| Commit message (Collapse) | Author | Age |
|---|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
lineage-18.1-caf-msm8998
* google/common/android-4.4-p:
Linux 4.4.302
Input: i8042 - Fix misplaced backport of "add ASUS Zenbook Flip to noselftest list"
KVM: x86: Fix misplaced backport of "work around leak of uninitialized stack contents"
Revert "tc358743: fix register i2c_rd/wr function fix"
Revert "drm/radeon/ci: disable mclk switching for high refresh rates (v2)"
Bluetooth: MGMT: Fix misplaced BT_HS check
ipv4: tcp: send zero IPID in SYNACK messages
ipv4: raw: lock the socket in raw_bind()
hwmon: (lm90) Reduce maximum conversion rate for G781
drm/msm: Fix wrong size calculation
net-procfs: show net devices bound packet types
ipv4: avoid using shared IP generator for connected sockets
net: fix information leakage in /proc/net/ptype
ipv6_tunnel: Rate limit warning messages
scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put()
USB: core: Fix hang in usb_kill_urb by adding memory barriers
usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge
tty: Add support for Brainboxes UC cards.
tty: n_gsm: fix SW flow control encoding/handling
serial: stm32: fix software flow control transfer
PM: wakeup: simplify the output logic of pm_show_wakelocks()
udf: Fix NULL ptr deref when converting from inline format
udf: Restore i_lenAlloc when inode expansion fails
scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices
s390/hypfs: include z/VM guests with access control group set
Bluetooth: refactor malicious adv data check
can: bcm: fix UAF of bcm op
Linux 4.4.301
drm/i915: Flush TLBs before releasing backing store
Linux 4.4.300
lib82596: Fix IRQ check in sni_82596_probe
bcmgenet: add WOL IRQ check
net_sched: restore "mpu xxx" handling
dmaengine: at_xdmac: Fix at_xdmac_lld struct definition
dmaengine: at_xdmac: Fix lld view setting
dmaengine: at_xdmac: Print debug message after realeasing the lock
dmaengine: at_xdmac: Don't start transactions at tx_submit level
netns: add schedule point in ops_exit_list()
net: axienet: fix number of TX ring slots for available check
net: axienet: Wait for PhyRstCmplt after core reset
af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress
parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries
net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module
powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses
ext4: don't use the orphan list when migrating an inode
ext4: Fix BUG_ON in ext4_bread when write quota data
ext4: set csum seed in tmp inode while migrating to extents
ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers
power: bq25890: Enable continuous conversion for ADC at charging
scsi: sr: Don't use GFP_DMA
MIPS: Octeon: Fix build errors using clang
i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters
ALSA: seq: Set upper limit of processed events
w1: Misuse of get_user()/put_user() reported by sparse
i2c: mpc: Correct I2C reset procedure
powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING
i2c: i801: Don't silently correct invalid transfer size
powerpc/btext: add missing of_node_put
powerpc/cell: add missing of_node_put
powerpc/powernv: add missing of_node_put
powerpc/6xx: add missing of_node_put
parisc: Avoid calling faulthandler_disabled() twice
serial: core: Keep mctrl register state and cached copy in sync
serial: pl010: Drop CR register reset on set_termios
dm space map common: add bounds check to sm_ll_lookup_bitmap()
dm btree: add a defensive bounds check to insert_at()
net: mdio: Demote probed message to debug print
btrfs: remove BUG_ON(!eie) in find_parent_nodes
btrfs: remove BUG_ON() in find_parent_nodes()
ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R()
ACPICA: Utilities: Avoid deleting the same object twice in a row
um: registers: Rename function names to avoid conflicts and build problems
ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream
usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0
media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach()
media: igorplugusb: receiver overflow should be reported
net: bonding: debug: avoid printing debug logs when bond is not notifying peers
iwlwifi: mvm: synchronize with FW after multicast commands
media: m920x: don't use stack on USB reads
media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach()
floppy: Add max size check for user space request
mwifiex: Fix skb_over_panic in mwifiex_usb_recv()
HSI: core: Fix return freed object in hsi_new_client
media: b2c2: Add missing check in flexcop_pci_isr:
usb: gadget: f_fs: Use stream_open() for endpoint files
ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply
fs: dlm: filter user dlm messages for kernel locks
Bluetooth: Fix debugfs entry leak in hci_register_dev()
RDMA/cxgb4: Set queue pair state when being queried
mips: bcm63xx: add support for clk_set_parent()
mips: lantiq: add support for clk_set_parent()
misc: lattice-ecp3-config: Fix task hung when firmware load failed
ASoC: samsung: idma: Check of ioremap return value
dmaengine: pxa/mmp: stop referencing config->slave_id
RDMA/core: Let ib_find_gid() continue search even after empty entry
char/mwave: Adjust io port register size
ALSA: oss: fix compile error when OSS_DEBUG is enabled
powerpc/prom_init: Fix improper check of prom_getprop()
ALSA: hda: Add missing rwsem around snd_ctl_remove() calls
ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls
ALSA: jack: Add missing rwsem around snd_ctl_remove() calls
ext4: avoid trim error on fs with small groups
net: mcs7830: handle usb read errors properly
pcmcia: fix setting of kthread task states
can: xilinx_can: xcan_probe(): check for error irq
can: softing: softing_startstop(): fix set but not used variable warning
spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe
ppp: ensure minimum packet size in ppp_write()
pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region()
pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region()
usb: ftdi-elan: fix memory leak on device disconnect
media: msi001: fix possible null-ptr-deref in msi001_probe()
media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach()
media: dib8000: Fix a memleak in dib8000_init()
floppy: Fix hang in watchdog when disk is ejected
serial: amba-pl011: do not request memory region twice
drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode()
arm64: dts: qcom: msm8916: fix MMC controller aliases
netfilter: bridge: add support for pppoe filtering
tty: serial: atmel: Call dma_async_issue_pending()
tty: serial: atmel: Check return code of dmaengine_submit()
crypto: qce - fix uaf on qce_ahash_register_one
Bluetooth: stop proccessing malicious adv data
Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails
PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller
can: softing_cs: softingcs_probe(): fix memleak on registration failure
media: stk1160: fix control-message timeouts
media: pvrusb2: fix control-message timeouts
media: dib0700: fix undefined behavior in tuner shutdown
media: em28xx: fix control-message timeouts
media: mceusb: fix control-message timeouts
rtc: cmos: take rtc_lock while reading from CMOS
nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind()
HID: uhid: Fix worker destroying device without any protection
rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled
media: uvcvideo: fix division by zero at stream start
drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk()
can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved}
can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data
mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe()
USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status
USB: core: Fix bug in resuming hub's handling of wakeup requests
Bluetooth: bfusb: fix division by zero in send path
Linux 4.4.299
power: reset: ltc2952: Fix use of floating point literals
mISDN: change function names to avoid conflicts
net: udp: fix alignment problem in udp4_seq_show()
ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate
scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown()
phonet: refcount leak in pep_sock_accep
rndis_host: support Hytera digital radios
xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate
sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc
i40e: Fix incorrect netdev's real number of RX/TX queues
mac80211: initialize variable have_higher_than_11mbit
ieee802154: atusb: fix uninit value in atusb_set_extended_addr
Bluetooth: btusb: Apply QCA Rome patches for some ATH3012 models
bpf, test: fix ld_abs + vlan push/pop stress test
Linux 4.4.298
net: fix use-after-free in tw_timer_handler
Input: spaceball - fix parsing of movement data packets
Input: appletouch - initialize work before device registration
scsi: vmw_pvscsi: Set residual data length conditionally
usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear.
xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set.
uapi: fix linux/nfc.h userspace compilation errors
nfc: uapi: use kernel size_t to fix user-space builds
selinux: initialize proto variable in selinux_ip_postroute_compat()
recordmcount.pl: fix typo in s390 mcount regex
platform/x86: apple-gmux: use resource_size() with res
Linux 4.4.297
phonet/pep: refuse to enable an unbound pipe
hamradio: improve the incomplete fix to avoid NPD
hamradio: defer ax25 kfree after unregister_netdev
ax25: NPD bug when detaching AX25 device
xen/blkfront: fix bug in backported patch
ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling
ALSA: drivers: opl3: Fix incorrect use of vp->state
ALSA: jack: Check the return value of kstrdup()
hwmon: (lm90) Fix usage of CONFIG2 register in detect function
drivers: net: smc911x: Check for error irq
bonding: fix ad_actor_system option setting to default
qlcnic: potential dereference null pointer of rx_queue->page_ring
IB/qib: Fix memory leak in qib_user_sdma_queue_pkts()
HID: holtek: fix mouse probing
can: kvaser_usb: get CAN clock frequency from device
net: usb: lan78xx: add Allied Telesis AT29M2-AF
Conflicts:
drivers/usb/gadget/function/f_fs.c
Change-Id: Iabc390c3c9160c7a2864ffe1125d73412ffdb31d
|
| | |\
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changes in 4.4.302
can: bcm: fix UAF of bcm op
Bluetooth: refactor malicious adv data check
s390/hypfs: include z/VM guests with access control group set
scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices
udf: Restore i_lenAlloc when inode expansion fails
udf: Fix NULL ptr deref when converting from inline format
PM: wakeup: simplify the output logic of pm_show_wakelocks()
serial: stm32: fix software flow control transfer
tty: n_gsm: fix SW flow control encoding/handling
tty: Add support for Brainboxes UC cards.
usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge
USB: core: Fix hang in usb_kill_urb by adding memory barriers
scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put()
ipv6_tunnel: Rate limit warning messages
net: fix information leakage in /proc/net/ptype
ipv4: avoid using shared IP generator for connected sockets
net-procfs: show net devices bound packet types
drm/msm: Fix wrong size calculation
hwmon: (lm90) Reduce maximum conversion rate for G781
ipv4: raw: lock the socket in raw_bind()
ipv4: tcp: send zero IPID in SYNACK messages
Bluetooth: MGMT: Fix misplaced BT_HS check
Revert "drm/radeon/ci: disable mclk switching for high refresh rates (v2)"
Revert "tc358743: fix register i2c_rd/wr function fix"
KVM: x86: Fix misplaced backport of "work around leak of uninitialized stack contents"
Input: i8042 - Fix misplaced backport of "add ASUS Zenbook Flip to noselftest list"
Linux 4.4.302
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I5191d3cb4df0fa8de60170d2fedf4a3c51380fdf
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This reverts commit 0157e2a8a71978c58a7d6cfb3616ab17d9726631.
The reverted commit was backported and applied twice on the stable branch:
- First as commit 15de2e4c90b7 ("drm/radeon/ci: disable mclk switching for
high refresh rates (v2)")
- Then as commit 0157e2a8a719 ("drm/radeon/ci: disable mclk switching for
high refresh rates (v2)")
Fixes: 0157e2a8a719 ("drm/radeon/ci: disable mclk switching for high refresh rates (v2)")
Signed-off-by: Guillaume Bertholon <guillaume.bertholon@ens.fr>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
commit 0a727b459ee39bd4c5ced19d6024258ac87b6b2e upstream.
For example, memory-region in .dts as below,
reg = <0x0 0x50000000 0x0 0x20000000>
We can get below values,
struct resource r;
r.start = 0x50000000;
r.end = 0x6fffffff;
So the size should be:
size = r.end - r.start + 1 = 0x20000000
Signed-off-by: Xianting Tian <xianting.tian@linux.alibaba.com>
Fixes: 072f1f9168ed ("drm/msm: add support for "stolen" mem")
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Link: https://lore.kernel.org/r/20220112123334.749776-1-xianting.tian@linux.alibaba.com
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | |\|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changes in 4.4.301
drm/i915: Flush TLBs before releasing backing store
Linux 4.4.301
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ie74431119127690978d80e426ae709929eb01d45
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
commit 7938d61591d33394a21bdd7797a245b65428f44c upstream.
We need to flush TLBs before releasing backing store otherwise userspace
is able to encounter stale entries if a) it is not declaring access to
certain buffers and b) it races with the backing store release from a
such undeclared execution already executing on the GPU in parallel.
The approach taken is to mark any buffer objects which were ever bound
to the GPU and to trigger a serialized TLB flush when their backing
store is released.
Alternatively the flushing could be done on VMA unbind, at which point
we would be able to ascertain whether there is potential a parallel GPU
execution (which could race), but essentially it boils down to paying
the cost of TLB flushes potentially needlessly at VMA unbind time (when
the backing store is not known to be going away so not needed for
safety), versus potentially needlessly at backing store relase time
(since we at that point cannot tell whether there is anything executing
on the GPU which uses that object).
Thereforce simplicity of implementation has been chosen for now with
scope to benchmark and refine later as required.
Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Reported-by: Sushma Venkatesh Reddy <sushma.venkatesh.reddy@intel.com>
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Acked-by: Dave Airlie <airlied@redhat.com>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: Jon Bloomfield <jon.bloomfield@intel.com>
Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
Cc: Jani Nikula <jani.nikula@intel.com>
Cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | |\|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changes in 4.4.300
Bluetooth: bfusb: fix division by zero in send path
USB: core: Fix bug in resuming hub's handling of wakeup requests
USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status
mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe()
can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data
can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved}
drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk()
media: uvcvideo: fix division by zero at stream start
rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled
HID: uhid: Fix worker destroying device without any protection
nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind()
rtc: cmos: take rtc_lock while reading from CMOS
media: mceusb: fix control-message timeouts
media: em28xx: fix control-message timeouts
media: dib0700: fix undefined behavior in tuner shutdown
media: pvrusb2: fix control-message timeouts
media: stk1160: fix control-message timeouts
can: softing_cs: softingcs_probe(): fix memleak on registration failure
PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller
Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails
Bluetooth: stop proccessing malicious adv data
crypto: qce - fix uaf on qce_ahash_register_one
tty: serial: atmel: Check return code of dmaengine_submit()
tty: serial: atmel: Call dma_async_issue_pending()
netfilter: bridge: add support for pppoe filtering
arm64: dts: qcom: msm8916: fix MMC controller aliases
drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode()
serial: amba-pl011: do not request memory region twice
floppy: Fix hang in watchdog when disk is ejected
media: dib8000: Fix a memleak in dib8000_init()
media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach()
media: msi001: fix possible null-ptr-deref in msi001_probe()
usb: ftdi-elan: fix memory leak on device disconnect
pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region()
pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region()
ppp: ensure minimum packet size in ppp_write()
spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe
can: softing: softing_startstop(): fix set but not used variable warning
can: xilinx_can: xcan_probe(): check for error irq
pcmcia: fix setting of kthread task states
net: mcs7830: handle usb read errors properly
ext4: avoid trim error on fs with small groups
ALSA: jack: Add missing rwsem around snd_ctl_remove() calls
ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls
ALSA: hda: Add missing rwsem around snd_ctl_remove() calls
powerpc/prom_init: Fix improper check of prom_getprop()
ALSA: oss: fix compile error when OSS_DEBUG is enabled
char/mwave: Adjust io port register size
RDMA/core: Let ib_find_gid() continue search even after empty entry
dmaengine: pxa/mmp: stop referencing config->slave_id
ASoC: samsung: idma: Check of ioremap return value
misc: lattice-ecp3-config: Fix task hung when firmware load failed
mips: lantiq: add support for clk_set_parent()
mips: bcm63xx: add support for clk_set_parent()
RDMA/cxgb4: Set queue pair state when being queried
Bluetooth: Fix debugfs entry leak in hci_register_dev()
fs: dlm: filter user dlm messages for kernel locks
ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply
usb: gadget: f_fs: Use stream_open() for endpoint files
media: b2c2: Add missing check in flexcop_pci_isr:
HSI: core: Fix return freed object in hsi_new_client
mwifiex: Fix skb_over_panic in mwifiex_usb_recv()
floppy: Add max size check for user space request
media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach()
media: m920x: don't use stack on USB reads
iwlwifi: mvm: synchronize with FW after multicast commands
net: bonding: debug: avoid printing debug logs when bond is not notifying peers
media: igorplugusb: receiver overflow should be reported
media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach()
usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0
ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream
um: registers: Rename function names to avoid conflicts and build problems
ACPICA: Utilities: Avoid deleting the same object twice in a row
ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R()
btrfs: remove BUG_ON() in find_parent_nodes()
btrfs: remove BUG_ON(!eie) in find_parent_nodes
net: mdio: Demote probed message to debug print
dm btree: add a defensive bounds check to insert_at()
dm space map common: add bounds check to sm_ll_lookup_bitmap()
serial: pl010: Drop CR register reset on set_termios
serial: core: Keep mctrl register state and cached copy in sync
parisc: Avoid calling faulthandler_disabled() twice
powerpc/6xx: add missing of_node_put
powerpc/powernv: add missing of_node_put
powerpc/cell: add missing of_node_put
powerpc/btext: add missing of_node_put
i2c: i801: Don't silently correct invalid transfer size
powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING
i2c: mpc: Correct I2C reset procedure
w1: Misuse of get_user()/put_user() reported by sparse
ALSA: seq: Set upper limit of processed events
i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters
MIPS: Octeon: Fix build errors using clang
scsi: sr: Don't use GFP_DMA
power: bq25890: Enable continuous conversion for ADC at charging
ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers
ext4: set csum seed in tmp inode while migrating to extents
ext4: Fix BUG_ON in ext4_bread when write quota data
ext4: don't use the orphan list when migrating an inode
powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses
net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module
parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries
af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress
net: axienet: Wait for PhyRstCmplt after core reset
net: axienet: fix number of TX ring slots for available check
netns: add schedule point in ops_exit_list()
dmaengine: at_xdmac: Don't start transactions at tx_submit level
dmaengine: at_xdmac: Print debug message after realeasing the lock
dmaengine: at_xdmac: Fix lld view setting
dmaengine: at_xdmac: Fix at_xdmac_lld struct definition
net_sched: restore "mpu xxx" handling
bcmgenet: add WOL IRQ check
lib82596: Fix IRQ check in sni_82596_probe
Linux 4.4.300
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ic6c59dd0f4ed703fff49584b3774d39e4548af4a
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[ Upstream commit b220110e4cd442156f36e1d9b4914bb9e87b0d00 ]
In amdgpu_connector_lcd_native_mode(), the return value of
drm_mode_duplicate() is assigned to mode, and there is a dereference
of it in amdgpu_connector_lcd_native_mode(), which will lead to a NULL
pointer dereference on failure of drm_mode_duplicate().
Fix this bug add a check of mode.
This bug was found by a static analyzer. The analysis employs
differential checking to identify inconsistent security operations
(e.g., checks or kfrees) between two code paths and confirms that the
inconsistent operations are not recovered in the current function or
the callers, so they constitute bugs.
Note that, as a bug found by static analysis, it can be a false
positive or hard to trigger. Multiple researchers have cross-reviewed
the bug.
Builds with CONFIG_DRM_AMDGPU=m show no new warnings, and
our static analyzer no longer warns about this code.
Fixes: d38ceaf99ed0 ("drm/amdgpu: add core driver (v4)")
Signed-off-by: Zhou Qingyang <zhou1615@umn.edu>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
commit 2e70570656adfe1c5d9a29940faa348d5f132199 upstream.
A new warning in clang points out a place in this file where a bitwise
OR is being used with boolean types:
drivers/gpu/drm/i915/intel_pm.c:3066:12: warning: use of bitwise '|' with boolean operands [-Wbitwise-instead-of-logical]
changed = ilk_increase_wm_latency(dev_priv, dev_priv->wm.pri_latency, 12) |
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This construct is intentional, as it allows every one of the calls to
ilk_increase_wm_latency() to occur (instead of short circuiting with
logical OR) while still caring about the result of each call.
To make this clearer to the compiler, use the '|=' operator to assign
the result of each ilk_increase_wm_latency() call to changed, which
keeps the meaning of the code the same but makes it obvious that every
one of these calls is expected to happen.
Link: https://github.com/ClangBuiltLinux/linux/issues/1473
Reported-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Suggested-by: Dávid Bolvanský <david.bolvansky@gmail.com>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20211014211916.3550122-1-nathan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| |\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
lineage-18.1-caf-msm8998
* common/android-4.4-p:
Linux 4.4.293
usb: max-3421: Use driver data instead of maintaining a list of bound devices
ASoC: DAPM: Cover regression by kctl change notification fix
batman-adv: Avoid WARN_ON timing related checks
batman-adv: Don't always reallocate the fragmentation skb head
batman-adv: Reserve needed_*room for fragments
batman-adv: Consider fragmentation for needed_headroom
batman-adv: set .owner to THIS_MODULE
batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh
batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh
batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN
batman-adv: Prevent duplicated softif_vlan entry
batman-adv: Fix multicast TT issues with bogus ROAM flags
batman-adv: Keep fragments equally sized
drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors
drm/udl: fix control-message timeout
cfg80211: call cfg80211_stop_ap when switch from P2P_GO type
parisc/sticon: fix reverse colors
btrfs: fix memory ordering between normal and ordered work functions
mm: kmemleak: slob: respect SLAB_NOLEAKTRACE flag
hexagon: export raw I/O routines for modules
tun: fix bonding active backup with arp monitoring
NFC: reorder the logic in nfc_{un,}register_device
NFC: reorganize the functions in nci_request
platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()'
mips: bcm63xx: add support for clk_get_parent()
net: bnx2x: fix variable dereferenced before check
sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain()
mips: BCM63XX: ensure that CPU_SUPPORTS_32BIT_KERNEL is set
sh: define __BIG_ENDIAN for math-emu
sh: fix kconfig unmet dependency warning for FRAME_POINTER
maple: fix wrong return value of maple_bus_init().
sh: check return code of request_irq
powerpc/dcr: Use cmplwi instead of 3-argument cmpli
ALSA: gus: fix null pointer dereference on pointer block
powerpc/5200: dts: fix memory node unit name
scsi: target: Fix alua_tg_pt_gps_count tracking
scsi: target: Fix ordered tag handling
MIPS: sni: Fix the build
tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc
usb: host: ohci-tmio: check return value after calling platform_get_resource()
ARM: dts: omap: fix gpmc,mux-add-data type
scsi: advansys: Fix kernel pointer leak
usb: musb: tusb6010: check return value after calling platform_get_resource()
scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()
net: batman-adv: fix error handling
PCI/MSI: Destroy sysfs before freeing entries
parisc/entry: fix trace test in syscall exit path
PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros
mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks
ARM: 9156/1: drop cc-option fallbacks for architecture selection
USB: chipidea: fix interrupt deadlock
vsock: prevent unnecessary refcnt inc for nonblocking connect
nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails
llc: fix out-of-bound array index in llc_sk_dev_hash()
bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed
net: davinci_emac: Fix interrupt pacing disable
xen-pciback: Fix return in pm_ctrl_init()
scsi: qla2xxx: Turn off target reset during issue_lip
watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT
m68k: set a default value for MEMORY_RESERVE
netfilter: nfnetlink_queue: fix OOB when mac header was cleared
dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro
RDMA/mlx4: Return missed an error if device doesn't support steering
scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn()
power: supply: rt5033_battery: Change voltage values to µV
usb: gadget: hid: fix error code in do_config()
serial: 8250_dw: Drop wrong use of ACPI_PTR()
video: fbdev: chipsfb: use memset_io() instead of memset()
memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe
JFS: fix memleak in jfs_mount
scsi: dc395: Fix error case unwinding
ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc()
crypto: pcrypt - Delay write to padata->info
libertas: Fix possible memory leak in probe and disconnect
libertas_tf: Fix possible memory leak in probe and disconnect
smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi
mwifiex: Send DELBA requests according to spec
platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning
net: stream: don't purge sk_error_queue in sk_stream_kill_queues()
drm/msm: uninitialized variable in msm_gem_import()
memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host()
memstick: avoid out-of-range warning
b43: fix a lower bounds test
b43legacy: fix a lower bounds test
crypto: qat - detect PFVF collision after ACK
ath9k: Fix potential interrupt storm on queue reset
cpuidle: Fix kobject memory leaks in error paths
media: si470x: Avoid card name truncation
media: dvb-usb: fix ununit-value in az6027_rc_query
parisc/kgdb: add kgdb_roundup() to make kgdb work with idle polling
parisc: fix warning in flush_tlb_all
ARM: 9136/1: ARMv7-M uses BE-8, not BE-32
ARM: clang: Do not rely on lr register for stacktrace
smackfs: use __GFP_NOFAIL for smk_cipso_doi()
iwlwifi: mvm: disable RX-diversity in powersave
PM: hibernate: Get block device exclusively in swsusp_check()
mwl8k: Fix use-after-free in mwl8k_fw_state_machine()
lib/xz: Validate the value before assigning it to an enum variable
lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression
memstick: r592: Fix a UAF bug when removing the driver
ACPI: battery: Accept charges over the design capacity as full
ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create()
tracefs: Have tracefs directories not set OTH permission bits by default
media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte()
ACPICA: Avoid evaluating methods too early during system resume
ia64: don't do IA64_CMPXCHG_DEBUG without CONFIG_PRINTK
media: mceusb: return without resubmitting URB in case of -EPROTO error.
media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe()
media: uvcvideo: Set capability in s_param
media: netup_unidvb: handle interrupt properly according to the firmware
media: mt9p031: Fix corrupted frame after restarting stream
x86: Increase exception stack sizes
smackfs: Fix use-after-free in netlbl_catmap_walk()
MIPS: lantiq: dma: reset correct number of channel
MIPS: lantiq: dma: add small delay after reset
platform/x86: wmi: do not fail if disabling fails
Bluetooth: fix use-after-free error in lock_sock_nested()
Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
USB: iowarrior: fix control-message timeouts
USB: serial: keyspan: fix memleak on probe errors
iio: dac: ad5446: Fix ad5622_write() return value
quota: correct error number in free_dqentry()
quota: check block number when reading the block in quota file
ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume
ALSA: mixer: oss: Fix racy access to slots
power: supply: max17042_battery: use VFSOC for capacity when no rsns
power: supply: max17042_battery: Prevent int underflow in set_soc_threshold
signal: Remove the bogus sigkill_pending in ptrace_stop
mwifiex: Read a PCI register after writing the TX ring write pointer
wcn36xx: Fix HT40 capability for 2Ghz band
PCI: Mark Atheros QCA6174 to avoid bus reset
ath6kl: fix control-message timeout
ath6kl: fix division by zero in send path
mwifiex: fix division by zero in fw download path
EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell
hwmon: (pmbus/lm25066) Add offset coefficients
btrfs: fix lost error handling when replaying directory deletes
vmxnet3: do not stop tx queues after netif_device_detach()
spi: spl022: fix Microwire full duplex mode
xen/netfront: stop tx queues during live migration
mmc: winbond: don't build on M68K
hyperv/vmbus: include linux/bitops.h
x86/irq: Ensure PI wakeup handler is unregistered before module unload
ALSA: timer: Unconditionally unlink slave instances, too
ALSA: timer: Fix use-after-free problem
ALSA: synth: missing check for possible NULL after the call to kstrdup
ALSA: line6: fix control and interrupt message timeouts
ALSA: 6fire: fix control and bulk message timeouts
ALSA: ua101: fix division by zero at probe
media: ite-cir: IR receiver stop working after receive overflow
parisc: Fix ptrace check on syscall return
mmc: dw_mmc: Dont wait for DRTO on Write RSP error
ocfs2: fix data corruption on truncate
libata: fix read log timeout value
Input: i8042 - Add quirk for Fujitsu Lifebook T725
Input: elantench - fix misreporting trackpoint coordinates
xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay
binder: use cred instead of task for selinux checks
binder: use euid from cred instead of using task
FROMGIT: binder: fix test regression due to sender_euid change
BACKPORT: binder: use cred instead of task for selinux checks
BACKPORT: binder: use euid from cred instead of using task
BACKPORT: ip_gre: add validation for csum_start
Linux 4.4.292
rsi: fix control-message timeout
staging: rtl8192u: fix control-message timeouts
staging: r8712u: fix control-message timeout
comedi: vmk80xx: fix bulk and interrupt message timeouts
comedi: vmk80xx: fix bulk-buffer overflow
comedi: vmk80xx: fix transfer-buffer overflows
staging: comedi: drivers: replace le16_to_cpu() with usb_endpoint_maxp()
comedi: ni_usb6501: fix NULL-deref in command paths
