From: Tomas Henzl
[ Upstream commit afe89f115e84edbc76d316759e206580a06c6973 ]
The sense data buffer in sense_buf_pool is allocated with size of
MPT_SENSE_BUFFER_ALLOC(64) (multiplied by req_depth) while SNS_LEN(sc)(96)
is used when reading the data. That may lead to a read from unallocated
From: Chengguang Xu
[ Upstream commit 0b8eb629a700c0ef15a437758db8255f8444e76c ]
Release bip using kfree() in error path when that was allocated
by kmalloc().
Signed-off-by: Chengguang Xu
Reviewed-by: Christoph Hellwig
Acked-by: Martin K. Petersen
Signed-off-by: Jens Axboe
Signed-off-by:
From: Aditya Pakki
[ Upstream commit 2655971ad4b34e97dd921df16bb0b08db9449df7 ]
dwc3_pci_resume_work() calls pm_runtime_get_sync() that increments
the reference counter. In case of failure, decrement the reference
before returning.
Signed-off-by: Aditya Pakki
Signed-off-by: Felipe Balbi
From: Peter Zijlstra
[ Upstream commit c7aadc09321d8f9a1d3bd1e6d8a47222ecddf6c5 ]
Marco crashed in bad_iret with a Clang11/KCSAN build due to
overflowing the stack. Now that we run C code on it, expand it to a
full page.
Suggested-by: Andy Lutomirski
Reported-by: Marco Elver
Signed-off-by:
From: Arun Easi
[ Upstream commit cbb01c2f2f630f1497f703c51ff21538ae2d86b8 ]
Today, upon an MPI failure AEN, on top of collecting an MPI dump, a regular
firmware dump is also taken and then chip reset. This is disruptive to IOs
and not required. Make the firmware dump collection, followed by
From: Stephane Eranian
[ Upstream commit 16accae3d97f97d7f61c4ee5d0002bccdef59088 ]
This patch fixes a bug introduced by:
fd3ae1e1587d6 ("perf/x86/rapl: Move RAPL support to common x86 code")
The Kconfig variable name was wrong. It was missing the CONFIG_ prefix.
Signed-off-by: Stephane
From: Xiyu Yang
[ Upstream commit 37cc4b95d13f311c04aa8e9daacca3905ad45ca7 ]
ttm_bo_vm_fault_reserved() invokes dma_fence_get(), which returns a
reference of the specified dma_fence object to "moving" with increased
refcnt.
When ttm_bo_vm_fault_reserved() returns, local variable "moving"
From: Thierry Reding
[ Upstream commit d9a0a05bf8c76e6dc79230669a8b5d685b168c30 ]
Currently when a host1x device driver is unregistered, it is not
detached from the host1x controller, which means that the device
will stay around and when the driver is registered again, it may
bind to the old,
From: Jérôme Pouiller
[ Upstream commit 29de523a6270a308d12d21f4fecf52dac491e226 ]
The function hif_scan() return the timeout for the completion of the
scan request. It is the only function from hif_tx.c that return another
thing than just an error code. This behavior is not coherent with the
From: Sascha Hauer
[ Upstream commit 1a642ca7f38992b086101fe204a1ae3c90ed8016 ]
The older SoCs like Armada XP support a 2500BaseX mode in the datasheets
referred to as DR-SGMII (Double rated SGMII) or HS-SGMII (High Speed
SGMII). This is an upclocked 1000BaseX mode, thus
From: Christophe JAILLET
[ Upstream commit 109be8b23fb2ec8e2d309325ee3b7a49eab63961 ]
host1x_debug_init() must be reverted in an error handling path.
This is already fixed in the remove function since commit 44156eee91ba
("gpu: host1x: Clean up debugfs on removal")
Signed-off-by: Christophe
From: Linus Walleij
[ Upstream commit b984b6d8b52372b98cce0a6ff6c2787f50665b87 ]
The following bug appeared in the MCDE driver/display
initialization during the recent merge window.
