From: Greg Kroah-Hartman
From: Frank Li
commit f06391c45e83f9a731045deb23df7cc3814fd795 upstream.
[ 6684.493350] Unable to handle kernel paging request at virtual address
800011c5b0f0
[ 6684.498531] mmc0: card 0001 removed
[ 6684.501556] Mem abort info:
[ 6684.509681] ESR = 0x9647
From: Greg Kroah-Hartman
From: Paulo Alcantara
commit 04ad69c342fc4de5bd23be9ef15ea7574fb1a87e upstream.
In case of interrupted syscalls, prevent sending CLOSE commands for
compound CREATE+CLOSE requests by introducing an
CIFS_CP_CREATE_CLOSE_OP flag to indicate lower layers that it should
From: Greg Kroah-Hartman
From: Kai-Heng Feng
commit 9799110825dba087c2bdce886977cf84dada2005 upstream.
Rear audio on Lenovo ThinkStation P620 stops working after commit
1965c4364bdd ("ALSA: usb-audio: Disable autosuspend for Lenovo
ThinkStation P620"):
[6.013526] usbcore: registered new
From: Greg Kroah-Hartman
From: Rob Herring
commit 7bb8bc6eb550116c504fb25af8678b9d7ca2abc5 upstream.
Commit 0fdf1bb75953 ("arm64: perf: Avoid PMXEV* indirection") changed
armv8pmu_read_evcntr() to return a u32 instead of u64. The result is
silent truncation of the event counter when using
From: Greg Kroah-Hartman
From: Stefan Haberland
commit 7d365bd0bff3c0310c39ebaffc9a8458e036d666 upstream.
In case of an unbind of the DASD device driver the function
dasd_generic_remove() is called which shuts down the device.
Among others this functions removes the int_handler from the cdev.
From: Greg Kroah-Hartman
From: Takashi Iwai
commit eea46a0879bcca23e15071f9968c0f6e6596e470 upstream.
The per_pin->work might be still floating at the suspend, and this may
hit the access to the hardware at an unexpected timing. Cancel the
work properly at the suspend callback for avoiding
From: Greg Kroah-Hartman
From: John Ernberg
commit fc7c5c208eb7bc2df3a9f4234f14eca250001cb6 upstream.
The microphone in the Plantronics C320-M headset will randomly
fail to initialize properly, at least when using Microsoft Teams.
Introducing a 20ms delay on the control messages appears to
From: Greg Kroah-Hartman
From: Marc Zyngier
Commit 7d717558dd5ef10d28866750d5c24ff892ea3778 upstream.
KVM/arm64 has forever used a 40bit default IPA space, partially
due to its 32bit heritage (where the only choice is 40bit).
However, there are implementations in the wild that have a *cough*
From: Greg Kroah-Hartman
From: Aleksandr Miloserdov
[ Upstream commit 1c73e0c5e54d5f7d77f422a10b03ebe61eaed5ad ]
TCM doesn't properly handle underflow case for service actions. One way to
prevent it is to always complete command with
target_complete_cmd_with_length(), however it requires
From: Greg Kroah-Hartman
From: Jan Kara
commit 56887cffe946bb0a90c74429fa94d6110a73119d upstream.
Commit 384d87ef2c95 ("block: Do not discard buffers under a mounted
filesystem") made paths issuing discard or zeroout requests to the
underlying device try to grab block device in exclusive
From: Greg Kroah-Hartman
From: Shin'ichiro Kawasaki
commit e5113505904ea1c1c0e1f92c1cfa91fbf4da1694 upstream.
When zone reset ioctl and data read race for a same zone on zoned block
devices, the data read leaves stale page cache even though the zone
reset ioctl zero clears all the zone data
From: Greg Kroah-Hartman
From: Juergen Gross
commit 9e77d96b8e2724ed00380189f7b0ded61113b39f upstream.
When creating a new event channel with 2-level events the affinity
needs to be reset initially in order to avoid using an old affinity
from earlier usage of the event channel port. So when
From: Greg Kroah-Hartman
From: Andrey Konovalov
commit 86c83365ab76e4b43cedd3ce07a07d32a4dc79ba upstream.
