- Linux-stable-mirror - lists.linaro.org

Patch "Bluetooth: btqcomsmd: Fix skb double free corruption" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled Bluetooth: btqcomsmd: Fix skb double free corruption to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: bluetooth-btqcomsmd-fix-skb-double-free-corruption.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 22 14:03:39 CET 2018 From: Loic Poulain <loic.poulain(a)linaro.org> Date: Wed, 22 Nov 2017 15:03:17 +0100 Subject: Bluetooth: btqcomsmd: Fix skb double free corruption From: Loic Poulain <loic.poulain(a)linaro.org> [ Upstream commit 67b8fbead4685b36d290a0ef91c6ddffc4920ec9 ] In case of hci send frame failure, skb is still owned by the caller (hci_core) and then should not be freed. This fixes crash on dragonboard-410c when sending SCO packet. skb is freed by both btqcomsmd and hci_core. Fixes: 1511cc750c3d ("Bluetooth: Introduce Qualcomm WCNSS SMD based HCI driver") Signed-off-by: Loic Poulain <loic.poulain(a)linaro.org> Signed-off-by: Marcel Holtmann <marcel(a)holtmann.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/bluetooth/btqcomsmd.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/drivers/bluetooth/btqcomsmd.c +++ b/drivers/bluetooth/btqcomsmd.c @@ -88,7 +88,8 @@ static int btqcomsmd_send(struct hci_dev break; } - kfree_skb(skb); + if (!ret) + kfree_skb(skb); return ret; } Patches currently in stable-queue which might be from loic.poulain(a)linaro.org are queue-4.15/bluetooth-btqcomsmd-fix-skb-double-free-corruption.patch queue-4.15/bluetooth-hci_qca-avoid-setup-failure-on-missing-rampatch.patch

7 years, 6 months

1
0
0 0

Patch "ath10k: handling qos at STA side based on AP WMM enable/disable" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ath10k: handling qos at STA side based on AP WMM enable/disable to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ath10k-handling-qos-at-sta-side-based-on-ap-wmm-enable-disable.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 22 14:03:39 CET 2018 From: Balaji Pothunoori <bpothuno(a)qti.qualcomm.com> Date: Thu, 7 Dec 2017 16:58:04 +0200 Subject: ath10k: handling qos at STA side based on AP WMM enable/disable From: Balaji Pothunoori <bpothuno(a)qti.qualcomm.com> [ Upstream commit 07ffb4497360ae8789f05555fec8171ee952304d ] Data packets are not sent by STA in case of STA joined to non QOS AP (WMM disabled AP). This is happening because of STA is sending data packets to firmware from host with qos enabled along with non qos queue value(TID = 16). Due to qos enabled, firmware is discarding the packet. This patch fixes this issue by updating the qos based on station WME capability field if WMM is disabled in AP. This patch is required by 10.4 family chipsets like QCA4019/QCA9888/QCA9884/QCA99X0. Firmware Versoin : 10.4-3.5.1-00018. For 10.2.4 family chipsets QCA988X/QCA9887 and QCA6174 this patch has no effect. Signed-off-by: Balaji Pothunoori <bpothuno(a)qti.qualcomm.com> Signed-off-by: Kalle Valo <kvalo(a)qca.qualcomm.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/wireless/ath/ath10k/mac.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/net/wireless/ath/ath10k/mac.c +++ b/drivers/net/wireless/ath/ath10k/mac.c @@ -2563,7 +2563,7 @@ static void ath10k_peer_assoc_h_qos(stru } break; case WMI_VDEV_TYPE_STA: - if (vif->bss_conf.qos) + if (sta->wme) arg->peer_flags |= arvif->ar->wmi.peer_flags->qos; break; case WMI_VDEV_TYPE_IBSS: Patches currently in stable-queue which might be from bpothuno(a)qti.qualcomm.com are queue-4.15/ath10k-handling-qos-at-sta-side-based-on-ap-wmm-enable-disable.patch

7 years, 6 months

1
0
0 0

Patch "ARM: dts: aspeed-evb: Add unit name to memory node" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ARM: dts: aspeed-evb: Add unit name to memory node to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm-dts-aspeed-evb-add-unit-name-to-memory-node.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 22 14:03:40 CET 2018 From: Joel Stanley <joel(a)jms.id.au> Date: Mon, 18 Dec 2017 23:27:03 +1030 Subject: ARM: dts: aspeed-evb: Add unit name to memory node From: Joel Stanley <joel(a)jms.id.au> [ Upstream commit e40ed274489a5f516da120186578eb379b452ac6 ] Fixes a warning when building with W=1. All of the ASPEED device trees build without warnings now. Signed-off-by: Joel Stanley <joel(a)jms.id.au> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm/boot/dts/aspeed-ast2500-evb.dts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/arm/boot/dts/aspeed-ast2500-evb.dts +++ b/arch/arm/boot/dts/aspeed-ast2500-evb.dts @@ -16,7 +16,7 @@ bootargs = "console=ttyS4,115200 earlyprintk"; }; - memory { + memory@80000000 { reg = <0x80000000 0x20000000>; }; }; Patches currently in stable-queue which might be from joel(a)jms.id.au are queue-4.15/arm-dts-aspeed-evb-add-unit-name-to-memory-node.patch

7 years, 6 months

1
0
0 0

Linux 3.18.101

by Greg KH

I'm announcing the release of the 3.18.101 kernel. All users of the 3.18 kernel series must upgrade. The updated 3.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-3.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/am335x-pepper.dts | 2 arch/arm/boot/dts/moxart-uc7112lx.dts | 2 arch/arm/boot/dts/moxart.dtsi | 17 ++++--- arch/arm/boot/dts/omap3-n900.dts | 4 - arch/arm/boot/dts/r8a7790.dtsi | 7 ++- arch/arm/boot/dts/r8a7791.dtsi | 7 ++- arch/mips/net/bpf_jit.c | 16 +++++-- arch/powerpc/mm/fault.c | 2 arch/x86/kernel/kprobes/core.c | 6 ++ arch/x86/kernel/kprobes/opt.c | 3 + block/blk-throttle.c | 11 ++++ drivers/gpu/drm/drm_irq.c | 14 +++++- drivers/gpu/drm/radeon/radeon_display.c | 6 ++ drivers/hid/hid-elo.c | 6 ++ drivers/hid/hid-input.c | 20 ++++++--- drivers/input/touchscreen/tsc2007.c | 8 +++ drivers/iommu/iova.c | 2 drivers/media/i2c/soc_camera/ov6650.c | 2 drivers/media/usb/cpia2/cpia2_v4l.c | 4 - drivers/mtd/nand/nand_base.c | 9 +++- drivers/net/ethernet/apm/xgene/xgene_enet_hw.c | 1 drivers/net/ethernet/apm/xgene/xgene_enet_hw.h | 1 drivers/net/ethernet/faraday/ftgmac100.c | 1 drivers/net/ethernet/intel/fm10k/fm10k_ethtool.c | 2 drivers/net/veth.c | 3 + drivers/net/wireless/ath/ath10k/debug.c | 9 ++++ drivers/net/wireless/ath/wil6210/main.c | 20 +++++++-- drivers/of/device.c | 2 drivers/pci/pci-driver.c | 2 drivers/scsi/ipr.c | 16 +++++-- drivers/scsi/scsi_devinfo.c | 2 drivers/scsi/sg.c | 36 +++++++++------- drivers/spi/spi-omap2-mcspi.c | 9 ++-- drivers/spi/spi-sun6i.c | 2 drivers/usb/gadget/udc/dummy_hcd.c | 20 +++------ drivers/video/fbdev/amba-clcd.c | 4 - fs/aio.c | 42 +++++++++++++------ fs/dcache.c | 11 +++- fs/reiserfs/journal.c | 2 fs/reiserfs/reiserfs.h | 1 fs/reiserfs/super.c | 21 ++++++--- include/linux/pagemap.h | 4 - include/linux/platform_data/isl9305.h | 2 include/net/tcp.h | 8 ++- kernel/printk/braille.c | 15 +++--- kernel/printk/braille.h | 13 ++++- kernel/sched/core.c | 3 - kernel/time/sched_clock.c | 5 ++ net/batman-adv/bridge_loop_avoidance.c | 20 +++++++-- net/mac80211/iface.c | 2 net/sched/act_csum.c | 12 +++++ net/xfrm/xfrm_policy.c | 2 net/xfrm/xfrm_state.c | 7 +++ security/apparmor/lsm.c | 2 security/integrity/ima/ima_appraise.c | 3 - security/selinux/hooks.c | 8 +++ sound/core/oss/pcm_oss.c | 10 ++-- sound/core/seq/seq_clientmgr.c | 4 - sound/core/seq/seq_prioq.c | 28 ++++++------ sound/core/seq/seq_prioq.h | 6 -- sound/core/seq/seq_queue.c | 28 ++++-------- sound/soc/nuc900/nuc900-ac97.c | 4 - tools/perf/util/event.c | 4 - tools/perf/util/ordered-events.c | 3 - tools/perf/util/session.c | 17 ++++++- tools/testing/selftests/rcutorture/bin/configinit.sh | 2 tools/usb/usbip/src/usbipd.c | 2 68 files changed, 389 insertions(+), 182 deletions(-) Akinobu Mita (1): spi: omap2-mcspi: poll OMAP2_MCSPI_CHSTAT_RXS for PIO transfer Al Viro (1): lock_parent() needs to recheck if dentry got __dentry_kill'ed under it Alexander Potapenko (1): selinux: check for address length in selinux_socket_bind() Andreas Pape (1): batman-adv: handle race condition for claims between gateways Andrew F. Davis (2): ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin ARM: dts: omap3-n900: Fix the audio CODEC's reset pin Andrew Lunn (1): net/faraday: Add missing include of of.h Anton Blanchard (1): powerpc: Avoid taking a data miss on every userspace instruction miss Brian King (1): scsi: ipr: Fix missed EH wakeup Chris Wilson (1): drm: Defer disabling the vblank IRQ until the next interrupt (for instant-off) Christopher James Halse Rogers (1): drm/radeon: Fail fb creation from imported dma-bufs. Dan Carpenter (2): media: cpia2: Fix a couple off by one bugs ASoC: nuc900: Fix a loop timeout test David Carrillo-Cisneros (2): perf inject: Copy events when reordering events in pipe mode perf session: Don't rely on evlist in pipe mode David Daney (1): MIPS: BPF: Quit clobbering callee saved registers in JIT code. David Engraf (1): timers, sched_clock: Update timeout for clock wrap Davide Caratti (1): sched: act_csum: don't mangle TCP and UDP GSO packets Dedy Lansky (1): wil6210: fix memory access violation in wil_memcpy_from/toio_32 Gao Feng (1): tcp: sysctl: Fix a race to avoid unexpected 0 window from space Geert Uytterhoeven (2): ARM: dts: r8a7790: Correct parent of SSI[0-9] clocks ARM: dts: r8a7791: Correct parent of SSI[0-9] clocks Greg Kroah-Hartman (1): Linux 3.18.101 H. Nikolaus Schaller (1): Input: tsc2007 - check for presence and power down tsc2007 during probe Hannes Reinecke (1): scsi: sg: close race condition in sg_remove_sfp_usercontext() Jan Kara (1): reiserfs: Make cancel_old_flush() reliable Janusz Krzysztofik (1): media: i2c/soc_camera: fix ov6650 sensor getting wrong clock Jiri Kosina (1): HID: elo: clear BTN_LEFT mapping Johannes Thumshirn (4): scsi: sg: check for valid direction before starting the request scsi: sg: fix SG_DXFER_FROM_DEV transfers scsi: sg: fix static checker warning in sg_is_valid_dxfer scsi: sg: only check for dxfer_len greater than 256M John Johansen (1): apparmor: Make path_max parameter readonly Julien BOIBESSOT (1): tools/usbip: fixes build with musl libc toolchain Kirill A. Shutemov (1): mm: Fix false-positive VM_BUG_ON() in page_cache_{get,add}_speculative() Liam Beguin (1): video: ARM CLCD: fix dma allocation size Linus Walleij (1): ARM: dts: Adjust moxart IRQ controller and flags Lorenzo Colitti (1): net: xfrm: allow clearing socket xfrm policies. Luca Coelho (1): mac80211: remove BUG() when interface type is invalid Masami Hiramatsu (2): kprobes/x86: Fix kprobe-booster not to boost far call instructions kprobes/x86: Set kprobes pages read-only Mimi Zohar (1): ima: relax requiring a file signature for new files with zero length Miquel Raynal (1): mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp]() Mohammed Shafi Shajakhan (1): ath10k: disallow DFS simulation if DFS channel is not enabled Nate Watterson (1): iommu/iova: Fix underflow bug in __alloc_and_insert_iova_range Paul E. McKenney (1): sched: Stop resched_cpu() from sending IPIs to offline CPUs Phil Turnbull (1): fm10k: correctly check if interface is removed Prarit Bhargava (1): PCI/MSI: Stop disabling MSI/MSI-X in pci_device_shutdown() Quan Nguyen (1): drivers: net: xgene: Fix hardware checksum setting Rob Herring (1): of: fix of_device_get_modalias returned length when truncating buffers Samuel Thibault (1): braille-console: Fix value returned by _braille_console_setup SeongJae Park (1): rcutorture/configinit: Fix build directory error message Shaohua Li (1): blk-throttle: make sure expire time isn't too big Stephane Eranian (1): perf tools: Make perf_event__synthesize_mmap_events() scale Stephen Hemminger (1): veth: set peer GSO values Takashi Iwai (3): ALSA: pcm: Fix UAF in snd_pcm_oss_get_formats() ALSA: seq: Fix possible UAF in snd_seq_check_queue() ALSA: seq: Clear client entry before deleting else at closing Tejun Heo (2): fs/aio: Add explicit RCU grace period when freeing kioctx fs/aio: Use RCU accessors for kioctx_table->table[] Tobias Jordan (1): spi: sun6i: disable/unprepare clocks on remove Tomasz Kramkowski (1): HID: clamp input to logical range if no null state Valtteri Heikkilä (1): HID: reject input outside logical range only if null state is set Vincent Stehlé (1): regulator: isl9305: fix array size Xose Vazquez Perez (1): scsi: devinfo: apply to HP XP the same flags as Hitachi VSP Yuyang Du (1): usb: gadget: dummy_hcd: Fix wrong power status bit clear/reset in dummy_hub_control()

7 years, 6 months

2
2
0 0

Patch "staging: android: ashmem: Fix possible deadlock in ashmem_ioctl" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled staging: android: ashmem: Fix possible deadlock in ashmem_ioctl to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: staging-android-ashmem-fix-possible-deadlock-in-ashmem_ioctl.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 740a5759bf222332fbb5eda42f89aa25ba38f9b2 Mon Sep 17 00:00:00 2001 From: Yisheng Xie <xieyisheng1(a)huawei.com> Date: Wed, 28 Feb 2018 14:59:22 +0800 Subject: staging: android: ashmem: Fix possible deadlock in ashmem_ioctl From: Yisheng Xie <xieyisheng1(a)huawei.com> commit 740a5759bf222332fbb5eda42f89aa25ba38f9b2 upstream. ashmem_mutex may create a chain of dependencies like: CPU0 CPU1 mmap syscall ioctl syscall -> mmap_sem (acquired) -> ashmem_ioctl -> ashmem_mmap -> ashmem_mutex (acquired) -> ashmem_mutex (try to acquire) -> copy_from_user -> mmap_sem (try to acquire) There is a lock odering problem between mmap_sem and ashmem_mutex causing a lockdep splat[1] during a syzcaller test. This patch fixes the problem by move copy_from_user out of ashmem_mutex. [1] https://www.spinics.net/lists/kernel/msg2733200.html Fixes: ce8a3a9e76d0 (staging: android: ashmem: Fix a race condition in pin ioctls) Reported-by: syzbot+d7a918a7a8e1c952bc36(a)syzkaller.appspotmail.com Signed-off-by: Yisheng Xie <xieyisheng1(a)huawei.com> Cc: "Joel Fernandes (Google)" <joel.opensrc(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/staging/android/ashmem.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) --- a/drivers/staging/android/ashmem.c +++ b/drivers/staging/android/ashmem.c @@ -718,16 +718,14 @@ static int ashmem_pin_unpin(struct ashme size_t pgstart, pgend; int ret = -EINVAL; + if (unlikely(copy_from_user(&pin, p, sizeof(pin)))) + return -EFAULT; + mutex_lock(&ashmem_mutex); if (unlikely(!asma->file)) goto out_unlock; - if (unlikely(copy_from_user(&pin, p, sizeof(pin)))) { - ret = -EFAULT; - goto out_unlock; - } - /* per custom, you can pass zero for len to mean "everything onward" */ if (!pin.len) pin.len = PAGE_ALIGN(asma->size) - pin.offset; Patches currently in stable-queue which might be from xieyisheng1(a)huawei.com are queue-4.9/staging-android-ashmem-fix-possible-deadlock-in-ashmem_ioctl.patch

7 years, 6 months

1
0
0 0

[PATCH 4.9 v2 0/2] Clear LED_BLINK_SW flag in led_blink_set()

by Jacek Anaszewski

The fix for brightness setting when setting delay_off=0 introduces a regression and has truncated commit message. Revert that patch and apply the one-line change required to fix the original issue in the way appropriate for the 4.9 code base. Changes from v1: - added Reported-by and Signed-off-by tags Thanks, Jacek Anaszewski Jacek Anaszewski (2): Revert "led: core: Fix brightness setting when setting delay_off=0" led: core: Clear LED_BLINK_SW flag in led_blink_set() drivers/leds/led-core.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) -- 2.1.4

7 years, 6 months

3
5
0 0

Patch "staging: android: ashmem: Fix possible deadlock in ashmem_ioctl" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled staging: android: ashmem: Fix possible deadlock in ashmem_ioctl to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: staging-android-ashmem-fix-possible-deadlock-in-ashmem_ioctl.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 740a5759bf222332fbb5eda42f89aa25ba38f9b2 Mon Sep 17 00:00:00 2001 From: Yisheng Xie <xieyisheng1(a)huawei.com> Date: Wed, 28 Feb 2018 14:59:22 +0800 Subject: staging: android: ashmem: Fix possible deadlock in ashmem_ioctl From: Yisheng Xie <xieyisheng1(a)huawei.com> commit 740a5759bf222332fbb5eda42f89aa25ba38f9b2 upstream. ashmem_mutex may create a chain of dependencies like: CPU0 CPU1 mmap syscall ioctl syscall -> mmap_sem (acquired) -> ashmem_ioctl -> ashmem_mmap -> ashmem_mutex (acquired) -> ashmem_mutex (try to acquire) -> copy_from_user -> mmap_sem (try to acquire) There is a lock odering problem between mmap_sem and ashmem_mutex causing a lockdep splat[1] during a syzcaller test. This patch fixes the problem by move copy_from_user out of ashmem_mutex. [1] https://www.spinics.net/lists/kernel/msg2733200.html Fixes: ce8a3a9e76d0 (staging: android: ashmem: Fix a race condition in pin ioctls) Reported-by: syzbot+d7a918a7a8e1c952bc36(a)syzkaller.appspotmail.com Signed-off-by: Yisheng Xie <xieyisheng1(a)huawei.com> Cc: "Joel Fernandes (Google)" <joel.opensrc(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/staging/android/ashmem.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) --- a/drivers/staging/android/ashmem.c +++ b/drivers/staging/android/ashmem.c @@ -703,16 +703,14 @@ static int ashmem_pin_unpin(struct ashme size_t pgstart, pgend; int ret = -EINVAL; + if (unlikely(copy_from_user(&pin, p, sizeof(pin)))) + return -EFAULT; + mutex_lock(&ashmem_mutex); if (unlikely(!asma->file)) goto out_unlock; - if (unlikely(copy_from_user(&pin, p, sizeof(pin)))) { - ret = -EFAULT; - goto out_unlock; - } - /* per custom, you can pass zero for len to mean "everything onward" */ if (!pin.len) pin.len = PAGE_ALIGN(asma->size) - pin.offset; Patches currently in stable-queue which might be from xieyisheng1(a)huawei.com are queue-4.4/staging-android-ashmem-fix-possible-deadlock-in-ashmem_ioctl.patch

