From: Dexuan Cui
commit a0033bd1eae4650b69be07c17cb87393da584563 upstream.
With CONFIG_DEBUG_PREEMPT=y, the put_cpu_ptr() triggers an underflow
warning in preempt_count_sub().
Fixes: 37cdd991fac8 ("vmbus: put related per-cpu variable together")
Cc: sta...@vger.kernel.org
Cc: Stephen Hemminger
[ Upstream commit 1712fb1a2f6829150032ac76eb0e39b82a549cfb ]
amdgpu_bo_restore_shadow would assign zero to r if succeeded.
r would remain zero if there is only one node in shadow_list.
current code would always return failure when r <= 0.
restart the timeout for each wait was a rather problematic
[ Upstream commit d6ba3f815bc5f3c4249d15c8bc5fbb012651b4a4 ]
Fix wrong setting on number of channels. The context wants to set
constraint to 2 channels instead of 4.
Signed-off-by: Tzung-Bi Shih
Acked-by: Pierre-Louis Bossart
Signed-off-by: Mark Brown
Signed-off-by: Sasha Levin
---
[ Upstream commit 2663147dc7465cb29040a05cc4286fdd839978b5 ]
New pt_regs should indicate that there's no syscall, not that there's
syscall #0. While at it wrap macro body in do/while and parenthesize
macro arguments.
Signed-off-by: Max Filippov
Signed-off-by: Sasha Levin
---
[ Upstream commit d7262457e35dbe239659e62654e56f8ddb814bed ]
Stephane reported that the TFA MSR is not initialized by the kernel,
but the TFA bit could set by firmware or as a leftover from a kexec,
which makes the state inconsistent.
Reported-by: Stephane Eranian
Tested-by: Nelson DSouza
On 5/9/19 11:47 AM, Josh Poimboeuf wrote:
> On Thu, May 09, 2019 at 01:45:31PM -0500, Josh Poimboeuf wrote:
>> On Thu, May 09, 2019 at 02:29:02PM -0400, Steven Rostedt wrote:
>>> On Thu, 9 May 2019 09:51:59 -0700
>>> Linus Torvalds wrote:
>>>
On Thu, May 9, 2019 at 6:01 AM Steven Rostedt
[ Upstream commit 844a4a362dbec166b44d6b9b3dd45b08cb273703 ]
The driver has two issues when machine add prefix name for codec.
(1)The stream name of DAI can't find the AIF widgets.
(2)The drivr can enable/disalbe the MICBIAS and SAR widgets.
The patch will fix these issues caused by prefixed
From: Alexander Shishkin
commit e60e9a4b231a20a199d7a61caadc48693c30d695 upstream.
This adds support for Intel TH on Comet Lake.
Signed-off-by: Alexander Shishkin
Cc: stable
Signed-off-by: Greg Kroah-Hartman
---
drivers/hwtracing/intel_th/pci.c |5 +
1 file changed, 5
From: Dan Carpenter
commit 476c7e1d34f2a03b1aa5a924c50703053fe5f77c upstream.
The problem here is that addr can be I3C_BROADCAST_ADDR (126). That
means we're shifting by (126 * 2) % 64 which is 60. The
I3C_ADDR_SLOT_STATUS_MASK is an enum which is an unsigned int in GCC
so shifts greater than
From: Hans de Goede
commit c8afd03486c26accdda4846e5561aa3f8e862a9d upstream.
Commit 48402cee6889 ("ACPI / LPSS: Resume BYT/CHT I2C controllers from
resume_noirq") makes acpi_lpss_{suspend_late,resume_early}() bail early
on BYT/CHT as resume_from_noirq is set.
This means that on resume from
From: Thinh Nguyen
commit 8d791929b2fbdf7734c1596d808e55cb457f4562 upstream.
The max possible value for DCTL.LPM_NYET_THRES is 15 and not 255. Change
the default value to 15.
