adapting changes #1
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
commit 9a5729f68d3a82786aea110b1bfe610be318f80a upstream. The pointer used to log a failure of usb_register_dev() must be set before the error is logged. v2: fix that minor is not available before registration Signed-off-by: oliver Neukum <[email protected]> Reported-by: [email protected] Fixes: 7b5cd5f ("USB: SisUSB2VGA: Convert printk to dev_* macros") Cc: stable <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit ea261113385ac0a71c2838185f39e8452d54b152 upstream.
Without USB_QUIRK_NO_LPM ethernet will not work and rtl8152 will
complain with
r8152 <device...>: Stop submitting intr, status -71
Adding the quirk resolves this. As the dock is externally powered, this
should not have any drawbacks.
Signed-off-by: Maximilian Luz <[email protected]>
Cc: stable <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit 3864d33943b4a76c6e64616280e98d2410b1190f upstream. This driver is using a global variable. It cannot handle more than one device at a time. The issue has been existing since the dawn of the driver. Signed-off-by: Oliver Neukum <[email protected]> Reported-by: [email protected] Cc: stable <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit e0feb73428b69322dd5caae90b0207de369b5575 upstream. If a disconnected device is closed, rio_close() must free the buffers. Signed-off-by: Oliver Neukum <[email protected]> Cc: stable <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit 31e0456de5be379b10fea0fa94a681057114a96e upstream. The syzkaller USB fuzzer found a general-protection-fault bug in the smsusb part of the Siano DVB driver. The fault occurs during probe because the driver assumes without checking that the device has both IN and OUT endpoints and the IN endpoint is ep1. By slightly rearranging the driver's initialization code, we can make the appropriate checks early on and thus avoid the problem. If the expected endpoints aren't present, the new code safely returns -ENODEV from the probe routine. Signed-off-by: Alan Stern <[email protected]> Reported-and-tested-by: [email protected] CC: <[email protected]> Reviewed-by: Johan Hovold <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit 45457c01171fd1488a7000d1751c06ed8560ee38 upstream. GCC complains about an apparently uninitialized variable recently added to smsusb_init_device(). It's a false positive, but to silence the warning this patch adds a trivial initialization. Signed-off-by: Alan Stern <[email protected]> Reported-by: kbuild test robot <[email protected]> CC: <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit a47686636d84eaec5c9c6e84bd5f96bed34d526d upstream.
Most Siano devices require an alignment for the response.
Changeset f3be52b0056a ("media: usb: siano: Fix general protection fault in smsusb")
changed the logic with gets such aligment, but it now produces a
sparce warning:
drivers/media/usb/siano/smsusb.c: In function 'smsusb_init_device':
drivers/media/usb/siano/smsusb.c:447:37: warning: 'in_maxp' may be used uninitialized in this function [-Wmaybe-uninitialized]
447 | dev->response_alignment = in_maxp - sizeof(struct sms_msg_hdr);
| ~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~
The sparse message itself is bogus, but a broken (or fake) USB
eeprom could produce a negative value for response_alignment.
So, change the code in order to check if the result is not
negative.
Fixes: 31e0456de5be ("media: usb: siano: Fix general protection fault in smsusb")
CC: <[email protected]>
Signed-off-by: Mauro Carvalho Chehab <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
…emove commit d27e5e07f9c49bf2a6a4ef254ce531c1b4fb5a38 upstream. With this early return due to zfcp_unit child(ren), we don't use the zfcp_port reference from the earlier zfcp_get_port_by_wwpn() anymore and need to put it. Signed-off-by: Steffen Maier <[email protected]> Fixes: d99b601 ("[SCSI] zfcp: restore refcount check on port_remove") Cc: <[email protected]> DD3Boh#3.7+ Reviewed-by: Jens Remus <[email protected]> Reviewed-by: Benjamin Block <[email protected]> Signed-off-by: Martin K. Petersen <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
… sdevs)
commit ef4021fe5fd77ced0323cede27979d80a56211ca upstream.
When the user tries to remove a zfcp port via sysfs, we only rejected it if
there are zfcp unit children under the port. With purely automatically
scanned LUNs there are no zfcp units but only SCSI devices. In such cases,
the port_remove erroneously continued. We close the port and this
implicitly closes all LUNs under the port. The SCSI devices survive with
their private zfcp_scsi_dev still holding a reference to the "removed"
zfcp_port (still allocated but invisible in sysfs) [zfcp_get_port_by_wwpn
in zfcp_scsi_slave_alloc]. This is not a problem as long as the fc_rport
stays blocked. Once (auto) port scan brings back the removed port, we
unblock its fc_rport again by design. However, there is no mechanism that
would recover (open) the LUNs under the port (no "ersfs_3" without
zfcp_unit [zfcp_erp_strategy_followup_success]). Any pending or new I/O to
such LUN leads to repeated:
Done: NEEDS_RETRY Result: hostbyte=DID_IMM_RETRY driverbyte=DRIVER_OK
See also v4.10 commit 6f2ce1c6af37 ("scsi: zfcp: fix rport unblock race
with LUN recovery"). Even a manual LUN recovery
(echo 0 > /sys/bus/scsi/devices/H:C:T:L/zfcp_failed)
does not help, as the LUN links to the old "removed" port which remains
to lack ZFCP_STATUS_COMMON_RUNNING [zfcp_erp_required_act].
The only workaround is to first ensure that the fc_rport is blocked
(e.g. port_remove again in case it was re-discovered by (auto) port scan),
then delete the SCSI devices, and finally re-discover by (auto) port scan.
The port scan includes an fc_rport unblock, which in turn triggers
a new scan on the scsi target to freshly get new pure auto scan LUNs.
Fix this by rejecting port_remove also if there are SCSI devices
(even without any zfcp_unit) under this port. Re-use mechanics from v3.7
commit d99b601 ("[SCSI] zfcp: restore refcount check on port_remove").
However, we have to give up zfcp_sysfs_port_units_mutex earlier in unit_add
to prevent a deadlock with scsi_host scan taking shost->scan_mutex first
and then zfcp_sysfs_port_units_mutex now in our zfcp_scsi_slave_alloc().
Signed-off-by: Steffen Maier <[email protected]>
Fixes: b62a8d9 ("[SCSI] zfcp: Use SCSI device data zfcp scsi dev instead of zfcp unit")
Fixes: f8210e3 ("[SCSI] zfcp: Allow midlayer to scan for LUNs when running in NPIV mode")
Cc: <[email protected]> DD3Boh#2.6.37+
Reviewed-by: Benjamin Block <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit 06989c799f04810f6876900d4760c0edda369cf7 upstream.
When syncing the log, the final phase of a fsync operation, we need to
either create a log root's item or update the existing item in the log
tree of log roots, and that depends on the current value of the log
root's log_transid - if it's 1 we need to create the log root item,
otherwise it must exist already and we update it. Since there is no
synchronization between updating the log_transid and checking it for
deciding whether the log root's item needs to be created or updated, we
end up with a tiny race window that results in attempts to update the
item to fail because the item was not yet created:
CPU 1 CPU 2
btrfs_sync_log()
lock root->log_mutex
set log root's log_transid to 1
unlock root->log_mutex
btrfs_sync_log()
lock root->log_mutex
sets log root's
log_transid to 2
unlock root->log_mutex
update_log_root()
sees log root's log_transid
with a value of 2
calls btrfs_update_root(),
which fails with -EUCLEAN
and causes transaction abort
Until recently the race lead to a BUG_ON at btrfs_update_root(), but after
the recent commit 7ac1e464c4d47 ("btrfs: Don't panic when we can't find a
root key") we just abort the current transaction.
A sample trace of the BUG_ON() on a SLE12 kernel:
------------[ cut here ]------------
kernel BUG at ../fs/btrfs/root-tree.c:157!
Oops: Exception in kernel mode, sig: 5 [#1]
SMP NR_CPUS=2048 NUMA pSeries
(...)
Supported: Yes, External
CPU: 78 PID: 76303 Comm: rtas_errd Tainted: G X 4.4.156-94.57-default #1
task: c00000ffa906d010 ti: c00000ff42b08000 task.ti: c00000ff42b08000
NIP: d000000036ae5cdc LR: d000000036ae5cd8 CTR: 0000000000000000
REGS: c00000ff42b0b860 TRAP: 0700 Tainted: G X (4.4.156-94.57-default)
MSR: 8000000002029033 <SF,VEC,EE,ME,IR,DR,RI,LE> CR: 22444484 XER: 20000000
CFAR: d000000036aba66c SOFTE: 1
GPR00: d000000036ae5cd8 c00000ff42b0bae0 d000000036bda220 0000000000000054
GPR04: 0000000000000001 0000000000000000 c00007ffff8d37c8 0000000000000000
GPR08: c000000000e19c00 0000000000000000 0000000000000000 3736343438312079
GPR12: 3930373337303434 c000000007a3a800 00000000007fffff 0000000000000023
GPR16: c00000ffa9d26028 c00000ffa9d261f8 0000000000000010 c00000ffa9d2ab28
GPR20: c00000ff42b0bc48 0000000000000001 c00000ff9f0d9888 0000000000000001
GPR24: c00000ffa9d26000 c00000ffa9d261e8 c00000ffa9d2a800 c00000ff9f0d9888
GPR28: c00000ffa9d26028 c00000ffa9d2aa98 0000000000000001 c00000ffa98f5b20
NIP [d000000036ae5cdc] btrfs_update_root+0x25c/0x4e0 [btrfs]
LR [d000000036ae5cd8] btrfs_update_root+0x258/0x4e0 [btrfs]
Call Trace:
[c00000ff42b0bae0] [d000000036ae5cd8] btrfs_update_root+0x258/0x4e0 [btrfs] (unreliable)
[c00000ff42b0bba0] [d000000036b53610] btrfs_sync_log+0x2d0/0xc60 [btrfs]
[c00000ff42b0bce0] [d000000036b1785c] btrfs_sync_file+0x44c/0x4e0 [btrfs]
[c00000ff42b0bd80] [c00000000032e300] vfs_fsync_range+0x70/0x120
[c00000ff42b0bdd0] [c00000000032e44c] do_fsync+0x5c/0xb0
[c00000ff42b0be10] [c00000000032e8dc] SyS_fdatasync+0x2c/0x40
[c00000ff42b0be30] [c000000000009488] system_call+0x3c/0x100
Instruction dump:
7f43d378 4bffebb9 60000000 88d90008 3d220000 e8b90000 3b390009 e87a01f0
e8898e08 e8f90000 4bfd48e5 60000000 <0fe00000> e95b0060 39200004 394a0ea0
---[ end trace 8f2dc8f919cabab8 ]---
So fix this by doing the check of log_transid and updating or creating the
log root's item while holding the root's log_mutex.
Fixes: 7237f18 ("Btrfs: fix tree logs parallel sync")
CC: [email protected] # 4.4+
Signed-off-by: Filipe Manana <[email protected]>
Signed-off-by: David Sterba <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit 317d9313925cd8388304286c0d3c8dda7f060a2d upstream. I measured power consumption between power_save_node=1 and power_save_node=0. It's almost the same. Codec will enter to runtime suspend and suspend. That pin also will enter to D3. Don't need to enter to D3 by single pin. So, Disable power_save_node as default. It will avoid more issues. Windows Driver also has not this option at runtime PM. Signed-off-by: Kailang Yang <[email protected]> Cc: <[email protected]> Signed-off-by: Takashi Iwai <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit 342406e4fbba9a174125fbfe6aeac3d64ef90f76 upstream. For a while, we've had the problem of i2c bus access not grabbing a runtime PM ref when it's being used in userspace by i2c-dev, resulting in nouveau spamming the kernel log with errors if anything attempts to access the i2c bus while the GPU is in runtime suspend. An example: [ 130.078386] nouveau 0000:01:00.0: i2c: aux 000d: begin idle timeout ffffffff Since the GPU is in runtime suspend, the MMIO region that the i2c bus is on isn't accessible. On x86, the standard behavior for accessing an unavailable MMIO region is to just return ~0. Except, that turned out to be a lie. While computers with a clean concious will return ~0 in this scenario, some machines will actually completely hang a CPU on certian bad MMIO accesses. This was witnessed with someone's Lenovo ThinkPad P50, where sensors-detect attempting to access the i2c bus while the GPU was suspended would result in a CPU hang: CPU: 5 PID: 12438 Comm: sensors-detect Not tainted 5.0.0-0.rc4.git3.1.fc30.x86_64 #1 Hardware name: LENOVO 20EQS64N17/20EQS64N17, BIOS N1EET74W (1.47 ) 11/21/2017 RIP: 0010:ioread32+0x2b/0x30 Code: 81 ff ff ff 03 00 77 20 48 81 ff 00 00 01 00 76 05 0f b7 d7 ed c3 48 c7 c6 e1 0c 36 96 e8 2d ff ff ff b8 ff ff ff ff c3 8b 07 <c3> 0f 1f 40 00 49 89 f0 48 81 fe ff ff 03 00 76 04 40 88 3e c3 48 RSP: 0018:ffffaac3c5007b48 EFLAGS: 00000292 ORIG_RAX: ffffffffffffff13 RAX: 0000000001111000 RBX: 0000000001111000 RCX: 0000043017a97186 RDX: 0000000000000aaa RSI: 0000000000000005 RDI: ffffaac3c400e4e4 RBP: ffff9e6443902c00 R08: ffffaac3c400e4e4 R09: ffffaac3c5007be7 R10: 0000000000000004 R11: 0000000000000001 R12: ffff9e6445dd0000 R13: 000000000000e4e4 R14: 00000000000003c4 R15: 0000000000000000 FS: 00007f253155a740(0000) GS:ffff9e644f600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005630d1500358 CR3: 0000000417c44006 CR4: 00000000003606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: g94_i2c_aux_xfer+0x326/0x850 [nouveau] nvkm_i2c_aux_i2c_xfer+0x9e/0x140 [nouveau] __i2c_transfer+0x14b/0x620 i2c_smbus_xfer_emulated+0x159/0x680 ? _raw_spin_unlock_irqrestore+0x1/0x60 ? rt_mutex_slowlock.constprop.0+0x13d/0x1e0 ? __lock_is_held+0x59/0xa0 __i2c_smbus_xfer+0x138/0x5a0 i2c_smbus_xfer+0x4f/0x80 i2cdev_ioctl_smbus+0x162/0x2d0 [i2c_dev] i2cdev_ioctl+0x1db/0x2c0 [i2c_dev] do_vfs_ioctl+0x408/0x750 ksys_ioctl+0x5e/0x90 __x64_sys_ioctl+0x16/0x20 do_syscall_64+0x60/0x1e0 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f25317f546b Code: 0f 1e fa 48 8b 05 1d da 0c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ed d9 0c 00 f7 d8 64 89 01 48 RSP: 002b:00007ffc88caab68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00005630d0fe7260 RCX: 00007f25317f546b RDX: 00005630d1598e80 RSI: 0000000000000720 RDI: 0000000000000003 RBP: 00005630d155b968 R08: 0000000000000001 R09: 00005630d15a1da0 R10: 0000000000000070 R11: 0000000000000246 R12: 00005630d1598e80 R13: 00005630d12f3d28 R14: 0000000000000720 R15: 00005630d12f3ce0 watchdog: BUG: soft lockup - CPU#5 stuck for 23s! [sensors-detect:12438] Yikes! While I wanted to try to make it so that accessing an i2c bus on nouveau would wake up the GPU as needed, airlied pointed out that pretty much any usecase for userspace accessing an i2c bus on a GPU (mainly for the DDC brightness control that some displays have) is going to only be useful while there's at least one display enabled on the GPU anyway, and the GPU never sleeps while there's displays running. Since teaching the i2c bus to wake up the GPU on userspace accesses is a good deal more difficult than it might seem, mostly due to the fact that we have to use the i2c bus during runtime resume of the GPU, we instead opt for the easiest solution: don't let userspace access i2c busses on the GPU at all while it's in runtime suspend. Changes since v1: * Also disable i2c busses that run over DP AUX Signed-off-by: Lyude Paul <[email protected]> Cc: [email protected] Signed-off-by: Ben Skeggs <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit 61c0e37950b88bad590056286c1d766b1f167f4e upstream. When the tty layer requests the uart to throttle, the current code executing in msm_serial will trigger "Bad mode in Error Handler" and generate an invalid stack frame in pstore before rebooting (that is if pstore is indeed configured: otherwise the user shall just notice a reboot with no further information dumped to the console). This patch replaces the PIO byte accessor with the word accessor already used in PIO mode. Fixes: 6825242 ("tty: serial: msm: Support big-endian CPUs") Cc: [email protected] Signed-off-by: Jorge Ramirez-Ortiz <[email protected]> Reviewed-by: Bjorn Andersson <[email protected]> Reviewed-by: Stephen Boyd <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit 5d24f455c182d5116dd5db8e1dc501115ecc9c2c upstream. The datasheet states: Bit 4: ClockEnSet the ClockEn bit high to enable an external clocking (crystal or clock generator at XIN). Set the ClockEn bit to 0 to disable clocking Bit 1: CrystalEnSet the CrystalEn bit high to enable the crystal oscillator. When using an external clock source at XIN, CrystalEn must be set low. The bit 4, MAX310X_CLKSRC_EXTCLK_BIT, should be set and was not. This was required to make the MAX3107 with an external crystal on our board able