7 years, 6 months

1
0
0 0

Patch "staging: android: ashmem: Fix possible deadlock in ashmem_ioctl" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled staging: android: ashmem: Fix possible deadlock in ashmem_ioctl to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: staging-android-ashmem-fix-possible-deadlock-in-ashmem_ioctl.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 740a5759bf222332fbb5eda42f89aa25ba38f9b2 Mon Sep 17 00:00:00 2001 From: Yisheng Xie <xieyisheng1(a)huawei.com> Date: Wed, 28 Feb 2018 14:59:22 +0800 Subject: staging: android: ashmem: Fix possible deadlock in ashmem_ioctl From: Yisheng Xie <xieyisheng1(a)huawei.com> commit 740a5759bf222332fbb5eda42f89aa25ba38f9b2 upstream. ashmem_mutex may create a chain of dependencies like: CPU0 CPU1 mmap syscall ioctl syscall -> mmap_sem (acquired) -> ashmem_ioctl -> ashmem_mmap -> ashmem_mutex (acquired) -> ashmem_mutex (try to acquire) -> copy_from_user -> mmap_sem (try to acquire) There is a lock odering problem between mmap_sem and ashmem_mutex causing a lockdep splat[1] during a syzcaller test. This patch fixes the problem by move copy_from_user out of ashmem_mutex. [1] https://www.spinics.net/lists/kernel/msg2733200.html Fixes: ce8a3a9e76d0 (staging: android: ashmem: Fix a race condition in pin ioctls) Reported-by: syzbot+d7a918a7a8e1c952bc36(a)syzkaller.appspotmail.com Signed-off-by: Yisheng Xie <xieyisheng1(a)huawei.com> Cc: "Joel Fernandes (Google)" <joel.opensrc(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/staging/android/ashmem.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) --- a/drivers/staging/android/ashmem.c +++ b/drivers/staging/android/ashmem.c @@ -709,16 +709,14 @@ static int ashmem_pin_unpin(struct ashme size_t pgstart, pgend; int ret = -EINVAL; + if (unlikely(copy_from_user(&pin, p, sizeof(pin)))) + return -EFAULT; + mutex_lock(&ashmem_mutex); if (unlikely(!asma->file)) goto out_unlock; - if (unlikely(copy_from_user(&pin, p, sizeof(pin)))) { - ret = -EFAULT; - goto out_unlock; - } - /* per custom, you can pass zero for len to mean "everything onward" */ if (!pin.len) pin.len = PAGE_ALIGN(asma->size) - pin.offset; Patches currently in stable-queue which might be from xieyisheng1(a)huawei.com are queue-4.15/staging-android-ashmem-fix-possible-deadlock-in-ashmem_ioctl.patch

7 years, 6 months

1
0
0 0

Patch "staging: android: ashmem: Fix possible deadlock in ashmem_ioctl" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled staging: android: ashmem: Fix possible deadlock in ashmem_ioctl to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: staging-android-ashmem-fix-possible-deadlock-in-ashmem_ioctl.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 740a5759bf222332fbb5eda42f89aa25ba38f9b2 Mon Sep 17 00:00:00 2001 From: Yisheng Xie <xieyisheng1(a)huawei.com> Date: Wed, 28 Feb 2018 14:59:22 +0800 Subject: staging: android: ashmem: Fix possible deadlock in ashmem_ioctl From: Yisheng Xie <xieyisheng1(a)huawei.com> commit 740a5759bf222332fbb5eda42f89aa25ba38f9b2 upstream. ashmem_mutex may create a chain of dependencies like: CPU0 CPU1 mmap syscall ioctl syscall -> mmap_sem (acquired) -> ashmem_ioctl -> ashmem_mmap -> ashmem_mutex (acquired) -> ashmem_mutex (try to acquire) -> copy_from_user -> mmap_sem (try to acquire) There is a lock odering problem between mmap_sem and ashmem_mutex causing a lockdep splat[1] during a syzcaller test. This patch fixes the problem by move copy_from_user out of ashmem_mutex. [1] https://www.spinics.net/lists/kernel/msg2733200.html Fixes: ce8a3a9e76d0 (staging: android: ashmem: Fix a race condition in pin ioctls) Reported-by: syzbot+d7a918a7a8e1c952bc36(a)syzkaller.appspotmail.com Signed-off-by: Yisheng Xie <xieyisheng1(a)huawei.com> Cc: "Joel Fernandes (Google)" <joel.opensrc(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/staging/android/ashmem.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) --- a/drivers/staging/android/ashmem.c +++ b/drivers/staging/android/ashmem.c @@ -709,16 +709,14 @@ static int ashmem_pin_unpin(struct ashme size_t pgstart, pgend; int ret = -EINVAL; + if (unlikely(copy_from_user(&pin, p, sizeof(pin)))) + return -EFAULT; + mutex_lock(&ashmem_mutex); if (unlikely(!asma->file)) goto out_unlock; - if (unlikely(copy_from_user(&pin, p, sizeof(pin)))) { - ret = -EFAULT; - goto out_unlock; - } - /* per custom, you can pass zero for len to mean "everything onward" */ if (!pin.len) pin.len = PAGE_ALIGN(asma->size) - pin.offset; Patches currently in stable-queue which might be from xieyisheng1(a)huawei.com are queue-4.14/staging-android-ashmem-fix-possible-deadlock-in-ashmem_ioctl.patch

7 years, 6 months

1
0
0 0

FAILED: patch "[PATCH] bpf: fix bpf_prog_array_copy_to_user() issues" failed to apply to 4.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 0911287ce32b14fbc8aab0083151d9b54254091c Mon Sep 17 00:00:00 2001 From: Alexei Starovoitov <ast(a)kernel.org> Date: Fri, 2 Feb 2018 15:14:05 -0800 Subject: [PATCH] bpf: fix bpf_prog_array_copy_to_user() issues 1. move copy_to_user out of rcu section to fix the following issue: ./include/linux/rcupdate.h:302 Illegal context switch in RCU read-side critical section! stack backtrace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4592 rcu_preempt_sleep_check include/linux/rcupdate.h:301 [inline] ___might_sleep+0x385/0x470 kernel/sched/core.c:6079 __might_sleep+0x95/0x190 kernel/sched/core.c:6067 __might_fault+0xab/0x1d0 mm/memory.c:4532 _copy_to_user+0x2c/0xc0 lib/usercopy.c:25 copy_to_user include/linux/uaccess.h:155 [inline] bpf_prog_array_copy_to_user+0x217/0x4d0 kernel/bpf/core.c:1587 bpf_prog_array_copy_info+0x17b/0x1c0 kernel/bpf/core.c:1685 perf_event_query_prog_array+0x196/0x280 kernel/trace/bpf_trace.c:877 _perf_ioctl kernel/events/core.c:4737 [inline] perf_ioctl+0x3e1/0x1480 kernel/events/core.c:4757 2. move *prog under rcu, since it's not ok to dereference it afterwards 3. in a rare case of prog array being swapped between bpf_prog_array_length() and bpf_prog_array_copy_to_user() calls make sure to copy zeros to user space, so the user doesn't walk over uninited prog_ids while kernel reported uattr->query.prog_cnt > 0 Reported-by: syzbot+7dbcd2d3b85f9b608b23(a)syzkaller.appspotmail.com Fixes: 468e2f64d220 ("bpf: introduce BPF_PROG_QUERY command") Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c index 5f35f93dcab2..29ca9208dcfa 100644 --- a/kernel/bpf/core.c +++ b/kernel/bpf/core.c @@ -1576,25 +1576,41 @@ int bpf_prog_array_copy_to_user(struct bpf_prog_array __rcu *progs, __u32 __user *prog_ids, u32 cnt) { struct bpf_prog **prog; - u32 i = 0, id; - + unsigned long err = 0; + u32 i = 0, *ids; + bool nospc; + + /* users of this function are doing: + * cnt = bpf_prog_array_length(); + * if (cnt > 0) + * bpf_prog_array_copy_to_user(..., cnt); + * so below kcalloc doesn't need extra cnt > 0 check, but + * bpf_prog_array_length() releases rcu lock and + * prog array could have been swapped with empty or larger array, + * so always copy 'cnt' prog_ids to the user. + * In a rare race the user will see zero prog_ids + */ + ids = kcalloc(cnt, sizeof(u32), GFP_USER); + if (!ids) + return -ENOMEM; rcu_read_lock(); prog = rcu_dereference(progs)->progs; for (; *prog; prog++) { if (*prog == &dummy_bpf_prog.prog) continue; - id = (*prog)->aux->id; - if (copy_to_user(prog_ids + i, &id, sizeof(id))) { - rcu_read_unlock(); - return -EFAULT; - } + ids[i] = (*prog)->aux->id; if (++i == cnt) { prog++; break; } } + nospc = !!(*prog); rcu_read_unlock(); - if (*prog) + err = copy_to_user(prog_ids, ids, cnt * sizeof(u32)); + kfree(ids); + if (err) + return -EFAULT; + if (nospc) return -ENOSPC; return 0; }

7 years, 6 months

1
0
0 0

Patch "tpm: fix potential buffer overruns caused by bit glitches on the bus" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled tpm: fix potential buffer overruns caused by bit glitches on the bus to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: tpm-fix-potential-buffer-overruns-caused-by-bit-glitches-on-the-bus.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 3be23274755ee85771270a23af7691dc9b3a95db Mon Sep 17 00:00:00 2001 From: Jeremy Boone <jeremy.boone(a)nccgroup.trust> Date: Thu, 8 Feb 2018 12:28:08 -0800 Subject: tpm: fix potential buffer overruns caused by bit glitches on the bus From: Jeremy Boone <jeremy.boone(a)nccgroup.trust> commit 3be23274755ee85771270a23af7691dc9b3a95db upstream. Discrete TPMs are often connected over slow serial buses which, on some platforms, can have glitches causing bit flips. If a bit does flip it could cause an overrun if it's in one of the size parameters, so sanity check that we're not overrunning the provided buffer when doing a memcpy(). Signed-off-by: Jeremy Boone <jeremy.boone(a)nccgroup.trust> Cc: stable(a)vger.kernel.org Signed-off-by: James Bottomley <James.Bottomley(a)HansenPartnership.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Signed-off-by: James Morris <james.morris(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/char/tpm/tpm-interface.c | 5 +++++ drivers/char/tpm/tpm2-cmd.c | 6 ++++++ 2 files changed, 11 insertions(+) --- a/drivers/char/tpm/tpm-interface.c +++ b/drivers/char/tpm/tpm-interface.c @@ -1078,6 +1078,11 @@ int tpm_get_random(u32 chip_num, u8 *out break; recd = be32_to_cpu(tpm_cmd.params.getrandom_out.rng_data_len); + if (recd > num_bytes) { + total = -EFAULT; + break; + } + memcpy(dest, tpm_cmd.params.getrandom_out.rng_data, recd); dest += recd; --- a/drivers/char/tpm/tpm2-cmd.c +++ b/drivers/char/tpm/tpm2-cmd.c @@ -668,6 +668,11 @@ static int tpm2_unseal_cmd(struct tpm_ch if (!rc) { data_len = be16_to_cpup( (__be16 *) &buf.data[TPM_HEADER_SIZE + 4]); + if (data_len < MIN_KEY_SIZE || data_len > MAX_KEY_SIZE + 1) { + rc = -EFAULT; + goto out; + } + data = &buf.data[TPM_HEADER_SIZE + 6]; memcpy(payload->key, data, data_len - 1); @@ -675,6 +680,7 @@ static int tpm2_unseal_cmd(struct tpm_ch payload->migratable = data[data_len - 1]; } +out: tpm_buf_destroy(&buf); return rc; } Patches currently in stable-queue which might be from jeremy.boone(a)nccgroup.trust are queue-4.9/tpm-fix-potential-buffer-overruns-caused-by-bit-glitches-on-the-bus.patch

7 years, 6 months

1
0
0 0

Patch "SMB3: Validate negotiate request must always be signed" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled SMB3: Validate negotiate request must always be signed to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: smb3-validate-negotiate-request-must-always-be-signed.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 4587eee04e2ac7ac3ac9fa2bc164fb6e548f99cd Mon Sep 17 00:00:00 2001 From: Steve French <smfrench(a)gmail.com> Date: Wed, 25 Oct 2017 15:58:31 -0500 Subject: SMB3: Validate negotiate request must always be signed From: Steve French <smfrench(a)gmail.com> commit 4587eee04e2ac7ac3ac9fa2bc164fb6e548f99cd upstream. According to MS-SMB2 3.2.55 validate_negotiate request must always be signed. Some Windows can fail the request if you send it unsigned See kernel bugzilla bug 197311 CC: Stable <stable(a)vger.kernel.org> Acked-by: Ronnie Sahlberg <lsahlber.redhat.com> Signed-off-by: Steve French <smfrench(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/cifs/smb2pdu.c | 3 +++ 1 file changed, 3 insertions(+) --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -1712,6 +1712,9 @@ SMB2_ioctl(const unsigned int xid, struc } else iov[0].iov_len = get_rfc1002_length(req) + 4; + /* validate negotiate request must be signed - see MS-SMB2 3.2.5.5 */ + if (opcode == FSCTL_VALIDATE_NEGOTIATE_INFO) + req->hdr.Flags |= SMB2_FLAGS_SIGNED; rc = SendReceive2(xid, ses, iov, num_iovecs, &resp_buftype, 0); rsp = (struct smb2_ioctl_rsp *)iov[0].iov_base; Patches currently in stable-queue which might be from smfrench(a)gmail.com are queue-4.9/smb3-validate-negotiate-request-must-always-be-signed.patch queue-4.9/cifs-enable-encryption-during-session-setup-phase.patch

7 years, 6 months

1
0
0 0

Patch "CIFS: Enable encryption during session setup phase" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled CIFS: Enable encryption during session setup phase to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: cifs-enable-encryption-during-session-setup-phase.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From cabfb3680f78981d26c078a26e5c748531257ebb Mon Sep 17 00:00:00 2001 From: Pavel Shilovsky <pshilov(a)microsoft.com> Date: Mon, 7 Nov 2016 18:20:50 -0800 Subject: CIFS: Enable encryption during session setup phase From: Pavel Shilovsky <pshilov(a)microsoft.com> commit cabfb3680f78981d26c078a26e5c748531257ebb upstream. In order to allow encryption on SMB connection we need to exchange a session key and generate encryption and decryption keys. Signed-off-by: Pavel Shilovsky <pshilov(a)microsoft.com> Cc: Steve French <smfrench(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/cifs/sess.c | 22 ++++++++++------------ fs/cifs/smb2pdu.c | 12 ++---------- 2 files changed, 12 insertions(+), 22 deletions(-) --- a/fs/cifs/sess.c +++ b/fs/cifs/sess.c @@ -344,13 +344,12 @@ void build_ntlmssp_negotiate_blob(unsign /* BB is NTLMV2 session security format easier to use here? */ flags = NTLMSSP_NEGOTIATE_56 | NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE | - NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC; - if (ses->server->sign) { + NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC | + NTLMSSP_NEGOTIATE_SEAL; + if (ses->server->sign) flags |= NTLMSSP_NEGOTIATE_SIGN; - if (!ses->server->session_estab || - ses->ntlmssp->sesskey_per_smbsess) - flags |= NTLMSSP_NEGOTIATE_KEY_XCH; - } + if (!ses->server->session_estab || ses->ntlmssp->sesskey_per_smbsess) + flags |= NTLMSSP_NEGOTIATE_KEY_XCH; sec_blob->NegotiateFlags = cpu_to_le32(flags); @@ -407,13 +406,12 @@ int build_ntlmssp_auth_blob(unsigned cha flags = NTLMSSP_NEGOTIATE_56 | NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_TARGET_INFO | NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE | - NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC; - if (ses->server->sign) { + NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC | + NTLMSSP_NEGOTIATE_SEAL; + if (ses->server->sign) flags |= NTLMSSP_NEGOTIATE_SIGN; - if (!ses->server->session_estab || - ses->ntlmssp->sesskey_per_smbsess) - flags |= NTLMSSP_NEGOTIATE_KEY_XCH; - } + if (!ses->server->session_estab || ses->ntlmssp->sesskey_per_smbsess) + flags |= NTLMSSP_NEGOTIATE_KEY_XCH; tmp = *pbuffer + sizeof(AUTHENTICATE_MESSAGE); sec_blob->NegotiateFlags = cpu_to_le32(flags); --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -707,15 +707,13 @@ SMB2_sess_establish_session(struct SMB2_ struct cifs_ses *ses = sess_data->ses; mutex_lock(&ses->server->srv_mutex); - if (ses->server->sign && ses->server->ops->generate_signingkey) { + if (ses->server->ops->generate_signingkey) { rc = ses->server->ops->generate_signingkey(ses); - kfree(ses->auth_key.response); - ses->auth_key.response = NULL; if (rc) { cifs_dbg(FYI, "SMB3 session key generation failed\n"); mutex_unlock(&ses->server->srv_mutex); - goto keygen_exit; + return rc; } } if (!ses->server->session_estab) { @@ -729,12 +727,6 @@ SMB2_sess_establish_session(struct SMB2_ ses->status = CifsGood; ses->need_reconnect = false; spin_unlock(&GlobalMid_Lock); - -keygen_exit: - if (!ses->server->sign) { - kfree(ses->auth_key.response); - ses->auth_key.response = NULL; - } return rc; } Patches currently in stable-queue which might be from pshilov(a)microsoft.com are queue-4.9/cifs-enable-encryption-during-session-setup-phase.patch

