- Linux-stable-mirror - lists.linaro.org

[PATCH] gpio: regmap: Fix gpio_remap_register

by Wentao Guan

Because gpiochip_add_data successfully done, use err_remove_gpiochip instead of err_free_bitmap to free such as gdev,descs.. Fixes: 553b75d4bfe9 ("gpio: regmap: Allow to allocate regmap-irq device") CC: stable(a)vger.kernel.org Co-developed-by: WangYuli <wangyl5933(a)chinaunicom.cn> Signed-off-by: WangYuli <wangyl5933(a)chinaunicom.cn> Signed-off-by: Wentao Guan <guanwentao(a)uniontech.com> --- drivers/gpio/gpio-regmap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpio/gpio-regmap.c b/drivers/gpio/gpio-regmap.c index fd986afa7db5f..f0bcb2c2c6748 100644 --- a/drivers/gpio/gpio-regmap.c +++ b/drivers/gpio/gpio-regmap.c @@ -310,7 +310,7 @@ struct gpio_regmap *gpio_regmap_register(const struct gpio_regmap_config *config config->regmap_irq_line, config->regmap_irq_flags, 0, config->regmap_irq_chip, &gpio->irq_chip_data); if (ret) - goto err_free_bitmap; + goto err_remove_gpiochip; irq_domain = regmap_irq_get_domain(gpio->irq_chip_data); } else -- 2.20.1

1 week

3
3
0 0

please consider to backport "drm/i915/dp: Initialize the source OUI write timestamp always"

by H. Nikolaus Schaller

Adding this patch solves an observed 5 minutes wait delay issue with stable kernels (up to v6.12) on my AcePC T11 (with Atom Z8350 Cherry Trail). Commit is 5861258c4e6a("drm/i915/dp: Initialize the source OUI write timestamp always") resp. https://patchwork.freedesktop.org/patch/621660/ It apparently appeared upstream with v6.13-rc1 but got not backported. BR and thanks, Nikolaus

1 week

2
1
0 0

Linux 5.4.302

by Greg Kroah-Hartman

I'm announcing the release of the 5.4.302 kernel. This is the LAST 5.4.y release. It is now end-of-life and should not be used by anyone, anymore. As of this point in time, there are 1539 documented unfixed CVEs for this kernel branch, and that number will only increase over time as more CVEs get assigned for kernel bugs. All users of the 5.4 kernel series must upgrade to a newer branch as this point in time. The updated 5.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.4.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arc/include/asm/bitops.h | 2 arch/mips/boot/dts/lantiq/danube.dtsi | 6 arch/mips/lantiq/xway/sysctrl.c | 2 arch/mips/mti-malta/malta-init.c | 20 - arch/powerpc/kernel/eeh_driver.c | 2 arch/sparc/include/asm/elf_64.h | 1 arch/sparc/kernel/module.c | 1 arch/x86/entry/vsyscall/vsyscall_64.c | 17 + arch/x86/kernel/cpu/bugs.c | 5 arch/x86/kernel/cpu/resctrl/monitor.c | 10 drivers/acpi/acpi_video.c | 4 drivers/acpi/acpica/dsmethod.c | 10 drivers/acpi/property.c | 24 + drivers/acpi/video_detect.c | 8 drivers/ata/libata-scsi.c | 8 drivers/base/devcoredump.c | 138 ++++++---- drivers/base/regmap/regmap-slimbus.c | 6 drivers/bluetooth/btusb.c | 13 drivers/bluetooth/hci_bcsp.c | 3 drivers/char/misc.c | 8 drivers/clocksource/timer-vf-pit.c | 22 - drivers/cpufreq/longhaul.c | 3 drivers/dma/dw-edma/dw-edma-core.c | 22 + drivers/dma/mv_xor.c | 4 drivers/dma/sh/shdma-base.c | 25 + drivers/dma/sh/shdmac.c | 17 - drivers/edac/altera_edac.c | 22 + drivers/extcon/extcon-adc-jack.c | 2 drivers/firmware/arm_scmi/scmi_pm_domain.c | 13 drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 8 drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 9 drivers/gpu/drm/etnaviv/etnaviv_buffer.c | 2 drivers/gpu/drm/nouveau/nvkm/core/enum.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 5 drivers/hid/hid-ids.h | 7 drivers/hid/hid-quirks.c | 14 - drivers/hwmon/dell-smm-hwmon.c | 7 drivers/iio/adc/spear_adc.c | 9 drivers/input/keyboard/cros_ec_keyb.c | 6 drivers/input/misc/ati_remote2.c | 2 drivers/input/misc/cm109.c | 2 drivers/input/misc/powermate.c | 2 drivers/input/misc/yealink.c | 2 drivers/input/tablet/acecad.c | 2 drivers/input/tablet/pegasus_notetaker.c | 11 drivers/irqchip/irq-gic-v2m.c | 13 drivers/isdn/hardware/mISDN/hfcsusb.c | 18 - drivers/media/i2c/ir-kbd-i2c.c | 6 drivers/media/pci/ivtv/ivtv-alsa-pcm.c | 2 drivers/media/pci/ivtv/ivtv-driver.h | 3 drivers/media/pci/ivtv/ivtv-fileops.c | 18 - drivers/media/pci/ivtv/ivtv-irq.c | 4 drivers/media/rc/imon.c | 61 ++-- drivers/media/rc/redrat3.c | 2 drivers/media/tuners/xc4000.c | 8 drivers/media/tuners/xc5000.c | 12 drivers/memstick/core/memstick.c | 8 drivers/mfd/madera-core.c | 4 drivers/mfd/stmpe-i2c.c | 1 drivers/mfd/stmpe.c | 3 drivers/mmc/host/renesas_sdhi_core.c | 6 drivers/mmc/host/sdhci-msm.c | 15 + drivers/net/can/usb/gs_usb.c | 23 - drivers/net/dsa/b53/b53_common.c | 57 +++- drivers/net/dsa/b53/b53_regs.h | 4 drivers/net/ethernet/cadence/macb_main.c | 4 drivers/net/ethernet/emulex/benet/be_main.c | 7 drivers/net/ethernet/freescale/fec_main.c | 2 drivers/net/ethernet/intel/fm10k/fm10k_common.c | 5 drivers/net/ethernet/intel/fm10k/fm10k_common.h | 2 drivers/net/ethernet/intel/fm10k/fm10k_pf.c | 2 drivers/net/ethernet/intel/fm10k/fm10k_vf.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 15 - drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c | 6 drivers/net/ethernet/qlogic/qede/qede_main.c | 2 drivers/net/ethernet/renesas/ravb_main.c | 16 + drivers/net/ethernet/renesas/sh_eth.c | 4 drivers/net/ethernet/ti/netcp_core.c | 10 drivers/net/phy/dp83867.c | 6 drivers/net/phy/mdio_bus.c | 5 drivers/net/usb/asix_devices.c | 12 drivers/net/usb/qmi_wwan.c | 6 drivers/net/usb/usbnet.c | 2 drivers/net/wireless/ath/ath10k/wmi.c | 1 drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 3 drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c | 21 - drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.h | 3 drivers/pci/p2pdma.c | 2 drivers/pci/quirks.c | 1 drivers/phy/cadence/cdns-dphy.c | 4 drivers/regulator/fixed.c | 6 drivers/remoteproc/qcom_q6v5.c | 5 drivers/s390/net/ctcm_mpc.c | 1 drivers/scsi/lpfc/lpfc_debugfs.h | 3 drivers/scsi/lpfc/lpfc_scsi.c | 14 - drivers/scsi/pm8001/pm8001_ctl.c | 2 drivers/scsi/sg.c | 10 drivers/soc/imx/gpc.c | 2 drivers/soc/qcom/smem.c | 2 drivers/soc/ti/knav_dma.c | 14 - drivers/spi/spi-loopback-test.c | 12 drivers/spi/spi.c | 10 drivers/target/loopback/tcm_loop.c | 3 drivers/tee/tee_core.c | 2 drivers/tty/serial/8250/8250_dw.c | 128 ++++----- drivers/uio/uio_hv_generic.c | 21 + drivers/usb/gadget/function/f_fs.c | 8 drivers/usb/gadget/function/f_hid.c | 4 drivers/usb/gadget/function/f_ncm.c | 3 drivers/usb/host/xhci-plat.c | 1 drivers/usb/mon/mon_bin.c | 14 - drivers/video/backlight/lp855x_bl.c | 2 drivers/video/fbdev/aty/atyfb_base.c | 8 drivers/video/fbdev/core/bitblit.c | 33 ++ drivers/video/fbdev/pvr2fb.c | 2 drivers/video/fbdev/valkyriefb.c | 2 fs/9p/v9fs.c | 9 fs/btrfs/transaction.c | 2 fs/ceph/locks.c | 5 fs/hpfs/namei.c | 18 - fs/jfs/inode.c | 8 fs/jfs/jfs_txnmgr.c | 9 fs/nfs/nfs4client.c | 1 fs/nfs/nfs4proc.c | 6 fs/nfs/nfs4state.c | 3 fs/open.c | 10 fs/orangefs/xattr.c | 12 fs/proc/generic.c | 12 include/linux/ata.h | 1 include/linux/compiler_types.h | 5 include/linux/filter.h | 2 include/linux/mm.h | 2 include/linux/shdma-base.h | 2 include/linux/usb.h | 16 - include/net/cls_cgroup.h | 2 include/net/nfc/nci_core.h | 2 include/net/pkt_sched.h | 25 + kernel/events/uprobes.c | 7 kernel/gcov/gcc_4_7.c | 4 kernel/trace/trace_events_hist.c | 6 mm/page_alloc.c | 2 net/8021q/vlan.c | 2 net/bluetooth/6lowpan.c | 97 ++++--- net/bluetooth/l2cap_core.c | 1 net/bluetooth/sco.c | 7 net/bridge/br_forward.c | 3 net/core/netpoll.c | 7 net/core/page_pool.c | 6 net/core/sock.c | 15 - net/ipv4/nexthop.c | 6 net/ipv4/route.c | 5 net/ipv6/ah6.c | 50 ++- net/ipv6/raw.c | 2 net/ipv6/udp.c | 2 net/mac80211/rx.c | 10 net/openvswitch/actions.c | 68 ---- net/openvswitch/flow_netlink.c | 64 ---- net/openvswitch/flow_netlink.h | 2 net/rds/rds.h | 2 net/sched/act_ife.c | 12 net/sched/sch_api.c | 10 net/sched/sch_generic.c | 24 - net/sched/sch_hfsc.c | 16 - net/sched/sch_qfq.c | 2 net/sctp/associola.c | 10 net/sctp/chunk.c | 2 net/sctp/diag.c | 7 net/sctp/endpointola.c | 6 net/sctp/input.c | 5 net/sctp/output.c | 2 net/sctp/outqueue.c | 6 net/sctp/sm_make_chunk.c | 7 net/sctp/sm_sideeffect.c | 16 - net/sctp/sm_statefuns.c | 2 net/sctp/socket.c | 12 net/sctp/stream.c | 3 net/sctp/stream_interleave.c | 23 - net/sctp/transport.c | 15 - net/sctp/ulpqueue.c | 15 - net/strparser/strparser.c | 2 net/tipc/core.c | 4 net/tipc/core.h | 8 net/tipc/discover.c | 4 net/tipc/link.c | 5 net/tipc/link.h | 1 net/tipc/net.c | 17 - net/vmw_vsock/af_vsock.c | 40 ++ scripts/kconfig/mconf.c | 3 scripts/kconfig/nconf.c | 3 sound/soc/codecs/cs4271.c | 10 sound/soc/codecs/max98090.c | 6 sound/soc/qcom/qdsp6/q6asm.c | 2 sound/usb/mixer.c | 11 tools/power/cpupower/lib/cpuidle.c | 5 tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c | 26 + tools/testing/selftests/Makefile | 2 tools/testing/selftests/bpf/test_lirc_mode2_user.c | 2 tools/testing/selftests/net/fcnal-test.sh | 4 tools/testing/selftests/net/psock_tpacket.c | 4 200 files changed, 1294 insertions(+), 813 deletions(-) Abdun Nihaal (1): isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() Al Viro (2): allow finish_no_open(file, ERR_PTR(-E...)) nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing Albin Babu Varghese (1): fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds Aleksander Jan Bajkowski (3): mips: lantiq: danube: add missing properties to cpu node mips: lantiq: danube: add missing device_type in pci node mips: lantiq: xway: sysctrl: rename stp clock Aleksei Nikiforov (1): s390/ctcm: Fix double-kfree Alexander Stein (2): mfd: stmpe: Remove IRQ domain upon removal mfd: stmpe-i2c: Add missing MODULE_LICENSE Alexey Klimov (1): regmap: slimbus: fix bus_context pointer in regmap init calls Amber Lin (1): drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption Amirreza Zarrabi (1): tee: allow a driver to allocate a tee_device without a pool Andrey Vatoropin (1): be2net: pass wrb_params in case of OS2BMC Andy Shevchenko (2): serial: 8250_dw: Use devm_clk_get_optional() to get the input clock serial: 8250_dw: Use devm_add_action_or_reset() Anthony Iliopoulos (1): NFSv4.1: fix mount hang after CREATE_SESSION failure Armin Wolf (1): hwmon: (dell-smm) Add support for Dell OptiPlex 7040 Arnd Bergmann (1): mfd: madera: Work around false-positive -Wininitialized warning Artem Shimko (1): serial: 8250_dw: handle reset control deassert error Babu Moger (1): x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID Bart Van Assche (1): scsi: sg: Do not sleep in atomic context Benjamin Berg (1): wifi: mac80211: skip rate verification for not captured PSDUs Biju Das (1): mmc: host: renesas_sdhi: Fix the actual clock Brahmajit Das (1): net: intel: fm10k: Fix parameter idx set but not used Breno Leitao (1): net: netpoll: fix incorrect refcount handling causing incorrect cleanup Buday Csaba (1): net: mdio: fix resource leak in mdiobus_register_device() Celeste Liu (1): can: gs_usb: increase max interface to U8_MAX Charalampos Mitrodimas (1): net: ipv6: fix field-spanning memcpy warning in AH output Chelsy Ratnawat (1): media: fix uninitialized symbol warnings Chris Morgan (1): regulator: fixed: use dev_err_probe for register Christian Bruel (1): irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment Christoph Paasch (1): net: When removing nexthops, don't call synchronize_net if it is not necessary Chuang Wang (1): ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe Cryolitia PukNgae (1): ALSA: usb-audio: apply quirk for MOONDROP Quark2 Daniel Lezcano (1): clocksource/drivers/vf-pit: Replace raw_readl/writel to readl/writel Daniel Palmer (1): fbdev: atyfb: Check if pll_ops->init_pll failed David Ahern (2): selftests: Disable dad for ipv6 in fcnal-test.sh selftests: Replace sleep with slowwait David