On Fri, Aug 07, 2020 at 01:07:18PM -0400, Joel Fernandes (Google) wrote:
> Currently, rcu_cpu_starting() checks to see if the RCU core expects a
> quiescent state from the incoming CPU. However, the current interaction
> between RCU quiescent-state reporting and CPU-hotplug operations should
>
Hello,
syzbot found the following issue on:
HEAD commit:9420f1ce Merge tag 'pinctrl-v5.9-1' of git://git.kernel.or..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=13662f6290
kernel config: https://syzkaller.appspot.com/x/.config?x=72cf85e4237850c8
On Sun, Aug 09, 2020 at 10:34:06PM +0200, Christophe JAILLET wrote:
> When '*sgt' is allocated, we must allocated 'sizeof(**sgt)' bytes instead
> of 'sizeof(*sg)'. 'sg' (i.e. struct scatterlist) is smaller than
> 'sgt' (i.e struct sg_table), so this could lead to memory corruption.
The
iproute2 maintainers,
On 8/6/20 4:37 PM, Murali Karicheri wrote:
This series enhances the iproute2 iplink module to add support
for creating PRP device similar to HSR. The kernel part of this
is already merged to net-next and the same can be referenced
at
From: Takashi Iwai
commit 80982c7e834e5d4e325b6ce33757012ecafdf0bb upstream.
Some ioctls via OSS sequencer API may race and lead to UAF when the
port create and delete are performed concurrently, as spotted by a
couple of syzkaller cases. This patch is an attempt to address it by
serializing
From: Forest Crossman
commit ec37198acca7b4c17b96247697406e47aafe0605 upstream.
I've confirmed that the ASMedia ASM1142 has the same problem as the
ASM2142/ASM3142, in that it too reports that it supports 64-bit DMA
addresses when in fact it does not. As with the ASM2142/ASM3142, this
can cause
From: Dinghao Liu
commit 11536442a3b4e1de6890ea5e805908debb74f94a upstream.
The variable authmode can be uninitialized. The danger would be if
it equals to _WPA_IE_ID_ (0xdd) or _WPA2_IE_ID_ (0x33). We can avoid
this by setting it to zero instead. This is the approach that was
used in the
On Thu, Aug 06, 2020 at 06:49:11PM +, nao.horigu...@gmail.com wrote:
> Hi,
>
> This patchset is the latest version of soft offline rework patchset
> targetted for v5.9.
>
> Since v5, I dropped some patches which tweak refcount handling in
> madvise_inject_error() to avoid the "unknown
From: Adam Ford
commit 254503a2b186caa668a188dbbd7ab0d25149c0a5 upstream.
The drm/omap driver was fixed to correct an issue where using a
divider of 32 breaks the DSS despite the TRM stating 32 is a valid
number. Through experimentation, it appears that 31 works, and
it is consistent with the
On Tue, Aug 11, 2020 at 01:27:00AM +1000, Eugene Lubarsky wrote:
> On Mon, 10 Aug 2020 17:04:53 +0200
> Greg KH wrote:
> > How many syscalls does this save on?
> >
> > Perhaps you want my proposed readfile(2) syscall:
> >
> >
On Thu, 2020-08-06 at 18:07 +0800, Can Guo wrote:
> Hi Bean,
>
> On 2020-08-06 17:50, Bean Huo wrote:
> > >
> > > Please check Stanley's recent change to ufshcd_abort, you may
> > > want to rebase your change on his and do goto cleanup here.
> > > @Stanley correct me if I am wrong.
> > >
> > >
From: Peilin Ye
commit 75bbd2ea50ba1c5d9da878a17e92eac02fe0fd3a upstream.
Check `num_rsp` before using it as for-loop counter.
Cc: sta...@vger.kernel.org
Signed-off-by: Peilin Ye
Signed-off-by: Marcel Holtmann
Signed-off-by: Greg Kroah-Hartman
---
net/bluetooth/hci_event.c |2 +-
1
From: Yunhai Zhang
commit ebfdfeeae8c01fcb2b3b74ffaf03876e20835d2d upstream.
vgacon_scrollback_update() always leaves enbough room in the scrollback
buffer for the next call, but if the console size changed that room
might not actually be enough, and so we need to re-check.
The check should be
From: Rustam Kovhaev
commit b4383c971bc5263efe2b0915ba67ebf2bf3f1ee5 upstream.
when firmware fails to load we should not call unregister_netdev()
this patch fixes a race condition between rtl871x_load_fw_cb() and
r871xu_dev_remove() and fixes the bug reported by syzbot
Reported-by:
From: Johan Hovold
commit 47a459ecc800a17109d0c496a4e21e478806ee40 upstream.
Several MFD child drivers register their class devices directly under
the parent device. This means you cannot blindly do devres conversions
so that deregistration ends up being tied to the parent device,
something
From: Matthias Maennich
commit 55c7549819e438f40a3ef1d8ac5c38b73390bcb7 upstream.
When running `make coccicheck` in report mode using the
add_namespace.cocci file, it will fail for files that contain
MODULE_LICENSE. Those match the replacement precondition, but spatch
errors out as virtual.ns
From: Greg Kroah-Hartman
commit 17a82716587e9d7c3b246a789add490b2b5dcab6 upstream.
In previous patches that added support for new iowarrior devices, the
handling of the report size was not done correct.
Fix that up and update the copyright date for the driver
Reworked from an original patch
From: Forest Crossman
commit 1841cb255da41e87bed9573915891d056f80e2e7 upstream.
Not all ASMedia host controllers have a device ID that matches its part
number. #define some of these IDs to make it clearer at a glance which
chips require what quirks.
Acked-by: Mathias Nyman
Signed-off-by:
This is the start of the stable review cycle for the 5.7.15 release.
There are 79 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Wed, 12 Aug 2020 15:17:47 +.
Anything
From: Ben Skeggs
[ Upstream commit 498595abf5bd51f0ae074cec565d888778ea558f ]
Stale pointer was tripping up the unload path.
Signed-off-by: Ben Skeggs
Signed-off-by: Sasha Levin
---
drivers/gpu/drm/nouveau/nouveau_fbcon.c | 1 +
1 file changed, 1 insertion(+)
diff --git
From: Johan Hovold
commit eca21c2d8655387823d695b26e6fe78cf3975c05 upstream.
Several MFD child drivers register their class devices directly under
the parent device. This means you cannot blindly do devres conversions
so that deregistration ends up being tied to the parent device,
something
From: Dmitry Osipenko
commit 2a5e6f7eede8cd1c4bac0b8ec6491cec4e75c99a upstream.
The requested interrupt is never released by the driver. Fix this by
using the resource-managed variant of request_threaded_irq().
Fixes: ab3dd9cc24d4 ("gpio: max77620: Fix interrupt handling")
Signed-off-by:
From: Peilin Ye
[ Upstream commit 5b801dfb7feb2738975d80223efc2fc193e55573 ]
Prevent __btf_resolve_helper_id() from dereferencing `btf_vmlinux`
as NULL. This patch fixes the following syzbot bug:
https://syzkaller.appspot.com/bug?id=f823224ada908fa5c207902a5a62065e53ca0fcc
Reported-by:
From: Connor McAdams
commit cc5edb1bd3f7bfe450f767b12423f6673822427b upstream.
Add a new quirk ID for the Recon3D, as tested by me.
Signed-off-by: Connor McAdams
Cc:
Link: https://lore.kernel.org/r/20200803002928.8638-2-conmanx...@gmail.com
Signed-off-by: Takashi Iwai
Signed-off-by: Greg
From: Johan Hovold
commit a0972fff09479dd09b731360a3a0b09e4fb4d415 upstream.
Several MFD child drivers register their class devices directly under
the parent device. This means you cannot use devres so that
deregistration ends up being tied to the parent device, something which
leads to
From: Johan Hovold
commit d584221e683bbd173738603b83a315f27d27d043 upstream.
Several MFD child drivers register their class devices directly under
the parent device. This means you cannot blindly do devres conversions
so that deregistration ends up being tied to the parent device,
something
From: Ranjani Sridharan
[ Upstream commit 7fcd9bb5acd01250bcae1ecc0cb8b8d4bb5b7e63 ]
When the ASoC card registration fails and the codec component driver
never probes, the codec device is not initialized and therefore
memory for codec->wcaps is not allocated. This results in a NULL pointer
From: Connor McAdams
commit a00dc409de455b64e6cb2f6d40cdb8237cdb2e83 upstream.
When the ZxR headphone gain control was added, the ca0132_switch_get
function was not updated, which meant that the changes to the control
state were not saved when entering/exiting alsamixer.
Signed-off-by: Connor
From: Kai-Heng Feng
[ Upstream commit 5611ec2b9814bc91f7b0a8d804c1fc152e2025d9 ]
After commit 6e02318eaea5 ("nvme: add support for the Write Zeroes
command"), SK hynix PC400 becomes very slow with the following error
message:
[ 224.567695] blk_update_request: operation not supported error,
test_progs reports the segmentation fault as below
$ sudo ./test_progs -t mmap --verbose
test_mmap:PASS:skel_open_and_load 0 nsec
..
test_mmap:PASS:adv_mmap1 0 nsec
test_mmap:PASS:adv_mmap2 0 nsec
test_mmap:PASS:adv_mmap3 0 nsec
test_mmap:PASS:adv_mmap4 0 nsec
Segmentation fault
This issue
From: Christophe Leroy
commit b506923ee44ae87fc9f4de16b53feb313623e146 upstream.
This reverts commit d2a91cef9bbdeb87b7449fdab1a6be6000930210.
This commit moved too much work in kasan_init(). The allocation
of shadow pages has to be moved for the reason explained in that
patch, but the
From: Nicolas Chauvet
commit e7b856dfcec6d3bf028adee8c65342d7035914a1 upstream.
As reported in https://bugzilla.kernel.org/206217 , raw_violation_fixup
is causing more harm than good in some common use-cases.
This patch is a partial revert of commit:
191cd6fb5d2c ("PCI: tegra: Add SW fixup
From: Xiyu Yang
[ Upstream commit 706ec919164622ff5ce822065472d0f30a9e9dd2 ]
ip6_route_info_create() invokes nexthop_get(), which increases the
refcount of the "nh".
When ip6_route_info_create() returns, local variable "nh" becomes
invalid, so the refcount should be decreased to keep refcount
On Mon, Aug 10, 2020 at 12:25:37AM +0200, Michał Mirosław wrote:
> regulator_lock_dependent() starts by taking regulator_list_mutex, The
> same mutex covers eg. regulator initialization, including memory allocations
> that happen there. This will deadlock when you have filesystem on eg. eMMC
>
From: Ido Schimmel
[ Upstream commit b5141915b5aec3b29a63db869229e3741ebce258 ]
The commit cited below removed the RCU read-side critical section from
rtnl_fdb_dump() which means that the ndo_fdb_dump() callback is invoked
without RCU protection.
This results in the following warning [1] in
From: Xin Xiong
[ Upstream commit 51875dad43b44241b46a569493f1e4bfa0386d86 ]
atmtcp_remove_persistent() invokes atm_dev_lookup(), which returns a
reference of atm_dev with increased refcount or NULL if fails.
The refcount leaks issues occur in two error handling paths. If
dev_data->persist is
From: Philippe Duplessis-Guindon
[ Upstream commit e24c6447ccb7b1a01f9bf0aec94939e6450c0b4d ]
I compiled with AddressSanitizer and I had these memory leaks while I
was using the tep_parse_format function:
Direct leak of 28 byte(s) in 4 object(s) allocated from:
#0 0x7fb07db49ffe in
PING, PING
On 7/20/20 11:03 AM, Tony Krowiak wrote:
The current design for AP pass-through does not support making dynamic
changes to the AP matrix of a running guest resulting in a few
deficiencies this patch series is intended to mitigate:
1. Adapters, domains and control domains can not be
From: Cong Wang
[ Upstream commit 8c0de6e96c9794cb523a516c465991a70245da1c ]
IPV6_ADDRFORM causes resource leaks when converting an IPv6 socket
to IPv4, particularly struct ipv6_ac_socklist. Similar to
struct ipv6_mc_socklist, we should just close it on this path.