7 years, 6 months

1
0
0 0

Patch "ASoC: rsnd: check src mod pointer for rsnd_mod_id()" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ASoC: rsnd: check src mod pointer for rsnd_mod_id() to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: asoc-rsnd-check-src-mod-pointer-for-rsnd_mod_id.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 374503c6109e60f48fa9b11341b14466f07bd3f4 Mon Sep 17 00:00:00 2001 From: Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> Date: Wed, 17 May 2017 06:50:32 +0000 Subject: ASoC: rsnd: check src mod pointer for rsnd_mod_id() From: Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> commit 374503c6109e60f48fa9b11341b14466f07bd3f4 upstream. Without this patch, gcc 4.9.x says sound/soc/sh/rcar/cmd.c: In function 'rsnd_cmd_init': sound/soc/sh/rcar/cmd.c:85:14: warning: array subscript is below array\ bounds [-Warray-bounds] data = path[rsnd_mod_id(src)] | Signed-off-by: Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: Guenter Roeck <linux(a)roeck-us.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- sound/soc/sh/rcar/cmd.c | 3 +++ 1 file changed, 3 insertions(+) --- a/sound/soc/sh/rcar/cmd.c +++ b/sound/soc/sh/rcar/cmd.c @@ -82,6 +82,9 @@ static int rsnd_cmd_init(struct rsnd_mod [9] = 0x2, }; + if (unlikely(!src)) + return -EIO; + data = path[rsnd_mod_id(src)] | cmd_case[rsnd_mod_id(src)] << 16; } Patches currently in stable-queue which might be from kuninori.morimoto.gx(a)renesas.com are queue-4.9/asoc-rsnd-check-src-mod-pointer-for-rsnd_mod_id.patch

7 years, 6 months

1
0
0 0

Patch "tpm_tis: fix potential buffer overruns caused by bit glitches on the bus" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled tpm_tis: fix potential buffer overruns caused by bit glitches on the bus to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: tpm_tis-fix-potential-buffer-overruns-caused-by-bit-glitches-on-the-bus.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 6bb320ca4a4a7b5b3db8c8d7250cc40002046878 Mon Sep 17 00:00:00 2001 From: Jeremy Boone <jeremy.boone(a)nccgroup.trust> Date: Thu, 8 Feb 2018 12:32:06 -0800 Subject: tpm_tis: fix potential buffer overruns caused by bit glitches on the bus From: Jeremy Boone <jeremy.boone(a)nccgroup.trust> commit 6bb320ca4a4a7b5b3db8c8d7250cc40002046878 upstream. Discrete TPMs are often connected over slow serial buses which, on some platforms, can have glitches causing bit flips. In all the driver _recv() functions, we need to use a u32 to unmarshal the response size, otherwise a bit flip of the 31st bit would cause the expected variable to go negative, which would then try to read a huge amount of data. Also sanity check that the expected amount of data is large enough for the TPM header. Signed-off-by: Jeremy Boone <jeremy.boone(a)nccgroup.trust> Cc: stable(a)vger.kernel.org Signed-off-by: James Bottomley <James.Bottomley(a)HansenPartnership.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Signed-off-by: James Morris <james.morris(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/char/tpm/tpm_tis.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) --- a/drivers/char/tpm/tpm_tis.c +++ b/drivers/char/tpm/tpm_tis.c @@ -283,7 +283,8 @@ static int recv_data(struct tpm_chip *ch static int tpm_tis_recv(struct tpm_chip *chip, u8 *buf, size_t count) { int size = 0; - int expected, status; + int status; + u32 expected; if (count < TPM_HEADER_SIZE) { size = -EIO; @@ -298,7 +299,7 @@ static int tpm_tis_recv(struct tpm_chip } expected = be32_to_cpu(*(__be32 *) (buf + 2)); - if (expected > count) { + if (expected > count || expected < TPM_HEADER_SIZE) { size = -EIO; goto out; } Patches currently in stable-queue which might be from jeremy.boone(a)nccgroup.trust are queue-4.4/tpm-fix-potential-buffer-overruns-caused-by-bit-glitches-on-the-bus.patch queue-4.4/tpm_tis-fix-potential-buffer-overruns-caused-by-bit-glitches-on-the-bus.patch

7 years, 6 months

1
0
0 0

Patch "tpm: fix potential buffer overruns caused by bit glitches on the bus" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled tpm: fix potential buffer overruns caused by bit glitches on the bus to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: tpm-fix-potential-buffer-overruns-caused-by-bit-glitches-on-the-bus.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 3be23274755ee85771270a23af7691dc9b3a95db Mon Sep 17 00:00:00 2001 From: Jeremy Boone <jeremy.boone(a)nccgroup.trust> Date: Thu, 8 Feb 2018 12:28:08 -0800 Subject: tpm: fix potential buffer overruns caused by bit glitches on the bus From: Jeremy Boone <jeremy.boone(a)nccgroup.trust> commit 3be23274755ee85771270a23af7691dc9b3a95db upstream. Discrete TPMs are often connected over slow serial buses which, on some platforms, can have glitches causing bit flips. If a bit does flip it could cause an overrun if it's in one of the size parameters, so sanity check that we're not overrunning the provided buffer when doing a memcpy(). Signed-off-by: Jeremy Boone <jeremy.boone(a)nccgroup.trust> Cc: stable(a)vger.kernel.org Signed-off-by: James Bottomley <James.Bottomley(a)HansenPartnership.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Signed-off-by: James Morris <james.morris(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/char/tpm/tpm-interface.c | 5 +++++ drivers/char/tpm/tpm2-cmd.c | 6 ++++++ 2 files changed, 11 insertions(+) --- a/drivers/char/tpm/tpm-interface.c +++ b/drivers/char/tpm/tpm-interface.c @@ -1040,6 +1040,11 @@ int tpm_get_random(u32 chip_num, u8 *out break; recd = be32_to_cpu(tpm_cmd.params.getrandom_out.rng_data_len); + if (recd > num_bytes) { + total = -EFAULT; + break; + } + memcpy(dest, tpm_cmd.params.getrandom_out.rng_data, recd); dest += recd; --- a/drivers/char/tpm/tpm2-cmd.c +++ b/drivers/char/tpm/tpm2-cmd.c @@ -622,6 +622,11 @@ static int tpm2_unseal_cmd(struct tpm_ch if (!rc) { data_len = be16_to_cpup( (__be16 *) &buf.data[TPM_HEADER_SIZE + 4]); + if (data_len < MIN_KEY_SIZE || data_len > MAX_KEY_SIZE + 1) { + rc = -EFAULT; + goto out; + } + data = &buf.data[TPM_HEADER_SIZE + 6]; memcpy(payload->key, data, data_len - 1); @@ -629,6 +634,7 @@ static int tpm2_unseal_cmd(struct tpm_ch payload->migratable = data[data_len - 1]; } +out: tpm_buf_destroy(&buf); return rc; } Patches currently in stable-queue which might be from jeremy.boone(a)nccgroup.trust are queue-4.4/tpm-fix-potential-buffer-overruns-caused-by-bit-glitches-on-the-bus.patch queue-4.4/tpm_tis-fix-potential-buffer-overruns-caused-by-bit-glitches-on-the-bus.patch

7 years, 6 months

1
0
0 0

Patch "SMB3: Validate negotiate request must always be signed" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled SMB3: Validate negotiate request must always be signed to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: smb3-validate-negotiate-request-must-always-be-signed.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 4587eee04e2ac7ac3ac9fa2bc164fb6e548f99cd Mon Sep 17 00:00:00 2001 From: Steve French <smfrench(a)gmail.com> Date: Wed, 25 Oct 2017 15:58:31 -0500 Subject: SMB3: Validate negotiate request must always be signed From: Steve French <smfrench(a)gmail.com> commit 4587eee04e2ac7ac3ac9fa2bc164fb6e548f99cd upstream. According to MS-SMB2 3.2.55 validate_negotiate request must always be signed. Some Windows can fail the request if you send it unsigned See kernel bugzilla bug 197311 CC: Stable <stable(a)vger.kernel.org> Acked-by: Ronnie Sahlberg <lsahlber.redhat.com> Signed-off-by: Steve French <smfrench(a)gmail.com> Signed-off-by: Srivatsa S. Bhat <srivatsa(a)csail.mit.edu> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/cifs/smb2pdu.c | 3 +++ 1 file changed, 3 insertions(+) --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -1558,6 +1558,9 @@ SMB2_ioctl(const unsigned int xid, struc } else iov[0].iov_len = get_rfc1002_length(req) + 4; + /* validate negotiate request must be signed - see MS-SMB2 3.2.5.5 */ + if (opcode == FSCTL_VALIDATE_NEGOTIATE_INFO) + req->hdr.Flags |= SMB2_FLAGS_SIGNED; rc = SendReceive2(xid, ses, iov, num_iovecs, &resp_buftype, 0); rsp = (struct smb2_ioctl_rsp *)iov[0].iov_base; Patches currently in stable-queue which might be from smfrench(a)gmail.com are queue-4.4/smb3-validate-negotiate-request-must-always-be-signed.patch queue-4.4/cifs-enable-encryption-during-session-setup-phase.patch

7 years, 6 months

1
0
0 0

Patch "CIFS: Enable encryption during session setup phase" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled CIFS: Enable encryption during session setup phase to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: cifs-enable-encryption-during-session-setup-phase.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From cabfb3680f78981d26c078a26e5c748531257ebb Mon Sep 17 00:00:00 2001 From: Pavel Shilovsky <pshilov(a)microsoft.com> Date: Mon, 7 Nov 2016 18:20:50 -0800 Subject: CIFS: Enable encryption during session setup phase From: Pavel Shilovsky <pshilov(a)microsoft.com> commit cabfb3680f78981d26c078a26e5c748531257ebb upstream. In order to allow encryption on SMB connection we need to exchange a session key and generate encryption and decryption keys. Signed-off-by: Pavel Shilovsky <pshilov(a)microsoft.com> Signed-off-by: Srivatsa S. Bhat <srivatsa(a)csail.mit.edu> Cc: Steve French <smfrench(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/cifs/sess.c | 22 ++++++++++------------ fs/cifs/smb2pdu.c | 8 +------- 2 files changed, 11 insertions(+), 19 deletions(-) --- a/fs/cifs/sess.c +++ b/fs/cifs/sess.c @@ -344,13 +344,12 @@ void build_ntlmssp_negotiate_blob(unsign /* BB is NTLMV2 session security format easier to use here? */ flags = NTLMSSP_NEGOTIATE_56 | NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE | - NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC; - if (ses->server->sign) { + NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC | + NTLMSSP_NEGOTIATE_SEAL; + if (ses->server->sign) flags |= NTLMSSP_NEGOTIATE_SIGN; - if (!ses->server->session_estab || - ses->ntlmssp->sesskey_per_smbsess) - flags |= NTLMSSP_NEGOTIATE_KEY_XCH; - } + if (!ses->server->session_estab || ses->ntlmssp->sesskey_per_smbsess) + flags |= NTLMSSP_NEGOTIATE_KEY_XCH; sec_blob->NegotiateFlags = cpu_to_le32(flags); @@ -407,13 +406,12 @@ int build_ntlmssp_auth_blob(unsigned cha flags = NTLMSSP_NEGOTIATE_56 | NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_TARGET_INFO | NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE | - NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC; - if (ses->server->sign) { + NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC | + NTLMSSP_NEGOTIATE_SEAL; + if (ses->server->sign) flags |= NTLMSSP_NEGOTIATE_SIGN; - if (!ses->server->session_estab || - ses->ntlmssp->sesskey_per_smbsess) - flags |= NTLMSSP_NEGOTIATE_KEY_XCH; - } + if (!ses->server->session_estab || ses->ntlmssp->sesskey_per_smbsess) + flags |= NTLMSSP_NEGOTIATE_KEY_XCH; tmp = *pbuffer + sizeof(AUTHENTICATE_MESSAGE); sec_blob->NegotiateFlags = cpu_to_le32(flags); --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -832,10 +832,8 @@ ssetup_exit: if (!rc) { mutex_lock(&server->srv_mutex); - if (server->sign && server->ops->generate_signingkey) { + if (server->ops->generate_signingkey) { rc = server->ops->generate_signingkey(ses); - kfree(ses->auth_key.response); - ses->auth_key.response = NULL; if (rc) { cifs_dbg(FYI, "SMB3 session key generation failed\n"); @@ -857,10 +855,6 @@ ssetup_exit: } keygen_exit: - if (!server->sign) { - kfree(ses->auth_key.response); - ses->auth_key.response = NULL; - } if (spnego_key) { key_invalidate(spnego_key); key_put(spnego_key); Patches currently in stable-queue which might be from pshilov(a)microsoft.com are queue-4.4/cifs-enable-encryption-during-session-setup-phase.patch

7 years, 6 months

1
0
0 0

Patch "scsi: megaraid_sas: Do not use 32-bit atomic request descriptor for Ventura controllers" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled scsi: megaraid_sas: Do not use 32-bit atomic request descriptor for Ventura controllers to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: scsi-megaraid_sas-do-not-use-32-bit-atomic-request-descriptor-for-ventura-controllers.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 9ff97fa8db94caeab59a3c5401e975df468b4d8e Mon Sep 17 00:00:00 2001 From: Shivasharan S <shivasharan.srikanteshwara(a)broadcom.com> Date: Wed, 14 Feb 2018 00:10:52 -0800 Subject: scsi: megaraid_sas: Do not use 32-bit atomic request descriptor for Ventura controllers From: Shivasharan S <shivasharan.srikanteshwara(a)broadcom.com> commit 9ff97fa8db94caeab59a3c5401e975df468b4d8e upstream. Problem Statement: Sending I/O through 32 bit descriptors to Ventura series of controller results in IO timeout on certain conditions. This error only occurs on systems with high I/O activity on Ventura series controllers. Changes in this patch will prevent driver from using 32 bit descriptor and use 64 bit Descriptors. Cc: <stable(a)vger.kernel.org> Signed-off-by: Kashyap Desai <kashyap.desai(a)broadcom.com> Signed-off-by: Shivasharan S <shivasharan.srikanteshwara(a)broadcom.com> Reviewed-by: Hannes Reinecke <hare(a)suse.com> Reviewed-by: Tomas Henzl <thenzl(a)redhat.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/scsi/megaraid/megaraid_sas_fusion.c | 42 +++++++++------------------- 1 file changed, 14 insertions(+), 28 deletions(-) --- a/drivers/scsi/megaraid/megaraid_sas_fusion.c +++ b/drivers/scsi/megaraid/megaraid_sas_fusion.c @@ -216,36 +216,30 @@ inline void megasas_return_cmd_fusion(st /** * megasas_fire_cmd_fusion - Sends command to the FW * @instance: Adapter soft state - * @req_desc: 32bit or 64bit Request descriptor + * @req_desc: 64bit Request descriptor * - * Perform PCI Write. Ventura supports 32 bit Descriptor. - * Prior to Ventura (12G) MR controller supports 64 bit Descriptor. + * Perform PCI Write. */ static void megasas_fire_cmd_fusion(struct megasas_instance *instance, union MEGASAS_REQUEST_DESCRIPTOR_UNION *req_desc) { - if (instance->adapter_type == VENTURA_SERIES) - writel(le32_to_cpu(req_desc->u.low), - &instance->reg_set->inbound_single_queue_port); - else { #if defined(writeq) && defined(CONFIG_64BIT) - u64 req_data = (((u64)le32_to_cpu(req_desc->u.high) << 32) | - le32_to_cpu(req_desc->u.low)); + u64 req_data = (((u64)le32_to_cpu(req_desc->u.high) << 32) | + le32_to_cpu(req_desc->u.low)); - writeq(req_data, &instance->reg_set->inbound_low_queue_port); + writeq(req_data, &instance->reg_set->inbound_low_queue_port); #else - unsigned long flags; - spin_lock_irqsave(&instance->hba_lock, flags); - writel(le32_to_cpu(req_desc->u.low), - &instance->reg_set->inbound_low_queue_port); - writel(le32_to_cpu(req_desc->u.high), - &instance->reg_set->inbound_high_queue_port); - mmiowb(); - spin_unlock_irqrestore(&instance->hba_lock, flags); + unsigned long flags; + spin_lock_irqsave(&instance->hba_lock, flags); + writel(le32_to_cpu(req_desc->u.low), + &instance->reg_set->inbound_low_queue_port); + writel(le32_to_cpu(req_desc->u.high), + &instance->reg_set->inbound_high_queue_port); + mmiowb(); + spin_unlock_irqrestore(&instance->hba_lock, flags); #endif - } } /** @@ -982,7 +976,6 @@ megasas_ioc_init_fusion(struct megasas_i const char *sys_info; MFI_CAPABILITIES *drv_ops; u32 scratch_pad_2; - unsigned long flags; struct timeval tv; bool cur_fw_64bit_dma_capable; @@ -1121,14 +1114,7 @@ megasas_ioc_init_fusion(struct megasas_i break; } - /* For Ventura also IOC INIT required 64 bit Descriptor write. */ - spin_lock_irqsave(&instance->hba_lock, flags); - writel(le32_to_cpu(req_desc.u.low), - &instance->reg_set->inbound_low_queue_port); - writel(le32_to_cpu(req_desc.u.high), - &instance->reg_set->inbound_high_queue_port); - mmiowb(); - spin_unlock_irqrestore(&instance->hba_lock, flags); + megasas_fire_cmd_fusion(instance, &req_desc); wait_and_poll(instance, cmd, MFI_POLL_TIMEOUT_SECS); Patches currently in stable-queue which might be from shivasharan.srikanteshwara(a)broadcom.com are queue-4.15/scsi-megaraid_sas-do-not-use-32-bit-atomic-request-descriptor-for-ventura-controllers.patch

