- 24 Nov, 2019 40 commits
-
-
zhong jiang authored
[ Upstream commit 3dac3583 ] It is not safe to dereference an object before a null test. It is not needed and just remove them. Ftrace can be used instead. Signed-off-by:
zhong jiang <zhongjiang@huawei.com> Acked-by:
Andrew Donnellan <andrew.donnellan@au1.ibm.com> Acked-by:
Frederic Barrat <fbarrat@linux.ibm.com> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by:
Sasha Levin <sashal@kernel.org>
-
Pablo Neira Ayuso authored
[ Upstream commit d701d811 ] Zero pad private area, otherwise we expose private kernel pointer to userspace. This patch also zeroes the tail area after the ->matchsize and ->targetsize that results from XT_ALIGN(). Fixes: 0ca743a5 ("netfilter: nf_tables: add compatibility layer for x_tables") Reported-by:
Florian Westphal <fw@strlen.de> Signed-off-by:
Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by:
-
Eric Dumazet authored
[ Upstream commit f98ebd47 ] While noop_qdisc.gso_skb and noop_qdisc.skb_bad_txq are not used in other places, it seems not correct to overwrite their fields in dev_init_scheduler_queue(). noop_qdisc is essentially a shared and read-only object, even if it is not marked as const because of some implementation detail. Signed-off-by:
Eric Dumazet <edumazet@google.com> Signed-off-by:
David S. Miller <davem@davemloft.net> Signed-off-by:
-
Petr Machata authored
[ Upstream commit 37280905 ] Immediately after mlxsw module is probed and lldpad started, added APP entries are briefly in "unknown" state before becoming "pending". That's the state that lldpad_app_wait_set() typically sees, and since there are no pending entries at that time, it bails out. However the entries have not been pushed to the kernel yet at that point, and thus the test case fails. Fix by waiting for both unknown and pending entries to disappear before proceeding. Fixes: d159261f ("selftests: mlxsw: Add test for trust-DSCP") Signed-off-by:
Petr Machata <petrm@mellanox.com> Signed-off-by:
Ido Schimmel <idosch@mellanox.com> Signed-off-by:
-
Kun Yi authored
[ Upstream commit f21c8e75 ] Change initial PWM target to 255 to prevent overheating, for example when BMC hangs in userspace or when userspace fan control application is not implemented yet. Signed-off-by:
Kun Yi <kunyi@google.com> Signed-off-by:
Guenter Roeck <linux@roeck-us.net> Signed-off-by:
-
Nicolin Chen authored
[ Upstream commit 791ebc9d ] The three INA3221_CONFIG_MODE macros are not correctly defined here. The MODE3-1 bits are located at BIT 2-0 according to the datasheet. So this patch just fixes them by shifting all of them with a correct offset. However, this isn't a crital bug fix as the driver does not use any of them at this point. Signed-off-by:
Nicolin Chen <nicoleotsuka@gmail.com> Signed-off-by:
-
Thierry Reding authored
[ Upstream commit 9f67f758 ] Probe deferrals aren't actual errors, so silence the error message in case the PWM cannot yet be acquired. Signed-off-by:
Thierry Reding <treding@nvidia.com> Signed-off-by:
-
Guenter Roeck authored
[ Upstream commit 3be8c9d1 ] For NCT6795D and NCT6796D, the DIMM temperature sources are named "Agent[01] Dimm [01]" per datasheet. Match names in datasheets to avoid confusion. Signed-off-by:
-
Guenter Roeck authored
[ Upstream commit 53dfa008 ] BIOS developer guides refer to Family 15h Models 60h-6fh and Family 15h Models 70h-7fh. So far the driver only checked for Models 60h and 70h. However, there are now processors with other model numbers in the same families. Example is A10-9620P family 15h model 65h. Follow the developer guides and mask the lower 4 bit of the model number to determine the registers to use for reading temperatures and temperature limits. Reported-by:
Guglielmo Fanini <g.fanini@gmail.com> Cc: Guglielmo Fanini <g.fanini@gmail.com> Acked-by:
Clemens Ladisch <clemens@ladisch.de> Signed-off-by:
-
Colin Ian King authored
[ Upstream commit ca2ade24 ] There are extraneous parantheses that are causing clang to produce a warning so remove these. Clean up 3 clang warnings: equality comparison with extraneous parentheses [-Wparentheses-equality] Signed-off-by:
Colin Ian King <colin.king@canonical.com> Acked-by:
Ching Huang <ching2048@areca.com.tw> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by:
-
Linus Walleij authored
[ Upstream commit a85c928f ] The previous fix made the TVC clock get muxed in on the D-Link DIR-685 instead of giving nagging warnings of this not working. Not good. We didn't want that, as it breaks video. Create a specific group for the TVC CLK, and break out a specific GPIO group for it on the SL3516 so we can use that line as GPIO if we don't need the TVC CLK. Fixes: d17f477c ("pinctrl: gemini: Mask and set properly") Signed-off-by:
Linus Walleij <linus.walleij@linaro.org> Signed-off-by:
-
Colin Ian King authored
[ Upstream commit 2978d873 ] Currently accessing various /sys/fs/orangefs files will spam the kernel log with the following info message when the client is not running: [ 491.489284] sysfs_service_op_show: Client not running :-5: Rate limit this info message to make it less spammy. Signed-off-by:
Mike Marshall <hubcap@omnibond.com> Signed-off-by:
-
Thomas Gleixner authored
[ Upstream commit c200dac7 ] PCI BIOS requires the BIOS area 0x0A0000-0x0FFFFFF to be mapped W+X for various legacy reasons. When CONFIG_DEBUG_WX is enabled, this triggers the WX warning, but this is misleading because the mapping is required and is not a result of an accidental oversight. Prevent the full warning when PCI BIOS is enabled and the detected WX mapping is in the BIOS area. Just emit a pr_warn() which denotes the fact. This is partially duplicating the info which the PCI BIOS code emits when it maps the area as executable, but that info is not in the context of the WX checking output. Remove the extra %p printout in the WARN_ONCE() while at it. %pS is enough. Reported-by:
Paul Menzel <pmenzel@molgen.mpg.de> Signed-off-by:
Thomas Gleixner <tglx@linutronix.de> Tested-by:
Borislav Petkov <bp@suse.de> Cc: Joerg Roedel <joro@8bytes.org> Cc: Kees Cook <keescook@chromium.org> Cc: Bjorn Helgaas <bhelgaas@google.com> Link: https://lkml.kernel.org/r/alpine.DEB.2.21.1810082151160.2455@nanos.tec.linutronix.deSigned-off-by:
-
Timothy E Baldwin authored
[ Upstream commit f18aef74 ] On at least x86 and ARM64, and as documented in the ptrace man page a skipped system call will still cause a syscall exit ptrace stop. Previous to this commit 32-bit ARM did not, resulting in strace being confused when seccomp skips system calls. This change also impacts programs that use ptrace to skip system calls. Fixes: ad75b514 ("ARM: 7579/1: arch/allow a scno of -1 to not cause a SIGILL") Signed-off-by:
Timothy E Baldwin <T.E.Baldwin99@members.leeds.ac.uk> Signed-off-by:
Eugene Syromyatnikov <evgsyr@gmail.com> Reviewed-by:
Kees Cook <keescook@chromium.org> Tested-by:
Russell King <rmk+kernel@armlinux.org.uk> Signed-off-by:
-
Trent Piepho authored
[ Upstream commit 605b3bec ] spidev will make a big fuss if a device tree node binds a device by using "spidev" as the node's compatible property. However, the logic for this isn't looking for "spidev" in the compatible, but rather checking that the device is NOT compatible with spidev's list of devices. This causes a false positive if a device not named "rohm,dh2228fv", etc. binds to spidev, even if a means other than putting "spidev" in the device tree was used. E.g., the sysfs driver_override attribute. Signed-off-by:
Trent Piepho <tpiepho@impinj.com> Reviewed-by:
Jan Kundrát <jan.kundrat@cesnet.cz> Tested-by:
Geert Uytterhoeven <geert+renesas@glider.be> Signed-off-by:
Mark Brown <broonie@kernel.org> Signed-off-by:
-
Linus Walleij authored
[ Upstream commit d17f477c ] The code was written under the assumption that the regmap_update_bits() would mask the bits in the mask and set the bits in the value. It missed the points that it will not set bits in the value unless these are also masked in the mask. Set value bits that are not in the mask will simply be ignored. Fixes: 06351d13 ("pinctrl: add a Gemini SoC pin controller") Signed-off-by:
-
Hieu Tran Dang authored
[ Upstream commit de8978c3 ] Certain devices don't work well when a transmit FIFO underrun or receive FIFO overrun occurs. Example is the SAF400x radio chip when running at high speed which leads to garbage being sent to/received from the chip. In which case, it should stall waiting for further data to be available before proceeding. This patch unset the NOSTALL bit in CFGR1 by default to prevent this issue. Signed-off-by:
Hieu Tran Dang <dangtranhieu2012@gmail.com> Signed-off-by:
-
Marek Vasut authored
[ Upstream commit 70728c29 ] The priv->data->set can be NULL while flags contains GPIO_SYSCON_FEAT_OUT and chip->set is valid pointer. This happens in case the controller uses the default GPIO setter. Always use chip->set to access the setter to avoid possible NULL pointer dereferencing. Signed-off-by:
Marek Vasut <marex@denx.de> Signed-off-by:
-
Jesper Dangaard Brouer authored
[ Upstream commit 29724956 ] XDP can modify (and resize) the Ethernet header in the packet. There is a bug in generic-XDP, because skb->protocol and skb->pkt_type are setup before reaching (netif_receive_)generic_xdp. This bug was hit when XDP were popping VLAN headers (changing eth->h_proto), as skb->protocol still contains VLAN-indication (ETH_P_8021Q) causing invocation of skb_vlan_untag(skb), which corrupt the packet (basically popping the VLAN again). This patch catch if XDP changed eth header in such a way, that SKB fields needs to be updated. V2: on request from Song Liu, use ETH_HLEN instead of mac_len, in __skb_push() as eth_type_trans() use ETH_HLEN in paired skb_pull_inline(). Fixes: d4455169 ("net: xdp: support xdp generic on virtual devices") Signed-off-by:
Jesper Dangaard Brouer <brouer@redhat.com> Signed-off-by:
Alexei Starovoitov <ast@kernel.org> Signed-off-by:
-
Wenwen Wang authored
[ Upstream commit 8af03d1a ] In btf_parse_hdr(), the length of the btf data header is firstly copied from the user space to 'hdr_len' and checked to see whether it is larger than 'btf_data_size'. If yes, an error code EINVAL is returned. Otherwise, the whole header is copied again from the user space to 'btf->hdr'. However, after the second copy, there is no check between 'btf->hdr->hdr_len' and 'hdr_len' to confirm that the two copies get the same value. Given that the btf data is in the user space, a malicious user can race to change the data between the two copies. By doing so, the user can provide malicious data to the kernel and cause undefined behavior. This patch adds a necessary check after the second copy, to make sure 'btf->hdr->hdr_len' has the same value as 'hdr_len'. Otherwise, an error code EINVAL will be returned. Signed-off-by:
Wenwen Wang <wang6495@umn.edu> Acked-by:
Song Liu <songliubraving@fb.com> Signed-off-by:
-
Bjorn Helgaas authored
[ Upstream commit 51fbf14f ] The only use of KEXEC_BACKUP_SRC_END is as an argument to walk_system_ram_res(): int crash_load_segments(struct kimage *image) { ... walk_system_ram_res(KEXEC_BACKUP_SRC_START, KEXEC_BACKUP_SRC_END, image, determine_backup_region); walk_system_ram_res() expects "start, end" arguments that are inclusive, i.e., the range to be walked includes both the start and end addresses. KEXEC_BACKUP_SRC_END was previously defined as (640 * 1024UL), which is the first address *past* the desired 0-640KB range. Define KEXEC_BACKUP_SRC_END as (640 * 1024UL - 1) so the KEXEC_BACKUP_SRC region is [0-0x9ffff], not [0-0xa0000]. Fixes: dd5f7260 ("kexec: support for kexec on panic using new system call") Signed-off-by:
Bjorn Helgaas <bhelgaas@google.com> Signed-off-by:
-
Zhoujie Wu authored
[ Upstream commit 8a57fc38 ] When do GC, the number of read/write sectors are determined by max_write_pgs(see gc_rq preparation in pblk_gc_line_prepare_ws). Due to max_write_pgs doesn't consider max hw sectors supported by nvme controller(128K), which leads to GC tries to read 64 * 4K in one command, and see below error caused by pblk_bio_map_addr in function pblk_submit_read_gc. [ 2923.005376] pblk: could not add page to bio [ 2923.005377] pblk: could not allocate GC bio (18446744073709551604) Signed-off-by:
Zhoujie Wu <zjwu@marvell.com> Reviewed-by:
Javier González <javier@cnexlabs.com> Signed-off-by:
Matias Bjørling <mb@lightnvm.io> Signed-off-by:
Jens Axboe <axboe@kernel.dk> Signed-off-by:
-
Wei Yongjun authored
[ Upstream commit a70985f8 ] In the too many bad blocks error handling case, we should release all the allocated resources, otherwise it will cause memory leak. Fixes: 2deeefc0 ("lightnvm: pblk: fail gracefully on line alloc. failure") Signed-off-by:
Wei Yongjun <weiyongjun1@huawei.com> Reviewed-by:
Hans Holmberg <hans.holmberg@cnexlabs.com> Signed-off-by:
-
Javier González authored
[ Upstream commit 6fd05cad ] 1.2 devices exposes their data and metadata size through the separate identify command. Make sure that the NVMe LBA format does not override these values. Signed-off-by:
-
Javier González authored
[ Upstream commit d672d92d ] OCSSD 2.0 defines the amount of data that the host must buffer per chunk to guarantee reads through the geometry field mw_cunits. This value is the base that pblk uses to determine the size of its read buffer. Currently, this size is set to be the closes power-of-2 to mw_cunits times the number of parallel units available to the pblk instance for each open line (currently one). When an entry (4KB) is put in the buffer, the L2P table points to it. As the buffer wraps up, the L2P is updated to point to addresses on the device, thus guaranteeing mw_cunits at a chunk level. However, given that pblk cannot write to the device under ws_min (normally ws_opt), there might be a window in which the buffer starts wrapping up and updating L2P entries before the mw_cunits value in a chunk has been surpassed. In order not to violate the mw_cunits constrain in this case, account for ws_opt on the read buffer creation. Signed-off-by:
-
Hans Holmberg authored
[ Upstream commit 765462fa ] When the user data counter exceeds 32 bits, the write amplification calculation does not provide the right value. Fix this by using div64_u64 in stead of div64. Fixes: 76758390 ("lightnvm: pblk: export write amplification counters to sysfs") Signed-off-by:
-
Javier González authored
[ Upstream commit 9cc85bc7 ] If a line is recovered from open chunks, the memory structures for emeta have not necessarily been properly set on line initialization. When closing a line, make sure that emeta is consistent so that the line can be recovered on the fast path on next reboot. Also, remove a couple of empty lines at the end of the function. Signed-off-by:
-
Matias Bjørling authored
[ Upstream commit 8bbd45d0 ] The calculation of pblk->min_write_pgs should only use the optimal write size attribute provided by the drive, it does not correlate to the memory page size of the system, which can be smaller or larger than the LBA size reported. Signed-off-by:
-
Matias Bjørling authored
[ Upstream commit 4b5d56ed ] rqd.error is masked by the return value of pblk_submit_io_sync. The rqd structure is then passed on to the end_io function, which assumes that any error should lead to a chunk being marked offline/bad. Since the pblk_submit_io_sync can fail before the command is issued to the device, the error value maybe not correspond to a media failure, leading to chunks being immaturely retired. Also, the pblk_blk_erase_sync function prints an error message in case the erase fails. Since the caller prints an error message by itself, remove the error message in this function. Signed-off-by:
-
Connor McAdams authored
[ Upstream commit 7a2dc84f ] This patch removes the echo cancellation control for desktop cards, and makes use of the special 0x47 SCP command for noise reduction. Signed-off-by:
Connor McAdams <conmanx360@gmail.com> Reviewed-by:
Takashi Sakamoto <o-takashi@sakamocchi.jp> Signed-off-by:
Takashi Iwai <tiwai@suse.de> Signed-off-by:
-
Vikash Garodia authored
[ Upstream commit ce32c0a5 ] Existing code returns the max of the decoded size and buffer size. It turns out that buffer size is always greater due to hardware alignment requirement. As a result, payload size given to client is incorrect. This change ensures that the bytesused is assigned to actual payload size, when available. Signed-off-by:
Vikash Garodia <vgarodia@codeaurora.org> Acked-by:
Stanimir Varbanov <stanimir.varbanov@linaro.org> Signed-off-by:
Hans Verkuil <hverkuil@xs4all.nl> Signed-off-by:
Mauro Carvalho Chehab <mchehab+samsung@kernel.org> Signed-off-by:
-
Colin Ian King authored
[ Upstream commit 32ae5920 ] Shifting the u8 value[3] by an int can lead to sign-extension overflow. For example, if value[3] is 0xff and the shift is 24 then it is promoted to int and then the top bit is sign-extended so that all upper 32 bits are set. Fix this by casting value[3] to a u32 before the shift. Detected by CoverityScan, CID#1016522 ("Unintended sign extension") Fixes: e0d3bafd ("V4L/DVB (10954): Add cx231xx USB driver") Signed-off-by:
-
Tim Smith authored
[ Upstream commit 1eb8d738 ] Flushing the workqueue can cause operations to happen which might call gfs2_log_reserve(), or get stuck waiting for locks taken by such operations. gfs2_log_reserve() can io_schedule(). If this happens, it will never wake because the only thing which can wake it is gfs2_logd() which was already stopped. This causes umount of a gfs2 filesystem to wedge permanently if, for example, the umount immediately follows a large delete operation. When this occured, the following stack trace was obtained from the umount command [<ffffffff81087968>] flush_workqueue+0x1c8/0x520 [<ffffffffa0666e29>] gfs2_make_fs_ro+0x69/0x160 [gfs2] [<ffffffffa0667279>] gfs2_put_super+0xa9/0x1c0 [gfs2] [<ffffffff811b7edf>] generic_shutdown_super+0x6f/0x100 [<ffffffff811b7ff7>] kill_block_super+0x27/0x70 [<ffffffffa0656a71>] gfs2_kill_sb+0x71/0x80 [gfs2] [<ffffffff811b792b>] deactivate_locked_super+0x3b/0x70 [<ffffffff811b79b9>] deactivate_super+0x59/0x60 [<ffffffff811d2998>] cleanup_mnt+0x58/0x80 [<ffffffff811d2a12>] __cleanup_mnt+0x12/0x20 [<ffffffff8108c87d>] task_work_run+0x7d/0xa0 [<ffffffff8106d7d9>] exit_to_usermode_loop+0x73/0x98 [<ffffffff81003961>] syscall_return_slowpath+0x41/0x50 [<ffffffff815a594c>] int_ret_from_sys_call+0x25/0x8f [<ffffffffffffffff>] 0xffffffffffffffff Signed-off-by:
Tim Smith <tim.smith@citrix.com> Signed-off-by:
Mark Syms <mark.syms@citrix.com> Signed-off-by:
Bob Peterson <rpeterso@redhat.com> Signed-off-by:
-
Wenwen Wang authored
[ Upstream commit a26ac6c1 ] In isif_probe(), there is a while loop to get the ISIF base address and linearization table0 and table1 address. In the loop body, the function platform_get_resource() is called to get the resource. If platform_get_resource() returns NULL, the loop is terminated and the execution goes to 'fail_nobase_res'. Suppose the loop is terminated at the first iteration because platform_get_resource() returns NULL and the execution goes to 'fail_nobase_res'. Given that there is another while loop at 'fail_nobase_res' and i equals to 0, one iteration of the second while loop will be executed. However, the second while loop does not check the return value of platform_get_resource(). This can cause a NULL pointer dereference bug if the return value is a NULL pointer. This patch avoids the above issue by adding a check in the second while loop after the call to platform_get_resource(). Signed-off-by:
-
He Zhe authored
[ Upstream commit e6fe3e5b ] The current printk() is ready to handle log buffer size up to 2G. Give an explicit error for users who want to use larger log buffer. Also fix printk formatting to show the 2G as a positive number. Link: http://lkml.kernel.org/r/20181008135916.gg4kkmoki5bgtco5@pathway.suse.cz Cc: rostedt@goodmis.org Cc: linux-kernel@vger.kernel.org Suggested-by:
Sergey Senozhatsky <sergey.senozhatsky@gmail.com> Signed-off-by:
He Zhe <zhe.he@windriver.com> Reviewed-by:
Petr Mladek <pmladek@suse.com> Signed-off-by:
-
Vignesh R authored
[ Upstream commit c974ac77 ] If a child device like touchscreen is wakeup capable, then keep ADC interface on, so that a touching resistive screen will generate wakeup event to the system. Signed-off-by:
Vignesh R <vigneshr@ti.com> Signed-off-by:
Lee Jones <lee.jones@linaro.org> Signed-off-by:
-
Nathan Chancellor authored
[ Upstream commit 7cea645a ] Clang warns that the address of a pointer will always evaluated as true in a boolean context. drivers/video/backlight/lm3639_bl.c:403:14: warning: address of 'pchip->cdev_torch' will always evaluate to 'true' [-Wpointer-bool-conversion] if (&pchip->cdev_torch) ~~ ~~~~~~~^~~~~~~~~~ drivers/video/backlight/lm3639_bl.c:405:14: warning: address of 'pchip->cdev_flash' will always evaluate to 'true' [-Wpointer-bool-conversion] if (&pchip->cdev_flash) ~~ ~~~~~~~^~~~~~~~~~ 2 warnings generated. These statements have been present since 2012, introduced by commit 0f59858d ("backlight: add new lm3639 backlight driver"). Given that they have been called unconditionally since then presumably without any issues, removing the always true if statements to fix the warnings without any real world changes. Link: https://github.com/ClangBuiltLinux/linux/issues/119Signed-off-by:
Nathan Chancellor <natechancellor@gmail.com> Reviewed-by:
Daniel Thompson <daniel.thompson@linaro.org> Signed-off-by:
-
Borislav Petkov authored
[ Upstream commit cf089611 ] Lianbo reported a build error with a particular 32-bit config, see Link below for details. Provide a weak copy_oldmem_page_encrypted() function which architectures can override, in the same manner other functionality in that file is supplied. Reported-by:
Lianbo Jiang <lijiang@redhat.com> Signed-off-by:
-
Vasily Gorbik authored
[ Upstream commit b6cbe3e8 ] Kasan instrumentation adds "store" check for variables marked as modified by inline assembly. With user pointers containing addresses from another address space this produces false positives. static inline unsigned long clear_user_xc(void __user *to, ...) { asm volatile( ... : "+a" (to) ... User space access functions are wrapped by manually instrumented functions in kasan common code, which should be sufficient to catch errors. So, we just disable uaccess.o instrumentation altogether. Reviewed-by:
Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by:
Vasily Gorbik <gor@linux.ibm.com> Signed-off-by:
-
Vasily Gorbik authored
[ Upstream commit 0a9b4091 ] Instrumented C code cannot run without the kasan shadow area. Exempt source code files from kasan which are running before / used during kasan initialization. Reviewed-by:
-
