From: Kangjie Lu
[ Upstream commit 0ed2a005347400500a39ea7c7318f1fea57fb3ca ]
In case create_singlethread_workqueue fails, the fix free the
hardware and returns NULL to avoid NULL pointer dereference.
Signed-off-by: Kangjie Lu
Signed-off-by: Kalle Valo
Signed-off-by: Sasha Levin
---
drivers
From: Aditya Pakki
[ Upstream commit d5414c2355b20ea8201156d2e874265f1cb0d775 ]
kmalloc can fail in rsi_register_rates_channels but memcpy still attempts
to write to channels. The patch replaces these calls with kmemdup and
passes the error upstream.
Signed-off-by: Aditya Pakki
Signed-off-by:
From: Dan Carpenter
[ Upstream commit b4c35c17227fe437ded17ce683a6927845f8c4a4 ]
The "rate_index" is only used as an index into the phist_data->rx_rate[]
array in the mwifiex_hist_data_set() function. That array has
MWIFIEX_MAX_AC_RX_RATES (74) elements and it's used to generate some
debugfs in
From: Venkata Narendra Kumar Gutta
[ Upstream commit edb16da34b084c66763f29bee42b4e6bb33c3d66 ]
Platform core is using pdev->name as the platform device name to do
the binding of the devices with the drivers. But, when the platform
driver overrides the platform device name with dev_set_name(),
t
From: John Garry
[ Upstream commit 0b777eee88d712256ba8232a9429edb17c4f9ceb ]
In commit 376991db4b64 ("driver core: Postpone DMA tear-down until after
devres release"), we changed the ordering of tearing down the device DMA
ops and releasing all the device's resources; this was because the DMA o
From: Kangjie Lu
[ Upstream commit 06d5d6b7f9948a89543e1160ef852d57892c750d ]
In case platform_device_alloc fails, the fix returns an error
code to avoid the NULL pointer dereference.
Signed-off-by: Kangjie Lu
Signed-off-by: Srinivas Kandagatla
Signed-off-by: Greg Kroah-Hartman
Signed-off-by
From: Daniel Baluta
[ Upstream commit ddb351145a967ee791a0fb0156852ec2fcb746ba ]
is_slave_mode defaults to false because sai structure
that contains it is kzalloc'ed.
Anyhow, if we decide to set the following configuration
SAI slave -> SAI master, is_slave_mode will remain set on true
although
From: Huazhong Tan
[ Upstream commit 30780a8b1677e7409b32ae52a9a84f7d41ae6b43 ]
Since irq handler and mailbox task will both update arq's count,
so arq's count should use atomic_t instead of u32, otherwise
its value may go wrong finally.
Fixes: 07a0556a3a73 ("net: hns3: Changes to support ARQ(A
From: Johan Hovold
[ Upstream commit 579bebe5dd522580019e7b10b07daaf500f9fb1e ]
The USB-serial driver init_termios callback is used to override the
default initial terminal settings provided by USB-serial core.
After a bug was fixed in the original implementation introduced by
commit fe1ae7fdd2
On Wed, May 22, 2019 at 8:40 AM Waiman Long wrote:
>
> +#if defined(CONFIG_PREEMPT) && \
> + (defined(CONFIG_DEBUG_PREEMPT) || !defined(CONFIG_X86))
> +#define lockevent_percpu_inc(x)this_cpu_inc(x)
> +#define lockevent_percpu_add(x, v) this_cpu_add(x, v)
Why that CONFIG_X86
From: "Daniel T. Lee"
[ Upstream commit 32e621e55496a0009f44fe4914cd4a23cade4984 ]
Currently, building bpf samples will cause the following error.
./tools/lib/bpf/bpf.h:132:27: error: 'UINT32_MAX' undeclared here (not in a
function) ..
#define BPF_LOG_BUF_SIZE (UINT32_MAX >> 8) /* ver
From: Grygorii Strashko
[ Upstream commit 06095f34f8a0a2c4c83a19514c272699edd5f80b ]
Now CPSW ALE will set/clean Host port bit in Unregistered Multicast Flood
Mask (UNREG_MCAST_FLOOD_MASK) for every VLAN without checking if this port
belongs to VLAN or not when ALLMULTI mode flag is set for nede
From: Yunsheng Lin
[ Upstream commit 63380a1ae4ced8aef67659ff9547c69ef8b9613a ]
hns3_desc_unused() returns how many BD have been cleaned, but new
buffer has not been attached to them. The register of
HNS3_RING_RX_RING_FBDNUM_REG returns how many BD need allocating new
buffer to or need to cleane
From: Sugar Zhang
[ Upstream commit 2da254cc7908105a60a6bb219d18e8dced03dcb9 ]
This patch kill instructs the DMAC to immediately terminate
execution of a thread. and then clear the interrupt status,
at last, stop generating interrupts for DMA_SEV. to guarantee
the next dma start is clean. otherw
From: Heiner Kallweit
[ Upstream commit 8c90b795e90f7753d23c18e8b95dd71b4a18c5d9 ]
PHY's behave differently when being reset. Some reset registers to
defaults, some don't. Some trigger an autoneg restart, some don't.
So let's also set the autoneg restart bit when resetting. Then PHY
behavior sh
From: Arnd Bergmann
[ Upstream commit 46b83629dede262315aa82179d105581f11763b6 ]
clang produces a harmless warning for each use for the qeth_adp_supported
macro:
drivers/s390/net/qeth_l2_main.c:559:31: warning: implicit conversion from
enumeration type 'enum qeth_ipa_setadp_cmd' to
diffe
From: Bard liao
[ Upstream commit 4d95c51776b2edb4d4ebcea00b6e5a1fe538ce66 ]
snd_hda_codec_device_new() is used by both legacy HDA and ASoC
driver. However, we will call snd_hdac_device_unregister() in
snd_hdac_ext_bus_device_remove() for ASoC device. This patch uses
the type flag in hdac_device
From: Mariusz Bialonczyk
[ Upstream commit 62909da8aca048ecf9fbd7e484e5100608f40a63 ]
>From the DS2408 datasheet [1]:
"Resume Command function checks the status of the RC flag and, if it is set,
directly transfers control to the control functions, similar to a Skip ROM
command. The only way to
From: Sven Van Asbroeck
[ Upstream commit f22b1ba15ee5785aa028384ebf77dd39e8e47b70 ]
The device's remove() attempts to shut down the delayed_work scheduled
on the kernel-global workqueue by calling flush_scheduled_work().
Unfortunately, flush_scheduled_work() does not prevent the delayed_work
f
From: Manish Rangankar
[ Upstream commit f848bfd8e167210a29374e8a678892bed591684f ]
Sometimes during connection recovery when there is a failure to resolve
ARP, and offload connection was not issued, driver tries to flush pending
offload connection work which was not queued up.
kernel: WARNING:
On Wed, May 22, 2019 at 02:22:15PM -0400, Kris Van Hees wrote:
> On Wed, May 22, 2019 at 04:25:32PM +0200, Peter Zijlstra wrote:
> > On Tue, May 21, 2019 at 10:56:18AM -0700, Alexei Starovoitov wrote:
> >
> > > and no changes are necessary in kernel/events/ring_buffer.c either.
> >
> > Let me jus
From: Fabien Dessenne
[ Upstream commit cf612c5949aca2bd81a1e28688957c8149ea2693 ]
Manage the -EPROBE_DEFER error case for the wake IRQ.
Signed-off-by: Fabien Dessenne
Acked-by: Amelie Delaunay
Signed-off-by: Alexandre Belloni
Signed-off-by: Sasha Levin
---
drivers/rtc/rtc-stm32.c | 9
From: Bart Van Assche
[ Upstream commit 300ec7415c1fed5c73660f50c8e14a67e236dc0a ]
Since fc_remote_port_delete() must be called with interrupts enabled, do
not disable interrupts when calling that function. Remove the lockin calls
from around the put_sess() call. This is safe because the functio
From: Johannes Berg
[ Upstream commit 30f24eabab8cd801064c5c37589d803cb4341929 ]
If for some reason the device gives us an RX interrupt before we're
ready for it, perhaps during device power-on with misconfigured IRQ
causes mapping or so, we can crash trying to access the queues.
Prevent that b
From: Qu Wenruo
[ Upstream commit 7ac1e464c4d473b517bb784f30d40da1f842482e ]
When we failed to find a root key in btrfs_update_root(), we just panic.