This bug can be easily
Hello,
syzbot found the following issue on:
HEAD commit:7c7ab580 net: Convert to use the fallthrough macro
git tree: net
console output: https://syzkaller.appspot.com/x/log.txt?x=17dab18490
kernel config: https://syzkaller.appspot.com/x/.config?x=7bb894f55faf8242
dashboard link:
From: YueHaibing
[ Upstream commit 02afa9c66bb954c6959877c70d9e128dcf0adce7 ]
Fix smatch warning:
drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c:2419
alloc_channel() warn: passing zero to 'ERR_PTR'
setup_dpcon() should return ERR_PTR(err) instead of zero in error
handling case.
Fixes:
From: Rustam Kovhaev
[ Upstream commit e911e99a0770f760377c263bc7bac1b1593c6147 ]
in case of an error tty_register_device_attr() returns ERR_PTR(),
add IS_ERR() check
Reported-and-tested-by: syzbot+67b2bd0e34f952d03...@syzkaller.appspotmail.com
Link:
From: Lorenzo Bianconi
[ Upstream commit 622e32b7d4a6492cf5c1f759ef833f817418f7b3 ]
The GRE tunnel can be used to transport traffic that does not rely on a
Internet checksum (e.g. SCTP). The issue can be triggered creating a GRE
or GRETAP tunnel and transmitting SCTP traffic ontop of it where
On Thu, Jul 16, 2020 at 10:00:57AM +, Avi Shchislowski wrote:
>
>
> > -Original Message-
> > From: Bart Van Assche
> > Sent: Thursday, July 16, 2020 4:42 AM
> > To: Avi Shchislowski ;
> > daejun7.p...@samsung.com; Avri Altman ;
> > j...@linux.ibm.com; martin.peter...@oracle.com;
From: Ben Skeggs
[ Upstream commit 15fbc3b938534cc8eaac584a7b0c1183fc968b86 ]
This is tripping up the format modifier patches.
Signed-off-by: Ben Skeggs
Signed-off-by: Sasha Levin
---
drivers/gpu/drm/nouveau/nouveau_fbcon.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
From: Lorenzo Bianconi
[ Upstream commit d6526926de7397a97308780911565e31a6b67b59 ]
Release skb memory in mvpp2_rx() if mvpp2_rx_refill routine fails
Fixes: b5015854674b ("net: mvpp2: fix refilling BM pools in RX path")
Signed-off-by: Lorenzo Bianconi
Acked-by: Matteo Croce
Signed-off-by:
From: Stephen Hemminger
[ Upstream commit 7c9864bbccc23e1812ac82966555d68c13ea4006 ]
If the accelerated networking SRIOV VF device has lost carrier
use the synthetic network device which is available as backup
path. This is a rare case since if VF link goes down, normally
the VMBus device will
From: Wolfram Sang
[ Upstream commit 8808981baf96e1b3dea1f08461e4d958aa0dbde1 ]
Signed-off-by: Wolfram Sang
Reviewed-by: Alain Volmat
Signed-off-by: Wolfram Sang
Signed-off-by: Sasha Levin
---
drivers/i2c/i2c-core-slave.c | 3 +++
1 file changed, 3 insertions(+)
diff --git
From: Jitao Shi
[ Upstream commit d76acc9fcddeda53b985b029c890976a87fcc3fc ]
Fine tune the HBP and HFP to avoid the dot noise on the left and right edges.
Signed-off-by: Jitao Shi
Signed-off-by: Sam Ravnborg
Link:
From: Peilin Ye
[ Upstream commit 9aba6c5b49254d5bee927d81593ed4429e91d4ae ]
ovs_ct_put_key() is potentially copying uninitialized kernel stack memory
into socket buffers, since the compiler may leave a 3-byte hole at the end
of `struct ovs_key_ct_tuple_ipv4` and `struct ovs_key_ct_tuple_ipv6`.
Hello,
syzbot found the following issue on:
HEAD commit:449dc8c9 Merge tag 'for-v5.9' of git://git.kernel.org/pub/..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=11293dc690
kernel config: https://syzkaller.appspot.com/x/.config?x=9d25235bf0162fbc
Hello,
syzbot found the following issue on:
HEAD commit:fffe3ae0 Merge tag 'for-linus-hmm' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=12f34d3a90
kernel config: https://syzkaller.appspot.com/x/.config?x=50463ec6729f9706
From: Willem de Bruijn
[ Upstream commit 16f6458f2478b55e2b628797bc81a4455045c74e ]
The msg_zerocopy test pins the sender and receiver threads to separate
cores to reduce variance between runs.
But it hardcodes the cores and skips core 0, so it fails on machines
with the selected cores
From: Paolo Abeni
[ Upstream commit 8555c6bfd5fddb1cf363d3cd157d70a1bb27f718 ]
In case of memory pressure, mptcp_sendmsg() may call
sk_stream_wait_memory() after succesfully xmitting some
bytes. If the latter fails we currently return to the
user-space the error code, ignoring the succeful
From: Erik Ekman
commit d2a4309c1ab6df424b2239fe2920d6f26f808d17 upstream.
When running qmi-firmware-update on the Sierra Wireless EM7305 in a Toshiba
laptop, it changed product ID to 0x9062 when entering QDL mode:
usb 2-4: new high-speed USB device number 78 using xhci_hcd
usb 2-4: New USB
Hello,
syzbot found the following issue on:
HEAD commit:ce8056d1 wip: changed copy_from_user where instrumented
git tree: https://github.com/google/kmsan.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=1198be0290
kernel config:
From: Suren Baghdasaryan
commit 3e338d3c95c735dc3265a86016bb4c022ec7cadc upstream.
syzbot report [1] describes a deadlock when write operation against an
ashmem fd executed at the time when ashmem is shrinking its cache results
in the following lock sequence:
Possible unsafe locking scenario:
From: Rustam Kovhaev
commit b4383c971bc5263efe2b0915ba67ebf2bf3f1ee5 upstream.
when firmware fails to load we should not call unregister_netdev()
this patch fixes a race condition between rtl871x_load_fw_cb() and
r871xu_dev_remove() and fixes the bug reported by syzbot
Reported-by:
From: Stefan Roese
[ Upstream commit f7ba7dbf4f7af67b5936ff1cbd40a3254b409ebf ]
I just recently noticed that ethernet does not work anymore since v5.5
on the GARDENA smart Gateway, which is based on the AT91SAM9G25.
Debugging showed that the "GEM bits" in the NCFGR register are now
On Sat, 2020-08-08 at 19:35 -0400, Sasha Levin wrote:
> From: Hannes Reinecke
>
> [ Upstream commit fbd6a42d8932e172921c7de10468a2e12c34846b ]
>
> When nvme_round_robin_path() finds a valid namespace we should be
> using it;
> falling back to __nvme_find_path() for non-optimized paths will
From: Takashi Iwai
commit 80982c7e834e5d4e325b6ce33757012ecafdf0bb upstream.
Some ioctls via OSS sequencer API may race and lead to UAF when the
port create and delete are performed concurrently, as spotted by a
couple of syzkaller cases. This patch is an attempt to address it by
serializing
From: Connor McAdams
commit a00dc409de455b64e6cb2f6d40cdb8237cdb2e83 upstream.
When the ZxR headphone gain control was added, the ca0132_switch_get
function was not updated, which meant that the changes to the control
state were not saved when entering/exiting alsamixer.
Signed-off-by: Connor
From: Connor McAdams
commit cc5edb1bd3f7bfe450f767b12423f6673822427b upstream.
Add a new quirk ID for the Recon3D, as tested by me.
Signed-off-by: Connor McAdams
Cc:
Link: https://lore.kernel.org/r/20200803002928.8638-2-conmanx...@gmail.com
Signed-off-by: Takashi Iwai
Signed-off-by: Greg
Hello,
syzbot found the following issue on:
HEAD commit:06a81c1c Merge tag 'arm64-fixes' of git://git.kernel.org/p..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=13fbac1c90
kernel config: https://syzkaller.appspot.com/x/.config?x=bf68a13f867fd1b4
From: Peter Zijlstra
commit 90c91dfb86d0ff545bd329d3ddd72c147e2ae198 upstream.
Kan and Andi reported that we fail to kill rotation when the flexible
events go empty, but the context does not. XXX moar
Fixes: fd7d55172d1e ("perf/cgroups: Don't rotate events for cgroups
unnecessarily")
From: Sam Ravnborg
[ Upstream commit 2a1658bf922ffd9b7907e270a7d9cdc9643fc45d ]
Recent kernels have been reported to panic using the bochs_drm
framebuffer under qemu-system-sparc64 which was bisected to
commit 7a0483ac4ffc ("drm/bochs: switch to generic drm fbdev emulation").
The backtrace
From: Peilin Ye
commit 629b49c848ee71244203934347bd7730b0ddee8d upstream.
Check `num_rsp` before using it as for-loop counter. Add `unlock` label.
Cc: sta...@vger.kernel.org
Signed-off-by: Peilin Ye
Signed-off-by: Marcel Holtmann
Signed-off-by: Greg Kroah-Hartman
---
when COMPILED_SOURCE is set, running 'make ARCH=x86_64 COMPILED_SOURCE=1
cscope tags' in KBUILD_OUTPUT directory produces lots of "No such file
or directory" warnings:
...
realpath: sigchain.h: No such file or directory
realpath: orc_gen.c: No such file or directory
realpath: objtool.c: No such
From: Forest Crossman
commit 1841cb255da41e87bed9573915891d056f80e2e7 upstream.
Not all ASMedia host controllers have a device ID that matches its part
number. #define some of these IDs to make it clearer at a glance which
chips require what quirks.
Acked-by: Mathias Nyman
Signed-off-by:
Hello,
syzbot found the following issue on:
HEAD commit:449dc8c9 Merge tag 'for-v5.9' of git://git.kernel.org/pub/..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=14d41e0290
kernel config: https://syzkaller.appspot.com/x/.config?x=9d25235bf0162fbc
This is the start of the stable review cycle for the 5.4.58 release.
There are 67 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Wed, 12 Aug 2020 15:17:47 +.
Anything
From: Eric Biggers
commit beb4ee6770a89646659e6a2178538d2b13e2654e upstream.
smk_write_relabel_self() frees memory from the task's credentials with
no locking, which can easily cause a use-after-free because multiple
tasks can share the same credentials structure.
Fix this by using
From: Christoph Hellwig
[ Upstream commit a39c46067c845a8a2d7144836e9468b7f072343e ]
p9_fd_open just fgets file descriptors passed in from userspace, but
doesn't verify that they are valid for read or writing. This gets
cought down in the VFS when actually attempting a read or write, but
a new
Hello,
syzbot found the following issue on:
HEAD commit:9420f1ce Merge tag 'pinctrl-v5.9-1' of git://git.kernel.or..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1637701c90
kernel config: https://syzkaller.appspot.com/x/.config?x=72cf85e4237850c8
From: Wolfram Sang
[ Upstream commit 1b1be3bf27b62f5abcf85c6f3214bdb9c7526685 ]
Add check for ERR_PTR and simplify code while here.
Signed-off-by: Wolfram Sang
Reviewed-by: Alain Volmat
Signed-off-by: Wolfram Sang
Signed-off-by: Sasha Levin
---
drivers/i2c/i2c-core-slave.c | 4 +---
1
From: René van Dorst
[ Upstream commit 19016d93bfc335f0c158c0d9e3b9d06c4dd53d39 ]
Modify mtk_gmac0_rgmii_adjust() so it can always be called.
mtk_gmac0_rgmii_adjust() sets-up the TRGMII clocks.
Signed-off-by: René van Dorst
Signed-off-By: David Woodhouse
Tested-by: Frank Wunderlich
From: Ranjani Sridharan
[ Upstream commit 7fcd9bb5acd01250bcae1ecc0cb8b8d4bb5b7e63 ]
When the ASoC card registration fails and the codec component driver
never probes, the codec device is not initialized and therefore
memory for codec->wcaps is not allocated. This results in a NULL pointer
From: Wolfram Sang
[ Upstream commit 8808981baf96e1b3dea1f08461e4d958aa0dbde1 ]
Signed-off-by: Wolfram Sang
Reviewed-by: Alain Volmat
Signed-off-by: Wolfram Sang
Signed-off-by: Sasha Levin
---
drivers/i2c/i2c-core-slave.c | 3 +++
1 file changed, 3 insertions(+)
diff --git
On Sun, 2020-08-09 at 13:16 -0400, Mimi Zohar wrote:
> On Sat, 2020-08-08 at 13:47 -0400, Chuck Lever wrote:
> > > On Aug 5, 2020, at 2:15 PM, Mimi Zohar
> > > wrote:
>
>
>
> > > If block layer integrity was enough, there wouldn't have been a
> > > need for fs-verity. Even fs-verity is
From: Christophe Leroy
commit b506923ee44ae87fc9f4de16b53feb313623e146 upstream.
This reverts commit d2a91cef9bbdeb87b7449fdab1a6be6000930210.
This commit moved too much work in kasan_init(). The allocation
of shadow pages has to be moved for the reason explained in that
patch, but the
From: Dexuan Cui
[ Upstream commit ddc9d357b991838c2d975e8d7e4e9db26f37a7ff ]
When a Linux hv_sock app tries to connect to a Service GUID on which no
host app is listening, a recent host (RS3+) sends a
CHANNELMSG_TL_CONNECT_RESULT (23) message to Linux and this triggers such
a warning:
unknown
From: Julian Squires
[ Upstream commit 4052d3d2e8f47a15053320bbcbe365d15610437d ]
In the case where a vendor command does not implement doit, and has no
flags set, doit would not be validated and a NULL pointer dereference
would occur, for example when invoking the vendor command via iw.
I
From: Frank van der Linden
commit 08b5d5014a27e717826999ad20e394a8811aae92 upstream.
set/removexattr on an exported filesystem should break NFS delegations.
This is true in general, but also for the upcoming support for
RFC 8726 (NFSv4 extended attribute support). Make sure that they do.
From: Johan Hovold
commit 47a459ecc800a17109d0c496a4e21e478806ee40 upstream.
Several MFD child drivers register their class devices directly under
the parent device. This means you cannot blindly do devres conversions
so that deregistration ends up being tied to the parent device,
something
From: Landen Chao
[ Upstream commit 555a893303872e044fb86f0a5834ce78d41ad2e2 ]
in recent kernel versions there are warnings about incorrect MTU size
like these:
eth0: mtu greater than device maximum
mtk_soc_eth 1b10.ethernet eth0: error -22 setting MTU to include DSA
overhead
Fixes:
From: Jann Horn
commit 4b836a1426cb0f1ef2a6e211d7e553221594f8fc upstream.
Binder is designed such that a binder_proc never has references to
itself. If this rule is violated, memory corruption can occur when a
process sends a transaction to itself; see e.g.
From: Johan Hovold
commit 6f4aa35744f69ed9b0bf5a736c9ca9b44bc1dcea upstream.
Several MFD child drivers register their class devices directly under
the parent device. This means you cannot blindly do devres conversions
so that deregistration ends up being tied to the parent device,
something
From: Xiyu Yang
[ Upstream commit 706ec919164622ff5ce822065472d0f30a9e9dd2 ]
ip6_route_info_create() invokes nexthop_get(), which increases the
refcount of the "nh".
When ip6_route_info_create() returns, local variable "nh" becomes
invalid, so the refcount should be decreased to keep refcount
From: Xin Long
[ Upstream commit bab9693a9a8c6dd19f670408ec1e78e12a320682 ]
A dead lock was triggered on thunderx driver:
CPU0CPU1
[01] lock(&(>rx_mode_wq_lock)->rlock);
[11]
cifs.ko also can set rsize quite small (even 1K for example, although
that will be more than 10x slower than the default 4MB so hopefully no
one is crazy enough to do that). I can't imagine an SMB3 server
negotiating an rsize or wsize smaller than 64K in today's world (and
typical is 1MB to 8MB)
From: Vincent Duvert
[ Upstream commit d0f6ba2ef2c1c95069509e71402e7d6d43452512 ]
Add a missing return statement to atalk_proc_init so it doesn't return
-ENOMEM when successful. This allows the appletalk module to load
properly.
Fixes: e2bcd8b0ce6e ("appletalk: use remove_proc_subtree to
From: Lorenzo Bianconi
[ Upstream commit 622e32b7d4a6492cf5c1f759ef833f817418f7b3 ]
The GRE tunnel can be used to transport traffic that does not rely on a
Internet checksum (e.g. SCTP). The issue can be triggered creating a GRE
or GRETAP tunnel and transmitting SCTP traffic ontop of it where
From: Chuck Lever
commit 412055398b9e67e07347a936fc4a6adddabe9cf4 upstream.
svcrdma expects that the payload falls precisely into the xdr_buf
page vector. This does not seem to be the case for
nfsd4_encode_readv().
This code is called only when fops->splice_read is missing or when
RQ_SPLICE_OK
From: Peilin Ye
commit 629b49c848ee71244203934347bd7730b0ddee8d upstream.
Check `num_rsp` before using it as for-loop counter. Add `unlock` label.
Cc: sta...@vger.kernel.org
Signed-off-by: Peilin Ye
Signed-off-by: Marcel Holtmann
Signed-off-by: Greg Kroah-Hartman
---
From: Adam Ford
commit 254503a2b186caa668a188dbbd7ab0d25149c0a5 upstream.
The drm/omap driver was fixed to correct an issue where using a
divider of 32 breaks the DSS despite the TRM stating 32 is a valid
number. Through experimentation, it appears that 31 works, and
it is consistent with the
From: Hangbin Liu
[ Upstream commit a0dced17ad9dc08b1b25e0065b54c97a318e6e8b ]
This reverts commit 71130f29979c7c7956b040673e6b9d5643003176.
In commit 71130f29979c ("vxlan: fix tos value before xmit") we want to
make sure the tos value are filtered by RT_TOS() based on RFC1349.
0 1
From: David Howells
[ Upstream commit 65550098c1c4db528400c73acf3e46bfa78d9264 ]
There's a race between rxrpc_sendmsg setting up a call, but then failing to
send anything on it due to an error, and recvmsg() seeing the call
completion occur and trying to return the state to the user.
An
From: Johan Hovold
commit 47a459ecc800a17109d0c496a4e21e478806ee40 upstream.
Several MFD child drivers register their class devices directly under
the parent device. This means you cannot blindly do devres conversions
so that deregistration ends up being tied to the parent device,
something
From: YueHaibing
[ Upstream commit 02afa9c66bb954c6959877c70d9e128dcf0adce7 ]
Fix smatch warning:
drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c:2419
alloc_channel() warn: passing zero to 'ERR_PTR'
setup_dpcon() should return ERR_PTR(err) instead of zero in error
handling case.
Fixes:
From: Stephen Hemminger
[ Upstream commit 7c9864bbccc23e1812ac82966555d68c13ea4006 ]
If the accelerated networking SRIOV VF device has lost carrier
use the synthetic network device which is available as backup
path. This is a rare case since if VF link goes down, normally
the VMBus device will
801 - 900 of 1496 matches
Mail list logo