When CONFIG_DEBUG_VIRTUAL is enabled, the default page_to_virt() macro
implementation from include/linux/mm.h is used. That definition doesn't
account for KASAN tags, which leads to no
From: Greg Kroah-Hartman
From: Keith Busch
commit ac262508daa88fb12c5dc53cf30bde163f9f26c9 upstream.
If a namespace identification does not match the subsystem's head for
that NSID, release the reference that was taken when the matching head
was initially found.
Signed-off-by: Keith Busch
From: Greg Kroah-Hartman
From: Eric W. Biederman
commit 3b0c2d3eaa83da259d7726192cf55a137769012f upstream.
It turns out that there are in fact userspace implementations that
care and this recent change caused a regression.
https://github.com/containers/buildah/issues/3071
As the motivation
From: Greg Kroah-Hartman
From: Marc Zyngier
Commit 01dc9262ff5797b675c32c0c6bc682777d23de05 upstream.
It recently became apparent that the ARMv8 architecture has interesting
rules regarding attributes being used when fetching instructions
if the MMU is off at Stage-1.
In this situation, the
From: Greg Kroah-Hartman
From: David Hildenbrand
[ Upstream commit e9a2e48e8704c9d20a625c6f2357147d03ea7b97 ]
No need to store the value for each and every memory block, as we can
easily query the value at runtime. Reshuffle the members to optimize the
memory layout. Also, let's clarify
From: Greg Kroah-Hartman
From: Lin Feng
[ Upstream commit 3b3376f222e3ab58367d9dd405cafd09d5e37b7c ]
Apart from subsystem specific .proc_handler handler, all ctl_tables with
extra1 and extra2 members set should use proc_dointvec_minmax instead of
proc_dointvec, or the limit set in extra*
From: Greg Kroah-Hartman
From: Beata Michalska
commit 606a5d4227e4610399c61086ac55c46068a90b03 upstream.
We are required to call dev_pm_opp_put() from outside of the
opp_table->lock as debugfs removal needs to happen lock-less to avoid
circular dependency issues.
commit cf1fac943c63 ("opp:
From: Greg Kroah-Hartman
From: Lior Ribak
commit e7850f4d844e0acfac7e570af611d89deade3146 upstream.
There is a deadlock in bm_register_write:
First, in the begining of the function, a lock is taken on the binfmt_misc
root inode with inode_lock(d_inode(root)).
Then, if the user used the
From: Greg Kroah-Hartman
From: Takashi Iwai
commit 06abcb18b3a021ba1a3f2020cbefb3ed04e59e72 upstream.
Other Plantronics headset models seem requiring the same workaround as
C320-M to add the 20ms delay for the control messages, too. Apply the
workaround generically for devices with the
From: Greg Kroah-Hartman
From: Heiko Carstens
[ Upstream commit 62c8dca9e194326802b43c60763f856d782b225c ]
Avoid a potentially large stack frame and overflow by making
"cpumask_t avail" a static variable. There is no concurrent
access due to the existing locking.
Signed-off-by: Heiko
From: Greg Kroah-Hartman
From: Marc Zyngier
commit 262b003d059c6671601a19057e9fe1a5e7f23722 upstream.
When registering a memslot, we check the size and location of that
memslot against the IPA size to ensure that we can provide guest
access to the whole of the memory.
Unfortunately, this
From: Greg Kroah-Hartman
From: Takashi Iwai
commit fec60c3bc5d1713db2727cdffc638d48f9c07dc3 upstream.
Dell AE515 sound bar (413c:a506) spews the error messages when the
driver tries to read the current sample frequency, hence it needs to
be on the list in snd_usb_get_sample_rate_quirk().
From: Greg Kroah-Hartman
From: Keith Busch
[ Upstream commit 387c72cdd7fb6bef650fb078d0f6ae9682abf631 ]
Overwriting the frozen detected status with the result of the link reset
loses the NEED_RESET result that drivers are depending on for error
handling to report the .slot_reset() callback.