comedi: dt9812: fix DMA buffers on stack
isofs: Fix out of bound access for corrupted isofs image
usb: hso: fix error handling code of hso_create_net_device
printk/console: Allow to disable console output by using console="" or console=null
usb-storage: Add compatibility quirk flags for iODD 2531/2541
usb: gadget: Mark USB_FSL_QE broken on 64-bit
IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields
IB/qib: Use struct_size() helper
net: hso: register netdev later to avoid a race condition
ARM: 9120/1: Revert "amba: make use of -1 IRQs warn"
scsi: core: Put LLD module refcnt after SCSI device is released
Linux 4.4.291
sctp: add vtag check in sctp_sf_violation
sctp: use init_tag from inithdr for ABORT chunk
nios2: Make NIOS2_DTB_SOURCE_BOOL depend on !COMPILE_TEST
regmap: Fix possible double-free in regcache_rbtree_exit()
net: lan78xx: fix division by zero in send path
mmc: sdhci: Map more voltage level to SDHCI_POWER_330
mmc: dw_mmc: exynos: fix the finding clock sample value
mmc: vub300: fix control-message timeouts
Revert "net: mdiobus: Fix memory leak in __mdiobus_register"
nfc: port100: fix using -ERRNO as command type mask
ata: sata_mv: Fix the error handling of mv_chip_id()
usbnet: fix error return code in usbnet_probe()
usbnet: sanity check for maxpacket
ARM: 8819/1: Remove '-p' from LDFLAGS
ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype
ARM: 9134/1: remove duplicate memcpy() definition
ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned
Linux 4.4.290
ARM: 9122/1: select HAVE_FUTEX_CMPXCHG
tracing: Have all levels of checks prevent recursion
net: mdiobus: Fix memory leak in __mdiobus_register
ALSA: hda: avoid write to STATESTS if controller is in reset
platform/x86: intel_scu_ipc: Update timeout value in comment
isdn: mISDN: Fix sleeping function called from invalid context
ARM: dts: spear3xx: Fix gmac node
netfilter: Kconfig: use 'default y' instead of 'm' for bool config option
isdn: cpai: check ctr->cnr to avoid array index out of bound
nfc: nci: fix the UAF of rf_conn_info object
ovl: fix missing negative dentry check in ovl_rename()
ASoC: DAPM: Fix missing kctl change notifications
ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset
elfcore: correct reference to CONFIG_UML
ocfs2: mount fails with buffer overflow in strlen
can: peak_pci: peak_pci_remove(): fix UAF
can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification
can: rcar_can: fix suspend/resume
NIOS2: irqflags: rename a redefined register name
netfilter: ipvs: make global sysctl readonly in non-init netns
NFSD: Keep existing listeners on portlist error
r8152: select CRC32 and CRYPTO/CRYPTO_HASH/CRYPTO_SHA256
drm/msm: Fix null pointer dereference on pointer edp
pata_legacy: fix a couple uninitialized variable bugs
NFC: digital: fix possible memory leak in digital_in_send_sdd_req()
NFC: digital: fix possible memory leak in digital_tg_listen_mdaa()
nfc: fix error handling of nfc_proto_register()
ethernet: s2io: fix setting mac address during resume
net: encx24j600: check error in devm_regmap_init_encx24j600
net: korina: select CRC32
net: arc: select CRC32
iio: ssp_sensors: fix error code in ssp_print_mcu_debug()
iio: ssp_sensors: add more range checking in ssp_parse_dataframe()
iio: adc128s052: Fix the error handling path of 'adc128_probe()'
nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells
USB: serial: option: add Telit LE910Cx composition 0x1204
USB: serial: qcserial: add EM9191 QDL support
Input: xpad - add support for another USB ID of Nacon GC-100
efi/cper: use stack buffer for error record decoding
cb710: avoid NULL pointer subtraction
xhci: Enable trust tx length quirk for Fresco FL11 USB controller
s390: fix strrchr() implementation
ALSA: seq: Fix a potential UAF by wrong private_free call order
Conflicts:
drivers/gpu/drm/msm/msm_gem.c
net/bluetooth/l2cap_sock.c
Change-Id: Ia008e8ba419fa5604b5780265564ba80d05fbafa
|
| | |\|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changes in 4.4.293
binder: use euid from cred instead of using task
binder: use cred instead of task for selinux checks
xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay
Input: elantench - fix misreporting trackpoint coordinates
Input: i8042 - Add quirk for Fujitsu Lifebook T725
libata: fix read log timeout value
ocfs2: fix data corruption on truncate
mmc: dw_mmc: Dont wait for DRTO on Write RSP error
parisc: Fix ptrace check on syscall return
media: ite-cir: IR receiver stop working after receive overflow
ALSA: ua101: fix division by zero at probe
ALSA: 6fire: fix control and bulk message timeouts
ALSA: line6: fix control and interrupt message timeouts
ALSA: synth: missing check for possible NULL after the call to kstrdup
ALSA: timer: Fix use-after-free problem
ALSA: timer: Unconditionally unlink slave instances, too
x86/irq: Ensure PI wakeup handler is unregistered before module unload
hyperv/vmbus: include linux/bitops.h
mmc: winbond: don't build on M68K
xen/netfront: stop tx queues during live migration
spi: spl022: fix Microwire full duplex mode
vmxnet3: do not stop tx queues after netif_device_detach()
btrfs: fix lost error handling when replaying directory deletes
hwmon: (pmbus/lm25066) Add offset coefficients
EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell
mwifiex: fix division by zero in fw download path
ath6kl: fix division by zero in send path
ath6kl: fix control-message timeout
PCI: Mark Atheros QCA6174 to avoid bus reset
wcn36xx: Fix HT40 capability for 2Ghz band
mwifiex: Read a PCI register after writing the TX ring write pointer
signal: Remove the bogus sigkill_pending in ptrace_stop
power: supply: max17042_battery: Prevent int underflow in set_soc_threshold
power: supply: max17042_battery: use VFSOC for capacity when no rsns
ALSA: mixer: oss: Fix racy access to slots
ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume
quota: check block number when reading the block in quota file
quota: correct error number in free_dqentry()
iio: dac: ad5446: Fix ad5622_write() return value
USB: serial: keyspan: fix memleak on probe errors
USB: iowarrior: fix control-message timeouts
Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
Bluetooth: fix use-after-free error in lock_sock_nested()
platform/x86: wmi: do not fail if disabling fails
MIPS: lantiq: dma: add small delay after reset
MIPS: lantiq: dma: reset correct number of channel
smackfs: Fix use-after-free in netlbl_catmap_walk()
x86: Increase exception stack sizes
media: mt9p031: Fix corrupted frame after restarting stream
media: netup_unidvb: handle interrupt properly according to the firmware
media: uvcvideo: Set capability in s_param
media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe()
media: mceusb: return without resubmitting URB in case of -EPROTO error.
ia64: don't do IA64_CMPXCHG_DEBUG without CONFIG_PRINTK
ACPICA: Avoid evaluating methods too early during system resume
media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte()
tracefs: Have tracefs directories not set OTH permission bits by default
ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create()
ACPI: battery: Accept charges over the design capacity as full
memstick: r592: Fix a UAF bug when removing the driver
lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression
lib/xz: Validate the value before assigning it to an enum variable
mwl8k: Fix use-after-free in mwl8k_fw_state_machine()
PM: hibernate: Get block device exclusively in swsusp_check()
iwlwifi: mvm: disable RX-diversity in powersave
smackfs: use __GFP_NOFAIL for smk_cipso_doi()
ARM: clang: Do not rely on lr register for stacktrace
ARM: 9136/1: ARMv7-M uses BE-8, not BE-32
parisc: fix warning in flush_tlb_all
parisc/kgdb: add kgdb_roundup() to make kgdb work with idle polling
media: dvb-usb: fix ununit-value in az6027_rc_query
media: si470x: Avoid card name truncation
cpuidle: Fix kobject memory leaks in error paths
ath9k: Fix potential interrupt storm on queue reset
crypto: qat - detect PFVF collision after ACK
b43legacy: fix a lower bounds test
b43: fix a lower bounds test
memstick: avoid out-of-range warning
memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host()
drm/msm: uninitialized variable in msm_gem_import()
net: stream: don't purge sk_error_queue in sk_stream_kill_queues()
platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning
mwifiex: Send DELBA requests according to spec
smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi
libertas_tf: Fix possible memory leak in probe and disconnect
libertas: Fix possible memory leak in probe and disconnect
crypto: pcrypt - Delay write to padata->info
ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc()
scsi: dc395: Fix error case unwinding
JFS: fix memleak in jfs_mount
memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe
video: fbdev: chipsfb: use memset_io() instead of memset()
serial: 8250_dw: Drop wrong use of ACPI_PTR()
usb: gadget: hid: fix error code in do_config()
power: supply: rt5033_battery: Change voltage values to µV
scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn()
RDMA/mlx4: Return missed an error if device doesn't support steering
dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro
netfilter: nfnetlink_queue: fix OOB when mac header was cleared
m68k: set a default value for MEMORY_RESERVE
watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT
scsi: qla2xxx: Turn off target reset during issue_lip
xen-pciback: Fix return in pm_ctrl_init()
net: davinci_emac: Fix interrupt pacing disable
bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed
llc: fix out-of-bound array index in llc_sk_dev_hash()
nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails
vsock: prevent unnecessary refcnt inc for nonblocking connect
USB: chipidea: fix interrupt deadlock
ARM: 9156/1: drop cc-option fallbacks for architecture selection
mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks
PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros
parisc/entry: fix trace test in syscall exit path
PCI/MSI: Destroy sysfs before freeing entries
net: batman-adv: fix error handling
scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()
usb: musb: tusb6010: check return value after calling platform_get_resource()
scsi: advansys: Fix kernel pointer leak
ARM: dts: omap: fix gpmc,mux-add-data type
usb: host: ohci-tmio: check return value after calling platform_get_resource()
tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc
MIPS: sni: Fix the build
scsi: target: Fix ordered tag handling
scsi: target: Fix alua_tg_pt_gps_count tracking
powerpc/5200: dts: fix memory node unit name
ALSA: gus: fix null pointer dereference on pointer block
powerpc/dcr: Use cmplwi instead of 3-argument cmpli
sh: check return code of request_irq
maple: fix wrong return value of maple_bus_init().
sh: fix kconfig unmet dependency warning for FRAME_POINTER
sh: define __BIG_ENDIAN for math-emu
mips: BCM63XX: ensure that CPU_SUPPORTS_32BIT_KERNEL is set
sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain()
net: bnx2x: fix variable dereferenced before check
mips: bcm63xx: add support for clk_get_parent()
platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()'
NFC: reorganize the functions in nci_request
NFC: reorder the logic in nfc_{un,}register_device
tun: fix bonding active backup with arp monitoring
hexagon: export raw I/O routines for modules
mm: kmemleak: slob: respect SLAB_NOLEAKTRACE flag
btrfs: fix memory ordering between normal and ordered work functions
parisc/sticon: fix reverse colors
cfg80211: call cfg80211_stop_ap when switch from P2P_GO type
drm/udl: fix control-message timeout
drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors
batman-adv: Keep fragments equally sized
batman-adv: Fix multicast TT issues with bogus ROAM flags
batman-adv: Prevent duplicated softif_vlan entry
batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN
batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh
batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh
batman-adv: set .owner to THIS_MODULE
batman-adv: Consider fragmentation for needed_headroom
batman-adv: Reserve needed_*room for fragments
batman-adv: Don't always reallocate the fragmentation skb head
batman-adv: Avoid WARN_ON timing related checks
ASoC: DAPM: Cover regression by kctl change notification fix
usb: max-3421: Use driver data instead of maintaining a list of bound devices
Linux 4.4.293
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I233cfa7b0fe613afd388fcc316caf184005eaee9
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
and dvi connectors
commit bf552083916a7f8800477b5986940d1c9a31b953 upstream.
amdgpu_connector_vga_get_modes missed function amdgpu_get_native_mode
which assign amdgpu_encoder->native_mode with *preferred_mode result in
amdgpu_encoder->native_mode.clock always be 0. That will cause
amdgpu_connector_set_property returned early on:
if ((rmx_type != DRM_MODE_SCALE_NONE) &&
(amdgpu_encoder->native_mode.clock == 0))
when we try to set scaling mode Full/Full aspect/Center.
Add the missing function to amdgpu_connector_vga_get_mode can fix this.
It also works on dvi connectors because
amdgpu_connector_dvi_helper_funcs.get_mode use the same method.
Signed-off-by: hongao <hongao@uniontech.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
commit 5591c8f79db1729d9c5ac7f5b4d3a5c26e262d93 upstream.
USB control-message timeouts are specified in milliseconds and should
specifically not vary with CONFIG_HZ.
Fixes: 5320918b9a87 ("drm/udl: initial UDL driver (v4)")
Cc: stable@vger.kernel.org # 3.4
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: https://patchwork.freedesktop.org/patch/msgid/20211025115353.5089-1-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[ Upstream commit 2203bd0e5c12ffc53ffdd4fbd7b12d6ba27e0424 ]
The msm_gem_new_impl() function cleans up after itself so there is no
need to call drm_gem_object_put(). Conceptually, it does not make sense
to call a kref_put() function until after the reference counting has
been initialized which happens immediately after this call in the
drm_gem_(private_)object_init() functions.
In the msm_gem_import() function the "obj" pointer is uninitialized, so
it will lead to a crash.
Fixes: 05b849111c07 ("drm/msm: prime support")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/20211013081315.GG6010@kili
Signed-off-by: Rob Clark <robdclark@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | |\|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changes in 4.4.290
ALSA: seq: Fix a potential UAF by wrong private_free call order
s390: fix strrchr() implementation
xhci: Enable trust tx length quirk for Fresco FL11 USB controller
cb710: avoid NULL pointer subtraction
efi/cper: use stack buffer for error record decoding
Input: xpad - add support for another USB ID of Nacon GC-100
USB: serial: qcserial: add EM9191 QDL support
USB: serial: option: add Telit LE910Cx composition 0x1204
nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells
iio: adc128s052: Fix the error handling path of 'adc128_probe()'
iio: ssp_sensors: add more range checking in ssp_parse_dataframe()
iio: ssp_sensors: fix error code in ssp_print_mcu_debug()
net: arc: select CRC32
net: korina: select CRC32
net: encx24j600: check error in devm_regmap_init_encx24j600
ethernet: s2io: fix setting mac address during resume
nfc: fix error handling of nfc_proto_register()
NFC: digital: fix possible memory leak in digital_tg_listen_mdaa()
NFC: digital: fix possible memory leak in digital_in_send_sdd_req()
pata_legacy: fix a couple uninitialized variable bugs
drm/msm: Fix null pointer dereference on pointer edp
r8152: select CRC32 and CRYPTO/CRYPTO_HASH/CRYPTO_SHA256
NFSD: Keep existing listeners on portlist error
netfilter: ipvs: make global sysctl readonly in non-init netns
NIOS2: irqflags: rename a redefined register name
can: rcar_can: fix suspend/resume
can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification
can: peak_pci: peak_pci_remove(): fix UAF
ocfs2: mount fails with buffer overflow in strlen
elfcore: correct reference to CONFIG_UML
ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset
ASoC: DAPM: Fix missing kctl change notifications
ovl: fix missing negative dentry check in ovl_rename()
nfc: nci: fix the UAF of rf_conn_info object
isdn: cpai: check ctr->cnr to avoid array index out of bound
netfilter: Kconfig: use 'default y' instead of 'm' for bool config option
ARM: dts: spear3xx: Fix gmac node
isdn: mISDN: Fix sleeping function called from invalid context
platform/x86: intel_scu_ipc: Update timeout value in comment
ALSA: hda: avoid write to STATESTS if controller is in reset
net: mdiobus: Fix memory leak in __mdiobus_register
tracing: Have all levels of checks prevent recursion
ARM: 9122/1: select HAVE_FUTEX_CMPXCHG
Linux 4.4.290
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I97fdd4fb10f590df04407cb87713af101af36f67
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
commit 2133c4fc8e1348dcb752f267a143fe2254613b34 upstream.
The initialization of pointer dev dereferences pointer edp before
edp is null checked, so there is a potential null pointer deference
issue. Fix this by only dereferencing edp after edp has been null
checked.
Addresses-Coverity: ("Dereference before null check")
Fixes: ab5b0107ccf3 ("drm/msm: Initial add eDP support in msm drm driver (v5)")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Link: https://lore.kernel.org/r/20210929121857.213922-1-colin.king@canonical.com
Signed-off-by: Rob Clark <robdclark@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| |\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
lineage-18.1-caf-msm8998
# By Sergey Shtylyov (9) and others
# Via Greg Kroah-Hartman
* common/android-4.4-p:
Linux 4.4.288
libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD.
usb: testusb: Fix for showing the connection speed
scsi: sd: Free scsi_disk device via put_device()
ext2: fix sleeping in atomic bugs on error
sparc64: fix pci_iounmap() when CONFIG_PCI is not set
xen-netback: correct success/error reporting for the SKB-with-fraglist case
af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
Linux 4.4.287
Revert "arm64: Mark __stack_chk_guard as __ro_after_init"
Linux 4.4.286
cred: allow get_cred() and put_cred() to be given NULL.
HID: usbhid: free raw_report buffers in usbhid_stop
netfilter: ipset: Fix oversized kvmalloc() calls
HID: betop: fix slab-out-of-bounds Write in betop_probe
arm64: Extend workaround for erratum 1024718 to all versions of Cortex-A55
EDAC/synopsys: Fix wrong value type assignment for edac_mode
ext4: fix potential infinite loop in ext4_dx_readdir()
ipack: ipoctal: fix module reference leak
ipack: ipoctal: fix missing allocation-failure check
ipack: ipoctal: fix tty-registration error handling
ipack: ipoctal: fix tty registration race
ipack: ipoctal: fix stack information leak
e100: fix buffer overrun in e100_get_regs
e100: fix length calculation in e100_get_regs_len
ipvs: check that ip_vs_conn_tab_bits is between 8 and 20
mac80211: fix use-after-free in CCMP/GCMP RX
tty: Fix out-of-bound vmalloc access in imageblit
qnx4: work around gcc false positive warning bug
spi: Fix tegra20 build with CONFIG_PM=n
net: 6pack: Fix tx timeout and slot time
alpha: Declare virt_to_phys and virt_to_bus parameter as pointer to volatile
arm64: Mark __stack_chk_guard as __ro_after_init
parisc: Use absolute_pointer() to define PAGE0
qnx4: avoid stringop-overread errors
sparc: avoid stringop-overread errors
net: i825xx: Use absolute_pointer for memcpy from fixed memory location
compiler.h: Introduce absolute_pointer macro
m68k: Double cast io functions to unsigned long
blktrace: Fix uaf in blk_trace access after removing by sysfs
scsi: iscsi: Adjust iface sysfs attr detection
net/mlx4_en: Don't allow aRFS for encapsulated packets
net: hso: fix muxed tty registration
USB: serial: option: add device id for Foxconn T99W265
USB: serial: option: remove duplicate USB device ID
USB: serial: option: add Telit LN920 compositions
USB: serial: mos7840: remove duplicated 0xac24 device ID
USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter
xen/x86: fix PV trap handling on secondary processors
cifs: fix incorrect check for null pointer in header_assemble
usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned()
usb: gadget: r8a66597: fix a loop in set_feature()
Linux 4.4.285
sctp: validate from_addr_param return
drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV
blk-throttle: fix UAF by deleteing timer in blk_throtl_exit()
nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group
nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group
nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group
nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group
nilfs2: fix NULL pointer in nilfs_##name##_attr_release
nilfs2: fix memory leak in nilfs_sysfs_create_device_group
ceph: lockdep annotations for try_nonblocking_invalidate
dmaengine: ioat: depends on !UML
parisc: Move pci_dev_is_behind_card_dino to where it is used
dmaengine: acpi: Avoid comparison GSI with Linux vIRQ
dmaengine: acpi-dma: check for 64-bit MMIO address
profiling: fix shift-out-of-bounds bugs
prctl: allow to setup brk for et_dyn executables
9p/trans_virtio: Remove sysfs file on probe failure
thermal/drivers/exynos: Fix an error code in exynos_tmu_probe()
sctp: add param size validation for SCTP_PARAM_SET_PRIMARY
sctp: validate chunk size in __rcv_asconf_lookup
PM / wakeirq: Fix unbalanced IRQ enable for wakeirq
s390/bpf: Fix optimizing out zero-extensions
Linux 4.4.284
s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant
net: renesas: sh_eth: Fix freeing wrong tx descriptor
qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom
ARC: export clear_user_page() for modules
mtd: rawnand: cafe: Fix a resource leak in the error handling path of 'cafe_nand_probe()'
PCI: Sync __pci_register_driver() stub for CONFIG_PCI=n
ethtool: Fix an error code in cxgb2.c
dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation
x86/mm: Fix kern_addr_valid() to cope with existing but not present entries
net/af_unix: fix a data-race in unix_dgram_poll
tipc: increase timeout in tipc_sk_enqueue()
r6040: Restore MDIO clock frequency after MAC reset
net/l2tp: Fix reference count leak in l2tp_udp_recv_core
dccp: don't duplicate ccid when cloning dccp sock
ptp: dp83640: don't define PAGE0
net-caif: avoid user-triggerable WARN_ON(1)
bnx2x: Fix enabling network interfaces without VFs
platform/chrome: cros_ec_proto: Send command again when timeout occurs
parisc: fix crash with signals and alloca
net: fix NULL pointer reference in cipso_v4_doi_free
ath9k: fix OOB read ar9300_eeprom_restore_internal
parport: remove non-zero check on count
Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set"
cifs: fix wrong release in sess_alloc_buffer() failed path
mmc: rtsx_pci: Fix long reads when clock is prescaled
gfs2: Don't call dlm after protocol is unmounted
rpc: fix gss_svc_init cleanup on failure
ARM: tegra: tamonten: Fix UART pad setting
gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port()
Bluetooth: skip invalid hci_sync_conn_complete_evt
serial: 8250_pci: make setup_port() parameters explicitly unsigned
hvsi: don't panic on tty_register_driver failure
xtensa: ISS: don't panic in rs_init
serial: 8250: Define RX trigger levels for OxSemi 950 devices
s390/jump_label: print real address in a case of a jump label bug
ipv4: ip_output.c: Fix out-of-bounds warning in ip_copy_addrs()
video: fbdev: riva: Error out if 'pixclock' equals zero
video: fbdev: kyro: Error out if 'pixclock' equals zero
video: fbdev: asiliantfb: Error out if 'pixclock' equals zero
bpf/tests: Do not PASS tests without actually testing the result
bpf/tests: Fix copy-and-paste error in double word test
tty: serial: jsm: hold port lock when reporting modem line changes
usb: gadget: u_ether: fix a potential null pointer dereference
usb: host: fotg210: fix the actual_length of an iso packet
Smack: Fix wrong semantics in smk_access_entry()
netlink: Deal with ESRCH error in nlmsg_notify()
video: fbdev: kyro: fix a DoS bug by restricting user input
iio: dac: ad5624r: Fix incorrect handling of an optional regulator.
PCI: Use pci_update_current_state() in pci_enable_device_flags()
crypto: mxs-dcp - Use sg_mapping_iter to copy data
pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry()
openrisc: don't printk() unconditionally
PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure
PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported
ARM: 9105/1: atags_to_fdt: don't warn about stack size
libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs
media: rc-loopback: return number of emitters rather than error
media: uvc: don't do DMA on stack
VMCI: fix NULL pointer dereference when unmapping queue pair
power: supply: max17042: handle fails of reading status register
xen: fix setting of max_pfn in shared_info
PCI/MSI: Skip masking MSI-X on Xen PV
rtc: tps65910: Correct driver module alias
fbmem: don't allow too huge resolutions
clk: kirkwood: Fix a clocking boot regression
KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted
tty: Fix data race between tiocsti() and flush_to_ldisc()
ipv4: make exception cache less predictible
bcma: Fix memory leak for internally-handled cores
ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point()
usb: ehci-orion: Handle errors of clk_prepare_enable() in probe
i2c: mt65xx: fix IRQ check
CIFS: Fix a potencially linear read overflow
mmc: moxart: Fix issue with uninitialized dma_slave_config
mmc: dw_mmc: Fix issue with uninitialized dma_slave_config
i2c: s3c2410: fix IRQ check
i2c: iop3xx: fix deferred probing
Bluetooth: add timeout sanity check to hci_inquiry
usb: gadget: mv_u3d: request_irq() after initializing UDC
usb: phy: tahvo: add IRQ check
usb: host: ohci-tmio: add IRQ check
Bluetooth: Move shutdown callback before flushing tx and rx queue
usb: phy: twl6030: add IRQ checks
usb: phy: fsl-usb: add IRQ check
usb: gadget: udc: at91: add IRQ check
drm/msm/dsi: Fix some reference counted resource leaks
Bluetooth: fix repeated calls to sco_sock_kill
arm64: dts: exynos: correct GIC CPU interfaces address range on Exynos7
Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow
PCI: PM: Enable PME if it can be signaled from D3cold
i2c: highlander: add IRQ check
net: cipso: fix warnings in netlbl_cipsov4_add_std
tcp: seq_file: Avoid skipping sk during tcp_seek_last_pos
Bluetooth: sco: prevent information leak in sco_conn_defer_accept()
media: go7007: remove redundant initialization
media: dvb-usb: fix uninit-value in vp702x_read_mac_addr
media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init
certs: Trigger creation of RSA module signing key if it's not an RSA key
m68k: emu: Fix invalid free in nfeth_cleanup()
udf_get_extendedattr() had no boundary checks.
crypto: qat - fix reuse of completion variable
crypto: qat - do not ignore errors from enable_vf2pf_comms()
libata: fix ata_host_start()
power: supply: max17042_battery: fix typo in MAx17042_TOFF
crypto: omap-sham - clear dma flags only after omap_sham_update_dma_stop()
crypto: mxs-dcp - Check for DMA mapping errors
PCI: Call Max Payload Size-related fixup quirks early
x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
Revert "btrfs: compression: don't try to compress if we don't have enough pages"
mm/page_alloc: speed up the iteration of max_order
net: ll_temac: Remove left-over debug message
powerpc/boot: Delete unneeded .globl _zimage_start
powerpc/module64: Fix comment in R_PPC64_ENTRY handling
mm/kmemleak.c: make cond_resched() rate-limiting more efficient
s390/disassembler: correct disassembly lines alignment
ipv4/icmp: l3mdev: Perform icmp error route lookup on source device routing table (v2)
tc358743: fix register i2c_rd/wr function fix
PM / wakeirq: Enable dedicated wakeirq for suspend
USB: serial: mos7720: improve OOM-handling in read_mos_reg()
usb: phy: isp1301: Fix build warning when CONFIG_OF is disabled
igmp: Add ip_mc_list lock in ip_check_mc_rcu
media: stkwebcam: fix memory leak in stk_camera_probe
ath9k: Postpone key cache entry deletion for TXQ frames reference it
ath: Modify ath_key_delete() to not need full key entry
ath: Export ath_hw_keysetmac()
ath9k: Clear key cache explicitly on disabling hardware
ath: Use safer key clearing with key cache entries
ALSA: pcm: fix divide error in snd_pcm_lib_ioctl
ARM: 8918/2: only build return_address() if needed
cryptoloop: add a deprecation warning
qede: Fix memset corruption
ARC: fix allnoconfig build warning
xtensa: fix kconfig unmet dependency warning for HAVE_FUTEX_CMPXCHG
ext4: fix race writing to an inline_data file while its xattrs are changing
Change-Id: I0d3200388e095f977c784cba314b9cc061848c7a
|
| | |\|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changes in 4.4.285
s390/bpf: Fix optimizing out zero-extensions
PM / wakeirq: Fix unbalanced IRQ enable for wakeirq
sctp: validate chunk size in __rcv_asconf_lookup
sctp: add param size validation for SCTP_PARAM_SET_PRIMARY
thermal/drivers/exynos: Fix an error code in exynos_tmu_probe()
9p/trans_virtio: Remove sysfs file on probe failure
prctl: allow to setup brk for et_dyn executables
profiling: fix shift-out-of-bounds bugs
dmaengine: acpi-dma: check for 64-bit MMIO address
dmaengine: acpi: Avoid comparison GSI with Linux vIRQ
parisc: Move pci_dev_is_behind_card_dino to where it is used
dmaengine: ioat: depends on !UML
ceph: lockdep annotations for try_nonblocking_invalidate
nilfs2: fix memory leak in nilfs_sysfs_create_device_group
nilfs2: fix NULL pointer in nilfs_##name##_attr_release
nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group
nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group
nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group
nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group
blk-throttle: fix UAF by deleteing timer in blk_throtl_exit()
drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV
sctp: validate from_addr_param return
Linux 4.4.285
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I10ef4f8fa6f8c53aaedfa2e6c5212b1faecad1b4
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
commit e8f71f89236ef82d449991bfbc237e3cb6ea584f upstream.
nvkm test builds fail with the following error.
drivers/gpu/drm/nouveau/nvkm/engine/device/ctrl.c: In function 'nvkm_control_mthd_pstate_info':
drivers/gpu/drm/nouveau/nvkm/engine/device/ctrl.c:60:35: error: overflow in conversion from 'int' to '__s8' {aka 'signed char'} changes value from '-251' to '5'
The code builds on most architectures, but fails on parisc where ENOSYS
is defined as 251.
Replace the error code with -ENODEV (-19). The actual error code does
not really matter and is not passed to userspace - it just has to be
negative.
Fixes: 7238eca4cf18 ("drm/nouveau: expose pstate selection per-power source in sysfs")
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Cc: Ben Skeggs <bskeggs@redhat.com>
Cc: David Airlie <airlied@linux.ie>
Cc: Daniel Vetter <daniel@ffwll.ch>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | |\|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changes in 4.4.284
ext4: fix race writing to an inline_data file while its xattrs are changing
xtensa: fix kconfig unmet dependency warning for HAVE_FUTEX_CMPXCHG
ARC: fix allnoconfig build warning
qede: Fix memset corruption
cryptoloop: add a deprecation warning
ARM: 8918/2: only build return_address() if needed
ALSA: pcm: fix divide error in snd_pcm_lib_ioctl
ath: Use safer key clearing with key cache entries
ath9k: Clear key cache explicitly on disabling hardware
ath: Export ath_hw_keysetmac()
ath: Modify ath_key_delete() to not need full key entry
ath9k: Postpone key cache entry deletion for TXQ frames reference it
media: stkwebcam: fix memory leak in stk_camera_probe
igmp: Add ip_mc_list lock in ip_check_mc_rcu
usb: phy: isp1301: Fix build warning when CONFIG_OF is disabled
USB: serial: mos7720: improve OOM-handling in read_mos_reg()
PM / wakeirq: Enable dedicated wakeirq for suspend
tc358743: fix register i2c_rd/wr function fix
ipv4/icmp: l3mdev: Perform icmp error route lookup on source device routing table (v2)
s390/disassembler: correct disassembly lines alignment
mm/kmemleak.c: make cond_resched() rate-limiting more efficient
powerpc/module64: Fix comment in R_PPC64_ENTRY handling
powerpc/boot: Delete unneeded .globl _zimage_start
net: ll_temac: Remove left-over debug message
mm/page_alloc: speed up the iteration of max_order
Revert "btrfs: compression: don't try to compress if we don't have enough pages"
x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
PCI: Call Max Payload Size-related fixup quirks early
crypto: mxs-dcp - Check for DMA mapping errors
crypto: omap-sham - clear dma flags only after omap_sham_update_dma_stop()
power: supply: max17042_battery: fix typo in MAx17042_TOFF
libata: fix ata_host_start()
crypto: qat - do not ignore errors from enable_vf2pf_comms()
crypto: qat - fix reuse of completion variable
udf_get_extendedattr() had no boundary checks.