7 years, 6 months

1
0
0 0

Patch "scsi: megaraid_sas: Do not use 32-bit atomic request descriptor for Ventura controllers" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled scsi: megaraid_sas: Do not use 32-bit atomic request descriptor for Ventura controllers to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: scsi-megaraid_sas-do-not-use-32-bit-atomic-request-descriptor-for-ventura-controllers.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 9ff97fa8db94caeab59a3c5401e975df468b4d8e Mon Sep 17 00:00:00 2001 From: Shivasharan S <shivasharan.srikanteshwara(a)broadcom.com> Date: Wed, 14 Feb 2018 00:10:52 -0800 Subject: scsi: megaraid_sas: Do not use 32-bit atomic request descriptor for Ventura controllers From: Shivasharan S <shivasharan.srikanteshwara(a)broadcom.com> commit 9ff97fa8db94caeab59a3c5401e975df468b4d8e upstream. Problem Statement: Sending I/O through 32 bit descriptors to Ventura series of controller results in IO timeout on certain conditions. This error only occurs on systems with high I/O activity on Ventura series controllers. Changes in this patch will prevent driver from using 32 bit descriptor and use 64 bit Descriptors. Cc: <stable(a)vger.kernel.org> Signed-off-by: Kashyap Desai <kashyap.desai(a)broadcom.com> Signed-off-by: Shivasharan S <shivasharan.srikanteshwara(a)broadcom.com> Reviewed-by: Hannes Reinecke <hare(a)suse.com> Reviewed-by: Tomas Henzl <thenzl(a)redhat.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/scsi/megaraid/megaraid_sas_fusion.c | 42 +++++++++------------------- 1 file changed, 14 insertions(+), 28 deletions(-) --- a/drivers/scsi/megaraid/megaraid_sas_fusion.c +++ b/drivers/scsi/megaraid/megaraid_sas_fusion.c @@ -190,36 +190,30 @@ inline void megasas_return_cmd_fusion(st /** * megasas_fire_cmd_fusion - Sends command to the FW * @instance: Adapter soft state - * @req_desc: 32bit or 64bit Request descriptor + * @req_desc: 64bit Request descriptor * - * Perform PCI Write. Ventura supports 32 bit Descriptor. - * Prior to Ventura (12G) MR controller supports 64 bit Descriptor. + * Perform PCI Write. */ static void megasas_fire_cmd_fusion(struct megasas_instance *instance, union MEGASAS_REQUEST_DESCRIPTOR_UNION *req_desc) { - if (instance->is_ventura) - writel(le32_to_cpu(req_desc->u.low), - &instance->reg_set->inbound_single_queue_port); - else { #if defined(writeq) && defined(CONFIG_64BIT) - u64 req_data = (((u64)le32_to_cpu(req_desc->u.high) << 32) | - le32_to_cpu(req_desc->u.low)); + u64 req_data = (((u64)le32_to_cpu(req_desc->u.high) << 32) | + le32_to_cpu(req_desc->u.low)); - writeq(req_data, &instance->reg_set->inbound_low_queue_port); + writeq(req_data, &instance->reg_set->inbound_low_queue_port); #else - unsigned long flags; - spin_lock_irqsave(&instance->hba_lock, flags); - writel(le32_to_cpu(req_desc->u.low), - &instance->reg_set->inbound_low_queue_port); - writel(le32_to_cpu(req_desc->u.high), - &instance->reg_set->inbound_high_queue_port); - mmiowb(); - spin_unlock_irqrestore(&instance->hba_lock, flags); + unsigned long flags; + spin_lock_irqsave(&instance->hba_lock, flags); + writel(le32_to_cpu(req_desc->u.low), + &instance->reg_set->inbound_low_queue_port); + writel(le32_to_cpu(req_desc->u.high), + &instance->reg_set->inbound_high_queue_port); + mmiowb(); + spin_unlock_irqrestore(&instance->hba_lock, flags); #endif - } } /** @@ -772,7 +766,6 @@ megasas_ioc_init_fusion(struct megasas_i const char *sys_info; MFI_CAPABILITIES *drv_ops; u32 scratch_pad_2; - unsigned long flags; fusion = instance->ctrl_context; @@ -900,14 +893,7 @@ megasas_ioc_init_fusion(struct megasas_i break; } - /* For Ventura also IOC INIT required 64 bit Descriptor write. */ - spin_lock_irqsave(&instance->hba_lock, flags); - writel(le32_to_cpu(req_desc.u.low), - &instance->reg_set->inbound_low_queue_port); - writel(le32_to_cpu(req_desc.u.high), - &instance->reg_set->inbound_high_queue_port); - mmiowb(); - spin_unlock_irqrestore(&instance->hba_lock, flags); + megasas_fire_cmd_fusion(instance, &req_desc); wait_and_poll(instance, cmd, MFI_POLL_TIMEOUT_SECS); Patches currently in stable-queue which might be from shivasharan.srikanteshwara(a)broadcom.com are queue-4.14/scsi-megaraid_sas-do-not-use-32-bit-atomic-request-descriptor-for-ventura-controllers.patch

7 years, 6 months

1
0
0 0

Linux 4.4.123

by Greg KH

I'm announcing the release of the 4.4.123 kernel. All users of the 4.4 kernel series must upgrade. The updated 4.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.4.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/am335x-pepper.dts | 2 arch/arm/boot/dts/exynos4412-trats2.dts | 2 arch/arm/boot/dts/logicpd-torpedo-som.dtsi | 8 + arch/arm/boot/dts/moxart-uc7112lx.dts | 2 arch/arm/boot/dts/moxart.dtsi | 17 +- arch/arm/boot/dts/omap3-n900.dts | 4 arch/arm/boot/dts/r8a7790.dtsi | 7 - arch/arm/boot/dts/r8a7791-koelsch.dts | 2 arch/arm/boot/dts/r8a7791.dtsi | 7 - arch/mips/kernel/mips-r2-to-r6-emul.c | 16 ++ arch/mips/net/bpf_jit.c | 16 +- arch/mips/net/bpf_jit_asm.S | 23 +-- arch/powerpc/mm/fault.c | 2 arch/x86/kernel/kprobes/core.c | 6 arch/x86/kernel/kprobes/opt.c | 3 arch/x86/kernel/vm86_32.c | 3 arch/x86/mm/fault.c | 6 block/blk-cgroup.c | 4 block/blk-throttle.c | 11 + drivers/char/agp/intel-gtt.c | 2 drivers/clk/qcom/gcc-msm8916.c | 1 drivers/cpufreq/cpufreq.c | 6 drivers/dma/imx-sdma.c | 17 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | 31 +---- drivers/gpu/drm/amd/amdgpu/amdgpu_display.c | 6 drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 10 + drivers/gpu/drm/drm_edid.c | 9 + drivers/gpu/drm/drm_irq.c | 14 +- drivers/gpu/drm/qxl/qxl_fb.c | 9 + drivers/gpu/drm/radeon/radeon_display.c | 6 drivers/gpu/drm/vmwgfx/vmwgfx_fb.c | 4 drivers/hid/hid-elo.c | 6 drivers/hid/hid-input.c | 20 ++- drivers/hwmon/pmbus/adm1275.c | 4 drivers/hwtracing/coresight/of_coresight.c | 2 drivers/input/keyboard/qt1070.c | 9 + drivers/input/touchscreen/tsc2007.c | 8 + drivers/iommu/iova.c | 2 drivers/irqchip/irq-gic-v3-its.c | 9 - drivers/md/raid5.c | 13 +- drivers/media/i2c/soc_camera/ov6650.c | 2 drivers/media/pci/solo6x10/solo6x10-v4l2.c | 11 + drivers/media/usb/cpia2/cpia2_v4l.c | 4 drivers/misc/enclosure.c | 7 - drivers/mtd/nand/nand_base.c | 9 + drivers/net/bonding/bond_main.c | 11 + drivers/net/ethernet/apm/xgene/xgene_enet_hw.c | 1 drivers/net/ethernet/apm/xgene/xgene_enet_hw.h | 1 drivers/net/ethernet/faraday/ftgmac100.c | 1 drivers/net/ethernet/intel/fm10k/fm10k_ethtool.c | 2 drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 5 drivers/net/ethernet/intel/i40e/i40e_nvm.c | 12 - drivers/net/ipvlan/ipvlan_core.c | 4 drivers/net/veth.c | 3 drivers/net/vxlan.c | 5 drivers/net/wireless/ath/ath10k/debug.c | 9 + drivers/net/wireless/ath/ath10k/mac.c | 12 + drivers/net/wireless/ath/ath10k/wmi.h | 3 drivers/net/wireless/ath/wil6210/main.c | 20 ++- drivers/net/wireless/mac80211_hwsim.c | 17 +- drivers/nfc/nfcmrvl/fw_dnld.c | 2 drivers/nfc/nfcmrvl/spi.c | 5 drivers/of/device.c | 2 drivers/pci/pci-driver.c | 2 drivers/perf/arm_pmu.c | 12 + drivers/pwm/pwm-tegra.c | 7 - drivers/scsi/ipr.c | 16 +- drivers/scsi/scsi_devinfo.c | 9 - drivers/scsi/scsi_dh.c | 5 drivers/scsi/ses.c | 1 drivers/scsi/sg.c | 35 +++-- drivers/spi/spi-omap2-mcspi.c | 9 - drivers/spi/spi-sun6i.c | 2 drivers/staging/speakup/kobjects.c | 8 - drivers/staging/wilc1000/host_interface.c | 2 drivers/usb/dwc2/hcd.c | 1 drivers/usb/gadget/udc/bdc/bdc_core.c | 2 drivers/usb/gadget/udc/bdc/bdc_pci.c | 1 drivers/usb/gadget/udc/dummy_hcd.c | 20 +-- drivers/video/fbdev/amba-clcd.c | 4 drivers/video/hdmi.c | 51 +++++--- fs/aio.c | 44 ++++--- fs/btrfs/volumes.c | 12 + fs/dcache.c | 11 + fs/f2fs/gc.c | 6 fs/namei.c | 5 fs/nfs/super.c | 2 fs/reiserfs/journal.c | 2 fs/reiserfs/reiserfs.h | 1 fs/reiserfs/super.c | 21 ++- include/linux/fs.h | 1 include/linux/pagemap.h | 4 include/linux/platform_data/isl9305.h | 2 include/net/tcp.h | 8 - kernel/bpf/verifier.c | 3 kernel/printk/braille.c | 15 +- kernel/printk/braille.h | 13 +- kernel/sched/core.c | 3 kernel/sched/rt.c | 2 kernel/time/sched_clock.c | 5 kernel/time/timer_list.c | 6 net/8021q/vlan_dev.c | 3 net/batman-adv/bridge_loop_avoidance.c | 20 ++- net/mac80211/iface.c | 2 net/sched/act_csum.c | 12 + net/xfrm/xfrm_policy.c | 2 net/xfrm/xfrm_state.c | 7 + security/apparmor/lsm.c | 2 security/integrity/ima/ima_appraise.c | 3 security/selinux/hooks.c | 8 + sound/core/oss/pcm_oss.c | 10 - sound/core/seq/seq_clientmgr.c | 4 sound/core/seq/seq_prioq.c | 28 ++-- sound/core/seq/seq_prioq.h | 6 sound/core/seq/seq_queue.c | 28 +--- sound/firewire/digi00x/amdtp-dot.c | 55 ++++++-- sound/pci/hda/hda_intel.c | 9 - sound/soc/nuc900/nuc900-ac97.c | 4 sound/soc/sh/rcar/ssi.c | 9 + tools/perf/builtin-probe.c | 6 tools/perf/util/event.c | 4 tools/perf/util/ordered-events.c | 3 tools/perf/util/session.c | 17 ++ tools/perf/util/sort.c | 5 tools/testing/selftests/firmware/fw_filesystem.sh | 5 tools/testing/selftests/rcutorture/bin/configinit.sh | 2 tools/testing/selftests/x86/entry_from_vm86.c | 117 ++++++++++++++++++- tools/usb/usbip/src/usbipd.c | 2 129 files changed, 868 insertions(+), 337 deletions(-) Aaron Salter (1): i40e: Acquire NVM lock before reads on all devices Adam Ford (1): ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux Adiel Aloni (1): mac80211_hwsim: enforce PS_MANUAL_POLL to be set after PS_ENABLED Akinobu Mita (1): spi: omap2-mcspi: poll OMAP2_MCSPI_CHSTAT_RXS for PIO transfer Al Viro (1): lock_parent() needs to recheck if dentry got __dentry_kill'ed under it Aleksandar Markovic (1): MIPS: r2-on-r6-emu: Clear BLTZALL and BGEZALL debugfs counters Alexander Potapenko (1): selinux: check for address length in selinux_socket_bind() Andreas Pape (1): batman-adv: handle race condition for claims between gateways Andrew F. Davis (2): ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin ARM: dts: omap3-n900: Fix the audio CODEC's reset pin Andrew Lunn (1): net/faraday: Add missing include of of.h Andrey Vagin (1): net/8021q: create device with all possible features in wanted_features Andy Lutomirski (3): selftests/x86/entry_from_vm86: Exit with 1 if we fail selftests/x86/entry_from_vm86: Add test cases for POPF x86/vm86/32: Fix POPF emulation Anton Blanchard (1): powerpc: Avoid taking a data miss on every userspace instruction miss Anton Sviridenko (1): solo6x10: release vb2 buffers in solo_stop_streaming() Ard Biesheuvel (1): irqchip/gic-v3-its: Ensure nr_ites >= nr_lpis Bart Van Assche (1): scsi: core: scsi_get_device_flags_keyed(): Always return device flags Ben Greear (1): ath10k: fix invalid STS_CAP_OFFSET_MASK Brian King (1): scsi: ipr: Fix missed EH wakeup Changbin Du (1): perf sort: Fix segfault with basic block 'cycles' sort dimension Chris Wilson (2): drm: Defer disabling the vblank IRQ until the next interrupt (for instant-off) agp/intel: Flush all chipset writes after updating the GGTT Christopher James Halse Rogers (2): drm/radeon: Fail fb creation from imported dma-bufs. drm/amdgpu: Fail fb creation from imported dma-bufs. (v2) Colin Ian King (1): staging: wilc1000: add check for kmalloc allocation failure. Dan Carpenter (3): NFC: nfcmrvl: double free on error path media: cpia2: Fix a couple off by one bugs ASoC: nuc900: Fix a loop timeout test David Carrillo-Cisneros (2): perf inject: Copy events when reordering events in pipe mode perf session: Don't rely on evlist in pipe mode David Daney (2): MIPS: BPF: Quit clobbering callee saved registers in JIT code. MIPS: BPF: Fix multiple problems in JIT skb access helpers. David Engraf (1): timers, sched_clock: Update timeout for clock wrap Davide Caratti (1): sched: act_csum: don't mangle TCP and UDP GSO packets Dedy Lansky (1): wil6210: fix memory access violation in wil_memcpy_from/toio_32 Eric Dumazet (1): bonding: refine bond_fold_stats() wrap detection Eric W. Biederman (1): fs: Teach path_connected to handle nfs filesystems with multiple roots. Felix Manlunas (1): vxlan: vxlan dev should inherit lowerdev's gso_max_size Gabriel Krisman Bertazi (1): drm: qxl: Don't alloc fbdev if emulation is not supported Gao Feng (1): tcp: sysctl: Fix a race to avoid unexpected 0 window from space Geert Uytterhoeven (3): ARM: dts: r8a7790: Correct parent of SSI[0-9] clocks ARM: dts: r8a7791: Correct parent of SSI[0-9] clocks ARM: dts: koelsch: Correct clock frequency of X2 DU clock input Greg Kroah-Hartman (1): Linux 4.4.123 H. Nikolaus Schaller (1): Input: tsc2007 - check for presence and power down tsc2007 during probe Hannes Reinecke (1): scsi: sg: close race condition in sg_remove_sfp_usercontext() Hans van Kranenburg (1): btrfs: alloc_chunk: fix DUP stripe size handling Hou Tao (1): blkcg: fix double free of new_blkg in blkcg_init_queue Jaegeuk Kim (1): f2fs: relax node version check for victim data in gc Jan Kara (1): reiserfs: Make cancel_old_flush() reliable Jani Nikula (1): drm/edid: set ELD connector type in drm_edid_to_eld() Jann Horn (1): bpf: fix incorrect sign extension in check_alu_op() Janusz Krzysztofik (1): media: i2c/soc_camera: fix ov6650 sensor getting wrong clock Javier Martinez Canillas (1): Input: qt1070 - add OF device ID table Jiada Wang (1): dmaengine: imx-sdma: add 1ms delay to ensure SDMA channel is stopped Jiri Kosina (1): HID: elo: clear BTN_LEFT mapping Johannes Thumshirn (4): scsi: sg: check for valid direction before starting the request scsi: sg: fix SG_DXFER_FROM_DEV transfers scsi: sg: fix static checker warning in sg_is_valid_dxfer scsi: sg: only check for dxfer_len greater than 256M John Johansen (1): apparmor: Make path_max parameter readonly John Stultz (1): usb: dwc2: Make sure we disconnect the gadget state Julien BOIBESSOT (1): tools/usbip: fixes build with musl libc toolchain Kefeng Wang (1): perf probe: Return errno when not hitting any event Kirill A. Shutemov (1): mm: Fix false-positive VM_BUG_ON() in page_cache_{get,add}_speculative() Kuninori Morimoto (1): ASoC: rcar: ssi: don't set SSICR.CKDV = 000 with SSIWSR.CONT Laxman Dewangan (1): pwm: tegra: Increase precision in PWM rate calculation Leonid Yegoshin (1): MIPS: r2-on-r6-emu: Fix BLEZL and BGTZL identification Liam Beguin (1): video: ARM CLCD: fix dma allocation size Lihong Yang (1): i40e: fix ethtool to get EEPROM data from X722 interface Linus Walleij (1): ARM: dts: Adjust moxart IRQ controller and flags Lorenzo Colitti (1): net: xfrm: allow clearing socket xfrm policies. Luca Coelho (1): mac80211: remove BUG() when interface type is invalid Luis R. Rodriguez (1): test_firmware: fix setting old custom fw path back on exit Mahesh Bandewar (1): ipvlan: add L2 check for packets arriving via virtual devices Manikanta Pubbisetty (1): ath10k: update tdls teardown state to target Mark Rutland (1): drivers/perf: arm_pmu: handle no platform_device Masami Hiramatsu (2): kprobes/x86: Fix kprobe-booster not to boost far call instructions kprobes/x86: Set kprobes pages read-only Mauricio Faria de Oliveira (1): scsi: ses: don't get power status of SES device slot on probe Michel Dänzer (1): drm/amdgpu/dce: Don't turn off DP sink when disconnected Mike Leach (1): coresight: Fixes coresight DT parse to get correct output port ID. Mimi Zohar (1): ima: relax requiring a file signature for new files with zero length Miquel Raynal (1): mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp]() Mohammed Shafi Shajakhan (2): ath10k: fix a warning during channel switch with multiple vaps ath10k: disallow DFS simulation if DFS channel is not enabled Nate Watterson (1): iommu/iova: Fix underflow bug in __alloc_and_insert_iova_range NeilBrown (1): md/raid6: Fix anomily when recovering a single device in RAID6. Nikolay Borisov (1): btrfs: Fix use-after-free when cleaning up fs_devs with a single stale device Paul E. McKenney (2): sched: Stop switched_to_rt() from sending IPIs to offline CPUs sched: Stop resched_cpu() from sending IPIs to offline CPUs Phil Turnbull (1): fm10k: correctly check if interface is removed Prarit Bhargava (1): PCI/MSI: Stop disabling MSI/MSI-X in pci_device_shutdown() Quan Nguyen (1): drivers: net: xgene: Fix hardware checksum setting Rafael J. Wysocki (1): cpufreq: Fix governor module removal race Ricardo Neri (2): selftests/x86: Add tests for User-Mode Instruction Prevention selftests/x86: Add tests for the STR and SLDT instructions Rob Herring (1): of: fix of_device_get_modalias returned length when truncating buffers Samuel Thibault (1): braille-console: Fix value returned by _braille_console_setup SeongJae Park (1): rcutorture/configinit: Fix build directory error message Shaohua Li (1): blk-throttle: make sure expire time isn't too big Shikhar Dogra (1): driver: (adm1275) set the m,b and R coefficients correctly for power Simon Shields (1): ARM: dts: exynos: Correct Trats2 panel reset line Sinclair Yeh (1): drm/vmwgfx: Fixes to vmwgfx_fb Srinath Mannam (1): usb: gadget: bdc: 64-bit pointer capability check Srinivas Kandagatla (1): clk: qcom: msm8916: fix mnd_width for codec_digcodec Stephane Eranian (1): perf tools: Make perf_event__synthesize_mmap_events() scale Stephen Hemminger (1): veth: set peer GSO values Takashi Iwai (4): ALSA: pcm: Fix UAF in snd_pcm_oss_get_formats() ALSA: hda - Revert power_save option default value ALSA: seq: Fix possible UAF in snd_seq_check_queue() ALSA: seq: Clear client entry before deleting else at closing Takashi Sakamoto (1): ALSA: firewire-digi00x: handle all MIDI messages on streaming packets Tejun Heo (2): fs/aio: Add explicit RCU grace period when freeing kioctx fs/aio: Use RCU accessors for kioctx_table->table[] Tobias Jordan (1): spi: sun6i: disable/unprepare clocks on remove Tobias Klauser (1): NFC: nfcmrvl: Include unaligned.h instead of access_ok.h Tom Hromatka (1): sysrq: Reset the watchdog timers while displaying high-resolution timers Tomasz Kramkowski (1): HID: clamp input to logical range if no null state Toshi Kani (1): x86/mm: Fix vmalloc_fault to use pXd_large Valtteri Heikkilä (1): HID: reject input outside logical range only if null state is set Varsha Rao (1): staging: speakup: Replace BUG_ON() with WARN_ON(). Ville Syrjälä (1): video/hdmi: Allow "empty" HDMI infoframes Vincent Stehlé (1): regulator: isl9305: fix array size Wei Yongjun (1): USB: gadget: udc: Add missing platform_device_put() on error in bdc_pci_probe() Xose Vazquez Perez (2): scsi: devinfo: apply to HP XP the same flags as Hitachi VSP scsi: dh: add new rdac devices Yong Zhao (1): drm/amdkfd: Fix memory leaks in kfd topology Yuyang Du (1): usb: gadget: dummy_hcd: Fix wrong power status bit clear/reset in dummy_hub_control()

7 years, 6 months

1
1
0 0

Linux 4.9.89

by Greg KH

I'm announcing the release of the 4.9.89 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/am335x-pepper.dts | 2 arch/arm/boot/dts/bcm283x-rpi-smsc9512.dtsi | 2 arch/arm/boot/dts/bcm283x-rpi-smsc9514.dtsi | 2 arch/arm/boot/dts/exynos4412-trats2.dts | 2 arch/arm/boot/dts/moxart-uc7112lx.dts | 2 arch/arm/boot/dts/moxart.dtsi | 17 +- arch/arm/boot/dts/omap3-n900.dts | 4 arch/arm/boot/dts/r7s72100.dtsi | 2 arch/arm/boot/dts/r8a7790.dtsi | 7 - arch/arm/boot/dts/r8a7791-koelsch.dts | 2 arch/arm/boot/dts/r8a7791.dtsi | 10 - arch/arm/boot/dts/r8a7792.dtsi | 3 arch/arm/boot/dts/r8a7793.dtsi | 10 - arch/arm/boot/dts/r8a7794-silk.dts | 2 arch/arm/boot/dts/r8a7794.dtsi | 13 +- arch/arm/configs/bcm2835_defconfig | 4 arch/arm/mach-bcm/Kconfig | 1 arch/arm64/boot/dts/renesas/r8a7796.dtsi | 3 arch/mips/kernel/mips-r2-to-r6-emul.c | 16 ++ arch/mips/net/bpf_jit.c | 16 +- arch/mips/net/bpf_jit_asm.S | 23 +-- arch/parisc/kernel/cache.c | 41 +++++- arch/powerpc/include/asm/code-patching.h | 1 arch/powerpc/kernel/module_64.c | 12 + arch/powerpc/lib/code-patching.c | 5 arch/powerpc/mm/fault.c | 2 arch/powerpc/mm/hugetlbpage.c | 18 ++ arch/powerpc/mm/tlb_nohash.c | 2 arch/s390/kernel/early.c | 2 arch/x86/include/asm/cpufeatures.h | 1 arch/x86/include/asm/nospec-branch.h | 5 arch/x86/include/asm/reboot.h | 1 arch/x86/kernel/cpu/intel.c | 3 arch/x86/kernel/cpu/mcheck/mce.c | 48 +++++-- arch/x86/kernel/kprobes/core.c | 6 arch/x86/kernel/kprobes/opt.c | 3 arch/x86/kernel/reboot.c | 5 arch/x86/kernel/setup_percpu.c | 21 +++ arch/x86/kernel/sys_x86_64.c | 5 arch/x86/kernel/vm86_32.c | 3 arch/x86/kvm/svm.c | 7 + arch/x86/kvm/x86.c | 3 arch/x86/mm/fault.c | 6 block/blk-cgroup.c | 4 block/blk-throttle.c | 11 + drivers/char/agp/intel-gtt.c | 2 drivers/clk/meson/gxbb.c | 4 drivers/clk/qcom/gcc-msm8916.c | 1 drivers/clk/qcom/mmcc-msm8996.c | 2 drivers/dma/imx-sdma.c | 17 ++ drivers/edac/altera_edac.c | 22 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | 31 +---- drivers/gpu/drm/amd/amdgpu/amdgpu_display.c | 6 drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 10 + drivers/gpu/drm/drm_edid.c | 9 + drivers/gpu/drm/drm_irq.c | 14 +- drivers/gpu/drm/qxl/qxl_fb.c | 9 + drivers/gpu/drm/radeon/radeon_display.c | 6 drivers/gpu/drm/rcar-du/rcar_du_crtc.c | 7 + drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 29 +++- drivers/gpu/drm/sun4i/sun4i_crtc.c | 5 drivers/gpu/drm/sun4i/sun4i_drv.c | 16 +- drivers/gpu/drm/sun4i/sun4i_tcon.c | 22 ++- drivers/gpu/drm/ttm/ttm_bo.c | 12 + drivers/gpu/drm/vmwgfx/vmwgfx_fb.c | 4 drivers/hid/hid-elo.c | 6 drivers/hid/hid-input.c | 20 ++- drivers/hwmon/pmbus/adm1275.c | 4 drivers/hwtracing/coresight/of_coresight.c | 2 drivers/infiniband/hw/hfi1/chip.c | 7 - drivers/input/keyboard/qt1070.c | 9 + drivers/input/touchscreen/tsc2007.c | 8 + drivers/iommu/iova.c | 2 drivers/irqchip/irq-gic-v3-its.c | 9 - drivers/leds/leds-pm8058.c | 2 drivers/md/md.c | 4 drivers/md/raid5.c | 13 +- drivers/media/i2c/soc_camera/ov6650.c | 2 drivers/media/pci/solo6x10/solo6x10-v4l2.c | 11 + drivers/media/platform/vsp1/vsp1_drm.c | 1 drivers/media/platform/vsp1/vsp1_drv.c | 16 ++ drivers/media/platform/vsp1/vsp1_video.c | 13 ++ drivers/media/usb/cpia2/cpia2_v4l.c | 4 drivers/misc/Makefile | 2 drivers/misc/enclosure.c | 7 - drivers/mtd/nand/fsl_ifc_nand.c | 7 + drivers/mtd/nand/nand_base.c | 9 + drivers/net/bonding/bond_main.c | 35 +++-- drivers/net/ethernet/apm/xgene/xgene_enet_hw.c | 1 drivers/net/ethernet/apm/xgene/xgene_enet_hw.h | 1 drivers/net/ethernet/apm/xgene/xgene_enet_main.c | 31 +++-- drivers/net/ethernet/broadcom/bgmac-bcma.c | 39 +++--- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 10 + drivers/net/ethernet/cavium/thunder/nicvf_main.c | 5 drivers/net/ethernet/faraday/ftgmac100.c | 1 drivers/net/ethernet/freescale/fec_main.c | 26 ++-- drivers/net/ethernet/hisilicon/hns/hns_ae_adapt.c | 23 ++- drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c | 11 - drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.h | 2 drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c | 1 drivers/net/ethernet/hisilicon/hns/hns_enet.c | 5 drivers/net/ethernet/hisilicon/hns/hns_ethtool.c | 8 - drivers/net/ethernet/intel/fm10k/fm10k_ethtool.c | 2 drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 5 drivers/net/ethernet/intel/i40e/i40e_main.c | 19 +-- drivers/net/ethernet/intel/i40e/i40e_nvm.c | 12 - drivers/net/ethernet/intel/i40e/i40e_txrx.c | 1 drivers/net/ethernet/intel/i40evf/i40e_txrx.c | 1 drivers/net/ethernet/qlogic/qed/qed_cxt.c | 32 ++++- drivers/net/ethernet/qlogic/qed/qed_main.c | 3 drivers/net/ethernet/qlogic/qed/qed_sriov.c | 13 +- drivers/net/ieee802154/adf7242.c | 4 drivers/net/ipvlan/ipvlan_core.c | 4 drivers/net/phy/mdio-xgene.c | 2 drivers/net/veth.c | 3 drivers/net/vxlan.c | 5 drivers/net/wireless/ath/ath10k/ce.c | 2 drivers/net/wireless/ath/ath10k/debug.c | 9 + drivers/net/wireless/ath/ath10k/mac.c | 12 + drivers/net/wireless/ath/ath10k/wmi.c | 5 drivers/net/wireless/ath/ath10k/wmi.h | 3 drivers/net/wireless/ath/wil6210/main.c | 20 ++- drivers/net/wireless/ath/wil6210/wmi.c | 11 + drivers/net/wireless/intel/iwlwifi/mvm/rs.c | 4 drivers/net/wireless/intel/iwlwifi/mvm/rx.c | 18 ++ drivers/net/wireless/mac80211_hwsim.c | 26 ++-- drivers/net/wireless/marvell/mwifiex/cfg80211.c | 6 drivers/net/wireless/marvell/mwifiex/sdio.c | 4 drivers/net/wireless/zydas/zd1211rw/zd_usb.c | 3 drivers/nfc/nfcmrvl/fw_dnld.c | 2 drivers/nfc/nfcmrvl/spi.c | 5 drivers/nfc/pn533/i2c.c | 4 drivers/of/device.c | 2 drivers/pci/host/pci-hyperv.c | 24 +++ drivers/pci/pci-driver.c | 2 drivers/pci/quirks.c | 3 drivers/perf/arm_pmu.c | 12 + drivers/power/supply/ab8500_charger.c | 6 drivers/pwm/pwm-stmpe.c | 2 drivers/pwm/pwm-tegra.c | 7 - drivers/regulator/core.c | 9 + drivers/scsi/be2iscsi/be_cmds.c | 6 drivers/scsi/fnic/fnic_scsi.c | 16 +- drivers/scsi/ipr.c | 16 +- drivers/scsi/qla2xxx/qla_os.c | 8 - drivers/scsi/scsi_devinfo.c | 9 - drivers/scsi/scsi_dh.c | 5 drivers/scsi/ses.c | 12 + drivers/scsi/sg.c | 35 +++-- drivers/spi/spi-omap2-mcspi.c | 9 - drivers/spi/spi-sun6i.c | 2 drivers/staging/speakup/kobjects.c | 8 - drivers/staging/wilc1000/host_interface.c | 2 drivers/tty/serial/amba-pl011.c | 23 ++- drivers/tty/serial/imx.c | 36 +++-- drivers/usb/dwc2/hcd.c | 1 drivers/usb/dwc3/core.c | 6 drivers/usb/dwc3/core.h | 17 +- drivers/usb/gadget/udc/bdc/bdc_core.c | 2 drivers/usb/gadget/udc/bdc/bdc_pci.c | 1 drivers/usb/gadget/udc/dummy_hcd.c | 20 +-- drivers/usb/misc/lvstest.c | 1 drivers/vfio/vfio_iommu_spapr_tce.c | 13 ++ drivers/video/fbdev/amba-clcd.c | 4 drivers/video/fbdev/omap2/omapfb/dss/dss.c | 16 +- drivers/video/hdmi.c | 51 +++++--- fs/aio.c | 44 ++++--- fs/btrfs/volumes.c | 12 + fs/dcache.c | 11 + fs/f2fs/gc.c | 6 fs/namei.c | 8 - fs/nfs/super.c | 2 fs/reiserfs/journal.c | 2 fs/reiserfs/reiserfs.h | 1 fs/reiserfs/super.c | 21 ++- include/dt-bindings/clock/r8a7794-clock.h | 1 include/linux/fs.h | 1 include/linux/pagemap.h | 4 include/linux/platform_data/isl9305.h | 2 include/linux/regulator/driver.h | 2 include/net/tcp.h | 8 - include/uapi/linux/eventpoll.h | 8 - kernel/locking/locktorture.c | 76 +++++++----- kernel/locking/rtmutex.c | 29 ++++ kernel/locking/rtmutex_common.h | 1 kernel/printk/braille.c | 15 +- kernel/printk/braille.h | 13 +- kernel/printk/printk.c | 8 - kernel/sched/core.c | 3 kernel/sched/rt.c | 2 kernel/time/sched_clock.c | 5 kernel/time/timer_list.c | 6 net/8021q/vlan_dev.c | 3 net/batman-adv/bridge_loop_avoidance.c | 20 ++- net/bluetooth/6lowpan.c | 10 + net/bluetooth/af_bluetooth.c | 24 +++ net/mac80211/iface.c | 2 net/sched/act_csum.c | 12 + net/sched/sch_netem.c | 26 ++-- net/xfrm/xfrm_policy.c | 2 net/xfrm/xfrm_state.c | 7 + security/apparmor/lsm.c | 2 security/integrity/ima/ima_appraise.c | 3 security/selinux/hooks.c | 8 + sound/core/oss/pcm_oss.c | 10 - sound/core/seq/seq_clientmgr.c | 4 sound/core/seq/seq_prioq.c | 28 ++-- sound/core/seq/seq_prioq.h | 6 sound/core/seq/seq_queue.c | 28 +--- sound/firewire/amdtp-stream.c | 5 sound/firewire/amdtp-stream.h | 3 sound/firewire/digi00x/amdtp-dot.c | 55 ++++++-- sound/firewire/digi00x/digi00x.c | 13 +- sound/firewire/digi00x/digi00x.h | 1 sound/pci/hda/hda_intel.c | 13 +- sound/soc/codecs/rt5677.c | 7 + sound/soc/nuc900/nuc900-ac97.c | 4 sound/soc/sh/rcar/ssi.c | 9 + tools/perf/builtin-probe.c | 6 tools/perf/builtin-stat.c | 23 +++ tools/perf/builtin-trace.c | 43 +++++- tools/perf/util/annotate.c | 10 + tools/perf/util/build-id.c | 6 tools/perf/util/event.c | 4 tools/perf/util/evsel.c | 12 + tools/perf/util/ordered-events.c | 3 tools/perf/util/probe-event.c | 2 tools/perf/util/session.c | 17 ++ tools/perf/util/sort.c | 5 tools/testing/selftests/firmware/fw_filesystem.sh | 5 tools/testing/selftests/rcutorture/bin/configinit.sh | 2 tools/testing/selftests/x86/entry_from_vm86.c | 117 ++++++++++++++++++- tools/usb/usbip/src/usbipd.c | 2 236 files changed, 1751 insertions(+), 677 deletions(-) Aaron Salter (1): i40e: Acquire NVM lock before reads on all devices Adiel Aloni (1): mac80211_hwsim: enforce PS_MANUAL_POLL to be set after PS_ENABLED Akinobu Mita (1): spi: omap2-mcspi: poll OMAP2_MCSPI_CHSTAT_RXS for PIO transfer Al Cooper (1): ARM: brcmstb: Enable ZONE_DMA for non 64-bit capable peripherals Al Viro (1): lock_parent() needs to recheck if dentry got __dentry_kill'ed under it Aleksandar Markovic (1): MIPS: r2-on-r6-emu: Clear BLTZALL and BGEZALL debugfs counters Alexander Duyck (1): i40e/i40evf: Fix use after free in Rx cleanup path Alexander Potapenko (1): selinux: check for address length in selinux_socket_bind() Alexander Sergeyev (1): x86/speculation: Remove Skylake C2 from Speculation Control microcode blacklist Alexey Kardashevskiy (2): vfio/powerpc/spapr_tce: Enforce IOMMU type compatibility check vfio/spapr_tce: Check kzalloc() return when preregistering memory Andreas Pape (1): batman-adv: handle race condition for claims between gateways Andrew F. Davis (2): ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin ARM: dts: omap3-n900: Fix the audio CODEC's reset pin Andrew Lunn (1): net/faraday: Add missing include of of.h Andrey Rusalin (1): NFC: pn533: change order of free_irq and dev unregistration Andrey Vagin (1): net/8021q: create device with all possible features in wanted_features Andy Lutomirski (5): x86/boot/32: Defer resyncing initial_page_table until per-cpu is set up x86/boot/32: Fix UP boot on Quark and possibly other platforms selftests/x86/entry_from_vm86: Exit with 1 if we fail selftests/x86/entry_from_vm86: Add test cases for POPF x86/vm86/32: Fix POPF emulation Andy Whitcroft (1): x86/speculation, objtool: Annotate indirect calls/jumps for objtool on 32-bit kernels Aneesh Kumar K.V (1): powerpc/mm/hugetlb: Filter out hugepage size not supported by page table layout Anton Blanchard (1): powerpc: Avoid taking a data miss on every userspace instruction miss Anton Sviridenko (1): solo6x10: release vb2 buffers in solo_stop_streaming() Ard Biesheuvel (1): irqchip/gic-v3-its: Ensure nr_ites >= nr_lpis Arnaldo Carvalho de Melo (1): perf trace: Handle unpaired raw_syscalls:sys_exit event Arnd Bergmann (1): lkdtm: turn off kcov for lkdtm_rodata_do_nothing: Arvind Yadav (1): omapfb: dss: Handle return errors in dss_init_ports() Axel Lin (1): pwm: stmpe: Fix wrong register offset for hwpwm=2 case Bart Van Assche (1): scsi: core: scsi_get_device_flags_keyed(): Always return device flags Baruch Siach (1): ARM: dts: bcm2835: add index to the ethernet alias Ben Greear (1): ath10k: fix invalid STS_CAP_OFFSET_MASK Bill Kuzeja (1): scsi: qla2xxx: Fix extraneous ref on sp's after adapter break Bjorn Andersson (1): leds: pm8058: Silence pointer to integer size warning Borislav Petkov (2): perf stat: Issue a HW watchdog disable hint kvm/svm: Setup MCG_CAP on AMD properly Brian King (1): scsi: ipr: Fix missed EH wakeup Changbin Du (1): perf sort: Fix segfault with basic block 'cycles' sort dimension Chen-Yu Tsai (3): drm/sun4i: Fix up error path cleanup for master bind function drm/sun4i: Set drm_crtc.port to the underlying TCON's output port node drm/sun4i: Fix TCON clock and regmap initialization sequence Chris Brandt (1): ARM: dts: r7s72100: fix ethernet clock parent Chris Wilson (2): drm: Defer disabling the vblank IRQ until the next interrupt (for instant-off) agp/intel: Flush all chipset writes after updating the GGTT Christian König (1): drm/amdgpu: fix prime teardown order Christophe JAILLET (2): power: supply: ab8500_charger: Fix an error handling path power: supply: ab8500_charger: Bail out in case of error in 'ab8500_charger_init_hw_registers()' Christopher James Halse Rogers (2): drm/radeon: Fail fb creation from imported dma-bufs. drm/amdgpu: Fail fb creation from imported dma-bufs. (v2) Colin Ian King (1): staging: wilc1000: add check for kmalloc allocation failure. Dan Carpenter (3): NFC: nfcmrvl: double free on error path media: cpia2: Fix a couple off by one bugs ASoC: nuc900: Fix a loop timeout test David Carrillo-Cisneros (2): perf inject: Copy events when reordering events in pipe mode perf session: Don't rely on evlist in pipe mode David Daney (2): MIPS: BPF: Quit clobbering callee saved registers in JIT code. MIPS: BPF: Fix multiple problems in JIT skb access helpers. David Engraf (1): timers, sched_clock: Update timeout for clock wrap Davide Caratti (1): sched: act_csum: don't mangle TCP and UDP GSO packets Davidlohr Bueso (1): locking/locktorture: Fix num reader/writer corner cases Dean Jenkins (1): Bluetooth: Avoid bt_accept_unlink() double unlinking Dedy Lansky (1): wil6210: fix memory access violation in wil_memcpy_from/toio_32 Dmitry Safonov (1): x86/mm: Make mmap(MAP_32BIT) work correctly Easwar Hariharan (1): IB/hfi1: Check for QSFP presence before attempting reads Emmanuel Grumbach (1): iwlwifi: mvm: rs: don't override the rate history in the search cycle Eric Dumazet (1): bonding: refine bond_fold_stats() wrap detection Eric W. Biederman (2): userns: Don't fail follow_automount based on s_user_ns fs: Teach path_connected to handle nfs filesystems with multiple roots. Felipe Balbi (1): usb: dwc3: make sure UX_EXIT_PX is cleared Felix Manlunas (1): vxlan: vxlan dev should inherit lowerdev's gso_max_size Fugang Duan (1): net: fec: add phy-reset-gpios PROBE_DEFER check Gabriel Krisman Bertazi (1): drm: qxl: Don't alloc fbdev if emulation is not supported Ganapathi Bhat (1): mwifiex: Fix invalid port issue Gao Feng (1): tcp: sysctl: Fix a race to avoid unexpected 0 window from space Geert Uytterhoeven (12): ARM: dts: r8a7791: Remove unit-address and reg from integrated cache ARM: dts: r8a7792: Remove unit-address and reg from integrated cache ARM: dts: r8a7793: Remove unit-address and reg from integrated cache ARM: dts: r8a7794: Remove unit-address and reg from integrated cache arm64: dts: r8a7796: Remove unit-address and reg from integrated cache ARM: dts: r8a7794: Add DU1 clock to device tree ARM: dts: r8a7794: Correct clock of DU1 ARM: dts: silk: Correct clock of DU1 ARM: dts: r8a7790: Correct parent of SSI[0-9] clocks ARM: dts: r8a7791: Correct parent of SSI[0-9] clocks ARM: dts: r8a7793: Correct parent of SSI[0-9] clocks ARM: dts: koelsch: Correct clock frequency of X2 DU clock input Greg KH (1): eventpoll.h: fix epoll event masks Greg Kroah-Hartman (1): Linux 4.9.89 H. Nikolaus Schaller (1): Input: tsc2007 - check for presence and power down tsc2007 during probe Hamad Kadmany (1): wil6210: fix protection against connections during reset Hannes Reinecke (1): scsi: sg: close race condition in sg_remove_sfp_usercontext() Hans van Kranenburg (1): btrfs: alloc_chunk: fix DUP stripe size handling Heiko Carstens (1): s390/topology: fix typo in early topology code Hou Tao (1): blkcg: fix double free of new_blkg in blkcg_init_queue Iyappan Subramanian (1): drivers: net: xgene: Fix Rx checksum validation logic Jaegeuk Kim (1): f2fs: relax node version check for victim data in gc Jagdish Gediya (1): mtd: nand: ifc: update bufnum mask for ver >= 2.0.0 Jan Kara (1): reiserfs: Make cancel_old_flush() reliable Jani Nikula (1): drm/edid: set ELD connector type in drm_edid_to_eld() Janusz Krzysztofik (1): media: i2c/soc_camera: fix ov6650 sensor getting wrong clock Javier Martinez Canillas (2): Input: qt1070 - add OF device ID table ASoC: rt5677: Add OF device ID table Jayachandran C (1): tty: amba-pl011: Fix spurious TX interrupts Jeffy Chen (1): drm/rockchip: vop: Enable pm domain before vop_initial Jiada Wang (1): dmaengine: imx-sdma: add 1ms delay to ensure SDMA channel is stopped Jim Mattson (1): kvm: nVMX: Disallow userspace-injected exceptions in guest mode Jin Yao (1): perf evsel: Return exact sub event which failed with EPERM for wildcards Jiri Kosina (1): HID: elo: clear BTN_LEFT mapping Jitendra Bhivare (1): scsi: be2iscsi: Check tag in beiscsi_mccq_compl_wait Johan Hovold (1): zd1211rw: fix NULL-deref at probe Johannes Berg (2): iwlwifi: mvm: fix RX SKB header size and align it properly mac80211_hwsim: use per-interface power level Johannes Thumshirn (4): scsi: sg: check for valid direction before starting the request scsi: sg: fix SG_DXFER_FROM_DEV transfers scsi: sg: fix static checker warning in sg_is_valid_dxfer scsi: sg: only check for dxfer_len greater than 256M John David Anglin (1): parisc: Handle case where flush_cache_range is called with no context John Johansen (1): apparmor: Make path_max parameter readonly John Stultz (1): usb: dwc2: Make sure we disconnect the gadget state Josh Poimboeuf (1): powerpc/modules: Don't try to restore r2 after a sibling call Julien BOIBESSOT (1): tools/usbip: fixes build with musl libc toolchain Kefeng Wang (1): perf probe: Return errno when not hitting any event Kieran Bingham (3): v4l: vsp1: Prevent multiple streamon race commencing pipeline early v4l: vsp1: Register pipe with output WPF media: vsp1: Prevent suspending and resuming DRM pipelines Kirill A. Shutemov (2): mm: Fix false-positive VM_BUG_ON() in page_cache_{get,add}_speculative() x86/cpufeatures: Add Intel PCONFIG cpufeature Kuninori Morimoto (1): ASoC: rcar: ssi: don't set SSICR.CKDV = 000 with SSIWSR.CONT Laurent Pinchart (1): drm: rcar-du: Handle event when disabling CRTCs Laxman Dewangan (1): pwm: tegra: Increase precision in PWM rate calculation Leonid Yegoshin (1): MIPS: r2-on-r6-emu: Fix BLEZL and BGTZL identification Li Dongyang (1): scsi: ses: don't ask for diagnostic pages repeatedly during probe Liam Beguin (1): video: ARM CLCD: fix dma allocation size Lihong Yang (1): i40e: fix ethtool to get EEPROM data from X722 interface Limin Zhu (1): mwifiex: cfg80211: do not change virtual interface during scan processing Linus Walleij (1): ARM: dts: Adjust moxart IRQ controller and flags Long Li (2): PCI: hv: Properly handle PCI bus remove PCI: hv: Lock PCI bus on device eject Lorenzo Colitti (1): net: xfrm: allow clearing socket xfrm policies. Luca Coelho (1): mac80211: remove BUG() when interface type is invalid Luis R. Rodriguez (1): test_firmware: fix setting old custom fw path back on exit Mahesh Bandewar (2): bonding: make speed, duplex setting consistent with link state ipvlan: add L2 check for packets arriving via virtual devices Manikanta Pubbisetty (1): ath10k: update tdls teardown state to target Manish Jaggi (1): PCI: Apply Cavium ACS quirk only to CN81xx/CN83xx/CN88xx devices Mark Rutland (1): drivers/perf: arm_pmu: handle no platform_device Masami Hiramatsu (2): kprobes/x86: Fix kprobe-booster not to boost far call instructions kprobes/x86: Set kprobes pages read-only Matthias Kaehlcke (1): regulator: core: Limit propagation of parent voltage count and list Mauricio Faria de Oliveira (1): scsi: ses: don't get power status of SES device slot on probe Michael Chan (1): bnxt_en: Don't print "Link speed -1 no longer supported" messages. Michael Ellerman (1): powerpc/nohash: Fix use of mmu_has_feature() in setup_initial_memory_limit() Michael Hennerich (1): net: ieee802154: adf7242: Fix bug if defined DEBUG Michael Scott (1): Bluetooth: 6lowpan: fix delay work init in add_peer_chan() Michal Kalderon (1): qed: Fix TM block ILT allocation Michel Dänzer (1): drm/amdgpu/dce: Don't turn off DP sink when disconnected Mike Leach (1): coresight: Fixes coresight DT parse to get correct output port ID. Mimi Zohar (1): ima: relax requiring a file signature for new files with zero length Mintz, Yuval (2): qed: Always publish VF link from leading hwfn qed: Correct MSI-x for storage Miquel Raynal (1): mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp]() Mitch Williams (1): i40e: only register client on iWarp-capable devices Mohammed Shafi Shajakhan (4): ath10k: fix a warning during channel switch with multiple vaps ath10k: disallow DFS simulation if DFS channel is not enabled ath10k: fix fetching channel during potential radar detection ath10k: fix compile time sanity check for CE4 buffer size Nate Watterson (1): iommu/iova: Fix underflow bug in __alloc_and_insert_iova_range NeilBrown (1): md/raid6: Fix anomily when recovering a single device in RAID6. Nicolai Hähnle (1): drm/ttm: never add BO that failed to validate to the LRU list Nik Unger (1): netem: apply correct delay when rate throttling Nikolay Borisov (1): btrfs: Fix use-after-free when cleaning up fs_devs with a single stale device Oliver Neukum (1): usb: misc: lvs: fix race condition in disconnect handling Paul E. McKenney (2): sched: Stop switched_to_rt() from sending IPIs to offline CPUs sched: Stop resched_cpu() from sending IPIs to offline CPUs Peter Zijlstra (1): rtmutex: Fix PI chain order integrity Petr Mladek (1): printk: Correctly handle preemption in console_unlock() Phil Turnbull (1): fm10k: correctly check if interface is removed Prarit Bhargava (1): PCI/MSI: Stop disabling MSI/MSI-X in pci_device_shutdown() Quan Nguyen (3): drivers: net: xgene: Fix hardware checksum setting drivers: net: phy: xgene: Fix mdio write drivers: net: xgene: Fix wrong logical operation Rajendra Nayak (1): clk: qcom: msm8996: Fix the vfe1 powerdomain name Ravi Bangoria (1): perf probe: Fix concat_probe_trace_events Ricardo Neri (2): selftests/x86: Add tests for User-Mode Instruction Prevention selftests/x86: Add tests for the STR and SLDT instructions Rob Herring (1): of: fix of_device_get_modalias returned length when truncating buffers Salil (1): net: hns: Some checkpatch.pl script & warning fixes Samuel Thibault (1): braille-console: Fix value returned by _braille_console_setup Satish Kharat (1): scsi: fnic: Fix for "Number of Active IOs" in fnicstats becoming negative SeongJae Park (1): rcutorture/configinit: Fix build directory error message Shaohua Li (1): blk-throttle: make sure expire time isn't too big Shikhar Dogra (1): driver: (adm1275) set the m,b and R coefficients correctly for power Simon Shields (1): ARM: dts: exynos: Correct Trats2 panel reset line Sinclair Yeh (1): drm/vmwgfx: Fixes to vmwgfx_fb Srinath Mannam (1): usb: gadget: bdc: 64-bit pointer capability check Srinivas Kandagatla (1): clk: qcom: msm8916: fix mnd_width for codec_digcodec Stefan Wahren (1): ARM: bcm2835: Enable missing CMA settings for VC4 driver Stephane Eranian (2): perf tools: Make perf_event__synthesize_mmap_events() scale perf stat: Fix bug in handling events in error state Stephen Hemminger (1): veth: set peer GSO values Steve Lin (1): net: ethernet: bgmac: Allow MAC address to be specified in DTB Subhransu S. Prusty (1): ALSA: hda: Add Geminilake id to SKL_PLUS Sunil Goutham (1): net: thunderx: Set max queue count taking XDP_TX into account Taeung Song (1): perf annotate: Fix a bug following symbolic link of a build-id file Takashi Iwai (4): ALSA: pcm: Fix UAF in snd_pcm_oss_get_formats() ALSA: hda - Revert power_save option default value ALSA: seq: Fix possible UAF in snd_seq_check_queue() ALSA: seq: Clear client entry before deleting else at closing Takashi Sakamoto (3): ALSA: firewire-lib: add a quirk of packet without valid EOH in CIP format ALSA: firewire-digi00x: add support for console models of Digi00x series ALSA: firewire-digi00x: handle all MIDI messages on streaming packets Tejun Heo (2): fs/aio: Add explicit RCU grace period when freeing kioctx fs/aio: Use RCU accessors for kioctx_table->table[] Thinh Nguyen (1): usb: dwc3: Fix GDBGFIFOSPACE_TYPE values Thor Thayer (1): EDAC, altera: Fix peripheral warnings for Cyclone5 Tobias Jordan (1): spi: sun6i: disable/unprepare clocks on remove Tobias Klauser (1): NFC: nfcmrvl: Include unaligned.h instead of access_ok.h Tom Hromatka (1): sysrq: Reset the watchdog timers while displaying high-resolution timers Tomasz Kramkowski (1): HID: clamp input to logical range if no null state Tommi Rantala (1): perf buildid: Do not assume that readlink() returns a null terminated string Toshi Kani (1): x86/mm: Fix vmalloc_fault to use pXd_large Uwe Kleine-König (1): serial: imx: setup DCEDTE early and ensure DCD and RI irqs to be off Valtteri Heikkilä (1): HID: reject input outside logical range only if null state is set Varsha Rao (1): staging: speakup: Replace BUG_ON() with WARN_ON(). Ville Syrjälä (1): video/hdmi: Allow "empty" HDMI infoframes Vincent Stehlé (1): regulator: isl9305: fix array size Wei Yongjun (1): USB: gadget: udc: Add missing platform_device_put() on error in bdc_pci_probe() Xose Vazquez Perez (2): scsi: devinfo: apply to HP XP the same flags as Hitachi VSP scsi: dh: add new rdac devices Xunlei Pang (1): x86/mce: Handle broadcasted MCE gracefully with kexec Yazen Ghannam (1): x86/mce: Init some CPU features early Yixun Lan (1): clk: meson: gxbb: fix wrong clock for SARADC/SANA Yong Zhao (1): drm/amdkfd: Fix memory leaks in kfd topology Yuyang Du (1): usb: gadget: dummy_hcd: Fix wrong power status bit clear/reset in dummy_hub_control() Zhilong Liu (1): md.c:didn't unlock the mddev before return EINVAL in array_size_store lipeng (1): net: hns: Correct HNS RSS key set function