From: Greg Kroah-Hartman
From: Geert Uytterhoeven
[ Upstream commit f6bda644fa3a7070621c3bf12cd657f69a42f170 ]
Kmemleak reports:
unreferenced object 0xc328de40 (size 64):
comm "kworker/1:1", pid 21, jiffies 4294938212 (age 1484.670s)
hex dump (first 32 bytes):
00 00 00 00 00
From: Greg Kroah-Hartman
From: Minchan Kim
commit 57e0076e6575a7b7cef620a0bd2ee2549ef77818 upstream.
writeback_store's return value is overwritten by submit_bio_wait's return
value. Thus, writeback_store will return zero since there was no IO
error. In the end, write syscall from userspace
From: Greg Kroah-Hartman
From: Josh Poimboeuf
commit e504e74cc3a2c092b05577ce3e8e013fae7d94e6 upstream.
KASAN reserves "redzone" areas between stack frames in order to detect
stack overruns. A read or write to such an area triggers a KASAN
"stack-out-of-bounds" BUG.
Normally, the ORC
From: Greg Kroah-Hartman
From: Lior Ribak
commit e7850f4d844e0acfac7e570af611d89deade3146 upstream.
There is a deadlock in bm_register_write:
First, in the begining of the function, a lock is taken on the binfmt_misc
root inode with inode_lock(d_inode(root)).
Then, if the user used the
From: Greg Kroah-Hartman
From: Takashi Iwai
commit 56b26497bb4b7ff970612dc25a8a008c34463f7b upstream.
The mute and mic-mute LEDs on HP ZBook Studio G5 are controlled via
GPIO bits 0x10 and 0x20, respectively, and we need the extra setup for
those.
As the similar code is already present for
From: Greg Kroah-Hartman
From: Theodore Ts'o
[ Upstream commit 027f14f5357279655c3ebc6d14daff8368d4f53f ]
If we try to make any changes via the journal between when the journal
is initialized, but before the multi-block allocated is initialized,
we will end up deferencing a NULL pointer when
From: Greg Kroah-Hartman
From: Takashi Iwai
commit eea46a0879bcca23e15071f9968c0f6e6596e470 upstream.
The per_pin->work might be still floating at the suspend, and this may
hit the access to the hardware at an unexpected timing. Cancel the
work properly at the suspend callback for avoiding
From: Greg Kroah-Hartman
From: Ian Abbott
commit 1c0f20b78781b9ca50dc3ecfd396d0db5b141890 upstream.
The analog input subdevice supports Comedi asynchronous commands that
use Comedi's 16-bit sample format. However, the call to
`comedi_buf_write_samples()` is passing the address of a 32-bit
From: Greg Kroah-Hartman
From: Shuah Khan
commit 9380afd6df70e24eacbdbde33afc6a3950965d22 upstream.
usbip_sockfd_store() is invoked when user requests attach (import)
detach (unimport) usb device from usbip host. vhci_hcd sends import
request and usbip_sockfd_store() exports the device if it
From: Greg Kroah-Hartman
From: Shuah Khan
commit 6801854be94fe8819b3894979875ea31482f5658 upstream.
Fix usbip_sockfd_store() to validate the passed in file descriptor is
a stream socket. If the file descriptor passed was a SOCK_DGRAM socket,
sock_recvmsg() can't detect end of stream.
Cc:
From: Greg Kroah-Hartman
From: Alexey Dobriyan
[ Upstream commit c995f12ad8842dbf5cfed113fb52cdd083f5afd1 ]
Doing a
prctl(PR_SET_MM, PR_SET_MM_AUXV, addr, 1);
will copy 1 byte from userspace to (quite big) on-stack array
and then stash everything to mm->saved_auxv.
AT_NULL
From: Greg Kroah-Hartman
From: Krzysztof WilczyĆski
[ Upstream commit 42814c438aac79746d310f413a27d5b0b959c5de ]
The for_each_available_child_of_node helper internally makes use of the
of_get_next_available_child() which performs an of_node_get() on each
iteration when searching for next
From: Greg Kroah-Hartman
From: Lee Gibson
commit 8687bf9ef9551bcf93897e33364d121667b1aadf upstream.
Function _rtl92e_wx_set_scan calls memcpy without checking the length.
A user could control that length and trigger a buffer overflow.
Fix by checking the length is within the maximum allowed
From: Greg Kroah-Hartman
From: Martin Kaiser
[ Upstream commit a93c00e5f975f23592895b7e83f35de2d36b7633 ]
Fix a race where a pending interrupt could be received and the handler
called before the handler's data has been setup, by converting to
irq_set_chained_handler_and_data().
See also
From: Greg Kroah-Hartman
From: Aleksandr Miloserdov
[ Upstream commit 1c73e0c5e54d5f7d77f422a10b03ebe61eaed5ad ]
TCM doesn't properly handle underflow case for service actions. One way to
prevent it is to always complete command with
target_complete_cmd_with_length(), however it requires
From: Greg Kroah-Hartman
From: Mike Christie
[ Upstream commit d28d48c699779973ab9a3bd0e5acfa112bd4fdef ]
If iscsi_prep_scsi_cmd_pdu() fails we try to add it back to the cmdqueue,
but we leave it partially setup. We don't have functions that can undo the
pdu and init task setup. We only have
From: Greg Kroah-Hartman
From: Naveen N. Rao
commit cea15316ceee2d4a51dfdecd79e08a438135416c upstream.
'lis r2,N' is 'addis r2,0,N' and the instruction encoding in the macro
LIS_R2 is incorrect (it currently maps to 'addis r0,r2,N'). Fix the
same.
Fixes: c71b7eff426f ("powerpc: Add ABIv2
From: Greg Kroah-Hartman
From: Matthew Wilcox (Oracle)
[ Upstream commit 149fc787353f65b7e72e05e7b75d34863266c3e2 ]
Fix a sparse warning by using rcu_dereference(). Technically this is a
bug and a sufficiently aggressive compiler could reload the `real_parent'
pointer outside the protection
From: Greg Kroah-Hartman
From: Arnd Bergmann
[ Upstream commit 38009c766725a9877ea8866fc813a5460011817f ]
The structleak plugin causes the stack frame size to grow immensely:
drivers/base/test/property-entry-test.c: In function 'pe_test_reference':
From: Greg Kroah-Hartman
From: Aleksandr Miloserdov
[ Upstream commit 14d24e2cc77411301e906a8cf41884739de192de ]
TCM buffer length doesn't necessarily equal 8 + ADDITIONAL LENGTH which
might be considered an underflow in case of Data-In size being greater than
8 + ADDITIONAL LENGTH. So
From: Greg Kroah-Hartman
From: John Ernberg
commit fc7c5c208eb7bc2df3a9f4234f14eca250001cb6 upstream.
The microphone in the Plantronics C320-M headset will randomly
fail to initialize properly, at least when using Microsoft Teams.
Introducing a 20ms delay on the control messages appears to
From: Greg Kroah-Hartman
From: Arnd Bergmann
[ Upstream commit cbf78d85079cee662c45749ef4f744d41be85d48 ]
With clang-13, some functions only get partially inlined, with a
specialized version referring to a global variable. This triggers a
harmless build-time check for the intel-rng driver:
From: Greg Kroah-Hartman
From: Alexey Dobriyan
[ Upstream commit c995f12ad8842dbf5cfed113fb52cdd083f5afd1 ]
Doing a
prctl(PR_SET_MM, PR_SET_MM_AUXV, addr, 1);
will copy 1 byte from userspace to (quite big) on-stack array
and then stash everything to mm->saved_auxv.
AT_NULL
From: Greg Kroah-Hartman
From: Khalid Aziz
[ Upstream commit 147d8622f2a26ef34beacc60e1ed8b66c2fa457f ]
When userspace calls mprotect() to enable ADI on an address range,
do_mprotect_pkey() calls arch_validate_prot() to validate new
protection flags. arch_validate_prot() for sparc looks at
From: Greg Kroah-Hartman
From: Ian Abbott
commit 459b1e8c8fe97fcba0bd1b623471713dce2c5eaf upstream.
