mirror of https://gitee.com/openkylin/linux.git
950133 Commits
| Author | SHA1 | Message | Date |
|---|---|---|---|
Jason A. Donenfeld
|
9179ba3136 |
wireguard: noise: take lock when removing handshake entry from table
Eric reported that syzkaller found a race of this variety:
CPU 1 CPU 2
-------------------------------------------|---------------------------------------
wg_index_hashtable_replace(old, ...) |
if (hlist_unhashed(&old->index_hash)) |
| wg_index_hashtable_remove(old)
| hlist_del_init_rcu(&old->index_hash)
| old->index_hash.pprev = NULL
hlist_replace_rcu(&old->index_hash, ...) |
*old->index_hash.pprev |
Syzbot wasn't actually able to reproduce this more than once or create a
reproducer, because the race window between checking "hlist_unhashed" and
calling "hlist_replace_rcu" is just so small. Adding an mdelay(5) or
similar there helps make this demonstrable using this simple script:
#!/bin/bash
set -ex
trap 'kill $pid1; kill $pid2; ip link del wg0; ip link del wg1' EXIT
ip link add wg0 type wireguard
ip link add wg1 type wireguard
wg set wg0 private-key <(wg genkey) listen-port 9999
wg set wg1 private-key <(wg genkey) peer $(wg show wg0 public-key) endpoint 127.0.0.1:9999 persistent-keepalive 1
wg set wg0 peer $(wg show wg1 public-key)
ip link set wg0 up
yes link set wg1 up | ip -force -batch - &
pid1=$!
yes link set wg1 down | ip -force -batch - &
pid2=$!
wait
The fundumental underlying problem is that we permit calls to wg_index_
hashtable_remove(handshake.entry) without requiring the caller to take
the handshake mutex that is intended to protect members of handshake
during mutations. This is consistently the case with calls to wg_index_
hashtable_insert(handshake.entry) and wg_index_hashtable_replace(
handshake.entry), but it's missing from a pertinent callsite of wg_
index_hashtable_remove(handshake.entry). So, this patch makes sure that
mutex is taken.
The original code was a little bit funky though, in the form of:
remove(handshake.entry)
lock(), memzero(handshake.some_members), unlock()
remove(handshake.entry)
The original intention of that double removal pattern outside the lock
appears to be some attempt to prevent insertions that might happen while
locks are dropped during expensive crypto operations, but actually, all
callers of wg_index_hashtable_insert(handshake.entry) take the write
lock and then explicitly check handshake.state, as they should, which
the aforementioned memzero clears, which means an insertion should
already be impossible. And regardless, the original intention was
necessarily racy, since it wasn't guaranteed that something else would
run after the unlock() instead of after the remove(). So, from a
soundness perspective, it seems positive to remove what looks like a
hack at best.
The crash from both syzbot and from the script above is as follows:
general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
CPU: 0 PID: 7395 Comm: kworker/0:3 Not tainted 5.9.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: wg-kex-wg1 wg_packet_handshake_receive_worker
RIP: 0010:hlist_replace_rcu include/linux/rculist.h:505 [inline]
RIP: 0010:wg_index_hashtable_replace+0x176/0x330 drivers/net/wireguard/peerlookup.c:174
Code: 00 fc ff df 48 89 f9 48 c1 e9 03 80 3c 01 00 0f 85 44 01 00 00 48 b9 00 00 00 00 00 fc ff df 48 8b 45 10 48 89 c6 48 c1 ee 03 <80> 3c 0e 00 0f 85 06 01 00 00 48 85 d2 4c 89 28 74 47 e8 a3 4f b5
RSP: 0018:ffffc90006a97bf8 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff888050ffc4f8 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88808e04e010
RBP: ffff88808e04e000 R08: 0000000000000001 R09: ffff8880543d0000
R10: ffffed100a87a000 R11: 000000000000016e R12: ffff8880543d0000
R13: ffff88808e04e008 R14: ffff888050ffc508 R15: ffff888050ffc500
FS: 0000000000000000(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000f5505db0 CR3: 0000000097cf7000 CR4: 00000000001526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
wg_noise_handshake_begin_session+0x752/0xc9a drivers/net/wireguard/noise.c:820
wg_receive_handshake_packet drivers/net/wireguard/receive.c:183 [inline]
wg_packet_handshake_receive_worker+0x33b/0x730 drivers/net/wireguard/receive.c:220
process_one_work+0x94c/0x1670 kernel/workqueue.c:2269
worker_thread+0x64c/0x1120 kernel/workqueue.c:2415
kthread+0x3b5/0x4a0 kernel/kthread.c:292
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
Reported-by: syzbot <syzkaller@googlegroups.com>
Reported-by: Eric Dumazet <edumazet@google.com>
Link: https://lore.kernel.org/wireguard/20200908145911.4090480-1-edumazet@google.com/
Fixes:
|
|
|
Ye Bin
|
b87f9fe1ac |
hsr: avoid newline at end of message in NL_SET_ERR_MSG_MOD
clean follow coccicheck warning: net//hsr/hsr_netlink.c:94:8-42: WARNING avoid newline at end of message in NL_SET_ERR_MSG_MOD net//hsr/hsr_netlink.c:87:30-57: WARNING avoid newline at end of message in NL_SET_ERR_MSG_MOD net//hsr/hsr_netlink.c:79:29-53: WARNING avoid newline at end of message in NL_SET_ERR_MSG_MOD Signed-off-by: Ye Bin <yebin10@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
|
|
David S. Miller
|
0ddaa27803 |
Merge branch 'net-skb_put_padto-fixes'
Eric Dumazet says: ==================== net: skb_put_padto() fixes sysbot reported a bug in qrtr leading to use-after-free. First patch fixes the issue. Second patch addes __must_check attribute to avoid similar issues in the future. ==================== Signed-off-by: David S. Miller <davem@davemloft.net> |
|
|
Eric Dumazet
|
4a009cb04a |
net: add __must_check to skb_put_padto()
skb_put_padto() and __skb_put_padto() callers must check return values or risk use-after-free. Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
|
|
Eric Dumazet
|
3ca1a42a52 |
net: qrtr: check skb_put_padto() return value
If skb_put_padto() returns an error, skb has been freed.
Better not touch it anymore, as reported by syzbot [1]
Note to qrtr maintainers : this suggests qrtr_sendmsg()
should adjust sock_alloc_send_skb() second parameter
to account for the potential added alignment to avoid
reallocation.
[1]
BUG: KASAN: use-after-free in __skb_insert include/linux/skbuff.h:1907 [inline]
BUG: KASAN: use-after-free in __skb_queue_before include/linux/skbuff.h:2016 [inline]
BUG: KASAN: use-after-free in __skb_queue_tail include/linux/skbuff.h:2049 [inline]
BUG: KASAN: use-after-free in skb_queue_tail+0x6b/0x120 net/core/skbuff.c:3146
Write of size 8 at addr ffff88804d8ab3c0 by task syz-executor.4/4316
CPU: 1 PID: 4316 Comm: syz-executor.4 Not tainted 5.9.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1d6/0x29e lib/dump_stack.c:118
print_address_description+0x66/0x620 mm/kasan/report.c:383
__kasan_report mm/kasan/report.c:513 [inline]
kasan_report+0x132/0x1d0 mm/kasan/report.c:530
__skb_insert include/linux/skbuff.h:1907 [inline]
__skb_queue_before include/linux/skbuff.h:2016 [inline]
__skb_queue_tail include/linux/skbuff.h:2049 [inline]
skb_queue_tail+0x6b/0x120 net/core/skbuff.c:3146
qrtr_tun_send+0x1a/0x40 net/qrtr/tun.c:23
qrtr_node_enqueue+0x44f/0xc00 net/qrtr/qrtr.c:364
qrtr_bcast_enqueue+0xbe/0x140 net/qrtr/qrtr.c:861
qrtr_sendmsg+0x680/0x9c0 net/qrtr/qrtr.c:960
sock_sendmsg_nosec net/socket.c:651 [inline]
sock_sendmsg net/socket.c:671 [inline]
sock_write_iter+0x317/0x470 net/socket.c:998
call_write_iter include/linux/fs.h:1882 [inline]
new_sync_write fs/read_write.c:503 [inline]
vfs_write+0xa96/0xd10 fs/read_write.c:578
ksys_write+0x11b/0x220 fs/read_write.c:631
do_syscall_64+0x31/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45d5b9
Code: 5d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f84b5b81c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000038b40 RCX: 000000000045d5b9
RDX: 0000000000000055 RSI: 0000000020001240 RDI: 0000000000000003
RBP: 00007f84b5b81ca0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000f
R13: 00007ffcbbf86daf R14: 00007f84b5b829c0 R15: 000000000118cf4c
Allocated by task 4316:
kasan_save_stack mm/kasan/common.c:48 [inline]
kasan_set_track mm/kasan/common.c:56 [inline]
__kasan_kmalloc+0x100/0x130 mm/kasan/common.c:461
slab_post_alloc_hook+0x3e/0x290 mm/slab.h:518
slab_alloc mm/slab.c:3312 [inline]
kmem_cache_alloc+0x1c1/0x2d0 mm/slab.c:3482
skb_clone+0x1b2/0x370 net/core/skbuff.c:1449
qrtr_bcast_enqueue+0x6d/0x140 net/qrtr/qrtr.c:857
qrtr_sendmsg+0x680/0x9c0 net/qrtr/qrtr.c:960
sock_sendmsg_nosec net/socket.c:651 [inline]
sock_sendmsg net/socket.c:671 [inline]
sock_write_iter+0x317/0x470 net/socket.c:998
call_write_iter include/linux/fs.h:1882 [inline]
new_sync_write fs/read_write.c:503 [inline]
vfs_write+0xa96/0xd10 fs/read_write.c:578
ksys_write+0x11b/0x220 fs/read_write.c:631
do_syscall_64+0x31/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Freed by task 4316:
kasan_save_stack mm/kasan/common.c:48 [inline]
kasan_set_track+0x3d/0x70 mm/kasan/common.c:56
kasan_set_free_info+0x17/0x30 mm/kasan/generic.c:355
__kasan_slab_free+0xdd/0x110 mm/kasan/common.c:422
__cache_free mm/slab.c:3418 [inline]
kmem_cache_free+0x82/0xf0 mm/slab.c:3693
__skb_pad+0x3f5/0x5a0 net/core/skbuff.c:1823
__skb_put_padto include/linux/skbuff.h:3233 [inline]
skb_put_padto include/linux/skbuff.h:3252 [inline]
qrtr_node_enqueue+0x62f/0xc00 net/qrtr/qrtr.c:360
qrtr_bcast_enqueue+0xbe/0x140 net/qrtr/qrtr.c:861
qrtr_sendmsg+0x680/0x9c0 net/qrtr/qrtr.c:960
sock_sendmsg_nosec net/socket.c:651 [inline]
sock_sendmsg net/socket.c:671 [inline]
sock_write_iter+0x317/0x470 net/socket.c:998
call_write_iter include/linux/fs.h:1882 [inline]
new_sync_write fs/read_write.c:503 [inline]
vfs_write+0xa96/0xd10 fs/read_write.c:578
ksys_write+0x11b/0x220 fs/read_write.c:631
do_syscall_64+0x31/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
The buggy address belongs to the object at ffff88804d8ab3c0
which belongs to the cache skbuff_head_cache of size 224
The buggy address is located 0 bytes inside of
224-byte region [ffff88804d8ab3c0, ffff88804d8ab4a0)
The buggy address belongs to the page:
page:00000000ea8cccfb refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88804d8abb40 pfn:0x4d8ab
flags: 0xfffe0000000200(slab)
raw: 00fffe0000000200 ffffea0002237ec8 ffffea00029b3388 ffff88821bb66800
raw: ffff88804d8abb40 ffff88804d8ab000 000000010000000b 0000000000000000
page dumped because: kasan: bad access detected
Fixes:
|
|
|
Wei Wang
|
ba9e04a7dd |
ip: fix tos reflection in ack and reset packets
Currently, in tcp_v4_reqsk_send_ack() and tcp_v4_send_reset(), we
echo the TOS value of the received packets in the response.