m68k: emu: Fix invalid free in nfeth_cleanup()
certs: Trigger creation of RSA module signing key if it's not an RSA key
media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init
media: dvb-usb: fix uninit-value in vp702x_read_mac_addr
media: go7007: remove redundant initialization
Bluetooth: sco: prevent information leak in sco_conn_defer_accept()
tcp: seq_file: Avoid skipping sk during tcp_seek_last_pos
net: cipso: fix warnings in netlbl_cipsov4_add_std
i2c: highlander: add IRQ check
PCI: PM: Enable PME if it can be signaled from D3cold
Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow
arm64: dts: exynos: correct GIC CPU interfaces address range on Exynos7
Bluetooth: fix repeated calls to sco_sock_kill
drm/msm/dsi: Fix some reference counted resource leaks
usb: gadget: udc: at91: add IRQ check
usb: phy: fsl-usb: add IRQ check
usb: phy: twl6030: add IRQ checks
Bluetooth: Move shutdown callback before flushing tx and rx queue
usb: host: ohci-tmio: add IRQ check
usb: phy: tahvo: add IRQ check
usb: gadget: mv_u3d: request_irq() after initializing UDC
Bluetooth: add timeout sanity check to hci_inquiry
i2c: iop3xx: fix deferred probing
i2c: s3c2410: fix IRQ check
mmc: dw_mmc: Fix issue with uninitialized dma_slave_config
mmc: moxart: Fix issue with uninitialized dma_slave_config
CIFS: Fix a potencially linear read overflow
i2c: mt65xx: fix IRQ check
usb: ehci-orion: Handle errors of clk_prepare_enable() in probe
ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point()
bcma: Fix memory leak for internally-handled cores
ipv4: make exception cache less predictible
tty: Fix data race between tiocsti() and flush_to_ldisc()
KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted
clk: kirkwood: Fix a clocking boot regression
fbmem: don't allow too huge resolutions
rtc: tps65910: Correct driver module alias
PCI/MSI: Skip masking MSI-X on Xen PV
xen: fix setting of max_pfn in shared_info
power: supply: max17042: handle fails of reading status register
VMCI: fix NULL pointer dereference when unmapping queue pair
media: uvc: don't do DMA on stack
media: rc-loopback: return number of emitters rather than error
libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs
ARM: 9105/1: atags_to_fdt: don't warn about stack size
PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported
PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure
openrisc: don't printk() unconditionally
pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry()
crypto: mxs-dcp - Use sg_mapping_iter to copy data
PCI: Use pci_update_current_state() in pci_enable_device_flags()
iio: dac: ad5624r: Fix incorrect handling of an optional regulator.
video: fbdev: kyro: fix a DoS bug by restricting user input
netlink: Deal with ESRCH error in nlmsg_notify()
Smack: Fix wrong semantics in smk_access_entry()
usb: host: fotg210: fix the actual_length of an iso packet
usb: gadget: u_ether: fix a potential null pointer dereference
tty: serial: jsm: hold port lock when reporting modem line changes
bpf/tests: Fix copy-and-paste error in double word test
bpf/tests: Do not PASS tests without actually testing the result
video: fbdev: asiliantfb: Error out if 'pixclock' equals zero
video: fbdev: kyro: Error out if 'pixclock' equals zero
video: fbdev: riva: Error out if 'pixclock' equals zero
ipv4: ip_output.c: Fix out-of-bounds warning in ip_copy_addrs()
s390/jump_label: print real address in a case of a jump label bug
serial: 8250: Define RX trigger levels for OxSemi 950 devices
xtensa: ISS: don't panic in rs_init
hvsi: don't panic on tty_register_driver failure
serial: 8250_pci: make setup_port() parameters explicitly unsigned
Bluetooth: skip invalid hci_sync_conn_complete_evt
gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port()
ARM: tegra: tamonten: Fix UART pad setting
rpc: fix gss_svc_init cleanup on failure
gfs2: Don't call dlm after protocol is unmounted
mmc: rtsx_pci: Fix long reads when clock is prescaled
cifs: fix wrong release in sess_alloc_buffer() failed path
Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set"
parport: remove non-zero check on count
ath9k: fix OOB read ar9300_eeprom_restore_internal
net: fix NULL pointer reference in cipso_v4_doi_free
parisc: fix crash with signals and alloca
platform/chrome: cros_ec_proto: Send command again when timeout occurs
bnx2x: Fix enabling network interfaces without VFs
net-caif: avoid user-triggerable WARN_ON(1)
ptp: dp83640: don't define PAGE0
dccp: don't duplicate ccid when cloning dccp sock
net/l2tp: Fix reference count leak in l2tp_udp_recv_core
r6040: Restore MDIO clock frequency after MAC reset
tipc: increase timeout in tipc_sk_enqueue()
net/af_unix: fix a data-race in unix_dgram_poll
x86/mm: Fix kern_addr_valid() to cope with existing but not present entries
dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation
ethtool: Fix an error code in cxgb2.c
PCI: Sync __pci_register_driver() stub for CONFIG_PCI=n
mtd: rawnand: cafe: Fix a resource leak in the error handling path of 'cafe_nand_probe()'
ARC: export clear_user_page() for modules
qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom
net: renesas: sh_eth: Fix freeing wrong tx descriptor
s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant
Linux 4.4.284
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Idf3220461e42648ba134a245e9670231dbd18b5c
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
access in amdgpu_i2c_router_select_ddc_port()
[ Upstream commit a211260c34cfadc6068fece8c9e99e0fe1e2a2b6 ]
The variable val is declared without initialization, and its address is
passed to amdgpu_i2c_get_byte(). In this function, the value of val is
accessed in:
DRM_DEBUG("i2c 0x%02x 0x%02x read failed\n",
addr, *val);
Also, when amdgpu_i2c_get_byte() returns, val may remain uninitialized,
but it is accessed in:
val &= ~amdgpu_connector->router.ddc_mux_control_pin;
To fix this possible uninitialized-variable access, initialize val to 0 in
amdgpu_i2c_router_select_ddc_port().
Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
Signed-off-by: Tuo Li <islituo@gmail.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[ Upstream commit 6977cc89c87506ff17e6c05f0e37f46752256e82 ]
'of_find_device_by_node()' takes a reference that must be released when
not needed anymore.
This is expected to be done in 'dsi_destroy()'.
However, there are 2 issues in 'dsi_get_phy()'.
First, if 'of_find_device_by_node()' succeeds but 'platform_get_drvdata()'
returns NULL, 'msm_dsi->phy_dev' will still be NULL, and the reference
won't be released in 'dsi_destroy()'.
Secondly, as 'of_find_device_by_node()' already takes a reference, there is
no need for an additional 'get_device()'.
Move the assignment to 'msm_dsi->phy_dev' a few lines above and remove the
unneeded 'get_device()' to solve both issues.
Fixes: ec31abf6684e ("drm/msm/dsi: Separate PHY to another platform device")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Link: https://lore.kernel.org/r/f15bc57648a00e7c99f943903468a04639d50596.1628241097.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Rob Clark <robdclark@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| |\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
https://android.googlesource.com/kernel/common into lineage-18.1-caf-msm8998
This brings LA.UM.9.2.r1-03400-SDMxx0.0 up to date with
https://android.googlesource.com/kernel/common/ android-4.4-p at commit:
e5239ed489f64 Merge 4.4.276 into android-4.4-p
Change-Id: I5f3fdc31e61b229b299cf72014710d36e42863d8
|
| | |\|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changes in 4.4.276
ALSA: usb-audio: fix rate on Ozone Z90 USB headset
media: dvb-usb: fix wrong definition
Input: usbtouchscreen - fix control-request directions
net: can: ems_usb: fix use-after-free in ems_usb_disconnect()
usb: gadget: eem: fix echo command packet response issue
USB: cdc-acm: blacklist Heimann USB Appset device
ntfs: fix validity check for file name attribute
iov_iter_fault_in_readable() should do nothing in xarray case
Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl
ARM: dts: at91: sama5d4: fix pinctrl muxing
btrfs: clear defrag status of a root if starting transaction fails
ext4: fix kernel infoleak via ext4_extent_header
ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit
ext4: remove check for zero nr_to_scan in ext4_es_scan()
ext4: fix avefreec in find_group_orlov
SUNRPC: Fix the batch tasks count wraparound.
SUNRPC: Should wake up the privileged task firstly.
s390/cio: dont call css_wait_for_slow_path() inside a lock
iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and PS_DATA as volatile, too
iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR
iio: ltr501: ltr501_read_ps(): add missing endianness conversion
serial_cs: Add Option International GSM-Ready 56K/ISDN modem
ath9k: Fix kernel NULL pointer dereference during ath_reset_internal()
ssb: sdio: Don't overwrite const buffer if block_write fails
seq_buf: Make trace_seq_putmem_hex() support data longer than 8
fuse: check connected before queueing on fpq->io
spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages()
spi: omap-100k: Fix the length judgment problem
crypto: nx - add missing MODULE_DEVICE_TABLE
media: cpia2: fix memory leak in cpia2_usb_probe
media: pvrusb2: fix warning in pvr2_i2c_core_done
crypto: qat - check return code of qat_hal_rd_rel_reg()
crypto: qat - remove unused macro in FW loader
media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release
media: bt8xx: Fix a missing check bug in bt878_probe
mmc: via-sdmmc: add a check against NULL pointer dereference
crypto: shash - avoid comparing pointers to exported functions under CFI
media: dvb_net: avoid speculation from net slot
btrfs: disable build on platforms having page size 256K
regulator: da9052: Ensure enough delay time for .set_voltage_time_sel
ACPI: processor idle: Fix up C-state latency if not ordered
block_dump: remove block_dump feature in mark_inode_dirty()
fs: dlm: cancel work sync othercon
random32: Fix implicit truncation warning in prandom_seed_state()
ACPI: bus: Call kobject_put() in acpi_init() error path
platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard()
ia64: mca_drv: fix incorrect array size calculation
crypto: ixp4xx - dma_unmap the correct address
crypto: ux500 - Fix error return code in hash_hw_final()
sata_highbank: fix deferred probing
pata_rb532_cf: fix deferred probing
media: I2C: change 'RST' to "RSET" to fix multiple build errors
pata_octeon_cf: avoid WARN_ON() in ata_host_activate()
pata_ep93xx: fix deferred probing
media: tc358743: Fix error return code in tc358743_probe_of()
media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2()
mmc: usdhi6rol0: fix error return code in usdhi6_probe()
media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx
spi: spi-sun6i: Fix chipselect/clock bug
crypto: nx - Fix RCU warning in nx842_OF_upd_status
ACPI: sysfs: Fix a buffer overrun problem with description_show()
net: pch_gbe: Propagate error from devm_gpio_request_one()
ehea: fix error return code in ehea_restart_qps()
drm: qxl: ensure surf.data is ininitialized
wireless: carl9170: fix LEDS build errors & warnings
brcmsmac: mac80211_if: Fix a resource leak in an error handling path
ath10k: Fix an error code in ath10k_add_interface()
netlabel: Fix memory leak in netlbl_mgmt_add_common
netfilter: nft_exthdr: check for IPv6 packet before further processing
net: ethernet: aeroflex: fix UAF in greth_of_remove
net: ethernet: ezchip: fix UAF in nps_enet_remove
net: ethernet: ezchip: fix error handling
vxlan: add missing rcu_read_lock() in neigh_reduce()
i40e: Fix error handling in i40e_vsi_open
writeback: fix obtain a reference to a freeing memcg css
tty: nozomi: Fix a resource leak in an error handling function
iio: adis_buffer: do not return ints in irq handlers
iio: accel: bma180: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: stk8312: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: stk8ba50: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
Input: hil_kbd - fix error return code in hil_dev_connect()
char: pcmcia: error out if 'num_bytes_read' is greater than 4 in set_protocol()
tty: nozomi: Fix the error handling path of 'nozomi_card_init()'
scsi: FlashPoint: Rename si_flags field
s390: appldata depends on PROC_SYSCTL
staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt()
staging: gdm724x: check for overflow in gdm_lte_netif_rx()
scsi: mpt3sas: Fix error return value in _scsih_expander_add()
phy: ti: dm816x: Fix the error handling path in 'dm816x_usb_phy_probe()
extcon: sm5502: Drop invalid register write in sm5502_reg_data
extcon: max8997: Add missing modalias string
mmc: vub3000: fix control-request direction
scsi: core: Retry I/O for Notify (Enable Spinup) Required error
net: pch_gbe: Use proper accessors to BE data in pch_ptp_match()
hugetlb: clear huge pte during flush function on mips platform
atm: iphase: fix possible use-after-free in ia_module_exit()
mISDN: fix possible use-after-free in HFC_cleanup()
atm: nicstar: Fix possible use-after-free in nicstar_cleanup()
net: Treat __napi_schedule_irqoff() as __napi_schedule() on PREEMPT_RT
reiserfs: add check for invalid 1st journal block
drm/virtio: Fix double free on probe failure
udf: Fix NULL pointer dereference in udf_symlink function
e100: handle eeprom as little endian
ipv6: use prandom_u32() for ID generation
RDMA/cxgb4: Fix missing error code in create_qp()
dm space maps: don't reset space map allocation cursor when committing
net: micrel: check return value after calling platform_get_resource()
selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC
xfrm: Fix error reporting in xfrm_state_construct.
wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP
wl1251: Fix possible buffer overflow in wl1251_cmd_scan
cw1200: add missing MODULE_DEVICE_TABLE
atm: nicstar: use 'dma_free_coherent' instead of 'kfree'
atm: nicstar: register the interrupt handler in the right place
sfc: avoid double pci_remove of VFs
sfc: error code if SRIOV cannot be disabled
wireless: wext-spy: Fix out-of-bounds warning
RDMA/cma: Fix rdma_resolve_route() memory leak
Bluetooth: Fix the HCI to MGMT status conversion table
Bluetooth: Shutdown controller after workqueues are flushed or cancelled
Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc.
sctp: add size validation when walking chunks
fuse: reject internal errno
can: gw: synchronize rcu operations before removing gw job entry
can: bcm: delay release of struct bcm_op after synchronize_rcu()
mac80211: fix memory corruption in EAPOL handling
powerpc/barrier: Avoid collision with clang's __lwsync macro
mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode
ata: ahci_sunxi: Disable DIPM
ASoC: tegra: Set driver_name=tegra for all machine drivers
ipmi/watchdog: Stop watchdog timer when the current action is 'none'
power: supply: ab8500: Fix an old bug
seq_buf: Fix overflow in seq_buf_putmem_hex()
ipack/carriers/tpci200: Fix a double free in tpci200_pci_probe
dm btree remove: assign new_root only when removal succeeds
media: zr364xx: fix memory leak in zr364xx_start_readpipe
media: gspca/sq905: fix control-request direction
media: gspca/sunplus: fix zero-length control requests
media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K
jfs: fix GPF in diFree
KVM: x86: Use guest MAXPHYADDR from CPUID.0x8000_0008 iff TDP is enabled
KVM: X86: Disable hardware breakpoints unconditionally before kvm_x86->run()
tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero
misc/libmasm/module: Fix two use after free in ibmasm_init_one
Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro"
scsi: lpfc: Fix "Unexpected timeout" error in direct attach topology
tty: serial: 8250: serial_cs: Fix a memory leak in error handling path
fs/jfs: Fix missing error code in lmLogInit()
scsi: iscsi: Add iscsi_cls_conn refcount helpers
mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE
ALSA: sb: Fix potential double-free of CSP mixer elements
powerpc/ps3: Add dma_mask to ps3_dma_region
gpio: zynq: Check return value of pm_runtime_get_sync
ALSA: ppc: fix error return code in snd_pmac_probe()
selftests/powerpc: Fix "no_handler" EBB selftest
ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing()
ALSA: bebob: add support for ToneWeal FW66
usb: gadget: f_hid: fix endianness issue with descriptors
usb: gadget: hid: fix error return code in hid_bind()
powerpc/boot: Fixup device-tree on little endian
backlight: lm3630a: Fix return code of .update_status() callback
ALSA: hda: Add IRQ check for platform_get_irq()
lib/decompress_unlz4.c: correctly handle zero-padding around initrds.
pwm: spear: Don't modify HW state in .remove callback
power: supply: ab8500: Avoid NULL pointers
power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE
ARM: 9087/1: kprobes: test-thumb: fix for LLVM_IAS=1
watchdog: Fix possible use-after-free in wdt_startup()
watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff()
watchdog: Fix possible use-after-free by calling del_timer_sync()
ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty
power: supply: charger-manager: add missing MODULE_DEVICE_TABLE
power: supply: ab8500: add missing MODULE_DEVICE_TABLE
virtio-blk: Fix memory leak among suspend/resume procedure
virtio_console: Assure used length from device is limited
PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun
um: fix error return code in slip_open()
um: fix error return code in winch_tramp()
nfs: fix acl memory leak of posix_acl_create()
ALSA: isa: Fix error return code in snd_cmi8330_probe()
hexagon: use common DISCARDS macro
ARM: dts: exynos: fix PWM LED max brightness on Odroid XU4
rtc: fix snprintf() checking in is_rtc_hctosys()
memory: fsl_ifc: fix leak of IO mapping on probe failure
memory: fsl_ifc: fix leak of private memory on probe failure
scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe()
mips: disable branch profiling in boot/decompress.o
MIPS: vdso: Invalid GIC access through VDSO
seq_file: disallow extremely large seq buffer allocations
Linux 4.4.276
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: If7756927f46fbb8a74337ee1eae8031c0d3579e2
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[ Upstream commit cec7f1774605a5ef47c134af62afe7c75c30b0ee ]
The virtio_gpu_init() will free vgdev and vgdev->vbufs on failure.
But such failure will be caught by virtio_gpu_probe() and then
virtio_gpu_release() will be called to do some cleanup which
will free vgdev and vgdev->vbufs again. So let's set dev->dev_private
to NULL to avoid double free.
Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20210517084913.403-2-xieyongji@bytedance.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[ Upstream commit fbbf23ddb2a1cc0c12c9f78237d1561c24006f50 ]
The object surf is not fully initialized and the uninitialized
field surf.data is being copied by the call to qxl_bo_create
via the call to qxl_gem_object_create. Set surf.data to zero
to ensure garbage data from the stack is not being copied.
Addresses-Coverity: ("Uninitialized scalar variable")
Fixes: f64122c1f6ad ("drm: add new QXL driver. (v1.4)")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20210608161313.161922-1-colin.king@canonical.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | |\|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changes in 4.4.275
scsi: sr: Return appropriate error code when disk is ejected
drm/nouveau: fix dma_address check for CPU/GPU sync
xen/events: reset active flag for lateeoi events later
arm: kprobes: Allow to handle reentered kprobe on single-stepping
Linux 4.4.275
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I1e8c44b8a261a4549080c42a7970fd64554d9853
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[ Upstream commit d330099115597bbc238d6758a4930e72b49ea9ba ]
AGP for example doesn't have a dma_address array.
Signed-off-by: Christian König <christian.koenig@amd.com>
Acked-by: Alex Deucher <alexander.deucher@amd.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20210614110517.1624-1-christian.koenig@amd.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| |\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
https://android.googlesource.com/kernel/common into lineage-18.1-caf-msm8998
This brings LA.UM.9.2.r1-03400-SDMxx0.0 up to date with
https://android.googlesource.com/kernel/common/ android-4.4-p at commit:
b5f0035416310 Merge 4.4.274 into android-4.4-p
Conflicts:
include/linux/spi/spi.h
Change-Id: I3daac7891ee93c70ffe08b7e70b77e8b2989af67
|
| | |\|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changes in 4.4.274
HID: hid-sensor-hub: Return error for hid_set_field() failure
HID: Add BUS_VIRTUAL to hid_connect logging
HID: usbhid: fix info leak in hid_submit_ctrl
ARM: OMAP2+: Fix build warning when mmc_omap is not built
HID: gt683r: add missing MODULE_DEVICE_TABLE
gfs2: Fix use-after-free in gfs2_glock_shrink_scan
scsi: target: core: Fix warning on realtime kernels
ethernet: myri10ge: Fix missing error code in myri10ge_probe()
net: ipconfig: Don't override command-line hostnames or domains
rtnetlink: Fix missing error code in rtnl_bridge_notify()
net/x25: Return the correct errno code
net: Return the correct errno code
fib: Return the correct errno code
dmaengine: stedma40: add missing iounmap() on error in d40_probe()
net: ipv4: fix memory leak in netlbl_cipsov4_add_std
net: rds: fix memory leak in rds_recvmsg
rtnetlink: Fix regression in bridge VLAN configuration
netfilter: synproxy: Fix out of bounds when parsing TCP options
net: stmmac: dwmac1000: Fix extended MAC address registers definition
qlcnic: Fix an error handling path in 'qlcnic_probe()'
netxen_nic: Fix an error handling path in 'netxen_nic_probe()'
net: cdc_ncm: switch to eth%d interface naming
net: usb: fix possible use-after-free in smsc75xx_bind
net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock
be2net: Fix an error handling path in 'be_probe()'
net: hamradio: fix memory leak in mkiss_close
net: cdc_eem: fix tx fixup skb leak
net: ethernet: fix potential use-after-free in ec_bhf_remove
scsi: core: Put .shost_dev in failure path if host state changes to RUNNING
radeon: use memcpy_to/fromio for UVD fw upload
can: bcm: fix infoleak in struct bcm_msg_head
tracing: Do no increment trace_clock_global() by one
PCI: Mark TI C667X to avoid bus reset
PCI: Mark some NVIDIA GPUs to avoid bus reset
dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc
net: fec_ptp: add clock rate zero check
can: bcm/raw/isotp: use per module netdevice notifier
tracing: Do not stop recording cmdlines when tracing is off
tracing: Do not stop recording comms if the trace file is being read
x86/fpu: Reset state for all signal restore failures
inet: use bigger hash table for IP ID generation
ARM: 9081/1: fix gcc-10 thumb2-kernel regression
Makefile: Move -Wno-unused-but-set-variable out of GCC only block
Revert "PCI: PM: Do not read power state in pci_enable_device_flags()"
cfg80211: call cfg80211_leave_ocb when switching away from OCB
mac80211: drop multicast fragments
ping: Check return value of function 'ping_queue_rcv_skb'
inet: annotate date races around sk->sk_txhash
net: caif: fix memory leak in ldisc_open
r8152: Avoid memcpy() over-reading of ETH_SS_STATS
sh_eth: Avoid memcpy() over-reading of ETH_SS_STATS
r8169: Avoid memcpy() over-reading of ETH_SS_STATS
net: ll_temac: Avoid ndo_start_xmit returning NETDEV_TX_BUSY
nilfs2: fix memory leak in nilfs_sysfs_delete_device_group
i2c: robotfuzz-osif: fix control-request directions
Linux 4.4.274
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I8ed74ec47e5cd175c4234738949286b4e1b7760a
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[ Upstream commit ab8363d3875a83f4901eb1cc00ce8afd24de6c85 ]
I met a gpu addr bug recently and the kernel log
tells me the pc is memcpy/memset and link register is
radeon_uvd_resume.
As we know, in some architectures, optimized memcpy/memset
may not work well on device memory. Trival memcpy_toio/memset_io
can fix this problem.
BTW, amdgpu has already done it in:
commit ba0b2275a678 ("drm/amdgpu: use memcpy_to/fromio for UVD fw upload"),
that's why it has no this issue on the same gpu and platform.
Signed-off-by: Chen Li <chenli@uniontech.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | |\|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changes in 4.4.271
mm, vmstat: drop zone->lock in /proc/pagetypeinfo
netfilter: x_tables: Use correct memory barriers.
NFC: nci: fix memory leak in nci_allocate_device
proc: Check /proc/$pid/attr/ writes against file opener
net: hso: fix control-request directions
mac80211: assure all fragments are encrypted
mac80211: prevent mixed key and fragment cache attacks
mac80211: properly handle A-MSDUs that start with an RFC 1042 header
cfg80211: mitigate A-MSDU aggregation attacks
mac80211: drop A-MSDUs on old ciphers
mac80211: add fragment cache to sta_info
mac80211: check defrag PN against current frame
mac80211: prevent attacks on TKIP/WEP as well
mac80211: do not accept/forward invalid EAPOL frames
mac80211: extend protection against mixed key and fragment cache attacks
dm snapshot: properly fix a crash when an origin has no snapshots
kgdb: fix gcc-11 warnings harder
misc/uss720: fix memory leak in uss720_probe
mei: request autosuspend after sending rx flow control
staging: iio: cdc: ad7746: avoid overwrite of num_channels
iio: adc: ad7793: Add missing error code in ad7793_setup()
USB: trancevibrator: fix control-request direction
serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait'
USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011
USB: serial: ftdi_sio: add IDs for IDS GmbH Products
USB: serial: pl2303: add device id for ADLINK ND-6530 GC
net: usb: fix memory leak in smsc75xx_bind
spi: Fix use-after-free with devm_spi_alloc_*
spi: spi-sh: Fix use-after-free on unbind
Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails
NFS: fix an incorrect limit in filelayout_decode_layout()
NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce()
NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config
net/mlx4: Fix EEPROM dump support
Revert "net:tipc: Fix a double free in tipc_sk_mcast_rcv"
tipc: skb_linearize the head skb when reassembling msgs
i2c: s3c2410: fix possible NULL pointer deref on read message after write
i2c: i801: Don't generate an interrupt on bus reset
platform/x86: hp_accel: Avoid invoking _INI to speed up resume
net: fujitsu: fix potential null-ptr-deref
net: caif: remove BUG_ON(dev == NULL) in caif_xmit
char: hpet: add checks after calling ioremap
isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io
libertas: register sysfs groups properly
media: dvb: Add check on sp8870_readreg return
media: gspca: properly check for errors in po1030_probe()
scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic
openrisc: Define memory barrier mb
btrfs: do not BUG_ON in link_to_fixup_dir
drm/amdgpu: Fix a use-after-free
net: netcp: Fix an error message
net: bnx2: Fix error return code in bnx2_init_board()
mld: fix panic in mld_newpack()
staging: emxx_udc: fix loop in _nbu2ss_nuke()
scsi: libsas: Use _safe() loop in sas_resume_port()
sch_dsmark: fix a NULL deref in qdisc_reset()
MIPS: alchemy: xxs1500: add gpio-au1000.h header file
MIPS: ralink: export rt_sysc_membase for rt2880_wdt.c
hugetlbfs: hugetlb_fault_mutex_hash() cleanup
bluetooth: eliminate the potential race condition when removing the HCI controller
usb: core: reduce power-on-good delay time of root hub
x86, asm: change the GEN_*_RMWcc() macros to not quote the condition
x86/asm: Add instruction suffixes to bitops
x86/entry/64: Add instruction suffix
Linux 4.4.271
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I4d2a335d92f357364741f729648d8946007ba04c
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[ Upstream commit 1e5c37385097c35911b0f8a0c67ffd10ee1af9a2 ]
looks like we forget to set ttm->sg to NULL.
Hit panic below
[ 1235.844104] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b7b4b: 0000 [#1] SMP DEBUG_PAGEALLOC NOPTI
[ 1235.989074] Call Trace:
[ 1235.991751] sg_free_table+0x17/0x20
[ 1235.995667] amdgpu_ttm_backend_unbind.cold+0x4d/0xf7 [amdgpu]
[ 1236.002288] amdgpu_ttm_backend_destroy+0x29/0x130 [amdgpu]
[ 1236.008464] ttm_tt_destroy+0x1e/0x30 [ttm]
[ 1236.013066] ttm_bo_cleanup_memtype_use+0x51/0xa0 [ttm]
[ 1236.018783] ttm_bo_release+0x262/0xa50 [ttm]
[ 1236.023547] ttm_bo_put+0x82/0xd0 [ttm]
[ 1236.027766] amdgpu_bo_unref+0x26/0x50 [amdgpu]
[ 1236.032809] amdgpu_amdkfd_gpuvm_alloc_memory_of_gpu+0x7aa/0xd90 [amdgpu]
[ 1236.040400] kfd_ioctl_alloc_memory_of_gpu+0xe2/0x330 [amdgpu]
[ 1236.046912] kfd_ioctl+0x463/0x690 [amdgpu]
Signed-off-by: xinhui pan <xinhui.pan@amd.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| |\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
https://android.googlesource.com/kernel/common into lineage-18.1-caf-msm8998
This brings LA.UM.9.2.r1-03300-SDMxx0.0 up to date with
https://android.googlesource.com/kernel/common/ android-4.4-p at commit:
3628cdd31199d Merge 4.4.270 into android-4.4-p
Conflicts:
drivers/mmc/core/core.c
drivers/usb/core/hub.c
kernel/trace/trace.c
Change-Id: I6b81471122341f9769ce9c65cbd0fedd5e908b38
|
| | |\|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changes in 4.4.269
timerfd: Reject ALARM timerfds without CAP_WAKE_ALARM
net: usb: ax88179_178a: initialize local variables before use
iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_enqueue_hcmd()
ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX
USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet
USB: Add reset-resume quirk for WD19's Realtek Hub
platform/x86: thinkpad_acpi: Correct thermal sensor allocation
s390/disassembler: increase ebpf disasm buffer size
ACPI: custom_method: fix potential use-after-free issue
ACPI: custom_method: fix a possible memory leak
ecryptfs: fix kernel panic with null dev_name
mmc: core: Do a power cycle when the CMD11 fails
mmc: core: Set read only for SD cards with permanent write protect bit
fbdev: zero-fill colormap in fbcmap.c
staging: wimax/i2400m: fix byte-order issue
usb: gadget: uvc: add bInterval checking for HS mode
PCI: PM: Do not read power state in pci_enable_device_flags()
x86/build: Propagate $(CLANG_FLAGS) to $(REALMODE_FLAGS)
spi: dln2: Fix reference leak to master
spi: omap-100k: Fix reference leak to master
intel_th: Consistency and off-by-one fix
phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove()
btrfs: convert logic BUG_ON()'s in replace_path to ASSERT()'s
scsi: target: pscsi: Fix warning in pscsi_complete_cmd()
media: ite-cir: check for receive overflow
media: media/saa7164: fix saa7164_encoder_register() memory leak bugs
media: gspca/sq905.c: fix uninitialized variable
media: em28xx: fix memory leak
clk: socfpga: arria10: Fix memory leak of socfpga_clk on error return
power: supply: generic-adc-battery: fix possible use-after-free in gab_remove()
power: supply: s3c_adc_battery: fix possible use-after-free in s3c_adc_bat_remove()
media: i2c: adv7511-v4l2: fix possible use-after-free in adv7511_remove()
media: dvb-usb: fix memory leak in dvb_usb_adapter_init
media: gscpa/stv06xx: fix memory leak
drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal
drm/amdgpu: fix NULL pointer dereference
scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO response
scsi: libfc: Fix a format specifier
ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer
ALSA: sb: Fix two use after free in snd_sb_qsound_build
arm64/vdso: Discard .note.gnu.property sections in vDSO
openvswitch: fix stack OOB read while fragmenting IPv4 packets
jffs2: Fix kasan slab-out-of-bounds problem
powerpc/eeh: Fix EEH handling for hugepages in ioremap space.
powerpc: fix EDEADLOCK redefinition error in uapi/asm/errno.h
jffs2: check the validity of dstlen in jffs2_zlib_compress()
ftrace: Handle commands when closing set_ftrace_filter file
ext4: fix check to prevent false positive report of incorrect used inodes
ext4: fix error code in ext4_commit_super
usb: gadget: dummy_hcd: fix gpf in gadget_setup
usb: gadget/function/f_fs string table fix for multiple languages
dm persistent data: packed struct should have an aligned() attribute too
dm space map common: fix division bug in sm_ll_find_free_block()
Bluetooth: verify AMP hci_chan before amp_destroy
hsr: use netdev_err() instead of WARN_ONCE()
net/nfc: fix use-after-free llcp_sock_bind/connect
FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR
misc: lis3lv02d: Fix false-positive WARN on various HP models
misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct
misc: vmw_vmci: explicitly initialize vmci_datagram payload
tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline()
tracing: Treat recording comm for idle task as a success
tracing: Map all PIDs to command lines
tracing: Restructure trace_clock_global() to never block
md: factor out a mddev_find_locked helper from mddev_find
md: md_open returns -EBUSY when entering racing area
ipw2x00: potential buffer overflow in libipw_wx_set_encodeext()
cfg80211: scan: drop entry from hidden_list on overflow
drm/radeon: fix copy of uninitialized variable back to userspace
ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries
ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries
ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries
ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices
KVM: s390: split kvm_s390_real_to_abs
usb: gadget: pch_udc: Revert d3cb25a12138 completely
memory: gpmc: fix out of bounds read and dereference on gpmc_cs[]
ARM: dts: exynos: correct PMIC interrupt trigger level on SMDK5250
ARM: dts: exynos: correct PMIC interrupt trigger level on Snow
usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits()
usb: gadget: pch_udc: Check if driver is present before calling ->setup()
usb: gadget: pch_udc: Check for DMA mapping error
crypto: qat - don't release uninitialized resources
fotg210-udc: Fix DMA on EP0 for length > max packet size
fotg210-udc: Fix EP0 IN requests bigger than two packets
fotg210-udc: Remove a dubious condition leading to fotg210_done
fotg210-udc: Mask GRP2 interrupts we don't handle
fotg210-udc: Don't DMA more than the buffer can take
fotg210-udc: Complete OUT requests on short packets
mtd: require write permissions for locking and badblock ioctls
crypto: qat - fix error path in adf_isr_resource_alloc()
staging: rtl8192u: Fix potential infinite loop
crypto: qat - Fix a double free in adf_create_ring
usb: gadget: r8a66597: Add missing null check on return from platform_get_resource
USB: cdc-acm: fix unprivileged TIOCCSERIAL
tty: fix return value for unsupported ioctls
ttyprintk: Add TTY hangup callback.
media: vivid: fix assignment of dev->fbuf_out_flags
media: omap4iss: return error code when omap4iss_get() failed
media: m88rs6000t: avoid potential out-of-bounds reads on arrays
pata_arasan_cf: fix IRQ check
pata_ipx4xx_cf: fix IRQ check
sata_mv: add IRQ checks
ata: libahci_platform: fix IRQ check
scsi: fcoe: Fix mismatched fcoe_wwn_from_mac declaration
media: dvb-usb-remote: fix dvb_usb_nec_rc_key_to_event type mismatch
scsi: jazz_esp: Add IRQ check
scsi: sun3x_esp: Add IRQ check
scsi: sni_53c710: Add IRQ check
HSI: core: fix resource leaks in hsi_add_client_from_dt()
x86/events/amd/iommu: Fix sysfs type mismatch
HID: plantronics: Workaround for double volume key presses
net: lapbether: Prevent racing when checking whether the netif is running
powerpc/prom: Mark identical_pvr_fixup as __init
ALSA: core: remove redundant spin_lock pair in snd_card_disconnect
nfc: pn533: prevent potential memory corruption
ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls
powerpc: iommu: fix build when neither PCI or IBMVIO is set
mac80211: bail out if cipher schemes are invalid
mt7601u: fix always true expression
net: thunderx: Fix unintentional sign extension issue
i2c: cadence: add IRQ check
i2c: jz4780: add IRQ check
i2c: sh7760: add IRQ check
powerpc/pseries: extract host bridge from pci_bus prior to bus removal
i2c: sh7760: fix IRQ error path
mwl8k: Fix a double Free in mwl8k_probe_hw
vsock/vmci: log once the failed queue pair allocation
net: davinci_emac: Fix incorrect masking of tx and rx error channel
ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices
powerpc/52xx: Fix an invalid ASM expression ('addi' used instead of 'add')
net:nfc:digital: Fix a double free in digital_tg_recv_dep_req
kfifo: fix ternary sign extension bugs
Revert "net/sctp: fix race condition in sctp_destroy_sock"
sctp: delay auto_asconf init until binding the first addr
fs: dlm: fix debugfs dump
tipc: convert dest node's address to network order
net: stmmac: Set FIFO sizes for ipq806x
ALSA: hdsp: don't disable if not enabled
ALSA: hdspm: don't disable if not enabled
ALSA: rme9652: don't disable if not enabled
Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default
Bluetooth: initialize skb_queue_head at l2cap_chan_create()
ip6_vti: proper dev_{hold|put} in ndo_[un]init methods
mac80211: clear the beacon's CRC after channel switch
cuse: prevent clone
selftests: Set CC to clang in lib.mk if LLVM is set
kconfig: nconf: stop endless search loops
sctp: Fix out-of-bounds warning in sctp_process_asconf_param()
ASoC: rt286: Generalize support for ALC3263 codec
wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt
wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join
powerpc/iommu: Annotate nested lock for lockdep
ASoC: rt286: Make RT286_SET_GPIO_* readable and writable
PCI: Release OF node in pci_scan_device()'s error path
NFS: Deal correctly with attribute generation counter overflow
pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()
NFSv4.2 fix handling of sr_eof in SEEK's reply
sctp: fix a SCTP_MIB_CURRESTAB leak in sctp_sf_do_dupcook_b
drm/radeon: Fix off-by-one power_state index heap overwrite
ksm: fix potential missing rmap_item for stable_node
kernel: kexec_file: fix error return code of kexec_calculate_store_digests()
ARC: entry: fix off-by-one error in syscall number validation
powerpc/64s: Fix crashes when toggling entry flush barrier
squashfs: fix divide error in calculate_skip()
usb: fotg210-hcd: Fix an error message
usb: xhci: Increase timeout for HC halt
usb: dwc2: Fix gadget DMA unmap direction
usb: core: hub: fix race condition about TRSMRCY of resume
KVM: x86: Cancel pvclock_gtod_work on module removal
FDDI: defxx: Make MMIO the configuration default except for EISA
thermal/core/fair share: Lock the thermal zone while looping over instances
dm ioctl: fix out of bounds array access when no devices
kobject_uevent: remove warning in init_uevent_argv()
x86/msr: Fix wr/rdmsr_safe_regs_on_cpu() prototypes
kgdb: fix gcc-11 warning on indentation
usb: sl811-hcd: improve misleading indentation
cxgb4: Fix the -Wmisleading-indentation warning
isdn: capi: fix mismatched prototypes
ACPI / hotplug / PCI: Fix reference count leak in enable_slot()
um: Mark all kernel symbols as local
ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP
sit: proper dev_{hold|put} in ndo_[un]init methods
ip6_tunnel: sit: proper dev_{hold|put} in ndo_[un]init methods
ipv6: remove extra dev_hold() for fallback tunnels
xhci: Do not use GFP_KERNEL in (potentially) atomic context
iio: tsl2583: Fix division by a zero lux_val
Linux 4.4.269
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ifc6e8ab285aa71c13faa3c5002c25c5e33110b47
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[ Upstream commit 5bbf219328849e83878bddb7c226d8d42e84affc ]
An out of bounds write happens when setting the default power state.
KASAN sees this as:
[drm] radeon: 512M of GTT memory ready.
[drm] GART: num cpu pages 131072, num gpu pages 131072
==================================================================
BUG: KASAN: slab-out-of-bounds in
radeon_atombios_parse_power_table_1_3+0x1837/0x1998 [radeon]
Write of size 4 at addr ffff88810178d858 by task systemd-udevd/157
CPU: 0 PID: 157 Comm: systemd-udevd Not tainted 5.12.0-E620 #50
Hardware name: eMachines eMachines E620 /Nile , BIOS V1.03 09/30/2008
Call Trace:
dump_stack+0xa5/0xe6
print_address_description.constprop.0+0x18/0x239
kasan_report+0x170/0x1a8
radeon_atombios_parse_power_table_1_3+0x1837/0x1998 [radeon]
radeon_atombios_get_power_modes+0x144/0x1888 [radeon]
radeon_pm_init+0x1019/0x1904 [radeon]
rs690_init+0x76e/0x84a [radeon]
radeon_device_init+0x1c1a/0x21e5 [radeon]
radeon_driver_load_kms+0xf5/0x30b [radeon]
drm_dev_register+0x255/0x4a0 [drm]
radeon_pci_probe+0x246/0x2f6 [radeon]
pci_device_probe+0x1aa/0x294
really_probe+0x30e/0x850
driver_probe_device+0xe6/0x135
device_driver_attach+0xc1/0xf8
__driver_attach+0x13f/0x146
bus_for_each_dev+0xfa/0x146
bus_add_driver+0x2b3/0x447
driver_register+0x242/0x2c1
do_one_initcall+0x149/0x2fd
do_init_module+0x1ae/0x573
load_module+0x4dee/0x5cca
__do_sys_finit_module+0xf1/0x140
do_syscall_64+0x33/0x40
entry_SYSCALL_64_after_hwframe+0x44/0xae
Without KASAN, this will manifest later when the kernel attempts to
allocate memory that was stomped, since it collides with the inline slab
freelist pointer:
invalid opcode: 0000 [#1] SMP NOPTI
CPU: 0 PID: 781 Comm: openrc-run.sh Tainted: G W 5.10.12-gentoo-E620 #2
Hardware name: eMachines eMachines E620 /Nile , BIOS V1.03 09/30/2008
RIP: 0010:kfree+0x115/0x230
Code: 89 c5 e8 75 ea ff ff 48 8b 00 0f ba e0 09 72 63 e8 1f f4 ff ff 41 89 c4 48 8b 45 00 0f ba e0 10 72 0a 48 8b 45 08 a8 01 75 02 <0f> 0b 44 89 e1 48 c7 c2 00 f0 ff ff be 06 00 00 00 48 d3 e2 48 c7
RSP: 0018:ffffb42f40267e10 EFLAGS: 00010246
RAX: ffffd61280ee8d88 RBX: 0000000000000004 RCX: 000000008010000d
RDX: 4000000000000000 RSI: ffffffffba1360b0 RDI: ffffd61280ee8d80
RBP: ffffd61280ee8d80 R08: ffffffffb91bebdf R09: 0000000000000000
R10: ffff8fe2c1047ac8 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000100
FS: 00007fe80eff6b68(0000) GS:ffff8fe339c00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fe80eec7bc0 CR3: 0000000038012000 CR4: 00000000000006f0
Call Trace:
__free_fdtable+0x16/0x1f
put_files_struct+0x81/0x9b
do_exit+0x433/0x94d
do_group_exit+0xa6/0xa6
__x64_sys_exit_group+0xf/0xf
do_syscall_64+0x33/0x40
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7fe80ef64bea
Code: Unable to access opcode bytes at RIP 0x7fe80ef64bc0.
RSP: 002b:00007ffdb1c47528 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fe80ef64bea
RDX: 00007fe80ef64f60 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: 00007fe80ee2c620 R11: 0000000000000246 R12: 00007fe80eff41e0
R13: 00000000ffffffff R14: 0000000000000024 R15: 00007fe80edf9cd0
Modules linked in: radeon(+) ath5k(+) snd_hda_codec_realtek ...
Use a valid power_state index when initializing the "flags" and "misc"
and "misc2" fields.
Bug: https://bugzilla.kernel.org/show_bug.cgi?id=211537
Reported-by: Erhard F. <erhard_f@mailbox.org>
Fixes: a48b9b4edb8b ("drm/radeon/kms/pm: add asic specific callbacks for getting power state (v2)")
Fixes: 79daedc94281 ("drm/radeon/kms: minor pm cleanups")
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
commit 8dbc2ccac5a65c5b57e3070e36a3dc97c7970d96 upstream.
Currently the ioctl command RADEON_INFO_SI_BACKEND_ENABLED_MASK can
copy back uninitialised data in value_tmp that pointer *value points
to. This can occur when rdev->family is less than CHIP_BONAIRE and
less than CHIP_TAHITI. Fix this by adding in a missing -EINVAL
so that no invalid value is copied back to userspace.
Addresses-Coverity: ("Uninitialized scalar variable)
Cc: stable@vger.kernel.org # 3.13+
Fixes: 439a1cfffe2c ("drm/radeon: expose render backend mask to the userspace")
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[ Upstream commit 3c3dc654333f6389803cdcaf03912e94173ae510 ]
ttm->sg needs to be checked before accessing its child member.
Call Trace:
amdgpu_ttm_backend_destroy+0x12/0x70 [amdgpu]
ttm_bo_cleanup_memtype_use+0x3a/0x60 [ttm]
ttm_bo_release+0x17d/0x300 [ttm]
amdgpu_bo_unref+0x1a/0x30 [amdgpu]
amdgpu_amdkfd_gpuvm_alloc_memory_of_gpu+0x78b/0x8b0 [amdgpu]
kfd_ioctl_alloc_memory_of_gpu+0x118/0x220 [amdgpu]
kfd_ioctl+0x222/0x400 [amdgpu]
? kfd_dev_is_large_bar+0x90/0x90 [amdgpu]
__x64_sys_ioctl+0x8e/0xd0
? __context_tracking_exit+0x52/0x90
do_syscall_64+0x33/0x80
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f97f264d317
Code: b3 66 90 48 8b 05 71 4b 2d 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 41 4b 2d 00 f7 d8 64 89 01 48
RSP: 002b:00007ffdb402c338 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f97f3cc63a0 RCX: 00007f97f264d317
RDX: 00007ffdb402c380 RSI: 00000000c0284b16 RDI: 0000000000000003
RBP: 00007ffdb402c380 R08: 00007ffdb402c428 R09: 00000000c4000004
R10: 00000000c4000004 R11: 0000000000000246 R12: 00000000c0284b16
R13: 0000000000000003 R14: 00007f97f3cc63a0 R15: 00007f8836200000
Signed-off-by: Guchun Chen <guchun.chen@amd.com>
Acked-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[ Upstream commit 2ad52bdb220de5ab348098e3482b01235d15a842 ]
Leaving this at a close-to-maximum register value 0xFFF0 means it takes
very long for the MDSS to generate a software vsync interrupt when the
hardware TE interrupt doesn't arrive. Configuring this to double the
vtotal (like some downstream kernels) leads to a frame to take at most
twice before the vsync signal, until hardware TE comes up.
In this case the hardware interrupt responsible for providing this
signal - "disp-te" gpio - is not hooked up to the mdp5 vsync/pp logic at
all. This solves severe panel update issues observed on at least the
Xperia Loire and Tone series, until said gpio is properly hooked up to
an irq.
Suggested-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@somainline.org>
Signed-off-by: Marijn Suijten <marijn.suijten@somainline.org>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@somainline.org>
Link: https://lore.kernel.org/r/20210406214726.131534-2-marijn.suijten@somainline.org
Signed-off-by: Rob Clark <robdclark@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| |\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
https://android.googlesource.com/kernel/common into lineage-18.1-caf-msm8998
This brings LA.UM.9.2.r1-02700-SDMxx0.0 up to date with
https://android.googlesource.com/kernel/common/ android-4.4-p at commit:
f5978a07daf67 Merge 4.4.267 into android-4.4-p
Conflicts:
arch/alpha/include/asm/Kbuild
drivers/mmc/core/mmc.c
drivers/usb/gadget/configfs.c
Change-Id: I978d923e97c18f284edbd32c0c19ac70002f7d83
|
| | |\|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changes in 4.4.267
iio: hid-sensor-prox: Fix scale not correct issue
ALSA: aloop: Fix initialization of controls
nfc: fix refcount leak in llcp_sock_bind()
nfc: fix refcount leak in llcp_sock_connect()
nfc: fix memory leak in llcp_sock_connect()
nfc: Avoid endless loops caused by repeated llcp_sock_connect()
xen/evtchn: Change irq_info lock to raw_spinlock_t
net: ipv6: check for validity before dereferencing cfg->fc_nlinfo.nlh
ia64: fix user_stack_pointer() for ptrace()
fs: direct-io: fix missing sdio->boundary
parisc: parisc-agp requires SBA IOMMU driver
batman-adv: initialize "struct batadv_tvlv_tt_vlan_data"->reserved field
net: sched: sch_teql: fix null-pointer dereference
sch_red: fix off-by-one checks in red_check_params()
gianfar: Handle error code at MAC address change
net:tipc: Fix a double free in tipc_sk_mcast_rcv
clk: fix invalid usage of list cursor in unregister
workqueue: Move the position of debug_work_activate() in __queue_work()
s390/cpcmd: fix inline assembly register clobbering
RDMA/cxgb4: check for ipv6 address properly while destroying listener
clk: socfpga: fix iomem pointer cast on 64-bit
cfg80211: remove WARN_ON() in cfg80211_sme_connect
net: tun: set tun->dev->addr_len during TUNSETLINK processing
drivers: net: fix memory leak in atusb_probe
drivers: net: fix memory leak in peak_usb_create_dev
net: mac802154: Fix general protection fault
net: ieee802154: nl-mac: fix check on panid
net: ieee802154: fix nl802154 del llsec key
net: ieee802154: fix nl802154 del llsec dev
net: ieee802154: fix nl802154 add llsec key
net: ieee802154: fix nl802154 del llsec devkey
net: ieee802154: forbid monitor for set llsec params
net: ieee802154: forbid monitor for del llsec seclevel
net: ieee802154: stop dump llsec params for monitors
drm/imx: imx-ldb: fix out of bounds array access warning
netfilter: x_tables: fix compat match/target pad out-of-bound write
perf map: Tighten snprintf() string precision to pass gcc check on some 32-bit arches
xen/events: fix setting irq affinity
Linux 4.4.267
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I44849e85c0ceefb93e82ad6dac346bd4cd898eba
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[ Upstream commit 33ce7f2f95cabb5834cf0906308a5cb6103976da ]
When CONFIG_OF is disabled, building with 'make W=1' produces warnings
about out of bounds array access:
drivers/gpu/drm/imx/imx-ldb.c: In function 'imx_ldb_set_clock.constprop':
drivers/gpu/drm/imx/imx-ldb.c:186:8: error: array subscript -22 is below array bounds of 'struct clk *[4]' [-Werror=array-bounds]
Add an error check before the index is used, which helps with the
warning, as well as any possible other error condition that may be
triggered at runtime.
The warning could be fixed by adding a Kconfig depedency on CONFIG_OF,
but Liu Ying points out that the driver may hit the out-of-bounds
problem at runtime anyway.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Liu Ying <victor.liu@nxp.com>
Signed-off-by: Philipp Zabel <p.zabel@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| |\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
https://android.googlesource.com/kernel/common into lineage-18.1-caf-msm8998
This brings LA.UM.9.2.r1-02700-SDMxx0.0 up to date with
https://android.googlesource.com/kernel/common/ android-4.4-p at commit:
58bc8e0469d08 Merge 4.4.261 into android-4.4-p
Conflicts:
drivers/block/zram/zram_drv.c
drivers/block/zram/zram_drv.h
mm/zsmalloc.c
Change-Id: I451bffa685eaaea04938bc6d0b8e3f4bb0f869e9
|
| | |\|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changes in 4.4.259
HID: make arrays usage and value to be the same
usb: quirks: add quirk to start video capture on ELMO L-12F document camera reliable
xen-netback: delete NAPI instance when queue fails to initialize
ntfs: check for valid standard information attribute
igb: Remove incorrect "unexpected SYS WRAP" log message
scripts/recordmcount.pl: support big endian for ARCH sh
kdb: Make memory allocations more robust
MIPS: vmlinux.lds.S: add missing PAGE_ALIGNED_DATA() section
Bluetooth: Fix initializing response id after clearing struct
ARM: dts: exynos: correct PMIC interrupt trigger level on Spring
ARM: dts: exynos: correct PMIC interrupt trigger level on Arndale Octa
Bluetooth: drop HCI device reference before return
Bluetooth: Put HCI device if inquiry procedure interrupts
usb: dwc2: Abort transaction after errors with unknown reason
usb: dwc2: Make "trimming xfer length" a debug message
ARM: s3c: fix fiq for clang IAS
bnxt_en: reverse order of TX disable and carrier off
xen/netback: fix spurious event detection for common event case
b43: N-PHY: Fix the update of coef for the PHY revision >= 3case
fbdev: aty: SPARC64 requires FB_ATY_CT
drm/gma500: Fix error return code in psb_driver_load()
gma500: clean up error handling in init
MIPS: c-r4k: Fix section mismatch for loongson2_sc_init
MIPS: lantiq: Explicitly compare LTQ_EBU_PCC_ISTAT against 0
media: media/pci: Fix memleak in empress_init
media: tm6000: Fix memleak in tm6000_start_stream
ASoC: cs42l56: fix up error handling in probe
media: lmedm04: Fix misuse of comma
media: cx25821: Fix a bug when reallocating some dma memory
media: uvcvideo: Accept invalid bFormatIndex and bFrameIndex values
btrfs: clarify error returns values in __load_free_space_cache
fs/jfs: fix potential integer overflow on shift of a int
jffs2: fix use after free in jffs2_sum_write_data()
clk: meson: clk-pll: fix initializing the old rate (fallback) for a PLL
HID: core: detect and skip invalid inputs to snto32()
dmaengine: fsldma: Fix a resource leak in the remove function
dmaengine: fsldma: Fix a resource leak in an error handling path of the probe function
clocksource/drivers/mxs_timer: Add missing semicolon when DEBUG is defined
regulator: axp20x: Fix reference cout leak
isofs: release buffer head before return
IB/umad: Return EIO in case of when device disassociated
powerpc/47x: Disable 256k page size
mmc: usdhi6rol0: Fix a resource leak in the error handling path of the probe
ARM: 9046/1: decompressor: Do not clear SCTLR.nTLSMD for ARMv7+ cores
amba: Fix resource leak for drivers without .remove
tracepoint: Do not fail unregistering a probe due to memory failure
mfd: wm831x-auxadc: Prevent use after free in wm831x_auxadc_read_irq()
powerpc/pseries/dlpar: handle ibm, configure-connector delay status
perf intel-pt: Fix missing CYC processing in PSB
perf test: Fix unaligned access in sample parsing test
Input: elo - fix an error code in elo_connect()
sparc64: only select COMPAT_BINFMT_ELF if BINFMT_ELF is set
misc: eeprom_93xx46: Fix module alias to enable module autoprobe
misc: eeprom_93xx46: Add module alias to avoid breaking support for non device tree users
VMCI: Use set_page_dirty_lock() when unregistering guest memory
PCI: Align checking of syscall user config accessors
mm/memory.c: fix potential pte_unmap_unlock pte error
mm/hugetlb: fix potential double free in hugetlb_register_node() error path
i2c: brcmstb: Fix brcmstd_send_i2c_cmd condition
scsi: bnx2fc: Fix Kconfig warning & CNIC build errors
block: Move SECTOR_SIZE and SECTOR_SHIFT definitions into <linux/blkdev.h>
blk-settings: align max_sectors on "logical_block_size" boundary
Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S
Input: joydev - prevent potential read overflow in ioctl
Input: i8042 - add ASUS Zenbook Flip to noselftest list
USB: serial: option: update interface mapping for ZTE P685M
USB: serial: mos7840: fix error code in mos7840_write()
USB: serial: mos7720: fix error code in mos7720_write()
usb: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1
usb: dwc3: gadget: Fix dep->interval for fullspeed interrupt
KEYS: trusted: Fix migratable=1 failing
btrfs: fix reloc root leak with 0 ref reloc roots on recovery
drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue
staging: rtl8188eu: Add Edimax EW-7811UN V2 to device table
x86/reboot: Force all cpus to exit VMX root if VMX is supported
floppy: reintroduce O_NDELAY fix
mm: hugetlb: fix a race between freeing and dissolving the page
usb: renesas_usbhs: Clear pipe running flag in usbhs_pkt_pop()
libnvdimm/dimm: Avoid race between probe and available_slots_show()
module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols
gpio: pcf857x: Fix missing first interrupt
f2fs: fix out-of-repair __setattr_copy()
sparc32: fix a user-triggerable oops in clear_user()
gfs2: Don't skip dlm unlock if glock has an lvb
dm era: Recover committed writeset after crash
dm era: Verify the data block size hasn't changed
dm era: Fix bitset memory leaks
dm era: Use correct value size in equality function of writeset tree
dm era: Reinitialize bitset cache before digesting a new writeset
dm era: only resize metadata in preresume
futex: Fix OWNER_DEAD fixup
dm era: Update in-core bitset after committing the metadata
Linux 4.4.259
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I9105f90e1b63990a4db7a241f6568c14ca8fe8b2
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[ Upstream commit 15ccc39b3aab667c6fa131206f01f31bfbccdf6a ]
The main problem with this error handling was that it didn't clean up if
i2c_add_numbered_adapter() failed. This code is pretty old, and doesn't
match with today's checkpatch.pl standards so I took the opportunity to
tidy it up a bit. I changed the NULL comparison, and removed the
WARNING message if kzalloc() fails and updated the label names.
Fixes: 1b082ccf5901 ("gma500: Add Oaktrail support")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Patrik Jakobsson <patrik.r.jakobsson@gmail.com>
Link: https://patchwork.freedesktop.org/patch/msgid/X8ikkAqZfnDO2lu6@mwanda
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[ Upstream commit 6926872ae24452d4f2176a3ba2dee659497de2c4 ]
Fix to return a negative error code from the error handling
case instead of 0, as done elsewhere in this function.
Fixes: 5c49fd3aa0ab ("gma500: Add the core DRM files and headers")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: https://patchwork.freedesktop.org/patch/msgid/20201130020216.1906141-1-zhangjialin11@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| |\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
https://android.googlesource.com/kernel/common into lineage-18.1-caf-msm8998
This brings LA.UM.9.2.r1-02000-SDMxx0.0 up to date with
https://android.googlesource.com/kernel/common/ android-4.4-p at commit:
0566f6529a7b8 Merge 4.4.255 into android-4.4-p
Conflicts:
drivers/scsi/ufs/ufshcd.c
drivers/usb/gadget/function/f_accessory.c
drivers/usb/gadget/function/f_uac2.c
net/core/skbuff.c
Change-Id: I327c7f3793e872609f33f2a8e70eba7b580d70f3
|
| | |\|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changes in 4.4.254
ALSA: seq: oss: Fix missing error check in snd_seq_oss_synth_make_info()
ALSA: hda/via: Add minimum mute flag
ACPI: scan: Make acpi_bus_get_device() clear return pointer on error
dm: avoid filesystem lookup in dm_get_dev_t()
ASoC: Intel: haswell: Add missing pm_ops
scsi: ufs: Correct the LUN used in eh_device_reset_handler() callback
drm/nouveau/bios: fix issue shadowing expansion ROMs
drm/nouveau/i2c/gm200: increase width of aux semaphore owner fields
can: dev: can_restart: fix use after free bug
iio: ad5504: Fix setting power-down state
ehci: fix EHCI host controller initialization sequence
usb: bdc: Make bdc pci driver depend on BROKEN
xhci: make sure TRB is fully written before giving it to the controller
compiler.h: Raise minimum version of GCC to 5.1 for arm64
netfilter: rpfilter: mask ecn bits before fib lookup
sh: dma: fix kconfig dependency for G2_DMA
sh_eth: Fix power down vs. is_opened flag ordering
skbuff: back tiny skbs with kmalloc() in __netdev_alloc_skb() too
ipv6: create multicast route with RTPROT_KERNEL
net_sched: avoid shift-out-of-bounds in tcindex_set_parms()
Revert "mm/slub: fix a memory leak in sysfs_slab_add()"
tracing: Fix race in trace_open and buffer resize call
xen-blkback: set ring->xenblkd to NULL after kthread_stop()
x86/boot/compressed: Disable relocation relaxation
Linux 4.4.254
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I5c2c0aa786edf056b06865a620cc59c367b1a90f
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[ Upstream commit ba6e9ab0fcf3d76e3952deb12b5f993991621d9c ]
Noticed while debugging GA102.
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[ Upstream commit 402a89660e9dc880710b12773076a336c9dab3d7 ]
This issue has generally been covered up by the presence of additional
expansion ROMs after the ones we're interested in, with header fetches
of subsequent images loading enough of the ROM to hide the issue.
Noticed on GA102, which lacks a type 0x70 image compared to TU102,.
[ 906.364197] nouveau 0000:09:00.0: bios: 00000000: type 00, 65024 bytes
[ 906.381205] nouveau 0000:09:00.0: bios: 0000fe00: type 03, 91648 bytes
[ 906.405213] nouveau 0000:09:00.0: bios: 00026400: type e0, 22016 bytes
[ 906.410984] nouveau 0000:09:00.0: bios: 0002ba00: type e0, 366080 bytes
vs
[ 22.961901] nouveau 0000:09:00.0: bios: 00000000: type 00, 60416 bytes
[ 22.984174] nouveau 0000:09:00.0: bios: 0000ec00: type 03, 71168 bytes
[ 23.010446] nouveau 0000:09:00.0: bios: 00020200: type e0, 48128 bytes
[ 23.028220] nouveau 0000:09:00.0: bios: 0002be00: type e0, 140800 bytes
[ 23.080196] nouveau 0000:09:00.0: bios: 0004e400: type 70, 7168 bytes
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
