Hi Richard,
> -Original Message-
> From: Richard Cochran
> Sent: Wednesday, September 18, 2019 11:43 AM
> To: Jianyong Wu (Arm Technology China)
> Cc: net...@vger.kernel.org; pbonz...@redhat.com;
> sean.j.christopher...@intel.com; m...@kernel.org; Mark Rutland
> ; Will Deacon ; Suzuki
>
* Randy Dunlap wrote:
> On 9/17/19 6:38 AM, Patrick Bellasi wrote:
> >
> > On Tue, Sep 17, 2019 at 08:52:42 +0100, Ingo Molnar wrote...
> >
> >> * Randy Dunlap wrote:
> >>
> >>> On 9/16/19 3:38 PM, Mark Brown wrote:
> Hi all,
>
> Changes since 20190915:
>
> >>>
> >>> on
Quoting Peng Fan (2019-09-08 20:39:34)
> From: Peng Fan
>
> According to PLL1443XA and PLL1416X spec,
> "When BYPASS is 0 and RESETB is changed from 0 to 1, FOUT starts to
> output unstable clock until lock time passes. PLL1416X/PLL1443XA may
> generate a glitch at FOUT."
>
> So set BYPASS when
Quoting Peng Fan (2019-09-08 20:39:39)
> From: Peng Fan
>
> When registering the PLL, unbypass the PLL.
> The PLL has two bypass control bit, BYPASS and EXT_BYPASS.
> we will expose EXT_BYPASS to clk driver for mux usage, and keep
> BYPASS inside pll14xx usage. The PLL has a restriction that
>
Quoting Peng Fan (2019-09-08 20:39:50)
> From: Peng Fan
>
> pll BYPASS bit should be kept inside pll driver for glitchless freq
> setting following spec. If exposing the bit, that means pll driver and
> clk driver has two paths to touch this bit, which is wrong.
>
> So use EXT_BYPASS bit here.
Quoting Peng Fan (2019-09-08 20:39:44)
> From: Peng Fan
>
> pll BYPASS bit should be kept inside pll driver for glitchless freq
> setting following spec. If exposing the bit, that means pll driver and
> clk driver has two paths to touch this bit, which is wrong.
>
> So use EXT_BYPASS bit here.
On Tue, Sep 17, 2019 at 05:44:32PM +0300, Dan Carpenter wrote:
> On Tue, Sep 17, 2019 at 08:01:31PM +0530, Aliasgar Surti wrote:
> > From: Aliasgar Surti
> >
> > coccicheck reported warning for unneeded variable used.
> >
> > This patch removes the unneeded variables.
> >
> > Signed-off-by:
A: http://en.wikipedia.org/wiki/Top_post
Q: Were do I find info about this thing called top-posting?
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?
A: No.
Q: Should I
On Tue, Sep 17, 2019 at 06:03:53PM -0700, Gregory Nowak wrote:
> On Tue, Sep 17, 2019 at 10:01:18AM +0200, Greg Kroah-Hartman wrote:
> > On Mon, Sep 16, 2019 at 03:38:48PM -0700, Gregory Nowak wrote:
> > > On Mon, Sep 16, 2019 at 04:11:00PM +0200, Greg Kroah-Hartman wrote:
> > > > On Mon, Sep 16,
From: Xin Long
[ Upstream commit 10eb56c582c557c629271f1ee31e15e7a9b2558b ]
Transport should use its own pf_retrans to do the error_count
check, instead of asoc's. Otherwise, it's meaningless to make
pf_retrans per transport.
Fixes: 5aa93bcf66f4 ("sctp: Implement quick failover draft from
From: Greg Kroah-Hartman
This reverts commit c85acbf72786a5901a2170b2145761ed7cf06429 which is
commit e4849aff1e169b86c561738daf8ff020e9de1011 upstream
Guenter writes:
Upstream commit e4849aff1e16 ("MIPS: SiByte: Enable swiotlb for SWARM,
LittleSur and BigSur") results in build
From: Yang Yingliang
[ Upstream commit 77f22f92dff8e7b45c7786a430626d38071d4670 ]
I got a UAF repport in tun driver when doing fuzzy test:
[ 466.269490]
==
[ 466.271792] BUG: KASAN: use-after-free in
All Zhaoxin newer CPUs support CMCI that compatible with Intel's
"Machine-Check Architecture", so add support for Zhaoxin CMCI in
mce/core.c and mce/intel.c.
Signed-off-by: Tony W Wang-oc
---
arch/x86/kernel/cpu/mce/core.c | 25 +
arch/x86/kernel/cpu/mce/intel.c | 5
Zhaoxin newer CPUs support MCE, CMCI and LMCE that compatible with
Intel's "Machine-Check Architecture".
To enable the supports of Linux kernel to Zhaoxin's MCA, add
specific patches for Zhaoxin's MCE, CMCI and LMCE. patches about
Zhaoxin's CMCI, LMCE use 3 functions in mce/intel.c, so make these
From: "Bjørn Mork"
[ Upstream commit 4d7ffcf3bf1be98d876c570cab8fc31d9fa92725 ]
A Mediatek based smartphone owner reports problems with USB
tethering in Linux. The verbose USB listing shows a rndis_host
interface pair (e0/01/03 + 10/00/00), but the driver fails to
bind with
[ 355.960428] usb
From: Nicolas Dichtel
[ Upstream commit 94a72b3f024fc7e9ab640897a1e38583a470659d ]
NLM_F_MULTI must be used only when a NLMSG_DONE message is sent at the end.
In fact, NLMSG_DONE is sent only at the end of a dump.
Libraries like libnl will wait forever for NLMSG_DONE.
Fixes: 949f1e39a617
From: Hans de Goede
commit 61f7f7c8f978b1c0d80e43c83b7d110ca0496eb4 upstream.
Another day; another DSDT bug we need to workaround...
Since commit ca876c7483b6 ("gpiolib-acpi: make sure we trigger edge events
at least once on boot") we call _AEI edge handlers at boot.
In some rare cases this
From: Neal Cardwell
[ Upstream commit af38d07ed391b21f7405fa1f936ca9686787d6d2 ]
Fix tcp_ecn_withdraw_cwr() to clear the correct bit:
TCP_ECN_QUEUE_CWR.
Rationale: basically, TCP_ECN_DEMAND_CWR is a bit that is purely about
the behavior of data receivers, and deciding whether to reflect
All Zhaoxin newer CPUs support MCE that compatible with Intel's
"Machine-Check Architecture", so add support for Zhaoxin MCE in
mce/core.c.
Signed-off-by: Tony W Wang-oc
---
arch/x86/kernel/cpu/mce/core.c | 38 --
1 file changed, 28 insertions(+), 10
From: Kent Gibson
commit e95fbc130a162ba9ad956311b95aa0da269eea48 upstream.
linehandle_create should not allow both GPIOHANDLE_REQUEST_INPUT
and GPIOHANDLE_REQUEST_OUTPUT to be set.
Fixes: d7c51b47ac11 ("gpio: userspace ABI for reading/writing GPIO lines")
Cc: stable
Signed-off-by: Kent
From: Johannes Thumshirn
commit aa53e3bfac7205fb3a8815ac1c937fd6ed01b41e upstream.
Nikolay reported the following KASAN splat when running btrfs/048:
[ 1843.470920]
==
[ 1843.471971] BUG: KASAN: slab-out-of-bounds in
Zhaoxin newer CPUs support LMCE that compatible with Intel's
"Machine-Check Architecture", so add support for Zhaoxin LMCE
in mce/core.c.
Signed-off-by: Tony W Wang-oc
---
arch/x86/kernel/cpu/mce/core.c | 20 ++--
1 file changed, 18 insertions(+), 2 deletions(-)
diff --git
These functions are declared static and cannot be used in others
.c source file. this commit removes the static attribute and adds
the declaration to the header for these functions.
Signed-off-by: Tony W Wang-oc
---
arch/x86/kernel/cpu/mce/intel.c| 6 +++---
From: Yunfeng Ye
commit eddf3e9c7c7e4d0707c68d1bb22cc6ec8aef7d4a upstream.
The following crash was observed:
Unable to handle kernel NULL pointer dereference at 0158
Internal error: Oops: 9604 [#1] SMP
pc : resend_irqs+0x68/0xb0
lr : resend_irqs+0x64/0xb0
...
Call
From: Filipe Manana
commit 410f954cb1d1c79ae485dd83a175f21954fd87cd upstream.
Sometimes when fsync'ing a file we need to log that other inodes exist and
when we need to do that we acquire a reference on the inodes and then drop
that reference using iput() after logging them.
That generally is
From: Paolo Bonzini
commit f7eea636c3d505fe6f1d1066234f1aaf7171b681 upstream.
The implementation of vmread to memory is still incomplete, as it
lacks the ability to do vmread to I/O memory just like vmptrst.
Cc: sta...@vger.kernel.org
Signed-off-by: Paolo Bonzini
Signed-off-by: Greg
From: Subash Abhinov Kasiviswanathan
[ Upstream commit 10cc514f451a0f239aa34f91bc9dc954a9397840 ]
In event of failure during register_netdevice, free_netdev is
invoked immediately. free_netdev assumes that all the netdevice
refcounts have been dropped prior to it being called and as a
result
From: Paul Burton
commit 0648e50e548d881d025b9419a1a168753c8e2bf7 upstream.
The MIPS VDSO build currently doesn't provide the -msoft-float flag to
the compiler as the kernel proper does. This results in an attempt to
use the compiler's default floating point configuration, which can be
From: Neil Armstrong
commit 54415f9eeae834960226770963e2947e17eb upstream.
Add missing XBGR & ABGR formats variants from the primary plane.
Fixes: bbbe775ec5b5 ("drm: Add support for Amlogic Meson Graphic Controller")
Signed-off-by: Neil Armstrong
Reviewed-by: Kevin Hilman
Link:
From: Christophe Leroy
commit ee483d32ee1a1a7f7d7e918fbc350c790a5af64a upstream.
When data size is not a multiple of the alg's block size,
the SEC generates an error interrupt and dumps the registers.
And for NULL size, the SEC does just nothing and the interrupt
is awaited forever.
This patch
From: Xiaolei Li
commit 336d4b138be2dad372b67a2388e42805c48aaa38 upstream.
One main goal of the function mtk_nfc_update_ecc_stats is to check
whether sectors are all empty. If they are empty, set these sectors's
data buffer and OOB buffer as 0xff.
But now, the sector OOB buffer pointer is
From: Alex Williamson
commit 2d2f4273cbe9058d1f5a518e5e880d27d7b3b30f upstream.
Commit 0e7df22401a3 ("PCI: Add sysfs sriov_drivers_autoprobe to control
VF driver binding") introduced the sriov_drivers_autoprobe attribute
which allows users to prevent the kernel from automatically probing a
From: Cong Wang
[ Upstream commit d4d6ec6dac07f263f06d847d6f732d6855522845 ]
In case of TCA_HHF_NON_HH_WEIGHT or TCA_HHF_QUANTUM is zero,
it would make no progress inside the loop in hhf_dequeue() thus
kernel would get stuck.
Fix this by checking this corner case in hhf_change().
Fixes:
From: Richard Weinberger
commit bacfa94b08027b9f66ede7044972e3b066766b3e upstream.
Commit c877154d307f fixed an uninitialized variable and optimized
the function to not call tnc_next() in the first iteration of the
loop. While this seemed perfectly legit and wise, it turned out to
be illegal.
From: Christophe Leroy
commit 1ba34e71e9e56ac29a52e0d42b6290f3dc5bfd90 upstream.
Although the HW accepts any size and silently truncates
it to the correct length, the extra tests expects EINVAL
to be returned when the key size is not valid.
Signed-off-by: Christophe Leroy
Fixes: 4de9d0b547b9
This is the start of the stable review cycle for the 4.14.145 release.
There are 45 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Fri 20 Sep 2019 06:09:47 AM UTC.
Anything
From: Christophe Leroy
commit 4bbfb839259a9c96a0be872e16f7471b7136aee5 upstream.
In that mode, hardware ICV verification is not supported.
Signed-off-by: Christophe Leroy
Fixes: 7405c8d7ff97 ("crypto: talitos - templates for AEAD using
HMAC_SNOOP_NO_AFEU")
Signed-off-by: Herbert Xu
From: Christophe Leroy
commit b9a05b6041cb9810a291315569b2af0d63c3680a upstream.
CTR has a blocksize of 1.
Signed-off-by: Christophe Leroy
Fixes: 5e75ae1b3cef ("crypto: talitos - add new crypto modes")
Signed-off-by: Herbert Xu
Signed-off-by: Greg Kroah-Hartman
---
From: Christophe Leroy
commit 7ede4c36cf7c6516986ee9d75b197c8bf73ea96f upstream.
For decrypt, req->cryptlen includes the size of the authentication
part while all functions of the driver expect cryptlen to be
the size of the encrypted data.
As it is not expected to change req->cryptlen, this
From: Christophe Leroy
commit d84cc9c9524ec5973a337533e6d8ccd3e5f05f2b upstream.
ECB's ivsize must be 0.
Signed-off-by: Christophe Leroy
Fixes: 5e75ae1b3cef ("crypto: talitos - add new crypto modes")
Signed-off-by: Herbert Xu
Signed-off-by: Greg Kroah-Hartman
---
drivers/crypto/talitos.c
From: "Bjørn Mork"
[ Upstream commit 4d7ffcf3bf1be98d876c570cab8fc31d9fa92725 ]
A Mediatek based smartphone owner reports problems with USB
tethering in Linux. The verbose USB listing shows a rndis_host
interface pair (e0/01/03 + 10/00/00), but the driver fails to
bind with
[ 355.960428] usb
From: Jean Delvare
commit e70d8b287301eb6d7c7761c6171c56af62110ea3 upstream.
The compatibility "eeprom" attribute is currently root-only no
matter what the configuration says. The "nvmem" attribute does
respect the setting of the root_only configuration bit, so do the
same for "eeprom".
From: Cong Wang
[ Upstream commit d4d6ec6dac07f263f06d847d6f732d6855522845 ]
In case of TCA_HHF_NON_HH_WEIGHT or TCA_HHF_QUANTUM is zero,
it would make no progress inside the loop in hhf_dequeue() thus
kernel would get stuck.
Fix this by checking this corner case in hhf_change().
Fixes:
From: Xin Long
[ Upstream commit 42dec1dbe38239cf91cc1f4df7830c66276ced37 ]
Unlike kfree(p), kfree_rcu(p, rcu) won't do NULL pointer check. When
tipc_nametbl_remove_publ returns NULL, the panic below happens:
BUG: unable to handle kernel NULL pointer dereference at 0068
RIP:
From: Nicolas Dichtel
[ Upstream commit 94a72b3f024fc7e9ab640897a1e38583a470659d ]
NLM_F_MULTI must be used only when a NLMSG_DONE message is sent at the end.
In fact, NLMSG_DONE is sent only at the end of a dump.
Libraries like libnl will wait forever for NLMSG_DONE.
Fixes: 949f1e39a617
From: Yang Yingliang
[ Upstream commit 77f22f92dff8e7b45c7786a430626d38071d4670 ]
I got a UAF repport in tun driver when doing fuzzy test:
[ 466.269490]
==
[ 466.271792] BUG: KASAN: use-after-free in
From: Hans de Goede
commit 61f7f7c8f978b1c0d80e43c83b7d110ca0496eb4 upstream.
Another day; another DSDT bug we need to workaround...
Since commit ca876c7483b6 ("gpiolib-acpi: make sure we trigger edge events
at least once on boot") we call _AEI edge handlers at boot.
In some rare cases this
From: Christophe JAILLET
[ Upstream commit b456d72412ca8797234449c25815e82f4e1426c0 ]
The '.exit' functions from 'pernet_operations' structure should be marked
as __net_exit, not __net_init.
Fixes: 8e2d61e0aed2 ("sctp: fix race on protocol/netns initialization")
Signed-off-by: Christophe
From: Kent Gibson
commit e95fbc130a162ba9ad956311b95aa0da269eea48 upstream.
linehandle_create should not allow both GPIOHANDLE_REQUEST_INPUT
and GPIOHANDLE_REQUEST_OUTPUT to be set.
Fixes: d7c51b47ac11 ("gpio: userspace ABI for reading/writing GPIO lines")
Cc: stable
Signed-off-by: Kent
From: Xin Long
[ Upstream commit 10eb56c582c557c629271f1ee31e15e7a9b2558b ]
Transport should use its own pf_retrans to do the error_count
check, instead of asoc's. Otherwise, it's meaningless to make
pf_retrans per transport.
Fixes: 5aa93bcf66f4 ("sctp: Implement quick failover draft from
From: Alexander Duyck
commit 377228accbbb8b9738f615d791aa803f41c067e0 upstream.
There were a couple cases where the ITR value generated via the adaptive
ITR scheme could exceed 126. This resulted in the value becoming either 0
or something less than 10. Switching back and forth between a value
From: Suraj Jitindar Singh
commit 6fbcdd59094ade30db63f32316e9502425d7b256 upstream.
Commit ddf35cf3764b ("powerpc: Use barrier_nospec in copy_from_user()")
Added barrier_nospec before loading from user-controlled pointers. The
intention was to order the load from the potentially
From: Steffen Klassert
[ Upstream commit f39b683d35dfa93a58f1b400a8ec0ff81296b37c ]
The ixgbe driver currently does IPsec TX offloading
based on an existing secpath. However, the secpath
can also come from the RX side, in this case it is
misinterpreted for TX offload and the packets are
dropped
From: Shmulik Ladkani
[ Upstream commit 3dcbdb134f329842a38f0e6797191b885ab00a00 ]
Historically, support for frag_list packets entering skb_segment() was
limited to frag_list members terminating on exact same gso_size
boundaries. This is verified with a BUG_ON since commit 89319d3801d1
("net:
From: Thomas Huth
commit 53936b5bf35e140ae27e4bbf0447a61063f400da upstream.
When the userspace program runs the KVM_S390_INTERRUPT ioctl to inject
an interrupt, we convert them from the legacy struct kvm_s390_interrupt
to the new struct kvm_s390_irq via the s390int_to_s390irq() function.
From: Eric Biggers
[ Upstream commit fe163e534e5eecdfd7b5920b0dfd24c458ee85d6 ]
syzbot reported:
BUG: KMSAN: uninit-value in capi_write+0x791/0xa90
drivers/isdn/capi/capi.c:700
CPU: 0 PID: 10025 Comm: syz-executor379 Not tainted 4.20.0-rc7+ #2
Hardware name: Google Google Compute
From: Nishka Dasgupta
commit 165d42c012be69900f0e2f8545626cb9e7d4a832 upstream.
Each iteration of for_each_child_of_node puts the previous
node, but in the case of a goto from the middle of the loop, there is
no put, thus causing a memory leak. Hence add an of_node_put before the
goto in two
From: Eric Dumazet
[ Upstream commit b88dd52c62bb5c5d58f0963287f41fd084352c57 ]
Whenever MQ is not used on a multiqueue device, we experience
serious reordering problems. Bisection found the cited
commit.
The issue can be described this way :
- A single qdisc hierarchy is shared by all
From: Igor Mammedov
commit 13a17cc0526f08d1df9507f7484176371cd263a0 upstream.
If userspace doesn't set KVM_MEM_LOG_DIRTY_PAGES on memslot before calling
kvm_s390_vm_start_migration(), kernel will oops with:
Unable to handle kernel pointer dereference in virtual kernel address space
Failing
From: Paolo Bonzini
commit f7eea636c3d505fe6f1d1066234f1aaf7171b681 upstream.
The implementation of vmread to memory is still incomplete, as it
lacks the ability to do vmread to I/O memory just like vmptrst.
Cc: sta...@vger.kernel.org
Signed-off-by: Paolo Bonzini
Signed-off-by: Greg
From: Fuqian Huang
commit 541ab2aeb28251bf7135c7961f3a6080eebcc705 upstream.
Emulation of VMPTRST can incorrectly inject a page fault
when passed an operand that points to an MMIO address.
The page fault will use uninitialized kernel stack memory
as the CR2 and error code.
The right behavior
From: Christophe JAILLET
[ Upstream commit d23dbc479a8e813db4161a695d67da0e36557846 ]
The '.exit' functions from 'pernet_operations' structure should be marked
as __net_exit, not __net_init.
Fixes: d862e5461423 ("net: ipv6: Implement /proc/net/icmp6.")
Signed-off-by: Christophe JAILLET
From: Stefan Chulski
[ Upstream commit 63b2ed4e10b2e6c913e1d8cdd728e7fba4115a3d ]
Regarding to IEEE 802.3-2015 standard section 2
28B.3 Priority resolution - Table 28-3 - Pause resolution
In case of Local device Pause=1 AsymDir=0, Link partner
Pause=1 AsymDir=1, Local device resolution should
From: Neil Armstrong
commit 54415f9eeae834960226770963e2947e17eb upstream.
Add missing XBGR & ABGR formats variants from the primary plane.
Fixes: bbbe775ec5b5 ("drm: Add support for Amlogic Meson Graphic Controller")
Signed-off-by: Neil Armstrong
Reviewed-by: Kevin Hilman
Link:
From: Alex Williamson
commit 2d2f4273cbe9058d1f5a518e5e880d27d7b3b30f upstream.
Commit 0e7df22401a3 ("PCI: Add sysfs sriov_drivers_autoprobe to control
VF driver binding") introduced the sriov_drivers_autoprobe attribute
which allows users to prevent the kernel from automatically probing a
From: Linus Torvalds
commit 42e0e95474fc6076b5cd68cab8fa0340a1797a72 upstream.
One of the very few warnings I have in the current build comes from
arch/x86/boot/edd.c, where I get the following with a gcc9 build:
arch/x86/boot/edd.c: In function ‘query_edd’:
arch/x86/boot/edd.c:148:11:
From: Hui Peng
commit 8b51dc7291473093c821195c4b6af85fadedbc2f upstream.
`dev` (struct rsi_91x_usbdev *) field of adapter
(struct rsi_91x_usbdev *) is allocated and initialized in
`rsi_init_usb_interface`. If any error is detected in information
read from the device side,
From: Muchun Song
commit ac43432cb1f5c2950408534987e57c2071e24d8f upstream.
There is a race condition between removing glue directory and adding a new
device under the glue dir. It can be reproduced in following test:
CPU1: CPU2:
device_add()
From: Douglas Anderson
commit 6943b839721ad4a31ad2bacf6e71b21f2dfe3134 upstream.
At boot time, my rk3288-veyron devices yell with 8 lines that look
like this:
[0.00] rockchip_mmc_get_phase: invalid clk rate
This is because the clock framework at clk_register() time tries to
get the
From: Xiaolei Li
commit 336d4b138be2dad372b67a2388e42805c48aaa38 upstream.
One main goal of the function mtk_nfc_update_ecc_stats is to check
whether sectors are all empty. If they are empty, set these sectors's
data buffer and OOB buffer as 0xff.
But now, the sector OOB buffer pointer is
From: Kent Gibson
commit 5ca2f54b597c816df54ff1b28eb99cf7262b955d upstream.
lineevent_create should not allow any of GPIOHANDLE_REQUEST_OUTPUT,
GPIOHANDLE_REQUEST_OPEN_DRAIN or GPIOHANDLE_REQUEST_OPEN_SOURCE to be set.
Fixes: d7c51b47ac11 ("gpio: userspace ABI for reading/writing GPIO lines")
From: Yang Yingliang
commit 93651f80dcb616b8c9115cdafc8e57a781af22d0 upstream.
If CONFIG_ARCH_HAS_STRICT_MODULE_RWX is not defined,
we need stub for module_enable_nx() and module_enable_x().
If CONFIG_ARCH_HAS_STRICT_MODULE_RWX is defined, but
CONFIG_STRICT_MODULE_RWX is disabled, we need stub
From: Yang Yingliang
commit 2eef1399a866c57687962e15142b141a4f8e7862 upstream.
When loading a module with rodata=n, it causes an executing
NX-protected page BUG.
[ 32.379191] kernel tried to execute NX-protected page - exploit attempt?
(uid: 0)
[ 32.382917] BUG: unable to handle page
From: Steve Wahl
commit e16c2983fba0fa6763e43ad10916be35e3d8dc05 upstream.
The last change to this Makefile caused relocation errors when loading
a kdump kernel. Restore -mcmodel=large (not -mcmodel=kernel),
-ffreestanding, and -fno-zero-initialized-bsss, without reverting to
the former
From: Christophe Leroy
commit 1ba34e71e9e56ac29a52e0d42b6290f3dc5bfd90 upstream.
Although the HW accepts any size and silently truncates
it to the correct length, the extra tests expects EINVAL
to be returned when the key size is not valid.
Signed-off-by: Christophe Leroy
Fixes: 4de9d0b547b9
On Tue, 17 Sep 2019, Paul E. McKenney wrote:
On Tue, Sep 17, 2019 at 12:16:14AM -0700, Davidlohr Bueso wrote:
On Mon, 16 Sep 2019, Sebastian Andrzej Siewior wrote:
> From: Wolfgang M. Reimer
>
> Including rwlock.h directly will cause kernel builds to fail
> if CONFIG_PREEMPT_RT is defined.
From: Xin Long
[ Upstream commit 42dec1dbe38239cf91cc1f4df7830c66276ced37 ]
Unlike kfree(p), kfree_rcu(p, rcu) won't do NULL pointer check. When
tipc_nametbl_remove_publ returns NULL, the panic below happens:
BUG: unable to handle kernel NULL pointer dereference at 0068
RIP:
From: Yang Yingliang
[ Upstream commit 77f22f92dff8e7b45c7786a430626d38071d4670 ]
I got a UAF repport in tun driver when doing fuzzy test:
[ 466.269490]
==
[ 466.271792] BUG: KASAN: use-after-free in
From: Xin Long
[ Upstream commit 10eb56c582c557c629271f1ee31e15e7a9b2558b ]
Transport should use its own pf_retrans to do the error_count
check, instead of asoc's. Otherwise, it's meaningless to make
pf_retrans per transport.
Fixes: 5aa93bcf66f4 ("sctp: Implement quick failover draft from
From: Nicolas Dichtel
[ Upstream commit 94a72b3f024fc7e9ab640897a1e38583a470659d ]
NLM_F_MULTI must be used only when a NLMSG_DONE message is sent at the end.
In fact, NLMSG_DONE is sent only at the end of a dump.
Libraries like libnl will wait forever for NLMSG_DONE.
Fixes: 949f1e39a617
From: Christophe JAILLET
[ Upstream commit b456d72412ca8797234449c25815e82f4e1426c0 ]
The '.exit' functions from 'pernet_operations' structure should be marked
as __net_exit, not __net_init.
Fixes: 8e2d61e0aed2 ("sctp: fix race on protocol/netns initialization")
Signed-off-by: Christophe
From: "Bjørn Mork"
[ Upstream commit 4d7ffcf3bf1be98d876c570cab8fc31d9fa92725 ]
A Mediatek based smartphone owner reports problems with USB
tethering in Linux. The verbose USB listing shows a rndis_host
interface pair (e0/01/03 + 10/00/00), but the driver fails to
bind with
[ 355.960428] usb
From: "Maciej Żenczykowski"
[ Upstream commit 8652f17c658d03f5c87b8dee6e8e52480c6cd37d ]
Fixes a stupid bug I recently introduced...
ip6_route_info_create() returns an ERR_PTR(err) and not a NULL on error.
Fixes: d55a2e374a94 ("net-ipv6: fix excessive RTF_ADDRCONF flag on ::1/128
local route
From: Daniel Drake
commit 49baa01c8b99ef92958e18fb58ebeb5dfdcde8af upstream.
This reverts commit 414126f9e5abf1973c661d24229543a9458fa8ce.
This commit broke eMMC storage access on a new consumer MiniPC based on
AMD SoC, which has eMMC connected to:
02:00.0 SD Host controller: O2 Micro, Inc.
From: Vasily Khoruzhick
commit 21670bd78a25001cf8ef2679b378c73fb73b904f upstream.
drm_gem_reservation_object_wait() returns 0 if it succeeds and -ETIME
if it timeouts, but lima driver assumed that 0 is error.
Cc: sta...@vger.kernel.org
Fixes: a1d2a6339961e ("drm/lima: driver for ARM Mali4xx
From: Ville Syrjälä
commit bb1a71f9c4672fbfcf2158fd57d0c5c0cdae5612 upstream.
My attempt at allowing MST to use the higher color depths has
regressed some configurations. Apparently people have setups
where all MST streams will fit into the DP link with 8bpc but
won't fit with higher color
From: Xin Long
[ Upstream commit f794dc2304d83ab998c2eee5bab0549aff5c53a2 ]
This issue causes SCTP_PEER_ADDR_THLDS sockopt not to be able to dump
a transport thresholds info.
Fix it by adding 'goto' put_user in sctp_getsockopt_paddr_thresholds.
Fixes: 8add543e369d ("sctp: add
From: Stefan Wahren
commit aea64b583601aa5e0d6ea51a0420e46e43710bd4 upstream.
The commit 37fefadee8bb ("mmc: bcm2835: Terminate timeout work
synchronously") causes lockups in case of hardware timeouts due the
timeout work also calling cancel_delayed_work_sync() on its own.
So revert it.
Fixes:
From: Kent Gibson
commit 5ca2f54b597c816df54ff1b28eb99cf7262b955d upstream.
lineevent_create should not allow any of GPIOHANDLE_REQUEST_OUTPUT,
GPIOHANDLE_REQUEST_OPEN_DRAIN or GPIOHANDLE_REQUEST_OPEN_SOURCE to be set.
Fixes: d7c51b47ac11 ("gpio: userspace ABI for reading/writing GPIO lines")
From: Filipe Manana
commit 410f954cb1d1c79ae485dd83a175f21954fd87cd upstream.
Sometimes when fsync'ing a file we need to log that other inodes exist and
when we need to do that we acquire a reference on the inodes and then drop
that reference using iput() after logging them.
That generally is
From: Ulf Hansson
commit 87b5d602a1cc76169b8d81ec2c74c8d95d9350dc upstream.
Accessing the device when it may be runtime suspended is a bug, which is
the case in tmio_mmc_host_remove(). Let's fix the behaviour.
Cc: sta...@vger.kernel.org
Signed-off-by: Ulf Hansson
Tested-by: Geert Uytterhoeven
From: Christophe JAILLET
[ Upstream commit d23dbc479a8e813db4161a695d67da0e36557846 ]
The '.exit' functions from 'pernet_operations' structure should be marked
as __net_exit, not __net_init.
Fixes: d862e5461423 ("net: ipv6: Implement /proc/net/icmp6.")
Signed-off-by: Christophe JAILLET
From: Chris Wilson
commit 2eb0964eec5f1d99f9eaf4963eee267acc72b615 upstream.
This bit was fliped on for "syncing dependencies between camera and
graphics". BSpec has no recollection why, and it is causing
unrecoverable GPU hangs with Vulkan compute workloads.
>From BSpec, setting bit5 to 0
From: Moritz Fischer
[ Upstream commit ebe26aca98fcf9fbe5017b5cbe216413cee69df5 ]
Add forward declaration for struct gpio_desc in order to address
the following:
./include/linux/phy_fixed.h:48:17: error: 'struct gpio_desc' declared inside
parameter list [-Werror]
From: Junichi Nomura
commit 0a23ebc66a46786769dd68bfdaa3102345819b9c upstream.
Commit
3a63f70bf4c3a ("x86/boot: Early parse RSDP and save it in boot_params")
broke kexec boot on EFI systems. efi_get_rsdp_addr() in the early
parsing code tries to search RSDP from the EFI tables but that will
From: Stephen Boyd
commit 11f6c2307caee89370d7752eb6f404f1ed73faaf upstream.
The possible parent printing function duplicates a bunch of if
conditions. Pull that into another function so we can print an extra
character at the end, either a space or a newline. This way we can add
the required
From: Stanislaw Gruszka
commit 13fa451568ab9e8b3074ef741477c7938c713c42 upstream.
This reverts commit 9ad3b55654455258a9463384edb40077439d879f.
As reported by Sergey:
"I got some problem after upgrade kernel to 5.2 version (debian testing
linux-image-5.2.0-2-amd64). 5Ghz client stopped to
From: Arnd Bergmann
commit 78e05972c5e6c8e9ca4c00ccc6985409da69f904 upstream.
As Vincent noticed, the y2038 conversion of semtimedop in linux-5.1
broke when commit 00bf25d693e7 ("y2038: use time32 syscall names on
32-bit") changed all system calls on all architectures that take
a 32-bit time_t
From: Subash Abhinov Kasiviswanathan
[ Upstream commit 10cc514f451a0f239aa34f91bc9dc954a9397840 ]
In event of failure during register_netdevice, free_netdev is
invoked immediately. free_netdev assumes that all the netdevice
refcounts have been dropped prior to it being called and as a
result
From: Stefan Chulski
[ Upstream commit 63b2ed4e10b2e6c913e1d8cdd728e7fba4115a3d ]
Regarding to IEEE 802.3-2015 standard section 2
28B.3 Priority resolution - Table 28-3 - Pause resolution
In case of Local device Pause=1 AsymDir=0, Link partner
Pause=1 AsymDir=1, Local device resolution should
1 - 100 of 1030 matches
Mail list logo