However, we do not want to echo the lower 2 ECN bits in accordance
with RFC 3168 6.1.5 robustness principles.
Fixes:
|
|
|
David S. Miller
|
6fd40d32ef |
Merge tag 'ieee802154-for-davem-2020-09-08' of git://git.kernel.org/pub/scm/linux/kernel/git/sschmidt/wpan
Stefan Schmidt says: ==================== pull-request: ieee802154 for net 2020-09-08 An update from ieee802154 for your *net* tree. A potential memory leak fix for ca8210 from Liu Jian, a check on the return for a register read in adf7242 and finally a user after free fix in the softmac tx function from Eric found by syzkaller. ==================== Signed-off-by: David S. Miller <davem@davemloft.net> |
|
|
Jakub Kicinski
|
2a154988aa |
MAINTAINERS: remove John Allen from ibmvnic
John's email has bounced and Thomas confirms he no longer works on ibmvnic. Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net> |
|
|
Brian Vazquez
|
923f614cdb |
fib: fix fib_rule_ops indirect call wrappers when CONFIG_IPV6=m
If CONFIG_IPV6=m, the IPV6 functions won't be found by the linker:
ld: net/core/fib_rules.o: in function `fib_rules_lookup':
fib_rules.c:(.text+0x606): undefined reference to `fib6_rule_match'
ld: fib_rules.c:(.text+0x611): undefined reference to `fib6_rule_match'
ld: fib_rules.c:(.text+0x68c): undefined reference to `fib6_rule_action'
ld: fib_rules.c:(.text+0x693): undefined reference to `fib6_rule_action'
ld: fib_rules.c:(.text+0x6aa): undefined reference to `fib6_rule_suppress'
ld: fib_rules.c:(.text+0x6bc): undefined reference to `fib6_rule_suppress'
make: *** [Makefile:1166: vmlinux] Error 1
Reported-by: Sven Joachim <svenjoac@gmx.de>
Fixes:
|
|
|
David S. Miller
|
2650be2c2d |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says: =================== Netfilter fixes for net The following patchset contains Netfilter fixes for net: 1) Allow conntrack entries with l3num == NFPROTO_IPV4 or == NFPROTO_IPV6 only via ctnetlink, from Will McVicker. 2) Batch notifications to userspace to improve netlink socket receive utilization. 3) Restore mark based dump filtering via ctnetlink, from Martin Willi. 4) nf_conncount_init() fails with -EPROTO with CONFIG_IPV6, from Eelco Chaudron. 5) Containers fail to match on meta skuid and skgid, use socket user_ns to retrieve meta skuid and skgid. =================== Signed-off-by: David S. Miller <davem@davemloft.net> |
|
|
Eric Dumazet
|
843d926b00 |
ipv6: avoid lockdep issue in fib6_del()
syzbot reported twice a lockdep issue in fib6_del() [1]
which I think is caused by net->ipv6.fib6_null_entry
having a NULL fib6_table pointer.
fib6_del() already checks for fib6_null_entry special
case, we only need to return earlier.
Bug seems to occur very rarely, I have thus chosen
a 'bug origin' that makes backports not too complex.
[1]
WARNING: suspicious RCU usage
5.9.0-rc4-syzkaller #0 Not tainted
-----------------------------
net/ipv6/ip6_fib.c:1996 suspicious rcu_dereference_protected() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
4 locks held by syz-executor.5/8095:
#0: ffffffff8a7ea708 (rtnl_mutex){+.+.}-{3:3}, at: ppp_release+0x178/0x240 drivers/net/ppp/ppp_generic.c:401
#1: ffff88804c422dd8 (&net->ipv6.fib6_gc_lock){+.-.}-{2:2}, at: spin_trylock_bh include/linux/spinlock.h:414 [inline]
#1: ffff88804c422dd8 (&net->ipv6.fib6_gc_lock){+.-.}-{2:2}, at: fib6_run_gc+0x21b/0x2d0 net/ipv6/ip6_fib.c:2312
#2: ffffffff89bd6a40 (rcu_read_lock){....}-{1:2}, at: __fib6_clean_all+0x0/0x290 net/ipv6/ip6_fib.c:2613
#3: ffff8880a82e6430 (&tb->tb6_lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:359 [inline]
#3: ffff8880a82e6430 (&tb->tb6_lock){+.-.}-{2:2}, at: __fib6_clean_all+0x107/0x290 net/ipv6/ip6_fib.c:2245
stack backtrace:
CPU: 1 PID: 8095 Comm: syz-executor.5 Not tainted 5.9.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x198/0x1fd lib/dump_stack.c:118
fib6_del+0x12b4/0x1630 net/ipv6/ip6_fib.c:1996
fib6_clean_node+0x39b/0x570 net/ipv6/ip6_fib.c:2180
fib6_walk_continue+0x4aa/0x8e0 net/ipv6/ip6_fib.c:2102
fib6_walk+0x182/0x370 net/ipv6/ip6_fib.c:2150
fib6_clean_tree+0xdb/0x120 net/ipv6/ip6_fib.c:2230
__fib6_clean_all+0x120/0x290 net/ipv6/ip6_fib.c:2246
fib6_clean_all net/ipv6/ip6_fib.c:2257 [inline]
fib6_run_gc+0x113/0x2d0 net/ipv6/ip6_fib.c:2320
ndisc_netdev_event+0x217/0x350 net/ipv6/ndisc.c:1805
notifier_call_chain+0xb5/0x200 kernel/notifier.c:83
call_netdevice_notifiers_info+0xb5/0x130 net/core/dev.c:2033
call_netdevice_notifiers_extack net/core/dev.c:2045 [inline]
call_netdevice_notifiers net/core/dev.c:2059 [inline]
dev_close_many+0x30b/0x650 net/core/dev.c:1634
rollback_registered_many+0x3a8/0x1210 net/core/dev.c:9261
rollback_registered net/core/dev.c:9329 [inline]
unregister_netdevice_queue+0x2dd/0x570 net/core/dev.c:10410
unregister_netdevice include/linux/netdevice.h:2774 [inline]
ppp_release+0x216/0x240 drivers/net/ppp/ppp_generic.c:403
__fput+0x285/0x920 fs/file_table.c:281
task_work_run+0xdd/0x190 kernel/task_work.c:141
tracehook_notify_resume include/linux/tracehook.h:188 [inline]
exit_to_user_mode_loop kernel/entry/common.c:163 [inline]
exit_to_user_mode_prepare+0x1e1/0x200 kernel/entry/common.c:190
syscall_exit_to_user_mode+0x7e/0x2e0 kernel/entry/common.c:265
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Fixes:
|
|
|
Vladimir Oltean
|
2f1e8ea726 |
net: dsa: link interfaces with the DSA master to get rid of lockdep warnings
Since commit |
|
|
Tony Ambardar
|
746f534a48 |
tools/libbpf: Avoid counting local symbols in ABI check
Encountered the following failure building libbpf from kernel 5.8.5 sources
with GCC 8.4.0 and binutils 2.34: (long paths shortened)
Warning: Num of global symbols in sharedobjs/libbpf-in.o (234) does NOT
match with num of versioned symbols in libbpf.so (236). Please make sure
all LIBBPF_API symbols are versioned in libbpf.map.
--- libbpf_global_syms.tmp 2020-09-02 07:30:58.920084380 +0000
+++ libbpf_versioned_syms.tmp 2020-09-02 07:30:58.924084388 +0000
@@ -1,3 +1,5 @@
+_fini
+_init
bpf_btf_get_fd_by_id
bpf_btf_get_next_id
bpf_create_map
make[4]: *** [Makefile:210: check_abi] Error 1
Investigation shows _fini and _init are actually local symbols counted
amongst global ones:
$ readelf --dyn-syms --wide libbpf.so|head -10
Symbol table '.dynsym' contains 343 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 00000000 0 NOTYPE LOCAL DEFAULT UND
1: 00004098 0 SECTION LOCAL DEFAULT 11
2: 00004098 8 FUNC LOCAL DEFAULT 11 _init@@LIBBPF_0.0.1
3: 00023040 8 FUNC LOCAL DEFAULT 14 _fini@@LIBBPF_0.0.1
4: 00000000 0 OBJECT GLOBAL DEFAULT ABS LIBBPF_0.0.4
5: 00000000 0 OBJECT GLOBAL DEFAULT ABS LIBBPF_0.0.1
6: 0000ffa4 8 FUNC GLOBAL DEFAULT 12 bpf_object__find_map_by_offset@@LIBBPF_0.0.1
A previous commit filtered global symbols in sharedobjs/libbpf-in.o. Do the
same with the libbpf.so DSO for consistent comparison.
Fixes:
|
|
|
Daniel Borkmann
|
e6a18d3611 |
bpf: Fix clobbering of r2 in bpf_gen_ld_abs
Bryce reported that he saw the following with:
0: r6 = r1
1: r1 = 12
2: r0 = *(u16 *)skb[r1]
The xlated sequence was incorrectly clobbering r2 with pointer
value of r6 ...
0: (bf) r6 = r1
1: (b7) r1 = 12
2: (bf) r1 = r6
3: (bf) r2 = r1
4: (85) call bpf_skb_load_helper_16_no_cache#7692160
... and hence call to the load helper never succeeded given the
offset was too high. Fix it by reordering the load of r6 to r1.
Other than that the insn has similar calling convention than BPF
helpers, that is, r0 - r5 are scratch regs, so nothing else
affected after the insn.
Fixes:
|
|
|
Eric Dumazet
|
0ff4628f4c |
mac802154: tx: fix use-after-free
syzbot reported a bug in ieee802154_tx() [1]
A similar issue in ieee802154_xmit_worker() is also fixed in this patch.
[1]
BUG: KASAN: use-after-free in ieee802154_tx+0x3d2/0x480 net/mac802154/tx.c:88
Read of size 4 at addr ffff8880251a8c70 by task syz-executor.3/928
CPU: 0 PID: 928 Comm: syz-executor.3 Not tainted 5.9.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x198/0x1fd lib/dump_stack.c:118
print_address_description.constprop.0.cold+0xae/0x497 mm/kasan/report.c:383
__kasan_report mm/kasan/report.c:513 [inline]
kasan_report.cold+0x1f/0x37 mm/kasan/report.c:530
ieee802154_tx+0x3d2/0x480 net/mac802154/tx.c:88
ieee802154_subif_start_xmit+0xbe/0xe4 net/mac802154/tx.c:130
__netdev_start_xmit include/linux/netdevice.h:4634 [inline]
netdev_start_xmit include/linux/netdevice.h:4648 [inline]
dev_direct_xmit+0x4e9/0x6e0 net/core/dev.c:4203
packet_snd net/packet/af_packet.c:2989 [inline]
packet_sendmsg+0x2413/0x5290 net/packet/af_packet.c:3014
sock_sendmsg_nosec net/socket.c:651 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:671
____sys_sendmsg+0x6e8/0x810 net/socket.c:2353
___sys_sendmsg+0xf3/0x170 net/socket.c:2407
__sys_sendmsg+0xe5/0x1b0 net/socket.c:2440
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45d5b9
Code: 5d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fc98e749c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 000000000002ccc0 RCX: 000000000045d5b9
RDX: 0000000000000000 RSI: 0000000020007780 RDI: 000000000000000b
RBP: 000000000118d020 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cfec
R13: 00007fff690c720f R14: 00007fc98e74a9c0 R15: 000000000118cfec
Allocated by task 928:
kasan_save_stack+0x1b/0x40 mm/kasan/common.c:48
kasan_set_track mm/kasan/common.c:56 [inline]
__kasan_kmalloc.constprop.0+0xbf/0xd0 mm/kasan/common.c:461
slab_post_alloc_hook mm/slab.h:518 [inline]
slab_alloc_node mm/slab.c:3254 [inline]
kmem_cache_alloc_node+0x136/0x3e0 mm/slab.c:3574
__alloc_skb+0x71/0x550 net/core/skbuff.c:198
alloc_skb include/linux/skbuff.h:1094 [inline]
alloc_skb_with_frags+0x92/0x570 net/core/skbuff.c:5771
sock_alloc_send_pskb+0x72a/0x880 net/core/sock.c:2348
packet_alloc_skb net/packet/af_packet.c:2837 [inline]
packet_snd net/packet/af_packet.c:2932 [inline]
packet_sendmsg+0x19fb/0x5290 net/packet/af_packet.c:3014
sock_sendmsg_nosec net/socket.c:651 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:671
____sys_sendmsg+0x6e8/0x810 net/socket.c:2353
___sys_sendmsg+0xf3/0x170 net/socket.c:2407
__sys_sendmsg+0xe5/0x1b0 net/socket.c:2440
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Freed by task 928:
kasan_save_stack+0x1b/0x40 mm/kasan/common.c:48
kasan_set_track+0x1c/0x30 mm/kasan/common.c:56
kasan_set_free_info+0x1b/0x30 mm/kasan/generic.c:355
__kasan_slab_free+0xd8/0x120 mm/kasan/common.c:422
__cache_free mm/slab.c:3418 [inline]
kmem_cache_free.part.0+0x74/0x1e0 mm/slab.c:3693
kfree_skbmem+0xef/0x1b0 net/core/skbuff.c:622
__kfree_skb net/core/skbuff.c:679 [inline]
consume_skb net/core/skbuff.c:838 [inline]
consume_skb+0xcf/0x160 net/core/skbuff.c:832
__dev_kfree_skb_any+0x9c/0xc0 net/core/dev.c:3107
fakelb_hw_xmit+0x20e/0x2a0 drivers/net/ieee802154/fakelb.c:81
drv_xmit_async net/mac802154/driver-ops.h:16 [inline]
ieee802154_tx+0x282/0x480 net/mac802154/tx.c:81
ieee802154_subif_start_xmit+0xbe/0xe4 net/mac802154/tx.c:130
__netdev_start_xmit include/linux/netdevice.h:4634 [inline]
netdev_start_xmit include/linux/netdevice.h:4648 [inline]
dev_direct_xmit+0x4e9/0x6e0 net/core/dev.c:4203
packet_snd net/packet/af_packet.c:2989 [inline]
packet_sendmsg+0x2413/0x5290 net/packet/af_packet.c:3014
sock_sendmsg_nosec net/socket.c:651 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:671
____sys_sendmsg+0x6e8/0x810 net/socket.c:2353
___sys_sendmsg+0xf3/0x170 net/socket.c:2407
__sys_sendmsg+0xe5/0x1b0 net/socket.c:2440
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
The buggy address belongs to the object at ffff8880251a8c00
which belongs to the cache skbuff_head_cache of size 224
The buggy address is located 112 bytes inside of
224-byte region [ffff8880251a8c00, ffff8880251a8ce0)
The buggy address belongs to the page:
page:0000000062b6a4f1 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x251a8
flags: 0xfffe0000000200(slab)
raw: 00fffe0000000200 ffffea0000435c88 ffffea00028b6c08 ffff8880a9055d00
raw: 0000000000000000 ffff8880251a80c0 000000010000000c 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff8880251a8b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff8880251a8b80: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
>ffff8880251a8c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff8880251a8c80: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
ffff8880251a8d00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
Fixes:
|
|
|
Pablo Neira Ayuso
|
0c92411bb8 |
netfilter: nft_meta: use socket user_ns to retrieve skuid and skgid
... instead of using init_user_ns.
Fixes:
|
|
|
Eelco Chaudron
|
526e81b990 |
netfilter: conntrack: nf_conncount_init is failing with IPv6 disabled
The openvswitch module fails initialization when used in a kernel
without IPv6 enabled. nf_conncount_init() fails because the ct code
unconditionally tries to initialize the netns IPv6 related bit,
regardless of the build option. The change below ignores the IPv6
part if not enabled.
Note that the corresponding _put() function already has this IPv6
configuration check.
Fixes:
|
|
|
Martin Willi
|
6c0d95d123 |
netfilter: ctnetlink: fix mark based dump filtering regression
conntrack mark based dump filtering may falsely skip entries if a mask
is given: If the mask-based check does not filter out the entry, the
else-if check is always true and compares the mark without considering
the mask. The if/else-if logic seems wrong.
Given that the mask during filter setup is implicitly set to 0xffffffff
if not specified explicitly, the mark filtering flags seem to just
complicate things. Restore the previously used approach by always
matching against a zero mask is no filter mark is given.
Fixes:
|
|
|
Pablo Neira Ayuso
|
67cc570eda |
netfilter: nf_tables: coalesce multiple notifications into one skbuff
On x86_64, each notification results in one skbuff allocation which consumes at least 768 bytes due to the skbuff overhead. This patch coalesces several notifications into one single skbuff, so each notification consumes at least ~211 bytes, that ~3.5 times less memory consumption. As a result, this is reducing the chances to exhaust the netlink socket receive buffer. Rule of thumb is that each notification batch only contains netlink messages whose report flag is the same, nfnetlink_send() requires this to do appropriate delivery to userspace, either via unicast (echo mode) or multicast (monitor mode). The skbuff control buffer is used to annotate the report flag for later handling at the new coalescing routine. The batch skbuff notification size is NLMSG_GOODSIZE, using a larger skbuff would allow for more socket receiver buffer savings (to amortize the cost of the skbuff even more), however, going over that size might break userspace applications, so let's be conservative and stick to NLMSG_GOODSIZE. Reported-by: Phil Sutter <phil@nwl.cc> Acked-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |
|
|
Will McVicker
|
1cc5ef91d2 |
netfilter: ctnetlink: add a range check for l3/l4 protonum
The indexes to the nf_nat_l[34]protos arrays come from userspace. So
check the tuple's family, e.g. l3num, when creating the conntrack in
order to prevent an OOB memory access during setup. Here is an example
kernel panic on 4.14.180 when userspace passes in an index greater than
NFPROTO_NUMPROTO.
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
Modules linked in:...
Process poc (pid: 5614, stack limit = 0x00000000a3933121)
CPU: 4 PID: 5614 Comm: poc Tainted: G S W O 4.14.180-g051355490483
Hardware name: Qualcomm Technologies, Inc. SM8150 V2 PM8150 Google Inc. MSM
task: 000000002a3dfffe task.stack: 00000000a3933121
pc : __cfi_check_fail+0x1c/0x24
lr : __cfi_check_fail+0x1c/0x24
...
Call trace:
__cfi_check_fail+0x1c/0x24
name_to_dev_t+0x0/0x468
nfnetlink_parse_nat_setup+0x234/0x258
ctnetlink_parse_nat_setup+0x4c/0x228
ctnetlink_new_conntrack+0x590/0xc40
nfnetlink_rcv_msg+0x31c/0x4d4
netlink_rcv_skb+0x100/0x184
nfnetlink_rcv+0xf4/0x180
netlink_unicast+0x360/0x770
netlink_sendmsg+0x5a0/0x6a4
___sys_sendmsg+0x314/0x46c
SyS_sendmsg+0xb4/0x108
el0_svc_naked+0x34/0x38
This crash is not happening since 5.4+, however, ctnetlink still
allows for creating entries with unsupported layer 3 protocol number.
Fixes:
|
|
|
Dexuan Cui
|
19162fd406 |
hv_netvsc: Fix hibernation for mlx5 VF driver
mlx5_suspend()/resume() keep the network interface, so during hibernation
netvsc_unregister_vf() and netvsc_register_vf() are not called, and hence
netvsc_resume() should call netvsc_vf_changed() to switch the data path
back to the VF after hibernation. Note: after we close and re-open the
vmbus channel of the netvsc NIC in netvsc_suspend() and netvsc_resume(),
the data path is implicitly switched to the netvsc NIC. Similarly,
netvsc_suspend() should not call netvsc_unregister_vf(), otherwise the VF
can no longer be used after hibernation.
For mlx4, since the VF network interafce is explicitly destroyed and
re-created during hibernation (see mlx4_suspend()/resume()), hv_netvsc
already explicitly switches the data path from and to the VF automatically
via netvsc_register_vf() and netvsc_unregister_vf(), so mlx4 doesn't need
this fix. Note: mlx4 can still work with the fix because in
netvsc_suspend()/resume() ndev_ctx->vf_netdev is NULL for mlx4.
Fixes:
|
|
|
Taehee Yoo
|
e1f469cd58 |
Revert "netns: don't disable BHs when locking "nsid_lock""
This reverts commit |
|
|
Jakub Kicinski
|
8ae4dff882 |
ibmvnic: add missing parenthesis in do_reset()
Indentation and logic clearly show that this code is missing
parenthesis.
Fixes:
|
|
|
Randy Dunlap
|
ffa59b0b39 |
netdevice.h: fix xdp_state kernel-doc warning
Fix kernel-doc warning in <linux/netdevice.h>:
../include/linux/netdevice.h:2158: warning: Function parameter or member 'xdp_state' not described in 'net_device'
Fixes:
|
|
|
Randy Dunlap
|
eb02d39ad3 |
netdevice.h: fix proto_down_reason kernel-doc warning
Fix kernel-doc warning in <linux/netdevice.h>:
../include/linux/netdevice.h:2158: warning: Function parameter or member 'proto_down_reason' not described in 'net_device'
Fixes:
|
|
|
Jakub Kicinski
|
72bbee2aea |
Merge branch 'bnxt_en-Two-bug-fixes'
Michael Chan says: ==================== bnxt_en: Two bug fixes. The first patch fixes AER recovery by reducing the time from several minutes to a more reasonable 20 - 30 seconds. The second patch fixes a possible NULL pointer crash during firmware reset. ==================== Signed-off-by: Jakub Kicinski <kuba@kernel.org> |
|
|
Vasundhara Volam
|
b16939b59c |
bnxt_en: Fix NULL ptr dereference crash in bnxt_fw_reset_task()
bnxt_fw_reset_task() which runs from a workqueue can race with
bnxt_remove_one(). For example, if firmware reset and VF FLR are
happening at about the same time.
bnxt_remove_one() already cancels the workqueue and waits for it
to finish, but we need to do this earlier before the devlink
reporters are destroyed. This will guarantee that
the devlink reporters will always be valid when bnxt_fw_reset_task()
is still running.
Fixes:
|
|
|
Vasundhara Volam
|
b340dc680e |
bnxt_en: Avoid sending firmware messages when AER error is detected.
When the driver goes through PCIe AER reset in error state, all
firmware messages will timeout because the PCIe bus is no longer
accessible. This can lead to AER reset taking many minutes to
complete as each firmware command takes time to timeout.
Define a new macro BNXT_NO_FW_ACCESS() to skip these firmware messages
when either firmware is in fatal error state or when
pci_channel_offline() is true. It now takes a more reasonable 20 to
30 seconds to complete AER recovery.
Fixes:
|
|
|
Mauro Carvalho Chehab
|
1264c1e0cf |
Revert "wlcore: Adding suppoprt for IGTK key in wlcore driver"
This patch causes a regression betwen Kernel 5.7 and 5.8 at wlcore:
with it applied, WiFi stops working, and the Kernel starts printing
this message every second:
wlcore: PHY firmware version: Rev 8.2.0.0.242
wlcore: firmware booted (Rev 8.9.0.0.79)
wlcore: ERROR command execute failure 14
------------[ cut here ]------------
WARNING: CPU: 0 PID: 133 at drivers/net/wireless/ti/wlcore/main.c:795 wl12xx_queue_recovery_work.part.0+0x6c/0x74 [wlcore]
Modules linked in: wl18xx wlcore mac80211 libarc4 cfg80211 rfkill snd_soc_hdmi_codec crct10dif_ce wlcore_sdio adv7511 cec kirin9xx_drm(C) kirin9xx_dw_drm_dsi(C) drm_kms_helper drm ip_tables x_tables ipv6 nf_defrag_ipv6
CPU: 0 PID: 133 Comm: kworker/0:1 Tainted: G WC 5.8.0+ #186
Hardware name: HiKey970 (DT)
Workqueue: events_freezable ieee80211_restart_work [mac80211]
pstate: 60000005 (nZCv daif -PAN -UAO BTYPE=--)
pc : wl12xx_queue_recovery_work.part.0+0x6c/0x74 [wlcore]
lr : wl12xx_queue_recovery_work+0x24/0x30 [wlcore]
sp : ffff8000126c3a60
x29: ffff8000126c3a60 x28: 00000000000025de
x27: 0000000000000010 x26: 0000000000000005
x25: ffff0001a5d49e80 x24: ffff8000092cf580
x23: ffff0001b7c12623 x22: ffff0001b6fcf2e8
x21: ffff0001b7e46200 x20: 00000000fffffffb
x19: ffff0001a78e6400 x18: 0000000000000030
x17: 0000000000000001 x16: 0000000000000001
x15: ffff0001b7e46670 x14: ffffffffffffffff
x13: ffff8000926c37d7 x12: ffff8000126c37e0
x11: ffff800011e01000 x10: ffff8000120526d0
x9 : 0000000000000000 x8 : 3431206572756c69
x7 : 6166206574756365 x6 : 0000000000000c2c
x5 : 0000000000000000 x4 : ffff0001bf1361e8
x3 : ffff0001bf1790b0 x2 : 0000000000000000
x1 : ffff0001a5d49e80 x0 : 0000000000000001
Call trace:
wl12xx_queue_recovery_work.part.0+0x6c/0x74 [wlcore]
wl12xx_queue_recovery_work+0x24/0x30 [wlcore]
wl1271_cmd_set_sta_key+0x258/0x25c [wlcore]
wl1271_set_key+0x7c/0x2dc [wlcore]
wlcore_set_key+0xe4/0x360 [wlcore]
wl18xx_set_key+0x48/0x1d0 [wl18xx]
wlcore_op_set_key+0xa4/0x180 [wlcore]
ieee80211_key_enable_hw_accel+0xb0/0x2d0 [mac80211]
ieee80211_reenable_keys+0x70/0x110 [mac80211]
ieee80211_reconfig+0xa00/0xca0 [mac80211]
ieee80211_restart_work+0xc4/0xfc [mac80211]
process_one_work+0x1cc/0x350
worker_thread+0x13c/0x470
kthread+0x154/0x160
ret_from_fork+0x10/0x30
---[ end trace b1f722abf9af5919 ]---
wlcore: WARNING could not set keys
wlcore: ERROR Could not add or replace key
wlan0: failed to set key (4, ff:ff:ff:ff:ff:ff) to hardware (-5)
wlcore: Hardware recovery in progress. FW ver: Rev 8.9.0.0.79
wlcore: pc: 0x0, hint_sts: 0x00000040 count: 39
wlcore: down
wlcore: down
ieee80211 phy0: Hardware restart was requested
mmc_host mmc0: Bus speed (slot 0) = 400000Hz (slot req 400000Hz, actual 400000HZ div = 0)
mmc_host mmc0: Bus speed (slot 0) = 25000000Hz (slot req 25000000Hz, actual 25000000HZ div = 0)
wlcore: PHY firmware version: Rev 8.2.0.0.242
wlcore: firmware booted (Rev 8.9.0.0.79)
wlcore: ERROR command execute failure 14
------------[ cut here ]------------
Tested on Hikey 970.
