- Linux-stable-mirror - lists.linaro.org

patch "xhci: xhci-mem: off by one in xhci_stream_id_to_ring()" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled xhci: xhci-mem: off by one in xhci_stream_id_to_ring() to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 313db3d6488bb03b61b99de9dbca061f1fd838e1 Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)oracle.com> Date: Wed, 4 Jul 2018 12:48:53 +0300 Subject: xhci: xhci-mem: off by one in xhci_stream_id_to_ring() The > should be >= here so that we don't read one element beyond the end of the ep->stream_info->stream_rings[] array. Fixes: e9df17eb1408 ("USB: xhci: Correct assumptions about number of rings per endpoint.") Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/host/xhci-mem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c index 8a62eee9eee1..ef350c33dc4a 100644 --- a/drivers/usb/host/xhci-mem.c +++ b/drivers/usb/host/xhci-mem.c @@ -595,7 +595,7 @@ struct xhci_ring *xhci_stream_id_to_ring( if (!ep->stream_info) return NULL; - if (stream_id > ep->stream_info->num_streams) + if (stream_id >= ep->stream_info->num_streams) return NULL; return ep->stream_info->stream_rings[stream_id]; } -- 2.18.0

7 years, 5 months

1
0
0 0

patch "USB: serial: mos7840: fix status-register error handling" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: serial: mos7840: fix status-register error handling to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 794744abfffef8b1f3c0c8a4896177d6d13d653d Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan(a)kernel.org> Date: Wed, 4 Jul 2018 17:02:17 +0200 Subject: USB: serial: mos7840: fix status-register error handling Add missing transfer-length sanity check to the status-register completion handler to avoid leaking bits of uninitialised slab data to user space. Fixes: 3f5429746d91 ("USB: Moschip 7840 USB-Serial Driver") Cc: stable <stable(a)vger.kernel.org> # 2.6.19 Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/usb/serial/mos7840.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/usb/serial/mos7840.c b/drivers/usb/serial/mos7840.c index fdceb46d9fc6..b580b4c7fa48 100644 --- a/drivers/usb/serial/mos7840.c +++ b/drivers/usb/serial/mos7840.c @@ -468,6 +468,9 @@ static void mos7840_control_callback(struct urb *urb) } dev_dbg(dev, "%s urb buffer size is %d\n", __func__, urb->actual_length); + if (urb->actual_length < 1) + goto out; + dev_dbg(dev, "%s mos7840_port->MsrLsr is %d port %d\n", __func__, mos7840_port->MsrLsr, mos7840_port->port_num); data = urb->transfer_buffer; -- 2.18.0

7 years, 5 months

1
0
0 0

patch "USB: serial: ch341: fix type promotion bug in ch341_control_in()" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: serial: ch341: fix type promotion bug in ch341_control_in() to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From e33eab9ded328ccc14308afa51b5be7cbe78d30b Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)oracle.com> Date: Wed, 4 Jul 2018 12:29:38 +0300 Subject: USB: serial: ch341: fix type promotion bug in ch341_control_in() The "r" variable is an int and "bufsize" is an unsigned int so the comparison is type promoted to unsigned. If usb_control_msg() returns a negative that is treated as a high positive value and the error handling doesn't work. Fixes: 2d5a9c72d0c4 ("USB: serial: ch341: fix control-message error handling") Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/usb/serial/ch341.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/serial/ch341.c b/drivers/usb/serial/ch341.c index bdd7a5ad3bf1..3bb1fff02bed 100644 --- a/drivers/usb/serial/ch341.c +++ b/drivers/usb/serial/ch341.c @@ -128,7 +128,7 @@ static int ch341_control_in(struct usb_device *dev, r = usb_control_msg(dev, usb_rcvctrlpipe(dev, 0), request, USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_IN, value, index, buf, bufsize, DEFAULT_TIMEOUT); - if (r < bufsize) { + if (r < (int)bufsize) { if (r >= 0) { dev_err(&dev->dev, "short control message received (%d < %u)\n", -- 2.18.0

7 years, 5 months

1
0
0 0

patch "USB: serial: keyspan_pda: fix modem-status error handling" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: serial: keyspan_pda: fix modem-status error handling to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 01b3cdfca263a17554f7b249d20a247b2a751521 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan(a)kernel.org> Date: Wed, 4 Jul 2018 17:02:16 +0200 Subject: USB: serial: keyspan_pda: fix modem-status error handling Fix broken modem-status error handling which could lead to bits of slab data leaking to user space. Fixes: 3b36a8fd6777 ("usb: fix uninitialized variable warning in keyspan_pda") Cc: stable <stable(a)vger.kernel.org> # 2.6.27 Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/usb/serial/keyspan_pda.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/usb/serial/keyspan_pda.c b/drivers/usb/serial/keyspan_pda.c index 5169624d8b11..38d43c4b7ce5 100644 --- a/drivers/usb/serial/keyspan_pda.c +++ b/drivers/usb/serial/keyspan_pda.c @@ -369,8 +369,10 @@ static int keyspan_pda_get_modem_info(struct usb_serial *serial, 3, /* get pins */ USB_TYPE_VENDOR|USB_RECIP_INTERFACE|USB_DIR_IN, 0, 0, data, 1, 2000); - if (rc >= 0) + if (rc == 1) *value = *data; + else if (rc >= 0) + rc = -EIO; kfree(data); return rc; -- 2.18.0

7 years, 5 months

1
0
0 0

patch "USB: serial: cp210x: add another USB ID for Qivicon ZigBee stick" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: serial: cp210x: add another USB ID for Qivicon ZigBee stick to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 367b160fe4717c14a2a978b6f9ffb75a7762d3ed Mon Sep 17 00:00:00 2001 From: Olli Salonen <olli.salonen(a)iki.fi> Date: Wed, 4 Jul 2018 14:07:42 +0300 Subject: USB: serial: cp210x: add another USB ID for Qivicon ZigBee stick There are two versions of the Qivicon Zigbee stick in circulation. This adds the second USB ID to the cp210x driver. Signed-off-by: Olli Salonen <olli.salonen(a)iki.fi> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/usb/serial/cp210x.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c index ee0cc1d90b51..626a29d9aa58 100644 --- a/drivers/usb/serial/cp210x.c +++ b/drivers/usb/serial/cp210x.c @@ -149,6 +149,7 @@ static const struct usb_device_id id_table[] = { { USB_DEVICE(0x10C4, 0x8977) }, /* CEL MeshWorks DevKit Device */ { USB_DEVICE(0x10C4, 0x8998) }, /* KCF Technologies PRN */ { USB_DEVICE(0x10C4, 0x89A4) }, /* CESINEL FTBC Flexible Thyristor Bridge Controller */ + { USB_DEVICE(0x10C4, 0x89FB) }, /* Qivicon ZigBee USB Radio Stick */ { USB_DEVICE(0x10C4, 0x8A2A) }, /* HubZ dual ZigBee and Z-Wave dongle */ { USB_DEVICE(0x10C4, 0x8A5E) }, /* CEL EM3588 ZigBee USB Stick Long Range */ { USB_DEVICE(0x10C4, 0x8B34) }, /* Qivicon ZigBee USB Radio Stick */ -- 2.18.0

7 years, 5 months

1
0
0 0

Re: Patch "drm/amd/display: release spinlock before committing updates to stream" has been added to the 4.17-stable tree