The analog input subdevice supports Comedi asynchronous commands that
use Comedi's 16-bit sample format. However, the call to
`comedi_buf_write_samples()` is passing the address of a 32-bit
From: Greg Kroah-Hartman
From: Ard Biesheuvel
[ Upstream commit 7ba8f2b2d652cd8d8a2ab61f4be66973e70f9f88 ]
52-bit VA kernels can run on hardware that is only 48-bit capable, but
configure the ID map as 52-bit by default. This was not a problem until
recently, because the special T0SZ value
From: Greg Kroah-Hartman
From: Anna-Maria Behnsen
[ Upstream commit 46eb1701c046cc18c032fa68f3c8ccbf24483ee4 ]
hrtimer_force_reprogram() and hrtimer_interrupt() invokes
__hrtimer_get_next_event() to find the earliest expiry time of hrtimer
bases. __hrtimer_get_next_event() does not update
From: Greg Kroah-Hartman
From: Arnd Bergmann
[ Upstream commit cbf78d85079cee662c45749ef4f744d41be85d48 ]
With clang-13, some functions only get partially inlined, with a
specialized version referring to a global variable. This triggers a
harmless build-time check for the intel-rng driver:
From: Greg Kroah-Hartman
From: Theodore Ts'o
[ Upstream commit 027f14f5357279655c3ebc6d14daff8368d4f53f ]
If we try to make any changes via the journal between when the journal
is initialized, but before the multi-block allocated is initialized,
we will end up deferencing a NULL pointer when
From: Greg Kroah-Hartman
From: Ian Abbott
commit a084303a645896e834883f2c5170d044410dfdb3 upstream.
The analog input subdevice supports Comedi asynchronous commands that
use Comedi's 16-bit sample format. However, the call to
`comedi_buf_write_samples()` is passing the address of a 32-bit
From: Greg Kroah-Hartman
From: Daiyue Zhang
[ Upstream commit 14fbbc8297728e880070f7b077b3301a8c698ef9 ]
Commit b0841eefd969 ("configfs: provide exclusion between IO and removals")
uses ->frag_dead to mark the fragment state, thus no bothering with extra
refcount on config_item when opening a
From: Greg Kroah-Hartman
From: Ian Abbott
commit 459b1e8c8fe97fcba0bd1b623471713dce2c5eaf upstream.
The analog input subdevice supports Comedi asynchronous commands that
use Comedi's 16-bit sample format. However, the call to
`comedi_buf_write_samples()` is passing the address of a 32-bit
From: Greg Kroah-Hartman
From: David Hildenbrand
[ Upstream commit e9a2e48e8704c9d20a625c6f2357147d03ea7b97 ]
No need to store the value for each and every memory block, as we can
easily query the value at runtime. Reshuffle the members to optimize the
memory layout. Also, let's clarify
From: Greg Kroah-Hartman
From: Ondrej Mosnacek
[ Upstream commit 53cb245454df5b13d7063162afd7a785aed6ebf2 ]
An xattr 'get' handler is expected to return the length of the value on
success, yet _nfs4_get_security_label() (and consequently also
nfs4_xattr_get_nfs4_label(), which is used as an
From: Greg Kroah-Hartman
From: Daiyue Zhang
[ Upstream commit 14fbbc8297728e880070f7b077b3301a8c698ef9 ]
Commit b0841eefd969 ("configfs: provide exclusion between IO and removals")
uses ->frag_dead to mark the fragment state, thus no bothering with extra
refcount on config_item when opening a
From: Greg Kroah-Hartman
From: Andreas Larsson
[ Upstream commit bda166930c37604ffa93f2425426af6921ec575a ]
Commit cca079ef8ac29a7c02192d2bad2ffe4c0c5ffdd0 changed sparc32 to use
memblocks instead of bootmem, but also made high memory available via
memblock allocation which does not work
From: Greg Kroah-Hartman
From: Andrey Konovalov
[ Upstream commit e66e1799a76621003e5b04c9c057826a2152e103 ]
Since the hardware tag-based KASAN mode might not have a redzone that
comes after an allocated object (when kasan.mode=prod is enabled), the
kasan_bitops_tags() test ends up corrupting
From: Greg Kroah-Hartman
From: Alain Volmat
[ Upstream commit c64e7efe46b7de21937ef4b3594d9b1fc74f07df ]
We do not expect to receive spurious interrupts so rise a warning
if it happens.
RX overrun is an error condition that signals a corrupted RX
stream both in dma and in irq modes. Report
From: Greg Kroah-Hartman
From: Michael Ellerman
[ Upstream commit e3de1e291fa58a1ab0f471a4b458eff2514e4b5f ]
In commit bf13718bc57a ("powerpc: show registers when unwinding
interrupt frames") we changed our stack dumping logic to show the full
registers whenever we find an interrupt frame on
From: Greg Kroah-Hartman
From: Jia-Ju Bai
[ Upstream commit df66617bfe87487190a60783d26175b65d2502ce ]
When create_singlethread_workqueue returns NULL to card->event_wq, no
error return code of rsxx_pci_probe() is assigned.
To fix this bug, st is assigned with -ENOMEM in this case.
Fixes:
From: Greg Kroah-Hartman
From: Anshuman Khandual
[ Upstream commit eeb0753ba27b26f609e61f9950b14f1b934fe429 ]
pfn_valid() validates a pfn but basically it checks for a valid struct page
backing for that pfn. It should always return positive for memory ranges
backed with struct page mapping.
From: Greg Kroah-Hartman
From: Ondrej Mosnacek
[ Upstream commit 53cb245454df5b13d7063162afd7a785aed6ebf2 ]
An xattr 'get' handler is expected to return the length of the value on
success, yet _nfs4_get_security_label() (and consequently also
nfs4_xattr_get_nfs4_label(), which is used as an
From: Greg Kroah-Hartman
From: Sergey Shtylyov
[ Upstream commit 75be7fb7f978202c4c3a1a713af4485afb2ff5f6 ]
According to the RZ/A1H Group, RZ/A1M Group User's Manual: Hardware,
Rev. 4.00, the TRSCER register has bit 9 reserved, hence we can't use
the driver's default TRSCER mask. Add the
From: Greg Kroah-Hartman
From: Trond Myklebust
[ Upstream commit 82e7ca1334ab16e2e04fafded1cab9dfcdc11b40 ]
There should be no reason to expect the directory permissions to change
just because the directory contents changed or a negative lookup timed
out. So let's avoid doing a full call to
From: Greg Kroah-Hartman
From: Ian Abbott
commit a084303a645896e834883f2c5170d044410dfdb3 upstream.
The analog input subdevice supports Comedi asynchronous commands that
use Comedi's 16-bit sample format. However, the call to
`comedi_buf_write_samples()` is passing the address of a 32-bit
From: Greg Kroah-Hartman
From: AngeloGioacchino Del Regno
[ Upstream commit 785c02eb35009a4be6dbc68f4f7d916e90b7177d ]
In some rare occasions, we want to only set the RETAIN_MEM bit, but
not the RETAIN_PERIPH one: this is seen on at least SDM630/636/660's
GPU-GX GDSC, where unsetting and
From: Greg Kroah-Hartman
From: Trond Myklebust
[ Upstream commit 47397915ede0192235474b145ebcd81b37b03624 ]
The fact that the lookup revalidation failed, does not mean that the
inode contents have changed.
Fixes: 5ceb9d7fdaaf ("NFS: Refactor nfs_lookup_revalidate()")
Signed-off-by: Trond
From: Greg Kroah-Hartman
From: Ian Abbott
commit 54999c0d94b3c26625f896f8e3460bc029821578 upstream.
The analog input subdevice supports Comedi asynchronous commands that
use Comedi's 16-bit sample format. However, the call to
`comedi_buf_write_samples()` is passing the address of a 32-bit
From: Greg Kroah-Hartman
From: Jia-Ju Bai
[ Upstream commit df66617bfe87487190a60783d26175b65d2502ce ]
When create_singlethread_workqueue returns NULL to card->event_wq, no
error return code of rsxx_pci_probe() is assigned.
To fix this bug, st is assigned with -ENOMEM in this case.
Fixes:
From: Greg Kroah-Hartman
From: Athira Rajeev
[ Upstream commit d137845c973147a22622cc76c7b0bc16f6206323 ]
While sampling for marked events, currently we record the sample only
if the SIAR valid bit of Sampled Instruction Event Register (SIER) is
set. SIAR_VALID bit is used for fetching the
From: Greg Kroah-Hartman
From: Heiko Carstens
[ Upstream commit 62c8dca9e194326802b43c60763f856d782b225c ]
Avoid a potentially large stack frame and overflow by making
"cpumask_t avail" a static variable. There is no concurrent
access due to the existing locking.
Signed-off-by: Heiko
From: Greg Kroah-Hartman
From: Benjamin Coddington
[ Upstream commit f0940f4b3284a00f38a5d42e6067c2aaa20e1f2e ]
We could recurse into NFS doing memory reclaim while sending a sync task,
which might result in a deadlock. Set memalloc_nofs_save for sync task
execution.
Fixes: a1231fda7e94
From: Greg Kroah-Hartman
From: Juergen Gross
commit 9e77d96b8e2724ed00380189f7b0ded61113b39f upstream.
When creating a new event channel with 2-level events the affinity
needs to be reset initially in order to avoid using an old affinity
from earlier usage of the event channel port. So when
From: Greg Kroah-Hartman
From: Ian Abbott
commit b39dfcced399d31e7c4b7341693b18e01c8f655e upstream.
The analog input subdevice supports Comedi asynchronous commands that
use Comedi's 16-bit sample format. However, the calls to
`comedi_buf_write_samples()` are passing the address of a 32-bit
From: Greg Kroah-Hartman
From: Ian Abbott
commit 1c0f20b78781b9ca50dc3ecfd396d0db5b141890 upstream.
The analog input subdevice supports Comedi asynchronous commands that
use Comedi's 16-bit sample format. However, the call to
`comedi_buf_write_samples()` is passing the address of a 32-bit
From: Greg Kroah-Hartman
From: Geert Uytterhoeven
[ Upstream commit f6bda644fa3a7070621c3bf12cd657f69a42f170 ]
Kmemleak reports:
unreferenced object 0xc328de40 (size 64):
comm "kworker/1:1", pid 21, jiffies 4294938212 (age 1484.670s)
hex dump (first 32 bytes):
00 00 00 00 00
From: Greg Kroah-Hartman
From: Sergey Shtylyov
[ Upstream commit 75be7fb7f978202c4c3a1a713af4485afb2ff5f6 ]
According to the RZ/A1H Group, RZ/A1M Group User's Manual: Hardware,
Rev. 4.00, the TRSCER register has bit 9 reserved, hence we can't use
the driver's default TRSCER mask. Add the
From: Greg Kroah-Hartman
From: Keita Suzuki
[ Upstream commit 58cab46c622d6324e47bd1c533693c94498e4172 ]
Struct i40e_veb is allocated in function i40e_setup_pf_switch, and
stored to an array field veb inside struct i40e_pf. However when
i40e_setup_misc_vector fails, this memory leaks.
Fix
From: Greg Kroah-Hartman
From: Nicholas Piggin
[ Upstream commit 11cb0a25f71818ca7ab4856548ecfd83c169aa4d ]
If an unrecoverable system reset hits in process context, the system
does not have to panic. Similar to machine check, call nmi_exit()
before die().
Signed-off-by: Nicholas Piggin
From: Greg Kroah-Hartman
From: Navid Emamdoost
commit ab612b1daf415b62c58e130cb3d0f30b255a14d0 upstream.
In adis_update_scan_mode, if allocation for adis->buffer fails,
previously allocated adis->xfer needs to be released.
Signed-off-by: Navid Emamdoost
Reviewed-by: Alexandru Ardelean
From: Greg Kroah-Hartman
From: Boyang Yu
commit 62456189f3292c62f87aef363f204886dc1d4b48 upstream.
max6658 may report unrealistically high temperature during
the driver initialization, for which, its overtemp alarm pin
also gets asserted. For certain devices implementing overtemp
protection
From: Greg Kroah-Hartman
From: Ian Abbott
commit b2e78630f733a76508b53ba680528ca39c890e82 upstream.
The analog input subdevice supports Comedi asynchronous commands that
use Comedi's 16-bit sample format. However, the calls to
`comedi_buf_write_samples()` are passing the address of a 32-bit
From: Greg Kroah-Hartman
From: Nicholas Piggin
[ Upstream commit 11cb0a25f71818ca7ab4856548ecfd83c169aa4d ]
If an unrecoverable system reset hits in process context, the system
does not have to panic. Similar to machine check, call nmi_exit()
before die().
Signed-off-by: Nicholas Piggin
From: Greg Kroah-Hartman
[ Upstream commit 9b82f13e7ef316cdc0a8858f1349f4defce3f9e0 ]
Right now if SUBLEVEL becomes larger than 255 it will overflow into the
territory of PATCHLEVEL, causing havoc in userspace that tests for
specific kernel version.
While userspace code tests for MAJOR and
From: Greg Kroah-Hartman
From: Lee Gibson
commit b93c1e3981af19527beee1c10a2bef67a228c48c upstream.
Function r8712_sitesurvey_cmd calls memcpy without checking the length.
A user could control that length and trigger a buffer overflow.
Fix by checking the length is within the maximum allowed
From: Greg Kroah-Hartman
From: Vladimir Oltean
[ Upstream commit 3222b5b613db558e9a494bbf53f3c984d90f71ea ]
Michael reports that since linux-next-20210211, the AER messages for ECC
errors have started reappearing, and this time they can be reliably
reproduced with the first ping on one of his
From: Greg Kroah-Hartman
From: Lubomir Rintel
[ Upstream commit cec551ea0d41c679ed11d758e1a386e20285b29d ]
Reset ec_priv if probe ends unsuccessfully.
Signed-off-by: Lubomir Rintel
Link: https://lore.kernel.org/r/20210126073740.10232-2-lkund...@v3.sk
Reviewed-by: Hans de Goede
From: Greg Kroah-Hartman
From: Kun-Chuan Hsieh
commit 41462c6e730ca0e63f5fed5a517052385d980c54 upstream.
Older libelf.h and glibc elf.h might not yet define the ELF compression
types.
Checking and defining SHF_COMPRESSED fix the build error when compiling
with older toolchains. Also, the
From: Greg Kroah-Hartman
From: Joe Lawrence
commit 9c8e2f6d3d361439cc6744a094f1c15681b55269 upstream.
When building with -ffunction-sections, the compiler will place each
function into its own ELF section, prefixed with ".text". For example,
a simple test module with functions
From: Greg Kroah-Hartman
From: Kevin(Yudong) Yang
commit 00ff801bb8ce6711e919af4530b6ffa14a22390a upstream.
This patch fixes a bug that the moderation config will not be
applied when calling mlx4_en_reset_config. For example, when
turning on rx timestamping, mlx4_en_reset_config() will be
From: Greg Kroah-Hartman
From: Paulo Alcantara
commit 14302ee3301b3a77b331cc14efb95bf7184c73cc upstream.
In cifs_statfs(), if server->ops->queryfs is not NULL, then we should
use its return value rather than always returning 0. Instead, use rc
variable as it is properly set to 0 in case
From: Greg Kroah-Hartman
From: Joakim Zhang
commit a3e860a83397bf761ec1128a3f0ba186445992c6 upstream.
If clear GMAC_CONFIG_TE bit, it would stop all tx channels, but users
may only want to stop specific tx channel.
Fixes: 48863ce5940f ("stmmac: add DMA support for GMAC 4.xx")
Signed-off-by:
From: Greg Kroah-Hartman
From: Ian Abbott
commit b39dfcced399d31e7c4b7341693b18e01c8f655e upstream.
The analog input subdevice supports Comedi asynchronous commands that
use Comedi's 16-bit sample format. However, the calls to
`comedi_buf_write_samples()` are passing the address of a 32-bit
From: Greg Kroah-Hartman
From: Danielle Ratson
commit edcbf5137f093b5502f5f6b97cce3cbadbde27aa upstream.
When mirroring to a gretap in hardware the device expects to be
programmed with the egress port and all the encapsulating headers. This
requires the driver to resolve the path the packet
From: Greg Kroah-Hartman
From: Antonio Terceiro
commit dacfc08dcafa7d443ab339592999e37bbb8a3ef0 upstream.
This was introduced by commit e4ffd066ff440a57 ("perf: Normalize gcc
parameter when generating arch errno table").
Assuming the first word of $(CC) is the actual compiler breaks usage
301 - 400 of 1788 matches
Mail list logo