That's definitely not cool, fix it by outputting an unique error
message, aborting current transaction and return -EUCLEAN. This should
not norma
From: Robbie Ko
[ Upstream commit 39ad317315887c2cb9a4347a93a8859326ddf136 ]
When doing fallocate, we first add the range to the reserve_list and
then reserve the quota. If quota reservation fails, we'll release all
reserved parts of reserve_list.
However, cur_offset is not updated to indicate
From: Bart Van Assche
[ Upstream commit d4023db71108375e4194e92730ba0d32d7f07813 ]
This patch avoids that lockdep reports the following warning:
=
WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected
5.1.0-rc1-dbg+ #11 Tainted: G
From: Viresh Kumar
[ Upstream commit 9a4f26cc98d81b67ecc23b890c28e2df324e29f3 ]
Currently the error return path from kobject_init_and_add() is not
followed by a call to kobject_put() - which means we are leaking
the kobject.
Fix it by adding a call to kobject_put() in the error path of
kobject_
From: Nadav Amit
[ Upstream commit 3c0dab44e22782359a0a706cbce72de99a22aa75 ]
Since alloc_module() will not set the pages as executable soon, set
ftrace trampoline pages as executable after they are allocated.
For the time being, do not change ftrace to use the text_poke()
interface. As a resul
From: Jon Derrick
[ Upstream commit f10b83de1fd49216a4c657816f48001437e4bdd5 ]
If the BAR is zero size, it indicates it was never successfully mapped.
Ensure that the BAR is valid during initialization before attempting to
use it.
Signed-off-by: Jon Derrick
Signed-off-by: Ben Skeggs
Signed-of
From: Qian Cai
[ Upstream commit 74dd022f9e6260c3b5b8d15901d27ebcc5f21eda ]
When building with -Wunused-but-set-variable, the compiler shouts about
a number of pte_unmap() users, since this expands to an empty macro on
arm64:
| mm/gup.c: In function 'gup_pte_range':
| mm/gup.c:1727:16: warn
From: Nicholas Piggin
[ Upstream commit 7ae3f6e130e8dc6188b59e3b4ebc2f16e9c8d053 ]
Using a jiffies timer creates a dependency on the tick_do_timer_cpu
incrementing jiffies. If that CPU has locked up and jiffies is not
incrementing, the watchdog heartbeat timer for all CPUs stops and
creates fals
From: Nadav Amit
[ Upstream commit f2c65fb3221adc6b73b0549fc7ba892022db9797 ]
When modules and BPF filters are loaded, there is a time window in
which some memory is both writable and executable. An attacker that has
already found another vulnerability (e.g., a dangling pointer) might be
able to
On 5/22/2019 12:19 PM, James Morris wrote:
> On Wed, 22 May 2019, Stephen Smalley wrote:
>
>> That seems to violate the intent of lockdown as I understood it, and
>> turns security_is_locked_down() into a finer-grained capable() call.
>> Also, if I understand correctly, this could only be done if
From: Minas Harutyunyan
[ Upstream commit 54f37f56631747075f1f9a2f0edf6ba405e3e66c ]
Some function drivers queueing more than 128 ISOC requests at a time.
To avoid "descriptor chain full" cases, increasing descriptors count
from MAX_DMA_DESC_NUM_GENERIC to MAX_DMA_DESC_NUM_HS_ISOC for ISOC's
onl
From: Pavel Machek
[ Upstream commit 0db37915d912e8dc6588f25da76d3ed36718d92f ]
There are races between "main" thread and workqueue. They manifest
themselves on Thinkpad X60:
This should result in LED blinking, but it turns it off instead:
root@amd:/data/pavel# cd /sys/class/leds/tpacpi\:\
From: Anju T Sudhakar
[ Upstream commit a913e5e8b43be1d3897a141ce61c1ec071cad89c ]
Nest hardware counter memory resides in a per-chip reserve-memory.
During nest_imc_event_init(), chip-id of the event-cpu is considered to
calculate the base memory addresss for that cpu. Return, proper error
cond
From: João Paulo Rechi Vita
[ Upstream commit f80c5dad7b6467b884c445ffea45985793b4b2d0 ]
This commit makes the kernel not send the next queued HCI command until
a command complete arrives for the last HCI command sent to the
controller. This change avoids a problem with some buggy controllers
(s
From: Wen Yang
[ Upstream commit 02d15f0d80720545f1f4922a1550ea4aaad4e152 ]
The call to of_parse_phandle returns a node pointer with refcount
incremented thus it must be explicitly decremented after the last
usage.
Detected by coccinelle with the following warnings:
./drivers/pinctrl/zte/pinctr
From: Martin Brandenburg
[ Upstream commit 33713cd09ccdc1e01b10d0782ae60200d4989553 ]
Otherwise we race with orangefs_writepage/orangefs_writepages
which and does not expect i_size < page_offset.
Fixes xfstests generic/129.
Signed-off-by: Martin Brandenburg
Signed-off-by: Mike Marshall
Signe
From: Sameeh Jubran
[ Upstream commit f913308879bc6ae437ce64d878c7b05643ddea44 ]
GCC 8 contains a number of new warnings as well as enhancements to existing
checkers. The warning - Wstringop-truncation - warns for calls to bounded
string manipulation functions such as strncat, strncpy, and stpnc
On Wed, May 22, 2019 at 12:45:06PM -0700, Joe Perches wrote:
It is common courtesy to include this tagline when submitting
patches:
Reported-By: J. Doe
Please ask the reporter's permission before doing so (even if they'd
submitted a public bugzilla report or sent a report to the mailing
list)
From: Ming Lei
[ Upstream commit e87eb301bee183d82bb3d04bd71b6660889a2588 ]
Just like aio/io_uring, we need to grab 2 refcount for queuing one
request, one is for submission, another is for completion.
If the request isn't queued from plug code path, the refcount grabbed
in generic_make_request
From: Yonghong Song
[ Upstream commit 6cea33701eb024bc6c920ab83940ee22afd29139 ]
Test test_libbpf.sh failed on my development server with failure
-bash-4.4$ sudo ./test_libbpf.sh
[0] libbpf: Error in bpf_object__probe_name():Operation not permitted(1).
Couldn't load basic 'r0 = 0' BPF
From: Tony Nguyen
[ Upstream commit 8f529ff912073f778e3cd74e87fb69a36499fc2f ]
Set features can have multiple features turned on|off in a single
call. Grouping these all in an if/else means after one condition
is met, other conditions/features will not be evaluated. Break
the if/else statement
From: Linus Lüssing
[ Upstream commit a3c7cd0cdf1107f891aff847ad481e34df727055 ]
Syzbot has reported some issues with the locking assumptions made for
the multicast tt/tvlv worker: It was able to trigger the WARN_ON() in
batadv_mcast_mla_tt_retract() and batadv_mcast_mla_tt_add().
While hard/not
From: Vineet Gupta
[ Upstream commit ca31ca8247e2d3807ff5fa1d1760616a2292001c ]
When build perf for ARC recently, there was a build failure due to lack
of __NR_bpf.
| Auto-detecting system features:
|
| ... get_cpuid: [ OFF ]
| ... bpf: [ on ]
|
|
From: kbuild test robot
drivers/staging/kpc2000/kpc2000_i2c.c:652:3-8: No need to set .owner here. The
core will do it.
Remove .owner field if calls are used which set it automatically
Generated by: scripts/coccinelle/api/platform_no_drv_owner.cocci
Fixes: 43ad38191816 ("staging: kpc2000: kp
From: YueHaibing
[ Upstream commit a3147770bea76c8dbad73eca3a24c2118da5e719 ]
BUG: unable to handle kernel paging request at a016a270
PGD 3270067 P4D 3270067 PUD 3271063 PMD 230bbd067 PTE 0
Oops: [#1
CPU: 0 PID: 6134 Comm: modprobe Not tainted 5.1.0+ #33
Hardware name: QEMU Standard
From: Roberto Bergantinos Corpas
[ Upstream commit 950a578c6128c2886e295b9c7ecb0b6b22fcc92b ]
Actually we don't do anything with return value from
nfs_wait_client_init_complete in nfs_match_client, as a
consequence if we get a fatal signal and client is not
fully initialised, we'
From: Ross Lagerwall
[ Upstream commit 7881ef3f33bb80f459ea6020d1e021fc524a6348 ]
Under certain conditions, lru_count may drop below zero resulting in
a large amount of log spam like this:
vmscan: shrink_slab: gfs2_dump_glock+0x3b0/0x630 [gfs2] \
negative objects to delete nr=-1
This happe
From: Mike Marciniszyn
[ Upstream commit 4c4b1996b5db688e2dcb8242b0a3bf7b1e845e42 ]
The work_item cancels that occur when a QP is destroyed can elicit the
following trace:
workqueue: WQ_MEM_RECLAIM ipoib_wq:ipoib_cm_tx_reap [ib_ipoib] is flushing
!WQ_MEM_RECLAIM hfi0_0:_hfi1_do_send [hfi1]
W
From: Sugar Zhang
[ Upstream commit 2da254cc7908105a60a6bb219d18e8dced03dcb9 ]
This patch kill instructs the DMAC to immediately terminate
execution of a thread. and then clear the interrupt status,
at last, stop generating interrupts for DMA_SEV. to guarantee
the next dma start is clean. otherw
From: Huazhong Tan
[ Upstream commit fba2efdae8b4f998f66a2ff4c9f0575e1c4bbc40 ]
When configure pause, current implementation returns directly
after setup PFC without setup BP, which is not sufficient.
So this patch fixes it, only return while setting PFC failed.
Fixes: 44e59e375bf7 ("net: hns3
From: Arnd Bergmann
[ Upstream commit 46b83629dede262315aa82179d105581f11763b6 ]
clang produces a harmless warning for each use for the qeth_adp_supported
macro:
drivers/s390/net/qeth_l2_main.c:559:31: warning: implicit conversion from
enumeration type 'enum qeth_ipa_setadp_cmd' to
diffe
From: Yunsheng Lin
[ Upstream commit 63380a1ae4ced8aef67659ff9547c69ef8b9613a ]
hns3_desc_unused() returns how many BD have been cleaned, but new
buffer has not been attached to them. The register of
HNS3_RING_RX_RING_FBDNUM_REG returns how many BD need allocating new
buffer to or need to cleane
From: Nicholas Piggin
[ Upstream commit 9b019acb72e4b5741d88e8936d6f200ed44b66b2 ]
The NOHZ idle balancer runs on the lowest idle CPU. This can
interfere with isolated CPUs, so confine it to HK_FLAG_MISC
housekeeping CPUs.
HK_FLAG_SCHED is not used for this because it is not set anywhere
at the
From: Mariusz Bialonczyk
[ Upstream commit 62909da8aca048ecf9fbd7e484e5100608f40a63 ]
>From the DS2408 datasheet [1]:
"Resume Command function checks the status of the RC flag and, if it is set,
directly transfers control to the control functions, similar to a Skip ROM
command. The only way to
From: Qu Wenruo
[ Upstream commit 10995c0491204c861948c9850939a7f4e90760a4 ]
Commit d2311e698578 ("btrfs: relocation: Delay reloc tree deletion after
merge_reloc_roots()") expands the life span of root->reloc_root.
This breaks certain checs of fs_info->reloc_ctl. Before that commit, if
we have
On Wed, 2019-05-22 at 15:58 -0400, Konstantin Ryabitsev wrote:
> On Wed, May 22, 2019 at 12:45:06PM -0700, Joe Perches wrote:
> > > It is common courtesy to include this tagline when submitting
> > > patches:
> > >
> > > Reported-By: J. Doe
> > >
> > > Please ask the reporter's permission befor
From: Fabien Dessenne
[ Upstream commit cf612c5949aca2bd81a1e28688957c8149ea2693 ]
Manage the -EPROBE_DEFER error case for the wake IRQ.
Signed-off-by: Fabien Dessenne
Acked-by: Amelie Delaunay
Signed-off-by: Alexandre Belloni
Signed-off-by: Sasha Levin
---
drivers/rtc/rtc-stm32.c | 9
On Wed, May 22, 2019 at 9:57 PM Christian Brauner wrote:
>
> On May 22, 2019 8:29:37 PM GMT+02:00, Amir Goldstein
> wrote:
> >On Wed, May 22, 2019 at 7:32 PM Christian Brauner
> > wrote:
> >>
> >> This removes two redundant capable(CAP_SYS_ADMIN) checks from
> >> fanotify_init().
> >> fanotify_i
From: Sven Van Asbroeck
[ Upstream commit f22b1ba15ee5785aa028384ebf77dd39e8e47b70 ]
The device's remove() attempts to shut down the delayed_work scheduled
on the kernel-global workqueue by calling flush_scheduled_work().
Unfortunately, flush_scheduled_work() does not prevent the delayed_work
f
From: Fei Yang
[ Upstream commit 73103c7f958b99561555c3bd1bc1a0809e0b7d61 ]
The following kernel panic happens due to the io_data buffer gets deallocated
before the async io is completed. Add a check for the case where io_data buffer
should be deallocated by ffs_user_copy_worker.
[ 41.663334]
From: Robbie Ko
[ Upstream commit 39ad317315887c2cb9a4347a93a8859326ddf136 ]
When doing fallocate, we first add the range to the reserve_list and
then reserve the quota. If quota reservation fails, we'll release all
reserved parts of reserve_list.
However, cur_offset is not updated to indicate
From: Flavio Suligoi
[ Upstream commit 29f2133717c527f492933b0622a4aafe0b3cbe9e ]
Calculate the divisor for the SCR (Serial Clock Rate), avoiding
that the SSP transmission rate can be greater than the device rate.
When the division between the SSP clock and the device rate generates
a reminder,
From: Arnd Bergmann
[ Upstream commit ea751227c813ab833609afecfeedaf0aa26f327e ]
During randconfig builds, I occasionally run into an invalid configuration
of the freescale FIQ sound support:
WARNING: unmet direct dependencies detected for SND_SOC_IMX_PCM_FIQ
Depends on [m]: SOUND [=y] && !UM
From: Fabien Dessenne
[ Upstream commit b5b5a27bee5884860798ffd0f08e611a3942064b ]
During probe, return the provided errors value instead of -ENODEV.
This allows the driver to be deferred probed if needed.
Signed-off-by: Fabien Dessenne
Acked-by: Hugues Fruchet
Signed-off-by: Hans Verkuil
Si
From: Josef Bacik
[ Upstream commit ff612ba7849964b1898fd3ccd1f56941129c6aab ]
We've been seeing the following sporadically throughout our fleet
panic: kernel BUG at fs/btrfs/relocation.c:4584!
netversion: 5.0-0
Backtrace:
#0 [c90003adb880] machine_kexec at 81041da8
#1 [c90003
From: Bart Van Assche
[ Upstream commit 24afabdbd0b3553963a2bbf465895492b14d1107 ]
Make sure that the allocated interrupts are freed if allocating memory for
the msix_entries array fails.
Cc: Himanshu Madhani
Cc: Giridhar Malavali
Signed-off-by: Bart Van Assche
Acked-by: Himanshu Madhani
Si
From: Bodong Wang
[ Upstream commit 6f4e02193c9a9ea54dd3151cf97489fa787cd0e6 ]
When the state of rep was introduced, it was also designed to prevent
duplicate unloading of the same rep. Considering the following two
flows when an eswitch manager is at switchdev mode with n VF reps loaded.
+
From: Pavel Machek
[ Upstream commit 0db37915d912e8dc6588f25da76d3ed36718d92f ]
There are races between "main" thread and workqueue. They manifest
themselves on Thinkpad X60:
This should result in LED blinking, but it turns it off instead:
root@amd:/data/pavel# cd /sys/class/leds/tpacpi\:\
From: Jerome Brunet
[ Upstream commit 30180e8436046344b12813dc954b2e01dfdcd22d ]
If the hdmi codec startup fails, it should clear the current_substream
pointer to free the device. This is properly done for the audio_startup()
callback but for snd_pcm_hw_constraint_eld().
Make sure the pointer c
From: Bart Van Assche
[ Upstream commit e209783d66bca04b5fce4429e59338517ffc1a0b ]
Implementations of the .write_pending() callback functions must guarantee
that an appropriate LIO core callback function will be called immediately or
at a later time. Make sure that this guarantee is met for abo
From: Viresh Kumar
[ Upstream commit 4ebe36c94aed95de71a8ce6a6762226d31c938ee ]
Currently the error return path from kobject_init_and_add() is not
followed by a call to kobject_put() - which means we are leaking the
kobject.
Fix it by adding a call to kobject_put() in the error path of
kobject_
From: Dan Carpenter
[ Upstream commit e025da3d7aa4770bb1d1b3b0aa7cc4da1744852d ]
If "ret_len" is negative then it could lead to a NULL dereference.
The "ret_len" value comes from nl80211_vendor_cmd(), if it's negative
then we don't allocate the "dcmd_buf" buffer. Then we pass "ret_len" to
brcm
From: Pierre-Louis Bossart
[ Upstream commit 23583f7795025e3c783b680d906509366b0906ad ]
When the DSDT tables expose devices with subdevices and a set of
hierarchical _DSD properties, the data returned by
acpi_get_next_subnode() is incorrect, with the results suggesting a bad
pointer assignment.
From: Marek Szyprowski
[ Upstream commit 41a91c606e7d2b74358a944525267cc451c271e8 ]
dwc3_gadget_suspend() is called under dwc->lock spinlock. In such context
calling synchronize_irq() is not allowed. Move the problematic call out
of the protected block to fix the following kernel BUG during syst
From: Wen Yang
[ Upstream commit 02d15f0d80720545f1f4922a1550ea4aaad4e152 ]
The call to of_parse_phandle returns a node pointer with refcount
incremented thus it must be explicitly decremented after the last
usage.
Detected by coccinelle with the following warnings:
./drivers/pinctrl/zte/pinctr
From: Mac Chiang
[ Upstream commit 16ec5dfe0327ddcf279957bffe4c8fe527088c63 ]
On kbl_rt5663_max98927, commit 38a5882e4292
("ASoC: Intel: kbl_rt5663_max98927: Map BTN_0 to KEY_PLAYPAUSE")
This key pair mapping to play/pause when playing Youtube
The Android 3.5mm Headset jack specificatio
From: Tony Nguyen
[ Upstream commit 8f529ff912073f778e3cd74e87fb69a36499fc2f ]
Set features can have multiple features turned on|off in a single
call. Grouping these all in an if/else means after one condition
is met, other conditions/features will not be evaluated. Break
the if/else statement
From: Sameeh Jubran
[ Upstream commit 8ee8ee7fe87bf64738ab4e31be036a7165608b27 ]
In some cases when a queue related allocation fails, successful past
allocations are freed but the pointer that pointed to them is not
set to NULL. This is a problem for 2 reasons:
1. This is generally a bad practic
From: Sameer Pujar
[ Upstream commit f030e419501cb95e961e9ed35c493b5d46a04eca ]
Following kernel panic is seen during DMA driver unload->load sequence
==
Unable to handle kernel paging request at virtual address ff800119
From: Haiyang Zhang
[ Upstream commit 93aa4792c3908eac87ddd368ee0fe0564148232b ]
When the ring buffer is almost full due to RX completion messages, a
TX packet may reach the "low watermark" and cause the queue stopped.
If the TX completion arrives earlier than queue stopping, the wakeup
may be m
Bharath Vedartham wrote on Thu, May 23, 2019:
> v9fs_cache_session_get_cookie assigns a random cachetag to
> v9ses->cachetag, if the cachetag is not assigned previously.
>
> v9fs_random_cachetag allocates memory to v9ses->cachetag with kmalloc
> and uses scnprintf to fill it up with a cachetag.
>
From: Ming Lei
[ Upstream commit 7c6c5b7c9186e3fb5b10afb8e5f710ae661144c6 ]
Split blk_mq_alloc_and_init_hctx into two parts, and one is
blk_mq_alloc_hctx() for allocating all hctx resources, another
is blk_mq_init_hctx() for initializing hctx, which serves as
counter-part of blk_mq_exit_hctx().
From: Masahiro Yamada
[ Upstream commit a7d006714724de4334c5e3548701b33f7b12ca96 ]
tools/bpf/bpftool/.gitignore has the "bpftool" pattern, which is
intended to ignore the following build artifact:
tools/bpf/bpftool/bpftool
However, the .gitignore entry is effective not only for the current
d
On 5/22/19 3:19 PM, James Morris wrote:
On Wed, 22 May 2019, Stephen Smalley wrote:
That seems to violate the intent of lockdown as I understood it, and
turns security_is_locked_down() into a finer-grained capable() call.
Also, if I understand correctly, this could only be done if one were to
d
From: Ming Lei
[ Upstream commit e87eb301bee183d82bb3d04bd71b6660889a2588 ]
Just like aio/io_uring, we need to grab 2 refcount for queuing one
request, one is for submission, another is for completion.
If the request isn't queued from plug code path, the refcount grabbed
in generic_make_request
On Wed, May 22, 2019 at 08:30:21AM -0700, enh wrote:
> On Wed, May 22, 2019 at 3:11 AM Catalin Marinas
> wrote:
> > On Tue, May 21, 2019 at 05:04:39PM -0700, Kees Cook wrote:
> > > I just want to make sure I fully understand your concern about this
> > > being an ABI break, and I work best with e
From: Eric Dumazet
[ Upstream commit 47d3d7fdb10a21c223036b58bd70ffdc24a472c4 ]
Since ip6frag_expire_frag_queue() now pulls the head skb
from frag queue, we should no longer use skb_get(), since
this leads to an skb leak.
Stefan Bader initially reported a problem in 4.4.stable [1] caused
by the
From: Vineet Gupta
[ Upstream commit ca31ca8247e2d3807ff5fa1d1760616a2292001c ]
When build perf for ARC recently, there was a build failure due to lack
of __NR_bpf.
| Auto-detecting system features:
|
| ... get_cpuid: [ OFF ]
| ... bpf: [ on ]
|
|
From: Raul E Rangel
[ Upstream commit 9e4be8d03f50d1b25c38e2b59e73b194c130df7d ]
The SD Physical Layer Spec says the following: Since the SD Memory Card
shall support at least the two bus modes 1-bit or 4-bit width, then any SD
Card shall set at least bits 0 and 2 (SD_BUS_WIDTH="0101").
This ch
From: Mike Marciniszyn
[ Upstream commit 4c4b1996b5db688e2dcb8242b0a3bf7b1e845e42 ]
The work_item cancels that occur when a QP is destroyed can elicit the
following trace:
workqueue: WQ_MEM_RECLAIM ipoib_wq:ipoib_cm_tx_reap [ib_ipoib] is flushing
!WQ_MEM_RECLAIM hfi0_0:_hfi1_do_send [hfi1]
W
From: Björn Töpel
[ Upstream commit 0e6741f092979535d159d5a851f12c88bfb7cb9a ]
When unmapping the AF_XDP memory regions used for the rings, an
invalid address was passed to the munmap() calls. Instead of passing
the beginning of the memory region, the descriptor region was passed
to munmap.
Whe
From: Yonghong Song
[ Upstream commit 6cea33701eb024bc6c920ab83940ee22afd29139 ]
Test test_libbpf.sh failed on my development server with failure
-bash-4.4$ sudo ./test_libbpf.sh
[0] libbpf: Error in bpf_object__probe_name():Operation not permitted(1).
Couldn't load basic 'r0 = 0' BPF
From: Abhi Das
[ Upstream commit 8f91821990fd6f170a5dca79697a441181a41b16 ]
As part of the freeze operation, gfs2_freeze_func() is left blocking
on a request to hold the sd_freeze_gl in SH. This glock is held in EX
by the gfs2_freeze() code.
A subsequent call to gfs2_unfreeze() releases the EXc
From: Roberto Bergantinos Corpas
[ Upstream commit 950a578c6128c2886e295b9c7ecb0b6b22fcc92b ]
Actually we don't do anything with return value from
nfs_wait_client_init_complete in nfs_match_client, as a
consequence if we get a fatal signal and client is not
fully initialised, we'
From: YueHaibing
[ Upstream commit a3147770bea76c8dbad73eca3a24c2118da5e719 ]
BUG: unable to handle kernel paging request at a016a270
PGD 3270067 P4D 3270067 PUD 3271063 PMD 230bbd067 PTE 0
Oops: [#1
CPU: 0 PID: 6134 Comm: modprobe Not tainted 5.1.0+ #33
Hardware name: QEMU Standard
On Wed, May 22, 2019 at 03:19:31PM -0400, Sasha Levin wrote:
> From: Venkata Narendra Kumar Gutta
>
> [ Upstream commit edb16da34b084c66763f29bee42b4e6bb33c3d66 ]
>
> Platform core is using pdev->name as the platform device name to do
> the binding of the devices with the drivers. But, when the
901 - 1000 of 1311 matches
Mail list logo