by Andrey Grodzovsky

This patch is wrong as noted by MIchel a while ago - quote from his review of the patch. "Actually, pflip_status should really only be set to AMDGPU_FLIP_SUBMITTED after the flip has been programmed to the hardware, at least as far as the lock holder is concerned. That's why the code was previously holding the lock until after the dc_commit_updates_for_stream call. Otherwise, it's at least theoretically possible that either: * dm_pflip_high_irq is called before dc_commit_updates_for_stream, but sees flip_status == AMDGPU_FLIP_SUBMITTED and sends the event to userspace prematurely * dm_pflip_high_irq is called after dc_commit_updates_for_stream, but sees flip_status != AMDGPU_FLIP_SUBMITTED, so it incorrectly doesn't send the event to userspace " It shouldn't go in. Andrey On 07/05/2018 11:59 AM, gregkh(a)linuxfoundation.org wrote: > This is a note to let you know that I've just added the patch titled > > drm/amd/display: release spinlock before committing updates to stream > > to the 4.17-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > drm-amd-display-release-spinlock-before-committing-updates-to-stream.patch > and it can be found in the queue-4.17 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > From 4de9f38bb2cce3a4821ffb8a83d6b08f6e37d905 Mon Sep 17 00:00:00 2001 > From: Shirish S <shirish.s(a)amd.com> > Date: Tue, 26 Jun 2018 09:32:39 +0530 > Subject: drm/amd/display: release spinlock before committing updates to stream > MIME-Version: 1.0 > Content-Type: text/plain; charset=UTF-8 > Content-Transfer-Encoding: 8bit > > From: Shirish S <shirish.s(a)amd.com> > > commit 4de9f38bb2cce3a4821ffb8a83d6b08f6e37d905 upstream. > > Currently, amdgpu_do_flip() spinlocks crtc->dev->event_lock and > releases it only after committing updates to the stream. > > dc_commit_updates_for_stream() should be moved out of > spinlock for the below reasons: > > 1. event_lock is supposed to protect access to acrct->pflip_status _only_ > 2. dc_commit_updates_for_stream() has potential sleep's > and also its not appropriate to be in an atomic state > for such long sequences of code. > > Signed-off-by: Shirish S <shirish.s(a)amd.com> > Suggested-by: Andrey Grodzovsky <andrey.grodzovsky(a)amd.com> > Reviewed-by: Michel Dänzer <michel.daenzer(a)amd.com> > Reviewed-by: Harry Wentland <harry.wentland(a)amd.com> > Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> > Cc: stable(a)vger.kernel.org > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > > --- > drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 6 ++---- > 1 file changed, 2 insertions(+), 4 deletions(-) > > --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c > +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c > @@ -3967,10 +3967,11 @@ static void amdgpu_dm_do_flip(struct drm > if (acrtc->base.state->event) > prepare_flip_isr(acrtc); > > + spin_unlock_irqrestore(&crtc->dev->event_lock, flags); > + > surface_updates->surface = dc_stream_get_status(acrtc_state->stream)->plane_states[0]; > surface_updates->flip_addr = &addr; > > - > dc_commit_updates_for_stream(adev->dm.dc, > surface_updates, > 1, > @@ -3983,9 +3984,6 @@ static void amdgpu_dm_do_flip(struct drm > __func__, > addr.address.grph.addr.high_part, > addr.address.grph.addr.low_part); > - > - > - spin_unlock_irqrestore(&crtc->dev->event_lock, flags); > } > > static void amdgpu_dm_commit_planes(struct drm_atomic_state *state, > > > Patches currently in stable-queue which might be from shirish.s(a)amd.com are > > queue-4.17/drm-amdgpu-add-apu-support-in-vi_set_vce_clocks.patch > queue-4.17/drm-amdgpu-add-apu-support-in-vi_set_uvd_clocks.patch > queue-4.17/drm-amd-display-release-spinlock-before-committing-updates-to-stream.patch

7 years, 5 months

4
5
0 0

[PATCH] soc: qcom: rmtfs-mem: fix memleak in probe error paths

by Johan Hovold

Make sure to set the mem device release callback before calling put_device() in a couple of probe error paths so that the containing object also gets freed. Fixes: d1de6d6c639b ("soc: qcom: Remote filesystem memory driver") Cc: stable <stable(a)vger.kernel.org> # 4.15 Cc: Bjorn Andersson <bjorn.andersson(a)linaro.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/soc/qcom/rmtfs_mem.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/soc/qcom/rmtfs_mem.c b/drivers/soc/qcom/rmtfs_mem.c index c8999e38b005..8a3678c2e83c 100644 --- a/drivers/soc/qcom/rmtfs_mem.c +++ b/drivers/soc/qcom/rmtfs_mem.c @@ -184,6 +184,7 @@ static int qcom_rmtfs_mem_probe(struct platform_device *pdev) device_initialize(&rmtfs_mem->dev); rmtfs_mem->dev.parent = &pdev->dev; rmtfs_mem->dev.groups = qcom_rmtfs_mem_groups; + rmtfs_mem->dev.release = qcom_rmtfs_mem_release_device; rmtfs_mem->base = devm_memremap(&rmtfs_mem->dev, rmtfs_mem->addr, rmtfs_mem->size, MEMREMAP_WC); @@ -206,8 +207,6 @@ static int qcom_rmtfs_mem_probe(struct platform_device *pdev) goto put_device; } - rmtfs_mem->dev.release = qcom_rmtfs_mem_release_device; - ret = of_property_read_u32(node, "qcom,vmid", &vmid); if (ret < 0 && ret != -EINVAL) { dev_err(&pdev->dev, "failed to parse qcom,vmid\n"); -- 2.17.1

7 years, 5 months

1
1
0 0

[PATCH] ALSA: hda/realtek - two more lenovo models need fixup of MIC_LOCATION

by Hui Wang

We have two new lenovo desktop models which need to apply the fixup of ALC294_FIXUP_LENOVO_MIC_LOCATION, and they have the same pin cfg as the machine with subsystem id:0x17aa3136, now use the pincfg table to apply the fixup for them. Cc: <stable(a)vger.kernel.org> Signed-off-by: Hui Wang <hui.wang(a)canonical.com> --- sound/pci/hda/patch_realtek.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c index 63154b9..666713e 100644 --- a/sound/pci/hda/patch_realtek.c +++ b/sound/pci/hda/patch_realtek.c @@ -6556,7 +6556,6 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = { SND_PCI_QUIRK(0x17aa, 0x310c, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION), SND_PCI_QUIRK(0x17aa, 0x312a, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION), SND_PCI_QUIRK(0x17aa, 0x312f, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION), - SND_PCI_QUIRK(0x17aa, 0x3136, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION), SND_PCI_QUIRK(0x17aa, 0x313c, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION), SND_PCI_QUIRK(0x17aa, 0x3902, "Lenovo E50-80", ALC269_FIXUP_DMIC_THINKPAD_ACPI), SND_PCI_QUIRK(0x17aa, 0x3977, "IdeaPad S210", ALC283_FIXUP_INT_MIC), @@ -6822,6 +6821,11 @@ static const struct snd_hda_pin_quirk alc269_pin_fixup_tbl[] = { {0x1a, 0x02a11040}, {0x1b, 0x01014020}, {0x21, 0x0221101f}), + SND_HDA_PIN_QUIRK(0x10ec0235, 0x17aa, "Lenovo", ALC294_FIXUP_LENOVO_MIC_LOCATION, + {0x14, 0x90170110}, + {0x19, 0x02a11020}, + {0x1a, 0x02a11030}, + {0x21, 0x0221101f}), SND_HDA_PIN_QUIRK(0x10ec0236, 0x1028, "Dell", ALC255_FIXUP_DELL1_MIC_NO_PRESENCE, {0x12, 0x90a60140}, {0x14, 0x90170110}, -- 2.7.4

7 years, 5 months

2
1
0 0

Sitio web

by David Carreras

Estimados/as señores/as: Tras realizar un análisis previo de tu página web hemos descubierto errores en el código que influyen de manera significativa en la baja posición de tu página en buscadores, incluido Googl Les proponemos la optimización de su página web sin necesidad de contrato, de pagos mensuales, sin costes ocultos y sin penalizaciones por rescisión de contrato. Se trata de una de las mejores ofertas que existe actualmente en el mercado. La optimización de la página de su empresa consiste en hacer que resulte más fácil de encontrar para los buscadores, mejorando así su posición en el ranking de Google y otros buscadores. Les invitamos a visitar nuestra página web: http://www.webanalytics-google.com David Carreras. WebAnalytics

7 years, 5 months

1
0
0 0

[stable-4.14 0/6] md fixes for 4.14

by Jack Wang

Hi Greg, We hit a panic in 4.14.43 with md raid1. It's easy to reproduce with a test case, running Fio, and doing mdadm --grow bitmap=none /dev/mdx && mdadm --grow bitmap=internal /dev/mdx in a loop. With following patches applied, we can no longer reproduce the problem. Please consider to apply the patches to 4.14, they can be applied cleanly on 4.14.52. Cheers, Jack NeilBrown (6): md: always hold reconfig_mutex when calling mddev_suspend() md: don't call bitmap_create() while array is quiesced. md: move suspend_hi/lo handling into core md code md: use mddev_suspend/resume instead of ->quiesce() md: allow metadata update while suspending. md: remove special meaning of ->quiesce(.., 2) drivers/md/dm-raid.c | 10 ++++-- drivers/md/md-cluster.c | 6 ++-- drivers/md/md.c | 90 ++++++++++++++++++++++++++++++------------------ drivers/md/md.h | 15 +++++--- drivers/md/raid0.c | 2 +- drivers/md/raid1.c | 27 +++++---------- drivers/md/raid10.c | 10 ++---- drivers/md/raid5-cache.c | 30 ++++++++++------ drivers/md/raid5-log.h | 2 +- drivers/md/raid5.c | 40 ++++----------------- 10 files changed, 116 insertions(+), 116 deletions(-) -- 2.7.4

7 years, 5 months

3
8
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror