Pull SIGCHLD fix from Eric Biederman:
"Christof Meerwald reported that do_notify_parent has not been
successfully populating si_pid and si_uid for multi-threaded
processes.
This is the one-liner fix. Strictly speaking a one-liner plus
comment"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
signal: Avoid corrupting si_pid and si_uid in do_notify_parent
In the absence of MC1, the size calculation function
cudbg_mem_region_size() was returing wrong MC size and
resulted in adapter crash. This patch adds new argument
to cudbg_mem_region_size() which will have actual size
and returns error to caller in the absence of MC1.
Fixes: a1c69520f7 ("cxgb4: collect MC memory dump")
Signed-off-by: Vishal Kulkarni <vishal@chelsio.com>"
Signed-off-by: David S. Miller <davem@davemloft.net>
Sabrina Dubroca says:
====================
net: vxlan/geneve: use the correct nlattr array for extack
The ->validate callbacks for vxlan and geneve have a couple of typos
in extack, where the nlattr array for IFLA_* attributes is used
instead of the link-specific one.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
IFLA_GENEVE_* attributes are in the data array, which is correctly
used when fetching the value, but not when setting the extended
ack. Because IFLA_GENEVE_MAX < IFLA_MAX, we avoid out of bounds
array accesses, but we don't provide a pointer to the invalid
attribute to userspace.
Fixes: a025fb5f49 ("geneve: Allow configuration of DF behaviour")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
IFLA_VXLAN_* attributes are in the data array, which is correctly
used when fetching the value, but not when setting the extended
ack. Because IFLA_VXLAN_MAX < IFLA_MAX, we avoid out of bounds
array accesses, but we don't provide a pointer to the invalid
attribute to userspace.
Fixes: 653ef6a3e4 ("vxlan: change vxlan_[config_]validate() to use netlink_ext_ack for error reporting")
Fixes: b4d3069783 ("vxlan: Allow configuration of DF behaviour")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
The mlxsw_sp_acl_rulei_create() function is supposed to return an error
pointer from mlxsw_afa_block_create(). The problem is that these
functions both return NULL instead of error pointers. Half the callers
expect NULL and half expect error pointers so it could lead to a NULL
dereference on failure.
This patch changes both of them to return error pointers and changes all
the callers which checked for NULL to check for IS_ERR() instead.
Fixes: 4cda7d8d70 ("mlxsw: core: Introduce flexible actions support")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The MV_V2_PORT_CTRL_SWRST bit in MV_V2_PORT_CTRL is reserved on 88E2110.
Setting SWRST on 88E2110 breaks packets transfer after interface down/up
cycle.
Fixes: 8f48c2ac85 ("net: marvell10g: soft-reset the PHY when coming out of low power")
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: David S. Miller <davem@davemloft.net>
-----BEGIN PGP SIGNATURE-----
iQJIBAABCgAyFiEEgMe7l+5h9hnxdsnuWYigwDrT+vwFAl6h0I4UHGJoZWxnYWFz
QGdvb2dsZS5jb20ACgkQWYigwDrT+vz20hAAhpyBY+XgFZDxr3Tw7YqD72cDV0jK
ojyNF6QwIG1g93LEM02WGAk4PqW/NWWBy1jldOo7CTGbRb+0wSAfv1IggLYCYjaW
qUaeENuKE7SQB6JpKSBNn6C1peWy+BgA22aXlsnqii5SSyHPZ8JfpZNhnwc7p9Xm
q6zlFeUZ8EaLjupobSUeSqvCYACBwoV8leBnLuzW1MVpJDZAdvNIvSQeWzCJ8KPX
zVhq7j6ut8Yuvex+2Fh6F6ZAAcLE4DwBQ/oMHbcJQcqYmorhLH8YClW2sd7AyZCz
4YiUkia/6jA6ndD5hza5pK1OzKKe/2sM1LO+id9VoCDwZNceTbEscUydxMFa49dj
qb7AgZQ5vNAtSn6gkwY1PH/M+11dUZRTvSEDbDLeaux2zoqbm4kKOXjGWEBRV/em
dklAmsHgOwalHNxcHBAhbSc09orznse73sx/9hAuI2qnsAqVYqrdKrM3w42bhS+v
4Fy0EihK02GWcZOimTxQB8fH6Po5czKPj8CV0MdBXbP/0e1P9jqhCEgASm6JGUSD
WyC0arnEqLogV18mkoYEa+XyRHeu7XSd57AxrZ07kHgq71Q4qdbqWlnnqjQQjT3j
zPR5lcHYqYfhW5tZnoETsMq6KXt8QYL/dTJEMMG3JFo6wgCAWvx5gcCRgTltrVcL
43+E4PcZYZu5yMI=
=aONb
-----END PGP SIGNATURE-----
Merge tag 'pci-v5.7-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci
Pull PCI fixes from Bjorn Helgaas:
- Workaround Apex TPU class code issue that prevents resource
assignment (Bjorn Helgaas)
- Update MAINTAINERS to add Rob Herring for native PCI controller
drivers (Lorenzo Pieralisi)
* tag 'pci-v5.7-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
MAINTAINERS: Add Rob Herring and remove Andy Murray as PCI reviewers
PCI: Move Apex Edge TPU class quirk to fix BAR assignment
A few smaller fixes for v5.7-rc3: The majority are fixes for bugs I found
after restarting my randconfig build testing that had been dormant for
a while.
On the Nokia N950/N9 phone, a DT fix is required to address a boot
regression.
For the bcm283x (Raspberry Pi), two DT fixes address minor issues.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEo6/YBQwIrVS28WGKmmx57+YAGNkFAl6hsLwACgkQmmx57+YA
GNmL2hAAsbdQcEkAX/y/dSyCU3rg9qxwAGzpjshewEboLy6Sh4LWShraJ2o8snH6
EAGVOb8O6giB09DLL9WOCEoVK6nHan98BBEDUvPLobdXkv+zrmva6QHKYHX1y2cs
TpV/2klyOJn1HHtLzioONbc37FtFEdW4DVf/2WH12u9hGUOLat5ULIeXtakrj9xy
iL/BuLcYW396ZGTTFa1XkLeCqzRvtkAqoMtZIjr2hXTi/IkgkIUZRatIRu54pKYo
VNiwY9BnCJknl+QmPkavmm9qdZhmJU4cxFX+wnu7Sh45Xflw9J14J16wBe/BZWO+
joOtpak+sF+kYPnS5Uv9Ie3dalo98w0CBYf40x2dznnqMyOJtPPbLhwjf3jzcLhk
dUVHra14vaWMtPCHg/PDTBjtxu2SaLWcELqn3hek/Zwr09zUgelyTquTAoHkXzgF
ApYtT8ym04y9uirFf1Cg59bBxmIoC85I4l487ly0SQtU7vE4piSM2KI+jnp3zn+3
+7TC85UYhtqNu7asYLAN6PcOOg+p4jpRyW/SK3dSoJw1f839fKji77aeEnIAEWxN
Qb4qJHYL+9Xy47mjJjH3TarRo7QulGiAgZV21uOrZecDiM8bMpDGtRXTqAW8yfsb
awDLmGvBaYb+xN/cc3X73inhXct48OLvz5GKRYLtIOzQFxAu/cM=
=K1jH
-----END PGP SIGNATURE-----
Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
Pull ARM SoC fixes from Arnd Bergmann:
"A few smaller fixes for v5.7-rc3: The majority are fixes for bugs I
found after restarting my randconfig build testing that had been
dormant for a while.
On the Nokia N950/N9 phone, a DT fix is required to address a boot
regression.
For the bcm283x (Raspberry Pi), two DT fixes address minor issues"
* tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc:
soc: imx8: select SOC_BUS
soc: tegra: fix tegra_pmc_get_suspend_mode definition
soc: fsl: dpio: avoid stack usage warning
soc: fsl: dpio: fix incorrect pointer conversions
ARM: imx: provide v7_cpu_resume() only on ARM_CPU_SUSPEND=y
ARM: dts: bcm283x: Disable dsi0 node
firmware: xilinx: make firmware_debugfs_root static
drivers: soc: xilinx: fix firmware driver Kconfig dependency
ARM: dts: bcm283x: Add cells encoding format to firmware bus
ARM: dts: OMAP3: disable RNG on N950/N9
- Address several use-after-free and memory leak bugs
- Prevent a backchannel livelock
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAABAgAGBQJemdwYAAoJEDNqszNvZn+XU1oQAKOm9vypO6w252kXdhFSxAlB
3tMxXALNDrFP3PXsKCa/sKKMRvkUkx+9pdnTuXDPvffd3ZgyB8DzJilryEtiqT4Y
JsuoWHg2QyNeKUFGmtZ5AsefPaR8WL/aiYPTi1PUqnq4rNPjAgOGgLUv+LME2jFU
Yx773d5CNHXDq6zv1Au0128URnQZDy/7URdfgX1FhLA8aQWjiG08fhBEGncXjV/X
mo3RMCwE2uzNRruW7OJyCehb8d+IKBDZ0LEeZDW/ve4hNtL+Ke5eCEoemYtUN07e
U3gRMB8Pt+55L+ZFP8KJYOtfRx2SkOTMcbASC2z/WECq5vumGmn4WovSSVJFGIUN
5WVf8ADM2w3RmTFh11Jl5mZnziGRNY/4hAW7PrR4ZDhJxjdKA+iLLd7571kkCE63
II6qxw/WV7Yz3T6v4BoOcDf1DOylnS1JXqmPGYia2aAhyFZgRVasOVIkB0meaaFe
zSKzKsTrir1Ru8/xt5zIgyEQwqATp2rwzkoPuTeQZLOht0fsSIGBpD1ZWXUaMAji
cfojhd4731cvoxMMGG27IMiHTG6rpKneaZ21Z/7/61P+cjHm/ITOLZzzRvhQMQU7
wuskRf3KTs+3k4x6P9E0qQU1DcJkPSYGq+JDdh389Plald4MLTAZYjIK+J3X35oL
QNnUeKzr1YhWWqgchthG
=Zoup
-----END PGP SIGNATURE-----
Merge tag 'nfsd-5.7-rc-1' of git://git.linux-nfs.org/projects/cel/cel-2.6
Pull nfsd fixes from Chuck Lever:
"The first set of 5.7-rc fixes for NFS server issues.
These were all unresolved at the time the 5.7 window opened, and
needed some additional time to ensure they were correctly addressed.
They are ready now.
At the moment I know of one more urgent issue regarding the NFS
server. A fix has been tested and is under review. I expect to send
one more pull request, containing this fix (which now consists of 3
patches).
Fixes:
- Address several use-after-free and memory leak bugs
- Prevent a backchannel livelock"
* tag 'nfsd-5.7-rc-1' of git://git.linux-nfs.org/projects/cel/cel-2.6:
svcrdma: Fix leak of svc_rdma_recv_ctxt objects
svcrdma: Fix trace point use-after-free race
SUNRPC: Fix backchannel RPC soft lockups
SUNRPC/cache: Fix unsafe traverse caused double-free in cache_purge
nfsd: memory corruption in nfsd4_lock()
This fixes a regression in the probe error path of the Qualcomm modem
remoteproc driver and a mix up of phy_addr_t and dma_addr_t in the
Mediatek SCP control driver.
-----BEGIN PGP SIGNATURE-----
iQJPBAABCAA5FiEEBd4DzF816k8JZtUlCx85Pw2ZrcUFAl6gzV4bHGJqb3JuLmFu
ZGVyc3NvbkBsaW5hcm8ub3JnAAoJEAsfOT8Nma3FsjwQAIuUG1XqHoHxLoXubIEU
wRK0cKbbE87GaGgsnHtnt/oqlXCY6mkPN5Z9ADBPA3bRxSg/jUiqC2DaIzVrbFPX
x/a5UUr+N9B76+8QXCEg5w+HbJFM9HAMNT7IOXRddivBwduxgGzdfIiWZOouFKTV
yRYlThb1iUiSWSMi0tGTXM4SQXNFs6HrTBh4Xt+Z3bRDp39esmPXbIennwkXn+9d
A2Z9UrjOWLh7X80Iu0kvd3nQcQjMvESd6rG0bbuA7B126/htuL0VVFW93JEOs2yn
xtuoinMKto+pXBzhdUOXXOs85aFLQ1DW48H3tEfjfJsnAG/iJe/EB9j3H64Fdj8f
YgZvaveGzjuP7+5V1CnsLKbdIf/QhIQlKXAXE+8BN3kjQXEek4+otEM2cLZCh8bI
2FNVVmDwV/UqmVb5Xg5LTz+QbL+IsjjiOojXAjOBT7scVBDygutku2vFEVc84nTt
OJeYQ+UVon8SraM3qZqgjUKkle9Nwu9YjsotR7tvO9VSmAyAzqLDetotPVzBo3UQ
CvGKoqBrYYdm2Wz1G6QT70d74DdgNYwXK6K/NZg+Cresl0g5X54fCdfZBxnwtgmF
hgIPexeYAbwm4Z8vdcKtxPhxMEVivBFgbVujNIdOdo8JDgpx6EmFozJ7EopAziN2
NlzSYuuNigToV3MFxf+ubFco
=WDtr
-----END PGP SIGNATURE-----
Merge tag 'rproc-v5.7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/andersson/remoteproc
Pull remoteproc fixes from Bjorn Andersson:
"This fixes a regression in the probe error path of the Qualcomm modem
remoteproc driver and a mix up of phy_addr_t and dma_addr_t in the
Mediatek SCP control driver"
* tag 'rproc-v5.7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/andersson/remoteproc:
remoteproc: mtk_scp: use dma_addr_t for DMA API
remoteproc: qcom_q6v5_mss: fix q6v5_probe() error paths
remoteproc: qcom_q6v5_mss: fix a bug in q6v5_probe()
-----BEGIN PGP SIGNATURE-----
iQJIBAABCAAyFiEES0KozwfymdVUl37v6iDy2pc3iXMFAl6gsxoUHHBhdWxAcGF1
bC1tb29yZS5jb20ACgkQ6iDy2pc3iXMr8w/9Ep4G4d8O4Cwg6zNJmwE+5ld4+oHo
YABDDdCq89LGk/diiiyN5lFFwU2+QggFbabCdmAuJjkIoY89wadc22fDnmwE1mCM
+t7mT4k//xovt30Kr10CJjjnJwbdKXA6yr40t8tKtMtFDQ7rJe4ddGqj5G0xCTTD
I6ZP13M1yxYBG6F6qYZuZaxFf05rzOygAhSTqxVIbfFgewiqHZt8z8Vsbbw+1t9h
Ao+Vea3AYcB9+vMMl6pLcKZ4ZCCF0ict29rWUm1Dg+9lJwe4LPvHiGG9NwgJDTJs
+AerZ/MvKLRTEnhczWm5w8+t3qm/Ke8RgiSBK0I3gdxqpurq44gJC8fzmpfyjmSr
/PF326Xb33NJNk2V5a/6c9nR2psjUiCyqPd5D1OBnM2oiGlAujoCkWD9hErILIcG
WAfxPIf4zaroJMx6B2/0Hj7PpnWDTF0ZjwLdGXSRWm92hEob5lIA7Nvg6jBu8WvO
ZfWlj/wVt/V2hIOPsvYZeaYCh1rM/EcWkWyA8JKIu9sPmKR4rZRutGh8EQO7Y7Oi
uuT5yUL8k5zLe5H168+0w4eRZhYMSZpOomEq0kF626vPXTLpY/3sVK5/Itp/wQ37
4dPmA51uohRLR2vWD1zVyAmLaw969SQ1if1Ls2wPMN2XG0ceGmDT0ZCa6Lp8Ol/W
WAsHk4YM7i/zato=
=Qn3Z
-----END PGP SIGNATURE-----
Merge tag 'audit-pr-20200422' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit
Pull audit fix from Paul Moore:
"One small audit patch fix, fixing a missing length check on input from
userspace, nothing crazy"
* tag 'audit-pr-20200422' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit:
audit: check the length of userspace generated audit records
Move all zoned mode related code from null_blk_main.c to
null_blk_zoned.c, avoiding an ugly #ifdef in the process.
Rename null_zone_init() into null_init_zoned_dev(), null_zone_exit()
into null_free_zoned_dev() and add the new function
null_register_zoned_dev() to finalize the zoned dev setup before
add_disk().
Signed-off-by: Damien Le Moal <damien.lemoal@wdc.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
For write operations issued to a null_blk device with zoned mode
enabled, the state and write pointer position of the zone targeted by
the command should be checked before badblocks and memory backing
are handled as the write may be first failed due to, for instance, a
sector position not aligned with the zone write pointer. This order of
checking for errors reflects more accuratly the behavior of physical
zoned devices.
Furthermore, the write pointer position of the target zone should be
incremented only and only if no errors are reported by badblocks and
memory backing handling.
To fix this, introduce the small helper function null_process_cmd()
which execute null_handle_badblocks() and null_handle_memory_backed()
and use this function in null_zone_write() to correctly handle write
requests to zoned null devices depending on the type and state of the
write target zone. Also call this function in null_handle_zoned() to
process read requests to zoned null devices.
null_process_cmd() is called directly from null_handle_cmd() for
regular null devices, resulting in no functional change for these type
of devices. To have symmetric names, the function null_handle_zoned()
is renamed to null_process_zoned_cmd().
Signed-off-by: Damien Le Moal <damien.lemoal@wdc.com>
Reviewed-by: Chaitanya Kulkarni <chaitanya.kulkarni@wdc.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
5.7, please pull the following:
- Nicolas provides a fix for 55c7c06210 ("ARM: dts: bcm283x: Fix vc4's
firmware bus DMA limitations") which missed adding proper
#address-cells and #size-cells properties and he also disables the DSI
node which should have been disabled by default but was not.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEm+Rq3+YGJdiR9yuFh9CWnEQHBwQFAl6Yym4ACgkQh9CWnEQH
BwTa9Q//cWDH7i+wkQTyIbTemxT2CiCGDRNtPiQkU8+w0LpDWG7aLusTq7tFI17y
wcsCe+2JI9TKFGNiB4S5nFPD8zBsNr8X0BJYkNqoteGiLkgDb42g7YjM+TvZAGMH
OXzHKplIiCcP9gNZEZ2YrsYDD+WwKPg/OkY0rksy5V/Fz300GEyJphoEInnHQ87y
Q+rRhMBEtcr56qq8iCaXpfjicMjVbSFOHrl5paiHbL5B0ijuNdxSaQOzQJQHlBoP
xXNEDFjOVLfiFjCxQ4Yd61gaAbTQu5KJCHdpySo6H0ozbzAKhDCLkhcYDNfDh7WJ
IK145MOQKIjy1IiUzgCkApSXB5HFLrDBhrVQafbxhL4pm3UDBq1hTsEaPGLKVhMQ
fPZVT5k3OpdtTbMQ/VNZI2nlA5FBWg2Xb47Jh4x2I1YXel98/qTrlzQQDb4ebjNb
KfOHEcGDGAl7KfMh4SWdxLp6ytxSI002or9eVfQskFkBSSvvULhLc3/ChVJwtRz6
bSAw0mQ6MkZommOGJ6YvzbjeOMXITZn1unywgdR1Bpz61E8vGAhJ+DkIghE90GuX
0P8EF9CRFeQ8ckORZblGYSngKz9Xj4qZ3khFVh96EhvwEf/2eX8DNMR1BrdrO286
yIROG70WJ87Es/zAFNpabCuUiDroIBjtqURvVRHug2n1XtE5WlM=
=6CKq
-----END PGP SIGNATURE-----
Merge tag 'arm-soc/for-5.7/devicetree-fixes' of https://github.com/Broadcom/stblinux into arm/fixes
This pull request contains Broadcom ARM-based SoCs Device Tree fixes for
5.7, please pull the following:
- Nicolas provides a fix for 55c7c06210 ("ARM: dts: bcm283x: Fix vc4's
firmware bus DMA limitations") which missed adding proper
#address-cells and #size-cells properties and he also disables the DSI
node which should have been disabled by default but was not.
* tag 'arm-soc/for-5.7/devicetree-fixes' of https://github.com/Broadcom/stblinux:
ARM: dts: bcm283x: Disable dsi0 node
ARM: dts: bcm283x: Add cells encoding format to firmware bus
Link: https://lore.kernel.org/r/20200417171725.1084-1-f.fainelli@gmail.com
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Currently, if tcs_cmd_gen is called with commit=false, then
tcs_cmd::wait is left uninitialized. Since the tcs_cmd structures passed
to this function aren't zero-initialized, then we're left with random
wait values. This results in waiting for completion for more commands
than is necessary, depending on what's on the stack at the time.
Removing the unnecessary if-condition fixes this, but add an explicit
memset of the tcs_cmd structure as well to ensure predictable behavior
if more tcs_cmd members are added in the future.
Fixes: 976daac4a1 ("interconnect: qcom: Consolidate interconnect RPMh support")
Signed-off-by: Mike Tipton <mdtipton@codeaurora.org>
Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20200319231021.18108-1-mdtipton@codeaurora.org
Signed-off-by: Georgi Djakov <georgi.djakov@linaro.org>
Link: https://lore.kernel.org/r/20200415130327.23059-2-georgi.djakov@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Here are two (late) fixes for 5.7-rc1 merge window.
Xu's change addresses an issue with a wrong return value.
Shubhrajyoti's change makes the Zynq FPGA driver return -EPROBE_DEFER on
All patches have been reviewed on the mailing list, and have been in the
last few linux-next releases (as part of my for-next branch) without issues.
Signed-off-by: Moritz Fischer <mdf@kernel.org>
-----BEGIN PGP SIGNATURE-----
iIUEABYIAC0WIQS/ea/a56fFi9QbQeJ+E8eWOj6VqQUCXoK9+A8cbWRmQGtlcm5l
bC5vcmcACgkQfhPHljo+lan3PgD/acJEg3bh985Ll2PEAgOmVqTeBIbKVfCbp6dR
odwLmnQBAKXFKNy3DKj3o4bV2GkjYSluRUsBBprCSYU502ndO2QC
=7Ai4
-----END PGP SIGNATURE-----
Merge tag 'fpga-fixes-for-5.7' of git://git.kernel.org/pub/scm/linux/kernel/git/mdf/linux-fpga into char-misc-linus
Moritz writes:
FPGA Manager fixes for 5.7-rc1
Here are two (late) fixes for 5.7-rc1 merge window.
Xu's change addresses an issue with a wrong return value.
Shubhrajyoti's change makes the Zynq FPGA driver return -EPROBE_DEFER on
All patches have been reviewed on the mailing list, and have been in the
last few linux-next releases (as part of my for-next branch) without issues.
Signed-off-by: Moritz Fischer <mdf@kernel.org>
* tag 'fpga-fixes-for-5.7' of git://git.kernel.org/pub/scm/linux/kernel/git/mdf/linux-fpga:
fpga: dfl: pci: fix return value of cci_pci_sriov_configure
fpga: zynq: Remove clk_get error message for probe defer
init_r_port can access pc104 array out of bounds. pc104 is a 2D array
defined to have 4 members. Each member has 8 submembers.
* we can have more than 4 (PCI) boards, i.e. [board] can be OOB
* line is not modulo-ed by anything, so the first line on the second
board can be 4, on the 3rd 12 or alike (depending on previously
registered boards). It's zero only on the first line of the first
board. So even [line] can be OOB, quite soon (with the 2nd registered
board already).
This code is broken for ages, so just avoid the OOB accesses and don't
try to fix it as we would need to find out the correct line number. Use
the default: RS232, if we are out.
Generally, if anyone needs to set the interface types, a module parameter
is past the last thing that should be used for this purpose. The
parameters' description says it's for ISA cards anyway.
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Cc: stable <stable@vger.kernel.org>
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Link: https://lore.kernel.org/r/20200417105959.15201-2-jslaby@suse.cz
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This patch fixes below error reported by coccicheck
drivers/tty/serial/bcm63xx_uart.c:848:2-8: ERROR: missing clk_put;
clk_get on line 842 and execution via conditional on line 846
Fixes: ab4382d274 ("tty: move drivers/serial/ to drivers/tty/serial/")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Zou Wei <zou_wei@huawei.com>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/1587472306-105155-1-git-send-email-zou_wei@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The code in vc_do_resize() bounds the memory allocation size to avoid
exceeding MAX_ORDER down the kzalloc() call chain and generating a
runtime warning triggerable from user space. However, not only is it
unwise to use a literal value here, but MAX_ORDER may also be
configurable based on CONFIG_FORCE_MAX_ZONEORDER.
Let's use KMALLOC_MAX_SIZE instead.
Note that prior commit bb1107f7c6 ("mm, slab: make sure that
KMALLOC_MAX_SIZE will fit into MAX_ORDER") the KMALLOC_MAX_SIZE value
could not be relied upon.
Signed-off-by: Nicolas Pitre <nico@fluxnic.net>
Cc: <stable@vger.kernel.org> # v4.10+
Link: https://lore.kernel.org/r/nycvar.YSQ.7.76.2003281702410.2671@knanqh.ubzr
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 8ba92cf593 ("arm64: dts: actions: s700: Add Clock Management Unit")
breaks the UART on Cubieboard7-lite (based on S700 SoC), This is due to the
fact that generic clk routine clk_disable_unused() disables the gate clks,
and that in turns disables OWL UART (but UART driver never enables it). To
prove this theory, Andre suggested to use "clk_ignore_unused" in kernel
commnd line and it worked (Kernel happily lands into RAMFS world :)).
This commit fix this up by adding clk_prepare_enable().
Fixes: 8ba92cf593 ("arm64: dts: actions: s700: Add Clock Management Unit")
Signed-off-by: Amit Singh Tomar <amittomer25@gmail.com>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/1587067917-1400-1-git-send-email-amittomer25@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Even if the actual screen size is bounded in vc_do_resize(), the unicode
buffer is still a little more than twice the size of the glyph buffer
and may exceed MAX_ORDER down the kmalloc() path. This can be triggered
from user space.
Since there is no point having a physically contiguous buffer here,
let's avoid the above issue as well as reducing pressure on high order
allocations by using vmalloc() instead.
Signed-off-by: Nicolas Pitre <nico@fluxnic.net>
Cc: <stable@vger.kernel.org>
Acked-by: Sam Ravnborg <sam@ravnborg.org>
Link: https://lore.kernel.org/r/nycvar.YSQ.7.76.2003282214210.2671@knanqh.ubzr
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Change a bunch of arguments of wrapper functions which pass signed
integer to an unsigned integer which might cause undefined behaviors
when sign integer overflow.
Signed-off-by: Changming Liu <liu.changm@northeastern.edu>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/BL0PR06MB45482D71EA822D75A0E60A2EE5D50@BL0PR06MB4548.namprd06.prod.outlook.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cyril Roelandt reports that his JMicron JMS566 USB-SATA bridge fails
to handle WRITE commands with the FUA bit set, even though it claims
to support FUA. (Oddly enough, a later version of the same bridge,
version 2.03 as opposed to 1.14, doesn't claim to support FUA. Also
oddly, the bridge _does_ support FUA when using the UAS transport
instead of the Bulk-Only transport -- but this device was blacklisted
for uas in commit bc3bdb12bb ("usb-storage: Disable UAS on JMicron
SATA enclosure") for apparently unrelated reasons.)
This patch adds a usb-storage unusual_devs entry with the BROKEN_FUA
flag. This allows the bridge to work properly with usb-storage.
Reported-and-tested-by: Cyril Roelandt <tipecaml@gmail.com>
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
CC: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/Pine.LNX.4.44L0.2004221613110.11262-100000@iolanthe.rowland.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Commit bd0e6c9614 ("usb: hub: try old enumeration scheme first for
high speed devices") changed the way the hub driver enumerates
high-speed devices. Instead of using the "new" enumeration scheme
first and switching to the "old" scheme if that doesn't work, we start
with the "old" scheme. In theory this is better because the "old"
scheme is slightly faster -- it involves resetting the device only
once instead of twice.
However, for a long time Windows used only the "new" scheme. Zeng Tao
said that Windows 8 and later use the "old" scheme for high-speed
devices, but apparently there are some devices that don't like it.
William Bader reports that the Ricoh webcam built into his Sony Vaio
laptop not only doesn't enumerate under the "old" scheme, it gets hung
up so badly that it won't then enumerate under the "new" scheme! Only
a cold reset will fix it.
Therefore we will revert the commit and go back to trying the "new"
scheme first for high-speed devices.
Reported-and-tested-by: William Bader <williambader@hotmail.com>
Ref: https://bugzilla.kernel.org/show_bug.cgi?id=207219
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Fixes: bd0e6c9614 ("usb: hub: try old enumeration scheme first for high speed devices")
CC: Zeng Tao <prime.zeng@hisilicon.com>
CC: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/Pine.LNX.4.44L0.2004221611230.11262-100000@iolanthe.rowland.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Commit 8099f58f1e ("USB: hub: Don't record a connect-change event
during reset-resume") wasn't very well conceived. The problem it
tried to fix was that if a connect-change event occurred while the
system was asleep (such as a device disconnecting itself from the bus
when it is suspended and then reconnecting when it resumes)
requiring a reset-resume during the system wakeup transition, the hub
port's change_bit entry would remain set afterward. This would cause
the hub driver to believe another connect-change event had occurred
after the reset-resume, which was wrong and would lead the driver to
send unnecessary requests to the device (which could interfere with a
firmware update).
The commit tried to fix this by not setting the change_bit during the
wakeup. But this was the wrong thing to do; it means that when a
device is unplugged while the system is asleep, the hub driver doesn't
realize anything has happened: The change_bit flag which would tell it
to handle the disconnect event is clear.
The commit needs to be reverted and the problem fixed in a different
way. Fortunately an alternative solution was noted in the commit's
Changelog: We can continue to set the change_bit entry in
hub_activate() but then clear it when a reset-resume occurs. That way
the the hub driver will see the change_bit when a device is
disconnected but won't see it when the device is still present.
That's what this patch does.
Reported-and-tested-by: Peter Chen <peter.chen@nxp.com>
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Fixes: 8099f58f1e ("USB: hub: Don't record a connect-change event during reset-resume")
Tested-by: Paul Zimmerman <pauldzim@gmail.com>
CC: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/Pine.LNX.4.44L0.2004221602480.11262-100000@iolanthe.rowland.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
vnt_set_bss_mode needs to be called on all changes to BSS_CHANGED_BASIC_RATES,
BSS_CHANGED_ERP_PREAMBLE and BSS_CHANGED_ERP_SLOT
Remove all other calls and vnt_update_ifs which is called in vnt_set_bss_mode.
Fixes an issue that preamble mode is not being updated correctly.
Fixes: c12603576e ("staging: vt6656: Only call vnt_set_bss_mode on basic rates change.")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Malcolm Priestley <tvboxspy@gmail.com>
Link: https://lore.kernel.org/r/44110801-6234-50d8-c583-9388f04b486c@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
comedi_open() invokes comedi_dev_get_from_minor(), which returns a
reference of the COMEDI device to "dev" with increased refcount.
When comedi_open() returns, "dev" becomes invalid, so the refcount
should be decreased to keep refcount balanced.
The reference counting issue happens in one exception handling path of
comedi_open(). When "cfp" allocation is failed, the refcnt increased by
comedi_dev_get_from_minor() is not decreased, causing a refcnt leak.
Fix this issue by calling comedi_dev_put() on this error path when "cfp"
allocation is failed.
Fixes: 20f083c075 ("staging: comedi: prepare support for per-file read and write subdevices")
Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>
Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
Link: https://lore.kernel.org/r/1587361459-83622-1-git-send-email-xiyuyang19@fudan.edu.cn
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The problem is that the group key was saved as VNT_KEY_DEFAULTKEY
was over written by the VNT_KEY_GROUP_ADDRESS index.
mac80211 could not clear the mac_addr in the default key.
The VNT_KEY_DEFAULTKEY is not necesscary so remove it and set as
VNT_KEY_GROUP_ADDRESS.
mac80211 can clear any key using vnt_mac_disable_keyentry.
Fixes: f9ef05ce13 ("staging: vt6656: Fix pairwise key for non station modes")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Malcolm Priestley <tvboxspy@gmail.com>
Link: https://lore.kernel.org/r/da2f7e7f-1658-1320-6eee-0f55770ca391@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The drivers TBTT counter is not synchronized with mac80211 timestamp.
Reorder the functions and use vnt_update_next_tbtt to do the final
synchronize.
Fixes: c15158797d ("staging: vt6656: implement TSF counter")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Malcolm Priestley <tvboxspy@gmail.com>
Link: https://lore.kernel.org/r/375d0b25-e8bc-c8f7-9b10-6cc705d486ee@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
mac80211/users control whether multicast is on or off don't enable it by default.
Fixes an issue when multicast/broadcast is always on allowing other beacons through
in power save.
Fixes: db8f37fa33 ("staging: vt6656: mac80211 conversion: main_usb add functions...")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Malcolm Priestley <tvboxspy@gmail.com>
Link: https://lore.kernel.org/r/2c24c33d-68c4-f343-bd62-105422418eac@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Replace the for loops of the vnt_update_top_rates function by the fls
function.
The purpose of the two for loops is to find the most significant bit set
in a range of bits. So, they can be replace by the fls function (find
last set) with a previous mask to define the range.
This way avoid the iteration over unnecessary for loops.
The header "linux/bits.h" can be remove as it is included in the header
"linux/bitops.h".
Signed-off-by: Oscar Carter <oscar.carter@gmx.com>
Link: https://lore.kernel.org/r/20200420155246.4925-1-oscar.carter@gmx.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Replace the for loop by a ternary operator whose condition is an AND
bitmask against the priv->basic_rates variable.
The purpose of the for loop was to check if any of bits from RATE_54M to
RATE_6M was set, but it's not necessary to check every individual bit.
The same result can be achieved using only one single mask which
comprises all the commented bits.
This way avoid the iteration over an unnecessary for loop.
Also change the return type to bool because it's the type that this
function returns.
Signed-off-by: Oscar Carter <oscar.carter@gmx.com>
Link: https://lore.kernel.org/r/20200418134553.6415-1-oscar.carter@gmx.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
gasket_sysfs_register_store() invokes get_mapping(), which returns a
reference of the specified gasket_sysfs_mapping object to "mapping" with
increased refcnt.
When gasket_sysfs_register_store() returns, local variable "mapping"
becomes invalid, so the refcount should be decreased to keep refcount
balanced.
The reference counting issue happens in one exception handling path of
gasket_sysfs_register_store(). When gasket_dev is NULL, the function
forgets to decrease the refcnt increased by get_mapping(), causing a
refcnt leak.
Fix this issue by calling put_mapping() when gasket_dev is NULL.
Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>
Link: https://lore.kernel.org/r/1587618941-13718-1-git-send-email-xiyuyang19@fudan.edu.cn
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
gasket_sysfs_put_attr() invokes get_mapping(), which returns a reference
of the specified gasket_sysfs_mapping object to "mapping" with increased
refcnt.
When gasket_sysfs_put_attr() returns, local variable "mapping" becomes
invalid, so the refcount should be decreased to keep refcount balanced.
The reference counting issue happens in one path of
gasket_sysfs_put_attr(). When mapping attribute is unknown, the function
forgets to decrease the refcnt increased by get_mapping(), causing a
refcnt leak.
Fix this issue by calling put_mapping() when put attribute fails due to
unknown attribute.
Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>
Link: https://lore.kernel.org/r/1587618895-13660-1-git-send-email-xiyuyang19@fudan.edu.cn
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fix the following coccicheck warning:
drivers/staging/mt7621-pinctrl/pinctrl-rt2880.c:223:14-36: WARNING: Use
correct pointer type argument for sizeof
Signed-off-by: Jason Yan <yanaijie@huawei.com>
Link: https://lore.kernel.org/r/20200420133416.3087-1-yanaijie@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
These functions are only used by rxtx so move them and their arrays
used with them abbreviating the function description.
Signed-off-by: Malcolm Priestley <tvboxspy@gmail.com>
Link: https://lore.kernel.org/r/2a4fd665-2fe1-f1ad-1e9a-1b01f698ea79@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
vnt_update_pre_ed_threshold needs to be updated more often so
call from vnt_config where it updated on any of config changes.
It must have maximum sensitivity when the device is off channel
or idle.
Remove all the other calls in scanning and bss.
Signed-off-by: Malcolm Priestley <tvboxspy@gmail.com>
Link: https://lore.kernel.org/r/1b00c112-347c-b0bb-61ed-a874ee448ff8@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The firmware function are not that complicated so
move them into main_usb as static functions in callers
visibility
Firmware definitions moved to device.h and MODULE_FIRMWARE
move to below module_usb_driver.
Signed-off-by: Malcolm Priestley <tvboxspy@gmail.com>
Link: https://lore.kernel.org/r/7b384871-826b-9365-e3ed-5717ecefd31c@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Add size check of SSID information element in incoming 802.11
frames, to prevent memcpy() of IE in array bssid->Ssid.Ssid, with
size more than 32 bytes.
Signed-off-by: Denis Straghkov <d.straghkov@ispras.ru>
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/20200421212525.24962-1-d.straghkov@ispras.ru
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/staging/rtl8723bs/hal/sdio_halinit.c: In function HalRxAggr8723BSdio:
drivers/staging/rtl8723bs/hal/sdio_halinit.c:547:24: warning: variable pregistrypriv set but not used [-Wunused-but-set-variable]
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Link: https://lore.kernel.org/r/20200421024145.43576-1-yuehaibing@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fix the following gcc warning:
drivers/staging/rtl8723bs/hal/odm.c:10:18: warning: ‘dB_Invert_Table’
defined but not used [-Wunused-const-variable=]
static const u16 dB_Invert_Table[8][12] = {
^~~~~~~~~~~~~~~
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Jason Yan <yanaijie@huawei.com>
Link: https://lore.kernel.org/r/20200417073439.41888-1-yanaijie@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fix the following gcc warning:
drivers/staging/rtl8723bs/hal/hal_btcoex.c:45:26: warning: ‘ioStaString’
defined but not used [-Wunused-const-variable=]
static const char *const ioStaString[] = {
^~~~~~~~~~~
drivers/staging/rtl8723bs/hal/hal_btcoex.c:38:26: warning:
‘h2cStaString’ defined but not used [-Wunused-const-variable=]
static const char *const h2cStaString[] = {
^~~~~~~~~~~~
drivers/staging/rtl8723bs/hal/hal_btcoex.c:33:26: warning:
‘BtLinkRoleString’ defined but not used [-Wunused-const-variable=]
static const char *const BtLinkRoleString[] = {
^~~~~~~~~~~~~~~~
drivers/staging/rtl8723bs/hal/hal_btcoex.c:23:26: warning:
‘BtSpecString’ defined but not used [-Wunused-const-variable=]
static const char *const BtSpecString[] = {
^~~~~~~~~~~~
drivers/staging/rtl8723bs/hal/hal_btcoex.c:15:26: warning:
‘BtProfileString’ defined but not used [-Wunused-const-variable=]
static const char *const BtProfileString[] = {
^~~~~~~~~~~~~~~
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Jason Yan <yanaijie@huawei.com>
Link: https://lore.kernel.org/r/20200417073310.40893-1-yanaijie@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