Kaplan (1): x86/bugs: Fix reporting of LFENCE retpoline Dennis Beier (1): cpufreq/longhaul: handle NULL policy in longhaul_exit Devendra K Verma (1): dmaengine: dw-edma: Set status for callback_result Dragos Tatulea (1): page_pool: Clamp pool size to max 16K pages Emanuele Ghidoli (1): net: phy: dp83867: Disable EEE support as not implemented Eric Dumazet (5): net: call cond_resched() less often in __release_sock() ipv6: np->rxpmtu race annotation sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto net_sched: remove need_resched() from qdisc_run() net_sched: limit try_bulk_dequeue_skb() batches Filipe Manana (1): btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() Florian Fuchs (1): fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS Forest Crossman (1): usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs Gal Pressman (2): net/mlx5e: Fix maxrate wraparound in threshold between units net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps Geoffrey McRae (1): drm/amdkfd: return -ENOTTY for unsupported IOCTLs Gokul Sivakumar (1): wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode Greg Kroah-Hartman (1): Linux 5.4.302 Haein Lee (1): ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd Hamza Mahfooz (1): scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() Hangbin Liu (1): net: vlan: sync VLAN features with lower device Hans de Goede (2): ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() spi: Try to get ACPI GPIO IRQ earlier Haotian Zhang (2): regulator: fixed: fix GPIO descriptor leak on register failure ASoC: cs4271: Fix regulator leak on probe failure Harikrishna Shenoy (1): phy: cadence: cdns-dphy: Enable lower resolutions in dphy Ian Forbes (1): drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE Ido Schimmel (1): bridge: Redirect to backup port when port is administratively down Ilya Maximets (1): net: openvswitch: remove never-working support for setting nsh fields Isaac J. Manjarres (1): mm/page_alloc: fix hash table order logging in alloc_large_system_hash() Ivan Pravdin (1): Bluetooth: bcsp: receive data only if registered Jakub Acs (1): mm/ksm: fix flag-dropping behavior in ksm_madvise Jakub Horký (2): kconfig/mconf: Initialize the default locale at startup kconfig/nconf: Initialize the default locale at startup Jens Reidel (1): soc: qcom: smem: Fix endian-unaware access of num_entries Jiayi Li (1): memstick: Add timeout to prevent indefinite waiting Jiri Olsa (1): uprobe: Do not emulate/sstep original instruction when ip is changed Jonas Gorski (3): net: dsa: b53: fix resetting speed and pause on forced link net: dsa: b53: fix enabling ip multicast net: dsa: b53: stop reading ARL entries if search is done Joshua Watt (1): NFS4: Fix state renewals missing after boot Junjie Cao (1): fbdev: bitblit: bound-check glyph index in bit_putcs* Juraj Šarinay (1): net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms Justin Tee (2): scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET scsi: lpfc: Define size of debugfs entry for xri rebalancing Kaushlendra Kumar (1): tools/cpupower: Fix incorrect size in cpuidle_state_disable() Kees Cook (1): arc: Fix __fls() const-foldability via __builtin_clzl() Kirill A. Shutemov (1): x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall Koakuma (1): sparc/module: Add R_SPARC_UA64 relocation handling Krishna Kurapati (1): usb: xhci: plat: Facilitate using autosuspend for xhci plat devices Krzysztof Kozlowski (2): extcon: adc-jack: Fix wakeup source leaks on device unbind extcon: adc-jack: Cleanup wakeup source only if it was enabled Kuniyuki Iwashima (2): net: Call trace_sock_exceed_buf_limit() for memcg failure with SK_MEM_RECV. tipc: Fix use-after-free in tipc_mon_reinit_self(). Lad Prabhakar (1): net: ravb: Enforce descriptor type ordering Laurent Pinchart (1): media: pci: ivtv: Don't create fake v4l2_fh Len Brown (2): tools/power x86_energy_perf_policy: Enhance HWP enable tools/power x86_energy_perf_policy: Prefer driver HWP limits Lizhi Xu (1): usbnet: Prevents free active kevent Loic Poulain (1): wifi: ath10k: Fix memory leak on unsupported WMI command Long Li (1): uio_hv_generic: Set event for all channels on the device Luiz Augusto von Dentz (1): Bluetooth: SCO: Fix UAF on sco_conn_free Maarten Lankhorst (1): devcoredump: Fix circular locking dependency with devcd->mutex. Maciej W. Rozycki (1): MIPS: Malta: Fix !EVA SOC-it PCI MMIO Marcos Del Sol Vives (1): PCI: Disable MSI on RDC PCI to PCIe bridges Mario Limonciello (AMD) (1): ACPI: video: force native for Lenovo 82K8 Miaoqian Lin (3): net: usb: asix_devices: Check return value of usbnet_get_endpoints fbdev: valkyriefb: Fix reference count leak in valkyriefb_init pmdomain: imx: Fix reference count leak in imx_gpc_remove Michal Luczaj (1): vsock: Ignore signal/timeout on connect() if already established Mike Marshall (1): orangefs: fix xattr related buffer overflow... Nai-Chen Cheng (1): selftests/Makefile: include $(INSTALL_DEP_TARGETS) in clean target to clean net/lib dependency Nate Karstens (1): strparser: Fix signed/unsigned mismatch bug Nathan Chancellor (1): net: qede: Initialize qede_ll_ops with designated initializer Niklas Cassel (1): ata: libata-scsi: Fix system suspend for a security locked drive Niklas Schnelle (1): powerpc/eeh: Use result of error_detected() in uevent Niklas Söderlund (1): net: sh_eth: Disable WoL if system can not suspend Niravkumar L Rabara (2): EDAC/altera: Handle OCRAM ECC enable after warm reset EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection Nishanth Menon (1): net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error Olga Kornievskaia (1): NFSv4: handle ERR_GRACE on delegation recalls Owen Gu (1): usb: gadget: f_fs: Fix epfile null pointer access after ep enable. Pauli Virtanen (4): Bluetooth: 6lowpan: reset link-local header on ipv6 recv path Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions Bluetooth: L2CAP: export l2cap_chan_hold for modules Peter Oberparleiter (1): gcov: add support for GCC 15 Peter Zijlstra (1): compiler_types: Move unused static inline functions warning to W=2 Qendrim Maxhuni (1): net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup Qianfeng Rong (2): scsi: pm8001: Use int instead of u32 to store error codes media: redrat3: use int type to store negative error codes Randall P. Embry (2): 9p: fix /sys/fs/9p/caches overwriting itself 9p: sysfs_init: don't hardcode error to ENOMEM Ranganath V N (1): net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak Raphael Pinsonneault-Thibeault (1): Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF René Rebe (1): ALSA: usb-audio: fix uac2 clock source at terminal parser Ricardo B. Marlière (1): selftests/bpf: Fix bpf_prog_detach2 usage in test_lirc_mode2 Rodrigo Gobbi (1): iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register Rosen Penev (1): dmaengine: mv_xor: match alloc_wc and free_wc Russell King (1): net: dsa/b53: change b53_force_port_config() pause argument Sakari Ailus (1): ACPI: property: Return present device nodes only on fwnode interface Saket Dumbre (1): ACPICA: Update dsmethod.c to get rid of unused variable warning Sarthak Garg (1): mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card Seungjin Bae (1): Input: pegasus-notetaker - fix potential out-of-bounds access Seyediman Seyedarab (1): drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() Sharique Mohammad (1): ASoC: max98090/91: fixed max98091 ALSA widget powering up/down Shaurya Rane (1): jfs: fix uninitialized waitqueue in transaction manager Srinivas Kandagatla (1): ASoC: qdsp6: q6asm: do not sleep while atomic Stefan Wiehler (2): sctp: Hold RCU read lock while iterating over address list sctp: Prevent TOCTOU out-of-bounds write Stephan Gerhold (1): remoteproc: qcom: q6v5: Avoid handling handover twice Sudeep Holla (1): pmdomain: arm: scmi: Fix genpd leak on provider registration failure Sungho Kim (1): PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call Svyatoslav Ryhel (1): video: backlight: lp855x_bl: Set correct EPROM start for LP8556 Tetsuo Handa (2): media: imon: make send_packet() more robust jfs: Verify inode mode when loading from disk Thomas Andreatta (1): dmaengine: sh: setup_xref error handling Thomas Weißschuh (2): spi: loopback-test: Don't use %pK through printk bpf: Don't use %pK through printk Théo Lebrun (1): net: macb: avoid dealing with endianness in macb_set_hwaddr() Tomeu Vizoso (1): drm/etnaviv: fix flush sequence logic Tristan Lobb (1): HID: quirks: avoid Cooler Master MM712 dongle wakeup bug Tzung-Bi Shih (1): Input: cros_ec_keyb - fix an invalid memory access Ujwal Kundur (1): rds: Fix endianness annotation for RDS_MPATH_HASH Viacheslav Dubeyko (1): ceph: add checking of wait_for_completion_killable() return value Vincent Mailhol (2): usb: deprecate the third argument of usb_maxpacket() Input: remove third argument of usb_maxpacket() Wake Liu (2): selftests/net: Replace non-standard __WORDSIZE with sizeof(long) * 8 selftests/net: Ensure assert() triggers in psock_tpacket.c Wei Fang (1): net: fec: correct rx_bytes statistic for the case SHIFT16 is set Wei Yang (1): fs/proc: fix uaf in proc_readdir_de() William Wu (1): usb: gadget: f_hid: Fix zero length packet transfer Xiang Mei (1): net/sched: sch_qfq: Fix null-deref in agg_dequeue Xin Long (2): sctp: get netns from asoc and ep base tipc: simplify the finalize work queue Yafang Shao (1): net/cls_cgroup: Fix task_get_classid() during qdisc run Yikang Yue (1): fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink Yuhao Jiang (1): ACPI: video: Fix use-after-free in acpi_video_switch_brightness() Zhang Heng (1): HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 Zijun Hu (1): char: misc: Does not request module for miscdevice with dynamic minor Zilin Guan (2): tracing: Fix memory leaks in create_field_var() mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() raub camaioni (1): usb: gadget: f_ncm: Fix MAC assignment NCM ethernet Álvaro Fernández Rojas (1): net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325

1 week

1
2
0 0

[PATCH v6.1 0/4] sched: The newidle balance regression

by Ajay Kaher

This series is to backport following patches for v6.1: link: https://lore.kernel.org/lkml/20251107160645.929564468@infradead.org/ Peter Zijlstra (4): sched/fair: Revert max_newidle_lb_cost bump sched/fair: Small cleanup to sched_balance_newidle() sched/fair: Small cleanup to update_newidle_cost() sched/fair: Proportional newidle balance include/linux/sched/topology.h | 3 ++ kernel/sched/core.c | 3 ++ kernel/sched/fair.c | 75 +++++++++++++++++++++++----------- kernel/sched/features.h | 5 +++ kernel/sched/sched.h | 7 ++++ kernel/sched/topology.c | 6 +++ 6 files changed, 75 insertions(+), 24 deletions(-) -- 2.40.4

1 week

1
4
0 0

[PATCH 6.1.y] HID: core: Harden s32ton() against conversion to 0 bits

by jetlan9＠163.com

From: Alan Stern <stern(a)rowland.harvard.edu> [ Upstream commit a6b87bfc2ab5bccb7ad953693c85d9062aef3fdd ] Testing by the syzbot fuzzer showed that the HID core gets a shift-out-of-bounds exception when it tries to convert a 32-bit quantity to a 0-bit quantity. Ideally this should never occur, but there are buggy devices and some might have a report field with size set to zero; we shouldn't reject the report or the device just because of that. Instead, harden the s32ton() routine so that it returns a reasonable result instead of crashing when it is called with the number of bits set to 0 -- the same as what snto32() does. Signed-off-by: Alan Stern <stern(a)rowland.harvard.edu> Reported-by: syzbot+b63d677d63bcac06cf90(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/linux-usb/68753a08.050a0220.33d347.0008.GAE@google.… Tested-by: syzbot+b63d677d63bcac06cf90(a)syzkaller.appspotmail.com Fixes: dde5845a529f ("[PATCH] Generic HID layer - code split") Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/613a66cd-4309-4bce-a4f7-2905f9bce0c9@rowland.harva… Signed-off-by: Benjamin Tissoires <bentiss(a)kernel.org> [ s32ton() was moved by c653ffc28340 ("HID: stop exporting hid_snto32()"). Minor context change fixed. ] Signed-off-by: Wenshan Lan <jetlan9(a)163.com> --- drivers/hid/hid-core.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c index ed65523d77c2..c8cca0c7ec67 100644 --- a/drivers/hid/hid-core.c +++ b/drivers/hid/hid-core.c @@ -1354,7 +1354,12 @@ EXPORT_SYMBOL_GPL(hid_snto32); static u32 s32ton(__s32 value, unsigned n) { - s32 a = value >> (n - 1); + s32 a; + if (!value || !n) + return 0; + + a = value >> (n - 1); + if (a && a != -1) return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1; return value & ((1 << n) - 1); -- 2.43.0

1 week

1
0
0 0

[PATCH 6.6.y] HID: core: Harden s32ton() against conversion to 0 bits

by jetlan9＠163.com

From: Alan Stern <stern(a)rowland.harvard.edu> [ Upstream commit a6b87bfc2ab5bccb7ad953693c85d9062aef3fdd ] Testing by the syzbot fuzzer showed that the HID core gets a shift-out-of-bounds exception when it tries to convert a 32-bit quantity to a 0-bit quantity. Ideally this should never occur, but there are buggy devices and some might have a report field with size set to zero; we shouldn't reject the report or the device just because of that. Instead, harden the s32ton() routine so that it returns a reasonable result instead of crashing when it is called with the number of bits set to 0 -- the same as what snto32() does. Signed-off-by: Alan Stern <stern(a)rowland.harvard.edu> Reported-by: syzbot+b63d677d63bcac06cf90(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/linux-usb/68753a08.050a0220.33d347.0008.GAE@google.… Tested-by: syzbot+b63d677d63bcac06cf90(a)syzkaller.appspotmail.com Fixes: dde5845a529f ("[PATCH] Generic HID layer - code split") Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/613a66cd-4309-4bce-a4f7-2905f9bce0c9@rowland.harva… Signed-off-by: Benjamin Tissoires <bentiss(a)kernel.org> [ s32ton() was moved by c653ffc28340 ("HID: stop exporting hid_snto32()"). Minor context change fixed. ] Signed-off-by: Wenshan Lan <jetlan9(a)163.com> --- drivers/hid/hid-core.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c index 266cd56dec50..d8fda282d049 100644 --- a/drivers/hid/hid-core.c +++ b/drivers/hid/hid-core.c @@ -1351,7 +1351,12 @@ EXPORT_SYMBOL_GPL(hid_snto32); static u32 s32ton(__s32 value, unsigned n) { - s32 a = value >> (n - 1); + s32 a; + + if (!value || !n) + return 0; + + a = value >> (n - 1); if (a && a != -1) return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1; return value & ((1 << n) - 1); -- 2.43.0

1 week

1
0
0 0

[PATCH v6.6 0/4] sched: The newidle balance regression

by Ajay Kaher

This series is to backport following patches for v6.6: link: https://lore.kernel.org/lkml/20251107160645.929564468@infradead.org/ Peter Zijlstra (3): sched/fair: Revert max_newidle_lb_cost bump sched/fair: Small cleanup to sched_balance_newidle() sched/fair: Small cleanup to update_newidle_cost() sched/fair: Proportional newidle balance include/linux/sched/topology.h | 3 ++ kernel/sched/core.c | 3 ++ kernel/sched/fair.c | 75 +++++++++++++++++++++++----------- kernel/sched/features.h | 5 +++ kernel/sched/sched.h | 7 ++++ kernel/sched/topology.c | 6 +++ 6 files changed, 75 insertions(+), 24 deletions(-) -- 2.40.4

1 week

1
4
0 0

Loan and Investment offer/ Account Reprofilling

by Gerald Johnson

1 week

1
0
0 0

[PATCH net] atm: mpoa: Fix UAF on qos_head list in procfs

by Minseong Kim

The global QoS list 'qos_head' in net/atm/mpc.c is accessed from the /proc/net/atm/mpc procfs interface without proper synchronization. The read-side seq_file show path (mpc_show() -> atm_mpoa_disp_qos()) walks qos_head without any lock, while the write-side path (proc_mpc_write() -> parse_qos() -> atm_mpoa_delete_qos()) can unlink and kfree() entries immediately. Concurrent read/write therefore leads to a use-after-free. This risk is already called out in-tree: /* this is buggered - we need locking for qos_head */ Fix this by adding a mutex to protect all qos_head list operations. A mutex is used (instead of a spinlock) because atm_mpoa_disp_qos() invokes seq_printf(), which may sleep. The fix: - Adds qos_mutex protecting qos_head - Introduces __atm_mpoa_search_qos() requiring the mutex - Serializes add/search/delete/show/cleanup on qos_head - Re-checks qos_head under lock in add path to avoid duplicates under concurrent additions - Uses a single-exit pattern in delete for clarity Note: atm_mpoa_search_qos() still returns an unprotected pointer; callers must ensure the entry is not freed while using it, or hold qos_mutex. Reported-by: Minseong Kim <ii4gsp(a)gmail.com> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Minseong Kim <ii4gsp(a)gmail.com> --- net/atm/mpc.c | 60 ++++++++++++++++++++++++++++++++++++------------------- 1 file changed, 40 insertions(+), 20 deletions(-) diff --git a/net/atm/mpc.c b/net/atm/mpc.c index 324e3ab96bb393..12da0269275c54 100644 --- a/net/atm/mpc.c +++ b/net/atm/mpc.c @@ -123,6 +123,7 @@ static struct llc_snap_hdr llc_snap_mpoa_data_tagged = { struct mpoa_client *mpcs = NULL; /* FIXME */ static struct atm_mpoa_qos *qos_head = NULL; +static DEFINE_MUTEX(qos_mutex); /* Protect qos_head list */ static DEFINE_TIMER(mpc_timer, mpc_cache_check); @@ -175,23 +176,45 @@ static struct mpoa_client *find_mpc_by_lec(struct net_device *dev) /* * Functions for managing QoS list */ +/* + * Search for a QoS entry. Caller must hold qos_mutex. + * Returns pointer to entry if found, NULL otherwise. + */ +static struct atm_mpoa_qos *__atm_mpoa_search_qos(__be32 dst_ip) +{ + struct atm_mpoa_qos *qos = qos_head; + + while (qos) { + if (qos->ipaddr == dst_ip) + return qos; + qos = qos->next; + } + return NULL; +} + +/* + * Search for a QoS entry. + * WARNING: The returned pointer is not protected. The caller must ensure + * that the entry is not freed while using it, or hold qos_mutex during use. + */ struct atm_mpoa_qos *atm_mpoa_search_qos(__be32 dst_ip) { struct atm_mpoa_qos *qos; - qos = qos_head; - while (qos) { - if (qos->ipaddr == dst_ip) - break; - qos = qos->next; - } + mutex_lock(&qos_mutex); + qos = __atm_mpoa_search_qos(dst_ip); + mutex_unlock(&qos_mutex); return qos; } /* * Overwrites the old entry or makes a new one. */ struct atm_mpoa_qos *atm_mpoa_add_qos(__be32 dst_ip, struct atm_qos *qos) { struct atm_mpoa_qos *entry; + struct atm_mpoa_qos *new; - entry = atm_mpoa_search_qos(dst_ip); - if (entry != NULL) { + /* Fast path: update existing entry */ + mutex_lock(&qos_mutex); + entry = __atm_mpoa_search_qos(dst_ip); + if (entry) { entry->qos = *qos; + mutex_unlock(&qos_mutex); return entry; } + mutex_unlock(&qos_mutex); - entry = kmalloc(sizeof(struct atm_mpoa_qos), GFP_KERNEL); - if (entry == NULL) { + /* Allocate outside lock */ + new = kmalloc(sizeof(*new), GFP_KERNEL); + if (!new) { pr_info("mpoa: out of memory\n"); - return entry; + return NULL; } - entry->ipaddr = dst_ip; - entry->qos = *qos; + new->ipaddr = dst_ip; + new->qos = *qos; + /* Re-check under lock to avoid duplicates */ mutex_lock(&qos_mutex); - entry->next = qos_head; - qos_head = entry; + entry = __atm_mpoa_search_qos(dst_ip); + if (entry) { + entry->qos = *qos; + mutex_unlock(&qos_mutex); + kfree(new); + return entry; + } + + new->next = qos_head; + qos_head = new; mutex_unlock(&qos_mutex); - return entry; + return new; } /* * Returns 0 for failure, 1 for success */ int atm_mpoa_delete_qos(struct atm_mpoa_qos *entry) { struct atm_mpoa_qos *curr; + int ret = 0; if (entry == NULL) return 0; + mutex_lock(&qos_mutex); + if (entry == qos_head) { qos_head = qos_head->next; - kfree(entry); - return 1; + ret = 1; + goto out_free; } curr = qos_head; while (curr != NULL) { if (curr->next == entry) { curr->next = entry->next; - kfree(entry); - return 1; + ret = 1; + goto out_free; } curr = curr->next; } - return 0; +out: + mutex_unlock(&qos_mutex); + return ret; + +out_free: + mutex_unlock(&qos_mutex); + kfree(entry); + return ret; } /* this is buggered - we need locking for qos_head */ void atm_mpoa_disp_qos(struct seq_file *m) { struct atm_mpoa_qos *qos; seq_printf(m, "QoS entries for shortcuts:\n"); seq_printf(m, "IP address\n TX:max_pcr pcr min_pcr max_cdv max_sdu\n RX:max_pcr pcr min_pcr max_cdv max_sdu\n"); + mutex_lock(&qos_mutex); qos = qos_head; while (qos != NULL) { seq_printf(m, "%pI4\n %-7d %-7d %-7d %-7d %-7d\n %-7d %-7d %-7d %-7d %-7d\n", @@ -250,6 +273,7 @@ void atm_mpoa_disp_qos(struct seq_file *m) qos->qos.rxtp.max_cdv, qos->qos.rxtp.max_sdu); qos = qos->next; } + mutex_unlock(&qos_mutex); } static struct net_device *find_lec_by_itfnum(int itf) @@ -1524,8 +1548,10 @@ static void __exit atm_mpoa_cleanup(void) mpc = tmp; } + mutex_lock(&qos_mutex); qos = qos_head; qos_head = NULL; + mutex_unlock(&qos_mutex); while (qos != NULL) { nextqos = qos->next; dprintk("freeing qos entry %p\n", qos); --

1 week

2
1
0 0

[PATCH 0/3] media: Fix CI warnings for 6.19

by Ricardo Ribalda

New kernel version, new warnings. This series only introduces a new patch: media: iris: Document difference in size during allocation The other two have been already sent to linux-media or linux-next ML, but they have not found their way into the tree. Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> --- Jacopo Mondi (1): media: uapi: c3-isp: Fix documentation warning Ricardo Ribalda (2): media: iris: Document difference in size during allocation media: iris: Fix fps calculation drivers/media/platform/qcom/iris/iris_hfi_gen2_command.c | 10 +++++++++- drivers/media/platform/qcom/iris/iris_venc.c | 5 ++--- include/uapi/linux/media/amlogic/c3-isp-config.h | 2 +- 3 files changed, 12 insertions(+), 5 deletions(-) --- base-commit: 47b7b5e32bb7264b51b89186043e1ada4090b558 change-id: 20251202-warnings-6-19-960d9b686cff Best regards, -- Ricardo Ribalda <ribalda(a)chromium.org>

1 week

2
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror