From: Zumeng Chen
[ Upstream commit ba2ffc96321c8433606ceeb85c9e722b8113e5a7 ]
Release fw_status, raw_fw_status, and tx_res_if when wl12xx_fetch_firmware
failed instead of meaningless goto out to avoid the following memory leak
reports(Only the last one listed):
unreferenced object 0xc28a9a00
From: Aurelien Aptel
[ Upstream commit bc31d0cdcfbadb6258b45db97e93b1c83822ba33 ]
We have a customer reporting crashes in lock_get_status() with many
"Leaked POSIX lock" messages preceeding the crash.
Leaked POSIX lock on dev=0x0:0x56 ...
Leaked POSIX lock on dev=0x0:0x56 ...
Leaked POSIX
From: Ben Dooks
[ Upstream commit e486df39305864604b7e25f2a95d51039517ac57 ]
The dma_desc->bytes_transferred counter tracks the number of bytes
moved by the DMA channel. This is then used to calculate the information
passed back in the in the tegra_dma_tx_status callback, which is usually
fine.
From: Douglas Anderson
[ Upstream commit 31b265b3baaf55f209229888b7ffea523ddab366 ]
As reported back in 2016-11 [1], the "ftdump" kdb command triggers a
BUG for "sleeping function called from invalid context".
kdb's "ftdump" command wants to call ring_buffer_read_prepare() in
atomic context.
From: Ondrej Mosnacek
[ Upstream commit 53e0c2aa9a59a48e3798ef193d573ade85aa80f5 ]
Ignore all selinux_inode_notifysecctx() calls on mounts with SBLABEL_MNT
flag unset. This is achived by returning -EOPNOTSUPP for this case in
selinux_inode_setsecurtity() (because that function should not be
From: Louis Taylor
[ Upstream commit 60f7691c624b41a05bfc3493d9b0519e7951b7ef ]
When compiling with -Wformat, clang warns:
drivers/i2c/busses/i2c-sis630.c:482:4: warning: format specifies type
'unsigned short' but the argument has type 'int' [-Wformat]
smbus_base
From: Katsuhiro Suzuki
[ Upstream commit a0e447b0c50240a90ab84b7126b3c06b0bab4adc ]
This patch fixes settings of GPLL frequency in fractional mode for
rk3328. In this mode, FOUTVCO is calcurated by following formula:
FOUTVCO = FREF * FBDIV / REFDIV + ((FREF * FRAC / REFDIV) >> 24)
The
From: Shunyong Yang
[ Upstream commit 546c0547555efca8ba8c120716c325435e29df1b ]
When dma_cookie_complete() is called in hidma_process_completed(),
dma_cookie_status() will return DMA_COMPLETE in hidma_tx_status(). Then,
hidma_txn_is_success() will be called to use channel cookie
From: Valdis Kletnieks
[ Upstream commit 116bfa96a255123ed209da6544f74a4f2eaca5da ]
Compiling with W=1 generates warnings:
CC kernel/bpf/core.o
kernel/bpf/core.c:721:12: warning: no previous prototype for
?bpf_jit_alloc_exec_limit? [-Wmissing-prototypes]
721 | u64 __weak
From: Shunyong Yang
[ Upstream commit 875aac8a46424e5b73a9ff7f40b83311b609e407 ]
In async_tx_test_ack(), it uses flags in struct dma_async_tx_descriptor
to check the ACK status. As hidma reuses the descriptor in a free list
when hidma_prep_dma_*(memcpy/memset) is called, the flag will keep
From: Oleg Nesterov
[ Upstream commit 51bee5abeab2058ea5813c5615d6197a23dbf041 ]
The only user of cgroup_subsys->free() callback is pids_cgrp_subsys which
needs pids_free() to uncharge the pid.
However, ->free() is called from __put_task_struct()->cgroup_free() and this
is too late. Even the
From: Russell King
[ Upstream commit 5388a5b82199facacd3d7ac0d05aca6e8f902fed ]
machine_crash_nonpanic_core() does this:
while (1)
cpu_relax();
because the kernel has crashed, and we have no known safe way to deal
with the CPU. So, we place the CPU into an infinite
From: Song Hongyan
[ Upstream commit 2edefc056e4f0e6ec9508dd1aca2c18fa320efef ]
Host driver should handle interrupt mask register earlier than wake up ish FW
else there will be conditions when FW interrupt comes, host PIMR register still
not set ready, so move the interrupt mask setting before
From: Buland Singh
[ Upstream commit 24d48a61f230da130cc2ec2e526eacf229e3 ]
Commit '3d035f580699 ("drivers/char/hpet.c: allow user controlled mmap for
user processes")' introduced a new kernel command line parameter hpet_mmap,
that is required to expose the memory map of the HPET registers
From: Ard Biesheuvel
[ Upstream commit 4e46c2a956215482418d7b315749fb1b6c6bc224 ]
The UEFI spec revision 2.7 errata A section 8.4 has the following to
say about the virtual memory runtime services:
"This section contains function definitions for the virtual memory
support that may be
From: Stanislaw Gruszka
[ Upstream commit 3bd1505fed71d834f45e87b32ff07157fdda47e0 ]
As reported by Michael eeprom 0d is supported and work with the driver.
Dump of /sys/kernel/debug/ieee80211/phy1/mt7601u/eeprom_param
with 0d EEPORM looks like this:
RSSI offset: 0 0
Reference temp: f9
LNA
From: Vladimir Murzin
[ Upstream commit 72cd4064fccaae15ab84d40d4be23667402df4ed ]
ARMv8M introduces support for Security extension to M class, among
other things it affects exception handling, especially, encoding of
EXC_RETURN.
The new bits have been added:
Bit [6] Secure or Non-secure
From: Mathieu Malaterre
[ Upstream commit 3e3380d0675d5e20b0af067d60cb947a4348bf9b ]
Improve the DTS files by removing all the leading "0x" and zeros to fix
the following dtc warnings:
Warning (unit_address_format): Node /XXX unit name should not have leading "0x"
and
Warning
Checkpatch.pl complains that these lines are over 80 characters. Use the
"psecuritypriv" pointer for consistency, remove unnecessary parantheses
and fix the alignment.
This patch just cleans up a condition, it doesn't affect runtime.
Signed-off-by: Anirudh Rayabharam
---
v2: Made the commit
From: Thomas Gleixner
[ Upstream commit 1136b0728969901a091f0471968b2b76ed14d9ad ]
Waiman reported that on large systems with a large amount of interrupts the
readout of /proc/stat takes a long time to sum up the interrupt
statistics. In principle this is not a problem. but for unknown reasons
From: Raju Rangoju
[ Upstream commit f368ff188ae4b3ef6f740a15999ea0373261b619 ]
When an application aborts the connection by moving QP from RTS to ERROR,
then iw_cxgb4's modify_rc_qp() RTS->ERROR logic sets the
*srqidxp to 0 via t4_set_wq_in_error(>wq, 0), and aborts the
connection by calling
From: Guenter Roeck
[ Upstream commit f25191bb322dec8fa2979ecb8235643aa42470e1 ]
The following traceback is sometimes seen when booting an image in qemu:
[ 54.608293] cdrom: Uniform CD-ROM driver Revision: 3.20
[ 54.611085] Fusion MPT base driver 3.04.20
[ 54.611877] Copyright (c)
From: Ranjani Sridharan
[ Upstream commit d9c0b2afe820fa3b3f8258a659daee2cc71ca3ef ]
BE dai links only have internal PCM's and their substream ops may
not be set. Suspending these PCM's will result in their
ops->trigger() being invoked and cause a kernel oops.
So skip suspending PCM's if their
From: Rajneesh Bhardwaj
[ Upstream commit 0e68eeea9894feeba2edf7ec63e4551b87f39621 ]
A previous commit "platform/x86: intel_pmc_core: Make the driver PCH
family agnostic " provided
better abstraction to this driver but has some fundamental issues.
e.g. the following condition
for (index = 0;
From: Coly Li
[ Upstream commit 8c27a3953e92eb0b22dbb03d599f543a05f9574e ]
People may set sequential_cutoff of a cached device via sysfs file,
but current code does not check input value overflow. E.g. if value
4294967295 (UINT_MAX) is written to file sequential_cutoff, its value
is 4GB, but if
From: Hong Liu
[ Upstream commit 0d28f49412405d87d3aae83da255070a46e67627 ]
When performing a warm reset in ishtp bus driver, the ishtp_cl_device
will not be removed, its fw_client still points to the already freed
ishtp_device.fw_clients array.
Later after driver finishing ishtp client
From: Theodore Ts'o
[ Upstream commit 538bcaa6261b77e71d37f5596c33127c1a3ec3f7 ]
The jbd2 superblock is lockless now, so there is probably a race
condition between writing it so disk and modifing contents of it, which
may lead to checksum error. The following race is the one case that we
have
From: Ezequiel Garcia
[ Upstream commit 30fa627b32230737bc3f678067e2adfecf956987 ]
Fix the assigned type of mem2mem buffer handling API.
Namely, these functions:
v4l2_m2m_next_buf
v4l2_m2m_last_buf
v4l2_m2m_buf_remove
v4l2_m2m_next_src_buf
v4l2_m2m_next_dst_buf
v4l2_m2m_last_src_buf
From: Thomas Richter
[ Upstream commit 03d309711d687460d1345de8a0363f45b1c8cd11 ]
Commit 489338a717a0 ("perf tests evsel-tp-sched: Fix bitwise operator")
causes test case 14 "Parse sched tracepoints fields" to fail on s390.
This test succeeds on x86.
In fact this test now fails on all
From: Alexei Avshalom Lazar
[ Upstream commit de77a53c2d1e8fb3621e63e8e1f0f0c9a1a99ff7 ]
ies1 or ies2 might be null when code inside
_wil_cfg80211_merge_extra_ies access them.
Add explicit check for null and make sure ies1/ies2 are not
accessed in such a case.
spos might be null and be
From: Sebastian Andrzej Siewior
[ Upstream commit 74ffe79ae538283bbf7c155e62339f1e5c87b55a ]
Mostly unwind is done with irqs enabled however SLUB may call it with
irqs disabled while creating a new SLUB cache.
I had system freeze while loading a module which called
kmem_cache_create() on init.
From: Julia Lawall
[ Upstream commit 8c2b43d2d85b48a97d2f8279278a4aac5b45f925 ]
Add an of_node_put when a tested device node is not available.
The semantic patch that fixes this problem is as follows
(http://coccinelle.lip6.fr):
//
@@
identifier f;
local idexpression e;
expression x;
@@
e =
From: Carlos Maiolino
[ Upstream commit dce30ca9e3b676fb288c33c1f4725a0621361185 ]
guard_bio_eod() can truncate a segment in bio to allow it to do IO on
odd last sectors of a device.
It already checks if the IO starts past EOD, but it does not consider
the possibility of an IO request starting
From: Louis Taylor
[ Upstream commit 259594bea574e515a148171b5cd84ce5cbdc028a ]
When compiling with -Wformat, clang emits the following warnings:
fs/cifs/smb1ops.c:312:20: warning: format specifies type 'unsigned
short' but the argument has type 'unsigned int' [-Wformat]
From: Yao Liu
[ Upstream commit 68e2672f8fbd1e04982b8d2798dd318bf2515dd2 ]
There is a NULL pointer dereference of devname in strspn()
The oops looks something like:
CIFS: Attempting to mount (null)
BUG: unable to handle kernel NULL pointer dereference at
...
RIP:
From: "Rafael J. Wysocki"
[ Upstream commit 95c80bc6952b6a5badc7b702d23e5bf14d251e7c ]
Dongdong reported a deadlock triggered by a hotplug event during a sysfs
"remove" operation:
pciehp :00:0c.0:pcie004: Slot(0-1): Link Up
# echo 1 > :00:0c.0/remove
PME and hotplug share an
From: Slavomir Kaslev
[ Upstream commit ee5e001196d1345b8fee25925ff5f1d67936081e ]
The current implementation of splice() and tee() ignores O_NONBLOCK set
on pipe file descriptors and checks only the SPLICE_F_NONBLOCK flag for
blocking on pipe arguments. This is inconsistent since splice()-ing
From: Tony Jones
[ Upstream commit 7c5b019e3a638a5a290b0ec020f6ca83d2ec2aaa ]
Fix buffer overflow observed when running perf test.
The overflow is when trying to evaluate "1ULL << (64 - 1)" which is
resulting in -9223372036854775808 which overflows the 20 character
buffer.
If is possible this
From: Louis Taylor
[ Upstream commit 60f7691c624b41a05bfc3493d9b0519e7951b7ef ]
When compiling with -Wformat, clang warns:
drivers/i2c/busses/i2c-sis630.c:482:4: warning: format specifies type
'unsigned short' but the argument has type 'int' [-Wformat]
smbus_base
From: Axel Lin
[ Upstream commit f01a7beb6791f1c419424c1a6958b7d0a289c974 ]
The act8600_sudcdc_voltage_ranges setting does not match the datasheet.
The problems in below entry:
REGULATOR_LINEAR_RANGE(1900, 191, 255, 40),
1. The off-by-one min_sel causes wrong volatage calculation.
From: Pawe? Chmiel
[ Upstream commit 49710c32cd9d6626a77c9f5f978a5f58cb536b35 ]
Previously when doing format enumeration, it was returning all
formats supported by driver, even if they're not supported by hw.
Add missing check for fmt_ver_flag, so it'll be fixed and only those
supported by hw
From: Qian Cai
[ Upstream commit 92d1d07daad65c300c7d0b68bbef8867e9895d54 ]
Kmemleak throws endless warnings during boot due to in
__alloc_alien_cache(),
alc = kmalloc_node(memsize, gfp, node);
init_arraycache(>ac, entries, batch);
kmemleak_no_scan(ac);
Kmemleak does not track the
From: Jia Guo
[ Upstream commit cc725ef3cb202ef2019a3c67c8913efa05c3cce6 ]
In the process of creating a node, it will cause NULL pointer
dereference in kernel if o2cb_ctl failed in the interval (mkdir,
o2cb_set_node_attribute(node_num)] in function o2cb_add_node.
The node num is initialized to
From: Jiri Olsa
[ Upstream commit e34c940245437f36d2c492edd1f8237eff391064 ]
Ravi Bangoria reported that we fail with an empty NUMA node with the
following message:
$ lscpu
NUMA node0 CPU(s):
NUMA node1 CPU(s): 0-4
$ sudo ./perf c2c report
node/cpu topology bugFailed setup nodes
From: Ville Syrjälä
[ Upstream commit c978ae9bde582e82a04c63a4071701691dd8b35c ]
We aren't supposed to force a stop+start between every i2c msg
when performing multi message transfers. This should eg. cause
the DDC segment address to be reset back to 0 between writing
the segment address and
From: Ondrej Mosnacek
[ Upstream commit 53e0c2aa9a59a48e3798ef193d573ade85aa80f5 ]
Ignore all selinux_inode_notifysecctx() calls on mounts with SBLABEL_MNT
flag unset. This is achived by returning -EOPNOTSUPP for this case in
selinux_inode_setsecurtity() (because that function should not be
From: Sheng Yong
[ Upstream commit ac92985864e187a1735502f6a02f54eaa655b2aa ]
When setting /sys/fs/f2fs//iostat_enable with non-bool value, UBSAN
reports the following warning.
[ 7562.295484]
[ 7562.296531]
From: Nathan Fontenot
[ Upstream commit 81b61324922c67f73813d8a9c175f3c153f6a1c6 ]
On pseries systems, performing a partition migration can result in
altering the nodes a CPU is assigned to on the destination system. For
exampl, pre-migration on the source system CPUs are in node 1 and 3,
From: Paul Kocialkowski
[ Upstream commit 890880ddfdbe256083170866e49c87618b706ac7 ]
When drivers pass non-empty lists of modifiers for initializing their
planes, we can infer that they allow framebuffer modifiers and set the
driver's allow_fb_modifiers mode config element.
In case the
From: Shunyong Yang
[ Upstream commit 875aac8a46424e5b73a9ff7f40b83311b609e407 ]
In async_tx_test_ack(), it uses flags in struct dma_async_tx_descriptor
to check the ACK status. As hidma reuses the descriptor in a free list
when hidma_prep_dma_*(memcpy/memset) is called, the flag will keep
From: Tony Jones
[ Upstream commit cc437642255224e4140fed1f3e3156fc8ad91903 ]
In Python3, the result of PyModule_Create (called from
scripts/python/Perf-Trace-Util/Context.c) is not automatically added to
sys.modules. See: https://bugs.python.org/issue4592
Below is the observed behavior
From: Tony Jones
[ Upstream commit 72e0b15cb24a497d7d0d4707cf51ff40c185ae8c ]
With Python3. PyUnicode_FromStringAndSize is unsafe to call on attr and will
return NULL. Use _PyBytes_FromStringAndSize (as with raw_buf).
Below is the observed behavior without the fix. Note it is first
From: Takashi Sakamoto
[ Upstream commit b2e9e1c8810ee05c95f4d55800b8afae70ab01b4 ]
Duende Classic was produced by Solid State Logic in 2006, as a
first model of Duende DSP series. The following model, Duende Mini
was produced in 2008. They are designed to receive isochronous
packets for PCM
From: Alexey Khoroshilov
[ Upstream commit 8cd09a3dd3e176c62da67efcd477a44a8d87185e ]
If of_platform_populate() fails in gsbi_probe(),
gsbi->hclk is left undisabled.
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Alexey Khoroshilov
Signed-off-by: Bjorn
From: Rajneesh Bhardwaj
[ Upstream commit 0e68eeea9894feeba2edf7ec63e4551b87f39621 ]
A previous commit "platform/x86: intel_pmc_core: Make the driver PCH
family agnostic " provided
better abstraction to this driver but has some fundamental issues.
e.g. the following condition
for (index = 0;
From: Ard Biesheuvel
[ Upstream commit 5de0fef0230f3c8d75cff450a71740a7bf2db866 ]
The EFI memory attributes code cross-references the EFI memory map with
the more granular EFI memory attributes table to ensure that they are in
sync before applying the strict permissions to the regions it
From: Mathieu Malaterre
[ Upstream commit 3e3380d0675d5e20b0af067d60cb947a4348bf9b ]
Improve the DTS files by removing all the leading "0x" and zeros to fix
the following dtc warnings:
Warning (unit_address_format): Node /XXX unit name should not have leading "0x"
and
Warning
From: wen yang
[ Upstream commit 11907e9d3533648615db08140e3045b829d2c141 ]
The of_find_device_by_node() takes a reference to the underlying device
structure, we should release that reference.
Signed-off-by: Wen Yang
Cc: Timur Tabi
Cc: Nicolin Chen
Cc: Xiubo Li
Cc: Fabio Estevam
Cc: Liam
From: Sara Sharon
[ Upstream commit c6ac9f9fb98851f47b978a9476594fc3c477a34d ]
Allocator swaps the pending requests with 0 when it starts
working. This means that relying on it n RX path to decide if
to move to emergency is not always a good idea, since it may
be zero, but there are still a lot
From: Tycho Andersen
[ Upstream commit 3aa415dd2128e478ea3225b59308766de0e94d6b ]
The get_metadata() test requires real root, so let's skip it if we're not
real root.
Note that I used XFAIL here because that's what the test does later if
CONFIG_CHEKCKPOINT_RESTORE happens to not be enabled.
From: Andrea Righi
[ Upstream commit 02106f883cd745523f7766d90a739f983f19e650 ]
Since kprobe breakpoing handler is using bsearch(), probing on this
routine can cause recursive breakpoint problem.
int3
->do_int3()
->ftrace_int3_handler()
->ftrace_location()
From: Thomas Gleixner
[ Upstream commit 1136b0728969901a091f0471968b2b76ed14d9ad ]
Waiman reported that on large systems with a large amount of interrupts the
readout of /proc/stat takes a long time to sum up the interrupt
statistics. In principle this is not a problem. but for unknown reasons
From: Chieh-Min Wang
[ Upstream commit 13f5251fd17088170c18844534682d9cab5ff5aa ]
For bridge(br_flood) or broadcast/multicast packets, they could clone
skb with unconfirmed conntrack which break the rule that unconfirmed
skb->_nfct is never shared. With nfqueue running on my system, the race
From: Michal Kazior
[ Upstream commit 5ddb0869bfc1bca6cfc592c74c64a026f936638c ]
I've stumbled upon a kernel crash and the logs
pointed me towards the lp5562 driver:
> <4>[306013.841294] lp5562 0-0030: Direct firmware load for lp5562 failed with
> error -2
> <4>[306013.894990] lp5562 0-0030:
From: Nathan Chancellor
[ Upstream commit de9c0d49d85dc563549972edc5589d195cd5e859 ]
While building arm32 allyesconfig, I ran into the following errors:
arch/arm/lib/xor-neon.c:17:2: error: You should compile this file with
'-mfloat-abi=softfp -mfpu=neon'
In file included from
From: Coly Li
[ Upstream commit 596b5a5dd1bc2fa019fdaaae522ef331deef927f ]
Currently sysfs_strtoul_clamp() is defined as,
82 #define sysfs_strtoul_clamp(file, var, min, max) \
83 do { \
84 if (attr == _
From: John Stultz
[ Upstream commit 54f64d5c983f939901dacc8cfc0983727c5c742e ]
Since the 5.0 merge window opened, I've been seeing frequent
crashes on suspend and reboot with the trace:
[ 36.911170] Unable to handle kernel paging request at virtual address
ff801153d660
[ 36.912769]
From: Russell King
[ Upstream commit 316734fdcf70900a83065360cff11a5826919067 ]
It appears that the mvpp22 can get stuck with SGMII negotiation. The
symptoms are that in-band negotiation never completes and the partner
(eg, PHY) never reports SGMII link up, or if it supports negotiation
From: Coly Li
[ Upstream commit 8c27a3953e92eb0b22dbb03d599f543a05f9574e ]
People may set sequential_cutoff of a cached device via sysfs file,
but current code does not check input value overflow. E.g. if value
4294967295 (UINT_MAX) is written to file sequential_cutoff, its value
is 4GB, but if
From: Raju Rangoju
[ Upstream commit f368ff188ae4b3ef6f740a15999ea0373261b619 ]
When an application aborts the connection by moving QP from RTS to ERROR,
then iw_cxgb4's modify_rc_qp() RTS->ERROR logic sets the
*srqidxp to 0 via t4_set_wq_in_error(>wq, 0), and aborts the
connection by calling
From: He Kuang
[ Upstream commit 7346195e8643482968f547483e0d823ec1982fab ]
We can't assume inlined symbols with the same name are equal, because
their address range may be different. This will cause the symbols with
different addresses be shadowed when adding to the hist entry, and lead
to
From: Sebastian Ott
[ Upstream commit 0ff06c44efeede4acd068847d3bf8cf894b6c664 ]
Prior to dma unmap/free operations the ism driver tries to ensure
that the memory is no longer accessed by the HW. When errors
during deregistration of memory regions from the HW occur the ism
driver will not
From: Sedat Dilek
[ Upstream commit 8beb90aaf334a6efa3e924339926b5f93a234dbb ]
commit 1917d42d14b7 ("fcoe: use enum for fip_mode") introduces a separate
enum for the fip_mode that shall be used during initialisation handling
until it is passed to fcoe_ctrl_link_up to set the initial fip_state.
From: Håkon Bugge
[ Upstream commit 2612d723aadcf8281f9bf8305657129bd9f3cd57 ]
Using CX-3 virtual functions, either from a bare-metal machine or
pass-through from a VM, MAD packets are proxied through the PF driver.
Since the VF drivers have separate name spaces for MAD Transaction Ids
(TIDs),
From: Vadim Pasternak
[ Upstream commit e4c275f77624961b56cce397814d9d770a45ac59 ]
Fix the following KASAN warning produced when booting a 64-bit kernel:
[ 13.334750] BUG: KASAN: stack-out-of-bounds in find_first_bit+0x19/0x70
[ 13.342166] Read of size 8 at addr 880235067178 by task
From: "Aneesh Kumar K.V"
[ Upstream commit 5330367fa300742a97e20e953b1f77f48392faae ]
After we ALIGN up the address we need to make sure we didn't overflow
and resulted in zero address. In that case, we need to make sure that
the returned address is greater than mmap_min_addr.
This fixes
From: Sai Prakash Ranjan
[ Upstream commit 5666dfd1d8a45a167f0d8b4ef47ea7f780b1f24a ]
SDM845 has ETMv4.2 and can use the existing etm4x driver.
But the current etm driver checks only for ETMv4.0 and
errors out for other etm4x versions. This patch adds this
missing support to enable SoC's with
From: Lubomir Rintel
[ Upstream commit fe9ed6d2483fda55465f32924fb15bce0fac3fac ]
Like the other OF-enabled drivers, use the port number from the firmware if
the devicetree specifies an alias:
aliases {
...
serial2 = /* Should be ttyS2 */
}
This is how the deprecated pxa.c
From: Carlos Maiolino
[ Upstream commit dce30ca9e3b676fb288c33c1f4725a0621361185 ]
guard_bio_eod() can truncate a segment in bio to allow it to do IO on
odd last sectors of a device.
It already checks if the IO starts past EOD, but it does not consider
the possibility of an IO request starting
From: Julia Lawall
[ Upstream commit 8c2b43d2d85b48a97d2f8279278a4aac5b45f925 ]
Add an of_node_put when a tested device node is not available.
The semantic patch that fixes this problem is as follows
(http://coccinelle.lip6.fr):
//
@@
identifier f;
local idexpression e;
expression x;
@@
e =
From: "Jason Cai (Xiang Feng)"
[ Upstream commit 70de2cbda8a5d788284469e755f8b097d339c240 ]
Invoking dm_get_device() twice on the same device path with different
modes is dangerous. Because in that case, upgrade_mode() will alloc a
new 'dm_dev' and free the old one, which may be referenced by
From: Vlastimil Babka
[ Upstream commit 2e25644e8da4ed3a27e7b8315aaae74660be72dc ]
Syzbot with KMSAN reports (excerpt):
==
BUG: KMSAN: uninit-value in mpol_rebind_policy mm/mempolicy.c:353 [inline]
BUG: KMSAN: uninit-value in
From: Louis Taylor
[ Upstream commit 259594bea574e515a148171b5cd84ce5cbdc028a ]
When compiling with -Wformat, clang emits the following warnings:
fs/cifs/smb1ops.c:312:20: warning: format specifies type 'unsigned
short' but the argument has type 'unsigned int' [-Wformat]
From: "Uladzislau Rezki (Sony)"
[ Upstream commit afd07389d3f4933c7f7817a92fb5e053d59a3182 ]
One of the vmalloc stress test case triggers the kernel BUG():
[60.562151] [ cut here ]
[60.562154] kernel BUG at mm/vmalloc.c:512!
[60.562206] invalid opcode:
From: Qian Cai
[ Upstream commit 92d1d07daad65c300c7d0b68bbef8867e9895d54 ]
Kmemleak throws endless warnings during boot due to in
__alloc_alien_cache(),
alc = kmalloc_node(memsize, gfp, node);
init_arraycache(>ac, entries, batch);
kmemleak_no_scan(ac);
Kmemleak does not track the
From: zhengliang
[ Upstream commit a0770e13c8da83bdb64738c0209ab02dd3cfff8b ]
v4: Rearrange the previous three versions.
The following scenario could lead to data block override by mistake.
TASK A| TASK kworker|
TASK B
From: Stanislav Fomichev
[ Upstream commit 8e2688876c7f7073d925e1f150e86b8ed3338f52 ]
libbpf targets don't explicitly depend on fixdep target, so when
we do 'make -j$(nproc)', there is a high probability, that some
objects will be built before fixdep binary is available.
Fix this by running
From: Colin Ian King
The nvm_image is a large struct qedi_nvm_iscsi_image object of
over 24K so don't declare it on the stack just for a sizeof
requirement; use sizeof on struct qedi_nvm_iscsi_image instead.
Fixes: c77a2fa3ff8f ("scsi: qedi: Add the CRC size within iSCSI NVM image")
From: Douglas Anderson
[ Upstream commit 31b265b3baaf55f209229888b7ffea523ddab366 ]
As reported back in 2016-11 [1], the "ftdump" kdb command triggers a
BUG for "sleeping function called from invalid context".
kdb's "ftdump" command wants to call ring_buffer_read_prepare() in
atomic context.
From: Peng Fan
[ Upstream commit 0d3bd18a5efd66097ef58622b898d3139790aa9d ]
In case cma_init_reserved_mem failed, need to free the memblock
allocated by memblock_reserve or memblock_alloc_range.
Quote Catalin's comments:
https://lkml.org/lkml/2019/2/26/482
Kmemleak is supposed to work with
From: Linus Torvalds
[ Upstream commit e0f0ae838a25464179d37f355d763f9ec139fc15 ]
The pm8xxx_get_channel() implementation is unclear, and causes gcc to
suddenly generate odd warnings. The trigger for the warning (at least
for me) was the entirely unrelated commit 79a4e91d1bb2 ("device.h: Add
From: Christian Brauner
[ Upstream commit 32a5ad9c22852e6bd9e74bdec5934ef9d1480bc5 ]
Currently, when writing
echo 18446744073709551616 > /proc/sys/fs/file-max
/proc/sys/fs/file-max will overflow and be set to 0. That quickly
crashes the system.
This commit sets the max and min value for
From: Kairui Song
[ Upstream commit 179fb36abb097976997f50733d5b122a29158cba ]
After commit 68bb7bfb7985 ("X86/Hyper-V: Enable IPI enlightenments"),
kexec fails with a kernel panic:
kexec_core: Starting new kernel
BUG: unable to handle kernel NULL pointer dereference at
From: Qian Cai
[ Upstream commit 0c81585499601acd1d0e1cbf424cabfaee60628c ]
After offlining a memory block, kmemleak scan will trigger a crash, as
it encounters a page ext address that has already been freed during
memory offlining. At the beginning in alloc_page_ext(), it calls
From: Tonghao Zhang
[ Upstream commit 24319258660a84dd77f4be026a55b10a12524919 ]
If we try to set VFs rate on a VF (not PF) net device, the kernel
will be crash. The commands are show as below:
$ echo 2 > /sys/class/net/$MLX_PF0/device/sriov_numvfs
$ ip link set $MLX_VF0 vf 0 max_tx_rate 2
From: Hans de Goede
[ Upstream commit d693c008e3ca04db5916ff72e68ce661888a913b ]
Commit 53fa1f6e8a59 ("ACPI / video: Only default only_lcd to true on
Win8-ready _desktops_") introduced chassis type detection, limiting the
lcd_only check for the backlight to devices where the chassis-type
From: Masahiro Yamada
[ Upstream commit fc2b47b55f17fd996f7a01975ce1c33c2f2513f6 ]
It believe it is a bad idea to hardcode a specific compiler prefix
that may or may not be installed on a user's system. It is annoying
when testing features that should not require compilers at all.
For example,
From: Chao Yu
[ Upstream commit aadcef64b22f668c1a107b86d3521d9cac915c24 ]
As Jiqun Li reported in bugzilla:
https://bugzilla.kernel.org/show_bug.cgi?id=202883
sometimes, dead lock when make system call SYS_getdents64 with fsync() is
called by another process.
monkey running on android9.0
From: Kuninori Morimoto
[ Upstream commit a0c426fe143328760c9fd565cd203a37a7b4fde8 ]
We will get DAI ID from "reg" property if it has on DT, otherwise get
it by counting port/endpoint.
But in below case, we need to get DAI ID = 0 via port reg = <0>, but
current implementation returns ID = 1,
From: Ben Dooks
[ Upstream commit e486df39305864604b7e25f2a95d51039517ac57 ]
The dma_desc->bytes_transferred counter tracks the number of bytes
moved by the DMA channel. This is then used to calculate the information
passed back in the in the tegra_dma_tx_status callback, which is usually
fine.
701 - 800 of 1290 matches
Mail list logo
