| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
[ Upstream commit 79112cc3c29f4a8c73a21428fbcbcb0afb005e3e ]
Follow suit of ohci-platform.c and perform pm_runtime_set_active() on
resume.
ohci-platform.c had a warning reported due to the missing
pm_runtime_set_active() [1].
[1] https://lore.kernel.org/lkml/20200323143857.db5zphxhq4hz3hmd@e107158-lin.cambridge.arm.com/
Signed-off-by: Qais Yousef <qais.yousef@arm.com>
CC: Tony Prisk <linux@prisktech.co.nz>
CC: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
CC: Mathias Nyman <mathias.nyman@intel.com>
CC: Oliver Neukum <oneukum@suse.de>
CC: linux-arm-kernel@lists.infradead.org
CC: linux-usb@vger.kernel.org
CC: linux-kernel@vger.kernel.org
Link: https://lore.kernel.org/r/20200518154931.6144-2-qais.yousef@arm.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
[ Upstream commit 44734a594196bf1d474212f38fe3a0d37a73278b ]
m66592_free_request() is called under label "err_add_udc"
and "clean_up", and m66592->ep0_req is not set to NULL after
first free, leading to a double-free. Fix this issue by
setting m66592->ep0_req to NULL after the first free.
Fixes: 0f91349b89f3 ("usb: gadget: convert all users to the new udc infrastructure")
Signed-off-by: Qiushi Wu <wu000273@umn.edu>
Signed-off-by: Felipe Balbi <balbi@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
[ Upstream commit eafa80041645cd7604c4357b1a0cd4a3c81f2227 ]
Currently pointer ep is being dereferenced before it is null checked
leading to a null pointer dereference issue. Fix this by only assigning
pointer udc once ep is known to be not null. Also remove a debug
message that requires a valid udc which may not be possible at that
point.
Addresses-Coverity: ("Dereference before null check")
Fixes: 24a28e428351 ("USB: gadget driver for LPC32xx")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Felipe Balbi <balbi@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
[ Upstream commit 7a0fbcf7c308920bc6116b3a5fb21c8cc5fec128 ]
Clang warns:
drivers/usb/gadget/udc/s3c2410_udc.c:255:11: warning: comparison of
address of 'ep->queue' equal to a null pointer is always false
[-Wtautological-pointer-compare]
if (&ep->queue == NULL)
~~~~^~~~~ ~~~~
1 warning generated.
It is not wrong, queue is not a pointer so if ep is not NULL, the
address of queue cannot be NULL. No other driver does a check like this
and this check has been around since the driver was first introduced,
presumably with no issues so it does not seem like this check should be
something else. Just remove it.
Commit afe956c577b2d ("kbuild: Enable -Wtautological-compare") exposed
this but it is not the root cause of the warning.
Fixes: 3fc154b6b8134 ("USB Gadget driver for Samsung s3c2410 ARM SoC")
Link: https://github.com/ClangBuiltLinux/linux/issues/1004
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Felipe Balbi <balbi@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
[ Upstream commit 8c935deacebb8fac8f41378701eb79d12f3c2e2d ]
When the remote wakeup interrupt is triggered, lx_state is resumed from L2
to L0 state. But when the gadget resume is called, lx_state is still L2.
This prevents the resume callback to queue any request. Any attempt
to queue a request from resume callback will result in:
- "submit request only in active state" debug message to be issued
- dwc2_hsotg_ep_queue() returns -EAGAIN
Call the gadget resume routine after the core is in L0 state.
Fixes: f81f46e1f530 ("usb: dwc2: implement hibernation during bus suspend/resume")
Acked-by: Minas Harutyunyan <hminas@synopsys.com>
Signed-off-by: Fabrice Gasnier <fabrice.gasnier@st.com>
Signed-off-by: Felipe Balbi <balbi@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
[ Upstream commit d49292025f79693d3348f8e2029a8b4703be0f0a ]
The function ehci_mxc_drv_probe() does not perform sufficient error
checking after executing platform_get_irq(), thus fix it.
Fixes: 7e8d5cd93fac ("USB: Add EHCI support for MX27 and MX31 based boards")
Signed-off-by: Zhang Shengju <zhangshengju@cmss.chinamobile.com>
Signed-off-by: Tang Bin <tangbin@cmss.chinamobile.com>
Reviewed-by: Peter Chen <peter.chen@nxp.com>
Link: https://lore.kernel.org/r/20200513132647.5456-1-tangbin@cmss.chinamobile.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
[ Upstream commit 1cb3b0095c3d0bb96912bfbbce4fc006d41f367c ]
The following warning was observed when attempting to suspend to disk
using a USB flash as a swap device.
[ 111.779649] ------------[ cut here ]------------
[ 111.788382] URB (____ptrval____) submitted while active
[ 111.796646] WARNING: CPU: 3 PID: 365 at drivers/usb/core/urb.c:363 usb_submit_urb+0x3d8/0x590
[ 111.805417] Modules linked in:
[ 111.808584] CPU: 3 PID: 365 Comm: kworker/3:2 Not tainted 5.6.0-rc6-00002-gdfd1731f9a3e-dirty #545
[ 111.817796] Hardware name: ARM Juno development board (r2) (DT)
[ 111.823896] Workqueue: usb_hub_wq hub_event
[ 111.828217] pstate: 60000005 (nZCv daif -PAN -UAO)
[ 111.833156] pc : usb_submit_urb+0x3d8/0x590
[ 111.837471] lr : usb_submit_urb+0x3d8/0x590
[ 111.841783] sp : ffff800018de38b0
[ 111.845205] x29: ffff800018de38b0 x28: 0000000000000003
[ 111.850682] x27: ffff000970530b20 x26: ffff8000133fd000
[ 111.856159] x25: ffff8000133fd000 x24: ffff800018de3b38
[ 111.861635] x23: 0000000000000004 x22: 0000000000000c00
[ 111.867112] x21: 0000000000000000 x20: 00000000fffffff0
[ 111.872589] x19: ffff0009704e7a00 x18: ffffffffffffffff
[ 111.878065] x17: 00000000a7c8f4bc x16: 000000002af33de8
[ 111.883542] x15: ffff8000133fda88 x14: 0720072007200720
[ 111.889019] x13: 0720072007200720 x12: 0720072007200720
[ 111.894496] x11: 0000000000000000 x10: 00000000a5286134
[ 111.899973] x9 : 0000000000000002 x8 : ffff000970c837a0
[ 111.905449] x7 : 0000000000000000 x6 : ffff800018de3570
[ 111.910926] x5 : 0000000000000001 x4 : 0000000000000003
[ 111.916401] x3 : 0000000000000000 x2 : ffff800013427118
[ 111.921879] x1 : 9d4e965b4b7d7c00 x0 : 0000000000000000
[ 111.927356] Call trace:
[ 111.929892] usb_submit_urb+0x3d8/0x590
[ 111.933852] hub_activate+0x108/0x7f0
[ 111.937633] hub_resume+0xac/0x148
[ 111.941149] usb_resume_interface.isra.10+0x60/0x138
[ 111.946265] usb_resume_both+0xe4/0x140
[ 111.950225] usb_runtime_resume+0x24/0x30
[ 111.954365] __rpm_callback+0xdc/0x138
[ 111.958236] rpm_callback+0x34/0x98
[ 111.961841] rpm_resume+0x4a8/0x720
[ 111.965445] rpm_resume+0x50c/0x720
[ 111.969049] __pm_runtime_resume+0x4c/0xb8
[ 111.973276] usb_autopm_get_interface+0x28/0x60
[ 111.977948] hub_event+0x80/0x16d8
[ 111.981466] process_one_work+0x2a4/0x748
[ 111.985604] worker_thread+0x48/0x498
[ 111.989387] kthread+0x13c/0x140
[ 111.992725] ret_from_fork+0x10/0x18
[ 111.996415] irq event stamp: 354
[ 111.999756] hardirqs last enabled at (353): [<ffff80001019ea1c>] console_unlock+0x504/0x5b8
[ 112.008441] hardirqs last disabled at (354): [<ffff8000100a95d0>] do_debug_exception+0x1a8/0x258
[ 112.017479] softirqs last enabled at (350): [<ffff8000100818a4>] __do_softirq+0x4bc/0x568
[ 112.025984] softirqs last disabled at (343): [<ffff8000101145a4>] irq_exit+0x144/0x150
[ 112.034129] ---[ end trace dc96030b9cf6c8a3 ]---
The problem was tracked down to a missing call to
pm_runtime_set_active() on resume in ohci-platform.
Link: https://lore.kernel.org/lkml/20200323143857.db5zphxhq4hz3hmd@e107158-lin.cambridge.arm.com/
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Qais Yousef <qais.yousef@arm.com>
CC: Tony Prisk <linux@prisktech.co.nz>
CC: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
CC: Mathias Nyman <mathias.nyman@intel.com>
CC: Oliver Neukum <oneukum@suse.de>
CC: linux-arm-kernel@lists.infradead.org
CC: linux-usb@vger.kernel.org
CC: linux-kernel@vger.kernel.org
Link: https://lore.kernel.org/r/20200518154931.6144-1-qais.yousef@arm.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
[ Upstream commit 296a193b06120aa6ae7cf5c0d7b5e5b55968026e ]
syzkaller reported an URB that should have been killed to be active.
We do not understand it, but this should fix the issue if it is real.
Signed-off-by: Oliver Neukum <oneukum@suse.com>
Reported-by: syzbot+be5b5f86a162a6c281e6@syzkaller.appspotmail.com
Link: https://lore.kernel.org/r/20200507085806.5793-1-oneukum@suse.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | |\| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Changes in 4.4.227
scsi: scsi_devinfo: fixup string compare
usb: gadget: f_uac2: fix error handling in afunc_bind (again)
platform/x86: acer-wmi: setup accelerometer when ACPI device was found
esp6: fix memleak on error path in esp6_input
IB/mlx4: Fix an error handling path in 'mlx4_ib_rereg_user_mr()'
ALSA: hda - No loopback on ALC299 codec
spi: dw: use "smp_mb()" to avoid sending spi data error
s390/ftrace: save traced function caller
ARC: Fix ICCM & DCCM runtime size checks
x86/mmiotrace: Use cpumask_available() for cpumask_var_t variables
net: bmac: Fix read of MAC address from ROM
net/ethernet/freescale: rework quiesce/activate for ucc_geth
net: ethernet: stmmac: Enable interface clocks on probe for IPQ806x
pppoe: only process PADT targeted at local interfaces
mmc: fix compilation of user API
slcan: Fix double-free on slcan_open() error path
slip: not call free_netdev before rtnl_unlock in slip_open
scsi: ufs: Release clock if DMA map fails
devinet: fix memleak in inetdev_init()
NFC: st21nfca: add missed kfree_skb() in an error path
vsock: fix timeout in vsock_accept()
l2tp: add sk_family checks to l2tp_validate_socket
l2tp: do not use inet_hash()/inet_unhash()
USB: serial: qcserial: add DW5816e QDL support
USB: serial: usb_wwan: do not resubmit rx urb on fatal errors
USB: serial: option: add Telit LE910C1-EUX compositions
vt: keyboard: avoid signed integer overflow in k_ascii
staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK
x86/cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping
x86/cpu: Add a steppings field to struct x86_cpu_id
x86/cpu: Add 'table' argument to cpu_matches()
x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation
x86/speculation: Add SRBDS vulnerability and mitigation documentation
x86/speculation: Add Ivy Bridge to affected list
iio: vcnl4000: Fix i2c swapped word reading.
uprobes: ensure that uprobe->offset and ->ref_ctr_offset are properly aligned
Linux 4.4.227
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ib2e396e7c9444adb4cad958e3423afe3c4d5963d
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit 399ad9477c523f721f8e51d4f824bdf7267f120c upstream.
Add Telit LE910C1-EUX compositions:
0x1031: tty, tty, tty, rmnet
0x1033: tty, tty, tty, ecm
Signed-off-by: Daniele Palmas <dnlplm@gmail.com>
Link: https://lore.kernel.org/r/20200525211106.27338-1-dnlplm@gmail.com
Cc: stable@vger.kernel.org
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit 986c1748c84d7727defeaeca74a73b37f7d5cce1 upstream.
usb_wwan_indat_callback() shouldn't resubmit rx urb if the previous urb
status is a fatal error. Or the usb controller would keep processing the
new urbs then run into interrupt storm, and has no chance to recover.
Fixes: 6c1ee66a0b2b ("USB-Serial: Fix error handling of usb_wwan")
Cc: stable@vger.kernel.org
Signed-off-by: Bin Liu <b-liu@ti.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit 3429444abdd9dbd5faebd9bee552ec6162b17ad6 upstream.
Add support for Dell Wireless 5816e Download Mode (AKA boot & hold mode /
QDL download mode) to drivers/usb/serial/qcserial.c
This is required to update device firmware.
Signed-off-by: Matt Jolly <Kangie@footclan.ninja>
Cc: stable@vger.kernel.org
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit e87581fe0509020f77ebf0b7c4c1c338c6a4bcf6 upstream.
If usb_ep_autoconfig() fails (i.e. returns a null endpoint descriptor),
we expect afunc_bind() to fail (i.e. return a negative error code).
However, due to v4.10-rc1 commit f1d3861d63a5 ("usb: gadget: f_uac2: fix
error handling at afunc_bind"), afunc_bind() returns zero, telling the
caller that it succeeded. This then generates NULL pointer dereference
in below scenario on Rcar H3-ES20-Salvator-X target:
rcar-gen3:/home/root# modprobe g_audio
[ 626.521155] g_audio gadget: afunc_bind:565 Error!
[ 626.526319] g_audio gadget: Linux USB Audio Gadget, version: Feb 2, 2012
[ 626.533405] g_audio gadget: g_audio ready
rcar-gen3:/home/root#
rcar-gen3:/home/root# modprobe -r g_audio
[ 728.256707] ==================================================================
[ 728.264293] BUG: KASAN: null-ptr-deref in u_audio_stop_capture+0x70/0x268 [u_audio]
[ 728.272244] Read of size 8 at addr 00000000000000a0 by task modprobe/2545
[ 728.279309]
[ 728.280849] CPU: 0 PID: 2545 Comm: modprobe Tainted: G WC 4.14.47+ #152
[ 728.288778] Hardware name: Renesas Salvator-X board based on r8a7795 ES2.0+ (DT)
[ 728.296454] Call trace:
[ 728.299151] [<ffff2000080925ac>] dump_backtrace+0x0/0x364
[ 728.304808] [<ffff200008092924>] show_stack+0x14/0x1c
[ 728.310081] [<ffff200008f8d5cc>] dump_stack+0x108/0x174
[ 728.315522] [<ffff2000083c77c8>] kasan_report+0x1fc/0x354
[ 728.321134] [<ffff2000083c611c>] __asan_load8+0x24/0x94
[ 728.326600] [<ffff2000021e1618>] u_audio_stop_capture+0x70/0x268 [u_audio]
[ 728.333735] [<ffff2000021f8b7c>] afunc_disable+0x44/0x60 [usb_f_uac2]
[ 728.340503] [<ffff20000218177c>] usb_remove_function+0x9c/0x210 [libcomposite]
[ 728.348060] [<ffff200002183320>] remove_config.isra.2+0x1d8/0x218 [libcomposite]
[ 728.355788] [<ffff200002186c54>] __composite_unbind+0x104/0x1f8 [libcomposite]
[ 728.363339] [<ffff200002186d58>] composite_unbind+0x10/0x18 [libcomposite]
[ 728.370536] [<ffff20000152f158>] usb_gadget_remove_driver+0xc0/0x170 [udc_core]
[ 728.378172] [<ffff20000153154c>] usb_gadget_unregister_driver+0x1cc/0x258 [udc_core]
[ 728.386274] [<ffff200002180de8>] usb_composite_unregister+0x10/0x18 [libcomposite]
[ 728.394116] [<ffff2000021d035c>] audio_driver_exit+0x14/0x28 [g_audio]
[ 728.400878] [<ffff200008213ed4>] SyS_delete_module+0x288/0x32c
[ 728.406935] Exception stack(0xffff8006cf6c7ec0 to 0xffff8006cf6c8000)
[ 728.413624] 7ec0: 0000000006136428 0000000000000800 0000000000000000 0000ffffd706efe8
[ 728.421718] 7ee0: 0000ffffd706efe9 000000000000000a 1999999999999999 0000000000000000
[ 728.429792] 7f00: 000000000000006a 000000000042c078 0000000000000000 0000000000000005
[ 728.437870] 7f20: 0000000000000000 0000000000000000 0000000000000004 0000000000000000
[ 728.445952] 7f40: 000000000042bfc8 0000ffffbc7c8f40 0000000000000000 00000000061363c0
[ 728.454035] 7f60: 0000000006136428 0000000000000000 0000000000000000 0000000006136428
[ 728.462114] 7f80: 000000000042c000 0000ffffd7071448 000000000042c000 0000000000000000
[ 728.470190] 7fa0: 00000000061350c0 0000ffffd7070010 000000000041129c 0000ffffd7070010
[ 728.478281] 7fc0: 0000ffffbc7c8f48 0000000060000000 0000000006136428 000000000000006a
[ 728.486351] 7fe0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[ 728.494434] [<ffff200008084780>] el0_svc_naked+0x34/0x38
[ 728.499957] ==================================================================
[ 728.507801] Unable to handle kernel NULL pointer dereference at virtual address 000000a0
[ 728.517742] Mem abort info:
[ 728.520993] Exception class = DABT (current EL), IL = 32 bits
[ 728.527375] SET = 0, FnV = 0
[ 728.530731] EA = 0, S1PTW = 0
[ 728.534361] Data abort info:
[ 728.537650] ISV = 0, ISS = 0x00000006
[ 728.541863] CM = 0, WnR = 0
[ 728.545167] user pgtable: 4k pages, 48-bit VAs, pgd = ffff8006c6100000
[ 728.552156] [00000000000000a0] *pgd=0000000716a8d003
[ 728.557519] , *pud=00000007116fc003
[ 728.561259] , *pmd=0000000000000000
[ 728.564985] Internal error: Oops: 96000006 [#1] PREEMPT SMP
[ 728.570815] Modules linked in:
[ 728.574023] usb_f_uac2
[ 728.576560] u_audio
[ 728.578827] g_audio(-)
[ 728.581361] libcomposite
[ 728.584071] configfs
[ 728.586428] aes_ce_blk
[ 728.588960] sata_rcar
[ 728.591421] crypto_simd
[ 728.594039] cryptd
[ 728.596217] libata
[ 728.598396] aes_ce_cipher
[ 728.601188] crc32_ce
[ 728.603542] ghash_ce
[ 728.605896] gf128mul
[ 728.608250] aes_arm64
[ 728.610692] scsi_mod
[ 728.613046] sha2_ce
[ 728.615313] xhci_plat_hcd
[ 728.618106] sha256_arm64
[ 728.620811] sha1_ce
[ 728.623077] renesas_usbhs
[ 728.625869] xhci_hcd
[ 728.628243] renesas_usb3
[ 728.630948] sha1_generic
[ 728.633670] ravb_streaming(C)
[ 728.636814] udc_core
[ 728.639168] cpufreq_dt
[ 728.641697] rcar_gen3_thermal
[ 728.644840] usb_dmac
[ 728.647194] pwm_rcar
[ 728.649548] thermal_sys
[ 728.652165] virt_dma
[ 728.654519] mch_core(C)
[ 728.657137] pwm_bl
[ 728.659315] snd_soc_rcar
[ 728.662020] snd_aloop
[ 728.664462] snd_soc_generic_card
[ 728.667869] snd_soc_ak4613
[ 728.670749] ipv6
[ 728.672768] autofs4
[ 728.675052] CPU: 0 PID: 2545 Comm: modprobe Tainted: G B WC 4.14.47+ #152
[ 728.682973] Hardware name: Renesas Salvator-X board based on r8a7795 ES2.0+ (DT)
[ 728.690637] task: ffff8006ced38000 task.stack: ffff8006cf6c0000
[ 728.696814] PC is at u_audio_stop_capture+0x70/0x268 [u_audio]
[ 728.702896] LR is at u_audio_stop_capture+0x70/0x268 [u_audio]
[ 728.708964] pc : [<ffff2000021e1618>] lr : [<ffff2000021e1618>] pstate: 60000145
[ 728.716620] sp : ffff8006cf6c7a50
[ 728.720154] x29: ffff8006cf6c7a50
[ 728.723760] x28: ffff8006ced38000
[ 728.727272] x27: ffff200008fd7000
[ 728.730857] x26: ffff2000021d2340
[ 728.734361] x25: 0000000000000000
[ 728.737948] x24: ffff200009e94b08
[ 728.741452] x23: 00000000000000a0
[ 728.745052] x22: 00000000000000a8
[ 728.748558] x21: 1ffff000d9ed8f7c
[ 728.752142] x20: ffff8006d671a800
[ 728.755646] x19: 0000000000000000
[ 728.759231] x18: 0000000000000000
[ 728.762736] x17: 0000ffffbc7c8f40
[ 728.766320] x16: ffff200008213c4c
[ 728.769823] x15: 0000000000000000
[ 728.773408] x14: 0720072007200720
[ 728.776912] x13: 0720072007200720
[ 728.780497] x12: ffffffffffffffff
[ 728.784001] x11: 0000000000000040
[ 728.787598] x10: 0000000000001600
[ 728.791103] x9 : ffff8006cf6c77a0
[ 728.794689] x8 : ffff8006ced39660
[ 728.798193] x7 : ffff20000811c738
[ 728.801794] x6 : 0000000000000000
[ 728.805299] x5 : dfff200000000000
[ 728.808885] x4 : ffff8006ced38000
[ 728.812390] x3 : ffff200008fb46e8
[ 728.815976] x2 : 0000000000000007
[ 728.819480] x1 : 3ba68643e7431500
[ 728.823066] x0 : 0000000000000000
[ 728.826574] Process modprobe (pid: 2545, stack limit = 0xffff8006cf6c0000)
[ 728.833704] Call trace:
[ 728.836292] Exception stack(0xffff8006cf6c7910 to 0xffff8006cf6c7a50)
[ 728.842987] 7900: 0000000000000000 3ba68643e7431500
[ 728.851084] 7920: 0000000000000007 ffff200008fb46e8 ffff8006ced38000 dfff200000000000
[ 728.859173] 7940: 0000000000000000 ffff20000811c738 ffff8006ced39660 ffff8006cf6c77a0
[ 728.867248] 7960: 0000000000001600 0000000000000040 ffffffffffffffff 0720072007200720
[ 728.875323] 7980: 0720072007200720 0000000000000000 ffff200008213c4c 0000ffffbc7c8f40
[ 728.883412] 79a0: 0000000000000000 0000000000000000 ffff8006d671a800 1ffff000d9ed8f7c
[ 728.891485] 79c0: 00000000000000a8 00000000000000a0 ffff200009e94b08 0000000000000000
[ 728.899561] 79e0: ffff2000021d2340 ffff200008fd7000 ffff8006ced38000 ffff8006cf6c7a50
[ 728.907636] 7a00: ffff2000021e1618 ffff8006cf6c7a50 ffff2000021e1618 0000000060000145
[ 728.915710] 7a20: 0000000000000008 0000000000000000 0000ffffffffffff 3ba68643e7431500
[ 728.923780] 7a40: ffff8006cf6c7a50 ffff2000021e1618
[ 728.928880] [<ffff2000021e1618>] u_audio_stop_capture+0x70/0x268 [u_audio]
[ 728.936032] [<ffff2000021f8b7c>] afunc_disable+0x44/0x60 [usb_f_uac2]
[ 728.942822] [<ffff20000218177c>] usb_remove_function+0x9c/0x210 [libcomposite]
[ 728.950385] [<ffff200002183320>] remove_config.isra.2+0x1d8/0x218 [libcomposite]
[ 728.958134] [<ffff200002186c54>] __composite_unbind+0x104/0x1f8 [libcomposite]
[ 728.965689] [<ffff200002186d58>] composite_unbind+0x10/0x18 [libcomposite]
[ 728.972882] [<ffff20000152f158>] usb_gadget_remove_driver+0xc0/0x170 [udc_core]
[ 728.980522] [<ffff20000153154c>] usb_gadget_unregister_driver+0x1cc/0x258 [udc_core]
[ 728.988638] [<ffff200002180de8>] usb_composite_unregister+0x10/0x18 [libcomposite]
[ 728.996472] [<ffff2000021d035c>] audio_driver_exit+0x14/0x28 [g_audio]
[ 729.003231] [<ffff200008213ed4>] SyS_delete_module+0x288/0x32c
[ 729.009278] Exception stack(0xffff8006cf6c7ec0 to 0xffff8006cf6c8000)
[ 729.015946] 7ec0: 0000000006136428 0000000000000800 0000000000000000 0000ffffd706efe8
[ 729.024022] 7ee0: 0000ffffd706efe9 000000000000000a 1999999999999999 0000000000000000
[ 729.032099] 7f00: 000000000000006a 000000000042c078 0000000000000000 0000000000000005
[ 729.040172] 7f20: 0000000000000000 0000000000000000 0000000000000004 0000000000000000
[ 729.048263] 7f40: 000000000042bfc8 0000ffffbc7c8f40 0000000000000000 00000000061363c0
[ 729.056337] 7f60: 0000000006136428 0000000000000000 0000000000000000 0000000006136428
[ 729.064411] 7f80: 000000000042c000 0000ffffd7071448 000000000042c000 0000000000000000
[ 729.072484] 7fa0: 00000000061350c0 0000ffffd7070010 000000000041129c 0000ffffd7070010
[ 729.080563] 7fc0: 0000ffffbc7c8f48 0000000060000000 0000000006136428 000000000000006a
[ 729.088636] 7fe0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[ 729.096733] [<ffff200008084780>] el0_svc_naked+0x34/0x38
[ 729.102259] Code: 9597d1b3 aa1703e0 9102a276 958792b9 (f9405275)
[ 729.108617] ---[ end trace 7560c5fa3d100243 ]---
After this patch is applied, the issue is fixed:
rcar-gen3:/home/root# modprobe g_audio
[ 59.217127] g_audio gadget: afunc_bind:565 Error!
[ 59.222329] g_audio ee020000.usb: failed to start g_audio: -19
modprobe: ERROR: could not insert 'g_audio': No such device
rcar-gen3:/home/root# modprobe -r g_audio
rcar-gen3:/home/root#
Fixes: f1d3861d63a5 ("usb: gadget: f_uac2: fix error handling at afunc_bind")
Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Cc: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| |\| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
https://android.googlesource.com/kernel/common into lineage-17.1-caf-msm8998
This brings LA.UM.8.4.r1-05500-8x98.0 up to date with
https://android.googlesource.com/kernel/common/ android-4.4-p at commit:
60fca75727065 Merge 4.4.226 into android-4.4-p
Conflicts:
drivers/base/firmware_class.c
drivers/gpu/drm/msm/msm_gem.c
drivers/mmc/host/sdhci.c
drivers/net/wireless/ath/ath10k/core.c
kernel/trace/blktrace.c
net/socket.c
sound/core/rawmidi.c
sound/usb/mixer.c
Change-Id: Ic8599e865656da72a9405c45f27091ec1ddc168c
|
| | |\| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Changes in 4.4.226
ax25: fix setsockopt(SO_BINDTODEVICE)
net: revert "net: get rid of an signed integer overflow in ip_idents_reserve()"
sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed
net/mlx5: Add command entry handling completion
net: sun: fix missing release regions in cas_init_one().
net/mlx4_core: fix a memory leak bug.
uapi: fix linux/if_pppol2tp.h userspace compilation errors
IB/cma: Fix reference count leak when no ipv4 addresses are set
cachefiles: Fix race between read_waiter and read_copier involving op->to_do
usb: gadget: legacy: fix redundant initialization warnings
cifs: Fix null pointer check in cifs_read
Input: usbtouchscreen - add support for BonXeon TP
Input: evdev - call input_flush_device() on release(), not flush()
Input: xpad - add custom init packet for Xbox One S controllers
Input: i8042 - add ThinkPad S230u to i8042 reset list
IB/qib: Call kobject_put() when kobject_init_and_add() fails
ALSA: hwdep: fix a left shifting 1 by 31 UB bug
ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC
exec: Always set cap_ambient in cap_bprm_set_creds
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
include/asm-generic/topology.h: guard cpumask_of_node() macro argument
iommu: Fix reference count leak in iommu_group_alloc.
parisc: Fix kernel panic in mem_init()
x86/dma: Fix max PFN arithmetic overflow on 32 bit systems
xfrm: allow to accept packets with ipv6 NEXTHDR_HOP in xfrm_input
xfrm: fix a warning in xfrm_policy_insert_list
xfrm: fix a NULL-ptr deref in xfrm_local_error
vti4: eliminated some duplicate code.
ip_vti: receive ipip packet by calling ip_tunnel_rcv
netfilter: nft_reject_bridge: enable reject with bridge vlan
netfilter: ipset: Fix subcounter update skip
netfilter: nf_conntrack_pptp: prevent buffer overflows in debug code
qlcnic: fix missing release in qlcnic_83xx_interrupt_test.
bonding: Fix reference count leak in bond_sysfs_slave_add.
netfilter: nf_conntrack_pptp: fix compilation warning with W=1 build
mm: remove VM_BUG_ON(PageSlab()) from page_mapcount()
drm/fb-helper: Use proper plane mask for fb cleanup
genirq/generic_pending: Do not lose pending affinity update
usb: renesas_usbhs: gadget: fix spin_lock_init() for &uep->lock
mac80211: fix memory leak
net: rtnl_configure_link: fix dev flags changes arg to __dev_notify_flags
mm/vmalloc.c: don't dereference possible NULL pointer in __vunmap()
asm-prototypes: Clear any CPP defines before declaring the functions
sc16is7xx: move label 'err_spi' to correct section
drm/msm: Fix possible null dereference on failure of get_pages()
printk: help pr_debug and pr_devel to optimize out arguments
scsi: zfcp: fix request object use-after-free in send path causing wrong traces
Linux 4.4.226
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ia5473e84bcdec9d8a045a80a1c683fc1072f8c4f
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit 14a8d4bfc2102f85ce097563d151370c91c1898a upstream.
This patch fixes an issue that the spin_lock_init() is not called
for almost all pipes. Otherwise, the lockdep output the following
message when we connect a usb cable using g_ncm:
INFO: trying to register non-static key.
the code is fine but needs lockdep annotation.
turning off the locking correctness validator.
Reported-by: Kazuya Mizuguchi <kazuya.mizuguchi.ks@renesas.com>
Fixes: b8b9c974afee ("usb: renesas_usbhs: gadget: disable all eps when the driver stops")
Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
Tested-by: Kazuya Mizuguchi <kazuya.mizuguchi.ks@renesas.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Cc: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
[ Upstream commit d13cce757954fa663c69845611957396843ed87a ]
Fix the following cppcheck warnings:
drivers/usb/gadget/legacy/inode.c:1364:8: style: Redundant initialization for 'value'. The initialized value is overwritten$
value = -EOPNOTSUPP;
^
drivers/usb/gadget/legacy/inode.c:1331:15: note: value is initialized
int value = -EOPNOTSUPP;
^
drivers/usb/gadget/legacy/inode.c:1364:8: note: value is overwritten
value = -EOPNOTSUPP;
^
drivers/usb/gadget/legacy/inode.c:1817:8: style: Redundant initialization for 'value'. The initialized value is overwritten$
value = -EINVAL;
^
drivers/usb/gadget/legacy/inode.c:1787:18: note: value is initialized
ssize_t value = len, length = len;
^
drivers/usb/gadget/legacy/inode.c:1817:8: note: value is overwritten
value = -EINVAL;
^
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Felipe Balbi <balbi@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | |\| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Changes in 4.4.225
igb: use igb_adapter->io_addr instead of e1000_hw->hw_addr
padata: Remove unused but set variables
padata: get_next is never NULL
padata: ensure the reorder timer callback runs on the correct CPU
padata: ensure padata_do_serial() runs on the correct CPU
evm: Check also if *tfm is an error pointer in init_desc()
fix multiplication overflow in copy_fdtable()
HID: multitouch: add eGalaxTouch P80H84 support
ceph: fix double unlock in handle_cap_export()
USB: core: Fix misleading driver bug report
platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA
ARM: futex: Address build warning
media: Fix media_open() to clear filp->private_data in error leg
drivers/media/media-devnode: clear private_data before put_device()
media-devnode: add missing mutex lock in error handler
media-devnode: fix namespace mess
media-device: dynamically allocate struct media_devnode
media: fix use-after-free in cdev_put() when app exits after driver unbind
media: fix media devnode ioctl/syscall and unregister race
i2c: dev: switch from register_chrdev to cdev API
i2c: dev: don't start function name with 'return'
i2c: dev: use after free in detach
i2c-dev: don't get i2c adapter via i2c_dev
i2c: dev: Fix the race between the release of i2c_dev and cdev
padata: set cpu_index of unused CPUs to -1
sched/fair, cpumask: Export for_each_cpu_wrap()
padata: Replace delayed timer with immediate workqueue in padata_reorder
padata: initialize pd->cpu with effective cpumask
padata: purge get_cpu and reorder_via_wq from padata_do_serial
ALSA: pcm: fix incorrect hw_base increase
ext4: lock the xattr block before checksuming it
platform/x86: alienware-wmi: fix kfree on potentially uninitialized pointer
libnvdimm/btt: Remove unnecessary code in btt_freelist_init
l2tp: lock socket before checking flags in connect()
l2tp: fix racy socket lookup in l2tp_ip and l2tp_ip6 bind()
l2tp: hold session while sending creation notifications
l2tp: take a reference on sessions used in genetlink handlers
l2tp: don't use l2tp_tunnel_find() in l2tp_ip and l2tp_ip6
net: l2tp: export debug flags to UAPI
net: l2tp: deprecate PPPOL2TP_MSG_* in favour of L2TP_MSG_*
net: l2tp: ppp: change PPPOL2TP_MSG_* => L2TP_MSG_*
New kernel function to get IP overhead on a socket.
L2TP:Adjust intf MTU, add underlay L3, L2 hdrs.
l2tp: remove useless duplicate session detection in l2tp_netlink
l2tp: remove l2tp_session_find()
l2tp: define parameters of l2tp_session_get*() as "const"
l2tp: define parameters of l2tp_tunnel_find*() as "const"
l2tp: initialise session's refcount before making it reachable
l2tp: hold tunnel while looking up sessions in l2tp_netlink
l2tp: hold tunnel while processing genl delete command
l2tp: hold tunnel while handling genl tunnel updates
l2tp: hold tunnel while handling genl TUNNEL_GET commands
l2tp: hold tunnel used while creating sessions with netlink
l2tp: prevent creation of sessions on terminated tunnels
l2tp: pass tunnel pointer to ->session_create()
l2tp: fix l2tp_eth module loading
l2tp: don't register sessions in l2tp_session_create()
l2tp: initialise l2tp_eth sessions before registering them
l2tp: protect sock pointer of struct pppol2tp_session with RCU
l2tp: initialise PPP sessions before registering them
Revert "gfs2: Don't demote a glock until its revokes are written"
staging: iio: ad2s1210: Fix SPI reading
mei: release me_cl object reference
iio: sca3000: Remove an erroneous 'get_device()'
l2tp: device MTU setup, tunnel socket needs a lock
cpumask: Make for_each_cpu_wrap() available on UP as well
Linux 4.4.225
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I87dc4ca47f34d594fff7c1da28c7a4596659c029
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
[ Upstream commit ac854131d9844f79e2fdcef67a7707227538d78a ]
The syzbot fuzzer found a race between URB submission to endpoint 0
and device reset. Namely, during the reset we call usb_ep0_reinit()
because the characteristics of ep0 may have changed (if the reset
follows a firmware update, for example). While usb_ep0_reinit() is
running there is a brief period during which the pointers stored in
udev->ep_in[0] and udev->ep_out[0] are set to NULL, and if an URB is
submitted to ep0 during that period, usb_urb_ep_type_check() will
report it as a driver bug. In the absence of those pointers, the
routine thinks that the endpoint doesn't exist. The log message looks
like this:
------------[ cut here ]------------
usb 2-1: BOGUS urb xfer, pipe 2 != type 2
WARNING: CPU: 0 PID: 9241 at drivers/usb/core/urb.c:478
usb_submit_urb+0x1188/0x1460 drivers/usb/core/urb.c:478
Now, although submitting an URB while the device is being reset is a
questionable thing to do, it shouldn't count as a driver bug as severe
as submitting an URB for an endpoint that doesn't exist. Indeed,
endpoint 0 always exists, even while the device is in its unconfigured
state.
To prevent these misleading driver bug reports, this patch updates
usb_disable_endpoint() to avoid clearing the ep_in[] and ep_out[]
pointers when the endpoint being disabled is ep0. There's no danger
of leaving a stale pointer in place, because the usb_host_endpoint
structure being pointed to is stored permanently in udev->ep0; it
doesn't get deallocated until the entire usb_device structure does.
Reported-and-tested-by: syzbot+db339689b2101f6f6071@syzkaller.appspotmail.com
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Link: https://lore.kernel.org/r/Pine.LNX.4.44L0.2005011558590.903-100000@netrider.rowland.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | |\| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Changes in 4.4.224
USB: serial: qcserial: Add DW5816e support
Revert "net: phy: Avoid polling PHY with PHY_IGNORE_INTERRUPTS"
dp83640: reverse arguments to list_add_tail
net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc()
sch_sfq: validate silly quantum values
sch_choke: avoid potential panic in choke_reset()
Revert "ACPI / video: Add force_native quirk for HP Pavilion dv6"
enic: do not overwrite error code
ipv6: fix cleanup ordering for ip6_mr failure
binfmt_elf: move brk out of mmap when doing direct loader exec
x86/apm: Don't access __preempt_count with zeroed fs
Revert "IB/ipoib: Update broadcast object if PKey value was changed in index 0"
USB: uas: add quirk for LaCie 2Big Quadra
USB: serial: garmin_gps: add sanity checking for data length
batman-adv: fix batadv_nc_random_weight_tq
scripts/decodecode: fix trapping instruction formatting
phy: micrel: Ensure interrupts are reenabled on resume
binfmt_elf: Do not move brk for INTERP-less ET_EXEC
ext4: add cond_resched() to ext4_protect_reserved_inode
net: ipv6: add net argument to ip6_dst_lookup_flow
net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup
blktrace: Fix potential deadlock between delete & sysfs ops
blktrace: fix unlocked access to init/start-stop/teardown
blktrace: fix trace mutex deadlock
blktrace: Protect q->blk_trace with RCU
blktrace: fix dereference after null check
ptp: do not explicitly set drvdata in ptp_clock_register()
ptp: use is_visible method to hide unused attributes
ptp: create "pins" together with the rest of attributes
chardev: add helper function to register char devs with a struct device
ptp: Fix pass zero to ERR_PTR() in ptp_clock_register
ptp: fix the race between the release of ptp_clock and cdev
ptp: free ptp device pin descriptors properly
net: handle no dst on skb in icmp6_send
net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()'
net: moxa: Fix a potential double 'free_irq()'
drop_monitor: work around gcc-10 stringop-overflow warning
scsi: sg: add sg_remove_request in sg_write
spi: spi-dw: Add lock protect dw_spi rx/tx to prevent concurrent calls
cifs: Check for timeout on Negotiate stage
cifs: Fix a race condition with cifs_echo_request
dmaengine: pch_dma.c: Avoid data race between probe and irq handler
dmaengine: mmp_tdma: Reset channel error on release
drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper()
ipc/util.c: sysvipc_find_ipc() incorrectly updates position index
net: openvswitch: fix csum updates for MPLS actions
gre: do not keep the GRE header around in collect medata mode
mm/memory_hotplug.c: fix overflow in test_pages_in_a_zone()
scsi: qla2xxx: Avoid double completion of abort command
i40e: avoid NVM acquire deadlock during NVM update
net/mlx5: Fix driver load error flow when firmware is stuck
netfilter: conntrack: avoid gcc-10 zero-length-bounds warning
IB/mlx4: Test return value of calls to ib_get_cached_pkey
pnp: Use list_for_each_entry() instead of open coding
gcc-10 warnings: fix low-hanging fruit
kbuild: compute false-positive -Wmaybe-uninitialized cases in Kconfig
Stop the ad-hoc games with -Wno-maybe-initialized
gcc-10: disable 'zero-length-bounds' warning for now
gcc-10: disable 'array-bounds' warning for now
gcc-10: disable 'stringop-overflow' warning for now
gcc-10: disable 'restrict' warning for now
block: defer timeouts to a workqueue
blk-mq: Allow timeouts to run while queue is freezing
blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter
blk-mq: Allow blocking queue tag iter callbacks
x86/paravirt: Remove the unused irq_enable_sysexit pv op
gcc-10: avoid shadowing standard library 'free()' in crypto
net: fix a potential recursive NETDEV_FEAT_CHANGE
net: ipv4: really enforce backoff for redirects
netlabel: cope with NULL catmap
ALSA: hda/realtek - Limit int mic boost for Thinkpad T530
ALSA: rawmidi: Fix racy buffer resize under concurrent accesses
ALSA: rawmidi: Initialize allocated buffers
USB: gadget: fix illegal array access in binding with UDC
ARM: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries
x86: Fix early boot crash on gcc-10, third try
exec: Move would_dump into flush_old_exec
usb: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()'
usb: gadget: audio: Fix a missing error return value in audio_bind()
usb: gadget: legacy: fix error return code in gncm_bind()
usb: gadget: legacy: fix error return code in cdc_bind()
Revert "ALSA: hda/realtek: Fix pop noise on ALC225"
ARM: dts: r8a7740: Add missing extal2 to CPG node
KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce
Makefile: disallow data races on gcc-10 as well
scsi: iscsi: Fix a potential deadlock in the timeout handler
Linux 4.4.224
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I384313d39dead8b0babb144803269033f4aacc53
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit e8f7f9e3499a6d96f7f63a4818dc7d0f45a7783b upstream.
If 'usb_otg_descriptor_alloc()' fails, we must return a
negative error code -ENOMEM, not 0.
Fixes: ab6796ae9833 ("usb: gadget: cdc2: allocate and init otg descriptor by otg capabilities")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Signed-off-by: Felipe Balbi <balbi@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit e27d4b30b71c66986196d8a1eb93cba9f602904a upstream.
If 'usb_otg_descriptor_alloc()' fails, we must return a
negative error code -ENOMEM, not 0.
Fixes: 1156e91dd7cc ("usb: gadget: ncm: allocate and init otg descriptor by otg capabilities")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Signed-off-by: Felipe Balbi <balbi@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit 19b94c1f9c9a16d41a8de3ccbdb8536cf1aecdbf upstream.
If 'usb_otg_descriptor_alloc()' fails, we must return an error code, not 0.
Fixes: 56023ce0fd70 ("usb: gadget: audio: allocate and init otg descriptor by otg capabilities")
Reviewed-by: Peter Chen <peter.chen@nxp.com>
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Felipe Balbi <balbi@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
'net2272_plat_probe()'
commit ccaef7e6e354fb65758eaddd3eae8065a8b3e295 upstream.
'dev' is allocated in 'net2272_probe_init()'. It must be freed in the error
handling path, as already done in the remove function (i.e.
'net2272_plat_remove()')
Fixes: 90fccb529d24 ("usb: gadget: Gadget directory cleanup - group UDC drivers")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Felipe Balbi <balbi@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit 15753588bcd4bbffae1cca33c8ced5722477fe1f upstream.
FuzzUSB (a variant of syzkaller) found an illegal array access
using an incorrect index while binding a gadget with UDC.
Reference: https://www.spinics.net/lists/linux-usb/msg194331.html
This bug occurs when a size variable used for a buffer
is misused to access its strcpy-ed buffer.
Given a buffer along with its size variable (taken from user input),
from which, a new buffer is created using kstrdup().
Due to the original buffer containing 0 value in the middle,
the size of the kstrdup-ed buffer becomes smaller than that of the original.
So accessing the kstrdup-ed buffer with the same size variable
triggers memory access violation.
The fix makes sure no zero value in the buffer,
by comparing the strlen() of the orignal buffer with the size variable,
so that the access to the kstrdup-ed buffer is safe.
BUG: KASAN: slab-out-of-bounds in gadget_dev_desc_UDC_store+0x1ba/0x200
drivers/usb/gadget/configfs.c:266
Read of size 1 at addr ffff88806a55dd7e by task syz-executor.0/17208
CPU: 2 PID: 17208 Comm: syz-executor.0 Not tainted 5.6.8 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0xce/0x128 lib/dump_stack.c:118
print_address_description.constprop.4+0x21/0x3c0 mm/kasan/report.c:374
__kasan_report+0x131/0x1b0 mm/kasan/report.c:506
kasan_report+0x12/0x20 mm/kasan/common.c:641
__asan_report_load1_noabort+0x14/0x20 mm/kasan/generic_report.c:132
gadget_dev_desc_UDC_store+0x1ba/0x200 drivers/usb/gadget/configfs.c:266
flush_write_buffer fs/configfs/file.c:251 [inline]
configfs_write_file+0x2f1/0x4c0 fs/configfs/file.c:283
__vfs_write+0x85/0x110 fs/read_write.c:494
vfs_write+0x1cd/0x510 fs/read_write.c:558
ksys_write+0x18a/0x220 fs/read_write.c:611
__do_sys_write fs/read_write.c:623 [inline]
__se_sys_write fs/read_write.c:620 [inline]
__x64_sys_write+0x73/0xb0 fs/read_write.c:620
do_syscall_64+0x9e/0x510 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Signed-off-by: Kyungtae Kim <kt0755@gmail.com>
Reported-and-tested-by: Kyungtae Kim <kt0755@gmail.com>
Cc: Felipe Balbi <balbi@kernel.org>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200510054326.GA19198@pizza01
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit e9b3c610a05c1cdf8e959a6d89c38807ff758ee6 upstream.
We must not process packets shorter than a packet ID
Signed-off-by: Oliver Neukum <oneukum@suse.com>
Reported-and-tested-by: syzbot+d29e9263e13ce0b9f4fd@syzkaller.appspotmail.com
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit 9f04db234af691007bb785342a06abab5fb34474 upstream.
This device needs US_FL_NO_REPORT_OPCODES to avoid going
through prolonged error handling on enumeration.
Signed-off-by: Oliver Neukum <oneukum@suse.com>
Reported-by: Julian Groß <julian.g@posteo.de>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200429155218.7308-1-oneukum@suse.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit 78d6de3cfbd342918d31cf68d0d2eda401338aef upstream.
Add support for Dell Wireless 5816e to drivers/usb/serial/qcserial.c
Signed-off-by: Matt Jolly <Kangie@footclan.ninja>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | |\| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Changes in 4.4.223
mwifiex: fix PCIe register information for 8997 chipset
drm/qxl: qxl_release use after free
drm/qxl: qxl_release leak in qxl_draw_dirty_fb()
staging: rtl8192u: Fix crash due to pointers being "confusing"
usb: gadget: f_acm: Fix configfs attr name
usb: gadged: pch_udc: get rid of redundant assignments
usb: gadget: pch_udc: reorder spin_[un]lock to avoid deadlock
usb: gadget: udc: core: don't starve DMA resources
MIPS: Fix macro typo
MIPS: ptrace: Drop cp0_tcstatus from regoffset_table[]
MIPS: BMIPS: Fix PRID_IMP_BMIPS5000 masking for BMIPS5200
MIPS: smp-cps: Stop printing EJTAG exceptions to UART
MIPS: scall: Handle seccomp filters which redirect syscalls
MIPS: BMIPS: BMIPS5000 has I cache filing from D cache
MIPS: BMIPS: Clear MIPS_CACHE_ALIASES earlier
MIPS: BMIPS: local_r4k___flush_cache_all needs to blast S-cache
MIPS: BMIPS: Pretty print BMIPS5200 processor name
MIPS: Fix HTW config on XPA kernel without LPA enabled
MIPS: BMIPS: Adjust mips-hpt-frequency for BCM7435
MIPS: math-emu: Fix BC1{EQ,NE}Z emulation
MIPS: Fix BC1{EQ,NE}Z return offset calculation
MIPS: perf: Fix I6400 event numbers
MIPS: KVM: Fix translation of MFC0 ErrCtl
MIPS: SMP: Update cpu_foreign_map on CPU disable
MIPS: c-r4k: Fix protected_writeback_scache_line for EVA
MIPS: Octeon: Off by one in octeon_irq_gpio_map()
bpf, mips: fix off-by-one in ctx offset allocation
MIPS: RM7000: Double locking bug in rm7k_tc_disable()
MIPS: Define AT_VECTOR_SIZE_ARCH for ARCH_DLINFO
mips/panic: replace smp_send_stop() with kdump friendly version in panic path
ARM: dts: armadillo800eva Correct extal1 frequency to 24 MHz
ARM: imx: select SRC for i.MX7
ARM: dts: kirkwood: gpio pin fixes for linkstation ls-wxl/wsxl
ARM: dts: kirkwood: gpio pin fixes for linkstation ls-wvl/vl
ARM: dts: kirkwood: gpio-leds fixes for linkstation ls-wxl/wsxl
ARM: dts: kirkwood: gpio-leds fixes for linkstation ls-wvl/vl
ARM: dts: orion5x: gpio pin fixes for linkstation lswtgl
ARM: dts: orion5x: fix the missing mtd flash on linkstation lswtgl
ARM: dts: kirkwood: use unique machine name for ds112
ARM: dts: kirkwood: add kirkwood-ds112.dtb to Makefile
ARM: OMAP2+: hwmod: fix _idle() hwmod state sanity check sequence
perf/x86: Fix filter_events() bug with event mappings
x86/LDT: Print the real LDT base address
x86/apic/uv: Silence a shift wrapping warning
ALSA: fm801: explicitly free IRQ line
ALSA: fm801: propagate TUNER_ONLY bit when autodetected
ALSA: fm801: detect FM-only card earlier
netfilter: nfnetlink: use original skbuff when acking batches
xfrm: fix crash in XFRM_MSG_GETSA netlink handler
mwifiex: fix IBSS data path issue.
mwifiex: add missing check for PCIe8997 chipset
iwlwifi: set max firmware version of 7265 to 17
Bluetooth: btmrvl: fix hung task warning dump
dccp: limit sk_filter trim to payload
net/mlx4_core: Do not BUG_ON during reset when PCI is offline
mlxsw: pci: Correctly determine if descriptor queue is full
PCI: Supply CPU physical address (not bus address) to iomem_is_exclusive()
net/mlx4_core: Implement pci_resume callback
alpha/PCI: Call iomem_is_exclusive() for IORESOURCE_MEM, but not IORESOURCE_IO
vfio/pci: Allow VPD short read
brcmfmac: add eth_type_trans back for PCIe full dongle
mlxsw: Treat local port 64 as valid
IB/mlx4: Initialize hop_limit when creating address handle
ovs/gre,geneve: fix error path when creating an iface
GRE: Disable segmentation offloads w/ CSUM and we are encapsulated via FOU
powerpc/pci/of: Parse unassigned resources
firmware: actually return NULL on failed request_firmware_nowait()
c8sectpfe: Rework firmware loading mechanism
net/mlx5: Avoid passing dma address 0 to firmware
IB/mlx5: Fix RC transport send queue overhead computation
net/mlx5: Make command timeout way shorter
IB/mlx5: Fix FW version diaplay in sysfs
net/mlx5e: Fix MLX5E_100BASE_T define
net/mlx5: Fix the size of modify QP mailbox
net/mlx5: Fix masking of reserved bits in XRCD number
net/mlx5e: Fix blue flame quota logic
net/mlx5: use mlx5_buf_alloc_node instead of mlx5_buf_alloc in mlx5_wq_ll_create
net/mlx5: Avoid calling sleeping function by the health poll thread
net/mlx5: Fix wait_vital for VFs and remove fixed sleep
net/mlx5: Fix potential deadlock in command mode change
net/mlx5: Add timeout handle to commands with callback
net/mlx5: Fix pci error recovery flow
net/mlx5e: Copy all L2 headers into inline segment
net_sched: keep backlog updated with qlen
sch_drr: update backlog as well
sch_hfsc: always keep backlog updated
sch_prio: update backlog as well
sch_qfq: keep backlog updated with qlen
sch_sfb: keep backlog updated with qlen
sch_tbf: update backlog as well
btrfs: cleaner_kthread() doesn't need explicit freeze
irda: Free skb on irda_accept error path.
phy: fix device reference leaks
bonding: prevent out of bound accesses
mtd: nand: fix ONFI parameter page layout
ath10k: free cached fw bin contents when get board id fails
xprtrdma: checking for NULL instead of IS_ERR()
xprtrdma: Fix additional uses of spin_lock_irqsave(rb_lock)
xprtrdma: xprt_rdma_free() must not release backchannel reqs
xprtrdma: rpcrdma_bc_receive_call() should init rq_private_buf.len
RDMA/cxgb3: device driver frees DMA memory with different size
mlxsw: spectrum: Don't forward packets when STP state is DISABLED
mlxsw: spectrum: Disable learning according to STP state
mlxsw: spectrum: Don't count internal TX header bytes to stats
mlxsw: spectrum: Indicate support for autonegotiation
mlxsw: spectrum: Fix misuse of hard_header_len
net: tcp_memcontrol: properly detect ancestor socket pressure
tcp: do not set rtt_min to 1
RDS:TCP: Synchronize rds_tcp_accept_one with rds_send_xmit when resetting t_sock
net: ipv6: tcp reset, icmp need to consider L3 domain
batman-adv: Fix lockdep annotation of batadv_tlv_container_remove
batman-adv: replace WARN with rate limited output on non-existing VLAN
tty: serial: msm: Support more bauds
serial: samsung: Fix possible out of bounds access on non-DT platform
Drivers: hv: utils: use memdup_user in hvt_op_write
isa: Call isa_bus_init before dependent ISA bus drivers register
Btrfs: clean up an error code in btrfs_init_space_info()
Input: gpio-keys - fix check for disabling unsupported keys
Input: edt-ft5x06 - fix setting gain, offset, and threshold via device tree
net/xfrm_input: fix possible NULL deref of tunnel.ip6->parms.i_key
xfrm_user: propagate sec ctx allocation errors
xfrm: Fix memory leak of aead algorithm name
mac80211: fix mgmt-tx abort cookie and leak
mac80211: TDLS: always downgrade invalid chandefs
mac80211: TDLS: change BW calculation for WIDER_BW peers
mac80211: Fix BW upgrade for TDLS peers
NFS: Fix an LOCK/OPEN race when unlinking an open file
net: get rid of an signed integer overflow in ip_idents_reserve()
mtd: nand: denali: add missing nand_release() call in denali_remove()
ASoC: Intel: pass correct parameter in sst_alloc_stream_mrfld()
ASoC: tegra_alc5632: check return value
ASoC: fsl_ssi: mark SACNT register volatile
Revert "ACPI / LPSS: allow to use specific PM domain during ->probe()"
mmc: sdhci: restore behavior when setting VDD via external regulator
mmc: sd: limit SD card power limit according to cards capabilities
mmc: debugfs: correct wrong voltage value
mmc: block: return error on failed mmc_blk_get()
clk: rockchip: Revert "clk: rockchip: reset init state before mmc card initialization"
mmc: dw_mmc: rockchip: Set the drive phase properly
mmc: moxart: fix wait_for_completion_interruptible_timeout return variable type
mmc: sdhci: Fix regression setting power on Trats2 board
perf tools: Fix perf regs mask generation
powerpc/tm: Fix stack pointer corruption in __tm_recheckpoint()
powerpc/book3s: Fix MCE console messages for unrecoverable MCE.
sctp: fix the transports round robin issue when init is retransmitted
sunrpc: Update RPCBIND_MAXNETIDLEN
NFC: nci: memory leak in nci_core_conn_create()
net: phy: Avoid polling PHY with PHY_IGNORE_INTERRUPTS
net: phy: Fix phy_mac_interrupt()
net: phy: bcm7xxx: Fix shadow mode 2 disabling
of_mdio: fix node leak in of_phy_register_fixed_link error path
phy: micrel: Fix finding PHY properties in MAC node for KSZ9031.
net: dsa: slave: fix of-node leak and phy priority
drivers: net: cpsw: don't ignore phy-mode if phy-handle is used
iommu/dma: Respect IOMMU aperture when allocating
mdio-sun4i: oops in error handling in probe
iio:ad7797: Use correct attribute_group
selftests/ipc: Fix test failure seen after initial test run
wimax/i2400m: Fix potential urb refcnt leak
cifs: protect updating server->dstaddr with a spinlock
scripts/config: allow colons in option strings for sed
lib/mpi: Fix building for powerpc with clang
net: bcmgenet: suppress warnings on failed Rx SKB allocations
net: systemport: suppress warnings on failed Rx SKB allocations
rc: allow rc modules to be loaded if rc-main is not a module
lirc_imon: do not leave imon_probe() with mutex held
am437x-vpfe: fix an uninitialized variable bug
cx23885: uninitialized variable in cx23885_av_work_handler()
ath9k_htc: check for underflow in ath9k_htc_rx_msg()
VFIO: platform: reset: fix a warning message condition
net: moxa: fix an error code
mfd: lp8788-irq: Uninitialized variable in irq handler
ethernet: micrel: fix some error codes
power: ipaq-micro-battery: freeing the wrong variable
i40e: fix an uninitialized variable bug
qede: uninitialized variable in qede_start_xmit()
qlcnic: potential NULL dereference in qlcnic_83xx_get_minidump_template()
qlcnic: use the correct ring in qlcnic_83xx_process_rcv_ring_diag()
target: Fix a memory leak in target_dev_lba_map_store()
memory/tegra: Add number of TLB lines for Tegra124
pinctrl: bcm2835: Fix memory leak in error path
be2net: Don't leak iomapped memory on removal.
ipv4: Fix memory leak in exception case for splitting tries
flow_dissector: Check for IP fragmentation even if not using IPv4 address
ipv4: fix checksum annotation in udp4_csum_init
ipv4: do not abuse GFP_ATOMIC in inet_netconf_notify_devconf()
ipv4: accept u8 in IP_TOS ancillary data
net: vrf: Fix dev refcnt leak due to IPv6 prefix route
ipv6: fix checksum annotation in udp6_csum_init
ipv6: do not abuse GFP_ATOMIC in inet6_netconf_notify_devconf()
ipv6: add missing netconf notif when 'all' is updated
net: ipv6: Fix processing of RAs in presence of VRF
netfilter: nf_tables: fix a wrong check to skip the inactive rules
netfilter: nft_dynset: fix panic if NFT_SET_HASH is not enabled
netfilter: nf_tables: destroy the set if fail to add transaction
netfilter: nft_dup: do not use sreg_dev if the user doesn't specify it
udp: restore UDPlite many-cast delivery
clk: st: avoid uninitialized variable use
clk: gpio: handle error codes for of_clk_get_parent_count()
clk: ti: omap3+: dpll: use non-locking version of clk_get_rate
clk: multiplier: Prevent the multiplier from under / over flowing
clk: imx: clk-pllv3: fix incorrect handle of enet powerdown bit
clk: xgene: Don't call __pa on ioremaped address
cls_bpf: reset class and reuse major in da
arm64: bpf: jit JMP_JSET_{X,K}
bpf, trace: check event type in bpf_perf_event_read
bpf: fix map not being uncharged during map creation failure
net/mlx4_core: Fix potential corruption in counters database
net/mlx4_core: Fix access to uninitialized index
net/mlx4_en: Fix the return value of a failure in VLAN VID add/kill
net/mlx4_core: Check device state before unregistering it
net/mlx4_core: Fix the resource-type enum in res tracker to conform to FW spec
net/mlx4_en: Process all completions in RX rings after port goes up
net/mlx4_core: Do not access comm channel if it has not yet been initialized
net/mlx4_en: Fix potential deadlock in port statistics flow
net/mlx4: Fix uninitialized fields in rule when adding promiscuous mode to device managed flow steering
net/mlx4_core: Fix QUERY FUNC CAP flags
mlxsw: switchx2: Fix misuse of hard_header_len
mlxsw: switchx2: Fix ethernet port initialization
sched/fair: Fix calc_cfs_shares() fixed point arithmetics width confusion
net_sched: flower: Avoid dissection of unmasked keys
pkt_sched: fq: use proper locking in fq_dump_stats()
sched/preempt: Fix preempt_count manipulations
power: bq27xxx: fix reading for bq27000 and bq27010
power: bq27xxx: fix register numbers of bq27500
power: test_power: correctly handle empty writes
power: bq27xxx_battery: Fix bq27541 AveragePower register address
power_supply: tps65217-charger: Fix NULL deref during property export
net: vrf: Fix dst reference counting
net: Don't delete routes in different VRFs
vti6: fix input path
ipv4: Fix table id reference in fib_sync_down_addr
mlx4: do not call napi_schedule() without care
xprtrdma: Fix backchannel allocation of extra rpcrdma_reps
ALSA: fm801: Initialize chip after IRQ handler is registered
bonding: fix length of actor system
MIPS: perf: Remove incorrect odd/even counter handling for I6400
Revert "cpufreq: Drop rwsem lock around CPUFREQ_GOV_POLICY_EXIT"
net: dsa: mv88e6xxx: unlock DSA and CPU ports
gfs2: fix flock panic issue
blk-mq: fix undefined behaviour in order_to_size()
dm: fix second blk_delay_queue() parameter to be in msec units not jiffies
dmaengine: edma: Add probe callback to edma_tptc_driver
openvswitch: update checksum in {push,pop}_mpls
cxgb4/cxgb4vf: Fixes regression in perf when tx vlan offload is disabled
net: bcmgenet: fix skb_len in bcmgenet_xmit_single()
net: bcmgenet: device stats are unsigned long
ovs/gre: fix rtnl notifications on iface deletion
gre: do not assign header_ops in collect metadata mode
gre: build header correctly for collect metadata tunnels
gre: reject GUE and FOU in collect metadata mode
sfc: fix potential stack corruption from running past stat bitmask
sfc: clear napi_hash state when copying channels
net: bcmsysport: Device stats are unsigned long
cxgbi: fix uninitialized flowi6
net: macb: add missing free_netdev() on error in macb_probe()
macvtap: segmented packet is consumed
tipc: fix the error handling in tipc_udp_enable()
net: icmp6_send should use dst dev to determine L3 domain
et131x: Fix logical vs bitwise check in et131x_tx_timeout()
net: ethernet: stmmac: dwmac-sti: fix probe error path
rtnl: reset calcit fptr in rtnl_unregister()
net: ethernet: stmmac: dwmac-rk: fix probe error path
fq_codel: return non zero qlen in class dumps
net: ethernet: stmmac: dwmac-generic: fix probe error path
ovs/geneve: fix rtnl notifications on iface deletion
bnxt: add a missing rcu synchronization
qdisc: fix a module refcount leak in qdisc_create_dflt()
net: axienet: Fix return value check in axienet_probe()
bnxt_en: Remove locking around txr->dev_state
net: ethernet: davinci_emac: Fix devioctl while in fixed link
net: ethernet: mvneta: Remove IFF_UNICAST_FLT which is not implemented
net: ethernet: ti: cpsw: fix device and of_node leaks
net: ethernet: ti: cpsw: fix secondary-emac probe error path
net: hns: fix device reference leaks
net: bridge: don't increment tx_dropped in br_do_proxy_arp
net: dsa: mv88e6xxx: enable SA learning on DSA ports
net: ehea: avoid null pointer dereference
l2tp: fix use-after-free during module unload
hwrng: exynos - Disable runtime PM on driver unbind
net: icmp_route_lookup should use rt dev to determine L3 domain
net: mvneta: fix trivial cut-off issue in mvneta_ethtool_update_stats
net: macb: replace macb_writel() call by queue_writel() to update queue ISR
ravb: Add missing free_irq() call to ravb_close()
mvpp2: use correct size for memset
net: vxlan: lwt: Fix vxlan local traffic.
net: ethoc: Fix early error paths
ovs/vxlan: fix rtnl notifications on iface deletion
net: mv643xx_eth: fix packet corruption with TSO and tiny unaligned packets.
regulator: core: Rely on regulator_dev_release to free constraints
net: dsa: mv88e6xxx: fix port VLAN maps
at803x: fix reset handling
cxl: Fix DAR check & use REGION_ID instead of opencoding
net: ethernet: davinci_emac: Fix platform_data overwrite
ata: sata_dwc_460ex: remove incorrect locking
pinctrl: tegra: Correctly check the supported configuration
brcmfmac: add fallback for devices that do not report per-chain values
brcmfmac: restore stopping netdev queue when bus clogs up
bridge: Fix problems around fdb entries pointing to the bridge device
bna: add missing per queue ethtool stat
net: skbuff: Remove errornous length validation in skb_vlan_pop()
net: ep93xx_eth: Do not crash unloading module
macvlan: Fix potential use-after free for broadcasts
sctp: Fix SHUTDOWN CTSN Ack in the peer restart case
ALSA: hda: Match both PCI ID and SSID for driver blacklist
mac80211: add ieee80211_is_any_nullfunc()
Linux 4.4.223
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ie7caca39501fe5e82b947964cc474ed1c786d756
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit 23fd537c9508fb6e3b93ddf23982f51afc087781 upstream.
Always unmap all SG entries as required by DMA API
Fixes: a698908d3b3b ("usb: gadget: add generic map/unmap request utilities")
Cc: <stable@vger.kernel.org> # v3.4+
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit 1d23d16a88e6c8143b07339435ba061b131ebb8c upstream.
The above commit reordered spin_lock/unlock and now `&dev->lock' is acquired
(rather than released) before calling `dev->driver->disconnect',
`dev->driver->setup', `dev->driver->suspend', `usb_gadget_giveback_request', and
`usb_gadget_udc_reset'.
But this *may* not be the right way to fix the problem pointed by d3cb25a12138.
Note that the other usb/gadget/udc drivers do release the lock before calling
these functions. There are also inconsistencies within pch_udc.c, where
`dev->driver->disconnect' is called while holding `&dev->lock' in lines 613 and
1184, but not in line 2739.
Finally, commit d3cb25a12138 may have introduced several potential deadlocks.
For instance, EBA (https://github.com/models-team/eba) reports:
Double lock in drivers/usb/gadget/udc/pch_udc.c
first at 2791: spin_lock(& dev->lock); [pch_udc_isr]
second at 2694: spin_lock(& dev->lock); [pch_udc_svc_cfg_interrupt]
after calling from 2793: pch_udc_dev_isr(dev, dev_intr);
after calling from 2724: pch_udc_svc_cfg_interrupt(dev);
Similarly, other potential deadlocks are 2791 -> 2793 -> 2721 -> 2657; and
2791 -> 2793 -> 2711 -> 2573 -> 1499 -> 1480.
Fixes: d3cb25a12138 ("usb: gadget: udc: fix spin_lock in pch_udc")
Signed-off-by: Iago Abal <mail@iagoabal.eu>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit 6b968737c3efe7cdaa5407afec972cd7c7d3ca35 upstream.
It seems there are leftovers of some assignments which are not used
anymore. Compiler even warns us about:
drivers/usb/gadget/udc/pch_udc.c:2022:22: warning: variable ‘dev’ set \
but not used [-Wunused-but-set-variable]
drivers/usb/gadget/udc/pch_udc.c:2639:9: warning: variable ‘ret’ set \
but not used [-Wunused-but-set-variable]
Remove them and shut compiler about.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit 0561f77e2db9e72dc32e4f82b56fca8ba6b31171 upstream.
Correct attribute name is port_num not num.
Fixes: ea6bd6b ("usb-gadget/f_acm: use per-attribute show and store methods")
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Signed-off-by: Felipe Balbi <balbi@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| |\ \ \ \
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
https://source.codeaurora.org/quic/la/kernel/msm-4.4 into lineage-17.1-caf-msm8998
* tag 'LA.UM.8.4.r1-05500-8x98.0' of https://source.codeaurora.org/quic/la/kernel/msm-4.4:
ARM: convert to generated system call tables
ARM: remove indirection of asm/mach-types.h
mm/zsmalloc.c: change stat type parameter to int
msm: sde: fix mem access of sde rotator regdma ram
soc: qcom: Fix strlcpy compilation error with clang
sysmon-qmi: Fix compilation error while using LLVM
mm/zsmalloc.c: fix -Wunneeded-internal-declaration warning
sched/sysctl: Fix attributes of some extern declarations
ion: Fix typecasting of msm_ion_heap_types
soc: qcom: glink_debugfs: Fix compilation error with clang
msm: ipa3: Fix compilation errors after enabling LLVM
msm: ipa: Fix assignment warning with clang
mmc: host: sdhci-msm-ice: Fix clang warning with NOT operator usage
driver : Fix warnings and errors with llvm
soc: qcom: access smp2p_smem structure with I/O function
Makefile: Disable undefined-optimized and tautological features
ANDROID_BUILD_TOP is deprecated.
AndroidKernel: Update the LLVM path
AndroidKernel: Add configuration for the LLVM path
AndroidKernel: Add LLVM support for Kernel
drivers: hwmon: Fix compilation errors in ADC for kernel 4.9
msm: camera: Fix warnings and errors with llvm
f_qc_rndis: Remove unused structure
crypto: qcedev: Fix out of memory issue
crypto: msm: update QTI crypto drivers for msm-4.4
fbdev: msm: wait for frame complete before triggering dma cmd
msm: mdss: hdmi: don't reset CEC while triggering message send
fbdev: msm: Fix race condition during te_irq calls
msm: camera: Fix OOB issue in IR CUT driver
Change-Id: Ib371d4baa8840eabda4bd825d3abcd86e79d5c7a
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Remove unused structure definition to fix
unneeded-internal-declaration error with clang.
Change-Id: I5edc8b48083bb474bb31c070bceea31e0b4f639b
Signed-off-by: Naitik Bharadiya <bharad@codeaurora.org>
Signed-off-by: Swetha Chikkaboraiah <schikk@codeaurora.org>
|
| |\ \ \ \
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
https://android.googlesource.com/kernel/common into lineage-17.1-caf-msm8998
This brings LA.UM.8.4.r1-05400-8x98.0 up to date with
https://android.googlesource.com/kernel/common/ android-4.4-p at commit:
96b09cba55905 UPSTREAM: net: socket: set sock->sk to NULL after calling proto_ops::release()
Conflicts:
drivers/scsi/ufs/ufshcd.c
drivers/usb/gadget/composite.c
drivers/usb/gadget/function/f_fs.c
Change-Id: I3e79c0d20e3eb3246a50c9a1e815cdf030a4232e
|
| | |\ \ \
| | | |/
| | |/|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Changes in 4.4.221
ext4: fix extent_status fragmentation for plain files
ALSA: hda - Fix incorrect usage of IS_REACHABLE()
net: ipv4: emulate READ_ONCE() on ->hdrincl bit-field in raw_sendmsg()
net: ipv4: avoid unused variable warning for sysctl
crypto: mxs-dcp - make symbols 'sha1_null_hash' and 'sha256_null_hash' static
vti4: removed duplicate log message.
scsi: lpfc: Fix kasan slab-out-of-bounds error in lpfc_unreg_login
ceph: return ceph_mdsc_do_request() errors from __get_parent()
ceph: don't skip updating wanted caps when cap is stale
pwm: rcar: Fix late Runtime PM enablement
scsi: iscsi: Report unbind session event when the target has been removed
ASoC: Intel: atom: Take the drv->lock mutex before calling sst_send_slot_map()
kernel/gcov/fs.c: gcov_seq_next() should increase position index
ipc/util.c: sysvipc_find_ipc() should increase position index
s390/cio: avoid duplicated 'ADD' uevents
pwm: renesas-tpu: Fix late Runtime PM enablement
pwm: bcm2835: Dynamically allocate base
ipv6: fix restrict IPV6_ADDRFORM operation
macvlan: fix null dereference in macvlan_device_event()
net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node
net/x25: Fix x25_neigh refcnt leak when receiving frame
tcp: cache line align MAX_TCP_HEADER
team: fix hang in team_mode_get()
xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish
ALSA: hda: Remove ASUS ROG Zenith from the blacklist
iio: xilinx-xadc: Fix ADC-B powerdown
iio: xilinx-xadc: Fix clearing interrupt when enabling trigger
iio: xilinx-xadc: Fix sequencer configuration for aux channels in simultaneous mode
fs/namespace.c: fix mountpoint reference counter race
USB: sisusbvga: Change port variable from signed to unsigned
USB: Add USB_QUIRK_DELAY_CTRL_MSG and USB_QUIRK_DELAY_INIT for Corsair K70 RGB RAPIDFIRE
drivers: usb: core: Don't disable irqs in usb_sg_wait() during URB submit.
drivers: usb: core: Minimize irq disabling in usb_sg_cancel()
USB: core: Fix free-while-in-use bug in the USB S-Glibrary
USB: hub: Fix handling of connect changes during sleep
ALSA: usx2y: Fix potential NULL dereference
ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif
ALSA: usb-audio: Filter out unsupported sample rates on Focusrite devices
KVM: Check validity of resolved slot when searching memslots
KVM: VMX: Enable machine check support for 32bit targets
tty: hvc: fix buffer overflow during hvc_alloc().
tty: rocket, avoid OOB access
usb-storage: Add unusual_devs entry for JMicron JMS566
audit: check the length of userspace generated audit records
ASoC: dapm: fixup dapm kcontrol widget
ARM: imx: provide v7_cpu_resume() only on ARM_CPU_SUSPEND=y
staging: comedi: dt2815: fix writing hi byte of analog output
staging: comedi: Fix comedi_device refcnt leak in comedi_open
staging: vt6656: Fix drivers TBTT timing counter.
staging: vt6656: Power save stop wake_up_count wrap around.
UAS: no use logging any details in case of ENODEV
UAS: fix deadlock in error handling and PM flushing work
usb: f_fs: Clear OS Extended descriptor counts to zero in ffs_data_reset()
remoteproc: Fix wrong rvring index computation
sctp: use right member as the param of list_for_each_entry
fuse: fix possibly missed wake-up after abort
mtd: cfi: fix deadloop in cfi_cmdset_0002.c do_write_buffer
usb: gadget: udc: bdc: Remove unnecessary NULL checks in bdc_req_complete
net/cxgb4: Check the return from t4_query_params properly
perf/core: fix parent pid/tid in task exit events
bpf, x86: Fix encoding for lower 8-bit registers in BPF_STX BPF_B
scsi: target: fix PR IN / READ FULL STATUS for FC
xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status
ext4: convert BUG_ON's to WARN_ON's in mballoc.c
ext4: avoid declaring fs inconsistent due to invalid file handles
ext4: protect journal inode's blocks using block_validity
ext4: don't perform block validity checks on the journal inode
ext4: fix block validity checks for journal inodes using indirect blocks
ext4: unsigned int compared against zero
propagate_one(): mnt_set_mountpoint() needs mount_lock
Linux 4.4.221
Change-Id: I95cadd4206a7c89541de002faacea3a28e7b1ac3
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit 09b04abb70f096333bef6bc95fa600b662e7ee13 upstream.
When building with Clang + -Wtautological-pointer-compare:
drivers/usb/gadget/udc/bdc/bdc_ep.c:543:28: warning: comparison of
address of 'req->queue' equal to a null pointer is always false
[-Wtautological-pointer-compare]
if (req == NULL || &req->queue == NULL || &req->usb_req == NULL)
~~~~~^~~~~ ~~~~
drivers/usb/gadget/udc/bdc/bdc_ep.c:543:51: warning: comparison of
address of 'req->usb_req' equal to a null pointer is always false
[-Wtautological-pointer-compare]
if (req == NULL || &req->queue == NULL || &req->usb_req == NULL)
~~~~~^~~~~~~ ~~~~
2 warnings generated.
As it notes, these statements will always evaluate to false so remove
them.
Fixes: efed421a94e6 ("usb: gadget: Add UDC driver for Broadcom USB3.0 device controller IP BDC")
Link: https://github.com/ClangBuiltLinux/linux/issues/749
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Felipe Balbi <balbi@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit 1c2e54fbf1da5e5445a0ab132c862b02ccd8d230 upstream.
For userspace functions using OS Descriptors, if a function also supplies
Extended Property descriptors currently the counts and lengths stored in
the ms_os_descs_ext_prop_{count,name_len,data_len} variables are not
getting reset to 0 during an unbind or when the epfiles are closed. If
the same function is re-bound and the descriptors are re-written, this
results in those count/length variables to monotonically increase
causing the VLA allocation in _ffs_func_bind() to grow larger and larger
at each bind/unbind cycle and eventually fail to allocate.
Fix this by clearing the ms_os_descs_ext_prop count & lengths to 0 in
ffs_data_reset().
Fixes: f0175ab51993 ("usb: gadget: f_fs: OS descriptors support")
Cc: stable@vger.kernel.org
Signed-off-by: Udipto Goswami <ugoswami@codeaurora.org>
Signed-off-by: Sriharsha Allenki <sallenki@codeaurora.org>
Reviewed-by: Manu Gautam <mgautam@codeaurora.org>
Link: https://lore.kernel.org/r/20200402044521.9312-1-sallenki@codeaurora.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit f6cc6093a729ede1ff5658b493237c42b82ba107 upstream.
A SCSI error handler and block runtime PM must not allocate
memory with GFP_KERNEL. Furthermore they must not wait for
tasks allocating memory with GFP_KERNEL.
That means that they cannot share a workqueue with arbitrary tasks.
Fix this for UAS using a private workqueue.
Signed-off-by: Oliver Neukum <oneukum@suse.com>
Fixes: f9dc024a2da1f ("uas: pre_reset and suspend: Fix a few races")
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200415141750.811-2-oneukum@suse.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit 5963dec98dc52d52476390485f07a29c30c6a582 upstream.
Once a device is gone, the internal state does not matter anymore.
There is no need to spam the logs.
Signed-off-by: Oliver Neukum <oneukum@suse.com>
Cc: stable <stable@vger.kernel.org>
Fixes: 326349f824619 ("uas: add dead request list")
Link: https://lore.kernel.org/r/20200415141750.811-1-oneukum@suse.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit 94f9c8c3c404ee1f7aaff81ad4f24aec4e34a78b upstream.
Cyril Roelandt reports that his JMicron JMS566 USB-SATA bridge fails
to handle WRITE commands with the FUA bit set, even though it claims
to support FUA. (Oddly enough, a later version of the same bridge,
version 2.03 as opposed to 1.14, doesn't claim to support FUA. Also
oddly, the bridge _does_ support FUA when using the UAS transport
instead of the Bulk-Only transport -- but this device was blacklisted
for uas in commit bc3bdb12bbb3 ("usb-storage: Disable UAS on JMicron
SATA enclosure") for apparently unrelated reasons.)
This patch adds a usb-storage unusual_devs entry with the BROKEN_FUA
flag. This allows the bridge to work properly with usb-storage.
Reported-and-tested-by: Cyril Roelandt <tipecaml@gmail.com>
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
CC: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/Pine.LNX.4.44L0.2004221613110.11262-100000@iolanthe.rowland.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit 9f952e26295d977dbfc6fedeaf8c4f112c818d37 upstream.
Commit 8099f58f1ecd ("USB: hub: Don't record a connect-change event
during reset-resume") wasn't very well conceived. The problem it
tried to fix was that if a connect-change event occurred while the
system was asleep (such as a device disconnecting itself from the bus
when it is suspended and then reconnecting when it resumes)
requiring a reset-resume during the system wakeup transition, the hub
port's change_bit entry would remain set afterward. This would cause
the hub driver to believe another connect-change event had occurred
after the reset-resume, which was wrong and would lead the driver to
send unnecessary requests to the device (which could interfere with a
firmware update).
The commit tried to fix this by not setting the change_bit during the
wakeup. But this was the wrong thing to do; it means that when a
device is unplugged while the system is asleep, the hub driver doesn't
realize anything has happened: The change_bit flag which would tell it
to handle the disconnect event is clear.
The commit needs to be reverted and the problem fixed in a different
way. Fortunately an alternative solution was noted in the commit's
Changelog: We can continue to set the change_bit entry in
hub_activate() but then clear it when a reset-resume occurs. That way
the the hub driver will see the change_bit when a device is
disconnected but won't see it when the device is still present.
That's what this patch does.
Reported-and-tested-by: Peter Chen <peter.chen@nxp.com>
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Fixes: 8099f58f1ecd ("USB: hub: Don't record a connect-change event during reset-resume")
Tested-by: Paul Zimmerman <pauldzim@gmail.com>
CC: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/Pine.LNX.4.44L0.2004221602480.11262-100000@iolanthe.rowland.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit 056ad39ee9253873522f6469c3364964a322912b upstream.
FuzzUSB (a variant of syzkaller) found a free-while-still-in-use bug
in the USB scatter-gather library:
BUG: KASAN: use-after-free in atomic_read
include/asm-generic/atomic-instrumented.h:26 [inline]
BUG: KASAN: use-after-free in usb_hcd_unlink_urb+0x5f/0x170
drivers/usb/core/hcd.c:1607
Read of size 4 at addr ffff888065379610 by task kworker/u4:1/27
CPU: 1 PID: 27 Comm: kworker/u4:1 Not tainted 5.5.11 #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
1.10.2-1ubuntu1 04/01/2014
Workqueue: scsi_tmf_2 scmd_eh_abort_handler
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0xce/0x128 lib/dump_stack.c:118
print_address_description.constprop.4+0x21/0x3c0 mm/kasan/report.c:374
__kasan_report+0x153/0x1cb mm/kasan/report.c:506
kasan_report+0x12/0x20 mm/kasan/common.c:639
check_memory_region_inline mm/kasan/generic.c:185 [inline]
check_memory_region+0x152/0x1b0 mm/kasan/generic.c:192
__kasan_check_read+0x11/0x20 mm/kasan/common.c:95
atomic_read include/asm-generic/atomic-instrumented.h:26 [inline]
usb_hcd_unlink_urb+0x5f/0x170 drivers/usb/core/hcd.c:1607
usb_unlink_urb+0x72/0xb0 drivers/usb/core/urb.c:657
usb_sg_cancel+0x14e/0x290 drivers/usb/core/message.c:602
usb_stor_stop_transport+0x5e/0xa0 drivers/usb/storage/transport.c:937
This bug occurs when cancellation of the S-G transfer races with
transfer completion. When that happens, usb_sg_cancel() may continue
to access the transfer's URBs after usb_sg_wait() has freed them.
The bug is caused by the fact that usb_sg_cancel() does not take any
sort of reference to the transfer, and so there is nothing to prevent
the URBs from being deallocated while the routine is trying to use
them. The fix is to take such a reference by incrementing the
transfer's io->count field while the cancellation is in progres and
decrementing it afterward. The transfer's URBs are not deallocated
until io->complete is triggered, which happens when io->count reaches
zero.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-and-tested-by: Kyungtae Kim <kt0755@gmail.com>
CC: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/Pine.LNX.4.44L0.2003281615140.14837-100000@netrider.rowland.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit 5f2e5fb873e269fcb806165715d237f0de4ecf1d upstream.
Restructure usb_sg_cancel() so we don't have to disable interrupts
while cancelling the URBs.
Suggested-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: David Mosberger <davidm@egauge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit 98b74b0ee57af1bcb6e8b2e76e707a71c5ef8ec9 upstream.
usb_submit_urb() may take quite long to execute. For example, a
single sg list may have 30 or more entries, possibly leading to that
many calls to DMA-map pages. This can cause interrupt latency of
several hundred micro-seconds.
Avoid the problem by releasing the io->lock spinlock and re-enabling
interrupts before calling usb_submit_urb(). This opens races with
usb_sg_cancel() and sg_complete(). Handle those races by using
usb_block_urb() to stop URBs from being submitted after
usb_sg_cancel() or sg_complete() with error.
Note that usb_unlink_urb() is guaranteed to return -ENODEV if
!io->urbs[i]->dev and since the -ENODEV case is already handled,
we don't have to check for !io->urbs[i]->dev explicitly.
Before this change, reading 512MB from an ext3 filesystem on a USB
memory stick showed a throughput of 12 MB/s with about 500 missed
deadlines.
With this change, reading the same file gave the same throughput but
only one or two missed deadlines.
Signed-off-by: David Mosberger <davidm@egauge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
RGB RAPIDFIRE
commit be34a5854b4606bd7a160ad3cb43415d623596c7 upstream.
The Corsair K70 RGB RAPIDFIRE needs the USB_QUIRK_DELAY_INIT and
USB_QUIRK_DELAY_CTRL_MSG to function or it will randomly not
respond on boot, just like other Corsair keyboards
Signed-off-by: Jonathan Cox <jonathan@jdcox.net>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200410212427.2886-1-jonathan@jdcox.net
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit 2df7405f79ce1674d73c2786fe1a8727c905d65b upstream.
Change a bunch of arguments of wrapper functions which pass signed
integer to an unsigned integer which might cause undefined behaviors
when sign integer overflow.
Signed-off-by: Changming Liu <liu.changm@northeastern.edu>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/BL0PR06MB45482D71EA822D75A0E60A2EE5D50@BL0PR06MB4548.namprd06.prod.outlook.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | |\| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Changes in 4.4.220
bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads
net: vxge: fix wrong __VA_ARGS__ usage
qlcnic: Fix bad kzalloc null test
i2c: st: fix missing struct parameter description
irqchip/versatile-fpga: Handle chained IRQs properly
selftests/x86/ptrace_syscall_32: Fix no-vDSO segfault
libata: Remove extra scsi_host_put() in ata_scsi_add_hosts()
gfs2: Don't demote a glock until its revokes are written
x86/boot: Use unsigned comparison for addresses
locking/lockdep: Avoid recursion in lockdep_count_{for,back}ward_deps()
btrfs: remove a BUG_ON() from merge_reloc_roots()
btrfs: track reloc roots based on their commit root bytenr
misc: rtsx: set correct pcr_ops for rts522A
ASoC: fix regwmask
ASoC: dapm: connect virtual mux with default value
ASoC: dpcm: allow start or stop during pause for backend
ASoC: topology: use name_prefix for new kcontrol
usb: gadget: f_fs: Fix use after free issue as part of queue failure
usb: gadget: composite: Inform controller driver of self-powered
ALSA: usb-audio: Add mixer workaround for TRX40 and co
ALSA: hda: Add driver blacklist
ALSA: hda: Fix potential access overflow in beep helper
ALSA: ice1724: Fix invalid access for enumerated ctl items
ALSA: pcm: oss: Fix regression by buffer overflow fix
acpi/x86: ignore unspecified bit positions in the ACPI global lock field
thermal: devfreq_cooling: inline all stubs for CONFIG_DEVFREQ_THERMAL=n
KEYS: reaching the keys quotas correctly
irqchip/versatile-fpga: Apply clear-mask earlier
MIPS: OCTEON: irq: Fix potential NULL pointer dereference
ath9k: Handle txpower changes even when TPC is disabled
signal: Extend exec_id to 64bits
x86/entry/32: Add missing ASM_CLAC to general_protection entry
KVM: x86: Allocate new rmap and large page tracking when moving memslot
crypto: mxs-dcp - fix scatterlist linearization for hash
futex: futex_wake_op, do not fail on invalid op
xen-netfront: Rework the fix for Rx stall during OOM and network stress
ALSA: hda: Initialize power_state field properly
Btrfs: incremental send, fix invalid memory access
IB/ipoib: Fix lockdep issue found on ipoib_ib_dev_heavy_flush
scsi: zfcp: fix missing erp_lock in port recovery trigger for point-to-point
arm64: armv8_deprecated: Fix undef_hook mask for thumb setend
ext4: fix a data race at inode->i_blocks
ocfs2: no need try to truncate file beyond i_size
s390/diag: fix display of diagnose call statistics
Input: i8042 - add Acer Aspire 5738z to nomux list
kmod: make request_module() return an error when autoloading is disabled
hfsplus: fix crash and filesystem corruption when deleting files
libata: Return correct status in sata_pmp_eh_recover_pm() when ATA_DFLAG_DETACH is set
powerpc/64/tm: Don't let userspace set regs->trap via sigreturn
Btrfs: fix crash during unmount due to race with delayed inode workers
drm/dp_mst: Fix clearing payload state on topology disable
ipmi: fix hung processes in __get_guid()
powerpc/fsl_booke: Avoid creating duplicate tlb1 entry
misc: echo: Remove unnecessary parentheses and simplify check for zero
mfd: dln2: Fix sanity checking for endpoints
net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin
net: ipv6: do not consider routes via gateways for anycast address check
scsi: ufs: Fix ufshcd_hold() caused scheduling while atomic
jbd2: improve comments about freeing data buffers whose page mapping is NULL
ext4: fix incorrect group count in ext4_fill_super error message
ext4: fix incorrect inodes per group in error message
ASoC: Intel: mrfld: fix incorrect check on p->sink
ASoC: Intel: mrfld: return error codes when an error occurs
ALSA: usb-audio: Don't override ignore_ctl_error value from the map
mac80211_hwsim: Use kstrndup() in place of kasprintf()
ext4: do not zeroout extents beyond i_disksize
dm flakey: check for null arg_name in parse_features()
kvm: x86: Host feature SSBD doesn't imply guest feature SPEC_CTRL_SSBD
x86/mitigations: Clear CPU buffers on the SYSCALL fast path
tracing: Fix the race between registering 'snapshot' event trigger and triggering 'snapshot' operation
scsi: sg: add sg_remove_request in sg_common_write
ALSA: hda: Don't release card at firmware loading error
video: fbdev: sis: Remove unnecessary parentheses and commented code
drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem
wil6210: increase firmware ready timeout
wil6210: fix temperature debugfs
scsi: ufs: ufs-qcom: remove broken hci version quirk
wil6210: rate limit wil_rx_refill error
rtc: pm8xxx: Fix issue in RTC write path
soc: qcom: smem: Use le32_to_cpu for comparison
of: fix missing kobject init for !SYSFS && OF_DYNAMIC config
of: unittest: kmemleak in of_unittest_platform_populate()
clk: at91: usb: continue if clk_hw_round_rate() return zero
clk: tegra: Fix Tegra PMC clock out parents
NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails
ext4: do not commit super on read-only bdev
percpu_counter: fix a data race at vm_committed_as
compiler.h: fix error in BUILD_BUG_ON() reporting
NFS: Fix memory leaks in nfs_pageio_stop_mirroring()
ext2: fix empty body warnings when -Wextra is used
iommu/amd: Fix the configuration of GCR3 table root pointer
fbdev: potential information leak in do_fb_ioctl()
tty: evh_bytechan: Fix out of bounds accesses
locktorture: Print ratio of acquisitions, not failures
mtd: lpddr: Fix a double free in probe()
mtd: phram: fix a double free issue in error path
x86/CPU: Add native CPUID variants returning a single datum
x86/microcode/intel: replace sync_core() with native_cpuid_reg(eax)
x86/vdso: Fix lsl operand order
Linux 4.4.220
Change-Id: Ic931642c95ad95eb2755c3c20f6802e04283e68b
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit 5e5caf4fa8d3039140b4548b6ab23dd17fce9b2c upstream.
Different configuration/condition may draw different power. Inform the
controller driver of the change so it can respond properly (e.g.
GET_STATUS request). This fixes an issue with setting MaxPower from
configfs. The composite driver doesn't check this value when setting
self-powered.
Cc: stable@vger.kernel.org
Fixes: 88af8bbe4ef7 ("usb: gadget: the start of the configfs interface")
Signed-off-by: Thinh Nguyen <thinhn@synopsys.com>
Signed-off-by: Felipe Balbi <balbi@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
