in task->saved_sigmask and sets a syscall sigmask.
On syscall-exit-stop, ptrace traps a task before restoring the
saved_sigmask, so PTRACE_GETSIGMASK returns the syscall sigmask and
PTRACE_SETSIGMASK does nothing, because its sigmask is replaced by
saved_sigmask, when the task returns to user-space.
This patch fixes this problem. PTRACE_GETSIGMASK returns saved_sigmask
if it's set. PTRACE_SETSIGMASK drops the TIF_RESTORE_SIGMASK flag.
Link: http://lkml.kernel.org/r/20181120060616.6043-1-avagin@gmail.com
Fixes:
|
|
|
YueHaibing
|
eebf364806 |
fs/proc/kcore.c: make kcore_modules static
Fix sparse warning: fs/proc/kcore.c:591:19: warning: symbol 'kcore_modules' was not declared. Should it be static? Link: http://lkml.kernel.org/r/20190320135417.13272-1-yuehaibing@huawei.com Signed-off-by: YueHaibing <yuehaibing@huawei.com> Acked-by: Mukesh Ojha <mojha@codeaurora.org> Cc: Alexey Dobriyan <adobriyan@gmail.com> Cc: Omar Sandoval <osandov@fb.com> Cc: James Morse <james.morse@arm.com> Cc: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
|
|
Randy Dunlap
|
b736523f07 |
include/linux/list.h: fix list_is_first() kernel-doc
Fix typo of kernel-doc parameter notation (there should be no space
between '@' and the parameter name).
Also fixes bogus kernel-doc notation output formatting.
Link: http://lkml.kernel.org/r/ddce8b80-9a8a-d52d-3546-87b2211c089a@infradead.org
Fixes:
|