Cc: sta...@vger.kernel.org
Fixes: 80caf7d21adc ("usb: dwc3: add lpm erratum support")
Signed-off-by: Thinh Nguyen
[ Upstream commit 27fad74a5a77fe2e1f876db7bf27efcf2ec304b2 ]
If CONFIG_CRYPTO is not set or set to m,
gcc building warn this:
lib/iov_iter.o: In function `hash_and_copy_to_iter':
iov_iter.c:(.text+0x9129): undefined reference to `crypto_stats_get'
iov_iter.c:(.text+0x9152): undefined reference
From: Young Xiao
commit a1616a5ac99ede5d605047a9012481ce7ff18b16 upstream.
Struct ca is copied from userspace. It is not checked whether the "name"
field is NULL terminated, which allows local users to obtain potentially
sensitive information from kernel stack memory, via a HIDPCONNADD command.
From: YueHaibing
commit f87db4dbd52f2f8a170a2b51cb0926221ca7c9e2 upstream.
gcc warn this:
drivers/net/ethernet/stmicro/stmmac/norm_desc.c: In function ndesc_init_rx_desc:
drivers/net/ethernet/stmicro/stmmac/norm_desc.c:138:6: warning: variable
'bfsize1' set but not used
[ Upstream commit c63adb28f6d913310430f14c69f0a2ea55eed0cc ]
The common pins were mistakenly not added to the DAPM graph.
Adding these pins will allow valid graphs to be created.
Signed-off-by: Annaliese McDermond
Signed-off-by: Mark Brown
Signed-off-by: Sasha Levin
---
[ Upstream commit 2d85978341e6a32e7443d9f28639da254d53f400 ]
We don't want to overwrite "ret", it already holds the correct error
code. The "regmap" variable might be a valid pointer as this point.
Fixes: 8f83f26891e1 ("drm/mediatek: Add HDMI support")
Signed-off-by: Dan Carpenter
This is the start of the stable review cycle for the 4.19.42 release.
There are 66 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Sat 11 May 2019 06:11:18 PM UTC.
Anything
On Thu, May 09, 2019 at 01:45:31PM -0500, Josh Poimboeuf wrote:
> On Thu, May 09, 2019 at 02:29:02PM -0400, Steven Rostedt wrote:
> > On Thu, 9 May 2019 09:51:59 -0700
> > Linus Torvalds wrote:
> >
> > > On Thu, May 9, 2019 at 6:01 AM Steven Rostedt wrote:
> > > >
> > > > This patch works. Can
[ Upstream commit 4772e03d239484f3461e33c79d721c8ea03f7416 ]
Due to the incorrect use of the seg and obj information, the position of
the mtt is calculated incorrectly, and the free space of the page is not
enough to store the entire mtt, resulting in access to the next page. This
patch fixes
[ Upstream commit 5c2442fd78998af60e13aba506d103f7f43f8701 ]
If scsi cmd sglist is not suitable for DDP then csiostor driver uses
preallocated buffers for DDP, because of this data copy is required from
DDP buffer to scsi cmd sglist before calling ->scsi_done().
Signed-off-by: Varun Prakash
[ Upstream commit ea7a5c706fa49273cf6d1d9def053ecb50db2076 ]
Make sure to free the DSR on pvrdma_pci_remove() to avoid the memory leak.
Fixes: 29c8d9eba550 ("IB: Add vmw_pvrdma driver")
Signed-off-by: Kamal Heib
Acked-by: Adit Ranadive
Signed-off-by: Jason Gunthorpe
Signed-off-by: Sasha Levin
From: Young Xiao
commit a1616a5ac99ede5d605047a9012481ce7ff18b16 upstream.
Struct ca is copied from userspace. It is not checked whether the "name"
field is NULL terminated, which allows local users to obtain potentially
sensitive information from kernel stack memory, via a HIDPCONNADD command.
On Thu, 2019-05-09 at 10:38 -0700, Guenter Roeck wrote:
> On Thu, May 09, 2019 at 03:08:16PM +0100, Ben Hutchings wrote:
> > This is the start of the stable review cycle for the 3.16.67 release.
> > There are 10 patches in this series, which will be posted as responses
> > to this one. If anyone
[ Upstream commit e7ad88553aa1d48e950ca9a4934d246c1bee4be4 ]
Picasso is a new raven variant.
Reviewed-by: Kent Russell
Signed-off-by: Alex Deucher
Signed-off-by: Sasha Levin
---
drivers/gpu/drm/amd/amdkfd/kfd_device.c | 1 +
1 file changed, 1 insertion(+)
diff --git
[ Upstream commit ea7a5c706fa49273cf6d1d9def053ecb50db2076 ]
Make sure to free the DSR on pvrdma_pci_remove() to avoid the memory leak.
Fixes: 29c8d9eba550 ("IB: Add vmw_pvrdma driver")
Signed-off-by: Kamal Heib
Acked-by: Adit Ranadive
Signed-off-by: Jason Gunthorpe
Signed-off-by: Sasha Levin
[ Upstream commit 5c2442fd78998af60e13aba506d103f7f43f8701 ]
If scsi cmd sglist is not suitable for DDP then csiostor driver uses
preallocated buffers for DDP, because of this data copy is required from
DDP buffer to scsi cmd sglist before calling ->scsi_done().
Signed-off-by: Varun Prakash
[ Upstream commit bf348f9b78d413e75bb079462751a1d86b6de36c ]
When tag_set->nr_maps is 1, the block layer limits the number of hw queues
by nr_cpu_ids. No matter how many hw queues are used by virtio-blk, as it
has (tag_set->nr_maps == 1), it can use at most nr_cpu_ids hw queues.
In addition,
[ Upstream commit d7a181da2dfa3190487c446042ba01e07d851c74 ]
snd_hdac_display_power() doesn't handle the concurrent calls carefully
enough, and it may lead to the doubly get_power or put_power calls,
when a runtime PM and an async work get called in racy way.
This patch addresses it by reusing
[ Upstream commit 67f471b6ed3b09033c4ac77ea03f92afdb1989fe ]
This patch fixes a long-standing bug that initialized the FC-NVME
cmnd iu CSN value to 1. Early FC-NVME specs had the connection starting
with CSN=1. By the time the spec reached approval, the language had
changed to state a connection
[ Upstream commit c63adb28f6d913310430f14c69f0a2ea55eed0cc ]
The common pins were mistakenly not added to the DAPM graph.
Adding these pins will allow valid graphs to be created.
Signed-off-by: Annaliese McDermond
Signed-off-by: Mark Brown
Signed-off-by: Sasha Levin
---
From: Will Deacon
commit 03110a5cb2161690ae5ac04994d47ed0cd6cef75 upstream.
Our futex implementation makes use of LDXR/STXR loops to perform atomic
updates to user memory from atomic context. This can lead to latency
problems if we end up spinning around the LL/SC sequence at the expense
of
> >
> >>> Otherwise I think we should use a "no-op" suspend, just leaving the
> >>> power management to the device, or a simple setting the device to the
> >>> deepest power state for everything else, where everything else is
> >>> suspend, or suspend to idle.
> >>
> >> I am not sure I get your
[ Upstream commit d808b7f759b50acf0784ce6230ffa63e12ef465d ]
The nvme target hadn't been taking the Get Log Page offset parameter
into consideration, and so has been returning corrupted log pages when
offsets are used. Since many tools, including nvme-cli, split the log
request to 4k, we've been
From: Bjorn Andersson
commit 447ccb4e0834a9f9f0dd5643e421c7f1a1649e6a upstream.
The of_device_id table needs to be registered as module alias in order
for automatic module loading to pick the kernel module based on the
DeviceTree compatible. So add MODULE_DEVICE_TABLE() to make this happen.
From: Alan Stern
commit 747668dbc061b3e62bc1982767a3a1f9815fcf0e upstream.
The USB subsystem has always had an unusual requirement for its
scatter-gather transfers: Each element in the scatterlist (except the
last one) must have a length divisible by the bulk maxpacket size.
This is a
From: Johan Hovold
commit 764478f41130f1b8d8057575b89e69980a0f600d upstream.
Fix two long-standing bugs which could potentially lead to memory
corruption or leave the port throttled until it is reopened (on weakly
ordered systems), respectively, when read-URB completion races with
unthrottle().
From: Alexander Shishkin
commit e60e9a4b231a20a199d7a61caadc48693c30d695 upstream.
This adds support for Intel TH on Comet Lake.
Signed-off-by: Alexander Shishkin
Cc: stable
Signed-off-by: Greg Kroah-Hartman
---
drivers/hwtracing/intel_th/pci.c |5 +
1 file changed, 5
On Thu, May 09, 2019 at 11:48:43AM -0700, Randy Dunlap wrote:
> On 5/9/19 11:47 AM, Josh Poimboeuf wrote:
> > On Thu, May 09, 2019 at 01:45:31PM -0500, Josh Poimboeuf wrote:
> >> On Thu, May 09, 2019 at 02:29:02PM -0400, Steven Rostedt wrote:
> >>> On Thu, 9 May 2019 09:51:59 -0700
> >>> Linus
From: Andrew Vasquez
commit 5cbdae10bf11f96e30b4d14de7b08c8b490e903c upstream.
Commit e6f77540c067 ("scsi: qla2xxx: Fix an integer overflow in sysfs
code") incorrectly set 'optrom_region_size' to 'start+size', which can
overflow option-rom boundaries when 'start' is non-zero. Continue setting
From: Silvio Cesare
commit e7f7b6f38a44697428f5a2e7c606de028df2b0e3 upstream.
Change snprintf to scnprintf. There are generally two cases where using
snprintf causes problems.
1) Uses of size += snprintf(buf, SIZE - size, fmt, ...)
In this case, if snprintf would have written more characters
From: Christian Gromm
commit 98592c1faca82a9024a64e4ecead68b19f81c299 upstream.
This patch fixes the usage of the wrong struct device when calling
function snd_card_new.
Reported-by: Eugeniu Rosca
Signed-off-by: Christian Gromm
Fixes: 69c90cf1b2fa ("staging: most: sound: call snd_card_new
From: Johan Hovold
commit 47830c1127ef166af787caf2f871f23089610a7f upstream.
Since moving the message buffers off the stack, the dynamically
allocated get-prop-descriptor request buffer is incorrectly sized due to
using the pointer rather than request-struct size when creating the
operation.
From: Young Xiao
commit a1616a5ac99ede5d605047a9012481ce7ff18b16 upstream.
Struct ca is copied from userspace. It is not checked whether the "name"
field is NULL terminated, which allows local users to obtain potentially
sensitive information from kernel stack memory, via a HIDPCONNADD command.
From: Suresh Udipi
commit af708900e9a48c0aa46070c8a8cdf0608a1d2025 upstream.
It looks like v4.18-rc1 commit [0] which upstreams mld-1.8.0
commit [1] missed to fix the memory leak in mod_exit function.
Do it now.
[0] aba258b7310167 ("staging: most: cdev: fix chrdev_region leak")
[1]
From: Marc Gonzalez
commit 77a4946516fe488b6a33390de6d749f934a243ba upstream.
Keep EXTCON support optional, as some platforms do not need it.
Do the same for USB_DWC3_OMAP while we're at it.
Fixes: 3def4031b3e3f ("usb: dwc3: add EXTCON dependency for qcom")
Signed-off-by: Marc Gonzalez
Cc:
From: Luiz Augusto von Dentz
commit ba8f5289f706aed94cc95b15cc5b89e22062f61f upstream.
l2cap_le_flowctl_init was reseting the tx_credits which works only for
outgoing connection since that set the tx_credits on the response, for
incoming connections that was not the case which leaves the
Hello,
On Thu, May 9, 2019 at 11:48 AM Greg Kroah-Hartman
wrote:
>
> [ Upstream commit 2663147dc7465cb29040a05cc4286fdd839978b5 ]
>
> New pt_regs should indicate that there's no syscall, not that there's
> syscall #0. While at it wrap macro body in do/while and parenthesize
> macro arguments.
>
From: Thinh Nguyen
commit 8d791929b2fbdf7734c1596d808e55cb457f4562 upstream.
The max possible value for DCTL.LPM_NYET_THRES is 15 and not 255. Change
the default value to 15.
Cc: sta...@vger.kernel.org
Fixes: 80caf7d21adc ("usb: dwc3: add lpm erratum support")
Signed-off-by: Thinh Nguyen
From: Oliver Neukum
commit 3ae62a42090f1ed48e2313ed256a1182a85fb575 upstream.
This is the UAS version of
747668dbc061b3e62bc1982767a3a1f9815fcf0e
usb-storage: Set virt_boundary_mask to avoid SG overflows
We are not as likely to be vulnerable as storage, as it is unlikelier
that UAS is run
From: Dan Carpenter
commit 476c7e1d34f2a03b1aa5a924c50703053fe5f77c upstream.
The problem here is that addr can be I3C_BROADCAST_ADDR (126). That
means we're shifting by (126 * 2) % 64 which is 60. The
I3C_ADDR_SLOT_STATUS_MASK is an enum which is an unsigned int in GCC
so shifts greater than
From: Will Deacon
commit 6b4f4bc9cb22875f97023984a625386f0c7cc1c0 upstream.
Some futex() operations, including FUTEX_WAKE_OP, require the kernel to
perform an atomic read-modify-write of the futex word via the userspace
mapping. These operations are implemented by each architecture in
From: Ji-Ze Hong (Peter Hong)
commit 804dbee1e49774918339c1e5a87400988c0819e8 upstream.
The F81232 will use interrupt worker to handle MSR change.
This patch will fix the issue that interrupt work should stop
in close() and suspend().
This also fixes line-status events being disabled after a
From: Chen-Yu Tsai
commit 62611abc8f37d00e3b0cff0eb2d72fa92b05fd27 upstream.
The code path for Macs goes through bcm_apple_get_resources(), which
skips over the code that sets up the regulator supplies. As a result,
the call to regulator_bulk_enable() / regulator_bulk_disable() results
in a
From: Will Deacon
commit 03110a5cb2161690ae5ac04994d47ed0cd6cef75 upstream.
Our futex implementation makes use of LDXR/STXR loops to perform atomic
updates to user memory from atomic context. This can lead to latency
problems if we end up spinning around the LL/SC sequence at the expense
of
This is the start of the stable review cycle for the 5.1.1 release.
There are 30 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Sat 11 May 2019 06:11:35 PM UTC.
Anything
From: Ross Zwisler
commit 0efa3334d65b7f421ba12382dfa58f6ff5bf83c4 upstream.
Currently in sst_dsp_new() if we get an error return from sst_dma_new()
we just print an error message and then still complete the function
successfully. This means that we are trying to run without sst->dma
properly
From: Andrey Ryabinin
commit f0996bc2978e02d2ea898101462b960f6119b18f upstream.
Building lib/ubsan.c with gcc-9 results in a ton of nasty warnings like
this one:
lib/ubsan.c warning: conflicting types for built-in function
‘__ubsan_handle_negate_overflow’; expected ‘void(void *,
From: Samuel Holland
commit a84014e1db35d8e7af09878d0b4bf30804fb17d5 upstream.
When enabling ARCH_SUNXI from allnoconfig, SUNXI_SRAM is enabled, but
not REGMAP_MMIO, so the kernel fails to link with an undefined reference
to __devm_regmap_init_mmio_clk. Select REGMAP_MMIO, as suggested in
From: Giridhar Malavali
commit ffc81fc07efc94a04695a8c1d458a06aecaf9f30 upstream.
This patch sets remote_port_devloss value to 0. This indicates to FC-NVMe
transport that driver is unloading and transport should not retry.
Fixes: e476fe8af5ff ("scsi: qla2xxx: Fix unload when NVMe devices are
From: Marcel Holtmann
commit d5bb334a8e171b262e48f378bd2096c0ea458265 upstream.
The minimum encryption key size for LE connections is 56 bits and to
align LE with BR/EDR, enforce 56 bits of minimum encryption key size for
BR/EDR connections as well.
Signed-off-by: Marcel Holtmann
From: Tetsuo Handa
commit ae26aa844679cdf660e12c7055f958cb90889eb6 upstream.
Since wilc_set_multicast_list() is called with dev->addr_list_lock
spinlock held, we can't use GFP_KERNEL memory allocation.
Signed-off-by: Tetsuo Handa
Fixes: e624c58cf8eb ("staging: wilc1000: refactor code to avoid
From: Quinn Tran
commit 2137490f2147a8d0799b72b9a1023efb012d40c7 upstream.
This patch fixes issue reported by some of the customers, who discovered
that after cable pull scenario the devices disappear and path seems to
remain in blocked state. Once the device reappears, driver does not seem to
From: Ji-Ze Hong (Peter Hong)
commit 804dbee1e49774918339c1e5a87400988c0819e8 upstream.
The F81232 will use interrupt worker to handle MSR change.
This patch will fix the issue that interrupt work should stop
in close() and suspend().
This also fixes line-status events being disabled after a
[ Upstream commit 1d54ad944074010609562da5c89e4f5df2f4e5db ]
Thomas-Mich Richter reported he triggered a WARN()ing from
event_function_local()
on his s390. The problem boils down to:
CPU-A CPU-B
perf_event_overflow()
From: Prasad Sodagudi
commit 59c39840f5abf4a71e1810a8da71aaccd6c17d26 upstream.
When irq_set_affinity_notifier() replaces the notifier, then the
reference count on the old notifier is dropped which causes it to be
freed. But nothing ensures that the old notifier is not longer queued
in the work
From: Thinh Nguyen
commit 8d791929b2fbdf7734c1596d808e55cb457f4562 upstream.
The max possible value for DCTL.LPM_NYET_THRES is 15 and not 255. Change
the default value to 15.
Cc: sta...@vger.kernel.org
Fixes: 80caf7d21adc ("usb: dwc3: add lpm erratum support")
Signed-off-by: Thinh Nguyen
From: Gregory CLEMENT
commit 8db82563451f976597ab7b282ec655e4390a4088 upstream.
The frequency calculation was based on the current(max) frequency of the
CPU. However for low frequency, the value used was already the parent
frequency divided by a factor of 2.
Instead of using this frequency,
[ Upstream commit 59c39840f5abf4a71e1810a8da71aaccd6c17d26 ]
When irq_set_affinity_notifier() replaces the notifier, then the
reference count on the old notifier is dropped which causes it to be
freed. But nothing ensures that the old notifier is not longer queued
in the work list. If it is
From: Dexuan Cui
commit a0033bd1eae4650b69be07c17cb87393da584563 upstream.
With CONFIG_DEBUG_PREEMPT=y, the put_cpu_ptr() triggers an underflow
warning in preempt_count_sub().
Fixes: 37cdd991fac8 ("vmbus: put related per-cpu variable together")
Cc: sta...@vger.kernel.org
Cc: Stephen Hemminger
From: Johan Hovold
commit 764478f41130f1b8d8057575b89e69980a0f600d upstream.
Fix two long-standing bugs which could potentially lead to memory
corruption or leave the port throttled until it is reopened (on weakly
ordered systems), respectively, when read-URB completion races with
unthrottle().
From: Hans de Goede
commit c8afd03486c26accdda4846e5561aa3f8e862a9d upstream.
Commit 48402cee6889 ("ACPI / LPSS: Resume BYT/CHT I2C controllers from
resume_noirq") makes acpi_lpss_{suspend_late,resume_early}() bail early
on BYT/CHT as resume_from_noirq is set.
This means that on resume from
From: Oliver Neukum
commit 3ae62a42090f1ed48e2313ed256a1182a85fb575 upstream.
This is the UAS version of
747668dbc061b3e62bc1982767a3a1f9815fcf0e
usb-storage: Set virt_boundary_mask to avoid SG overflows
We are not as likely to be vulnerable as storage, as it is unlikelier
that UAS is run
From: Ross Zwisler
commit 0efa3334d65b7f421ba12382dfa58f6ff5bf83c4 upstream.
Currently in sst_dsp_new() if we get an error return from sst_dma_new()
we just print an error message and then still complete the function
successfully. This means that we are trying to run without sst->dma
properly
From: Will Deacon
commit 6b4f4bc9cb22875f97023984a625386f0c7cc1c0 upstream.
Some futex() operations, including FUTEX_WAKE_OP, require the kernel to
perform an atomic read-modify-write of the futex word via the userspace
mapping. These operations are implemented by each architecture in
[ Upstream commit 0769663b4f580566ef6cdf366f3073dbe8022c39 ]
According to the NFSv4.2 spec if the input and output file is the
same file, operation should fail with EINVAL. However, linux
copy_file_range() system call has no such restrictions. Therefore,
in such case let's return EOPNOTSUPP and
From: Samuel Holland
commit a84014e1db35d8e7af09878d0b4bf30804fb17d5 upstream.
When enabling ARCH_SUNXI from allnoconfig, SUNXI_SRAM is enabled, but
not REGMAP_MMIO, so the kernel fails to link with an undefined reference
to __devm_regmap_init_mmio_clk. Select REGMAP_MMIO, as suggested in
From: Young Xiao
commit a1616a5ac99ede5d605047a9012481ce7ff18b16 upstream.
Struct ca is copied from userspace. It is not checked whether the "name"
field is NULL terminated, which allows local users to obtain potentially
sensitive information from kernel stack memory, via a HIDPCONNADD command.
From: Gregory CLEMENT
commit 8db82563451f976597ab7b282ec655e4390a4088 upstream.
The frequency calculation was based on the current(max) frequency of the
CPU. However for low frequency, the value used was already the parent
frequency divided by a factor of 2.
Instead of using this frequency,
From: Andrew Vasquez
commit 5cbdae10bf11f96e30b4d14de7b08c8b490e903c upstream.
Commit e6f77540c067 ("scsi: qla2xxx: Fix an integer overflow in sysfs
code") incorrectly set 'optrom_region_size' to 'start+size', which can
overflow option-rom boundaries when 'start' is non-zero. Continue setting
From: Bjorn Andersson
commit 447ccb4e0834a9f9f0dd5643e421c7f1a1649e6a upstream.
The of_device_id table needs to be registered as module alias in order
for automatic module loading to pick the kernel module based on the
DeviceTree compatible. So add MODULE_DEVICE_TABLE() to make this happen.
[ Upstream commit d7262457e35dbe239659e62654e56f8ddb814bed ]
Stephane reported that the TFA MSR is not initialized by the kernel,
but the TFA bit could set by firmware or as a leftover from a kexec,
which makes the state inconsistent.
Reported-by: Stephane Eranian
Tested-by: Nelson DSouza
[ Upstream commit 2d85978341e6a32e7443d9f28639da254d53f400 ]
We don't want to overwrite "ret", it already holds the correct error
code. The "regmap" variable might be a valid pointer as this point.
Fixes: 8f83f26891e1 ("drm/mediatek: Add HDMI support")
Signed-off-by: Dan Carpenter
[ Upstream commit b995dcca7cf12f208cfd95fd9d5768dca7cccec7 ]
It's used by probe and that isn't an init function. Drop this so that we
don't get a section mismatch.
Reported-by: kbuild test robot
Cc: David Müller
Cc: Hans de Goede
Cc: Andy Shevchenko
Fixes: 7c2e07130090 ("clk: x86: Add system
[ Upstream commit eb3afb75b57c28599af0dfa03a99579d410749e9 ]
nvme_cancel_request() is used in error handler, and it is always
reliable to cancel request synchronously, and avoids possible race
in which request may be completed after real hw queue is destroyed.
One issue is reported by our
[ Upstream commit be24b37e22c20cbaa891971616784dd0f35211e8 ]
Fixes the warning reported by Clang:
security/keys/trusted.c:146:17: warning: passing an object that
undergoes default
argument promotion to 'va_start' has undefined behavior [-Wvarargs]
va_start(argp, h3);
[ Upstream commit 4772e03d239484f3461e33c79d721c8ea03f7416 ]
Due to the incorrect use of the seg and obj information, the position of
the mtt is calculated incorrectly, and the free space of the page is not
enough to store the entire mtt, resulting in access to the next page. This
patch fixes
[ Upstream commit 9ee76098a1b8ae21cccac641b735ee4d3a77bccf ]
This is the third step to make MT2701 HDMI stable.
We should not change the rate of parent for hdmi phy when
doing round_rate for this clock. The parent clock of hdmi
phy must be the same as it. We change it when doing set_rate
only.
[ Upstream commit 1b8f21b74c3c9c82fce5a751d7aefb7cc0b8d33d ]
In NVMe's error handler, follows the typical steps of tearing down
hardware for recovering controller:
1) stop blk_mq hw queues
2) stop the real hw queues
3) cancel in-flight requests via
blk_mq_tagset_busy_iter(tags,
[ Upstream commit e37c2deafe7058cf7989c4c47bbf1140cc867d89 ]
When master clock is used, master clock rate is set exclusively.
Parent clocks of master clock cannot be changed after a call to
clk_set_rate_exclusive(). So the parent clock of SAI kernel clock
must be set before.
Ensure also that
[ Upstream commit c85064435fe7a216ec0f0238ef2b8f7cd850a450 ]
This is because set_fmt ops maybe called when PD is off,
and in such case, regmap_ops will lead system hang.
enale PD before doing regmap_ops.
Signed-off-by: Sugar Zhang
Signed-off-by: Mark Brown
Signed-off-by: Sasha Levin
---
[ Upstream commit 4fa5ecda2bf96be7464eb406df8aba9d89260227 ]
This fixes the following warning seen on GCC 7.3:
arch/x86/kernel/dumpstack.o: warning: objtool: oops_end() falls through to
next function show_regs()
Reported-by: kbuild test robot
Signed-off-by: Josh Poimboeuf
Signed-off-by:
From: Suresh Udipi
commit af708900e9a48c0aa46070c8a8cdf0608a1d2025 upstream.
It looks like v4.18-rc1 commit [0] which upstreams mld-1.8.0
commit [1] missed to fix the memory leak in mod_exit function.
Do it now.
[0] aba258b7310167 ("staging: most: cdev: fix chrdev_region leak")
[1]
[ Upstream commit a8639a79e85c18c16c10089edd589c7948f19bbd ]
When an old ack_queue entry is used to store an incoming request, it may
need to clean up the old entry if it is still referencing the
MR. Originally only RDMA READ request needed to reference MR on the
responder side and therefore the
[ Upstream commit 6a8aae68c87349dbbcd46eac380bc43cdb98a13b ]
If the msix_affinity_masks is alloced failed, then we'll
try to free some resources in vp_free_vectors() that may
access it directly.
We met the following stack in our production:
[ 29.296767] BUG: unable to handle kernel NULL
[ Upstream commit fcf88917dd435c6a4cb2830cb086ee58605a1d85 ]
The commit 510ded33e075 ("slab: implement slab_root_caches list")
changes the name of the list node within "struct kmem_cache" from "list"
to "root_caches_node", but leaks_show() still use the "list" which
causes a crash when reading
From: Johan Hovold
commit 47830c1127ef166af787caf2f871f23089610a7f upstream.
Since moving the message buffers off the stack, the dynamically
allocated get-prop-descriptor request buffer is incorrectly sized due to
using the pointer rather than request-struct size when creating the
operation.
This is the start of the stable review cycle for the 5.0.15 release.
There are 95 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Sat 11 May 2019 06:11:22 PM UTC.
Anything
[ Upstream commit d4162c61e253177936fcfe6c29f7b224d9a1efb8 ]
On XGMI configuration the ib test may take longer to finish
Signed-off-by: shaoyunl
Reviewed-by: Christian König
Signed-off-by: Alex Deucher
Signed-off-by: Sasha Levin
---
drivers/gpu/drm/amd/amdgpu/amdgpu_ib.c | 3 +++
1 file
[ Upstream commit c1cefe115d1cdc460014483319d440b2f0d07c68 ]
[Why]
the member sdr_white_level of struct dc_cursor_attributes was not
initialized, then the random value result that
dcn10_set_cursor_sdr_white_level() set error hw_scale value 0x20D9(normal
value is 0x3c00), this cause the black
[ Upstream commit 2663147dc7465cb29040a05cc4286fdd839978b5 ]
New pt_regs should indicate that there's no syscall, not that there's
syscall #0. While at it wrap macro body in do/while and parenthesize
macro arguments.
Signed-off-by: Max Filippov
Signed-off-by: Sasha Levin
---
301 - 400 of 991 matches
Mail list logo