First the place we call drm_fbdev_generic_setup() in the
wrong place: this needs to be called AFTER calling
From: yu kuai
[ Upstream commit 4845446036fc9c13f43b54a65c9b757c14f5141b ]
if of_find_device_by_node() succeed, imx6q_suspend_init() doesn't have a
corresponding put_device(). Thus add a jump target to fix the exception
handling for this function implementation.
Signed-off-by: yu kuai
From: Nicolin Chen
[ Upstream commit ef4e417eb3ec7fe657928f10ac1d2154d8a5fb38 ]
Though the unconditional enable/disable code is not a final solution,
we don't want to run into a NULL pointer situation when window group
doesn't link to its DC parent if the DC is disabled in Device Tree.
So this
From: Ciara Loftus
[ Upstream commit f140ad9fe2ae16f385f8fe4dc9cf67bb4c51d794 ]
READ_ONCE should be used when reading rings prior to accessing the
statistics pointer. Introduce this as well as the corresponding WRITE_ONCE
usage when allocating and freeing the rings, to ensure protected access.
From: Xiyu Yang
[ Upstream commit 11425c4519e2c974a100fc984867046d905b9380 ]
ttm_bo_add_move_fence() invokes dma_fence_get(), which returns a
reference of the specified dma_fence object to "fence" with increased
refcnt.
When ttm_bo_add_move_fence() returns, local variable "fence" becomes
From: Zhenzhong Duan
[ Upstream commit abd42781c3d2155868821f1b947ae45bbc0d ]
Imagine below scene, spidev is referenced after it's freed.
spidev_release()spidev_remove()
...
spin_lock_irq(>spi_lock);
From: Jens Thoms Toerring
[ Upstream commit 53d860952c8215cf9ae1ea33409c8cb71ad6ad3d ]
The assembly and disassembly of data to be sent to or received from
a device invoke functions regmap_format_XX() and regmap_parse_XX()
that extract or insert data items from or into a buffer, using
From: Krzysztof Kozlowski
[ Upstream commit 7684580d45bd3d84ed9b453a4cadf7a9a5605a3f ]
During device removal, the driver should unregister the SPI controller
and stop the hardware. Otherwise the dspi_transfer_one_message() could
wait on completion infinitely.
Additionally, calling
On Tue, Jul 14, 2020 at 10:27:01AM +0200, Peter Zijlstra wrote:
> On Tue, Jul 14, 2020 at 12:02:09AM -0700, ira.we...@intel.com wrote:
> > From: Ira Weiny
> >
> > The PKRS MSR is defined as a per-core register. This isolates memory
> > access by CPU. Unfortunately, the MSR is not preserved by
On 7/14/20 3:24 PM, Miklos Szeredi wrote:
> On Thu, Jun 25, 2020 at 11:30 AM Vasily Averin wrote:
>>
>> fuse_writepages_fill uses following construction:
>> if (wpa && ap->num_pages &&
>> (A || B || C)) {
>> action;
>> } else if (wpa && D) {
>> if (E) {
>> the
From: Stephane Eranian
[ Upstream commit fd3ae1e1587d64ef8cc8e361903d33625458073e ]
To prepare for support of both Intel and AMD RAPL.
As per the AMD PPR, Fam17h support Package RAPL counters to monitor power usage.
The RAPL counter operates as with Intel RAPL, and as such it is beneficial
to
This is the start of the stable review cycle for the 5.7.9 release.
There are 166 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Thu, 16 Jul 2020 18:40:38 +.
Anything
From: "Uwe Kleine-K�nig"
When commit 9017dc4fbd59 ("pwm: jz4740: Enhance precision in calculation
of duty cycle") from v5.8-rc1 was backported to v5.4.x its dependency on
commit ce1f9cece057 ("pwm: jz4740: Use clocks from TCU driver") was not
noticed which made the pwm-jz4740 driver fail to
From: Sascha Hauer
[ Upstream commit b4748553f53f2971e07d2619f13d461daac0f3bb ]
The MVNETA_SERDES_CFG register is only available on older SoCs like the
Armada XP. On newer SoCs like the Armada 38x the fields are moved to
comphy. This patch moves the writes to this register next to the comphy
From: Peng Ma
[ Upstream commit dc234825997ec6ff05980ca9e2204f4ac3f8d695 ]
We need to ensure dspi controller could be stopped in order for kexec
to start the next kernel.
So add the shutdown operation support.
Signed-off-by: Peng Ma
Link:
From: Greg Kroah-Hartman
This reverts commit b5c8896bc14f54e5c4dd5a6e42879f125b8abd2d which is
commit 2bbcaaee1fcbd83272e29f31e2bb7e70d8c49e05 upstream.
It is being reverted upstream, just hasn't made it there yet and is
causing lots of problems.
Reported-by: Hans de Goede
Cc: Qiujun Huang
From: Pavel Hofman
commit b6a1e78b96a5d7f312f08b3a470eb911ab5feec0 upstream.
USB Audio analyzer RTX6001 uses the same implicit feedback quirk
as other XMOS-based devices.
Signed-off-by: Pavel Hofman
Tested-by: Pavel Hofman
Cc:
Link:
From: Kees Cook
commit 63960260457a02af2a6cb35d75e6bdb17299c882 upstream.
When evaluating access control over kallsyms visibility, credentials at
open() time need to be used, not the "current" creds (though in BPF's
case, this has likely always been the same). Plumb access to associated
From: Marek Olšák
commit f4892c327a8e5df7ce16cab40897daf90baf6bec upstream.
It's impossible to debug shader hangs with soft recovery.
Signed-off-by: Marek Olšák
Reviewed-by: Alex Deucher
Reviewed-by: Christian König
Signed-off-by: Alex Deucher
Cc: sta...@vger.kernel.org
Signed-off-by: Greg
From: Josef Bacik
commit 230ed397435e85b54f055c524fcb267ae2ce3bc4 upstream.
While debugging a patch that I wrote I was hitting use-after-free panics
when accessing block groups on unmount. This turned out to be because
in the nocow case if we bail out of doing the nocow for whatever reason
we
From: Andrew Scull
commit b9e10d4a6c9f5cbe6369ce2c17ebc67d2e5a4be5 upstream.
HVC_SOFT_RESTART is given values for x0-2 that it should installed
before exiting to the new address so should not set x0 to stub HVC
success or failure code.
Fixes: af42f20480bf1 ("arm64: hyp-stub: Zero x0 on
From: Jian-Hong Pan
commit 6e15d1261d522d1d222f8f89b23c6966905e9049 upstream.
The Acer Aspire C20-820 AIO's audio (1025:1065) with ALC269VC can't
detect the headset microphone until ALC269VC_FIXUP_ACER_HEADSET_MIC
quirk maps the NID 0x18 as the headset mic pin.
Signed-off-by: Jian-Hong Pan
From: Kees Cook
commit 60f7bb66b88b649433bf700acfc60c3f24953871 upstream.
The kprobe show() functions were using "current"'s creds instead
of the file opener's creds for kallsyms visibility. Fix to use
seq_file->file->f_cred.
Cc: Masami Hiramatsu
Cc: sta...@vger.kernel.org
Fixes: 81365a947de4
From: Adrian Hunter
commit 031c8d5edb1ddeb6d398f7942ce2a01a1a51ada9 upstream.
Using ctrl-F ('Find') would not find 'unknown' because it matches id
zero. Fix by excluding id zero from selection.
Example:
$ perf record -e intel_pt//u uname
Linux
[ perf record: Woken up 1 times to
From: Jian-Hong Pan
commit 8eae7e9b3967f08efaa4d70403aec513cbe45ad0 upstream.
The Acer desktop vCopperbox with ALC269VC cannot detect the MIC of
headset, the line out and internal speaker until
ALC269VC_FIXUP_ACER_VCOPPERBOX_PINS quirk applied.
Signed-off-by: Jian-Hong Pan
Signed-off-by:
From: Alexandru Elisei
commit 7733306bd593c737c63110175da6c35b4b8bb32c upstream.
The "inline" keyword is a hint for the compiler to inline a function. The
functions system_uses_irq_prio_masking() and gic_write_pmr() are used by
the code running at EL2 on a non-VHE system, so mark them as
From: Mikulas Patocka
commit 6958c1c640af8c3f40fa8a2eee3b5b905d95b677 upstream.
kobject_uevent may allocate memory and it may be called while there are dm
devices suspended. The allocation may recurse into a suspended device,
causing a deadlock. We must set the noio flag when sending a uevent.
From: Janosch Frank
commit 528a9539348a0234375dfaa1ca5dbbb2f8f8e8d2 upstream.
If the pmd is soft dirty we must mark the pte as soft dirty (and not dirty).
This fixes some cases for guest migration with huge page backings.
Cc: # 4.8
Fixes: bc29b7ac1d9f ("s390/mm: clean up pte/pmd encoding")
From: Vineet Gupta
commit b7faf971081a4e56147f082234bfff55135305cb upstream.
Cc:
Signed-off-by: Vineet Gupta
Signed-off-by: Greg Kroah-Hartman
---
arch/arc/include/asm/elf.h |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arc/include/asm/elf.h
+++
From: Kees Cook
commit b25a7c5af9051850d4f3d93ca500056ab6ec724b upstream.
The printing of section addresses in /sys/module/*/sections/* was not
using the correct credentials to evaluate visibility.
Before:
# cat /sys/module/*/sections/.*text
0xc0458000
...
# capsh
From: Kees Cook
commit 160251842cd35a75edfb0a1d76afa3eb674ff40a upstream.
In order to perform future tests against the cred saved during open(),
switch kallsyms_show_value() to operate on a cred, and have all current
callers pass current_cred(). This makes it very obvious where callers
are
From: Michal Suchanek
commit a46624580376a3a0beb218d94cbc7f258696e29f upstream.
DM writecache does not handle asynchronous pmem. Reject it when
supplied as cache.
Link: https://lore.kernel.org/linux-nvdimm/87lfk5hahc@linux.ibm.com/
Fixes: 6e84200c0a29 ("virtio-pmem: Add virtio pmem
From: Vineet Gupta
commit 00fdec98d9881bf5173af09aebd353ab3b9ac729 upstream.
Trap handler for syscall tracing reads EFA (Exception Fault Address),
in case strace wants PC of trap instruction (EFA is not part of pt_regs
as of current code).
However this EFA read is racy as it happens after
From: Ming Lei
commit 05a4fed69ff00a8bd83538684cb602a4636b07a7 upstream.
dm-multipath is the only user of blk_mq_queue_inflight(). When
dm-multipath calls blk_mq_queue_inflight() to check if it has
outstanding IO it can get a false negative. The reason for this is
blk_mq_rq_inflight() doesn't
From: Vasily Gorbik
commit 95e61b1b5d6394b53d147c0fcbe2ae70fbe09446 upstream.
Command line parameters might set static keys. This is true for s390 at
least since commit 6471384af2a6 ("mm: security: introduce init_on_alloc=1
and init_on_free=1 boot options"). To avoid the following WARN:
From: Andre Edich
[ Upstream commit 7c8b1e855f94f88a0c569be6309fc8d5c8844cd1 ]
The return value of the function smsc95xx_reset() must be checked
to avoid returning false success from the function smsc95xx_bind().
Fixes: 2f7ca802bdae2 ("net: Add SMSC LAN9500 USB2.0 10/100 ethernet adapter
From: Benjamin Poirier
commit 9774dc218bb628974dcbc76412f970e9258e5f27 upstream.
1)
In snd_hda_pick_fixup(), quirks are first matched by PCI SSID and then, if
there is no match, by codec SSID. The Lenovo "ThinkPad X1 Carbon 7th" has
an audio chip with PCI SSID 0x2292 and codec SSID 0x2293[1].
From: Pablo Neira Ayuso
[ Upstream commit d005fbb855d3b5660d62ee5a6bd2d99c13ff8cf3 ]
__nf_conntrack_update() might refresh the conntrack object that is
attached to the skbuff. Otherwise, this triggers UAF.
[ 633.200434]
==
[
From: Kaike Wan
commit 28b70cd9236563e1a88a6094673fef3c08db0d51 upstream.
The workqueue hfi1_wq is destroyed in function shutdown_device(), which is
called by either shutdown_one() or remove_one(). The function
shutdown_one() is called when the kernel is rebooted while remove_one() is
called
From: Kaike Wan
commit 2315ec12ee8e8257bb335654c62e0cae71dc278d upstream.
The workqueue link_wq should only be destroyed when the hfi1 driver is
unloaded, not when the device is shut down.
Fixes: 71d47008ca1b ("IB/hfi1: Create workqueue for link events")
Link:
From: Ido Schimmel
[ Upstream commit c4317b11675b99af6641662ebcbd3c6010600e64 ]
In case devlink reload failed, it is possible to trigger a
use-after-free when querying the kernel for device info via 'devlink dev
info' [1].
This happens because as part of the reload error path the PCI command
From: Divya Indi
[ Upstream commit f427f4d6214c183c474eeb46212d38e6c7223d6a ]
There is a race condition where ib_nl_make_request() inserts the request
data into the linked list but the timer in ib_nl_request_timeout() can see
it and destroy it before ib_nl_send_msg() is done touching it. This
From: Hector Martin
commit e337bf19f6af38d5c3fa6d06cd594e0f890ca1ac upstream.
These devices claim to be 96kHz mono, but actually are 48kHz stereo with
swapped channels and unaligned transfers.
Cc: sta...@vger.kernel.org
Signed-off-by: Hector Martin
Link:
From: Nicolas Ferre
[ Upstream commit 515a10a701d570e26dfbe6ee373f77c8bf11053f ]
Use the proper struct device pointer to check if the wakeup flag
and wakeup source are positioned.
Use the one passed by function call which is equivalent to
>dev->dev.parent.
It's preventing the trigger of a
From: Adrian Hunter
[ Upstream commit 75bcb8776dc987538f267ba4ba05ca43fc2b1676 ]
When recording PEBS-via-PT, the kernel will not accept the intel_pt
event with register sampling e.g.
# perf record --kcore -c 1 -e
'{intel_pt/branch=0/,branch-loads/aux-output/ppp}' -I -- ls -l
Error:
From: Eric Dumazet
[ Upstream commit c4e8fa9074ad94f80e5c0dcaa16b313e50e958c5 ]
Whenever ip_set_alloc() is used, allocated memory can either
use kmalloc() or vmalloc(). We should call kvfree() or
ip_set_free()
invalid opcode: [#1] PREEMPT SMP KASAN
CPU: 0 PID: 21935 Comm: syz-executor.3
From: Sean Christopherson
commit 7c83d096aed055a7763a03384f92115363448b71 upstream.
Mark CR4.TSD as being possibly owned by the guest as that is indeed the
case on VMX. Without TSD being tagged as possibly owned by the guest, a
targeted read of CR4 to get TSD could observe a stale value. This
From: Nicolas Ferre
[ Upstream commit 6c8f85cac98a4c6b767c4c4f6af7283724c32b47 ]
The calls to pm_runtime_force_suspend/resume() functions are only
relevant if the device is not configured to act as a WoL wakeup source.
Add the device_may_wakeup() test before calling them.
Fixes: 3e2a5e153906
From: Codrin Ciubotariu
[ Upstream commit af199a1a9cb02ec0194804bd46c174b6db262075 ]
The number of ports is incorrectly set to the maximum available for a DSA
switch. Even if the extra ports are not used, this causes some functions
to be called later, like port_disable() and
From: Wei Li
[ Upstream commit d61cbb859b45fdb6b4997f2d51834fae41af0e94 ]
The segmentation fault can be reproduced as following steps:
1) Executing perf report in tui.
2) Typing '/x' to filter the symbol to get nothing matched.
3) Pressing enter with no entry selected.
Then it will
From: Vinod Koul
[ Upstream commit f79a732a8325dfbd570d87f1435019d7e5501c6d ]
On partial_drain completion we should be in SNDRV_PCM_STATE_RUNNING
state, so set that for partially draining streams in
snd_compr_drain_notify() and use a flag for partially draining streams
While at it, add locks
From: Eran Ben Elisha
[ Upstream commit 47afbdd2fa4c5775c383ba376a3d1da7d7f694dc ]
Fix eeprom SFP query support by setting i2c_addr, offset and page number
correctly. Unlike QSFP modules, SFP eeprom params are as follow:
- i2c_addr is 0x50 for offset 0 - 255 and 0x51 for offset 256 - 511.
-
From: Sudarsana Reddy Kalluru
[ Upstream commit 13cf8aab7425a253070433b5a55b4209ceac8b19 ]
NVM config file address will be modified when the MBI image is upgraded.
Driver would return stale config values if user reads the nvm-config
(via ethtool -d) in this state. The fix is to re-populate nvm
From: Wei Li
[ Upstream commit 8523c006264df65aac7d77284cc69aac46a6f842 ]
After entering kdb due to breakpoint, when we execute 'ss' or 'go' (will
delay installing breakpoints, do single-step first), it won't work
correctly, and it will enter kdb due to oops.
It's because the reason gotten in
From: Kamal Heib
[ Upstream commit 04340645f69ab7abb6f9052688a60f0213b3f79c ]
Move the initialization of the vendor_part_id to be before calling
ib_register_device(), this is needed because the query_device() callback
is called from the context of ib_register_device() before initializing the
From: Davide Caratti
[ Upstream commit c8b1d7436045d3599bae56aef1682813ecccaad7 ]
we need to set 'active_vfs' back to 0, if something goes wrong during the
allocation of SR-IOV resources: otherwise, further VF configurations will
wrongly assume that bp->pf.vf[x] are valid memory locations, and
From: Aya Levin
[ Upstream commit 6a1cf4e443a3b0a4d690d3c93b84b1e9cbfcb1bd ]
Some released FW versions mistakenly don't set the capability that 50G
per lane link-modes are supported for VFs (ptys_extended_ethernet
capability bit). When the capability is unset, read
PTYS.ext_eth_proto_capability
From: Aya Levin
[ Upstream commit 530c8632b547ff72f11ff83654b22462a73f1f7b ]
Some released FW versions mistakenly don't set the capability that 50G per
lane link-modes are supported for VFs (ptys_extended_ethernet capability
bit).
Use PTYS.ext_eth_proto_capability instead, as this indication
From: Zheng Bin
[ Upstream commit 579dd91ab3a5446b148e7f179b6596b270dace46 ]
When adding first socket to nbd, if nsock's allocation failed, the data
structure member "config->socks" was reallocated, but the data structure
member "config->num_connections" was not updated. A memory leak will
From: Yonglong Liu
[ Upstream commit a06656211304fec653c1931c2ca6d644013b5bbb ]
Enable promisc mode of PF, set VF link state to enable, and
run iperf of the VF, then do self test of the PF. The self test
will fail with a low frequency, and may cause a use-after-free
problem.
[ 87.142126]
From: Andre Edich
[ Upstream commit 3ed58f96a70b85ef646d5427258f677f1395b62f ]
In a case where the ID_REV register read is failed, the memory for a
private data structure has to be freed before returning error from the
function smsc95xx_bind.
Fixes: bbd9f9ee69242 ("smsc95xx: add wol support
From: Huazhong Tan
[ Upstream commit e22b5e728bbb179b912d3a3cd5c25894a89a26a2 ]
When unloading driver, if flag HNS3_NIC_STATE_INITED has been
already cleared, the debugfs will not be uninitialized, so fix it.
Fixes: b2292360bb2a ("net: hns3: Add debugfs framework registration")
Signed-off-by:
From: Zhenzhong Duan
[ Upstream commit abd42781c3d2155868821f1b947ae45bbc0d ]
Imagine below scene, spidev is referenced after it's freed.
spidev_release()spidev_remove()
...
spin_lock_irq(>spi_lock);
From: Sascha Hauer
[ Upstream commit 1a642ca7f38992b086101fe204a1ae3c90ed8016 ]
The older SoCs like Armada XP support a 2500BaseX mode in the datasheets
referred to as DR-SGMII (Double rated SGMII) or HS-SGMII (High Speed
SGMII). This is an upclocked 1000BaseX mode, thus
From: Zhenzhong Duan
[ Upstream commit 06096cc6c5a84ced929634b0d79376b94c65a4bd ]
If an spi device is unbounded from the driver before the release
process, there will be an NULL pointer reference when it's
referenced in spi_slave_abort().
Fix it by checking it's already freed before reference.
From: Pierre-Louis Bossart
[ Upstream commit d50313a5a0d803bcf55121a2b82086633060d05e ]
Mirror PCI ids used for SOF.
Signed-off-by: Pierre-Louis Bossart
Reviewed-by: Guennadi Liakhovetski
Reviewed-by: Kai Vehmanen
Link:
From: Andy Shevchenko
[ Upstream commit ba8c90c6184784b397807b72403656085ac2f8c1 ]
ACPI table on Intel Galileo Gen 2 has wrong pin number for IRQ resource
of one of the I²C GPIO expanders. Since we know what that number is and
luckily have GPIO bases fixed for SoC's controllers, we may use a
From: Scott Wood
[ Upstream commit fd844ba9ae59b51e34e77105d79f8eca780b3bd6 ]
This function is concerned with the long-term CPU mask, not the
transitory mask the task might have while migrate disabled. Before
this patch, if a task was migrate-disabled at the time
__set_cpus_allowed_ptr() was
On Tue, Jul 14, 2020 at 11:12 AM Joel Fernandes wrote:
>
> I think you misunderstood me. I was not advocating breaking the stack
> movement code or breaking stack randomization, I was going to try to
> see if I could keep that working while not having to do an overlapping
> move.
I'm not really
From: Rajat Jain
[ Upstream commit 67e8a5b18d41af9298db5c17193f671f235cce01 ]
Currently, an external malicious PCI device can masquerade the VID:PID
of faulty gfx devices, and thus apply iommu quirks to effectively
disable the IOMMU restrictions for itself.
Thus we need to ensure that the
From: Hsin-Yi Wang
[ Upstream commit c0b8892e2461b5fa740e47efbb1269a487b04020 ]
Disable the plane if it's not visible. Otherwise mtk_ovl_layer_config()
would proceed with invalid plane and we may see vblank timeout.
Fixes: 119f5173628a ("drm/mediatek: Add DRM Driver for Mediatek SoC MT8173.")
From: Hans de Goede
[ Upstream commit a05caf9e62a85d12da27e814ac13195f4683f21c ]
The Acer S1003 has proper DMI strings for sys-vendor and product-name,
so we do not need to match by BIOS-date.
This means that the Acer S1003 can use the generic lcd800x1280_rightside_up
From: Aneesh Kumar K.V
[ Upstream commit c1ed1754f271f6b7acb1bfdc8cfb62220fbed423 ]
With CONFIG_DEBUG_VIRTUAL=y, __pa() checks for addr value and if it's
less than PAGE_OFFSET it leads to a BUG().
#define __pa(x)
({
VIRTUAL_BUG_ON((unsigned long)(x) < PAGE_OFFSET);
From: Hans de Goede
[ Upstream commit 6c22bc18a3b93a38018844636557ad02e588e055 ]
Like the Asus T100HA the Asus T101HA also uses a panel which has been
mounted 90 degrees rotated, albeit in the opposite direction.
Add a quirk for this.
Reviewed-by: Emil Velikov
Signed-off-by: Hans de Goede
From: John Fastabend
[ Upstream commit 8025751d4d55a2f32be6bdf825b6a80c299875f5 ]
If an ingress verdict program specifies message sizes greater than
skb->len and there is an ENOMEM error due to memory pressure we
may call the rcv_msg handler outside the strp_data_ready() caller
context. This is
From: John Fastabend
[ Upstream commit 93dd5f185916b05e931cffae636596f21f98546e ]
There are two paths to generate the below RCU splat the first and
most obvious is the result of the BPF verdict program issuing a
redirect on a TLS socket (This is the splat shown below). Unlike
the non-TLS case
From: Linus Walleij
[ Upstream commit b984b6d8b52372b98cce0a6ff6c2787f50665b87 ]
The following bug appeared in the MCDE driver/display
initialization during the recent merge window.
First the place we call drm_fbdev_generic_setup() in the
wrong place: this needs to be called AFTER calling
From: Ciara Loftus
[ Upstream commit d59e267912cd90b0adf33b4659050d831e746317 ]
READ_ONCE should be used when reading rings prior to accessing the
statistics pointer. Introduce this as well as the corresponding WRITE_ONCE
usage when allocating and freeing the rings, to ensure protected access.
From: Thierry Reding
[ Upstream commit d9a0a05bf8c76e6dc79230669a8b5d685b168c30 ]
Currently when a host1x device driver is unregistered, it is not
detached from the host1x controller, which means that the device
will stay around and when the driver is registered again, it may
bind to the old,
From: Zhang Xiaoxu
[ Upstream commit 5618303d8516f8ac5ecfe53ee8e8bc9a40eaf066 ]
As the man description of the truncate, if the size changed,
then the st_ctime and st_mtime fields should be updated. But
in cifs, we doesn't do it.
It lead the xfstests generic/313 failed.
So, add the
From: Aditya Pakki
[ Upstream commit 2655971ad4b34e97dd921df16bb0b08db9449df7 ]
dwc3_pci_resume_work() calls pm_runtime_get_sync() that increments
the reference counter. In case of failure, decrement the reference
before returning.
Signed-off-by: Aditya Pakki
Signed-off-by: Felipe Balbi
From: Tomas Henzl
[ Upstream commit afe89f115e84edbc76d316759e206580a06c6973 ]
The sense data buffer in sense_buf_pool is allocated with size of
MPT_SENSE_BUFFER_ALLOC(64) (multiplied by req_depth) while SNS_LEN(sc)(96)
is used when reading the data. That may lead to a read from unallocated
From: Dan Carpenter
commit 8ff41cc21714704ef0158a546c3c4d07fae2c952 upstream.
This code assumes that the user passed in enough data for a
qrtr_hdr_v1 or qrtr_hdr_v2 struct, but it's not necessarily true. If
the buffer is too small then it will read beyond the end.
Reported-by: Manivannan
From: Peter Zijlstra
[ Upstream commit c7aadc09321d8f9a1d3bd1e6d8a47222ecddf6c5 ]
Marco crashed in bad_iret with a Clang11/KCSAN build due to
overflowing the stack. Now that we run C code on it, expand it to a
full page.
Suggested-by: Andy Lutomirski
Reported-by: Marco Elver
Signed-off-by:
From: Pierre-Louis Bossart
[ Upstream commit 258fb4f4c34a0db9d3834aba6784d7b322176bb9 ]
Mirror ID added for legacy HDaudio
Signed-off-by: Pierre-Louis Bossart
Reviewed-by: Guennadi Liakhovetski
Reviewed-by: Kai Vehmanen
Link:
From: Dany Madden
[ Upstream commit 8b40eb73509f5704a0e8cd25de0163876299f1a7 ]
Continue the reset path when partner adapter is not ready or H_CLOSED is
returned from reset crq. This patch allows the CRQ init to proceed to
establish a valid CRQ for traffic to flow after reset.
Signed-off-by:
From: Max Gurtovoy
[ Upstream commit 032a9966a22a3596addf81dacf0c1736dfedc32a ]
The completion vector index that is given during CQ creation can't
exceed the number of support vectors by the underlying RDMA device. This
violation currently can accure, for example, in case one will try to
From: Luca Coelho
[ Upstream commit bc7a39b4272b9672d806d422b6850e8c1a09914c ]
When a memory leak was fixed, a return err was changed to goto err,
but, accidentally, the if (err) was removed, so now we always exit at
this point.
Fix it by adding if (err) back.
Fixes: 9951ebfcdf2b ("nl80211:
From: yu kuai
[ Upstream commit 4845446036fc9c13f43b54a65c9b757c14f5141b ]
if of_find_device_by_node() succeed, imx6q_suspend_init() doesn't have a
corresponding put_device(). Thus add a jump target to fix the exception
handling for this function implementation.
Signed-off-by: yu kuai
701 - 800 of 1986 matches
Mail list logo
