From: Yao Liu
[ Upstream commit 68e2672f8fbd1e04982b8d2798dd318bf2515dd2 ]
There is a NULL pointer dereference of devname in strspn()
The oops looks something like:
CIFS: Attempting to mount (null)
BUG: unable to handle kernel NULL pointer dereference at
...
RIP: 0010:
From: "Rafael J. Wysocki"
[ Upstream commit 95c80bc6952b6a5badc7b702d23e5bf14d251e7c ]
Dongdong reported a deadlock triggered by a hotplug event during a sysfs
"remove" operation:
pciehp :00:0c.0:pcie004: Slot(0-1): Link Up
# echo 1 > :00:0c.0/remove
PME and hotplug share an MSI/
From: Qian Cai
[ Upstream commit 4117992df66a26fa33908b4969e04801534baab1 ]
KASAN does not play well with the page poisoning (CONFIG_PAGE_POISONING).
It triggers false positives in the allocation path:
BUG: KASAN: use-after-free in memchr_inv+0x2ea/0x330
Read of size 8 at addr 1f800
From: Lu Baolu
[ Upstream commit d8b8591054575f33237556c32762d54e30774d28 ]
Commit fb58fdcd295b9 ("iommu/vt-d: Do not enable ATS for untrusted
devices") disables ATS support on the devices which have been marked
as untrusted. Unfortunately this is not enough to fix the DMA attack
vulnerabiltiies
From: "Jason Cai (Xiang Feng)"
[ Upstream commit 70de2cbda8a5d788284469e755f8b097d339c240 ]
Invoking dm_get_device() twice on the same device path with different
modes is dangerous. Because in that case, upgrade_mode() will alloc a
new 'dm_dev' and free the old one, which may be referenced by a
From: Eric Whitney
[ Upstream commit 7bd75230b43727b258a4f7a59d62114cffe1b6c8 ]
Ext4 may not free clusters correctly when punching holes in bigalloc
file systems under high load conditions. If it's not possible to
extend and restart the journal in ext4_ext_rm_leaf() when preparing to
remove blo
From: Tony Jones
[ Upstream commit 7c5b019e3a638a5a290b0ec020f6ca83d2ec2aaa ]
Fix buffer overflow observed when running perf test.
The overflow is when trying to evaluate "1ULL << (64 - 1)" which is
resulting in -9223372036854775808 which overflows the 20 character
buffer.
If is possible this
From: Dave Hansen
[ Upstream commit 5cd401ace914dc68556c6d2fcae0c349444d5f86 ]
walk_system_ram_range() can return an error code either becuase
*it* failed, or because the 'func' that it calls returned an
error. The memory hotplug does the following:
ret = walk_system_ram_range(..., fun
From: Wen Yang
[ Upstream commit 34e022d8b780a03902d82fb3997ba7c7b1f40c81 ]
The call to of_find_node_by_phandle returns a node pointer with refcount
incremented thus it must be explicitly decremented after the last
usage.
Detected by coccinelle with the following warnings:
./drivers/net/wireles
From: Bart Van Assche
[ Upstream commit d93ac78bf7b37db36fa00225f8e9a14c7ed1b2ba ]
Apparently the execute bits were set for the tests/*.sh scripts on my
test setup but these are not set in the kernel tree. Fix this by adding
the interpreter path in front of the script paths.
Signed-off-by: Bart
From: Eric Biggers
[ Upstream commit 41798036430015ad45137db2d4c213cd77fd0251 ]
The cavium/zip implementation of the deflate compression algorithm is
incorrectly being registered under the generic driver name, which
prevents the generic implementation from being registered with the
crypto API wh
From: Sebastian Andrzej Siewior
[ Upstream commit 74ffe79ae538283bbf7c155e62339f1e5c87b55a ]
Mostly unwind is done with irqs enabled however SLUB may call it with
irqs disabled while creating a new SLUB cache.
I had system freeze while loading a module which called
kmem_cache_create() on init.
From: "Aneesh Kumar K.V"
[ Upstream commit 5330367fa300742a97e20e953b1f77f48392faae ]
After we ALIGN up the address we need to make sure we didn't overflow
and resulted in zero address. In that case, we need to make sure that
the returned address is greater than mmap_min_addr.
This fixes selfte
From: Nicolas Boichat
[ Upstream commit 032ebd8548c9d05e8d2bdc7a7ec2fe29454b0ad0 ]
L1 tables are allocated with __get_dma_pages, and therefore already
ignored by kmemleak.
Without this, the kernel would print this error message on boot,
when the first L1 table is allocated:
[2.810533] kmem
From: Masahiro Yamada
[ Upstream commit 3812b8c5c5d527239ac015f1f2c7654da7fcfbba ]
Adding -rR to MAKEFLAGS is important because we do not want to
be bothered by built-in implicit rules or variables.
One problem that used to exist in older GNU Make versions is
MAKEFLAGS += -rR
... does not b
From: Qu Wenruo
[ Upstream commit f5fef4593653dfa2a865c485bb81415de51d5c99 ]
[BUG]
Btrfs qgroup will still hit EDQUOT under the following case:
$ dev=/dev/test/test
$ mnt=/mnt/btrfs
$ umount $mnt &> /dev/null
$ umount $dev &> /dev/null
$ mkfs.btrfs -f $dev
$ mount $dev $mnt -o nosp
From: Lubomir Rintel
[ Upstream commit fe9ed6d2483fda55465f32924fb15bce0fac3fac ]
Like the other OF-enabled drivers, use the port number from the firmware if
the devicetree specifies an alias:
aliases {
...
serial2 = &uart2; /* Should be ttyS2 */
}
This is how the deprecated px
From: Benjamin Block
[ Upstream commit 1749ef00f7312679f76d5e9104c5d1e22a829038 ]
We had a test-report where, under memory pressure, adding LUNs to the
systems would fail (the tests add LUNs strictly in sequence):
[ 5525.853432] scsi 0:0:1:1088045124: Direct-Access IBM 2107900
From: Florian Fainelli
[ Upstream commit abdf47aab4123ece48877cab4153db44fe4dc340 ]
Provide a precision hint to snprintf() in order to eliminate a
-Wformat-truncation warning provided below. A maximum of 11 characters
is allowed to reach a maximum of 32 - 1 characters given a possible
maximum va
From: Andrew Lunn
[ Upstream commit f6d9758b12660484b6639364cc406da92a918c96 ]
The following false positive lockdep splat has been observed.
==
WARNING: possible circular locking dependency detected
4.20.0+ #302 Not tainted
---
From: Wei Li
[ Upstream commit 11db1ad4513d6205d2519e1a30ff4cef746e3243 ]
The output of "perf annotate -l --stdio xxx" changed since commit 425859ff0de33
("perf annotate: No need to calculate notes->start twice") removed notes->start
assignment in symbol__calc_lines(). It will get failed in
find
From: Katsuhiro Suzuki
[ Upstream commit d13501a2bedfbea0983cc868d3f1dc692627f60d ]
Custom approximation of fractional-divider may not need parent clock
rate checking. For example Rockchip SoCs work fine using grand parent
clock rate even if target rate is greater than parent.
This patch checks
From: Takashi Iwai
[ Upstream commit 70b773219a32c7b8f3e53e041bc023ad99fd81f4 ]
Although qcom_snd_parse_of() tries to manage the of-node refcount,
there are still a few places that lead to the unblanced refcount in
the error code path. Namely,
- for_each_child_of_node() needs to unreference th
From: He Kuang
[ Upstream commit 7346195e8643482968f547483e0d823ec1982fab ]
We can't assume inlined symbols with the same name are equal, because
their address range may be different. This will cause the symbols with
different addresses be shadowed when adding to the hist entry, and lead
to ERAN
From: Ezequiel Garcia
[ Upstream commit 30fa627b32230737bc3f678067e2adfecf956987 ]
Fix the assigned type of mem2mem buffer handling API.
Namely, these functions:
v4l2_m2m_next_buf
v4l2_m2m_last_buf
v4l2_m2m_buf_remove
v4l2_m2m_next_src_buf
v4l2_m2m_next_dst_buf
v4l2_m2m_last_src_buf
v4l2
From: Ezequiel Garcia
[ Upstream commit 43c145195c7fc3025ee7ecfc67112ac1c82af7c2 ]
Fix the assigned type of mem2mem buffer handling API.
Namely, these functions:
v4l2_m2m_next_buf
v4l2_m2m_last_buf
v4l2_m2m_buf_remove
v4l2_m2m_next_src_buf
v4l2_m2m_next_dst_buf
v4l2_m2m_last_src_buf
v4l2
From: Brian Norris
[ Upstream commit 6f21ab30469d670de620f758330aca9f3433f693 ]
As it is, doing something like
# iw phy phy0 interface add foobar type ibss
on a firmware that doesn't have ad-hoc support just yields failures of
HostCmd_CMD_SET_BSS_MODE, which happened to return a '-1' error c
From: Niklas Cassel
[ Upstream commit e5e21f70bfd3a201e627b48aed82793d1bcd6f78 ]
Take the regulator lock before applying system load.
Fixes the following lockdep splat:
[5.583581] WARNING: CPU: 1 PID: 16 at drivers/regulator/core.c:925
drms_uA_update+0x114/0x360
[5.588467] Modules lin
From: Arnaldo Carvalho de Melo
[ Upstream commit aa8f9c517ebce7a0959da064ef2660ea03f133f8 ]
Since we need it to resolve the AIO symbols, otherwise we fail with:
$ cat /tmp/build/perf/feature/test-all.make.output
/usr/bin/ld: /tmp/ccEqrj36.o: undefined reference to symbol
'aio_return64@@GLI
From: Oleksandr Andrushchenko
[ Upstream commit fa13e665e02874c0a5f4d06d6967ae34a6cb3d6a ]
If there are exported DMA buffers which are still in use and
grant device is closed by either normal user-space close or by
a signal this leads to the grant device context to be destroyed,
thus making it n
From: Arnaldo Carvalho de Melo
[ Upstream commit 051074867434cc520c08f188479d4757dcfdaef8 ]
We were crashing when processing a negative fd:
Program received signal SIGSEGV, Segmentation fault.
0x00609bbf in syscall_arg__scnprintf_ioctl_cmd (bf=0x1172eca "",
size=2038, arg=0x7ff
From: Thomas Richter
[ Upstream commit 2187d87eacd46f6214ce3dc9cfd7a558375a4153 ]
On IBM z13 machine types 2964 and 2965 the descriptor
sizes for sampling and diagnostic sampling entries
might be missing in the trailer entry and are set to zero.
This leads to a perf report failure when processi
From: Masami Hiramatsu
[ Upstream commit 0eae81dc9f026d899c70f3931bf3bca6d7aa6938 ]
Prohibit probing on IRQ handlers in irqentry_text because
if it interrupts user mode, at that point we haven't changed
to kernel space yet and which eventually leads a double fault.
E.g.
# echo p apic_timer_int
From: Rakesh Pillai
[ Upstream commit 1863008369ae0407508033b4b00f98b985adeb15 ]
WCN3990 supports shadow registers write operation support
for copy engine for regular operation in powersave mode.
Since WCN3990 is a 64-bit target, the shadow register
implementation needs to be done in the copy e
From: Coly Li
[ Upstream commit 8c27a3953e92eb0b22dbb03d599f543a05f9574e ]
People may set sequential_cutoff of a cached device via sysfs file,
but current code does not check input value overflow. E.g. if value
4294967295 (UINT_MAX) is written to file sequential_cutoff, its value
is 4GB, but if
From: Arnaldo Carvalho de Melo
[ Upstream commit 1c3b28fd7ae80c8f6bf1a09e1848e20a953c9ce4 ]
Since it is not yet that generally available, avoid testing for the
presence of libcoresight in the fast path test-all.bin feature test.
# dnf search opencsd
No matches found.
# dnf search OpenCSD
From: Thomas Gleixner
[ Upstream commit 1136b0728969901a091f0471968b2b76ed14d9ad ]
Waiman reported that on large systems with a large amount of interrupts the
readout of /proc/stat takes a long time to sum up the interrupt
statistics. In principle this is not a problem. but for unknown reasons
s
From: Andrea Righi
[ Upstream commit 02106f883cd745523f7766d90a739f983f19e650 ]
Since kprobe breakpoing handler is using bsearch(), probing on this
routine can cause recursive breakpoint problem.
int3
->do_int3()
->ftrace_int3_handler()
->ftrace_location()
->ftrace_location_rang
From: Russell King
[ Upstream commit 316734fdcf70900a83065360cff11a5826919067 ]
It appears that the mvpp22 can get stuck with SGMII negotiation. The
symptoms are that in-band negotiation never completes and the partner
(eg, PHY) never reports SGMII link up, or if it supports negotiation
bypass,
From: Stefan Roese
[ Upstream commit 46c337872f34bc6387b0c29a4964f562c70139e3 ]
This patch adds a return code check on device_reset() and removes the
compile warning.
Signed-off-by: Stefan Roese
Cc: Mark Brown
Cc: Sankalp Negi
Cc: Chuanhong Guo
Cc: John Crispin
Reviewed-by: NeilBrown
Sign
From: wen yang
[ Upstream commit 11907e9d3533648615db08140e3045b829d2c141 ]
The of_find_device_by_node() takes a reference to the underlying device
structure, we should release that reference.
Signed-off-by: Wen Yang
Cc: Timur Tabi
Cc: Nicolin Chen
Cc: Xiubo Li
Cc: Fabio Estevam
Cc: Liam G
From: Mathieu Poirier
[ Upstream commit 840018668ce2d96783356204ff282d6c9b0e5f66 ]
When pmu::setup_aux() is called the coresight PMU needs to know which
sink to use for the session by looking up the information in the
event's attr::config2 field.
As such simply replace the cpu information by th
From: Rajneesh Bhardwaj
[ Upstream commit 0e68eeea9894feeba2edf7ec63e4551b87f39621 ]
A previous commit "platform/x86: intel_pmc_core: Make the driver PCH
family agnostic " provided
better abstraction to this driver but has some fundamental issues.
e.g. the following condition
for (index = 0; i
From: Alexey Khoroshilov
[ Upstream commit 8cd09a3dd3e176c62da67efcd477a44a8d87185e ]
If of_platform_populate() fails in gsbi_probe(),
gsbi->hclk is left undisabled.
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Alexey Khoroshilov
Signed-off-by: Bjorn Andersson
From: Waiman Long
[ Upstream commit 71492580571467fb7177aade19c18ce7486267f5 ]
Tetsuo Handa had reported he saw an incorrect "downgrading a read lock"
warning right after a previous lockdep warning. It is likely that the
previous warning turned off lock debugging causing the lockdep to have
inco
From: Hidetoshi Seto
[ Upstream commit 1ca4fa3ab604734e38e2a3000c9abf788512ffa7 ]
register_sched_domain_sysctl() copies the cpu_possible_mask into
sd_sysctl_cpus, but only if sd_sysctl_cpus hasn't already been
allocated (ie, CONFIG_CPUMASK_OFFSTACK is set). However, when
CONFIG_CPUMASK_OFFSTACK
From: Nicholas Kazlauskas
[ Upstream commit 5062b797db4103218fa00ee254417b8ecaab7401 ]
[Why]
There are opt1c lock warnings and CRTC read timeouts when running the
"igt@kms_plane@plane-position-hole-dpms-pipe-*" tests. These are
caused by trying to reprogram planes that are not in the current
con
From: Breno Leitao
[ Upstream commit ebb0e13ead2ddc186a80b1b0235deeefc5a1a667 ]
'regno' is directly controlled by user space, hence leading to a potential
exploitation of the Spectre variant 1 vulnerability.
On PTRACE_SETREGS and PTRACE_GETREGS requests, user space passes the
register number th
From: Johannes Berg
[ Upstream commit dbf592f3d14fb7d532cb7c820b1065cf33e02aaa ]
If we have >=10 (logical) CPUs, our command size exceeds the
internal buffer size and the command fails; fix that by using
IWL_HCMD_DFL_NOCOPY for the command that's allocated anyway.
While at it, also fix the leak
From: Jiong Wang
[ Upstream commit db0a4b3b6b83a081a9ec309cc8178e5c9b4706a5 ]
Shifts by zero do nothing, and should be treated as nops.
Even though compiler is not supposed to generate such instructions and
manual written assembly is unlikely to have them, but they are legal
instructions and ha
From: Stephen Boyd
[ Upstream commit 070e64dc1bbc879b7e0e9fffccd9dd139baf89f0 ]
Devices that make up DPU, i.e. graphics card, request their interrupts
from this "virtual" interrupt chip. The interrupt chip builds upon a GIC
SPI interrupt that raises high when any of the interrupts in the DPU's
i
From: Russell King
[ Upstream commit 5388a5b82199facacd3d7ac0d05aca6e8f902fed ]
machine_crash_nonpanic_core() does this:
while (1)
cpu_relax();
because the kernel has crashed, and we have no known safe way to deal
with the CPU. So, we place the CPU into an infinite loo
From: Vladimir Murzin
[ Upstream commit 72cd4064fccaae15ab84d40d4be23667402df4ed ]
ARMv8M introduces support for Security extension to M class, among
other things it affects exception handling, especially, encoding of
EXC_RETURN.
The new bits have been added:
Bit [6] Secure or Non-secure stack
From: Manfred Schlaegl
[ Upstream commit 7ab57b76ebf632bf2231ccabe26bea33868118c6 ]
We increase the default limit for buffer memory allocation by a factor of
10 to 640K to prevent data loss when using fast serial interfaces.
For example when using RS485 without flow-control at speeds of 1Mbit/s
From: Axel Lin
[ Upstream commit f3c6a1a194317f3a31ee2b2067bb0a41de64bc8b ]
Fix below build error:
drivers/regulator/mcp16502.c: In function ‘mcp16502_gpio_set_mode’:
drivers/regulator/mcp16502.c:135:3: error: implicit declaration of function
‘gpiod_set_value’; did you mean ‘gpio_set_value’?
[
From: Song Hongyan
[ Upstream commit 2edefc056e4f0e6ec9508dd1aca2c18fa320efef ]
Host driver should handle interrupt mask register earlier than wake up ish FW
else there will be conditions when FW interrupt comes, host PIMR register still
not set ready, so move the interrupt mask setting before i
From: Timo Alho
[ Upstream commit 51294bf6b9e897d595466dcda5a3f2751906a200 ]
On cases where device tree entries for fuse and clock provider are in
different order, fuse driver needs to defer probing. This leads to
freeing incorrect IO base address as the fuse->base variable gets
overwritten once
From: Arnaldo Carvalho de Melo
[ Upstream commit 1d59cb1bbd4cbe5a8f8032242cdacea5658129cf ]
Where we don't have "raw_syscalls:sys_enter", so we need to look for a
"*syscalls:sys_enter*" to initialize the offsets for the
__augmented_syscalls__ evsel, which is the case with etcsnoop, that was
segf
From: Tony Jones
[ Upstream commit 72e0b15cb24a497d7d0d4707cf51ff40c185ae8c ]
With Python3. PyUnicode_FromStringAndSize is unsafe to call on attr and will
return NULL. Use _PyBytes_FromStringAndSize (as with raw_buf).
Below is the observed behavior without the fix. Note it is first necessary
From: Paolo Valente
[ Upstream commit 9dee8b3b057e1da26f85f1842f2aaf3bb200fb94 ]
bfq maintains an ordered list, through a red-black tree, of unique
weights of active bfq_queues. This list is used to detect whether there
are active queues with differentiated weights. The weight of a queue is
remo
From: Sheng Yong
[ Upstream commit ac92985864e187a1735502f6a02f54eaa655b2aa ]
When setting /sys/fs/f2fs//iostat_enable with non-bool value, UBSAN
reports the following warning.
[ 7562.295484]
[ 7562.296531] UBSAN:
From: Tetsuo Handa
[ Upstream commit b30b61ff6b1dc37f276cf56a8328b80086a3ffca ]
syzbot is hitting a lockdep warning [1] because flush_work() is called
without INIT_WORK() after kzalloc() at vkms_atomic_crtc_reset().
Commit 6c234fe37c57627a ("drm/vkms: Implement CRC debugfs API") added
INIT_WORK
From: Buland Singh
[ Upstream commit 24d48a61f230da130cc2ec2e526eacf229e3 ]
Commit '3d035f580699 ("drivers/char/hpet.c: allow user controlled mmap for
user processes")' introduced a new kernel command line parameter hpet_mmap,
that is required to expose the memory map of the HPET registers t
From: Florian Westphal
[ Upstream commit 8e2f311a68494a6677c1724bdcb10bada21af37c ]
Following command:
iptables -D FORWARD -m physdev ...
causes connectivity loss in some setups.
Reason is that iptables userspace will probe kernel for the module revision
of the physdev patch, and physdev has
From: Mika Westerberg
[ Upstream commit 25bd879ec16ad3b83a5b1c3f16faa55e696bfccb ]
Shameerali reported that running v4.20-rc1 as QEMU guest, the PCIe hotplug
port times out during boot:
pciehp :00:01.0:pcie004: Timeout on hotplug command 0x03f1 (issued 1016
msec ago)
pciehp :00:01.
From: Axel Lin
[ Upstream commit f01a7beb6791f1c419424c1a6958b7d0a289c974 ]
The act8600_sudcdc_voltage_ranges setting does not match the datasheet.
The problems in below entry:
REGULATOR_LINEAR_RANGE(1900, 191, 255, 40),
1. The off-by-one min_sel causes wrong volatage calculation.
From: Valentin Schneider
[ Upstream commit ce48c457b95316b9a01b5aa9d4456ce820df94b4 ]
Since we've had:
commit cb538267ea1e ("jump_label/lockdep: Assert we hold the hotplug lock for
_cpuslocked() operations")
we've been getting some lockdep warnings during init, such as on HiKey960:
[0.
From: Myungho Jung
[ Upstream commit 1dc2d785156cbdc80806c32e8d2c7c735d0b4721 ]
h4_recv_buf() callers store the return value to socket buffer and
recursively pass the buffer to h4_recv_buf() without protection. So,
ERR_PTR returned from h4_recv_buf() can be dereferenced, if called again
before s
From: Rafael Ávila de Espíndola
[ Upstream commit d071ae09a4a1414c1433d5ae9908959a7325b0ad ]
Accessing per-CPU variables is done by finding the offset of the
variable in the per-CPU block and adding it to the address of the
respective CPU's block.
Section 3.10.8 of ld.bfd's documentation states
From: Kuninori Morimoto
[ Upstream commit a0c426fe143328760c9fd565cd203a37a7b4fde8 ]
We will get DAI ID from "reg" property if it has on DT, otherwise get
it by counting port/endpoint.
But in below case, we need to get DAI ID = 0 via port reg = <0>, but
current implementation returns ID = 1, be
From: Ben Dooks
[ Upstream commit e486df39305864604b7e25f2a95d51039517ac57 ]
The dma_desc->bytes_transferred counter tracks the number of bytes
moved by the DMA channel. This is then used to calculate the information
passed back in the in the tegra_dma_tx_status callback, which is usually
fine.
From: Hans de Goede
[ Upstream commit d693c008e3ca04db5916ff72e68ce661888a913b ]
Commit 53fa1f6e8a59 ("ACPI / video: Only default only_lcd to true on
Win8-ready _desktops_") introduced chassis type detection, limiting the
lcd_only check for the backlight to devices where the chassis-type
indicat
From: Masahiro Yamada
[ Upstream commit fc2b47b55f17fd996f7a01975ce1c33c2f2513f6 ]
It believe it is a bad idea to hardcode a specific compiler prefix
that may or may not be installed on a user's system. It is annoying
when testing features that should not require compilers at all.
For example,
From: Chao Yu
[ Upstream commit aadcef64b22f668c1a107b86d3521d9cac915c24 ]
As Jiqun Li reported in bugzilla:
https://bugzilla.kernel.org/show_bug.cgi?id=202883
sometimes, dead lock when make system call SYS_getdents64 with fsync() is
called by another process.
monkey running on android9.0
1.
From: Tonghao Zhang
[ Upstream commit 24319258660a84dd77f4be026a55b10a12524919 ]
If we try to set VFs rate on a VF (not PF) net device, the kernel
will be crash. The commands are show as below:
$ echo 2 > /sys/class/net/$MLX_PF0/device/sriov_numvfs
$ ip link set $MLX_VF0 vf 0 max_tx_rate 2 min_
From: Christian Brauner
[ Upstream commit 32a5ad9c22852e6bd9e74bdec5934ef9d1480bc5 ]
Currently, when writing
echo 18446744073709551616 > /proc/sys/fs/file-max
/proc/sys/fs/file-max will overflow and be set to 0. That quickly
crashes the system.
This commit sets the max and min value for fi
From: Kairui Song
[ Upstream commit 179fb36abb097976997f50733d5b122a29158cba ]
After commit 68bb7bfb7985 ("X86/Hyper-V: Enable IPI enlightenments"),
kexec fails with a kernel panic:
kexec_core: Starting new kernel
BUG: unable to handle kernel NULL pointer dereference at
Hardwar
From: Stanislav Fomichev
[ Upstream commit 8e2688876c7f7073d925e1f150e86b8ed3338f52 ]
libbpf targets don't explicitly depend on fixdep target, so when
we do 'make -j$(nproc)', there is a high probability, that some
objects will be built before fixdep binary is available.
Fix this by running sub
From: Colin Ian King
The nvm_image is a large struct qedi_nvm_iscsi_image object of
over 24K so don't declare it on the stack just for a sizeof
requirement; use sizeof on struct qedi_nvm_iscsi_image instead.
Fixes: c77a2fa3ff8f ("scsi: qedi: Add the CRC size within iSCSI NVM image")
Signed-off-b
From: Douglas Anderson
[ Upstream commit 31b265b3baaf55f209229888b7ffea523ddab366 ]
As reported back in 2016-11 [1], the "ftdump" kdb command triggers a
BUG for "sleeping function called from invalid context".
kdb's "ftdump" command wants to call ring_buffer_read_prepare() in
atomic context. A
From: Peng Fan
[ Upstream commit 0d3bd18a5efd66097ef58622b898d3139790aa9d ]
In case cma_init_reserved_mem failed, need to free the memblock
allocated by memblock_reserve or memblock_alloc_range.
Quote Catalin's comments:
https://lkml.org/lkml/2019/2/26/482
Kmemleak is supposed to work with t
From: Qian Cai
[ Upstream commit 0c81585499601acd1d0e1cbf424cabfaee60628c ]
After offlining a memory block, kmemleak scan will trigger a crash, as
it encounters a page ext address that has already been freed during
memory offlining. At the beginning in alloc_page_ext(), it calls
kmemleak_alloc(
From: Linus Torvalds
[ Upstream commit e0f0ae838a25464179d37f355d763f9ec139fc15 ]
The pm8xxx_get_channel() implementation is unclear, and causes gcc to
suddenly generate odd warnings. The trigger for the warning (at least
for me) was the entirely unrelated commit 79a4e91d1bb2 ("device.h: Add
__
From: Vlastimil Babka
[ Upstream commit 2e25644e8da4ed3a27e7b8315aaae74660be72dc ]
Syzbot with KMSAN reports (excerpt):
==
BUG: KMSAN: uninit-value in mpol_rebind_policy mm/mempolicy.c:353 [inline]
BUG: KMSAN: uninit-value in mpol_
From: Louis Taylor
[ Upstream commit 259594bea574e515a148171b5cd84ce5cbdc028a ]
When compiling with -Wformat, clang emits the following warnings:
fs/cifs/smb1ops.c:312:20: warning: format specifies type 'unsigned
short' but the argument has type 'unsigned int' [-Wformat]
From: "Uladzislau Rezki (Sony)"
[ Upstream commit afd07389d3f4933c7f7817a92fb5e053d59a3182 ]
One of the vmalloc stress test case triggers the kernel BUG():
[60.562151] [ cut here ]
[60.562154] kernel BUG at mm/vmalloc.c:512!
[60.562206] invalid opcode: [#1]
From: Qian Cai
[ Upstream commit 92d1d07daad65c300c7d0b68bbef8867e9895d54 ]
Kmemleak throws endless warnings during boot due to in
__alloc_alien_cache(),
alc = kmalloc_node(memsize, gfp, node);
init_arraycache(&alc->ac, entries, batch);
kmemleak_no_scan(ac);
Kmemleak does not track
From: zhengliang
[ Upstream commit a0770e13c8da83bdb64738c0209ab02dd3cfff8b ]
v4: Rearrange the previous three versions.
The following scenario could lead to data block override by mistake.
TASK A| TASK kworker|
TASK B
From: "Jason Cai (Xiang Feng)"
[ Upstream commit 70de2cbda8a5d788284469e755f8b097d339c240 ]
Invoking dm_get_device() twice on the same device path with different
modes is dangerous. Because in that case, upgrade_mode() will alloc a
new 'dm_dev' and free the old one, which may be referenced by a
From: Carlos Maiolino
[ Upstream commit dce30ca9e3b676fb288c33c1f4725a0621361185 ]
guard_bio_eod() can truncate a segment in bio to allow it to do IO on
odd last sectors of a device.
It already checks if the IO starts past EOD, but it does not consider
the possibility of an IO request starting
From: Julia Lawall
[ Upstream commit 8c2b43d2d85b48a97d2f8279278a4aac5b45f925 ]
Add an of_node_put when a tested device node is not available.
The semantic patch that fixes this problem is as follows
(http://coccinelle.lip6.fr):
//
@@
identifier f;
local idexpression e;
expression x;
@@
e =
From: Lubomir Rintel
[ Upstream commit fe9ed6d2483fda55465f32924fb15bce0fac3fac ]
Like the other OF-enabled drivers, use the port number from the firmware if
the devicetree specifies an alias:
aliases {
...
serial2 = &uart2; /* Should be ttyS2 */
}
This is how the deprecated px
From: Sai Prakash Ranjan
[ Upstream commit 5666dfd1d8a45a167f0d8b4ef47ea7f780b1f24a ]
SDM845 has ETMv4.2 and can use the existing etm4x driver.
But the current etm driver checks only for ETMv4.0 and
errors out for other etm4x versions. This patch adds this
missing support to enable SoC's with ET
From: Vadim Pasternak
[ Upstream commit e4c275f77624961b56cce397814d9d770a45ac59 ]
Fix the following KASAN warning produced when booting a 64-bit kernel:
[ 13.334750] BUG: KASAN: stack-out-of-bounds in find_first_bit+0x19/0x70
[ 13.342166] Read of size 8 at addr 880235067178 by task kwor
From: "Aneesh Kumar K.V"
[ Upstream commit 5330367fa300742a97e20e953b1f77f48392faae ]
After we ALIGN up the address we need to make sure we didn't overflow
and resulted in zero address. In that case, we need to make sure that
the returned address is greater than mmap_min_addr.
This fixes selfte
From: Sebastian Ott
[ Upstream commit 0ff06c44efeede4acd068847d3bf8cf894b6c664 ]
Prior to dma unmap/free operations the ism driver tries to ensure
that the memory is no longer accessed by the HW. When errors
during deregistration of memory regions from the HW occur the ism
driver will not unmap/
From: Sedat Dilek
[ Upstream commit 8beb90aaf334a6efa3e924339926b5f93a234dbb ]
commit 1917d42d14b7 ("fcoe: use enum for fip_mode") introduces a separate
enum for the fip_mode that shall be used during initialisation handling
until it is passed to fcoe_ctrl_link_up to set the initial fip_state.
From: Håkon Bugge
[ Upstream commit 2612d723aadcf8281f9bf8305657129bd9f3cd57 ]
Using CX-3 virtual functions, either from a bare-metal machine or
pass-through from a VM, MAD packets are proxied through the PF driver.
Since the VF drivers have separate name spaces for MAD Transaction Ids
(TIDs),
From: He Kuang
[ Upstream commit 7346195e8643482968f547483e0d823ec1982fab ]
We can't assume inlined symbols with the same name are equal, because
their address range may be different. This will cause the symbols with
different addresses be shadowed when adding to the hist entry, and lead
to ERAN
From: Coly Li
[ Upstream commit 8c27a3953e92eb0b22dbb03d599f543a05f9574e ]
People may set sequential_cutoff of a cached device via sysfs file,
but current code does not check input value overflow. E.g. if value
4294967295 (UINT_MAX) is written to file sequential_cutoff, its value
is 4GB, but if
401 - 500 of 1290 matches
Mail list logo