This reverts commit
|
|
|
Linus Walleij
|
4ddcaf1ebb |
net: dsa: rtl8366: Properly clear member config
When removing a port from a VLAN we are just erasing the
member config for the VLAN, which is wrong: other ports
can be using it.
Just mask off the port and only zero out the rest of the
member config once ports using of the VLAN are removed
from it.
Reported-by: Florian Fainelli <f.fainelli@gmail.com>
Fixes:
|
|
|
Parshuram Thombare
|
d7739b0b6d |
net: macb: fix for pause frame receive enable bit
PAE bit of NCFGR register, when set, pauses transmission
if a non-zero 802.3 classic pause frame is received.
Fixes:
|
|
|
Ganji Aravind
|
94cc242a06 |
cxgb4: Fix offset when clearing filter byte counters
Pass the correct offset to clear the stale filter hit
bytes counter. Otherwise, the counter starts incrementing
from the stale information, instead of 0.
Fixes:
|
|
|
Jakub Kicinski
|
02146a93ba |
Merge branch 'hinic-BugFixes'
Luo bin says: ==================== hinic: BugFixes The bugs fixed in this patchset have been present since the following commits: patch #1: Fixes: |
|
|
Luo bin
|
0c97ee5fbd |
hinic: bump up the timeout of UPDATE_FW cmd
Firmware erases the entire flash region which may take several
seconds before flashing, so we bump up the timeout to ensure this
cmd won't return failure.
Fixes:
|
|
|
Luo bin
|
4e4269ebe7 |
hinic: bump up the timeout of SET_FUNC_STATE cmd
We free memory regardless of the return value of SET_FUNC_STATE
cmd in hinic_close function to avoid memory leak and this cmd may
timeout when fw is busy with handling other cmds, so we bump up the
timeout of this cmd to ensure it won't return failure.
Fixes:
|
|
|
Linus Lüssing
|
7dda5b3384 |
batman-adv: mcast/TT: fix wrongly dropped or rerouted packets
The unicast packet rerouting code makes several assumptions. For
instance it assumes that there is always exactly one destination in the
TT. This breaks for multicast frames in a unicast packets in several ways:
For one thing if there is actually no TT entry and the destination node
was selected due to the multicast tvlv flags it announced. Then an
intermediate node will wrongly drop the packet.
For another thing if there is a TT entry but the TTVN of this entry is
newer than the originally addressed destination node: Then the
intermediate node will wrongly redirect the packet, leading to
duplicated multicast packets at a multicast listener and missing
packets at other multicast listeners or multicast routers.
Fixing this by not applying the unicast packet rerouting to batman-adv
unicast packets with a multicast payload. We are not able to detect a
roaming multicast listener at the moment and will just continue to send
the multicast frame to both the new and old destination for a while in
case of such a roaming multicast listener.
Fixes:
|
|
|
Cong Wang
|
cc8e58f832 |
act_ife: load meta modules before tcf_idr_check_alloc()
The following deadlock scenario is triggered by syzbot:
Thread A: Thread B:
tcf_idr_check_alloc()
...
populate_metalist()
rtnl_unlock()
rtnl_lock()
...
request_module() tcf_idr_check_alloc()
rtnl_lock()
At this point, thread A is waiting for thread B to release RTNL
lock, while thread B is waiting for thread A to commit the IDR
change with tcf_idr_insert() later.
Break this deadlock situation by preloading ife modules earlier,
before tcf_idr_check_alloc(), this is fine because we only need
to load modules we need potentially.
Reported-and-tested-by: syzbot+80e32b5d1f9923f8ace6@syzkaller.appspotmail.com
Fixes:
|
|
|
Jing Xiangfeng
|
c2b947879c |
atm: eni: fix the missed pci_disable_device() for eni_init_one()
eni_init_one() misses to call pci_disable_device() in an error path.
Jump to err_disable to fix it.
Fixes:
|
|
|
Xie He
|
44a049c426 |
drivers/net/wan/hdlc_fr: Add needed_headroom for PVC devices
PVC devices are virtual devices in this driver stacked on top of the actual HDLC device. They are the devices normal users would use. PVC devices have two types: normal PVC devices and Ethernet-emulating PVC devices. When transmitting data with PVC devices, the ndo_start_xmit function will prepend a header of 4 or 10 bytes. Currently this driver requests this headroom to be reserved for normal PVC devices by setting their hard_header_len to 10. However, this does not work when these devices are used with AF_PACKET/RAW sockets. Also, this driver does not request this headroom for Ethernet-emulating PVC devices (but deals with this problem by reallocating the skb when needed, which is not optimal). This patch replaces hard_header_len with needed_headroom, and set needed_headroom for Ethernet-emulating PVC devices, too. This makes the driver to request headroom for all PVC devices in all cases. Cc: Krzysztof Halasa <khc@pm.waw.pl> Cc: Martin Schiller <ms@dev.tdt.de> Signed-off-by: Xie He <xie.he.0141@gmail.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org> |
|
|
Linus Torvalds
|
c70672d8d3 |
s390 fixes for 5.9-rc4
- Fix GENERIC_LOCKBREAK dependency on PREEMPTION in Kconfig broken because of a typo. - Update defconfigs. -----BEGIN PGP SIGNATURE----- iQEzBAABCAAdFiEE3QHqV+H2a8xAv27vjYWKoQLXFBgFAl9SpAcACgkQjYWKoQLX FBg+yAgAki9NzPxJAW8cmo001dnG33Fq0AvA8YsUYhlKD7/quqtA514UuhsJydEq NV6jjNQLIkDTit2m7Joh1ScBdaYA87isnbLI/BbarfiNA8MeDCxCuz7AJaTPqGR+ pKHK3eI9vFJW0cACrW1owsER4RpgdXJC74Zr3MoFwzRwQMWu8YH179hAaD8mwp8N nObNIiY3Yot7CQwtody0NSUh5eE0gmVmz/7yv4+zDQaMocBZa2ubqUU5awAVe6y1 L9HHnmhaUxG1iH6aUNFSelF1C3zs1IPlhr9l1WzNppe5+5fU2pZkh409B62HTf2F O/2w3LMPyTUJ1lo/Lt60kmLuo52vLA== =bore -----END PGP SIGNATURE----- Merge tag 's390-5.9-5' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux Pull s390 fixes from Vasily Gorbik: - Fix GENERIC_LOCKBREAK dependency on PREEMPTION in Kconfig broken because of a typo - Update defconfigs * tag 's390-5.9-5' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: s390: update defconfigs s390: fix GENERIC_LOCKBREAK dependency typo in Kconfig |
|
|
Linus Torvalds
|
09274aed90 |
- Fix the loading of modules built with binutils-2.35. This version
produces writable and executable .text.ftrace_trampoline section which is rejected by the kernel. - Remove the exporting of cpu_logical_map() as the Tegra driver has now been fixed and no longer uses this function. -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE5RElWfyWxS+3PLO2a9axLQDIXvEFAl9SaVMACgkQa9axLQDI XvHX1w//eo8OuGiJolZvyPSCDfFaMSxNniW9g6O6A2b9f0L9wVK1RbAW4hQcb+uO rCN8CfCeCq4IyTEG94CA9qbBev8oCtZ3gtpqSwBcK5rS8zozn8Krw0979aQQH7mt kotzi3ac44BA733ElbYETnNfmZPEokkSl0d6lfbzp8b2/kMtFgmg/1e/RRqr1o2s IdKdjy9LyvBcmVv0V3sfnLLzze1LF7xjlpYt9so4Rxlj6TZXkpGOAXOSHfbd87CJ Nq+LnYjMfnbJI7qTBLiUMb3IsT9O3KVQGtDXeVweXsW31h2f1gkwg69hGoRvKJxE vpwE3oxfpkd3eA2CvC73feTG+fXejezLHnT5LHUcwU9gSIm3cybFyTV2GSjskU5g 2RCmR1xHMLV9ZeQzyzN64VsKcqM/3qlooNkVcSJTL7ayqUCvVLct+ECu9rOQy+sz ROQ0BkSZbNCMIY/ixFXwwEG3yX15M13pbq7MM2mY9MchSAGy1EOOXDp65zX+QlO0 ljDA3JLIK2bxFhtsDYrLymwXFFoRHSK2sQnm6DX8/rPfTKq7MHyMpBFnjfrDnAzJ V0Y/gOaSyVUEqq/DYiX9mHhsEc01jThRqGi3j70Lb4xJUVu+rrxzJeetMD8HPrYY Db0YTovd6po/UwCyv0Ybu674fTBEUxPzIEzr0oLdEMV7w9iyX0E= =jbgA -----END PGP SIGNATURE----- Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 fixes from Catalin Marinas: - Fix the loading of modules built with binutils-2.35. This version produces writable and executable .text.ftrace_trampoline section which is rejected by the kernel. - Remove the exporting of cpu_logical_map() as the Tegra driver has now been fixed and no longer uses this function. * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: arm64/module: set trampoline section flags regardless of CONFIG_DYNAMIC_FTRACE arm64: Remove exporting cpu_logical_map symbol |
|
|
Linus Torvalds
|
16bf121b2d |
A few MIPS fixes:
- fallthrough fallout fix - BMIPS fixes - MSA fix to avoid leaking MSA register contents - Loongson perf and cpu feature fix - SNI interrupt fix -----BEGIN PGP SIGNATURE----- iQJOBAABCAA4FiEEbt46xwy6kEcDOXoUeZbBVTGwZHAFAl9SMkAaHHRzYm9nZW5k QGFscGhhLmZyYW5rZW4uZGUACgkQeZbBVTGwZHA/Lw/8Cp19eTYF0ps60u9i2Gen 5e2yY7TlO1gBerdyA4iX/Jd8wKYu0cCBreHAF9JzdFi1z9s7arguB6DWUOYwa/W/ t0q86CW+EddfwJzjdY+H7cnNQWhaLGeKGXUzevI7v2kd3LAAyPvm7vUeR1zYxVol IJ3XyLGo+NN3xLecc2sSDVAWQR+wfy+1pARbVimkh4wlJjZcrvWgl8+jYv15p8u5 DPywG+wgkRJNWV1hX54qh9bxNOtLajFhAsWIluwAVf/mmQCguY0Gd8bcBDYFqyFt HZPuH5Rhmnm8/alqetzcXCFN8Y9IwzjOlOemwENCs1/0O49mdCF08uOd7wp9Sek2 aXlksJBtNB7jVzYZAiwnQcm/L84gXaxkdMjf47jTzTFkMBn+3/lbcGfKDptDc7U0 sNQmOU1y9y69UP2G7cSGH5cOco7LMReTTDB+35X/wWMnthKh5iw5R2nK0vJzCpWS Vq2PD8vIsO+58rlHFwOv6zZmGOQlCb93Nuzk7zx7GQMAEN05Av9nVC91n47MH352 VVwTv2dsBgNBDyhukz7YFpZLF11K9hYz5+661q0SGmRyKe5a4OD8lVV1kqQ6e8hp dlmcgT/B93cEvs9qnx5E13UO5UyPYn9Trbl2qppMvL9zXyc/jdDnoMfH48LK22YP hUbnUmjJAD55PLFJ+dl/EXM= =HWpo -----END PGP SIGNATURE----- Merge tag 'mips_fixes_5.9_1' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux Pull MIPS fixes from Thomas Bogendoerfer: "A few MIPS fixes: - fallthrough fallout fix - BMIPS fixes - MSA fix to avoid leaking MSA register contents - Loongson perf and cpu feature fix - SNI interrupt fix" * tag 'mips_fixes_5.9_1' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux: MIPS: SNI: Fix SCSI interrupt MIPS: add missing MSACSR and upper MSA initialization MIPS: perf: Fix wrong check condition of Loongson event IDs mips/oprofile: Fix fallthrough placement MIPS: Loongson64: Remove unnecessary inclusion of boot_param.h MIPS: BMIPS: Also call bmips_cpu_setup() for secondary cores MIPS: mm: BMIPS5000 has inclusive physical caches MIPS: Loongson64: Do not override watch and ejtag feature |
|
|
Linus Torvalds
|
41bef91c8a |
Kbuild fixes for v5.9 (2nd)
- fix documents - fix warning in 'make localmodconfig' -----BEGIN PGP SIGNATURE----- iQJJBAABCgAzFiEEbmPs18K1szRHjPqEPYsBB53g2wYFAl9SMBsVHG1hc2FoaXJv eUBrZXJuZWwub3JnAAoJED2LAQed4NsGsQgQAK7+5/7hZD7ZhBwLOKEJEsJgu+fO ZDn5sZiAf+HIeAFZ8tcVmCceqCti1mRxcnwiEpN6iBmXF/BZY5PkAw9pXcK30PgG kquYqlQlDRw4OSRBm+ZCAF2FyT5l3ScWoDzwTcYpUU8bgRM/CKSWn9XJS+/Hk/Mo 93EeodOKfz0S2Nq2yrRjzvOTIrYJKc93BGy0pt007MExBuw0vMLTHDotEGriXZ+x cETMx9+OGJhTP+2QBSL3q2lrMc0syupjC0Mx8i1GdrWmWn5pP9x43cwxgzMYPCcQ DO0v0V0j5xq/0QPpRDs7ZcgUoGAUlXYDOohA6diDB/OysQ30TDohSoCh9hCHQvX7 Use98oBvce541uTTlhAtj9tKCy+fmLV1kIryh7ruojTPtHmY/9UXs02qK0EIj3za qCXe/eFawRIqZUprO5KkIYSNzVSFYDnD4qC42/MQr64JbC1eIBZNZyH0XJXlj650 pHkOkQuvgAXjB3pA9OyccT16A0+agHgeRv05j2c5qoqdLUZtu4yupOddH/v9WeIC HntC8TYnOD63uj131NgqIjOHCncblkt16MZpPVsOLRFVHVjm/80uAvVZL8PzJ4jr Fr4OovyvH/sjw29r+a8Xlg3/pm9eH0TgftRP8x23lPdewRzJXR/8WDsEsHcdVK5h Q+gOeiSno9TxGiTh =utGD -----END PGP SIGNATURE----- Merge tag 'kbuild-fixes-v5.9-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild Pull Kbuild fixes from Masahiro Yamada: - fix documents - fix warning in 'make localmodconfig' * tag 'kbuild-fixes-v5.9-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: kconfig: remove redundant assignment prompt = prompt kbuild: Documentation: clean up makefiles.rst kconfig: streamline_config.pl: check defined(ENV variable) before using it Documentation/llvm: Improve formatting of commands, variables, and arguments |
|
|
Linus Torvalds
|
f162626a03 |
Power management fixes for 5.9-rc4
- Fix reference counting of operating performance points (OPP)
tables (Viresh Kumar).
- Address intel_pstate driver interface issues, mostly related
to switching operation modes and handling CPU offline and
online and system-wide suspend/resume with hardware-managed
P-states (HWP) enabled (Rafael Wysocki).
- Fix the maximum frequency computation in the intel_pstate driver
with turbo P-states disabled by the platform firmware and HWP
enabled (Francisco Jerez).
-----BEGIN PGP SIGNATURE-----
iQJGBAABCAAwFiEE4fcc61cGeeHD/fCwgsRv/nhiVHEFAl9Sb3YSHHJqd0Byand5
c29ja2kubmV0AAoJEILEb/54YlRxI3YP/iPLm1zudatHLFr44A5cPNyKd0VI4Wh7
7wTLZNFuHs69ivRjC77BJGULDoDJopas6GArkWdh0G+nqQo8SM18RinxA+13DEl5
7tIrkIWv0gJW/7jZp5mpqjkKNOQ+zH0aw5zaHfiQKVrb6lZJdULbWTpAmr5miCim
qbs4Umvo/4Nshxj46N6CT82kSbElwCCAfFcXheYaplirfZmluuH9+Zd/rKQCoyCv
zXP+T/YV+U2siCOyjaSToDvnoep2qNwl4ZSRPKYCvqKr1B9u+Rp4psdjMuUixnum
Qs+57EudxLyHfaXhMR/ua/XhKf2ZUFZT7ClJeKCR5nzl7bzp6oy+TaljZVsvG0b1
pPiGZKs9JRXovweriWkhUtHaEpND/AMwqnYH3ZBbc1eL65EM0ljWIINDN0oWD9Xa
5a8Z1nsaD66VnHfWaOlKMQhBH7YLxACUqRo/+D2hgx+cHxUP5CqfgpUsV3Cb7c1J
GsmvMJwQ6/wmfCShRJniqBhoUecBCL+U7Tw1c4suDyMz8iVEMh9C5pZNsd0nWt5r
I7O+s/HPRDW/01Wew3cM2h0ib+y0pQIx+jaktrECXutgejv47oH01CAZrm2j5Ie7
Bqb+GOmJKdPInXrdgz59mCSic1rO8rb49dRvCxCMx/jsnwcwG1x+o86fuLgZUzKA
R7JJd7VQg2wP
=gsKc
-----END PGP SIGNATURE-----
Merge tag 'pm-5.9-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull power management fixes from Rafael Wysocki:
"These fix reference counting in the operating performance points (OPP)
framework and address a few intel_pstate driver issues, mostly related
to switching driver operation modes and similar with hardware-managed
P-states (HWP) enabled.
Specifics:
- Fix reference counting of operating performance points (OPP) tables
(Viresh Kumar).
- Address intel_pstate driver interface issues, mostly related to
switching operation modes and handling CPU offline and online and
system-wide suspend/resume with hardware-managed P-states (HWP)
enabled (Rafael Wysocki).
- Fix the maximum frequency computation in the intel_pstate driver
with turbo P-states disabled by the platform firmware and HWP
enabled (Francisco Jerez)"
* tag 'pm-5.9-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
cpufreq: intel_pstate: Fix intel_pstate_get_hwp_max() for turbo disabled
cpufreq: intel_pstate: Free memory only when turning off
cpufreq: intel_pstate: Add ->offline and ->online callbacks
cpufreq: intel_pstate: Tweak the EPP sysfs interface
cpufreq: intel_pstate: Update cached EPP in the active mode
cpufreq: intel_pstate: Refuse to turn off with HWP enabled
opp: Don't drop reference for an OPP table that was never parsed
|
|
|
Linus Torvalds
|
d824e0809c |
libata-5.9-2020-09-04
-----BEGIN PGP SIGNATURE----- iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAl9SXCYQHGF4Ym9lQGtl cm5lbC5kawAKCRD301j7KXHgplweD/sELNKLOyRZZSM3COm+gpYP8UJQtsN8b3bQ tKGn0kShYNlXiB0umm5NXBLfIsv64J33H3tWpou6PiaQAJceBlbms8gv+qbPahi0 52isVTzXX4jcBMhCRfW3rJ04zKRsv20bMp0sMva6kpEbBgqaiUo9hM+rhFfRj/wW hLpCGabyIE79p9dCOAzVxfSEyLTuN8QY5kznTze0clKu4q7b7BdXr/2AyXyQIUFj EYW0WTeIVpa9JcC1qosHf82aUL4Fo49xJ2YA/dncCYNVsjKcXxg90qWqS9XvU6hy oE6pJdin+bx9hSvDJpgqsLaLB+ATDdnqz1QBFkXnuhvOVdUkgocLYnRhaOxGAJvr Af4icx+UlbpUgXqNHdhzW1rkh/4tjICuRVmxslr2Sq/0kFeR9CZVo+8uRzaPXv0l IzZjhxKO04nR31T7WUv8YFpv5pSSBepom30utpj6YWpnp/Bh/UgeuhbBCx8R8r6j drHKzIclYICHYd84MOvFgLelhpPR3A/mHyVwgZdvQLl3OCGDnaQYD3dYPxRcDiek 9eEFxsWpgV4/48sswSITM37aBC0hfz9JcHR9thfcs3vCTe84kLDwMhx3RzU+mXvJ 9s7oijuSuTK5nzRqXHoYOzSrOskRUuc09V3wWoSNIRHtLmaOw5+78H8QlobDy05E l6I9OYJWKg== =/NYf -----END PGP SIGNATURE----- Merge tag 'libata-5.9-2020-09-04' of git://git.kernel.dk/linux-block Pull libata fixes from Jens Axboe: - improve Sandisks ATA_HORKAGE on NCQ (Tejun) - link printk cleanup (Xu) * tag 'libata-5.9-2020-09-04' of git://git.kernel.dk/linux-block: libata: implement ATA_HORKAGE_MAX_TRIM_128M and apply to Sandisks ata: ahci: use ata_link_info() instead of ata_link_printk() |
|
|
Linus Torvalds
|
8075fc3b11 |
block-5.9-2020-09-04
-----BEGIN PGP SIGNATURE-----
iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAl9SWMMQHGF4Ym9lQGtl
cm5lbC5kawAKCRD301j7KXHgphIcD/488Q7rXb2eABp1fGs4gu+VFOCLogeHL8xh
5xHNiOPnZG2SGr8DQJY/7EX2kE65rbZi8/g+2N6anovI2nduRu0tzSra7fRgzbys
ZQC1CUel0MbCd7e8OaEfg108PSHNxBf1PqDcE7zCeyZ0DIs3s4vK/bQtmzzxZHgU
wNw4OIP9gOdqgjowb6GGHo9SLN4GT8rZ0jZVPLa7GwFsvxCTwv/7lHO8rqeSeuCu
5H6i3M/rSbtTXPLHf4Fy97x9WmBmdgu4epTXiwbOxaagpx3lm/7n1P3CpavR+Gcq
O5VGIIzazxPwnZl9y/6rZFLGYqcj38RxUvC8KtK6tDXxEu/BDJa1d6hXI03SyXAO
ZAiEpQTKOkJE3R8ewUDrXLvl3p6FvwZVZ5SIFwUb+0JFrVQYwrgfoRJtzb5SIUan
T9/bSYge7lFRI92FZRIqhvk8rsEBRdu7N/rQCyGf6GuZ0vRXWRAqN7T02iDn3czX
pdGAepU5ymw8CwyUiNNnkY0DUaQLBIO9tCA9epxLwdroQ95vJtMPRBX1STQ65GVk
XvMFAJqDAehQ/nP5xO60cWGZHyL7L/ccpofZlA/ytgAIZRa85GvhrdVy7yc6DKto
wu6h2tkX9+ldoUjVbn/60T+Ft3QUTlfAuDfherkNoFNB/G5i1pzOHbwvL7B3czr3
ZMjoNiOIqA==
=8fvz
-----END PGP SIGNATURE-----
Merge tag 'block-5.9-2020-09-04' of git://git.kernel.dk/linux-block
Pull block fixes from Jens Axboe:
"A bit larger than usual this week, mostly due to the NVMe fixes
arriving late for -rc3 and hence didn't make last weeks pull request.
- NVMe:
- instance leak and io boundary fixes from Keith
- fc locking fix from Christophe
- various tcp/rdma reset during traffic fixes from Sagi
- pci use-after-free fix from Tong
- tcp target null deref fix from Ziye
- Locking fix for partition removal (Christoph)
- Ensure bdi->io_pages is always set (me)
- Fixup for hd struct reference (Ming)
- Fix for zero length bvecs (Ming)
- Two small blk-iocost fixes (Tejun)"
* tag 'block-5.9-2020-09-04' of git://git.kernel.dk/linux-block:
block: allow for_each_bvec to support zero len bvec
blk-stat: make q->stats->lock irqsafe
blk-iocost: ioc_pd_free() shouldn't assume irq disabled
block: fix locking in bdev_del_partition
block: release disk reference in hd_struct_free_work
block: ensure bdi->io_pages is always initialized
nvme-pci: cancel nvme device request before disabling
nvme: only use power of two io boundaries
nvme: fix controller instance leak
nvmet-fc: Fix a missed _irqsave version of spin_lock in 'nvmet_fc_fod_op_done()'
nvme: Fix NULL dereference for pci nvme controllers
nvme-rdma: fix reset hang if controller died in the middle of a reset
nvme-rdma: fix timeout handler
nvme-rdma: serialize controller teardown sequences
nvme-tcp: fix reset hang if controller died in the middle of a reset
nvme-tcp: fix timeout handler
nvme-tcp: serialize controller teardown sequences
nvme: have nvme_wait_freeze_timeout return if it timed out
nvme-fabrics: don't check state NVME_CTRL_NEW for request acceptance
nvmet-tcp: Fix NULL dereference when a connect data comes in h2cdata pdu
|
|
|
Linus Torvalds
|
d849ca483d |
io_uring-5.9-2020-09-04
-----BEGIN PGP SIGNATURE----- iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAl9SWN8QHGF4Ym9lQGtl cm5lbC5kawAKCRD301j7KXHgpvtbD/4yI5dkopv6E2RHVuupFWmGlGoxLhPecnAZ UHbKU+LA/tzWWMA7gZuwzzDEK1QWT/KmctpGTI22SXUKQCtjGzO/qnRMfyJ34TdQ l4leYdw/QzUOHZG7dKVYUACHiaSxzQSallNuX1I9eM084KSXH3DgUkrwMLoew/8n WJHKN+oRhcppnLVDekaLXbZEI9idTnY+gs/Dg8TNsxNSeO6y51OOlKltaNfL+npQ dwlgMoolBYWHFozqgVyzIV7sU7fQ9QGppwBIfqBb1jEe9JU2ZymtlcDgfxUVpKcg W8/PCoVT60AGiMdjV0EBoQO09r+nvwAcRQUSlWJU7Dn/pcZmFoaJkyse+SnD0Dac cLTKhnhgMJSI4Zt3yQidFSNhz0Ouw15J8k7OTftn81zhtkHzPBgGnA7R6b7UUQsZ 5lJvlZh5aFPNBFp9A0do5+f5/lUMhHkxDpFVmZo+ywPtoNHJeDL2+jzzFawJ8kqv IoFvVL8hl4DzqN+vShsJ40jH93+oITF/Jlq6kY8ILKtu42i5qAxpP0wUwycrN6Pz /YNTKPveCoPU7zaFDvMfbc7U56Ke6ma+lmtTn6q6JOWFvUAYh7SUY4JGzEMpxfxK QVyFMwXnCKhB66ZypJIFdbT4zqkTXmhxvu/Oz5txDv/uoytqT1o+zLHb3USi4Lw8 89NyvBc0aQ== =NLOn -----END PGP SIGNATURE----- Merge tag 'io_uring-5.9-2020-09-04' of git://git.kernel.dk/linux-block Pull io_uring fixes from Jens Axboe: - EAGAIN with O_NONBLOCK retry fix - Two small fixes for registered files (Jiufei) * tag 'io_uring-5.9-2020-09-04' of git://git.kernel.dk/linux-block: io_uring: no read/write-retry on -EAGAIN error and O_NONBLOCK marked file io_uring: set table->files[i] to NULL when io_sqe_file_register failed io_uring: fix removing the wrong file in __io_sqe_files_update() |
|
|
Linus Torvalds
|
2fb547911c |
- Fix bogus thermal shutdowns for omap4430 where bogus values
resulting from an incorrect ADC conversion are too high and fire an emergency shutdown (Tony Lindgren) - Don't suppress negative temp for qcom spmi as they are valid and userspace needs them (Veera Vegivada) - Fix use-after-free in thermal_zone_device_unregister reported by Kasan (Dmitry Osipenko) -----BEGIN PGP SIGNATURE----- iQEzBAABCAAdFiEEGn3N4YVz0WNVyHskqDIjiipP6E8FAl9SDqQACgkQqDIjiipP 6E9/qwf/WybOihgjeQUv3a9f4k6SeJphoDZRNATJtyU1e+fgJXUxjFqma6t4CYJv uphZ1SppY9rnx1nWzhANSQjKun5KLwIskcNTCaGN4adRJ1cNdY63PdSX9BTJr9+H w5H0AGWMErAOdmCPCro4pnZ3l3FPKXcoNvqDAjF1kZ97v5tMGzdInflOJl1ztUZA scAnY7j0TyNsoRy2TV0oxQtSN9cDhgph1zJF1RcVzlU1uD897Htet1RF/PrHDvBW NYVcWDTfiWmvf9Zewy2+cfApK9QGqBRhnwt4Z8PlTUcqrOgqAiNnOAnov+Topg/y XNQzWwXFUip6bk5pTXPF8gSI0glkJg== =LDGk -----END PGP SIGNATURE----- Merge tag 'thermal-v5.9-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/thermal/linux Pull thermal fixes from Daniel Lezcano: - Fix bogus thermal shutdowns for omap4430 where bogus values resulting from an incorrect ADC conversion are too high and fire an emergency shutdown (Tony Lindgren) - Don't suppress negative temp for qcom spmi as they are valid and userspace needs them (Veera Vegivada) - Fix use-after-free in thermal_zone_device_unregister reported by Kasan (Dmitry Osipenko) * tag 'thermal-v5.9-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/thermal/linux: thermal: core: Fix use-after-free in thermal_zone_device_unregister() thermal: qcom-spmi-temp-alarm: Don't suppress negative temp thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430 |
|
|
Linus Torvalds
|
e2dacf6cd1 |
dmaengine fixes for v5.9-rc4
Core: - drop ACPI CSRT table reference after using it - fix of_dma_router_xlate() error handling Drivers: Off fixes in: - idxd - at_hdmac - pl330 - dw-edma - jz478 -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEE+vs47OPLdNbVcHzyfBQHDyUjg0cFAl9SFUQACgkQfBQHDyUj g0cSKxAApV4hJzU1hK1vZR3SeAN1T5n7Z6OowMR/gBqt6wjffJvh8FMUf3onOEDq jjLDA106JAXKGnIvd0ZJ0B7U0F6sfC9uKjz8LTxoF+XK89HxTQL5REFpR7BG2oFs sqoxrhgYxOqQ5czo0xSXk/psJmtJF8/KAfrXXxixe1CjIX6FeVP765w7DYl1CPT+ VQt0LGrtHCMwpSJJW3PJFCfwj6/LWhyBIZSEoE9c+U8LqdHt0T6NKvPtj7Q7XAnx 8L5YL+H68ZPmplZqUAtp9E2Ob5QxYNCxnbBrAk2izkALNpaN1WEJt/MVjNVXtn8l xKivCRxjti41piyubEAvaqUnEmbf1INE/t64N8+iKcGfZqcLWPsNTYJI0eGNBjna 3uh4NxBNMOMjWU4lCp/1P5cnplB6sTc0Svepoft6ohCLiTkBR7P6HJ4R3HpalJTu O5WpFoDQAqnnV9DAyR5XyJe65tioEqkttYiDPWSlgevJBLC5PA0kB9Ug7Fvi6E6J OcPFTYSh0FdAf4Nq49FfV/4IqXLqL1jz9z5uehZL7g22y9h9FZ9Mxw0y+30c6VEA akFWnMkTElOAU4F8MJ95+c0n8gXNPUhyPk3eIE2mq9hWFZiVWL+0SKyRZGWO2nWN BB//CG8tMP6ryy/W/RuLe8pHuRiy/ZilqdNJ8eFSIv0CyOshTJc= =DUvT -----END PGP SIGNATURE----- Merge tag 'dmaengine-fix-5.9-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/dmaengine Pull dmaengine fixes from Vinod Koul: "A couple of core fixes and odd driver fixes for dmaengine subsystem: Core: - drop ACPI CSRT table reference after using it - fix of_dma_router_xlate() error handling Drivers fixes in idxd, at_hdmac, pl330, dw-edma and jz478" * tag 'dmaengine-fix-5.9-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/dmaengine: dmaengine: ti: k3-udma: Update rchan_oes_offset for am654 SYSFW ABI 3.0 drivers/dma/dma-jz4780: Fix race condition between probe and irq handler dmaengine: dw-edma: Fix scatter-gather address calculation dmaengine: ti: k3-udma: Fix the TR initialization for prep_slave_sg dmaengine: pl330: Fix burst length if burst size is smaller than bus width dmaengine: at_hdmac: add missing kfree() call in at_dma_xlate() dmaengine: at_hdmac: add missing put_device() call in at_dma_xlate() dmaengine: at_hdmac: check return value of of_find_device_by_node() in at_dma_xlate() dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling dmaengine: idxd: reset states after device disable or reset dmaengine: acpi: Put the CSRT table after using it |
|
|
Linus Torvalds
|
86edf52e7c |
sound fixes for 5.9-rc4
A collection of small changes, nothing intrusive:
* Remaining tasklet API conversions, now all sound stuff have been
converted
* A few HD-audio and USB-audio quirks and minor fixes
* FireWire Tascam and Digi00xx fixes
* Drop of kernel WARNING from PCM OSS for syzkaller
-----BEGIN PGP SIGNATURE-----
iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAl9R8ckOHHRpd2FpQHN1
c2UuZGUACgkQLtJE4w1nLE+Dtg//ShtXFp622T5NiMvDF5sG8AlbvGLf1dUdja62
6sF2kba9vhncI9ejjGSJBCdfun3dtNkjsffacKOzTbnSHbwsBjU7J68zP1dru+d2
88WXb4h8iAxAPcPHSgblpdi+ifeKGEYsAr7tbVa5KIpFKDxW7qLw5ntXu0G0vuW3
+ao/p3TB/LT5I42bu0UmXsfuO7dVoyyzOSDdlse0mFNNeNSLVslAkaqqYSosmp1/
I2gPyP814OwqrPITGvlnDWLfCnuTVDQodtAYb6sADPpplBTGu4uVfJUD+w6xVNDX
2byY6Q2TYYolrBUSvsPxUSXAfogvGQFppOnpbxnZftIrDoFC8WN048vWEfYZ2CWn
bVDQmErqAk8+l3r8kllW6IXhJxF2CMivv92Ht+8VA4sw29RVGtUXw6Gm7aJvoqP3
zewF7RZh6vNJVsjAv4KEpYTyNLQi9eYCygeB9INA7dWBZeyaolchX1Ptrd4fhyo7
ko20Fbu+vuk18B9zNE5yIpBKNpqDVNyTCnZSU9kzCicVZ/OD15fw/sUXUVo3wx5X
ZRLBdJrccXni+LlbYHT6tJPtnQtBHITffN2/zvGPPXlViLexz88jtqWaTayy4J1u
L63BIA3L8IfAW1ln22CfNlKbwN+Ku1uJwJnPHiUPDABXH6Uk2oeCxI5BRLzyTieB
oe1jrcs=
=CwOB
-----END PGP SIGNATURE-----
Merge tag 'sound-5.9-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"A collection of small changes, nothing intrusive:
- remaining tasklet API conversions, now all sound stuff have been
converted
- a few HD-audio and USB-audio quirks and minor fixes
- FireWire Tascam and Digi00xx fixes
- drop a kernel WARNING from PCM OSS for syzkaller"
* tag 'sound-5.9-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (29 commits)
ALSA: hda/realtek - Improved routing for Thinkpad X1 7th/8th Gen
ALSA: hda: use consistent HDAudio spelling in comments/docs
ALSA: hda: add dev_dbg log when driver is not selected
ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled
ALSA: hda: hdmi - add Rocketlake support
ALSA: ua101: convert tasklets to use new tasklet_setup() API
ALSA: usb-audio: convert tasklets to use new tasklet_setup() API
ASoC: txx9: convert tasklets to use new tasklet_setup() API
ASoC: siu: convert tasklets to use new tasklet_setup() API
ASoC: fsl_esai: convert tasklets to use new tasklet_setup() API
ALSA: hdsp: convert tasklets to use new tasklet_setup() API
ALSA: riptide: convert tasklets to use new tasklet_setup() API
ALSA: pci/asihpi: convert tasklets to use new tasklet_setup() API
ALSA: firewire: convert tasklets to use new tasklet_setup() API
ALSA: core: convert tasklets to use new tasklet_setup() API
ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check
ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO
ALSA: hda/hdmi: always check pin power status in i915 pin fixup
ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion NT950XCJ-X716A
ALSA: usb-audio: Add basic capture support for Pioneer DJ DJM-250MK2
...
|