to send or receive data. Signed-off-by: Joe Burmeister <[email protected]> Cc: stable <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit 3e8589963773a5c23e2f1fe4bcad0e9a90b7f471 upstream. We have a single node system with node 0 disabled: Scanning NUMA topology in Northbridge 24 Number of physical nodes 2 Skipping disabled node 0 Node 1 MemBase 0000000000000000 Limit 00000000fbff0000 NODE_DATA(1) allocated [mem 0xfbfda000-0xfbfeffff] This causes crashes in memcg when system boots: BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 #PF error: [normal kernel read fault] ... RIP: 0010:list_lru_add+0x94/0x170 ... Call Trace: d_lru_add+0x44/0x50 dput.part.34+0xfc/0x110 __fput+0x108/0x230 task_work_run+0x9f/0xc0 exit_to_usermode_loop+0xf5/0x100 It is reproducible as far as 4.12. I did not try older kernels. You have to have a new enough systemd, e.g. 241 (the reason is unknown -- was not investigated). Cannot be reproduced with systemd 234. The system crashes because the size of lru array is never updated in memcg_update_all_list_lrus and the reads are past the zero-sized array, causing dereferences of random memory. The root cause are list_lru_memcg_aware checks in the list_lru code. The test in list_lru_memcg_aware is broken: it assumes node 0 is always present, but it is not true on some systems as can be seen above. So fix this by avoiding checks on node 0. Remember the memcg-awareness by a bool flag in struct list_lru. Link: http://lkml.kernel.org/r/[email protected] Fixes: 60d3fd3 ("list_lru: introduce per-memcg lists") Signed-off-by: Jiri Slaby <[email protected]> Acked-by: Michal Hocko <[email protected]> Suggested-by: Vladimir Davydov <[email protected]> Acked-by: Vladimir Davydov <[email protected]> Reviewed-by: Shakeel Butt <[email protected]> Cc: Johannes Weiner <[email protected]> Cc: Raghavendra K T <[email protected]> Cc: <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit 98af37d624ed8c83f1953b1b6b2f6866011fc064 upstream. In the fixes commit, removing SIGKILL from each thread signal mask and executing "goto fatal" directly will skip the call to "trace_signal_deliver". At this point, the delivery tracking of the SIGKILL signal will be inaccurate. Therefore, we need to add trace_signal_deliver before "goto fatal" after executing sigdelset. Note: SEND_SIG_NOINFO matches the fact that SIGKILL doesn't have any info. Link: http://lkml.kernel.org/r/[email protected] Fixes: cf43a757fd4944 ("signal: Restore the stop PTRACE_EVENT_EXIT") Signed-off-by: Zhenliang Wei <[email protected]> Reviewed-by: Christian Brauner <[email protected]> Reviewed-by: Oleg Nesterov <[email protected]> Cc: Eric W. Biederman <[email protected]> Cc: Ivan Delalande <[email protected]> Cc: Arnd Bergmann <[email protected]> Cc: Thomas Gleixner <[email protected]> Cc: Deepa Dinamani <[email protected]> Cc: Greg Kroah-Hartman <[email protected]> Cc: <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
…y on ENOMEM commit 31fad7d41e73731f05b8053d17078638cf850fa6 upstream. In cifs_read_allocate_pages, in case of ENOMEM, we go through whole rdata->pages array but we have failed the allocation before nr_pages, therefore we may end up calling put_page with NULL pointer, causing oops Signed-off-by: Roberto Bergantinos Corpas <[email protected]> Acked-by: Pavel Shilovsky <[email protected]> Signed-off-by: Steve French <[email protected]> CC: Stable <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
This was done as part of upstream commits fdfb4a99b6ab "8inder: separate binder allocator structure from binder proc", 19c987241ca1 "binder: separate out binder_alloc functions", and 7a4408c6bd3e "binder: make sure accesses to proc/thread are safe". However, those commits made lots of other changes that are not suitable for stable. Signed-off-by: Ben Hutchings <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit 8ca86f1639ec5890d400fff9211aca22d0a392eb upstream. The format specifier "%p" can leak kernel addresses. Use "%pK" instead. There were 4 remaining cases in binder.c. Signed-off-by: Todd Kjos <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> [bwh: Backported to 4.4: adjust context] Signed-off-by: Ben Hutchings <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit 2b16f048729bf35e6c28a40cbfad07239f9dcd90 upstream. If you take a GSO skb, and split it into packets, will the MAC length (L2 + L3 + L4 headers + payload) of those packets be small enough to fit within a given length? Move skb_gso_mac_seglen() to skbuff.h with other related functions like skb_gso_network_seglen() so we can use it, and then create skb_gso_validate_mac_len to do the full calculation. Signed-off-by: Daniel Axtens <[email protected]> Signed-off-by: David S. Miller <[email protected]> [bwh: Backported to 4.4: There is no GSO_BY_FRAGS case to handle, so skb_gso_validate_mac_len() becomes a trivial comparison. Put it inline in <linux/skbuff.h>.] Signed-off-by: Ben Hutchings <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit 8914a595110a6eca69a5e275b323f5d09e18f4f9 upstream. If a bnx2x card is passed a GSO packet with a gso_size larger than ~9700 bytes, it will cause a firmware error that will bring the card down: bnx2x: [bnx2x_attn_int_deasserted3:4323(enP24p1s0f0)]MC assert! bnx2x: [bnx2x_mc_assert:720(enP24p1s0f0)]XSTORM_ASSERT_LIST_INDEX 0x2 bnx2x: [bnx2x_mc_assert:736(enP24p1s0f0)]XSTORM_ASSERT_INDEX 0x0 = 0x00000000 0x25e43e47 0x00463e01 0x00010052 bnx2x: [bnx2x_mc_assert:750(enP24p1s0f0)]Chip Revision: everest3, FW Version: 7_13_1 ... (dump of values continues) ... Detect when the mac length of a GSO packet is greater than the maximum packet size (9700 bytes) and disable GSO. Signed-off-by: Daniel Axtens <[email protected]> Reviewed-by: Eric Dumazet <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Ben Hutchings <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit 0aedbcaf6f182690790d98d90d5fe1e64c846c34 upstream. Add additional length checks on firmware events to create more robust code. Reviewed-by: Arend Van Spriel <[email protected]> Reviewed-by: Franky (Zhenhui) Lin <[email protected]> Reviewed-by: Pieter-Paul Giesberts <[email protected]> Reviewed-by: Lei Zhang <[email protected]> Signed-off-by: Hante Meuleman <[email protected]> Signed-off-by: Arend van Spriel <[email protected]> Signed-off-by: Kalle Valo <[email protected]> [bwh: Backported to 4.4: - Drop changes to brcmf_wowl_nd_results() - Adjust filenames] Signed-off-by: Ben Hutchings <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit c56caa9db8abbbfb9e31325e0897705aa897db37 upstream. Firmware uses asynchronized events as a communication method to the host. The event packets are marked as ETH_P_LINK_CTL protocol type. For SDIO and PCIe bus, this kind of packets are delivered through virtual event channel not data channel. This patch adds a screening logic to make sure the event handler only processes the events coming from the correct channel. Reviewed-by: Pieter-Paul Giesberts <[email protected]> Signed-off-by: Franky Lin <[email protected]> Signed-off-by: Arend van Spriel <[email protected]> Signed-off-by: Kalle Valo <[email protected]> [bwh: Backported to 4.4 adjust filenames] Signed-off-by: Ben Hutchings <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit 9c349892ccc90c6de2baaa69cc78449f58082273 upstream. Move event handling out of brcmf_netif_rx() avoiding the need to pass a flag. This flag is only ever true for USB hosts as other interface use separate brcmf_rx_event() function. Reviewed-by: Hante Meuleman <[email protected]> Reviewed-by: Pieter-Paul Giesberts <[email protected]> Reviewed-by: Franky Lin <[email protected]> Signed-off-by: Arend van Spriel <[email protected]> Signed-off-by: Kalle Valo <[email protected]> [bwh: Backported to 4.4 as dependency of commit a4176ec356c7 "brcmfmac: add subtype check for event handling in data path" - Adjust filenames, context] Signed-off-by: Ben Hutchings <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit 8e290cecdd0178f3d4cf7d463c51dc7e462843b4 upstream.