7 years, 6 months

1
1
0 0

[PATCH v2 2/6] phy: qcom-qusb2: Fix crash if nvmem cell not specified

by Manu Gautam

Driver currently crashes due to NULL pointer deference while updating PHY tune register if nvmem cell is NULL. Since, fused value for Tune1/2 register is optional, we'd rather bail out. Fixes: ca04d9d3e1b1 ("phy: qcom-qusb2: New driver for QUSB2 PHY on Qcom chips") Reviewed-by: Vivek Gautam <vivek.gautam(a)codeaurora.org> Cc: stable <stable(a)vger.kernel.org> # 4.14+ Signed-off-by: Manu Gautam <mgautam(a)codeaurora.org> --- drivers/phy/qualcomm/phy-qcom-qusb2.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/phy/qualcomm/phy-qcom-qusb2.c b/drivers/phy/qualcomm/phy-qcom-qusb2.c index 94afeac..40fdef8 100644 --- a/drivers/phy/qualcomm/phy-qcom-qusb2.c +++ b/drivers/phy/qualcomm/phy-qcom-qusb2.c @@ -315,6 +315,10 @@ static void qusb2_phy_set_tune2_param(struct qusb2_phy *qphy) const struct qusb2_phy_cfg *cfg = qphy->cfg; u8 *val; + /* efuse register is optional */ + if (!qphy->cell) + return; + /* * Read efuse register having TUNE2/1 parameter's high nibble. * If efuse register shows value as 0x0, or if we fail to find -- The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum, a Linux Foundation Collaborative Project

7 years, 6 months

1
0
0 0

[PATCH 4.9 000/241] 4.9.89-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.89 release. There are 241 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Mar 21 18:07:03 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.89-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.89-rc1 Srinath Mannam <srinath.mannam(a)broadcom.com> usb: gadget: bdc: 64-bit pointer capability check Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: Fix GDBGFIFOSPACE_TYPE values Wei Yongjun <weiyongjun1(a)huawei.com> USB: gadget: udc: Add missing platform_device_put() on error in bdc_pci_probe() Bill Kuzeja <William.Kuzeja(a)stratus.com> scsi: qla2xxx: Fix extraneous ref on sp's after adapter break Nikolay Borisov <nborisov(a)suse.com> btrfs: Fix use-after-free when cleaning up fs_devs with a single stale device Hans van Kranenburg <hans.van.kranenburg(a)mendix.com> btrfs: alloc_chunk: fix DUP stripe size handling Johannes Thumshirn <jthumshirn(a)suse.de> scsi: sg: only check for dxfer_len greater than 256M Johannes Thumshirn <jthumshirn(a)suse.de> scsi: sg: fix static checker warning in sg_is_valid_dxfer Johannes Thumshirn <jthumshirn(a)suse.de> scsi: sg: fix SG_DXFER_FROM_DEV transfers Ard Biesheuvel <ard.biesheuvel(a)linaro.org> irqchip/gic-v3-its: Ensure nr_ites >= nr_lpis Tejun Heo <tj(a)kernel.org> fs/aio: Use RCU accessors for kioctx_table->table[] Tejun Heo <tj(a)kernel.org> fs/aio: Add explicit RCU grace period when freeing kioctx Al Viro <viro(a)zeniv.linux.org.uk> lock_parent() needs to recheck if dentry got __dentry_kill'ed under it Eric W. Biederman <ebiederm(a)xmission.com> fs: Teach path_connected to handle nfs filesystems with multiple roots. Michel Dänzer <michel.daenzer(a)amd.com> drm/amdgpu/dce: Don't turn off DP sink when disconnected Christian König <christian.koenig(a)amd.com> drm/amdgpu: fix prime teardown order Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Clear client entry before deleting else at closing Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Fix possible UAF in snd_seq_check_queue() Takashi Iwai <tiwai(a)suse.de> ALSA: hda - Revert power_save option default value Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Fix UAF in snd_pcm_oss_get_formats() John David Anglin <dave.anglin(a)bell.net> parisc: Handle case where flush_cache_range is called with no context Toshi Kani <toshi.kani(a)hpe.com> x86/mm: Fix vmalloc_fault to use pXd_large Alexander Sergeyev <sergeev917(a)gmail.com> x86/speculation: Remove Skylake C2 from Speculation Control microcode blacklist Andy Whitcroft <apw(a)canonical.com> x86/speculation, objtool: Annotate indirect calls/jumps for objtool on 32-bit kernels Andy Lutomirski <luto(a)kernel.org> x86/vm86/32: Fix POPF emulation Andy Lutomirski <luto(a)kernel.org> selftests/x86/entry_from_vm86: Add test cases for POPF Ricardo Neri <ricardo.neri-calderon(a)linux.intel.com> selftests/x86: Add tests for the STR and SLDT instructions Ricardo Neri <ricardo.neri-calderon(a)linux.intel.com> selftests/x86: Add tests for User-Mode Instruction Prevention Andy Lutomirski <luto(a)kernel.org> selftests/x86/entry_from_vm86: Exit with 1 if we fail Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/cpufeatures: Add Intel PCONFIG cpufeature Andy Lutomirski <luto(a)kernel.org> x86/boot/32: Fix UP boot on Quark and possibly other platforms Salil <salil.mehta(a)huawei.com> net: hns: Some checkpatch.pl script & warning fixes Mimi Zohar <zohar(a)linux.vnet.ibm.com> ima: relax requiring a file signature for new files with zero length Davidlohr Bueso <dave(a)stgolabs.net> locking/locktorture: Fix num reader/writer corner cases SeongJae Park <sj38.park(a)gmail.com> rcutorture/configinit: Fix build directory error message Mahesh Bandewar <maheshb(a)google.com> ipvlan: add L2 check for packets arriving via virtual devices Dan Carpenter <dan.carpenter(a)oracle.com> ASoC: nuc900: Fix a loop timeout test Luca Coelho <luciano.coelho(a)intel.com> mac80211: remove BUG() when interface type is invalid Adiel Aloni <adiel.aloni(a)intel.com> mac80211_hwsim: enforce PS_MANUAL_POLL to be set after PS_ENABLED Chris Wilson <chris(a)chris-wilson.co.uk> agp/intel: Flush all chipset writes after updating the GGTT Josh Poimboeuf <jpoimboe(a)redhat.com> powerpc/modules: Don't try to restore r2 after a sibling call Yong Zhao <yong.zhao(a)amd.com> drm/amdkfd: Fix memory leaks in kfd topology Stephen Hemminger <stephen(a)networkplumber.org> veth: set peer GSO values Dan Carpenter <dan.carpenter(a)oracle.com> media: cpia2: Fix a couple off by one bugs Kieran Bingham <kieran.bingham+renesas(a)ideasonboard.com> media: vsp1: Prevent suspending and resuming DRM pipelines Xose Vazquez Perez <xose.vazquez(a)gmail.com> scsi: dh: add new rdac devices Xose Vazquez Perez <xose.vazquez(a)gmail.com> scsi: devinfo: apply to HP XP the same flags as Hitachi VSP Bart Van Assche <bart.vanassche(a)wdc.com> scsi: core: scsi_get_device_flags_keyed(): Always return device flags Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Don't print "Link speed -1 no longer supported" messages. Tobias Jordan <Tobias.Jordan(a)elektrobit.com> spi: sun6i: disable/unprepare clocks on remove Julien BOIBESSOT <julien.boibessot(a)armadeus.com> tools/usbip: fixes build with musl libc toolchain Ben Greear <greearb(a)candelatech.com> ath10k: fix invalid STS_CAP_OFFSET_MASK Limin Zhu <liminzhu(a)marvell.com> mwifiex: cfg80211: do not change virtual interface during scan processing Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> clk: qcom: msm8916: fix mnd_width for codec_digcodec Axel Lin <axel.lin(a)ingics.com> pwm: stmpe: Fix wrong register offset for hwpwm=2 case Li Dongyang <dongyang.li(a)anu.edu.au> scsi: ses: don't ask for diagnostic pages repeatedly during probe Peter Ujfalusi <peter.ujfalusi(a)ti.com> dmaengine: bcm2835-dma: Use vchan_terminate_vdesc() instead of desc_free Manikanta Pubbisetty <mpubbise(a)qti.qualcomm.com> ath10k: update tdls teardown state to target Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> power: supply: ab8500_charger: Bail out in case of error in 'ab8500_charger_init_hw_registers()' Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> power: supply: ab8500_charger: Fix an error handling path Bjorn Andersson <bjorn.andersson(a)linaro.org> leds: pm8058: Silence pointer to integer size warning Eric W. Biederman <ebiederm(a)xmission.com> userns: Don't fail follow_automount based on s_user_ns Jagdish Gediya <jagdish.gediya(a)nxp.com> mtd: nand: ifc: update bufnum mask for ver >= 2.0.0 Andrew F. Davis <afd(a)ti.com> ARM: dts: omap3-n900: Fix the audio CODEC's reset pin Andrew F. Davis <afd(a)ti.com> ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin Sunil Goutham <sgoutham(a)cavium.com> net: thunderx: Set max queue count taking XDP_TX into account Miquel Raynal <miquel.raynal(a)free-electrons.com> mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp]() Lorenzo Colitti <lorenzo(a)google.com> net: xfrm: allow clearing socket xfrm policies. Michael Hennerich <michael.hennerich(a)analog.com> net: ieee802154: adf7242: Fix bug if defined DEBUG Luis R. Rodriguez <mcgrof(a)kernel.org> test_firmware: fix setting old custom fw path back on exit Paul E. McKenney <paulmck(a)linux.vnet.ibm.com> sched: Stop resched_cpu() from sending IPIs to offline CPUs Paul E. McKenney <paulmck(a)linux.vnet.ibm.com> sched: Stop switched_to_rt() from sending IPIs to offline CPUs Simon Shields <simon(a)lineageos.org> ARM: dts: exynos: Correct Trats2 panel reset line Yixun Lan <yixun.lan(a)amlogic.com> clk: meson: gxbb: fix wrong clock for SARADC/SANA Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> iwlwifi: mvm: rs: don't override the rate history in the search cycle Jiri Kosina <jkosina(a)suse.cz> HID: elo: clear BTN_LEFT mapping Ville Syrjälä <ville.syrjala(a)linux.intel.com> video/hdmi: Allow "empty" HDMI infoframes Jani Nikula <jani.nikula(a)intel.com> drm/edid: set ELD connector type in drm_edid_to_eld() Ganapathi Bhat <gbhat(a)marvell.com> mwifiex: Fix invalid port issue Stephane Eranian <eranian(a)google.com> perf stat: Fix bug in handling events in error state Dedy Lansky <qca_dlansky(a)qca.qualcomm.com> wil6210: fix memory access violation in wil_memcpy_from/toio_32 Hamad Kadmany <qca_hkadmany(a)qca.qualcomm.com> wil6210: fix protection against connections during reset Mohammed Shafi Shajakhan <mohammed(a)qti.qualcomm.com> ath10k: fix compile time sanity check for CE4 buffer size Johannes Berg <johannes.berg(a)intel.com> mac80211_hwsim: use per-interface power level Michael Scott <michael.scott(a)linaro.org> Bluetooth: 6lowpan: fix delay work init in add_peer_chan() Dean Jenkins <Dean_Jenkins(a)mentor.com> Bluetooth: Avoid bt_accept_unlink() double unlinking Rajendra Nayak <rnayak(a)codeaurora.org> clk: qcom: msm8996: Fix the vfe1 powerdomain name Laxman Dewangan <ldewangan(a)nvidia.com> pwm: tegra: Increase precision in PWM rate calculation Masami Hiramatsu <mhiramat(a)kernel.org> kprobes/x86: Set kprobes pages read-only Masami Hiramatsu <mhiramat(a)kernel.org> kprobes/x86: Fix kprobe-booster not to boost far call instructions Subhransu S. Prusty <subhransu.s.prusty(a)intel.com> ALSA: hda: Add Geminilake id to SKL_PLUS Hannes Reinecke <hare(a)suse.de> scsi: sg: close race condition in sg_remove_sfp_usercontext() Johannes Thumshirn <jthumshirn(a)suse.de> scsi: sg: check for valid direction before starting the request Alexey Kardashevskiy <aik(a)ozlabs.ru> vfio/spapr_tce: Check kzalloc() return when preregistering memory Alexey Kardashevskiy <aik(a)ozlabs.ru> vfio/powerpc/spapr_tce: Enforce IOMMU type compatibility check David Carrillo-Cisneros <davidcc(a)google.com> perf session: Don't rely on evlist in pipe mode Fugang Duan <fugang.duan(a)nxp.com> net: fec: add phy-reset-gpios PROBE_DEFER check David Carrillo-Cisneros <davidcc(a)google.com> perf inject: Copy events when reordering events in pipe mode Mark Rutland <mark.rutland(a)arm.com> drivers/perf: arm_pmu: handle no platform_device Johannes Berg <johannes.berg(a)intel.com> iwlwifi: mvm: fix RX SKB header size and align it properly Jin Yao <yao.jin(a)linux.intel.com> perf evsel: Return exact sub event which failed with EPERM for wildcards Yuyang Du <yuyang.du(a)intel.com> usb: gadget: dummy_hcd: Fix wrong power status bit clear/reset in dummy_hub_control() John Stultz <john.stultz(a)linaro.org> usb: dwc2: Make sure we disconnect the gadget state Michael Ellerman <mpe(a)ellerman.id.au> powerpc/nohash: Fix use of mmu_has_feature() in setup_initial_memory_limit() Zhilong Liu <zlliu(a)suse.com> md.c:didn't unlock the mddev before return EINVAL in array_size_store NeilBrown <neilb(a)suse.com> md/raid6: Fix anomily when recovering a single device in RAID6. Vincent Stehlé <vincent.stehle(a)laposte.net> regulator: isl9305: fix array size Kieran Bingham <kieran.bingham+renesas(a)ideasonboard.com> v4l: vsp1: Register pipe with output WPF Kieran Bingham <kieran.bingham+renesas(a)ideasonboard.com> v4l: vsp1: Prevent multiple streamon race commencing pipeline early Aleksandar Markovic <aleksandar.markovic(a)imgtec.com> MIPS: r2-on-r6-emu: Clear BLTZALL and BGEZALL debugfs counters Leonid Yegoshin <Leonid.Yegoshin(a)imgtec.com> MIPS: r2-on-r6-emu: Fix BLEZL and BGTZL identification David Daney <david.daney(a)cavium.com> MIPS: BPF: Fix multiple problems in JIT skb access helpers. David Daney <david.daney(a)cavium.com> MIPS: BPF: Quit clobbering callee saved registers in JIT code. Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> serial: imx: setup DCEDTE early and ensure DCD and RI irqs to be off Jayachandran C <jnair(a)caviumnetworks.com> tty: amba-pl011: Fix spurious TX interrupts Arnd Bergmann <arnd(a)arndb.de> lkdtm: turn off kcov for lkdtm_rodata_do_nothing: Mike Leach <mike.leach(a)linaro.org> coresight: Fixes coresight DT parse to get correct output port ID. Mitch Williams <mitch.a.williams(a)intel.com> i40e: only register client on iWarp-capable devices Jeffy Chen <jeffy.chen(a)rock-chips.com> drm/rockchip: vop: Enable pm domain before vop_initial Christopher James Halse Rogers <christopher.halse.rogers(a)canonical.com> drm/amdgpu: Fail fb creation from imported dma-bufs. (v2) Christopher James Halse Rogers <christopher.halse.rogers(a)canonical.com> drm/radeon: Fail fb creation from imported dma-bufs. Liam Beguin <lbeguin(a)tycoint.com> video: ARM CLCD: fix dma allocation size Jim Mattson <jmattson(a)google.com> kvm: nVMX: Disallow userspace-injected exceptions in guest mode Borislav Petkov <bp(a)suse.de> kvm/svm: Setup MCG_CAP on AMD properly Nate Watterson <nwatters(a)codeaurora.org> iommu/iova: Fix underflow bug in __alloc_and_insert_iova_range John Johansen <john.johansen(a)canonical.com> apparmor: Make path_max parameter readonly Mintz, Yuval <Yuval.Mintz(a)cavium.com> qed: Correct MSI-x for storage Mauricio Faria de Oliveira <mauricfo(a)linux.vnet.ibm.com> scsi: ses: don't get power status of SES device slot on probe Thor Thayer <thor.thayer(a)linux.intel.com> EDAC, altera: Fix peripheral warnings for Cyclone5 Phil Turnbull <phil.turnbull(a)oracle.com> fm10k: correctly check if interface is removed Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: firewire-digi00x: handle all MIDI messages on streaming packets Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: firewire-digi00x: add support for console models of Digi00x series Easwar Hariharan <easwar.hariharan(a)intel.com> IB/hfi1: Check for QSFP presence before attempting reads Javier Martinez Canillas <javier(a)osg.samsung.com> ASoC: rt5677: Add OF device ID table Jan Kara <jack(a)suse.cz> reiserfs: Make cancel_old_flush() reliable Chen-Yu Tsai <wens(a)csie.org> clk: sunxi-ng: a33: Add offset and minimum value for DDR1 PLL N factor Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: dts: koelsch: Correct clock frequency of X2 DU clock input Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> drm: rcar-du: Handle event when disabling CRTCs Arnd Bergmann <arnd(a)arndb.de> soc/tegra: Fix link errors with PMC disabled Petr Mladek <pmladek(a)suse.com> printk: Correctly handle preemption in console_unlock() Peter Zijlstra <peterz(a)infradead.org> rtmutex: Fix PI chain order integrity Michal Kalderon <Michal.Kalderon(a)cavium.com> qed: Fix TM block ILT allocation Andrew Lunn <andrew(a)lunn.ch> net/faraday: Add missing include of of.h lipeng <lipeng321(a)huawei.com> net: hns: Correct HNS RSS key set function Anton Blanchard <anton(a)samba.org> powerpc: Avoid taking a data miss on every userspace instruction miss Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: dts: r8a7793: Correct parent of SSI[0-9] clocks Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: dts: r8a7791: Correct parent of SSI[0-9] clocks Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: dts: r8a7790: Correct parent of SSI[0-9] clocks Chris Brandt <chris.brandt(a)renesas.com> ARM: dts: r7s72100: fix ethernet clock parent Andrey Rusalin <arusalin(a)dev.rtsoft.ru> NFC: pn533: change order of free_irq and dev unregistration Dan Carpenter <dan.carpenter(a)oracle.com> NFC: nfcmrvl: double free on error path Tobias Klauser <tklauser(a)distanz.ch> NFC: nfcmrvl: Include unaligned.h instead of access_ok.h Felix Manlunas <felix.manlunas(a)cavium.com> vxlan: vxlan dev should inherit lowerdev's gso_max_size Sinclair Yeh <syeh(a)vmware.com> drm/vmwgfx: Fixes to vmwgfx_fb Samuel Thibault <samuel.thibault(a)ens-lyon.org> braille-console: Fix value returned by _braille_console_setup Aneesh Kumar K.V <aneesh.kumar(a)linux.vnet.ibm.com> powerpc/mm/hugetlb: Filter out hugepage size not supported by page table layout Manish Jaggi <mjaggi(a)caviumnetworks.com> PCI: Apply Cavium ACS quirk only to CN81xx/CN83xx/CN88xx devices Eric Dumazet <edumazet(a)google.com> bonding: refine bond_fold_stats() wrap detection Nicolai Hähnle <nicolai.haehnle(a)amd.com> drm/ttm: never add BO that failed to validate to the LRU list Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: relax node version check for victim data in gc Arnaldo Carvalho de Melo <acme(a)redhat.com> perf trace: Handle unpaired raw_syscalls:sys_exit event Matthias Kaehlcke <mka(a)chromium.org> regulator: core: Limit propagation of parent voltage count and list Roger Quadros <rogerq(a)ti.com> ARM: DRA7: hwmod_data: Prevent wait_target_disable error for usb_otg_ss Shaohua Li <shli(a)fb.com> blk-throttle: make sure expire time isn't too big Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: dts: silk: Correct clock of DU1 Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: dts: r8a7794: Correct clock of DU1 Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: firewire-lib: add a quirk of packet without valid EOH in CIP format Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> mm: Fix false-positive VM_BUG_ON() in page_cache_{get,add}_speculative() Mahesh Bandewar <maheshb(a)google.com> bonding: make speed, duplex setting consistent with link state Shikhar Dogra <shidogra(a)cisco.com> driver: (adm1275) set the m,b and R coefficients correctly for power Jitendra Bhivare <jitendra.bhivare(a)broadcom.com> scsi: be2iscsi: Check tag in beiscsi_mccq_compl_wait Alexander Duyck <alexander.h.duyck(a)intel.com> i40e/i40evf: Fix use after free in Rx cleanup path Tommi Rantala <tommi.t.rantala(a)nokia.com> perf buildid: Do not assume that readlink() returns a null terminated string Taeung Song <treeze.taeung(a)gmail.com> perf annotate: Fix a bug following symbolic link of a build-id file Baruch Siach <baruch(a)tkos.co.il> ARM: dts: bcm2835: add index to the ethernet alias Felipe Balbi <felipe.balbi(a)linux.intel.com> usb: dwc3: make sure UX_EXIT_PX is cleared Jiada Wang <jiada_wang(a)mentor.com> dmaengine: imx-sdma: add 1ms delay to ensure SDMA channel is stopped Gao Feng <fgao(a)ikuai8.com> tcp: sysctl: Fix a race to avoid unexpected 0 window from space Akinobu Mita <akinobu.mita(a)gmail.com> spi: omap2-mcspi: poll OMAP2_MCSPI_CHSTAT_RXS for PIO transfer Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: rcar: ssi: don't set SSICR.CKDV = 000 with SSIWSR.CONT Long Li <longli(a)microsoft.com> PCI: hv: Lock PCI bus on device eject Long Li <longli(a)microsoft.com> PCI: hv: Properly handle PCI bus remove Davide Caratti <dcaratti(a)redhat.com> sched: act_csum: don't mangle TCP and UDP GSO packets Javier Martinez Canillas <javier(a)osg.samsung.com> Input: qt1070 - add OF device ID table Tom Hromatka <tom.hromatka(a)oracle.com> sysrq: Reset the watchdog timers while displaying high-resolution timers David Engraf <david.engraf(a)sysgo.com> timers, sched_clock: Update timeout for clock wrap Janusz Krzysztofik <jmkrzyszt(a)gmail.com> media: i2c/soc_camera: fix ov6650 sensor getting wrong clock Brian King <brking(a)linux.vnet.ibm.com> scsi: ipr: Fix missed EH wakeup Satish Kharat <satishkh(a)cisco.com> scsi: fnic: Fix for "Number of Active IOs" in fnicstats becoming negative Andy Lutomirski <luto(a)kernel.org> x86/boot/32: Defer resyncing initial_page_table until per-cpu is set up Anton Sviridenko <anton(a)corp.bluecherry.net> solo6x10: release vb2 buffers in solo_stop_streaming() Rob Herring <robh(a)kernel.org> of: fix of_device_get_modalias returned length when truncating buffers Andreas Pape <APape(a)phoenixcontact.com> batman-adv: handle race condition for claims between gateways Johan Hovold <johan(a)kernel.org> zd1211rw: fix NULL-deref at probe Heiko Carstens <heiko.carstens(a)de.ibm.com> s390/topology: fix typo in early topology code Mintz, Yuval <Yuval.Mintz(a)cavium.com> qed: Always publish VF link from leading hwfn Linus Walleij <linus.walleij(a)linaro.org> ARM: dts: Adjust moxart IRQ controller and flags Andrey Vagin <avagin(a)openvz.org> net/8021q: create device with all possible features in wanted_features Tomasz Kramkowski <tk(a)the-tk.com> HID: clamp input to logical range if no null state Kefeng Wang <wangkefeng.wang(a)huawei.com> perf probe: Return errno when not hitting any event Ravi Bangoria <ravi.bangoria(a)linux.vnet.ibm.com> perf probe: Fix concat_probe_trace_events Arvind Yadav <arvind.yadav.cs(a)gmail.com> omapfb: dss: Handle return errors in dss_init_ports() Yazen Ghannam <Yazen.Ghannam(a)amd.com> x86/mce: Init some CPU features early Nik Unger <njunger(a)uwaterloo.ca> netem: apply correct delay when rate throttling Steve Lin <steven.lin1(a)broadcom.com> net: ethernet: bgmac: Allow MAC address to be specified in DTB Stefan Wahren <stefan.wahren(a)i2se.com> ARM: bcm2835: Enable missing CMA settings for VC4 driver Oliver Neukum <oneukum(a)suse.com> usb: misc: lvs: fix race condition in disconnect handling Mohammed Shafi Shajakhan <mohammed(a)qti.qualcomm.com> ath10k: fix fetching channel during potential radar detection Mohammed Shafi Shajakhan <mohammed(a)qti.qualcomm.com> ath10k: disallow DFS simulation if DFS channel is not enabled Chris Wilson <chris(a)chris-wilson.co.uk> drm: Defer disabling the vblank IRQ until the next interrupt (for instant-off) Iyappan Subramanian <isubramanian(a)apm.com> drivers: net: xgene: Fix Rx checksum validation logic Quan Nguyen <qnguyen(a)apm.com> drivers: net: xgene: Fix wrong logical operation Quan Nguyen <qnguyen(a)apm.com> drivers: net: phy: xgene: Fix mdio write Quan Nguyen <qnguyen(a)apm.com> drivers: net: xgene: Fix hardware checksum setting Al Cooper <alcooperx(a)gmail.com> ARM: brcmstb: Enable ZONE_DMA for non 64-bit capable peripherals Stephane Eranian <eranian(a)google.com> perf tools: Make perf_event__synthesize_mmap_events() scale Lihong Yang <lihong.yang(a)intel.com> i40e: fix ethtool to get EEPROM data from X722 interface Aaron Salter <aaron.k.salter(a)intel.com> i40e: Acquire NVM lock before reads on all devices Greg KH <gregkh(a)linuxfoundation.org> eventpoll.h: fix epoll event masks Xunlei Pang <xlpang(a)redhat.com> x86/mce: Handle broadcasted MCE gracefully with kexec Changbin Du <changbin.du(a)intel.com> perf sort: Fix segfault with basic block 'cycles' sort dimension Dmitry Safonov <dsafonov(a)virtuozzo.com> x86/mm: Make mmap(MAP_32BIT) work correctly Alexander Potapenko <glider(a)google.com> selinux: check for address length in selinux_socket_bind() Prarit Bhargava <prarit(a)redhat.com> PCI/MSI: Stop disabling MSI/MSI-X in pci_device_shutdown() Thomas Petazzoni <thomas.petazzoni(a)free-electrons.com> net: mvpp2: set dma mask and coherent dma mask on PPv2.2 Chen-Yu Tsai <wens(a)csie.org> drm/sun4i: Fix TCON clock and regmap initialization sequence Mohammed Shafi Shajakhan <mohammed(a)qti.qualcomm.com> ath10k: fix a warning during channel switch with multiple vaps Chen-Yu Tsai <wens(a)csie.org> drm/sun4i: Set drm_crtc.port to the underlying TCON's output port node Chen-Yu Tsai <wens(a)csie.org> drm/sun4i: Fix up error path cleanup for master bind function Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: r8a7796: Remove unit-address and reg from integrated cache Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: dts: r8a7794: Remove unit-address and reg from integrated cache Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: dts: r8a7793: Remove unit-address and reg from integrated cache Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: dts: r8a7792: Remove unit-address and reg from integrated cache Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: dts: r8a7791: Remove unit-address and reg from integrated cache Gabriel Krisman Bertazi <krisman(a)collabora.co.uk> drm: qxl: Don't alloc fbdev if emulation is not supported Valtteri Heikkilä <rnd(a)nic.fi> HID: reject input outside logical range only if null state is set Colin Ian King <colin.king(a)canonical.com> staging: wilc1000: add check for kmalloc allocation failure. Varsha Rao <rvarsha016(a)gmail.com> staging: speakup: Replace BUG_ON() with WARN_ON(). Borislav Petkov <bp(a)suse.de> perf stat: Issue a HW watchdog disable hint H. Nikolaus Schaller <hns(a)goldelico.com> Input: tsc2007 - check for presence and power down tsc2007 during probe Hou Tao <houtao1(a)huawei.com> blkcg: fix double free of new_blkg in blkcg_init_queue ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/am335x-pepper.dts | 2 +- arch/arm/boot/dts/bcm283x-rpi-smsc9512.dtsi | 2 +- arch/arm/boot/dts/bcm283x-rpi-smsc9514.dtsi | 2 +- arch/arm/boot/dts/exynos4412-trats2.dts | 2 +- arch/arm/boot/dts/moxart-uc7112lx.dts | 2 +- arch/arm/boot/dts/moxart.dtsi | 17 +-- arch/arm/boot/dts/omap3-n900.dts | 4 +- arch/arm/boot/dts/r7s72100.dtsi | 2 +- arch/arm/boot/dts/r8a7790.dtsi | 7 +- arch/arm/boot/dts/r8a7791-koelsch.dts | 2 +- arch/arm/boot/dts/r8a7791.dtsi | 10 +- arch/arm/boot/dts/r8a7792.dtsi | 3 +- arch/arm/boot/dts/r8a7793.dtsi | 10 +- arch/arm/boot/dts/r8a7794-silk.dts | 2 +- arch/arm/boot/dts/r8a7794.dtsi | 5 +- arch/arm/configs/bcm2835_defconfig | 4 +- arch/arm/mach-bcm/Kconfig | 1 + arch/arm/mach-omap2/omap_hwmod_7xx_data.c | 2 + arch/arm64/boot/dts/renesas/r8a7796.dtsi | 3 +- arch/mips/kernel/mips-r2-to-r6-emul.c | 16 ++- arch/mips/net/bpf_jit.c | 16 ++- arch/mips/net/bpf_jit_asm.S | 23 ++-- arch/parisc/kernel/cache.c | 41 ++++++-- arch/powerpc/include/asm/code-patching.h | 1 + arch/powerpc/kernel/module_64.c | 12 ++- arch/powerpc/lib/code-patching.c | 5 + arch/powerpc/mm/fault.c | 2 +- arch/powerpc/mm/hugetlbpage.c | 18 ++++ arch/powerpc/mm/tlb_nohash.c | 2 +- arch/s390/kernel/early.c | 2 +- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/nospec-branch.h | 5 +- arch/x86/include/asm/reboot.h | 1 + arch/x86/kernel/cpu/intel.c | 3 +- arch/x86/kernel/cpu/mcheck/mce.c | 48 ++++++--- arch/x86/kernel/kprobes/core.c | 6 ++ arch/x86/kernel/kprobes/opt.c | 3 + arch/x86/kernel/reboot.c | 5 +- arch/x86/kernel/setup_percpu.c | 21 ++++ arch/x86/kernel/sys_x86_64.c | 4 +- arch/x86/kernel/vm86_32.c | 3 +- arch/x86/kvm/svm.c | 7 ++ arch/x86/kvm/x86.c | 3 +- arch/x86/mm/fault.c | 6 +- block/blk-cgroup.c | 4 +- block/blk-throttle.c | 11 ++ drivers/char/agp/intel-gtt.c | 2 + drivers/clk/meson/gxbb.c | 4 +- drivers/clk/qcom/gcc-msm8916.c | 1 + drivers/clk/qcom/mmcc-msm8996.c | 2 +- drivers/clk/sunxi-ng/ccu-sun8i-a33.c | 18 ++-- drivers/dma/bcm2835-dma.c | 10 +- drivers/dma/imx-sdma.c | 17 ++- drivers/edac/altera_edac.c | 22 +++- drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | 31 +++--- drivers/gpu/drm/amd/amdgpu/amdgpu_display.c | 6 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c | 2 - drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 2 + drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 10 ++ drivers/gpu/drm/drm_edid.c | 9 +- drivers/gpu/drm/drm_irq.c | 14 ++- drivers/gpu/drm/qxl/qxl_fb.c | 9 +- drivers/gpu/drm/radeon/radeon_display.c | 6 ++ drivers/gpu/drm/rcar-du/rcar_du_crtc.c | 7 ++ drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 29 +++-- drivers/gpu/drm/sun4i/sun4i_crtc.c | 5 + drivers/gpu/drm/sun4i/sun4i_drv.c | 16 ++- drivers/gpu/drm/sun4i/sun4i_tcon.c | 22 ++-- drivers/gpu/drm/ttm/ttm_bo.c | 12 ++- drivers/gpu/drm/vmwgfx/vmwgfx_fb.c | 4 +- drivers/hid/hid-elo.c | 6 ++ drivers/hid/hid-input.c | 20 ++-- drivers/hwmon/pmbus/adm1275.c | 4 +- drivers/hwtracing/coresight/of_coresight.c | 2 +- drivers/infiniband/hw/hfi1/chip.c | 7 +- drivers/input/keyboard/qt1070.c | 9 ++ drivers/input/touchscreen/tsc2007.c | 8 ++ drivers/iommu/iova.c | 2 +- drivers/irqchip/irq-gic-v3-its.c | 9 +- drivers/leds/leds-pm8058.c | 2 +- drivers/md/md.c | 4 +- drivers/md/raid5.c | 13 ++- drivers/media/i2c/soc_camera/ov6650.c | 2 +- drivers/media/pci/solo6x10/solo6x10-v4l2.c | 11 ++ drivers/media/platform/vsp1/vsp1_drm.c | 1 + drivers/media/platform/vsp1/vsp1_drv.c | 16 ++- drivers/media/platform/vsp1/vsp1_video.c | 13 +++ drivers/media/usb/cpia2/cpia2_v4l.c | 4 +- drivers/misc/Makefile | 2 + drivers/misc/enclosure.c | 7 +- drivers/mtd/nand/fsl_ifc_nand.c | 7 ++ drivers/mtd/nand/nand_base.c | 9 +- drivers/net/bonding/bond_main.c | 35 +++--- drivers/net/ethernet/apm/xgene/xgene_enet_hw.c | 1 + drivers/net/ethernet/apm/xgene/xgene_enet_hw.h | 1 + drivers/net/ethernet/apm/xgene/xgene_enet_main.c | 31 +++--- drivers/net/ethernet/broadcom/bgmac-bcma.c | 39 ++++--- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 10 +- drivers/net/ethernet/cavium/thunder/nicvf_main.c | 5 + drivers/net/ethernet/faraday/ftgmac100.c | 1 + drivers/net/ethernet/freescale/fec_main.c | 26 +++-- drivers/net/ethernet/hisilicon/hns/hns_ae_adapt.c | 23 ++-- drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c | 11 +- drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.h | 2 +- drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c | 1 - drivers/net/ethernet/hisilicon/hns/hns_enet.c | 5 +- drivers/net/ethernet/hisilicon/hns/hns_ethtool.c | 8 +- drivers/net/ethernet/intel/fm10k/fm10k_ethtool.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 5 + drivers/net/ethernet/intel/i40e/i40e_main.c | 19 ++-- drivers/net/ethernet/intel/i40e/i40e_nvm.c | 12 +-- drivers/net/ethernet/intel/i40e/i40e_txrx.c | 1 + drivers/net/ethernet/intel/i40evf/i40e_txrx.c | 1 + drivers/net/ethernet/marvell/mvpp2.c | 14 +++ drivers/net/ethernet/qlogic/qed/qed_cxt.c | 32 ++++-- drivers/net/ethernet/qlogic/qed/qed_main.c | 3 +- drivers/net/ethernet/qlogic/qed/qed_sriov.c | 13 ++- drivers/net/ieee802154/adf7242.c | 4 +- drivers/net/ipvlan/ipvlan_core.c | 4 + drivers/net/phy/mdio-xgene.c | 2 +- drivers/net/veth.c | 3 + drivers/net/vxlan.c | 5 + drivers/net/wireless/ath/ath10k/ce.c | 2 +- drivers/net/wireless/ath/ath10k/debug.c | 9 ++ drivers/net/wireless/ath/ath10k/mac.c | 12 ++- drivers/net/wireless/ath/ath10k/wmi.c | 5 + drivers/net/wireless/ath/ath10k/wmi.h | 3 +- drivers/net/wireless/ath/wil6210/main.c | 20 +++- drivers/net/wireless/ath/wil6210/wmi.c | 11 +- drivers/net/wireless/intel/iwlwifi/mvm/rs.c | 4 +- drivers/net/wireless/intel/iwlwifi/mvm/rx.c | 18 +++- drivers/net/wireless/mac80211_hwsim.c | 26 ++--- drivers/net/wireless/marvell/mwifiex/cfg80211.c | 6 ++ drivers/net/wireless/marvell/mwifiex/sdio.c | 4 +- drivers/net/wireless/zydas/zd1211rw/zd_usb.c | 3 + drivers/nfc/nfcmrvl/fw_dnld.c | 2 +- drivers/nfc/nfcmrvl/spi.c | 5 +- drivers/nfc/pn533/i2c.c | 4 +- drivers/of/device.c | 2 +- drivers/pci/host/pci-hyperv.c | 24 ++++- drivers/pci/pci-driver.c | 2 - drivers/pci/quirks.c | 3 + drivers/perf/arm_pmu.c | 12 ++- drivers/power/supply/ab8500_charger.c | 6 +- drivers/pwm/pwm-stmpe.c | 2 +- drivers/pwm/pwm-tegra.c | 7 +- drivers/regulator/core.c | 9 +- drivers/scsi/be2iscsi/be_cmds.c | 6 ++ drivers/scsi/fnic/fnic_scsi.c | 16 +-- drivers/scsi/ipr.c | 16 ++- drivers/scsi/qla2xxx/qla_os.c | 8 +- drivers/scsi/scsi_devinfo.c | 9 +- drivers/scsi/scsi_dh.c | 5 +- drivers/scsi/ses.c | 12 ++- drivers/scsi/sg.c | 35 +++--- drivers/spi/spi-omap2-mcspi.c | 9 +- drivers/spi/spi-sun6i.c | 2 +- drivers/staging/speakup/kobjects.c | 8 +- drivers/staging/wilc1000/host_interface.c | 2 + drivers/tty/serial/amba-pl011.c | 23 ++-- drivers/tty/serial/imx.c | 36 ++++--- drivers/usb/dwc2/hcd.c | 1 + drivers/usb/dwc3/core.c | 6 ++ drivers/usb/dwc3/core.h | 17 +-- drivers/usb/gadget/udc/bdc/bdc_core.c | 2 +- drivers/usb/gadget/udc/bdc/bdc_pci.c | 1 + drivers/usb/gadget/udc/dummy_hcd.c | 20 ++-- drivers/usb/misc/lvstest.c | 1 + drivers/vfio/vfio_iommu_spapr_tce.c | 13 +++ drivers/video/fbdev/amba-clcd.c | 4 +- drivers/video/fbdev/omap2/omapfb/dss/dss.c | 16 ++- drivers/video/hdmi.c | 51 +++++---- fs/aio.c | 44 +++++--- fs/btrfs/volumes.c | 12 ++- fs/dcache.c | 11 +- fs/f2fs/gc.c | 6 +- fs/namei.c | 8 +- fs/nfs/super.c | 2 + fs/reiserfs/journal.c | 2 +- fs/reiserfs/reiserfs.h | 1 + fs/reiserfs/super.c | 21 ++-- include/linux/fs.h | 1 + include/linux/pagemap.h | 4 +- include/linux/platform_data/isl9305.h | 2 +- include/linux/regulator/driver.h | 2 + include/net/tcp.h | 8 +- include/soc/tegra/pmc.h | 29 +++-- include/uapi/linux/eventpoll.h | 8 +- kernel/locking/locktorture.c | 76 +++++++------ kernel/locking/rtmutex.c | 29 ++++- kernel/locking/rtmutex_common.h | 1 + kernel/printk/braille.c | 15 +-- kernel/printk/braille.h | 13 ++- kernel/printk/printk.c | 8 +- kernel/sched/core.c | 3 +- kernel/sched/rt.c | 2 +- kernel/time/sched_clock.c | 5 + kernel/time/timer_list.c | 6 ++ net/8021q/vlan_dev.c | 3 +- net/batman-adv/bridge_loop_avoidance.c | 20 +++- net/bluetooth/6lowpan.c | 10 +- net/bluetooth/af_bluetooth.c | 24 +++++ net/mac80211/iface.c | 2 +- net/sched/act_csum.c | 12 +++ net/sched/sch_netem.c | 26 +++-- net/xfrm/xfrm_policy.c | 2 +- net/xfrm/xfrm_state.c | 7 ++ security/apparmor/lsm.c | 2 +- security/integrity/ima/ima_appraise.c | 3 +- security/selinux/hooks.c | 8 ++ sound/core/oss/pcm_oss.c | 10 +- sound/core/seq/seq_clientmgr.c | 4 +- sound/core/seq/seq_prioq.c | 28 ++--- sound/core/seq/seq_prioq.h | 6 +- sound/core/seq/seq_queue.c | 28 ++--- sound/firewire/amdtp-stream.c | 5 +- sound/firewire/amdtp-stream.h | 3 + sound/firewire/digi00x/amdtp-dot.c | 55 ++++++---- sound/firewire/digi00x/digi00x.c | 13 ++- sound/firewire/digi00x/digi00x.h | 1 + sound/pci/hda/hda_intel.c | 13 ++- sound/soc/codecs/rt5677.c | 7 ++ sound/soc/nuc900/nuc900-ac97.c | 4 +- sound/soc/sh/rcar/ssi.c | 9 ++ tools/perf/builtin-probe.c | 6 +- tools/perf/builtin-stat.c | 23 +++- tools/perf/builtin-trace.c | 43 ++++++-- tools/perf/util/annotate.c | 10 +- tools/perf/util/build-id.c | 6 +- tools/perf/util/event.c | 4 +- tools/perf/util/evsel.c | 12 ++- tools/perf/util/ordered-events.c | 3 +- tools/perf/util/probe-event.c | 2 +- tools/perf/util/session.c | 17 ++- tools/perf/util/sort.c | 5 + tools/testing/selftests/firmware/fw_filesystem.sh | 5 +- .../testing/selftests/rcutorture/bin/configinit.sh | 2 +- tools/testing/selftests/x86/entry_from_vm86.c | 117 ++++++++++++++++++++- tools/usb/usbip/src/usbipd.c | 2 +- 240 files changed, 1802 insertions(+), 691 deletions(-)

7 years, 6 months

5
240
0 0

Re: [PATCH v3] drm/i915/gvt: throw error on unhandled vfio ioctls

by Alex Williamson

On Wed, 21 Mar 2018 15:08:47 +0100 Gerd Hoffmann <kraxel(a)redhat.com> wrote: > On unknown/unhandled ioctls the driver should return an error, so > userspace knows it tried to use something unsupported. > > Cc: stable(a)vger.kernel.org > Signed-off-by: Gerd Hoffmann <kraxel(a)redhat.com> > --- > drivers/gpu/drm/i915/gvt/kvmgt.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/i915/gvt/kvmgt.c b/drivers/gpu/drm/i915/gvt/kvmgt.c > index 021f722e24..f34d7f1e6c 100644 > --- a/drivers/gpu/drm/i915/gvt/kvmgt.c > +++ b/drivers/gpu/drm/i915/gvt/kvmgt.c > @@ -1284,7 +1284,7 @@ static long intel_vgpu_ioctl(struct mdev_device *mdev, unsigned int cmd, > > } > > - return 0; > + return -ENOTTY; > } > > static ssize_t Reviewed-by: Alex Williamson <alex.williamson(a)redhat.com>

7 years, 6 months

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror