[ Upstream commit eeacfdc68a104967162dfcba60f53f6f5b62a334 ]
Replace some BUG_ON()s with WARN_ON_ONCE() and returning an error code,
and move the check for len divisible by FS_CRYPTO_BLOCK_SIZE into
fscrypt_crypt_block() so that it's done for both encryption and
decryption, not just encryption.
R
[ Upstream commit 6cf97230cd5f36b7665099083272595c55d72be7 ]
dvb_usb_device_exit() frees and uses the device name in that order.
Fix by storing the name in a buffer before freeing it.
Signed-off-by: Oliver Neukum
Reported-by: syzbot+26ec41e9f788b3eba...@syzkaller.appspotmail.com
Signed-off-by: S
[ Upstream commit 17f78dd1bd624a4dd78ed5db3284a63ee807fcc3 ]
A handler for BATADV_TVLV_ROAM was being registered when the
translation-table was initialized, but not unregistered when the
translation-table was freed. Unregister it.
Fixes: 122edaa05940 ("batman-adv: tvlv - convert roaming adv pack
[ Upstream commit 1fdeaea4d92c69fb9f871a787af6ad00f32eeea7 ]
Dave Chinner noticed that xfs_file_dio_aio_write returns EAGAIN without
dropping the IOLOCK when its deciding not to wait, which means that we
leak the IOLOCK there. Since we now make unaligned directio always
wait, we have the opportun
From: Josua Mayer
commit 4aabed699c400810981d3dda170f05fa4d782905 upstream.
Allow up to four clocks to be specified and enabled for the orion-mdio
interface, which are required by the Armada 8k and defined in
armada-cp110.dtsi.
Fixes a hang in probing the mvmdio driver that was encountered on t
[ Upstream commit 8366d520019f366fabd6c7a13032bdcd837e18d4 ]
In 100g mode the doorbell bar is united for both engines. Set
the correct offset in the hwfn so that the doorbell returned
for RoCE is in the affined hwfn.
Signed-off-by: Ariel Elior
Signed-off-by: Denis Bolotin
Signed-off-by: Michal
From: Nadav Amit
commit 49f17c26c123b60fd1c74629eef077740d16ffc2 upstream.
Since resources can be removed, locking should ensure that the resource
is not removed while accessing it. However, find_next_iomem_res() does
not hold the lock while copying the data of the resource.
Keep holding the l
[ Upstream commit db13a5ba2732755cf13320f3987b77cf2a71e790 ]
While trying to get the uart with parity working I found setting even
parity enabled odd parity insted. Fix the register settings to match
the datasheet of AR9331.
A similar patch was created by 8devices, but not sent upstream.
https://
From: Christophe Leroy
commit 6ecb78ef56e08d2119d337ae23cb951a640dc52d upstream.
Previously, only IBAT1 and IBAT2 were used to map kernel linear mem.
Since commit 63b2bc619565 ("powerpc/mm/32s: Use BATs for
STRICT_KERNEL_RWX"), we may have all 8 BATs used for mapping
kernel text. But the suspend
From: Eric Biggers
Date: Wed, 24 Jul 2019 11:37:12 -0700
> We can argue about what words to use to describe this situation, but
> it doesn't change the situation itself.
And we should argue about those words because it matters to humans and
effects how they feel, and humans ultimately fix these
From: Andreas Schwab
commit 46c2478af610efb3212b8b08f74389d69899ef70 upstream.
Move a misplaced paren that makes the condition always true.
Fixes: 63b2bc619565 ("powerpc/mm/32s: Use BATs for STRICT_KERNEL_RWX")
Cc: sta...@vger.kernel.org # v5.1+
Signed-off-by: Andreas Schwab
Reviewed-by: Chris
From: Nathan Lynch
commit 0aa82c482ab2ece530a6f44897b63b274bb43c8e upstream.
During post-migration device tree updates, we can oops in
pseries_update_drconf_memory() if the source device tree has an
ibm,dynamic-memory-v2 property and the destination has a
ibm,dynamic_memory (v1) property. The no
From: Aaron Armstrong Skomra
commit d4b8efeb46d99a5d02e7f88ac4eaccbe49370770 upstream.
Only sync the pad once per report, not once per collection.
Also avoid syncing the pad on battery reports.
Fixes: f8b6a74719b5 ("HID: wacom: generic: Support multiple tools per report")
Cc: # v4.17+
Signed-o
From: Greg Kurz
commit 02c5f5394918b9b47ff4357b1b18335768cd867d upstream.
Since 902bdc57451c, get_pci_dev() calls pci_get_domain_bus_and_slot(). This
has the effect of incrementing the reference count of the PCI device, as
explained in drivers/pci/search.c:
* Given a PCI domain, bus, and slot/
From: Like Xu
commit 6fc3977ccc5d3c22e851f2dce2d3ce2a0a843842 upstream.
If a perf_event creation fails due to any reason of the host perf
subsystem, it has no chance to log the corresponding event for guest
which may cause abnormal sampling data in guest result. In debug mode,
this message helps
From: Ravi Bangoria
commit f474c28fbcbe42faca4eb415172c07d76adcb819 upstream.
powerpc hardware triggers watchpoint before executing the instruction.
To make trigger-after-execute behavior, kernel emulates the
instruction. If the instruction is 'load something into non-volatile
register', excepti
From: liaoweixiong
commit b83408b580eccf8d2797cd6cb9ae42c2a28656a7 upstream.
In case of the last page containing bitflips (ret > 0),
spinand_mtd_read() will return that number of bitflips for the last
page while it should instead return max_bitflips like it does when the
last page read returns w
From: Alexander Shishkin
commit 918b8646497b5dba6ae82d4a7325f01b258972b9 upstream.
Commit 4e0eaf239fb3 ("intel_th: msu: Fix single mode with IOMMU") switched
the single mode code to use dma mapping pages obtained from the page
allocator, but with IOMMU disabled, that may lead to using SWIOTLB bo
From: Norbert Manthey
commit 4c6d80e1144bdf48cae6b602ae30d41f3e5c76a9 upstream.
The pstore_mkfile() function is passed a pointer to a struct
pstore_record. On success it consumes this 'record' pointer and
references it from the created inode.
On failure, however, it may or may not free the reco
From: Tejun Heo
commit f539da82f2158916e154d206054e0efd5df7ab61 upstream.
Depending on the number of devices, blkcg stats can go over the
default seqfile buf size. seqfile normally retries with a larger
buffer but since the ->pd_stat() addition, blkcg_print_stat() doesn't
tell seqfile that over
From: YueHaibing
commit 80a316ff16276b36d0392a8f8b2f63259857ae98 upstream.
If xenbus_register_frontend() fails in p9_trans_xen_init,
we should call v9fs_unregister_trans() to do cleanup.
Link: http://lkml.kernel.org/r/20190430143933.19368-1-yuehaib...@huawei.com
Cc: sta...@vger.kernel.org
Fixes
From: Matthew Wilcox (Oracle)
commit 23c84eb7837514e16d79ed6d849b13745e0ce688 upstream.
RocksDB can hang indefinitely when using a DAX file. This is due to
a bug in the XArray conversion when handling a PMD fault and finding a
PTE entry. We use the wrong index in the hash and end up waiting on
From: Szymon Janc
commit 1d87b88ba26eabd4745e158ecfd87c93a9b51dc2 upstream.
Microsoft Surface Precision Mouse provides bogus identity address when
pairing. It connects with Static Random address but provides Public
Address in SMP Identity Address Information PDU. Address has same
value but type
From: Aaron Armstrong Skomra
commit 68c20cc2164cc5c7c73f8012ae6491afdb1f7f72 upstream.
This affects the 2nd-gen Intuos Pro Medium and Large
when using their Bluetooth connection.
Fixes: 4922cd26f03c ("HID: wacom: Support 2nd-gen Intuos Pro's Bluetooth
classic interface")
Cc: # v4.11+
Signed-o
From: Tejun Heo
commit 5de0073fcd50cc1f150895a7bb04d3cf8067b1d7 upstream.
If use_delay was non-zero when the latency target of a cgroup was set
to zero, it will stay stuck until io.latency is enabled on the cgroup
again. This keeps readahead disabled for the cgroup impacting
performance negativ
From: Lee, Chiasheng
commit e244c4699f859cf7149b0781b1894c7996a8a1df upstream.
With Link Power Management (LPM) enabled USB3 links transition to low
power U1/U2 link states from U0 state automatically.
Current hub code detects USB3 remote wakeups by checking if the software
state still shows su
From: Drew Davenport
commit 6b15f678fb7d5ef54e089e6ace72f007fe6e9895 upstream.
For architectures using __WARN_TAINT, the WARN_ON macro did not print
out the "cut here" string. The other WARN_XXX macros would print "cut
here" inside __warn_printk, which is not called for WARN_ON since it
doesn't
From: Alexander Shishkin
commit 4aa5aed2b6f267592705a526f57518a5d715b769 upstream.
This adds Ice Lake NNPI support to the Intel(R) Trace Hub.
Signed-off-by: Alexander Shishkin
Reviewed-by: Andy Shevchenko
Cc: stable
Link:
https://lore.kernel.org/r/20190621161930.60785-5-alexander.shish...@l
From: Filipe Manana
commit 803f0f64d17769071d7287d9e3e3b79a3e1ae937 upstream.
In order to avoid searches on a log tree when unlinking an inode, we check
if the inode being unlinked was logged in the current transaction, as well
as the inode of its parent directory. When any of the inodes are log
From: Niklas Cassel
commit 64adde31c8e996a6db6f7a1a4131180e363aa9f2 upstream.
Currently, there is only a 1 ms sleep after asserting PERST.
Reading the datasheets for different endpoints, some require PERST to be
asserted for 10 ms in order for the endpoint to perform a reset, others
require it
From: Sean Christopherson
commit beb8d93b3e423043e079ef3dda19dad7b28467a8 upstream.
A previous fix to prevent KVM from consuming stale VMCS state after a
failed VM-Entry inadvertantly blocked KVM's handling of machine checks
that occur during VM-Entry.
Per Intel's SDM, a #MC during VM-Entry is
From: Bart Van Assche
commit bcef5b7215681250c4bf8961dfe15e9e4fef97d0 upstream.
The function srp_parse_in() is used both for parsing source address
specifications and for target address specifications. Target addresses
must have a port number. Having to specify a port number for source
addresses
From: Damien Le Moal
commit b4c5875d36178e8df409bdce232f270cac89fafe upstream.
To allow the SCSI subsystem scsi_execute_req() function to issue
requests using large buffers that are better allocated with vmalloc()
rather than kmalloc(), modify bio_map_kern() to allow passing a buffer
allocated w
On 7/24/19 3:56 PM, David Hildenbrand wrote:
> On 24.07.19 21:47, Michael S. Tsirkin wrote:
>> On Wed, Jul 10, 2019 at 03:51:58PM -0400, Nitesh Narayan Lal wrote:
>>> Enables the kernel to negotiate VIRTIO_BALLOON_F_HINTING feature with the
>>> host. If it is available and page_hinting_flag is se
From: Andres Rodriguez
commit e28ad544f462231d3fd081a7316339359efbb481 upstream.
DisplayID blocks allow embedding of CEA blocks. The payloads are
identical to traditional top level CEA extension blocks, but the header
is slightly different.
This change allows the CEA parser to find a CEA block
From: David Rientjes
commit e74bd96989dd42a51a73eddb4a5510a6f5e42ac3 upstream.
When default_get_smp_config() is called with early == 1 and mpf->feature1
is non-zero, mpf is leaked because the return path does not do
early_memunmap().
Fix this and share a common exit routine.
Fixes: 5997efb9675
From: Damien Le Moal
commit 113ab72ed4794c193509a97d7c6d32a6886e1682 upstream.
For large values of the number of zones reported and/or large zone
sizes, the sector increment calculated with
blk_queue_zone_sectors(q) * n
in blk_report_zones() loop can overflow the unsigned int type used for
the
On Mon, 8 Jul 2019 09:57:53 -0700, Jeffrey Hugo wrote:
> The Sharp LD-D5116Z01B is a 12.3" eDP panel with a 1920X1280 resolution.
>
> Signed-off-by: Jeffrey Hugo
> Reviewed-by: Sam Ravnborg
> ---
> .../display/panel/sharp,ld-d5116z01b.txt | 26 +++
> 1 file changed, 26 ins
From: Soeren Moch
commit 41a531ffa4c5aeb062f892227c00fabb3b4a9c91 upstream.
Since commit ed194d136769 ("usb: core: remove local_irq_save() around
->complete() handler") the handler rt2x00usb_interrupt_rxdone() is
not running with interrupts disabled anymore. So this completion handler
is not gu
Assumption never checked, should fail if the mounter creds are not
sufficient.
Signed-off-by: Mark Salyzyn
Cc: Miklos Szeredi
Cc: Jonathan Corbet
Cc: Vivek Goyal
Cc: Eric W. Biederman
Cc: Amir Goldstein
Cc: Randy Dunlap
Cc: Stephen Smalley
Cc: linux-unio...@vger.kernel.org
Cc: linux-...@vg
From: Vitor Soares
commit ecc8fb54bd443bf69996d9d5ddb8d90a50f14936 upstream.
Currently the I3C framework limits SCL frequency to FM speed when
dealing with a mixed slow bus, even if all I2C devices are FM+ capable.
The core was also not accounting for I3C speed limitations when
operating in mix
Add an optional __get xattr method that would be called, if set, only
in __vfs_getxattr instead of the regular get xattr method.
Signed-off-by: Mark Salyzyn
Cc: Miklos Szeredi
Cc: Jonathan Corbet
Cc: Vivek Goyal
Cc: Eric W. Biederman
Cc: Amir Goldstein
Cc: Randy Dunlap
Cc: Stephen Smalley
Because of the overlayfs getxattr recursion, the incoming inode fails
to update the selinux sid resulting in avc denials being reported
against a target context of u:object_r:unlabeled:s0.
Solution is to add a _get xattr method that calls the __vfs_getxattr
handler so that the context can be read
Check impure, opaque, origin & meta xattr with no sepolicy audit
(using __vfs_getxattr) since these operations are internal to
overlayfs operations and do not disclose any data. This became
an issue for credential override off since sys_admin would have
been required by the caller; whereas would h
From: Julien Thierry
commit f57065782f245ca96f1472209a485073bbc11247 upstream.
Some of the inline assembly instruction use the condition flags and need
to include "cc" in the clobber list.
Fixes: 4a503217ce37 ("arm64: irqflags: Use ICC_PMR_EL1 for interrupt masking")
Cc: # 5.1.x-
Suggested-by:
From: Coly Li
commit 695277f16b3a102fcc22c97fdf2de77c7b19f0b3 upstream.
This reverts commit 6147305c73e4511ca1a975b766b97a779d442567.
Although this patch helps the failed bcache device to stop faster when
too many I/O errors detected on corresponding cached device, setting
CACHE_SET_IO_DISABLE
From: Coly Li
commit 578df99b1b0531d19af956530fe4da63d01a1604 upstream.
When md raid device (e.g. raid456) is used as backing device, read-ahead
requests on a degrading and recovering md raid device might be failured
immediately by md raid code, but indeed this md raid array can still be
read or
From: Sakari Ailus
commit 14f28f5cea9e3998442de87846d1907a531b6748 upstream.
buf->size is an unsigned long; casting that to int will lead to an
overflow if buf->size exceeds INT_MAX.
Fix this by changing the type to unsigned long instead. This is possible
as the buf->size is always aligned to P
From: Coly Li
commit 5461999848e0462c14f306a62923d22de820a59c upstream.
In bch_cached_dev_files[] from driver/md/bcache/sysfs.c, sysfs_errors is
incorrectly inserted in. The correct entry should be sysfs_io_errors.
This patch fixes the problem and now I/O errors of cached device can be
read fro
On Tue, Jun 25, 2019 at 12:53 AM Oscar Salvador wrote:
>
> This patch introduces MHP_MEMMAP_DEVICE and MHP_MEMMAP_MEMBLOCK flags,
> and prepares the callers that add memory to take a "flags" parameter.
> This "flags" parameter will be evaluated later on in Patch#3
> to init mhp_restrictions struct
Hmm, get_maintainers.pl fails to get the people I think should be
maintaining include/trace/events/kmem.h.
On Mon, 22 Jul 2019 17:42:59 -0400
"George G. Davis" wrote:
> While attempting to debug slub freelist pointer corruption bugs
> caused by a module, I discovered that the kmem call_site a
From: Coly Li
commit 249a5f6da57c28a903c75d81505d58ec8c10030d upstream.
This reverts commit c4dc2497d50d9c6fb16aa0d07b6a14f3b2adb1e0.
This patch enlarges a race between normal btree flush code path and
flush_btree_write(), which causes deadlock when journal space is
exhausted. Reverts this patc
From: Takashi Iwai
commit eb4177116bf568a413c544eca3f4446cb4064be9 upstream.
INTEL_GET_VENDOR_VERB is defined twice identically.
Let's remove a superfluous line.
Fixes: b0d8bc50b9f2 ("ALSA: hda: hdmi - add Icelake support")
Cc:
Signed-off-by: Takashi Iwai
Signed-off-by: Greg Kroah-Hartman
-
From: Ezequiel Garcia
commit 766b9b168f6c75c350dd87c3e0bc6a9b322f0013 upstream.
The mutex unlock in the threaded interrupt handler is not paired
with any mutex lock. Remove it.
This bug has been here for a really long time, so it applies
to any stable repo.
Reviewed-by: Philipp Zabel
Signed-o
From: Takashi Iwai
commit ede34f397ddb063b145b9e7d79c6026f819ded13 upstream.
The fix for the racy writes and ioctls to sequencer widened the
application of client->ioctl_mutex to the whole write loop. Although
it does unlock/relock for the lengthy operation like the event dup,
the loop keeps th
From: Aurelien Aptel
commit 7e5a70ad88b1e6f6d9b934b2efb41afff496820f upstream.
Prevent deadlock between open_shroot() and
cifs_mark_open_files_invalid() by releasing the lock before entering
SMB2_open, taking it again after and checking if we still need to use
the result.
Link:
https://lore.ke
From: Takashi Iwai
commit 3140aafb22edeab0cc41f15f53b12a118c0ac215 upstream.
The recent fix for Icelake HDMI codec introduced the mapping from pin
NID to the i915 gfx port number. However, it forgot the reverse
mapping from the port number to the pin NID that is used in the ELD
notifier callbac
From: Kailang Yang
commit fbc571290d9f7bfe089c50f4ac4028dd98ebfe98 upstream.
It assigned to wrong model. So, The headphone Mic can't work.
Fixes: 3f640970a414 ("ALSA: hda - Fix headset mic detection problem for several
Dell laptops")
Signed-off-by: Kailang Yang
Cc:
Signed-off-by: Takashi Iwa
From: Hui Wang
commit 4b4e0e32e4b09274dbc9d173016c1a026f44608c upstream.
Without this patch, the headset-mic and headphone-mic don't work.
Cc:
Signed-off-by: Hui Wang
Signed-off-by: Takashi Iwai
Signed-off-by: Greg Kroah-Hartman
---
sound/pci/hda/patch_realtek.c |5 +
1 file chang
From: Takashi Iwai
commit 4914da2fb0c89205790503f20dfdde854f3afdd8 upstream.
We apply the codec resume forcibly at system resume callback for
updating and syncing the jack detection state that may have changed
during sleeping. This is, however, superfluous for the codec like
Intel HDMI/DP, wher
On 24.07.19 21:47, Michael S. Tsirkin wrote:
> On Wed, Jul 10, 2019 at 03:51:58PM -0400, Nitesh Narayan Lal wrote:
>> Enables the kernel to negotiate VIRTIO_BALLOON_F_HINTING feature with the
>> host. If it is available and page_hinting_flag is set to true, page_hinting
>> is enabled and its callba
From: Mark Brown
commit ceaea851b9ea75f9ea2bbefb53ff0d4b27cd5a6e upstream.
Back in ff9fb72bc07705c (debugfs: return error values, not NULL) the
debugfs APIs were changed to return error pointers rather than NULL
pointers on error, breaking the error checking in ASoC. Update the
code to use IS_ER
From: Mark Brown
commit c2c928c93173f220955030e8440517b87ec7df92 upstream.
Back in ff9fb72bc07705c (debugfs: return error values, not NULL) the
debugfs APIs were changed to return error pointers rather than NULL
pointers on error, breaking the error checking in ASoC. Update the
code to use IS_ER
From: Christophe Leroy
commit aeb87246537a83c2aff482f3f34a2e0991e02cbc upstream.
All mapping iterator logic is based on the assumption that sg->offset
is always lower than PAGE_SIZE.
But there are situations where sg->offset is such that the SG item
is on the second page. In that case sg_copy_t
From: Trond Myklebust
commit 44942b4e457beda00981f616402a1a791e8c616e upstream.
According to the open() manpage, Linux reserves the access mode 3
to mean "check for read and write permission on the file and return
a file descriptor that can't be used for reading or writing."
Currently, the NFSv
From: Anatoly Pugachev
Date: Wed, 24 Jul 2019 22:32:17 +0300
> the first test where it was discovered was done on my test LDOM named
> ttip, hardware (hypervisor) is T5-2 server, running under Solaris 11.4
> OS.
> ttip LDOM is debian sparc64 unstable , so with almost all the latest
> software (gc
From: Emmanuel Grumbach
commit 0d53cfd0cca3c729a089c39eef0e7d8ae7662974 upstream.
iwl_mvm_send_cmd returns 0 when the command won't be sent
because RF-Kill is asserted. Do the same when we call
iwl_get_shared_mem_conf since it is not sent through
iwl_mvm_send_cmd but directly calls the transport
From: Paulo Alcantara (SUSE)
commit 29fbeb7a908a60a5ae8c50fbe171cb8fdcef1980 upstream.
Fix mount options comparison when serverino option is turned off later
in cifs_autodisable_serverino() and thus avoiding mismatch of new cifs
mounts.
Cc: sta...@vger.kernel.org
Signed-off-by: Paulo Alcantara
From: Emmanuel Grumbach
commit 940225628652b340b2bfe99f42f3d2db9fd9ce6c upstream.
Otherwise it'll stay set forever which is clearly buggy.
Cc: sta...@vger.kernel.org
Signed-off-by: Emmanuel Grumbach
Signed-off-by: Luca Coelho
Signed-off-by: Greg Kroah-Hartman
---
drivers/net/wireless/intel
From: Emmanuel Grumbach
commit 3b57a10ca14c619707398dc58fe5ece18c95b20b upstream.
Sometimes the register status can include interrupts that
were masked. We can, for example, get the RF-Kill bit set
in the interrupt status register although this interrupt
was masked. Then if we get the ALIVE inte
From: Jon Hunter
commit ece6031ece2dd64d63708cfe1088016cee5b10c0 upstream.
The GPU regulator enable ramp delay for Jetson TX1 is set to 1ms which
not sufficient because the enable ramp delay has been measured to be
greater than 1ms. Furthermore, the downstream kernels released by NVIDIA
for Jets
From: Krzysztof Kozlowski
commit 16da0eb5ab6ef2dd1d33431199126e63db9997cc upstream.
On S2MPS11 device, the buck7 and buck8 regulator voltages start at 750
mV, not 600 mV. Using wrong minimal value caused shifting of these
regulator values by 150 mV (e.g. buck7 usually configured to v1.35 V was
From: Grant Hernandez
commit 2a017fd82c5402b3c8df5e3d6e5165d9e6147dc1 upstream.
The GTCO tablet input driver configures itself from an HID report sent
via USB during the initial enumeration process. Some debugging messages
are generated during the parsing. A debugging message indentation
counter
From: Hui Wang
commit 7e4935ccc3236751e5fe4bd6846f86e46bb2e427 upstream.
On a latest Lenovo laptop, the trackpoint and 3 buttons below it
don't work at all, when we move the trackpoint or press those 3
buttons, the kernel will print out:
"Rejected trackstick packet from non DualPoint device"
Th
From: Krzysztof Kozlowski
commit 70ca117b02f3b1c8830fe95e4e3dea2937038e11 upstream.
If devm_gpiod_get_from_of_node() call returns ERR_PTR, it is assigned
into an array of GPIO descriptors and used later because such error is
not treated as critical thus it is not propagated back to the probe
fun
From: Hui Wang
commit 771a081e44a9baa1991ef011cc453ef425591740 upstream.
In the function alps_is_cs19_trackpoint(), we check if the param[1] is
in the 0x20~0x2f range, but the code we wrote for this checking is not
correct:
(param[1] & 0x20) does not mean param[1] is in the range of 0x20~0x2f,
i
On Wed, Jul 24, 2019 at 1:10 PM Brian Vazquez wrote:
>
> This introduces a new command to retrieve multiple number of entries
> from a bpf map, wrapping the existing bpf methods:
> map_get_next_key and map_lookup_elem
>
> To start dumping the map from the beginning you must specify NULL as
> the p
From: Ronnie Sahlberg
commit 88a92c913cef09e70b1744a8877d177aa6cb2189 upstream.
RHBZ: 1722704
In low memory situations the various SMB2_*_init() functions can fail
to allocate a request PDU and thus leave the request iovector as NULL.
If we don't check the return code for failure we end up cal
[ Upstream commit e30155fd23c9c141cbe7d99b786e10a83a328837 ]
If an invalid role is sent from user space, gtp_encap_enable() will fail.
Then, it should call gtp_encap_disable_sock() but current code doesn't.
It makes memory leak.
Fixes: 91ed81f9abc7 ("gtp: support SGSN-side tunnels")
Signed-off-by
[ Upstream commit dcae9052ebb0c5b2614de620323d615fcbfda7f8 ]
This change is similar to commit a1616a5ac99e ("Bluetooth: hidp: fix
buffer overflow") but for the compat ioctl. We take a string from the
user and forgot to ensure that it's NUL terminated.
I have also changed the strncpy() in to strs
From: Cfir Cohen
commit 538a5a072e6ef04377b180ee9b3ce5bae0a85da4 upstream.
Avoid leaking GCM tag through timing side channel.
Fixes: 36cf515b9bbe ("crypto: ccp - Enable support for AES GCM on v5 CCPs")
Cc: # v4.12+
Signed-off-by: Cfir Cohen
Acked-by: Gary R Hook
Signed-off-by: Herbert Xu
Si
From: Hook, Gary
commit 20e833dc36355ed642d00067641a679c618303fa upstream.
The AES GCM function reuses an 'op' data structure, which members
contain values that must be cleared for each (re)use.
This fix resolves a crypto self-test failure:
alg: aead: gcm-aes-ccp encryption test failed (wrong r
From: Wen Yang
commit 95566aa75cd6b3b404502c06f66956b5481194b3 upstream.
There is a possible double free issue in ppc4xx_trng_probe():
85: dev->trng_base = of_iomap(trng, 0);
86: of_node_put(trng); ---> released here
87: if (!dev->trng_base)
88: goto err_out;
..
[ Upstream commit 28261da8a26f4915aa257d12d506c6ba179d961f ]
Because of both sides doing L2CAP disconnection at the same time, it
was possible to receive L2CAP Disconnection Response with CID that was
already freed. That caused problems if CID was already reused and L2CAP
Connection Request with s
From: Christian Lamparter
commit 0f7a81374060828280fcfdfbaa162cb559017f9f upstream.
The hardware automatically zero pads incomplete block ciphers
blocks without raising any errors. This is a screw-up. This
was noticed by CONFIG_CRYPTO_MANAGER_EXTRA_TESTS tests that
sent a incomplete blocks and e
From: Finn Thain
commit f9dfed1c785734b95b08d67600e05d2092508ab0 upstream.
A PDMA error is handled in the core driver by setting the device's 'borken'
flag and aborting the command. Unfortunately, do_abort() is not
dependable. Perform a SCSI bus reset instead, to make sure that the command
fails
[ Upstream commit bff5a556c149804de29347a88a884d25e4e4e3a2 ]
'probe libc's inet_pton & backtrace it with ping' testcase sometimes
fails on powerpc because distro ping binary does not have symbol
information and thus it prints "[unknown]" function name in the
backtrace.
Accept "[unknown]" as valid
[ Upstream commit da99466ac243f15fbba65bd261bfc75ffa1532b6 ]
This fixes a global out-of-bounds read access in the copy_buffer
function of the floppy driver.
The FDDEFPRM ioctl allows one to set the geometry of a disk. The sect
and head fields (unsigned int) of the floppy_drive structure are used
From: Finn Thain
commit 57f31326518e98ee4cabf9a04efe00ed57c54147 upstream.
The reselection interrupt gets disabled during selection and must be
re-enabled when hostdata->connected becomes NULL. If it isn't re-enabled a
disconnected command may time-out or the target may wedge the bus while
tryin
From: Ming Lei
commit f9b0530fa02e0c73f31a49ef743e8f44eb8e32cc upstream.
When scsi_init_sense_cache(host) is called concurrently from different
hosts, each code path may find that no cache has been created and
allocate a new one. The lack of locking can lead to potentially
overriding a cache all
From: Eric Biggers
commit 5c6bc4dfa515738149998bb0db2481a4fdead979 upstream.
Changing ghash_mod_init() to be subsys_initcall made it start running
before the alignment fault handler has been installed on ARM. In kernel
builds where the keys in the ghash test vectors happened to be
misaligned in
On 7/24/19 3:47 PM, David Hildenbrand wrote:
> On 24.07.19 21:31, Michael S. Tsirkin wrote:
>> On Wed, Jul 24, 2019 at 08:41:33PM +0200, David Hildenbrand wrote:
>>> On 24.07.19 20:40, Nitesh Narayan Lal wrote:
On 7/24/19 12:54 PM, Alexander Duyck wrote:
> This series provides an asynchr
From: Elena Petrova
commit 1d4aaf16defa86d2665ae7db0259d6cb07e2091f upstream.
The sha1-ce finup implementation for ARM64 produces wrong digest
for empty input (len=0). Expected: da39a3ee..., result: 67452301...
(initial value of SHA internal state). The error is in sha1_ce_finup:
for empty data
From: Damien Le Moal
commit 0cdc58580b37a160fac4b884266b8b7cb096f539 upstream.
kbuild test robot gets the following compilation warning using gcc 7.4
cross compilation for c6x (GCC_VERSION=7.4.0 make.cross ARCH=c6x).
In file included from include/asm-generic/bug.h:18:0,
f
From: Finn Thain
commit 7398cee4c3e6aea1ba07a6449e5533ecd0b92cdd upstream.
Some targets introduce delays when handshaking the response to certain
commands. For example, a disk may send a 96-byte response to an INQUIRY
command (or a 24-byte response to a MODE SENSE command) too slowly.
Apparentl
[ Upstream commit 5635f897ed83fd539df78e98ba69ee91592f9bb8 ]
This fixes a global out-of-bounds read access in the next_valid_format
function of the floppy driver.
The values from autodetect field of the struct floppy_drive_params are
used as indices for the floppy_type array in the next_valid_for
[ Upstream commit 433a06d7d74e677c40b1148c70c48677ff62fb6b ]
Defer probing of the orion-mdio interface when getting a clock returns
EPROBE_DEFER. This avoids locking up the Armada 8k SoC when mdio is used
before all clocks have been enabled.
Signed-off-by: Josua Mayer
Reviewed-by: Andrew Lunn
S
On Tue, 9 Jul 2019 06:33:42 +0800, wrote:
> From: Yongqiang Niu
>
> Update device tree binding documention for the display subsystem for
> Mediatek MT8183 SOCs
>
> Signed-off-by: Yongqiang Niu
> ---
> .../bindings/display/mediatek/mediatek,disp.txt| 27
> +++---
> 1 file
[ Upstream commit c9b3007feca018d3f7061f5d5a14cb00766ffe9b ]
The iolatency controller is based on rq_qos. It increments on
rq_qos_throttle() and decrements on either rq_qos_cleanup() or
rq_qos_done_bio(). a3fb01ba5af0 fixes the double accounting issue where
blk_mq_make_request() may call both rq_q
[ Upstream commit 99f0eae653b2db64917d0b58099eb51e300b311d ]
If the rxrpc_eproto tracepoint is enabled, an oops will be cause by the
trace line that rxrpc_extract_header() tries to emit when a protocol error
occurs (typically because the packet is short) because the call argument is
NULL.
Fix thi
201 - 300 of 2055 matches
Mail list logo