brcmf_sdio_fromevntchan() was being called on the the data frame
rather than the software header, causing some frames to be
mischaracterized as on the event channel rather than the data channel.
This fixes a major performance regression (due to dropped packets). With
this patch the download speed jumped from 1Mbit/s back up to 40MBit/s due
to the sheer amount of packets being incorrectly processed.
Fixes: c56caa9db8ab ("brcmfmac: screening firmware event packet")
Signed-off-by: Gavin Li <[email protected]>
Acked-by: Arend van Spriel <[email protected]>
[[email protected]: improve commit logs based on email discussion]
Signed-off-by: Kalle Valo <[email protected]>
[bwh: Backported to 4.4: adjust filename]
Signed-off-by: Ben Hutchings <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit 4835f37e3bafc138f8bfa3cbed2920dd56fed283 upstream. Assure the event data buffer is long enough to hold the array of netinfo items and that SSID length does not exceed the maximum of 32 characters as per 802.11 spec. Reviewed-by: Hante Meuleman <[email protected]> Reviewed-by: Pieter-Paul Giesberts <[email protected]> Reviewed-by: Franky Lin <[email protected]> Signed-off-by: Arend van Spriel <[email protected]> Signed-off-by: Kalle Valo <[email protected]> [bwh: Backported to 4.4: - Move the assignment to "data" along with the assignment to "netinfo_start" that depends on it - Adjust filename, context, indentation] Signed-off-by: Ben Hutchings <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit a4176ec356c73a46c07c181c6d04039fafa34a9f upstream. For USB there is no separate channel being used to pass events from firmware to the host driver and as such are passed over the data path. In order to detect mock event messages an additional check is needed on event subtype. This check is added conditionally using unlikely() keyword. Reviewed-by: Hante Meuleman <[email protected]> Reviewed-by: Pieter-Paul Giesberts <[email protected]> Reviewed-by: Franky Lin <[email protected]> Signed-off-by: Arend van Spriel <[email protected]> Signed-off-by: Kalle Valo <[email protected]> [bwh: Backported to 4.4: adjust filenames] Signed-off-by: Ben Hutchings <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit d2005e3f41d4f9299e2df6a967c8beb5086967a9 upstream. userfaultfd_file_create() increments mm->mm_users; this means that the memory won't be unmapped/freed if mm owner exits/execs, and UFFDIO_COPY after that can populate the orphaned mm more. Change userfaultfd_file_create() and userfaultfd_ctx_put() to use mm->mm_count to pin mm_struct. This means that atomic_inc_not_zero(mm->mm_users) is needed when we are going to actually play with this memory. Except handle_userfault() path doesn't need this, the caller must already have a reference. The patch adds the new trivial helper, mmget_not_zero(), it can have more users. Link: http://lkml.kernel.org/r/[email protected] Signed-off-by: Oleg Nesterov <[email protected]> Cc: Andrea Arcangeli <[email protected]> Cc: Michal Hocko <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]> Signed-off-by: Ben Hutchings <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
This reverts commit 392bef709659abea614abfe53cf228e7a59876a4. It seems to cause lots of problems when using the gold linker, and no one really needs this at the moment, so just revert it from the stable trees. Cc: Sami Tolvanen <[email protected]> Reported-by: Kees Cook <[email protected]> Cc: Borislav Petkov <[email protected]> Cc: Linus Torvalds <[email protected]> Cc: Peter Zijlstra <[email protected]> Cc: Thomas Gleixner <[email protected]> Reported-by: Alec Ari <[email protected]> Cc: Ingo Molnar <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit 6314dab4b8fb8493d810e175cb340376052c69b6 upstream. The GetNtbFormat and SetNtbFormat requests operate on 16 bit little endian values. We get away with ignoring this most of the time, because we only care about USB_CDC_NCM_NTB16_FORMAT which is 0x0000. This fails for USB_CDC_NCM_NTB32_FORMAT. Fix comparison between LE value from device and constant by converting the constant to LE. Reported-by: Ben Hutchings <[email protected]> Fixes: 2b02c20ce0c2 ("cdc_ncm: Set NTB format again after altsetting switch for Huawei devices") Cc: Enrico Mioso <[email protected]> Cc: Christian Panton <[email protected]> Signed-off-by: Bjørn Mork <[email protected]> Acked-By: Enrico Mioso <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Nobuhiro Iwamatsu <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
This change disables dynamic bind/unbind capability for CPP/JPEG/FD modules since it is not currently supported. Change-Id: Ice692d7d700c3b7a75463b109265f958993031eb Signed-off-by: Venu Raidu <[email protected]> Signed-off-by: Sumalatha Malothu <[email protected]>
Sub-system shutdown timeout is 20 seconds. In wlan platform driver, modem block shutdown timeout should be less than sub-system timeout. Hence, change block shutdown timeout to 15 seconds. Change-Id: I936e0c462858727b86b35b924dd124a5d1434780 Signed-off-by: Mohammed Siddiq <[email protected]>
There is possibility that due to scheduling latency of tasklet, user threads VFE hardware could not be updated intime resulting in fatal error, invalid memory access. Added logic to track and gracefully handle the scheduling issues. Change-Id: I29acde4fe23a59e6ff0e5190e1c4b9c59f6ae08f Signed-off-by: Srikanth Uyyala <[email protected]> Signed-off-by: Sumalatha Malothu <[email protected]>
Fix page fault in ISP when there is no reg update for two consecutive request frame time. Change-Id: Ie246f146c1ec0785e0e6fa0671dd2ff28fbe6b38 Signed-off-by: Lokesh Kumar Aakulu <[email protected]> Signed-off-by: Sumalatha Malothu <[email protected]>
trace log support added for important VFE events, these traces can be enabled with camera trace event. Change-Id: I1e5c043ad3b69df632ff63130ff8eea10ab2097c Signed-off-by: Srikanth Uyyala <[email protected]> Signed-off-by: Sumalatha Malothu <[email protected]>
when pending requests are present due to drop_reconfig, avoid skip_all programming to hardware during epoch event. Change-Id: I9a56d179c30484c99c36bf1a9d60e8071fdd4a9a Signed-off-by: Srikanth Uyyala <[email protected]> Signed-off-by: Sumalatha Malothu <[email protected]>
Change-Id: I4399f6a521eedc0c02f7d5e5584952761c721a12
Change-Id: Ic444bdb7bf730ead7b1ccece1206c6be7716d858 Signed-off-by: Anusha Shakarad <[email protected]>
When scanning the passive channels the device will be offchannel for some ms which is affecting the miracast session. Change-Id: Id2bda3469f4e8f46d0e2601f5ff43eb459112bd4
USB presence is notified before setting EXTCON_USB_SPEED, this prevents the SS PHY resume. Fix this ordering. Change-Id: I4ad7bc065b968c6a7a461a2a436b7f2c755bab67 Signed-off-by: Chetan C R <[email protected]>
During dwc3 suspend clk_disable is directly getting called without calling clk_enable in dwc3 resume functionality for SS Phy. This fix add a check and disables clock only if it is enabled. Change-Id: Id4c4a71ca4e57274c0f09a83ce4d22fe13909cd1 Signed-off-by: Chetan C R <[email protected]>
Data pointer may be NULL, check for reset value to be false in that case and return EINVAL for invalid argument. Change-Id: I05a4aa96724c123516a7965bd0e939bdf0c86553 Signed-off-by: Mohammed Javid <[email protected]>
Couple of code cleanup - Check for upper boundary for resource_index not to dependent on ipa_rm_dep_get_index function. - Check actual argument for NULL and return. Change-Id: I0ab244e68d96f7841ab2a10e61f2546314166165 Signed-off-by: Mohammed Javid <[email protected]>
* changes: msm: ipa: Fix array out of bound and use after NULL check msm: ipa: Fix pointer checked for NULL may be used
…nto kernel.lnx.4.4.r37-rel
…ic/la/kernel/msm-4.4 into lineage-16.0 313e787 Merge "power: qpnp-smbcharger: Change ordering of EXTCON_USB_SPEED" into kernel.lnx.4.4.r37-rel dfa5b80 Merge changes I0ab244e6,I05a4aa96 into kernel.lnx.4.4.r37-rel c900b48 msm: ipa: Fix array out of bound and use after NULL check b562b05 msm: ipa: Fix pointer checked for NULL may be used 216dfe7 usb: phy-msm-susb-qmp: Add checks to check clk_enabled 2c0a97a power: qpnp-smbcharger: Change ordering of EXTCON_USB_SPEED 56d12bf Merge commit '09d42880fd9f4d04317f030021b85323b8f8b9b9' into HEAD 09d4288 Merge "msm: camera_v2: isp: update the frame drop during error case" 19d79e9 Merge "msm:camera: add trace log support for VFE events" 3ae0451 Merge "msm: camera_v2: Remove sysfs bind/unbind files" 45b4ac2 msm:camera: add trace log support for VFE events 5974bd4 msm: camera_v2: Fix page fault issue in camera ISP ed8c091 Merge "icnss: Reduce the shutdown timeout from 50sec to 15sec" 7e4d878 Merge "drm/msm/dsi-staging: Add range check in debugfs_dump_info_read" 9784003 icnss: Reduce the shutdown timeout from 50sec to 15sec 4e08c8c msm: camera_v2: Remove sysfs bind/unbind files 79a8f21 Merge "ASoC: sdm660_cdc: Set speaker amplifier enable bit" c0f636f Merge "cnss2: Update board data file name format" bd48b0a Merge "msm: kgsl: Add missing check for snapshot IB dump" 2f5e49a Merge "defconfig: msm: Disable EXT2 and EXT3 FS configs for MSM8998" 46ece1a Merge "sched/walt: Fix the memory leak of idle task load pointers" 7854013 Merge "soc: qcom: smem: validate fields of shared structures" 196d97a Merge "Merge android-4.4.183 (94fd428) into msm-4.4" fad4d2e Merge "msm: kgsl: Change data type for GPU ib vote" 54d23a9 Merge "drivers: thermal: Use FCAP scm call instead of DMAX in LMH DCVSh" 1379d11 msm: kgsl: Add missing check for snapshot IB dump 2c8f469 defconfig: msm: Disable EXT2 and EXT3 FS configs for MSM8998 fcc47ec soc: qcom: smem: validate fields of shared structures 7151def ASoC: sdm660_cdc: Set speaker amplifier enable bit f395d58 sched/walt: Fix the memory leak of idle task load pointers 03f0af3 drivers: thermal: Use FCAP scm call instead of DMAX in LMH DCVSh f6ee0c2 drivers: thermal: Use FCAP scm call instead of DMAX in KTM cb7df67 msm: kgsl: Change data type for GPU ib vote c94369b cnss2: print firmware cap info in stats 9a1c288 Merge android-4.4.183 (94fd428) into msm-4.4 94fd428 Merge 4.4.183 into android-4.4 3087432 Linux 4.4.183 df7ba81 Abort file_remove_privs() for non-reg. files 8f6345a coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping 3692bc3 Revert "crypto: crypto4xx - properly set IV after de- and encrypt" 39c7c90 scsi: libsas: delete sas port if expander discover failed a272035 scsi: libcxgbi: add a check for NULL pointer in cxgbi_check_route() af8cd61 net: sh_eth: fix mdio access in sh_eth_close() for R-Car Gen2 and RZ/A1 SoCs b25c62c KVM: PPC: Book3S: Use new mutex to synchronize access to rtas token list 7ef8d77 ia64: fix build errors by exporting paddr_to_nid() 432030b configfs: Fix use-after-free when accessing sd->s_dentry d5a18c8 i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr be1b9df net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE() 0bb6c29 gpio: fix gpio-adp5588 build errors dd961ef perf/ring_buffer: Add ordering to rb->nest increment 8abd8a9 perf/ring_buffer: Fix exposing a temporarily decreased data_head 3e74b3f x86/CPU/AMD: Don't force the CPB cap when running under a hypervisor f4678b7 mISDN: make sure device name is NUL terminated e2f9c0f sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg 753aa75 neigh: fix use-after-free read in pneigh_get_next 709d877 lapb: fixed leak of control-blocks. 1777c35 ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero 6f057ab be2net: Fix number of Rx queues used for flow hashing 7139a9f ax25: fix inconsistent lock state in ax25_destroy_timer f1a5c6b USB: serial: option: add Telit 0x1260 and 0x1261 compositions a67d659 USB: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode b8ee804 USB: serial: pl2303: add Allied Telesis VT-Kit3 f14747c USB: usb-storage: Add new ID to ums-realtek 038c192 USB: Fix chipmunk-like voice when using Logitech C270 for recording audio. 8f6b0e5 drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define() 6e0c7e7 drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an invalid read ce391e4 KVM: s390: fix memory slot handling for KVM_SET_USER_MEMORY_REGION a1b9c6b KVM: x86/pmu: do not mask the value that is written to fixed PMUs 7caddac usbnet: ipheth: fix racing condition f80a35f scsi: bnx2fc: fix incorrect cast to u64 on shift operation da51a32 scsi: lpfc: add check for loss of ndlp when sending RRQ 3a2ff10 Drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var 1f8233c ASoC: cs42xx8: Add regcache mask dirty 91f1fc1 cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css() 8b47af9 bcache: fix stack corruption by PRECEDING_KEY() a2aabf2 i2c: acorn: fix i2c warning d774bd2 ptrace: restore smp_rmb() in __ptrace_may_access() 5aff00e signal/ptrace: Don't leak unitialized kernel memory with PTRACE_PEEK_SIGINFO 0b871fc fs/ocfs2: fix race in ocfs2_dentry_attach_lock() c05fed5 mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node be499b8 libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk d7a1881 ALSA: seq: Cover unsubscribe_port() in list_mutex 4282a0b Revert "Bluetooth: Align minimum encryption key size for LE and BR/EDR connections" cd23996 futex: Fix futex lock the wrong page 38fbd5c ARM: exynos: Fix undefined instruction during Exynos5422 resume 5767587 pwm: Fix deadlock warning when removing PWM device 113a78a ARM: dts: exynos: Always enable necessary APIO_1V8 and ABB_1V8 regulators on Arndale Octa 7818495 pwm: tiehrpwm: Update shadow register for disabling PWMs d24e22c dmaengine: idma64: Use actual device for DMA transfers 5331716 gpio: gpio-omap: add check for off wake capable gpios 3b4652b PCI: xilinx: Check for __get_free_pages() failure c869210 video: imsttfb: fix potential NULL pointer dereferences 5c7fbc5 video: hgafb: fix potential NULL pointer dereference bea8fa8 PCI: rcar: Fix a potential NULL pointer dereference 76208df PCI: rpadlpar: Fix leaked device_node references in add/remove paths 1004686 ARM: dts: imx6qdl: Specify IMX6QDL_CLK_IPG as "ipg" clock to SDMA 927d2be ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ipg" clock to SDMA 8aee025 ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ahb" clock to SDMA b49501f clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288 4270dc6 soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher 8456763 platform/chrome: cros_ec_proto: check for NULL transfer function c7155e5 x86/PCI: Fix PCI IRQ routing table memory leak 198a54f nfsd: allow fh_want_write to be called twice e6779b2 fuse: retrieve: cap requested size to negotiated max_write 742cb74 nvmem: core: fix read buffer in place 750c55e ALSA: hda - Register irq handler after the chip initialization 09ad374 iommu/vt-d: Set intel_iommu_gfx_mapped correctly 9e4ed17 f2fs: fix to do sanity check on valid block count of segment 534ef92 f2fs: fix to avoid panic in do_recover_data() 90a238a ntp: Allow TAI-UTC offset to be set to zero 25be7d5 drm/bridge: adv7511: Fix low refresh rate selection 8fdebdd perf/x86/intel: Allow PEBS multi-entry in watermark mode dee1ba9 mfd: twl6040: Fix device init errors for ACCCTL register 4110c41 mfd: intel-lpss: Set the device in reset state when init 1bef191 kernel/sys.c: prctl: fix false positive in validate_prctl_map() 937fa16 mm/cma_debug.c: fix the break condition in cma_maxchunk_get() fceb0be mm/cma.c: fix crash on CMA allocation if bitmap allocation fails 9c8d4d7 hugetlbfs: on restore reserve error path retain subpool reservation d8129a5 ipc: prevent lockup on alloc_msg and free_msg 50c0db5 sysctl: return -EINVAL if val violates minmax 8b9241b fs/fat/file.c: issue flush after the writeback of FAT 335e20c Merge "soc: qcom: glink_spi_xprt: Sanitize input for short cmd" abc2a59 Merge "soc: qcom: hab: add error handling when dt item is missing" 9998d2e mm: add /proc/pid/smaps_rollup a216516 Merge "msm: ais: sensor: actuator: fix out of bound read for bivcm region params" 7ec9476 soc: qcom: hab: add error handling when dt item is missing 7967865 msm: ais: sensor: actuator: fix out of bound read for bivcm region params 14f9c77 Merge "Merge android-4.4.182 (9c4ab57) into msm-4.4" eee21eb ANDROID: kernel: cgroup: cpuset: Clear cpus_requested for empty buf f1adac4 ANDROID: kernel: cgroup: cpuset: Add missing allocation of cpus_requested in alloc_trial_cpuset 291c54b i2c: virtio: reallocate memory for each msg buffer ca64572 Merge changes into msm-4.4 a32f2cd Merge android-4.4.182 (9c4ab57) into msm-4.4 2ae4cde Merge "i2c: refine the driver of i2c virtualization" 9c4ab57 Merge 4.4.182 into android-4.4 33790f2 Linux 4.4.182 f938ae0 tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() e757d05 tcp: add tcp_min_snd_mss sysctl ad472d3 tcp: tcp_fragment() should apply sane memory limits 4657ee0 tcp: limit payload size of sacked skbs 17c66e9 Merge "msm: vidc: add additional check to avoid out of bound access" 4e93302 Merge "Merge android-4.4.181 (bd858d7) into msm-4.4" be5afd9 i2c: refine the driver of i2c virtualization f1057f8 msm: vidc: add additional check to avoid out of bound access c176a06 diag: dci: Correct out of bounds check in processing dci pkt rsp cc47c2c Merge "msm: adsprpc: maintain local copy of rpra offloaded to DSP" 1f3eb68 msm: adsprpc: maintain local copy of rpra offloaded to DSP a50f442 Merge "diag: Prevent out-of-bound access while processing userspace data" c658076 Merge "ASoC: msm: Add support for AVS version check" f328b4d Merge "arm: dts: msm: Add avs-version dt property for 8996" 5dbfa15 diag: Prevent out-of-bound access while processing userspace data eb0322e arm: dts: msm: Add avs-version dt property for 8996 5ef154a Merge android-4.4.181 (bd858d7) into msm-4.4 7caeb5c soc: qcom: glink_spi_xprt: Sanitize input for short cmd 17fd8db Merge "soc: qcom: hab: add missing variable declaration" 1cc130f UPSTREAM: binder: check for overflow when alloc for security context 7846725 BACKPORT: binder: fix race between munmap() and direct reclaim 849ecbe soc: qcom: hab: add missing variable declaration bd858d7 Merge 4.4.181 into android-4.4 0434b31 Merge "dwc3-msm: Fix dwc3_drd_state_string for undefined state" 411c38c Merge "usb: dwc3-msm: Ensure hardware is reset during role change" 8dce56f Merge "usb: dwc3-msm: add enum for drd_states to remove otg_state usage" d7b7345 Linux 4.4.181 f1d7eeb ethtool: check the return value of get_regs_len 647f72b ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled c9696a8 fuse: Add FOPEN_STREAM to use stream_open() 3bf0c45 fs: stream_open - opener for stream-like files so that read and write can run simultaneously without deadlock 0f5fab8 drm/gma500/cdv: Check vbt config bits when detecting lvds panels e087f75 genwqe: Prevent an integer overflow in the ioctl 59565e8 MIPS: pistachio: Build uImage.gz by default 8061c23 fuse: fallocate: fix return with locked inode cf30c19 parisc: Use implicit space register selection for loading the coherence index of I/O pdirs f0d1e74 rcu: locking and unlocking need to always be at least barriers 44657db pktgen: do not sleep with the thread lock held. eded0b1 net: rds: fix memory leak in rds_ib_flush_mr_pool 54dd5e3 net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query cc47596 neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit e5c6de6 ethtool: fix potential userspace buffer overflow 8795708 media: uvcvideo: Fix uvc_alloc_entity() allocation alignment 2b13a95 usb: gadget: fix request length error for isoc transfer 8b15aae net: cdc_ncm: GetNtbFormat endian fix 613b4bc Revert "x86/build: Move _etext to actual end of .text" 6ad730b userfaultfd: don't pin the user memory in userfaultfd_file_create() 4e06554 brcmfmac: add subtype check for event handling in data path 993b68a brcmfmac: add length checks in scheduled scan result handler 35bcfba brcmfmac: fix incorrect event channel deduction 8c12de9 brcmfmac: revise handling events in receive path 5f4688a brcmfmac: screening firmware event packet 6da841e brcmfmac: Add length checks on firmware events c55a2cf bnx2x: disable GSO where gso_size is too big for hardware a33b6d4 net: create skb_gso_validate_mac_len() c53c1a8 binder: replace "%p" with "%pK" 5280efe binder: Replace "%p" with "%pK" for stable 336c166 CIFS: cifs_read_allocate_pages: don't iterate through whole page array on ENOMEM 360f8fe kernel/signal.c: trace_signal_deliver when signal_group_exit 7a47d18 memcg: make it work on sparse non-0-node systems 5db0a9c tty: max310x: Fix external crystal register setup e498745 tty: serial: msm_serial: Fix XON/XOFF 986addd drm/nouveau/i2c: Disable i2c bus access after ->fini() bf8f6b4 ALSA: hda/realtek - Set default power save node to 0 494447b Btrfs: fix race updating log root item during fsync af34de0 scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) e85d002 scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove 8282730 media: smsusb: better handle optional alignment 0bce1ea media: usb: siano: Fix false-positive "uninitialized variable" warning b1782be media: usb: siano: Fix general protection fault in smsusb d52c0ff USB: rio500: fix memory leak in close after disconnect b92be99 USB: rio500: refuse more than one device at a time ee9d750 USB: Add LPM quirk for Surface Dock GigE adapter 30e66d7 USB: sisusbvga: fix oops in error path of sisusb_probe 018b7ea USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor f5e1ec9 usb: xhci: avoid null pointer deref when bos field is NULL 017e672 xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic() ec70e2c include/linux/bitops.h: sanitize rotate primitives fbbc4fe sparc64: Fix regression in non-hypervisor TLB flush xcall 5bce46e tipc: fix modprobe tipc failed after switch order of device registration -v2 416d252 Revert "tipc: fix modprobe tipc failed after switch order of device registration" f1613a9 xen/pciback: Don't disable PCI_COMMAND on PCI device reset. 383687e crypto: vmx - ghash: do nosimd fallback manually 61ba8e9 net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value 1d33a3e bnxt_en: Fix aggregation buffer leak under OOM condition. 7d42330 tipc: Avoid copying bytes beyond the supplied data 332bff9 usbnet: fix kernel crash after disconnect 16ffb5f net: stmmac: fix reset gpio free missing 4f9c73a net-gro: fix use-after-free read in napi_gro_frags() 5cbaa13 llc: fix skb leak in llc_build_and_send_ui_pkt() 36a7222 ipv6: Consider sk_bound_dev_if when binding a raw socket to an address 9fbf1ac ASoC: davinci-mcasp: Fix clang warning without CONFIG_PM 0984cb7 spi: Fix zero length xfer bug 854415f spi: rspi: Fix sequencer reset during initialization c927451 spi : spi-topcliff-pch: Fix to handle empty DMA buffers 445c074 scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices 3a5d113 media: saa7146: avoid high stack usage with clang 5a96cf1 media: go7007: avoid clang frame overflow warning with KASAN 0e9f080 media: m88ds3103: serialize reset messages in m88ds3103_set_frontend 9effa38 scsi: qla4xxx: avoid freeing unallocated dma memory 95f0bb0 usb: core: Add PM runtime calls to usb_hcd_platform_shutdown 1909121 rcutorture: Fix cleanup path for invalid torture_type strings 1081d04 tty: ipwireless: fix missing checks for ioremap c05b2ed virtio_console: initialize vtermno value for ports 348ec7b media: wl128x: prevent two potential buffer overflows 557ae68 spi: tegra114: reset controller on probe 5e75d5e cxgb3/l2t: Fix undefined behaviour dc2a886 ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put 971e4a2 ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put 5db3c5a HID: core: move Usage Page concatenation to Main item cb7872f chardev: add additional check for minor range overlap 5680f59 x86/ia32: Fix ia32_restore_sigcontext() AC leak 94032b2 arm64: cpu_ops: fix a leaked reference by adding missing of_node_put 04f45a5 scsi: ufs: Avoid configuring regulator with undefined voltage range 60bcfed scsi: ufs: Fix regulator load and icc-level configuration 0a597d2 brcmfmac: fix race during disconnect when USB completion is in progress f95ab00 brcmfmac: convert dev_init_lock mutex to completion db74ef8 b43: shut up clang -Wuninitialized variable warning 951fbf9 brcmfmac: fix missing checks for kmemdup 1d3ee4d rtlwifi: fix a potential NULL pointer dereference 6d7b052 iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data e98ef67 iio: hmc5843: fix potential NULL pointer dereferences a86d061 iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion 4400dcd x86/build: Keep local relocations with ld.lld 75ffb58 cpufreq: pmac32: fix possible object reference leak 3d04160 cpufreq/pasemi: fix possible object reference leak 4d02f33 cpufreq: ppc_cbe: fix possible object reference leak 6be9235 s390: cio: fix cio_irb declaration 65e3cb0 extcon: arizona: Disable mic detect if running when driver is removed db7eb20 PM / core: Propagate dev->power.wakeup_path when no callbacks 066a286 mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support 6a783be mmc: sdhci-of-esdhc: add erratum eSDHC5 support 8b0e6af mmc_spi: add a status check for spi_sync_locked a30e90a scsi: libsas: Do discovery on empty PHY to update PHY info 915defa hwmon: (f71805f) Use request_muxed_region for Super-IO accesses 0eb8a47 hwmon: (pc87427) Use request_muxed_region for Super-IO accesses 79deb6a hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses 92b4d16 hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses e3e5837 hwmon: (vt1211) Use request_muxed_region for Super-IO accesses 488920a RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure 2ff310e i40e: don't allow changes to HW VLAN stripping on active port VLANs bc791e8 x86/irq/64: Limit IST stack overflow check to #DB stack 3557f08 USB: core: Don't unbind interfaces following device reset failure 6f5e198 sched/core: Handle overflow in cpu_shares_write_u64 9812286 sched/core: Check quota and period overflow at usec to nsec conversion 9d4961a powerpc/numa: improve control of topology updates 8207721 media: pvrusb2: Prevent a buffer overflow ca86559 media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable() a8e0739 audit: fix a memory leak bug ff3038f media: ov2659: make S_FMT succeed even if requested format doesn't match 2d97a3a media: au0828: stop video streaming only when last user stops 115ccd9 media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper 1433d7a media: coda: clear error return value before picture run 5cadb7a dmaengine: at_xdmac: remove BUG_ON macro in tasklet af8b5d7 pinctrl: pistachio: fix leaked of_node references 74dd38a HID: logitech-hidpp: use RAP instead of FAP to get the protocol version 9bffc62 mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC versions ae6b1f7 x86/mm: Remove in_nmi() warning from 64-bit implementation of vmalloc_fault() b059848 smpboot: Place the __percpu annotation correctly 28d8827 x86/build: Move _etext to actual end of .text d3eb2ca bcache: avoid clang -Wunintialized warning 7bf3463 bcache: add failure check to run_cache_set() for journal replay d454704 bcache: fix failure in journal relplay 5789884 bcache: return error immediately in bch_journal_replay() 50d25ca net: cw1200: fix a NULL pointer dereference af2fb02 mwifiex: prevent an array overflow 4b24af0 ASoC: fsl_sai: Update is_slave_mode with correct value c104535 mac80211/cfg80211: update bss channel on channel switch a3c50ef dmaengine: pl330: _stop: clear interrupt status 958848a w1: fix the resume command API e416358 rtc: 88pm860x: prevent use-after-free on device remove a898d15 brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler() 5e1a879 spi: pxa2xx: fix SCR (divisor) calculation 3d521a6 ASoC: imx: fix fiq dependencies af283ab powerpc/boot: Fix missing check of lseek() return value dba0320 mmc: core: Verify SD bus width 333e830 cxgb4: Fix error path in cxgb4_init_module 6948c6b gfs2: Fix lru_count going negative 635c71d tools include: Adopt linux/bits.h ed2faf4 perf tools: No need to include bitops.h in util.h a1f254d at76c50x-usb: Don't register led_trigger if usb_register_driver failed f5e4337 ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit e39af96 media: vivid: use vfree() instead of kfree() for dev->bitmap_cap a04e71a media: cpia2: Fix use-after-free in cpia2_exit 28eeeb8 fbdev: fix WARNING in __alloc_pages_nodemask bug bf8474c hugetlb: use same fault hash key for shared and private mappings 6bc1539 fbdev: fix divide error in fb_var_to_videomode 5c9a203 btrfs: sysfs: don't leak memory when failing add fsid 0fa8871 Btrfs: fix race between ranged fsync and writeback of adjacent ranges 2f5ac0b gfs2: Fix sign extension bug in gfs2_update_stats 8aae5e9 crypto: vmx - CTR: always increment IV as quadword 582bb52 Revert "scsi: sd: Keep disk read-only when re-reading partition" bd020b3 bio: fix improper use of smp_mb__before_atomic() 603212b KVM: x86: fix return value for reserved EFER 75d63b1 ext4: do not delete unlinked inode from orphan list on failed truncate 3194368 fbdev: sm712fb: fix memory frequency by avoiding a switch/case fallthrough 7d64186 btrfs: Honour FITRIM range constraints during free space trim 57e84e4 md/raid: raid5 preserve the writeback action after the parity check 9013f48 Revert "Don't jump to compute_result state from check_result state" 0c57364 perf bench numa: Add define for RUSAGE_THREAD if not present 66ee750 ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour fc0208b power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG dd37fa4 KVM: arm/arm64: Ensure vcpu target is unset on reset failure fe4f461 xfrm4: Fix uninitialized memory read in _decode_session4 cd08487 vti4: ipip tunnel deregistration fixes. 8fd94b6 xfrm6_tunnel: Fix potential panic when unloading xfrm6_tunnel module 86040d7 xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink daea416 dm delay: fix a crash when invalid device is specified 5660047 PCI: Mark Atheros AR9462 to avoid bus reset 0dc2ad0 fbdev: sm712fb: fix crashes and garbled display during DPMS modesetting 4673eae fbdev: sm712fb: use 1024x768 by default on non-MIPS, fix garbled display c996722 fbdev: sm712fb: fix support for 1024x768-16 mode ebfadb5 fbdev: sm712fb: fix crashes during framebuffer writes by correctly mapping VRAM c92bde5 fbdev: sm712fb: fix boot screen glitch when sm712fb replaces VGA 0d5cd17 fbdev: sm712fb: fix white screen of death on reboot, don't set CR3B-CR3F ca5ce8d fbdev: sm712fb: fix VRAM detection, don't set SR70/71/74/75 6c2fb5b fbdev: sm712fb: fix brightness control on reboot, don't set SR30 dbc86a9 perf intel-pt: Fix sample timestamp wrt non-taken branches eedc9a2 perf intel-pt: Fix improved sample timestamp f5da0ae perf intel-pt: Fix instructions sampling rate a5b2e4b memory: tegra: Fix integer overflow on tick value calculation 1198804 tracing: Fix partial reading of trace event's id file a7929c9 ceph: flush dirty inodes before proceeding with remount 3c99cd9 iommu/tegra-smmu: Fix invalid ASID bits on Tegra30/114 40857ab fuse: honor RLIMIT_FSIZE in fuse_file_fallocate 7372495 fuse: fix writepages on 32bit 12060f4 clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider 4676a07 NFS4: Fix v4.0 client state corruption when mount e8623e7 media: ov6650: Fix sensor possibly not detected on probe dffc9e5 cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level() b8ab0c4 of: fix clang -Wunsequenced for be32_to_cpu() 2a98d34 intel_th: msu: Fix single mode with IOMMU bc06577 md: add mddev->pers to avoid potential NULL pointer dereference ade291d stm class: Fix channel free in stm output free path 65d1463 tipc: fix modprobe tipc failed after switch order of device registration ff69bb4 tipc: switch order of device registration to fix a crash 2ff783f ppp: deflate: Fix possible crash in deflate_init dd20e0c net/mlx4_core: Change the error print to info print b2f72a4 net: avoid weird emergency message 70064f7 KVM: x86: Skip EFER vs. guest CPUID checks for host-initiated writes 5e9bc16 ALSA: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug 98529ec ext4: zero out the unused memory region in the extent tree block 9ff6372 fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into workqueue when umount bfce20e writeback: synchronize sync(2) against cgroup writeback membership switches cd04237 crypto: arm/aes-neonbs - don't access already-freed walk.iv b70e97a crypto: salsa20 - don't access already-freed walk.iv 6dc48d0 crypto: chacha20poly1305 - set cra_name correctly b820553 crypto: gcm - fix incompatibility between "gcm" and "gcm_base" de087dd crypto: gcm - Fix error return code in crypto_gcm_create_common() 064d0c5 ipmi:ssif: compare block number correctly for multi-part return messages bef039b bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim() 5651075 bcache: fix a race between cache register and cacheset unregister 686e435 Btrfs: do not start a transaction at iterate_extent_inodes() b268b6e ext4: fix ext4_show_options for file systems w/o journal f3b9c26 ext4: actually request zeroing of inode table after grow e5100e7 tty/vt: fix write/write race in ioctl(KDSKBSENT) handler 592a36c mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L e3a74fb ocfs2: fix ocfs2 read inode data panic in ocfs2_iget b614485 mm/mincore.c: make mincore() more conservative 80cc516 ASoC: RT5677-SPI: Disable 16Bit SPI Transfers e6bf706 ASoC: max98090: Fix restore of DAPM Muxes 2a8188c ALSA: hda/realtek - EAPD turn on later 1bbb08c ALSA: hda/hdmi - Consider eld_valid when reporting jack event 2d89563 ALSA: usb-audio: Fix a memory leak bug b1c1888 crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest() 2ee7c23 crypto: crct10dif-generic - fix use via crypto_shash_digest() 2ee0dd3 crypto: vmx - fix copy-paste error in CTR mode f7dee08 ARM: exynos: Fix a leaked reference by adding missing of_node_put ce814dc x86/speculation/mds: Improve CPU buffer clear documentation 4d68e2b x86/speculation/mds: Revert CPU buffer clear on double fault exit b1d8509 ASoC: msm: Add support for AVS version check fbf98df cnss2: Update board data file name format 5e073ff drm/msm/dsi-staging: Add range check in debugfs_dump_info_read 9600b86 dwc3-msm: Fix dwc3_drd_state_string for undefined state cc96e09 usb: dwc3-msm: Ensure hardware is reset during role change 02d74bd usb: dwc3-msm: add enum for drd_states to remove otg_state usage e4e5a97 Merge remote-tracking branch 'origin/upstream-f2fs-stable-linux-4.4.y' into android-4.4 2d812ba f2fs: link f2fs quota ops for sysfile 6dc3fb0 fs: sdcardfs: Add missing option to show_options * Excluded commits: 8be3b55 msm: camera_v2: isp: update the frame drop during error case 28e17c1 msm: camera_v2: isp: handle frame drop due to scheduling latency Change-Id: Ib67f22a311625da7dd130d2491ef9e035b1db54f Signed-off-by: Davide Garberi <[email protected]>
…urora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/ into lineage-16.0 1f5d51b qcacld-2.0: limit time for scan when miracast is running b70247d Merge f66a955 on remote branch f66a955 Merge "qcacld-2.0: Add GPIO config and output setting" into wlan-cld2.driver.lnx.1.0 33637ee Merge "qcacld-2.0: Set SAE auth type for PMKID cached connect request" into wlan-cld2.driver.lnx.1.0 63c5d97 Merge "qcacld-2.0: Define FEATURE_LARGE_PREALLOC" into wlan-cld2.driver.lnx.1.0 852b602 Merge "qcacld-2.0: Fix potential memory leak and wrong bw value" into wlan-cld2.driver.lnx.1.0 627784f qcacld-2.0: Add GPIO config and output setting 83165da qcacld-2.0: Set SAE auth type for PMKID cached connect request 17ea8f0 qcacld-2.0: Fix potential memory leak and wrong bw value 198d5b8 qcacld-2.0: Define FEATURE_LARGE_PREALLOC 318cd86 qcacld-2.0: Provide iwpriv to configure candidate channel eb7b078 Merge "qcacld-2.0: Avoid buffer leakage when handle 11w rmf" into wlan-cld2.driver.lnx.1.0 5ec1870 qcacld-2.0: Fix build error in third party platform 76561bc Merge "qcacld-2.0: Update API in driver to support kernel version 3.10" into wlan-cld2.driver.lnx.1.0 3fb22c6 Merge "qcacld-2.0: Add ini key disable smart antenna" into wlan-cld2.driver.lnx.1.0 3c9b3e7 qcacld-2.0: Update API in driver to support kernel version 3.10 ef5df17 qcacld-2.0: Avoid buffer leakage when handle 11w rmf b5cb975 qcacld-2.0: Add ini key disable smart antenna 04cd86a qcacld-2.0: Trigger recovery in rx-hash no-match Change-Id: I3e32e3dd43cba894c1bc5dc0a36538478093281b Signed-off-by: Davide Garberi <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.