From: Sudheesh Mavila
[ Upstream commit 97cf32996c46d9935cc133d910a75fb687dd6144 ]
SMU10_UMD_PSTATE_PEAK_FCLK value should not be used to set the DPM.
Suggested-by: Evan Quan
Reviewed-by: Evan Quan
Signed-off-by: Sudheesh Mavila
Signed-off-by: Alex Deucher
Signed-off-by: Sasha Levin
---
From: Jens Axboe
[ Upstream commit fad8e0de4426a776c9bcb060555e7c09e2d08db6 ]
syzbot reports a potential lock deadlock between the normal IO path and
->show_fdinfo():
==
WARNING: possible circular locking dependency detected
From: Heiner Kallweit
[ Upstream commit 709a16be0593c08190982cfbdca6df95e6d5823b ]
Mistakenly bit 2 was set instead of bit 3 as in the vendor driver.
Fixes: a7a92cf81589 ("r8169: sync PCIe PHY init with vendor driver 8.047.01")
Signed-off-by: Heiner Kallweit
Signed-off-by: David S. Miller
From: Hariprasad Kelam
[ Upstream commit 66a5209b53418111757716d71e52727b782eabd4 ]
Mbox implementation in octeontx2 driver has three states
alloc, send and reset in mbox response. VF allocate and
sends message to PF for processing, PF ACKs them back and
reset the mbox memory. In some case we
From: Kajol Jain
[ Upstream commit 6d6b8b9f4fceab7266ca03d194f60ec72bd4b654 ]
The error handling introduced by commit:
2ed6edd33a21 ("perf: Add cond_resched() to task_function_call()")
looses any return value from smp_call_function_single() that is not
{0, -EINVAL}. This is a problem
From: Necip Fazil Yildiran
[ Upstream commit 8f0c01e85c4d2e1a233e6f4d7ab16c9f8b2a ]
When LG_LAPTOP is enabled and NEW_LEDS is disabled, it results in the
following Kbuild warning:
WARNING: unmet direct dependencies detected for LEDS_CLASS
Depends on [n]: NEW_LEDS [=n]
Selected by [y]:
From: Josef Bacik
[ Upstream commit 313b085851c13ca08320372a05a7047ea25d3dd4 ]
We need to move the closing of the src_device out of all the device
replace locking, but we definitely want to zero out the superblock
before we commit the last time to make sure the device is properly
removed.
From: Aya Levin
[ Upstream commit c3c9402373fe20e2d08c04f437ce4dcd252cffb2 ]
Prior to this fix, in Striding RQ mode the driver was vulnerable when
receiving packets in the range (stride size - headroom, stride size].
Where stride size is calculated by mtu+headroom+tailroom aligned to the
From: Coly Li
[ Upstream commit 4243219141b67d7c2fdb2d8073c17c539b9263eb ]
In mmc_queue_setup_discard() the mmc driver queue's discard_granularity
might be set as 0 (when card->pref_erase > max_discard) while the mmc
device still declares to support discard operation. This is buggy and
From: Vijay Balakrishna
commit 4aab2be0983031a05cb4a19696c9da5749523426 upstream.
When memory is hotplug added or removed the min_free_kbytes should be
recalculated based on what is expected by khugepaged. Currently after
hotplug, min_free_kbytes will be set to a lower default and higher
From: Cong Wang
commit 0fedc63fadf0404a729e73a35349481c8009c02f upstream.
syzbot is able to trigger a failure case inside the loop in
tcf_action_init(), and when this happens we clean up with
tcf_action_destroy(). But, as these actions are already inserted
into the global IDR, other parallel
From: Anant Thazhemadam
commit f45a4248ea4cc13ed50618ff066849f9587226b2 upstream.
When get_registers() fails in set_ethernet_addr(),the uninitialized
value of node_id gets copied over as the address.
So, check the return value of get_registers().
If get_registers() executed successfully (i.e.,
From: Alexey Kardashevskiy
commit 44c413d9a51752056d606bf6f312003ac1740fab upstream.
The tty TIOCL_SETSEL ioctl allocates a memory buffer big enough for text
selection area. The maximum allowed console size is
VC_RESIZE_MAXCOL * VC_RESIZE_MAXROW == 32767*32767 == ~1GB and typical
MAX_ORDER is
From: Eran Ben Elisha
[ Upstream commit 50b2412b7e7862c5af0cbf4b10d93bc5c712d021 ]
Upon command completion timeout, driver simulates a forced command
completion. In a rare case where real interrupt for that command arrives
simultaneously, it might release the command entry while the forced
From: Aya Levin
commit 3d093bc2369003b4ce6c3522d9b383e47c40045d upstream.
Declare GRE offload support with respect to the inner protocol. Add a
list of supported inner protocols on which the driver can offload
checksum and GSO. For other protocols, inform the stack to do the needed
operations.
From: Eric Dumazet
commit 86bccd0367130f481ca99ba91de1c6a5aa1c78c1 upstream.
We got reports from GKE customers flows being reset by netfilter
conntrack unless nf_conntrack_tcp_be_liberal is set to 1.
Traces seemed to suggest ACK packet being dropped by the
packet capture, or more likely that
From: Aya Levin
[ Upstream commit 8c7353b6f716436ad0bfda2b5c5524ab2dde5894 ]
Prior to this patch unloading an interface in promiscuous mode with RX
VLAN filtering feature turned off - resulted in a warning. This is due
to a wrong condition in the VLAN rules cleanup flow, which left the
any-vid
From: Rohit Maheshwari
commit 38f7e1c0c43dd25b06513137bb6fd35476f9ec6d upstream.
BUG: kernel NULL pointer dereference, address: 00b8
#PF: supervisor read access in kernel mode
#PF: error_code(0x) - not-present page
PGD 8008b6fef067 P4D 8008b6fef067 PUD 8b6fe6067 PMD 0
From: Maor Gottlieb
[ Upstream commit 732ebfab7fe96b7ac9a3df3208f14752a4bb6db3 ]
Fix error flow handling in request_irqs which try to free irq
that we failed to request.
It fixes the below trace.
WARNING: CPU: 1 PID: 7587 at kernel/irq/manage.c:1684 free_irq+0x4d/0x60
CPU: 1 PID: 7587 Comm:
From: Xiongfeng Wang
commit 37bd9e803daea816f2dc2c8f6dc264097eb3ebd2 upstream.
When I cat some module parameters by sysfs, it displays as follows. It's
better to add a newline for easy reading.
root@syzkaller:~# cat /sys/module/ati_remote2/parameters/mode_mask
0x1froot@syzkaller:~# cat
From: Cong Wang
commit e49d8c22f1261c43a986a7fdbf677ac309682a07 upstream.
All TC actions call tcf_idr_insert() for new action at the end
of their ->init(), so we can actually move it to a central place
in tcf_action_init_1().
And once the action is inserted into the global IDR, other parallel
From: Minchan Kim
commit 8b7b2eb131d3476062ffd34358785b44be25172f upstream.
The swap address_space doesn't have host. Thus, it makes kernel crash once
swap write meets error. Fix it.
Fixes: 735e4ae5ba28 ("vfs: track per-sb writeback errors and report them to
syncfs")
Signed-off-by: Minchan
On 10/12/20 11:59 AM, Ionela Voinescu wrote:
On Monday 12 Oct 2020 at 11:22:57 (+0100), Lukasz Luba wrote:
[..]
I thought about it and looked for other platforms' DT to see if can reuse
existing opp information. Unfortunately I don't think it is optimal. The reason
being that, because cpus
From: Guillaume Nault
commit 4296adc3e32f5d544a95061160fe7e127be1b9ff upstream.
Openvswitch allows to drop a packet's Ethernet header, therefore
skb_mpls_push() and skb_mpls_pop() might be called with ethernet=true
and mac_len=0. In that case the pointer passed to skb_mod_eth_type()
doesn't
From: Manivannan Sadhasivam
commit a7809ff90ce6c48598d3c4ab54eb599bec1e9c42 upstream.
The rcu read locks are needed to avoid potential race condition while
dereferencing radix tree from multiple threads. The issue was identified
by syzbot. Below is the crash report:
From: Maxim Kochetkov
[ Upstream commit aa92d836d5c40a7e21e563a272ad177f1bfd44dd ]
The ocelot_wm_encode function deals with setting thresholds for pause
frame start and stop. In Ocelot and Felix the register layout is the
same, but for Seville, it isn't. The easiest way to accommodate Seville
From: Tom Rix
commit 5f38b06db8af3ed6c2fc1b427504ca56fae2eacc upstream.
clang static analysis flags this represenative problem
thinkpad_acpi.c:2523:7: warning: Branch condition evaluates
to a garbage value
if (!oldn->mute ||
^~~
In hotkey_kthread()
On Mon, Oct 12, 2020 at 12:47 PM Marek Szyprowski
wrote:
>
> Hi Jason,
>
> On 09.10.2020 14:48, Jason Gunthorpe wrote:
> > On Fri, Oct 09, 2020 at 02:37:23PM +0200, Mauro Carvalho Chehab wrote:
> >
> >> I'm not a mm/ expert, but, from what I understood from Daniel's patch
> >> description is that
From: Vladimir Oltean
[ Upstream commit 601e984f23abcaa7cf3eb078c13de4db3cf6a4f0 ]
Tail dropping is enabled for a port when:
1. A source port consumes more packet buffers than the watermark encoded
in SYS:PORT:ATOP_CFG.ATOP.
AND
2. Total memory use exceeds the consumption watermark
From: Vladimir Oltean
[ Upstream commit e8e6e73db14273464b374d49ca7242c0994945f3 ]
We don't want ocelot_port_set_maxlen to enable pause frame TX, just to
adjust the pause thresholds.
Move the unconditional enabling of pause TX to ocelot_init_port. There
is no good place to put such setting
From: Eran Ben Elisha
[ Upstream commit 1d5558b1f0de81f54ddee05f3793acc5260d107f ]
Once driver detects a command interface command timeout, it warns the
user and returns timeout error to the caller. In such case, the entry of
the command is not evacuated (because only real event interrupt is
Hi Linus,
Nothing major in here, just fixes or improvements collected over the
last few months.
Please pull!
The following changes since commit a1b8638ba1320e6684aa98233c15255eb803fac7:
Linux 5.9-rc7 (2020-09-27 14:38:10 -0700)
are available in the Git repository at:
From: Aya Levin
[ Upstream commit 2608a2f831c47dfdf18885a7289be5af97182b05 ]
Verify the configured FEC mode is supported by at least a single link
mode before applying the command. Otherwise fail the command and return
"Operation not supported".
Prior to this patch, the command was successful,
From: Johannes Berg
commit a95bc734e60449e7b073ff7ff70c35083b290ae9 upstream.
If userspace doesn't complete the policy dump, we leak the
allocated state. Fix this.
Fixes: d07dcf9aadd6 ("netlink: add infrastructure to expose policies to
userspace")
Signed-off-by: Johannes Berg
Reviewed-by:
From: Eran Ben Elisha
[ Upstream commit 432161ea26d6d5e5c3f7306d9407d26ed1e1953e ]
As part of driver unload, it destroys the commands EQ (via FW command).
As the commands EQ is destroyed, FW will not generate EQEs for any command
that driver sends afterwards. Driver should poll for later
From: David Howells
[ Upstream commit ec0fa0b659144d9c68204d23f627b6a65fa53e50 ]
The afs filesystem has a lock[*] that it uses to serialise I/O operations
going to the server (vnode->io_lock), as the server will only perform one
modification operation at a time on any given file or directory.
From: Eran Ben Elisha
[ Upstream commit 410bd754cd73c4a2ac3856d9a03d7b08f9c906bf ]
It is possible that new command entry index allocation will temporarily
fail. The new command holds the semaphore, so it means that a free entry
should be ready soon. Add one second retry mechanism before
From: Nikolay Aleksandrov
commit f2f3729fb65c5c2e6db234e6316b71a7bdc4b30b upstream.
When a user-space software manages fdb entries externally it should
set the ext_learn flag which marks the fdb entry as externally managed
and avoids expiring it (they're treated as static fdbs). Unfortunately
From: Vladimir Oltean
[ Upstream commit 589aa6e7c9de322d47eb33a5cee8cc38838319e6 ]
To follow the model of felix and seville where we have one
platform-specific file, rename this file to the actual SoC it serves.
Signed-off-by: Vladimir Oltean
Signed-off-by: David S. Miller
Signed-off-by:
From: Randy Dunlap
[ Upstream commit 1f7e877c20517735bceff1535e1b7fa846b2f215 ]
Fix many (lots deleted here) build errors in hinic by selecting NET_DEVLINK.
ld: drivers/net/ethernet/huawei/hinic/hinic_hw_dev.o: in function
`mgmt_watchdog_timeout_event_handler':
hinic_hw_dev.c:(.text+0x30a):
From: David Howells
[ Upstream commit 38b1dc47a35ba14c3f4472138ea56d014c2d609b ]
If someone calls setsockopt() twice to set a server key keyring, the first
keyring is leaked.
Fix it to return an error instead if the server key keyring is already set.
Fixes: 17926a79320a ("[AF_RXRPC]: Provide
__do_softirq() may be interrupted by hardware interrupts. In this case,
irqtime_account_irq() will account the time slice as CPUTIME_SOFTIRQ by
mistake.
By passing irqtime_account_irq() an extra param about either hardirq or
softirq, irqtime_account_irq() can handle the above case.
From: Vineetha G. Jaya Kumaran
[ Upstream commit 388e201d41fa1ed8f2dce0f0567f56f8e919ffb0 ]
Ethtool manual stated that the tx-timer is the "the amount of time the
device should stay in idle mode prior to asserting its Tx LPI". The
previous implementation for "ethtool --set-eee tx-timer" sets
From: David Howells
[ Upstream commit fea99111244bae44e7d82a973744d27ea1567814 ]
The keyring containing the server's tokens isn't network-namespaced, so it
shouldn't be looked up with a network namespace. It is expected to be
owned specifically by the server, so namespacing is unnecessary.
From: Aya Levin
[ Upstream commit d4a16052bccdd695982f89d815ca075825115821 ]
When interface is attached while in promiscuous mode and with VLAN
filtering turned off, both configurations are not respected and VLAN
filtering is performed.
There are 2 flows which add the any-vid rules during
From: Tony Ambardar
commit 65c204398928f9c79f1a29912b410439f7052635 upstream.
Systems with memory or disk constraints often reduce the kernel footprint
by configuring LD_DEAD_CODE_DATA_ELIMINATION. However, this can result in
removal of any BTF information.
Use the KEEP() macro to preserve the
From: Qian Cai
[ Upstream commit 8a018eb55e3ac033592afbcb476b0ffe64465b12 ]
Calling pipe2() with O_NOTIFICATION_PIPE could results in memory
leaks unless watch_queue_init() is successful.
In case of watch_queue_init() failure in pipe2() we are left
with inode and
From: Si-Wei Liu
[ Upstream commit 1477c8aebb94a1db398c12d929a9d27bbd678d8c ]
vhost_vdpa_map() should remove the iotlb entry just added
if the corresponding mapping fails to set up properly.
Fixes: 4c8cf31885f6 ("vhost: introduce vDPA-based backend")
Signed-off-by: Si-Wei Liu
Link:
From: David Howells
[ Upstream commit fa1d113a0f96f9ab7e4fe4f8825753ba1e34a9d3 ]
conn->state_lock may be taken in softirq mode, but a previous patch
replaced an outer lock in the response-packet event handling code, and lost
the _bh from that when doing so.
Fix this by applying the _bh
From: Flora Cui
[ Upstream commit 898c7302f4de1d91065e80fc46552b3ec70894ff ]
max_caps might be 0, thus hdcp_work might be ZERO_SIZE_PTR
Signed-off-by: Flora Cui
Reviewed-by: Feifei Xu
Signed-off-by: Alex Deucher
Signed-off-by: Sasha Levin
---
From: Voon Weifeng
[ Upstream commit 7241c5a697479c7d0c5a96595822cdab750d41ae ]
EEE should be only be enabled during stmmac_mac_link_up() when the
link are up and being set up properly. set_eee should only do settings
configuration and disabling the eee.
Without this fix, turning on EEE using
From: Marc Dionne
[ Upstream commit 56305118e05b2db8d0395bba640ac9a3aee92624 ]
The session key should be encoded with just the 8 data bytes and
no length; ENCODE_DATA precedes it with a 4 byte length, which
confuses some existing tools that try to parse this format.
Add an ENCODE_BYTES macro
From: Vlad Buslov
[ Upstream commit 1253935ad801485270194d5651acab04abc97b36 ]
Current neigh update event handler implementation takes reference to
neighbour structure, assigns it to nhe->n, tries to schedule workqueue task
and releases the reference if task was already enqueued. This results
From: David Howells
[ Upstream commit 9a059cd5ca7d9c5c4ca5a6e755cf72f230176b6a ]
If rxrpc_read() (which allows KEYCTL_READ to read a key), sees a token of a
type it doesn't recognise, it can BUG in a couple of places, which is
unnecessary as it can easily get back to userspace.
Fix this to
On Sun, 11 Oct 2020, Sudip Mukherjee wrote:
> The variable 'current_itr' is assigned to 0 before jumping to
> 'set_itr_now' but it has not been used after the jump. So, remove the
> unneeded assignement.
>
> Signed-off-by: Sudip Mukherjee
> ---
>
From: Magnus Karlsson
[ Upstream commit 642e450b6b5955f2059d0ae372183f7c6323f951 ]
In the skb Tx path, transmission of a packet is performed with
dev_direct_xmit(). When NETDEV_TX_BUSY is set in the drivers, it
signifies that it was not possible to send the packet right now,
please try later.
On Sat, Oct 10, 2020 at 12:07:54AM +0800, Ajye Huang wrote:
> On Fri, Oct 9, 2020 at 9:52 PM Mark Brown wrote:
> > On Mon, Sep 28, 2020 at 02:37:43PM +0800, Ajye Huang wrote:
> > > Add compatible "qcom,sc7180-sndcard-rt5682-m98357-2mic"
> > > for 2mic case.
> > This doesn't apply against
On Sun, Oct 11, 2020 at 09:35:37AM -0700, Joel Fernandes wrote:
> On Fri, Oct 9, 2020 at 4:14 PM Frederic Weisbecker
> wrote:
> >
> > On Wed, Sep 23, 2020 at 11:22:08AM -0400, Joel Fernandes (Google) wrote:
> > > Currently, rcu_do_batch() depends on the unsegmented callback list's len
> > >
From: Tom Rix
[ Upstream commit f4544e5361da5050ff5c0330ceea095cb5dbdd72 ]
clang static analysis reports this problem:
drivers/net/ethernet/marvell/mvneta.c:3465:2: warning:
Attempt to free released memory
kfree(txq->buf);
^~~
When mvneta_txq_sw_init() fails to
From: Antony Antony
[ Upstream commit 8366685b2883e523f91e9816d7be371eb1144749 ]
When we clone state only add_time was cloned. It missed values like
bytes, packets. Now clone the all members of the structure.
v1->v3:
- use memcpy to copy the entire structure
Fixes: 80c9abaabf42 ("[XFRM]:
From: Si-Wei Liu
[ Upstream commit 7ed9e3d97c32d969caded2dfb6e67c1a2cc5a0b1 ]
Pinned pages are not properly accounted particularly when
mapping error occurs on IOTLB update. Clean up dangling
pinned pages for the error path. As the inflight pinned
pages, specifically for memory region that
From: Subbaraya Sundeep
[ Upstream commit e154b5b70368a84a19505a0be9b0096c66562b56 ]
Packet replication feature present in Octeontx2
is a hardware linked list of PF and its VF
interfaces so that broadcast packets are sent
to all interfaces present in the list. It is
driver job to add and delete
On 12/10/20 11:47 am, Joe Perches wrote:
> On Mon, 2020-10-12 at 11:19 +0530, Ujjwal Kumar wrote:
>> checkpatch.pl checks for invalid EXECUTE_PERMISSIONS on source
>> files. The script leverages filename extensions and its path in
>> the repository to decide whether to allow execute permissions on
From: Willy Liu
[ Upstream commit bbc4d71d63549bcd003a430de18a72a742d8c91e ]
There are two chip pins named TXDLY and RXDLY which actually adds the 2ns
delays to TXC and RXC for TXD/RXD latching. These two pins can config via
4.7k-ohm resistor to 3.3V hw setting, but also config via software
Greeting,
Please forgive me for stressing you with my predicaments and I sorry
to approach you through this media it is because it serves the fastest
means of communication. I came across your E-mail from my personal
search and I decided to contact you believing you will be honest to
fulfill my
From: Antony Antony
[ Upstream commit 91a46c6d1b4fcbfa4773df9421b8ad3e58088101 ]
XFRMA_REPLAY_ESN_VAL was not cloned completely from the old to the new.
Migrate this attribute during XFRMA_MSG_MIGRATE
v1->v2:
- move curleft cloning to a separate patch
Fixes: af2f464e326e ("xfrm: Assign esn
From: Antony Antony
[ Upstream commit 7aa05d304785204703a67a6aa7f1db402889a172 ]
XFRMA_SEC_CTX was not cloned from the old to the new.
Migrate this attribute during XFRMA_MSG_MIGRATE
v1->v2:
- return -ENOMEM on error
v2->v3:
- fix return type to int
Fixes: 80c9abaabf42 ("[XFRM]: Extension
From: Tonghao Zhang
[ Upstream commit 1a03b8a35a957f9f38ecb8a97443b7380bbf6a8b ]
Open vSwitch and Linux bridge will disable LRO of the interface
when this interface added to them. Now when disable the LRO, the
virtio-net csum is disable too. That drops the forwarding performance.
Fixes:
From: Hariprasad Kelam
[ Upstream commit 1ea0166da0509e987caa42c30a6a71f2c6ca1875 ]
Currently in otx2_open on failure of nix_lf_start
transmit queues are not stopped which are already
started in link_event. Since the tx queues are not
stopped network stack still try's to send the packets
From: Antony Antony
[ Upstream commit 545e5c571662b1cd79d9588f9d3b6e36985b8007 ]
XFRMA_SET_MARK and XFRMA_SET_MARK_MASK was not cloned from the old
to the new. Migrate these two attributes during XFRMA_MSG_MIGRATE
Fixes: 9b42c1f179a6 ("xfrm: Extend the output_mark to support input direction
From: Geetha sowjanya
[ Upstream commit 89eae5e87b4fa799726a3e8911c90d418cb5d2b1 ]
For TCP/UDP checksum offload feature in Octeontx2
expects L3TYPE to be set irrespective of IP header
checksum is being offloaded or not. Currently for
IPv6 frames L3TYPE is not being set resulting in
packet drop
From: Lu Baolu
[ Upstream commit 1a3f2fd7fc4e8f24510830e265de2ffb8e3300d2 ]
Lock(>lock) without disabling irq causes lockdep warnings.
[ 12.703950]
[ 12.703962] WARNING: possible irq lock inversion dependency detected
[ 12.703975]
On Mon, 12 Oct 2020 10:26:42 +0200
Peter Enderborg wrote:
> When there is no clients listening on event the trace return
> EBADF. The file is not a bad file descriptor and to get the
> userspace able to do a proper error handling it need a different
> error code that separate a bad file
From: Wilken Gottwalt
[ Upstream commit 9666ea66a74adfe295cb3a8760c76e1ef70f9caf ]
Adds the missing .stop entry in the Belkin driver_info structure.
Fixes: e20bd60bf62a ("net: usb: asix88179_178a: Add support for the Belkin
B2B128")
Signed-off-by: Wilken Gottwalt
Signed-off-by: David S.
Hi Linus,
Here are the io_uring updates for 5.10. This pull request contains:
- Add blkcg accounting for io-wq offload (Dennis)
- A use-after-free fix for io-wq (Hillf)
- Cancelation fixes and improvements
- Use proper files_struct references for offload
- Cleanup of io_uring_get_socket()
From: Hans de Goede
commit d823346876a970522ff9e4d2b323c9b734dcc4de upstream.
Commit cfae58ed681c ("platform/x86: intel-vbtn: Only blacklist
SW_TABLET_MODE on the 9 / "Laptop" chasis-type") restored SW_TABLET_MODE
reporting on the HP stream x360 11 series on which it was previously broken
by
From: Vladimir Zapolskiy
commit 64b7f674c292207624b3d788eda2dde3dc1415df upstream.
On setxattr() syscall path due to an apprent typo the size of a dynamically
allocated memory chunk for storing struct smb2_file_full_ea_info object is
computed incorrectly, to be more precise the first addend is
From: Coly Li
commit 7d4194abfc4de13a2663c7fee6891de8360f7a52 upstream.
Currently nvme_tcp_try_send_data() doesn't use kernel_sendpage() to
send slab pages. But for pages allocated by __get_free_pages() without
__GFP_COMP, which also have refcount as 0, they are still sent by
kernel_sendpage()
From: Cristian Ciocaltea
commit f5b3f433641c543ebe5171285a42aa6adcdb2d22 upstream.
When the NACK and BUS error bits are set by the hardware, the driver is
responsible for clearing them by writing "1" into the corresponding
status registers.
Hence perform the necessary operations in
From: Jerome Brunet
commit 28683e847e2f20eed22cdd24f185d7783db396d3 upstream.
When the slave address is written in do_start(), SLAVE_ADDR is written
completely. This may overwrite some setting related to the clock rate
or signal filtering.
Fix this by writing only the bits related to slave
From: Dumitru Ceara
commit 8aa7b526dc0b5dbf40c1b834d76a667ad672a410 upstream.
With multiple DNAT rules it's possible that after destination
translation the resulting tuples collide.
For example, two openvswitch flows:
nw_dst=10.0.0.10,tp_dst=10, actions=ct(commit,table=2,nat(dst=20.0.0.1:20))
From: Eric Dumazet
commit d42ee76ecb6c49d499fc5eb32ca34468d95dbc3e upstream.
After freeing ep->auth_hmacs we have to clear the pointer
or risk use-after-free as reported by syzbot:
BUG: KASAN: use-after-free in sctp_auth_destroy_hmacs net/sctp/auth.c:509
[inline]
BUG: KASAN: use-after-free in
From: Sabrina Dubroca
commit 4eb2e13415757a2bce5bb0d580d22bbeef1f5346 upstream.
Xiumei reported a bug with espintcp over IPv6 in transport mode,
because xfrm6_transport_finish expects to find IP6CB data (struct
inet6_skb_cb). Currently, espintcp zeroes the CB, but the relevant
part is actually
From: Jerome Brunet
commit 79e137b1540165f788394658442284d55a858984 upstream.
SCL rate appears to be different than what is expected. For example,
We get 164kHz on i2c3 of the vim3 when 400kHz is expected. This is
partially due to the peripheral clock being disabled when the clock is
set.
From: Coly Li
commit cf83a17edeeb36195596d2dae060a7c381db35f1 upstream.
commit a10674bf2406 ("tcp: detecting the misuse of .sendpage for Slab
objects") adds the checks for Slab pages, but the pages don't have
page_count are still missing from the check.
Network layer's sendpage method is not
From: Eric Dumazet
commit 89d01748b2354e210b5d4ea47bc25a42a1b42c82 upstream.
Some devices set needed_headroom. If we ignore it, we might
end up crashing in various skb_push() for example in ipgre_header()
since some layers assume enough headroom has been reserved.
Fixes: 1d76efe1577b ("team:
Hi Vitaly:
Many thanks for your brilliant z3fold code. I am reading it and have
some questions about it. It's very nice of you if you can explain it for me.
1.page->private is used in z3fold but PagePrivate flag is never set,
should we SetPagePrivate for it?
2.Since
From: Chaitanya Kulkarni
commit 4bab69093044ca81f394bd0780be1b71c5a4d308 upstream.
When try_module_get() fails in the nvme_dev_open() it returns without
releasing the ctrl reference which was taken earlier.
Put the ctrl reference which is taken before calling the
try_module_get() in the error
From: Atish Patra
commit a78c6f5956a949b496a5b087188dde52483edf51 upstream.
Currently, the memory containing DT is not reserved. Thus, that region
of memory can be reallocated or reused for other purposes. This may result
in corrupted DT for nommu virt board in Qemu. We may not face any issue
From: Coly Li
commit c381b07941adc2274ce552daf86c94701c5e265a upstream.
The original problem was from nvme-over-tcp code, who mistakenly uses
kernel_sendpage() to send pages allocated by __get_free_pages() without
__GFP_COMP flag. Such pages don't have refcount (page_count is 0) on
tail pages,
From: Hugh Dickins
commit 033b5d77551167f8c24ca862ce83d3e0745f9245 upstream.
There have been elusive reports of filemap_fault() hitting its
VM_BUG_ON_PAGE(page_to_pgoff(page) != offset, page) on kernels built
with CONFIG_READ_ONLY_THP_FOR_FS=y.
Suren has hit it on a kernel with
From: Namjae Jeon
commit 8ff006e57ad3a25f909c456d053aa498b6673a39 upstream.
syzbot reported warning message:
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1d6/0x29e lib/dump_stack.c:118
register_lock_class+0xf06/0x1520 kernel/locking/lockdep.c:893
This is the start of the stable review cycle for the 5.8.15 release.
There are 124 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Wed, 14 Oct 2020 13:31:22 +.
Anything
From: Andy Shevchenko
commit 47e538d86d5776ac8152146c3ed3d22326243190 upstream.
It appears that UML (arch/um) has no compat.h header defined and hence
can't compile a recently provided piece of code in GPIO library.
Disable compat ->read() code in UML case to avoid compilation errors.
While
From: Dinghao Liu
commit 4fd9ac6bd3044734a7028bd993944c3617d1eede upstream.
When devm_regulator_register() fails, ec should be
freed just like when olpc_ec_cmd() fails.
Fixes: 231c0c216172a ("Platform: OLPC: Add a regulator for the DCON")
Signed-off-by: Dinghao Liu
Signed-off-by: Andy
From: Anant Thazhemadam
commit 3dc289f8f139997f4e9d3cfccf8738f20d23e47b upstream.
In nl80211_parse_key(), key.idx is first initialized as -1.
If this value of key.idx remains unmodified and gets returned, and
nl80211_key_allowed() also returns 0, then rdev_del_key() gets called
with key.idx =
From: Eric Dumazet
commit c7cc9200e9b4a2ac172e990ef1975cd42975dad6 upstream.
De-referencing skb after call to gro_cells_receive() is not allowed.
We need to fetch skb->len earlier.
Fixes: 5491e7c6b1a9 ("macsec: enable GRO and RPS on macsec devices")
Signed-off-by: Eric Dumazet
Cc: Paolo Abeni
From: Geert Uytterhoeven
commit 77972b55fb9d35d4a6b0abca99abffaa4ec6a85b upstream.
This reverts commit 1838d6c62f57836639bd3d83e7855e0ee4f6defc.
This commit moved the ravb_mdio_init() call (and thus the
of_mdiobus_register() call) from the ravb_probe() to the ravb_open()
call. This causes a
From: Jeremy Linton
commit 39e4716caa598a07a98598b2e7cd03055ce25fb9 upstream.
The AES code uses a 'br x7' as part of a function called by
a macro. That branch needs a bti_j as a target. This results
in a panic as seen below. Using x16 (or x17) with an indirect
branch keeps the target bti_c.
From: Daniel Borkmann
commit 5b9fbeb75b6a98955f628e205ac26689bcb1383e upstream.
Simon reported an issue with the current scalar32_min_max_or() implementation.
That is, compared to the other 32 bit subreg tracking functions, the code in
scalar32_min_max_or() stands out that it's using the 64 bit
701 - 800 of 1792 matches
Mail list logo