- Fix a timeout in the cadence QSPI controller driver
-----BEGIN PGP SIGNATURE-----
iQI5BAABCAAjBQJbR27cHBxib3Jpcy5icmV6aWxsb25AYm9vdGxpbi5jb20ACgkQ
Ze02AX4ItwDbwRAAsz3Lke8eNEAgHQI5TBTBFlnqCgaxc5T2wPYdKgfjpPHN3QgU
t/qmLBfCSFxNWNQrX2O4UDvj90kL1tXXiGEUdeJmMRzFb016MFts6Bd39+n0jTIv
LYCZgdjiKetAMJbKv7cbeQjkeIl5M8RyS/lUedL6rFNq6GuGKQStHoT9gnmIzGjT
maES0aR0xI6Ug4r1BrgQGHTbpSF19w+b+aNbFKpPpgRDBEceSQuJVMNwlDZgx1OO
WLbjYpQLshd4ikgwEU3kbP4LDV7PRPv4l+d0EYz+S3P4X6EMWroAF6gcDbASElDQ
HEuGjYbNd+D+GmYWSUulCKVDnWbafxBm1wKZ70kmxKy/O9MH7fe5rtL1v5cS/ITx
dy9v6q58550/EC9OkF9j6y+bSVZTxeczCeTGzZ4wf3LdPFq7fkmRovljm9tXmvA0
pCC1Xsm7/0Cbe+ZvGO9Fd+a1xpgVECDSO2zDpiCWuSS2bInl7rLCMjPvLwz6XoX6
BP9tch5pIKnxBQDQGfds9UYJvRt7j+cDMrFRrTI3viRr9lQQkOnpzMLp3qiWOUVH
moE2B2Q++47Bf32Whn4B0YU07n7lyUZxSYEyOLxkExIl8sGXtvMXGgCqO9Yi/tFK
ef4Q55wYB0k3Rj75iYdve3bxa1PKwYQ5qzACAt8uq0aHEkKz3CBvtYdb8lo=
=y/JZ
-----END PGP SIGNATURE-----
Merge tag 'mtd/fixes-for-4.18-rc5' of git://git.infradead.org/linux-mtd
Pull MTD fix from Boris Brezillon:
"A SPI NOR fix to fix a timeout in the cadence QSPI controller driver"
* tag 'mtd/fixes-for-4.18-rc5' of git://git.infradead.org/linux-mtd:
mtd: spi-nor: cadence-quadspi: Fix direct mode write timeouts
-----BEGIN PGP SIGNATURE-----
iIoEABYIADIWIQRRSw7ePDh/lE+zeZMp5XQQmuv6qgUCW0ZhphQccm9zdGVkdEBn
b29kbWlzLm9yZwAKCRAp5XQQmuv6qlxwAP4jKOp86ljtdqHSlh9mOHChnvwdMprQ
kaQ82WiamGikIwD/Vo/6ynsVl5eYMDO2VQSv6W1DHmhV9I/KgdqcQBl8jAk=
=RF9o
-----END PGP SIGNATURE-----
Merge tag 'trace-v4.18-rc3-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace
Pull kprobe fix from Steven Rostedt:
"This fixes a memory leak in the kprobe code"
* tag 'trace-v4.18-rc3-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
tracing/kprobe: Release kprobe print_fmt properly
We don't release tk->tp.call.print_fmt when destroying
local uprobe. Also there's missing print_fmt kfree in
create_local_trace_kprobe error path.
Link: http://lkml.kernel.org/r/20180709141906.2390-1-jolsa@kernel.org
Cc: stable@vger.kernel.org
Fixes: e12f03d703 ("perf/core: Implement the 'perf_kprobe' PMU")
Acked-by: Song Liu <songliubraving@fb.com>
Acked-by: Masami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Pull libata fixes from Tejun Heo:
- Jens's patches to expand the usable command depth from 31 to 32 broke
sata_fsl due to a subtle command iteration bug. Fixed by introducing
explicit iteration helpers and using the correct variant.
- On some laptops, enabling LPM by default reportedly led to occasional
hard hangs. Blacklist the affected cases.
- Other misc fixes / changes.
* 'for-4.18-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata:
ata: Remove depends on HAS_DMA in case of platform dependency
ata: Fix ZBC_OUT all bit handling
ata: Fix ZBC_OUT command block check
ahci: Add Intel Ice Lake LP PCI ID
ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS
sata_nv: remove redundant pointers sdev0 and sdev1
sata_fsl: remove dead code in tag retrieval
sata_fsl: convert to command iterator
libata: convert eh to command iterators
libata: add command iterator helpers
ata: ahci_mvebu: ahci_mvebu_stop_engine() can be static
libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store()
Here are a few char/misc driver fixes for 4.18-rc5.
The "largest" stuff here is fixes for the UIO changes in 4.18-rc1 that
caused breakages for some people. Thanks to Xiubo Li for fixing them
quickly. Other than that, minor fixes for thunderbolt, vmw_balloon,
nvmem, mei, ibmasm, and mei drivers. There's also a MAINTAINERS update
where Rafael is offering to help out with reviewing driver core patches.
All of these have been in linux-next with no reported issues.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCW0Xg+Q8cZ3JlZ0Brcm9h
aC5jb20ACgkQMUfUDdst+ynuzwCeP5imDvO+/phRkeuwpchIusaBZDIAoIsVjdoa
UXNqthmixT4kmZzkdw4/
=NB+C
-----END PGP SIGNATURE-----
Merge tag 'char-misc-4.18-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
Pull char/misc fixes from Greg KH:
"Here are a few char/misc driver fixes for 4.18-rc5.
The "largest" stuff here is fixes for the UIO changes in 4.18-rc1 that
caused breakages for some people. Thanks to Xiubo Li for fixing them
quickly. Other than that, minor fixes for thunderbolt, vmw_balloon,
nvmem, mei, ibmasm, and mei drivers. There's also a MAINTAINERS update
where Rafael is offering to help out with reviewing driver core
patches.
All of these have been in linux-next with no reported issues"
* tag 'char-misc-4.18-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
nvmem: Don't let a NULL cell_id for nvmem_cell_get() crash us
thunderbolt: Notify userspace when boot_acl is changed
uio: fix crash after the device is unregistered
uio: change to use the mutex lock instead of the spin lock
uio: use request_threaded_irq instead
fpga: altera-cvp: Fix an error handling path in 'altera_cvp_probe()'
ibmasm: don't write out of bounds in read handler
MAINTAINERS: Add myself as driver core changes reviewer
mei: discard messages from not connected client during power down.
vmw_balloon: fix inflation with batching
Here are two tiny staging driver fixes for reported issues for 4.18-rc5.
One fixes the r8822be driver to properly work on lots of new laptops,
the other is for the rtl8723bs driver to fix an underflow error.
Both have been in linux-next for a while with no reported issues.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCW0XhgA8cZ3JlZ0Brcm9h
aC5jb20ACgkQMUfUDdst+ykbzQCfU3lTlrBWUWs2dWWhd8ZzrhGqrPcAoIT5o0aM
seu3sLtRW05DzOWxHc8V
=RB+r
-----END PGP SIGNATURE-----
Merge tag 'staging-4.18-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging
Pull staging fixes from Greg KH:
"Here are two tiny staging driver fixes for reported issues for
4.18-rc5.
One fixes the r8822be driver to properly work on lots of new laptops,
the other is for the rtl8723bs driver to fix an underflow error.
Both have been in linux-next for a while with no reported issues"
* tag 'staging-4.18-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
staging: r8822be: Fix RTL8822be can't find any wireless AP
staging: rtl8723bs: Prevent an underflow in rtw_check_beacon_data().
Here are a number of small USB fixes for 4.18-rc5.
Nothing major here, just the normal set of new device ids, xhci fixes,
and some typec fixes. The typec fix required some tiny changes in an
i2c driver, which that maintainer acked to come through my tree.
All of these have been in linux-next for a while with no reported
issues.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCW0XiBA8cZ3JlZ0Brcm9h
aC5jb20ACgkQMUfUDdst+ymHjwCfVF5vUleTpR/oQbiBOK2EeO2cO9IAnA0R+BIk
Il4iFFI6GNkFhYDwePFm
=E35c
-----END PGP SIGNATURE-----
Merge tag 'usb-4.18-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb
Pull USB fixes from Greg KH:
"Here are a number of small USB fixes for 4.18-rc5.
Nothing major here, just the normal set of new device ids, xhci fixes,
and some typec fixes. The typec fix required some tiny changes in an
i2c driver, which that maintainer acked to come through my tree.
All of these have been in linux-next for a while with no reported
issues"
* tag 'usb-4.18-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
USB: yurex: fix out-of-bounds uaccess in read handler
usb: quirks: add delay quirks for Corsair Strafe
xhci: xhci-mem: off by one in xhci_stream_id_to_ring()
usb/gadget: aspeed-vhub: add USB_LIBCOMPOSITE dependency
docs: kernel-parameters.txt: document xhci-hcd.quirks parameter
USB: serial: mos7840: fix status-register error handling
USB: serial: keyspan_pda: fix modem-status error handling
USB: serial: cp210x: add another USB ID for Qivicon ZigBee stick
USB: serial: ch341: fix type promotion bug in ch341_control_in()
i2c-cht-wc: Fix bq24190 supplier
typec: tcpm: Correctly report power_supply current and voltage for non pd supply
usb: xhci: dbc: Don't decrement runtime PM counter if DBC is not started
Address a regression in ACPICA that ceased to clear the status of
GPEs and fixed events before entering the ACPI S5 (off) system
state during the 4.17 cycle which caused some systems to power up
immediately after they had been turned off.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJbRcsLAAoJEILEb/54YlRxunAP/RbG89Pd7F0OD3eUKuM1xLVY
paq7lxuo6ls3i3nvW7Ox/5IaemJM4Sf/w7nfuYnjG2KkoXCryd+cdFvAg2sjDNWx
x6WwqsQH5oAMiG+8KyVrn0vy9s2CxTivGmCXupYMv8rLQNaBx08+TCRXeM99bCmC
5fUP7a1AL/8mX1inK263TuS+1RE9eQlm7mtKWVAgPbbJbEn0+Bn8TzuNvVCu3LmP
Gp0okzW7OGD54+D6nj5p6xgKFez7Fb2GiKBuFSfWs24vGZzi4Cw8v9NAiWLH+Heh
GurP4UJO+fdGTdPPuYGTBGg6rR7fgTpWilOpn+398H6pCGVvMukWdxJVHyp+jM6z
Pc/Z/72xXX+ykDaTRml3ec8s0KwM4goW5wp+RArAEUAdWkDOd9Hykq9/Lh3Ok1xN
hTdYjq0ujZbIaWqW6cYF1WXq/XujuY8qqE70iNeTsBS5B/967MTTyvM96iI6CYgV
umYboGzUeAcVtTwljwaWHnwrSx3yoMrKg9NB1lrgr27V+lK/0lsU3j7iQ5fdovbZ
zYZFf3pFYiNCquw7bJHps1tTkAAUnywgsj6hpdpKTic1h8js0/acrD60Hf/Fxl+s
LGu2tX7PcHFnBB4NEolXnii9oK2KlLXWE7Lr9g0OYSq24uhSi+HkvTH2ZnHgUiho
343tWLZjVbXH0r+Buir9
=4PiS
-----END PGP SIGNATURE-----
Merge tag 'acpi-4.18-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull ACPI fix from Rafael Wysocki:
"Address a regression in ACPICA that ceased to clear the status of GPEs
and fixed events before entering the ACPI S5 (off) system state during
the 4.17 cycle which caused some systems to power up immediately after
they had been turned off"
* tag 'acpi-4.18-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
ACPICA: Clear status of all events when entering S5
- Use async IPIs for arch_trigger_cpumask_backtrace() in order to
avoid warnings & deadlocks, fixing a problem introduced in v3.19
with the fix trivial to backport as far as v4.9.
- Fix ioremap()'s MMU/TLB backed path to avoid spuriously rejecting
valid requests due to an incorrect belief that the memory region is
backed by potentially-in-use RAM. This fixes a regression in v4.2.
-----BEGIN PGP SIGNATURE-----
iIsEABYIADMWIQRgLjeFAZEXQzy86/s+p5+stXUA3QUCW0UoBRUccGF1bC5idXJ0
b25AbWlwcy5jb20ACgkQPqefrLV1AN2QnQD9EzZbdcitwdyd/wCPHi/r2yPJ7eD6
vXuIqWEjs2TujpMA/iVa4uC2myYAP56vjOx66KpgfIXufnQg6b8f5ARgYMIK
=gA7+
-----END PGP SIGNATURE-----
Merge tag 'mips_fixes_4.18_3' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux
Pull MIPS fixes from Paul Burton:
"A couple more MIPS fixes for 4.18:
- Use async IPIs for arch_trigger_cpumask_backtrace() in order to
avoid warnings & deadlocks, fixing a problem introduced in v3.19
with the fix trivial to backport as far as v4.9.
- Fix ioremap()'s MMU/TLB backed path to avoid spuriously rejecting
valid requests due to an incorrect belief that the memory region is
backed by potentially-in-use RAM. This fixes a regression in v4.2"
* tag 'mips_fixes_4.18_3' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux:
MIPS: Fix ioremap() RAM check
MIPS: Use async IPIs for arch_trigger_cpumask_backtrace()
MIPS: Call dump_stack() from show_regs()
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJbRAoxAAoJEAx081l5xIa+zEgP/3umHHNNEF6GMcxVyPeBFoxd
UFDVonPvHUD5ASNo9UV9YEMHrNRCvLVs2vd9EkWFaqxtik5Hy+VS+HHD1Mhr8DtE
zGWuloOr1W3IXzNROBKqwjHwEPZp8LKQUxDxIkpei0X05cr3sO5xQWEjbPl+LkQD
VsIaLyUGe6G8UN/+upaa6j03oh3L+JxCZt5vTEXVMEAIohsjtwC0wq//Lx92Lzd6
L7yQGPGWMKRWvt9XPcaEckLcgj9Ys3gBe3zmPvxy3M5R210oat2wS1GbHOba3lOl
8euZSRls6IXQeLY85VQpco1zT0YZaMsni3Q9kOzHiu1tH6cu++id7BY9zcJcLyUy
uaUxtfOihNetnAdAeMGhJZukyPMtoip4r7lI57htr+bX4uTxpbVIl2bvT6Sih+bE
kZGdxRSk7L+2rb55aREkdBLsIog+T1a4XEH/ARllGrs6V0Yy9HEvS+s8vFFerOoL
ZWGEjVpoz2DsUOHPlhydbimyJ39ly3sw2h5VRe5hIaoc+/w3i5sX/jeAxc4zQNjm
/qY4Gj9VaZBvdqAvC15tOT6U+fucPucjVx1AIdHNSaCldUb/mY+hdCs5fg0EDUab
rayNXC9aK0ghx8jK0AV+GNzqdYikzaxchXD6foHvnXdVc1NQ3Paxo11aG+adlJvk
uYz0R4dC83sA/yVvKIR9
=e1Tg
-----END PGP SIGNATURE-----
Merge tag 'drm-fixes-2018-07-10' of git://anongit.freedesktop.org/drm/drm
Pull drm fixes from Dave Airlie:
"This just contains some etnaviv fixes and a MAINTAINERS update for the
new drm tree locations"
* tag 'drm-fixes-2018-07-10' of git://anongit.freedesktop.org/drm/drm:
MAINTAINERS: update drm tree
drm/etnaviv: bring back progress check in job timeout handler
drm/etnaviv: Fix driver unregistering
drm/etnaviv: Check for platform_device_register_simple() failure
Mail to dri-devel went out, linux-next was updated, but we forgot this
one here.
Cc: David Airlie <airlied@linux.ie>
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
Acked-by: Alex Deucher <alexander.deucher@amd.com>
Acked-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20180706072842.9009-1-daniel.vetter@ffwll.ch
Lucas wrote:
"a couple of small fixes:
- 2 patches from Fabio to fix module reloading
- one patch to fix a userspace visible regression, where the job
timeout is a bit too eager and kills legitimate jobs"
Signed-off-by: Dave Airlie <airlied@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/1530868450.15725.8.camel@pengutronix.de
Pull HID fixes from Jiri Kosina:
- spectrev1 pattern fix in hiddev from Gustavo A. R. Silva
- bounds check fix for hid-debug from Daniel Rosenberg
- regression fix for HID autobinding from Benjamin Tissoires
- removal of excessive logging from i2c-hid driver from Jason Andryuk
- fix specific to 2nd generation of Wacom Intuos devices from Jason
Gerecke
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid:
HID: hiddev: fix potential Spectre v1
HID: i2c-hid: Fix "incomplete report" noise
HID: wacom: Correct touch maximum XY of 2nd-gen Intuos
HID: debug: check length before copy_to_user()
HID: core: allow concurrent registration of drivers
Update my TDA998x HDMI encoder MAINTAINERS entry to include the
dt-bindings header, and a keyword pattern to catch patches containing
the DT compatible. Also change the status to "maintained" rather than
"supported".
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
uref->field_index, uref->usage_index, finfo.field_index and cinfo.index can be
indirectly controlled by user-space, hence leading to a potential exploitation
of the Spectre variant 1 vulnerability.
This issue was detected with the help of Smatch:
drivers/hid/usbhid/hiddev.c:473 hiddev_ioctl_usage() warn: potential spectre issue 'report->field' (local cap)
drivers/hid/usbhid/hiddev.c:477 hiddev_ioctl_usage() warn: potential spectre issue 'field->usage' (local cap)
drivers/hid/usbhid/hiddev.c:757 hiddev_ioctl() warn: potential spectre issue 'report->field' (local cap)
drivers/hid/usbhid/hiddev.c:801 hiddev_ioctl() warn: potential spectre issue 'hid->collection' (local cap)
Fix this by sanitizing such structure fields before using them to index
report->field, field->usage and hid->collection
Notice that given that speculation windows are large, the policy is
to kill the speculation on the first load and not worry if it can be
completed with a dependent load/store [1].
[1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2
Cc: stable@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Commit ac75a04104 ("HID: i2c-hid: fix size check and type usage") started
writing messages when the ret_size is <= 2 from i2c_master_recv. However, my
device i2c-DLL07D1 returns 2 for a short period of time (~0.5s) after I stop
moving the pointing stick or touchpad. It varies, but you get ~50 messages
each time which spams the log hard.
[ 95.925055] i2c_hid i2c-DLL07D1:01: i2c_hid_get_input: incomplete report (83/2)
This has also been observed with a i2c-ALP0017.
[ 1781.266353] i2c_hid i2c-ALP0017:00: i2c_hid_get_input: incomplete report (30/2)
Only print the message when ret_size is totally invalid and less than 2 to cut
down on the log spam.
Fixes: ac75a04104 ("HID: i2c-hid: fix size check and type usage")
Reported-by: John Smith <john-s-84@gmx.net>
Cc: stable@vger.kernel.org
Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
If pinctrl nodes for 100/200MHz are missing, the controller should
not select any mode which need signal frequencies 100MHz or higher.
To prevent such speed modes the driver currently uses the quirk flag
SDHCI_QUIRK2_NO_1_8_V. This works nicely for SD cards since 1.8V
signaling is required for all faster modes and slower modes use 3.3V
signaling only.
However, there are eMMC modes which use 1.8V signaling and run below
100MHz, e.g. DDR52 at 1.8V. With using SDHCI_QUIRK2_NO_1_8_V this
mode is prevented. When using a fixed 1.8V regulator as vqmmc-supply
the stack has no valid mode to use. In this tenuous situation the
kernel continuously prints voltage switching errors:
mmc1: Switching to 3.3V signalling voltage failed
Avoid using SDHCI_QUIRK2_NO_1_8_V and prevent faster modes by
altering the SDHCI capability register. With that the stack is able
to select 1.8V modes even if no faster pinctrl states are available:
# cat /sys/kernel/debug/mmc1/ios
...
timing spec: 8 (mmc DDR52)
signal voltage: 1 (1.80 V)
...
Link: http://lkml.kernel.org/r/20180628081331.13051-1-stefan@agner.ch
Signed-off-by: Stefan Agner <stefan@agner.ch>
Fixes: ad93220de7 ("mmc: sdhci-esdhc-imx: change pinctrl state according
to uhs mode")
Cc: <stable@vger.kernel.org> # v4.13+
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
After commit 18996f2db9 (ACPICA: Events: Stop unconditionally
clearing ACPI IRQs during suspend/resume) the status of ACPI events
is not cleared any more when entering the ACPI S5 system state (power
off) which causes some systems to power up immediately after turing
off power in certain situations.
That is a functional regression, so address it by making the code
clear the status of all ACPI events again when entering S5 (for
system-wide suspend or hibernation the clearing of the status of all
events is not desirable, as it might cause the kernel to miss wakeup
events sometimes).
Fixes: 18996f2db9 (ACPICA: Events: Stop unconditionally clearing ACPI IRQs during suspend/resume)
Reported-by: Takashi Iwai <tiwai@suse.de>
Tested-by: Thomas Hänig <haenig@cosifan.de>
Cc: 4.17+ <stable@vger.kernel.org> # 4.17+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
A small collection of fixes, sort of the usual at this point, all for
i.MX or OMAP:
- Enable ULPI drivers on i.MX to avoid a hang
- Pinctrl fix for touchscreen on i.MX51 ZII RDU1
- Fixes for ethernet clock references on am3517
- mmc0 write protect detection fix for am335x
- kzalloc->kcalloc conversion in an OMAP driver
- USB metastability fix for USB on dra7
- Fix touchscreen wakeup on am437x
-----BEGIN PGP SIGNATURE-----
iQJDBAABCAAtFiEElf+HevZ4QCAJmMQ+jBrnPN6EHHcFAltCOpkPHG9sb2ZAbGl4
b20ubmV0AAoJEIwa5zzehBx38LsP/1V0UGTgU3qz7vo2JkZxa9HAT+vroL1PDUmi
+WCtndQA5kOGZkAEB8q5Ry6MH9P372JfJrkSy3v0B8e7gRXXH3Ojke9FQA2N5z60
cKLaiWq3euZ/y5UWvfkd8WX29uBC63y9+AyJcFaacyWYvwwvC6TxMOCcSNBUG24l
bCGkXgwF9UCPxUWD+ZDgDhrTCNWr6E9jf/guAJ8ozsR/XR1xTSVlWJOq2qY9x9h/
QvZLa+fYXj55z/XBNWxqlzWu24xHU6yPAizdSOqHVmCe51QTub2ZVlx0qJuWUuvn
POdVgmwbvKixfX8ivxvIeEb3yEPTOl5WI6xBt3Sf5PcaE+Oby91koFaqq2kOT/fs
XCMBU9mRFQdryiFuvl8g5cqV26s6AyC+ACxfAhCr4BQoyBZgjITCrR4zfyf/YO1U
e94VsDawdFG1QSRlbgpYCIeV4uQJJeCeZFKbQ/nZH9R2yBuGEOWry/dET6FkfmiE
NbWBzIIdrjs1TS5BtCRAOM4KAMKhKcF7EZ67F6azeIt0WcO+w3hf0+8NAQdJqS59
WjNWS6szmZgEblbJmCgk0CJPUGyLD8voVvQ9AWHTNEHM3CMD+2Mn8ZhYxVxhXCLz
odQxPOuUk9l3eA4Y5t2DfDaCHA4JRNygsVLyPugzx5XcV2RA30daPhWO9IzKMTPO
t58/SeW6
=N/ik
-----END PGP SIGNATURE-----
Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
Pull ARM SoC fixes from Olof Johansson:
"A small collection of fixes, sort of the usual at this point, all for
i.MX or OMAP:
- Enable ULPI drivers on i.MX to avoid a hang
- Pinctrl fix for touchscreen on i.MX51 ZII RDU1
- Fixes for ethernet clock references on am3517
- mmc0 write protect detection fix for am335x
- kzalloc->kcalloc conversion in an OMAP driver
- USB metastability fix for USB on dra7
- Fix touchscreen wakeup on am437x"
* tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
ARM: imx_v4_v5_defconfig: Select ULPI support
ARM: imx_v6_v7_defconfig: Select ULPI support
ARM: dts: omap3: Fix am3517 mdio and emac clock references
ARM: dts: am335x-bone-common: Fix mmc0 Write Protect
bus: ti-sysc: Use 2-factor allocator arguments
ARM: dts: dra7: Disable metastability workaround for USB2
ARM: dts: imx51-zii-rdu1: fix touchscreen pinctrl
ARM: dts: am437x: make edt-ft5x06 a wakeup source
Pull x86/pti updates from Thomas Gleixner:
"Two small fixes correcting the handling of SSB mitigations on AMD
processors"
* 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR
x86/bugs: Update when to check for the LS_CFG SSBD mitigation
Pull x86 fixes from Thomas Gleixner:
- Prevent an out-of-bounds access in mtrr_write()
- Break a circular dependency in the new hyperv IPI acceleration code
- Address the build breakage related to inline functions by enforcing
gnu_inline and explicitly bringing native_save_fl() out of line,
which also adds a set of _ARM_ARG macros which provide 32/64bit
safety.
- Initialize the shadow CR4 per cpu variable before using it.
* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/mtrr: Don't copy out-of-bounds data in mtrr_write
x86/hyper-v: Fix the circular dependency in IPI enlightenment
x86/paravirt: Make native_save_fl() extern inline
x86/asm: Add _ASM_ARG* constants for argument registers to <asm/asm.h>
compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations
x86/mm/32: Initialize the CR4 shadow before __flush_tlb_all()
Pull scheduler fixes from Thomas Gleixner:
- The hopefully final fix for the reported race problems in
kthread_parkme(). The previous attempt still left a hole and was
partially wrong.
- Plug a race in the remote tick mechanism which triggers a warning
about updates not being done correctly. That's a false positive if
the race condition is hit as the remote CPU is idle. Plug it by
checking the condition again when holding run queue lock.
- Fix a bug in the utilization estimation of a run queue which causes
the estimation to be 0 when a run queue is throttled.
- Advance the global expiration of the period timer when the timer is
restarted after a idle period. Otherwise the expiry time is stale and
the timer fires prematurely.
- Cure the drift between the bandwidth timer and the runqueue
accounting, which leads to bogus throttling of runqueues
- Place the call to cpufreq_update_util() correctly so the function
will observe the correct number of running RT tasks and not a stale
one.
* 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
kthread, sched/core: Fix kthread_parkme() (again...)
sched/util_est: Fix util_est_dequeue() for throttled cfs_rq
sched/fair: Advance global expiration when period timer is restarted
sched/fair: Fix bandwidth timer clock drift condition
sched/rt: Fix call to cpufreq_update_util()
sched/nohz: Skip remote tick on idle task entirely
Pull objtool fix from Thomas Gleixner:
"A single fix for objtool to address a bug in handling the cold
subfunction detection for aliased functions which was added recently.
The bug causes objtool to enter an infinite loop"
* 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
objtool: Support GCC 8 '-fnoreorder-functions'
Pull crypto fixes from Herbert Xu:
- add missing RETs in x86 aegis/morus
- fix build error in arm speck
* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
crypto: x86 - Add missing RETs
crypto: arm/speck - fix building in Thumb2 mode
maliciously crafted file system image can result in a kernel OOPS or
hang. At least one fix addresses an inline data bug could be
triggered by userspace without the need of a crafted file system
(although it does require that the inline data feature be enabled).
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEK2m5VNv+CHkogTfJ8vlZVpUNgaMFAltBmcYACgkQ8vlZVpUN
gaPDJgf/cEa9QuiYTbNOmcOMorK9LEk5XO8qsiJdUVNQtLsHZfl0QowbkF9/F/W5
andTJzNpFvXeLADMTTjpsDnQ90i8LKD11Kol3dPJcMhJhELtQsjxUBguxpQBP86R
dvHuCl2/AaqX7rr6Co80yYSinRCquqkzJNhdM5/MLNGziSpkQL3dPSs93rmV+YbU
8DkUwmhDhoiToLBTLaldrAsAzKvor3uyjNPJ3qhxeE2kXrnuI1V4XfstBGjhVKFB
/5aYWexDZkL5qiCo+lZnqdITqUnPx3uAkUdBn0dj7V+nDow+/R/8nApvlvJu6usF
OfMoKr098/pmPAjE5aZ8QpBNVtLFpg==
=njzR
-----END PGP SIGNATURE-----
Merge tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4
Pull ext4 bugfixes from Ted Ts'o:
"Bug fixes for ext4; most of which relate to vulnerabilities where a
maliciously crafted file system image can result in a kernel OOPS or
hang.
At least one fix addresses an inline data bug could be triggered by
userspace without the need of a crafted file system (although it does
require that the inline data feature be enabled)"
* tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
ext4: check superblock mapped prior to committing
ext4: add more mount time checks of the superblock
ext4: add more inode number paranoia checks
ext4: avoid running out of journal credits when appending to an inline file
jbd2: don't mark block as modified if the handle is out of credits
ext4: never move the system.data xattr out of the inode body
ext4: clear i_data in ext4_inode_info when removing inline data
ext4: include the illegal physical block in the bad map ext4_error msg
ext4: verify the depth of extent tree in ext4_find_extent()
ext4: only look at the bg_flags field if it is valid
ext4: make sure bitmaps and the inode table don't overlap with bg descriptors
ext4: always check block group bounds in ext4_init_block_bitmap()
ext4: always verify the magic number in xattr blocks
ext4: add corruption check in ext4_xattr_set_entry()
ext4: add warn_on_error mount option
-----BEGIN PGP SIGNATURE-----
iQJIBAABCgAyFiEEgMe7l+5h9hnxdsnuWYigwDrT+vwFAltBPacUHGJoZWxnYWFz
QGdvb2dsZS5jb20ACgkQWYigwDrT+vwx+hAAvzTP6o3VOtgNK7lm3nOBuzfykgCv
TFhXP2yeDItWDBLDpWX7wjs2657W3Sjrpw6FyVIYvsoMKKRuOYeZ6ChDieG5ZgTj
oxav5U6TlDHoF0fNq0LWfv78lP6+++7/6yaer6j9xDksVqE4/zxlFcExxuszhZlC
8ptJ54ORn92RdfRHCDptA4PFReNlQWNw3bpKpGxu8xj0TN/sYPN3ggHfnmiEyGMZ
8/KLNOzGrhoqztaBPyRoG3GhU1hpicT+fWzg11Li8hP1solQDht+S3mnCC1IxqdI
JSU7/jhti4nUV56qE7QzYzdsVbTFcItGn0WImklIFCt7htp4Rms0wN+QCmwhtjKM
0WH02gRDip4CcYcPZGeGaeexWJFEScamFK1yxxDV7059KsoQKUN1Sm+R7y9xORYw
nQAHPTO/nv02Xo+ADAYzV0aBPD7fEvFaWtdXAuLocVWVj3eiEqp8ftoYmuWym6T3
gHWt9Dod8olj3t9bkR1MWZ121Ar5MsobgJSF30smEx8VMKv+4Xx8eXvq0FCuUQwT
s/WLTPqK31Sqjii0xe1wO8g0yexCVaBpXJB/e9PpYf/+ICItG1DHLz0Ygw01QWVK
Tv7HTAofdO42kChHjErB6GbzSuxDxSVCPN26bwkZu0eV91uKiLKA7wLUv8+qSXlZ
lK98Eypy0Ti7pvA=
=IOF/
-----END PGP SIGNATURE-----
Merge tag 'pci-v4.18-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci
Pull PCI fixes from Bjorn Helgaas:
- Fix a use-after-free in the endpoint code (Dan Carpenter)
- Stop defaulting CONFIG_PCIE_DW_PLAT_HOST to yes (Geert Uytterhoeven)
- Fix an nfp regression caused by a change in how we limit the number
of VFs we can enable (Jakub Kicinski)
- Fix failure path cleanup issues in the new R-Car gen3 PHY support
(Marek Vasut)
- Fix leaks of OF nodes in faraday, xilinx-nwl, xilinx (Nicholas Mc
Guire)
* tag 'pci-v4.18-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
nfp: stop limiting VFs to 0
PCI/IOV: Reset total_VFs limit after detaching PF driver
PCI: faraday: Add missing of_node_put()
PCI: xilinx-nwl: Add missing of_node_put()
PCI: xilinx: Add missing of_node_put()
PCI: endpoint: Use after free in pci_epf_unregister_driver()
PCI: controller: dwc: Do not let PCIE_DW_PLAT_HOST default to yes
PCI: rcar: Clean up PHY init on failure
PCI: rcar: Shut the PHY down in failpath
-----BEGIN PGP SIGNATURE-----
iQGzBAABCgAdFiEE6fsu8pdIjtWE/DpLiiy9cAdyT1EFAltBFyMACgkQiiy9cAdy
T1EwcAwAoflntkPJtDX1/Ch3fm4cwR/GHiOHJ3jXUUs5x1JVy2YMyIpojijcDB9q
ifmc9ZEVdov5kJVJF4dz4HUhxDwPbZTgZdAwSaYUdbQepA0Nzu7k7ZaTfzWwzYTa
AaGxNShfEWogBdhMjNPKHpIUfrnOEtosv6iLLN3iwkbypLH0f3z1Tye38+9wnDO/
B0M64lf4gxMB7ZsjFoQIu9ZLZMlQgF9ISycPUUmahR6G9sTJaykfyTihTwOo8HUb
zNA6hgW5lUxCpCc2eNwy2wFuLqwf3+t3JmWUgJoYqVCbscywtTScivZyNEO36/17
4oFCExMuJ79TXBP9RyTFrYkNhsTTdAyfDOLWcsMVsAo+zHub1nqjm8ENlmGJ7ZAS
ESdLY+E+59Hndb21Te1IVq7HZsmXKHU6UHxknXTaXFPlBIKeHbH7vtt5zUzq7lxW
hDwPTmev+b7jOE/4+cR5WQItMxzZ+pW7Toc6f8gmN1IU2FJjEsTgNGy2n4Az5WyR
pZAydSRd
=x5ij
-----END PGP SIGNATURE-----
Merge tag '4.18-rc3-smb3fixes' of git://git.samba.org/sfrench/cifs-2.6
Pull cifs fixes from Steve French:
"Five smb3/cifs fixes for stable (including for some leaks and memory
overwrites) and also a few fixes for recent regressions in packet
signing.
Additional testing at the recent SMB3 test event, and some good work
by Paulo and others spotted the issues fixed here. In addition to my
xfstest runs on these, Aurelien and Stefano did additional test runs
to verify this set"
* tag '4.18-rc3-smb3fixes' of git://git.samba.org/sfrench/cifs-2.6:
cifs: Fix stack out-of-bounds in smb{2,3}_create_lease_buf()
cifs: Fix infinite loop when using hard mount option
cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting
cifs: Fix memory leak in smb2_set_ea()
cifs: fix SMB1 breakage
cifs: Fix validation of signed data in smb2
cifs: Fix validation of signed data in smb3+
cifs: Fix use after free of a mid_q_entry
- Driver fixes for k3dma (off by one), pl330 (burst residue granularity)
and omap-dma (incorrect residue_granularity)
- Sinan's email update
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJbQK31AAoJEHwUBw8lI4NHdHgQAKPIWGpcochq1D05xXYTtFeW
8OZ5KxJKj1/fEKbdDVGSvptGRfIOKH//xeb1nFn1vCJh/B/3v25hF9x47m+Dds/l
nckkzKzn88Q4M5sbiQI+Rzgr4QRnPEjai55GsC90u7U6HmRSUBAnBELc8+gE7z/r
6XAuUYpnJ6JLjcF9CX8UnG8PzE3Hw4Z94b2t5gaHi0tZnQTwMQ91pH7EGVRwga4+
M+Cmds7Tvi8w1RTOS3OfD+E7H3PqKx3rZA6w3SK4NZqCSp4zA+jySVKi28QDIxHD
kIX4i5eZwiClEVAxBNN40Md8sh6BRz5HkOKJy3WL2o1vSLCZJwm9DfJwo1EzKKI/
FOyIF+clPctNXHwuSnpBes4X3zjPBVcl04Ii3oX1qdrWMT5XyyD8F/Y4NrT3rixQ
CqqsF7WJHNPUI+ZE+Jxwns5NXWQunpLoaY2cyt2f6DfXZsEtizlUcYhaO1J1SuQn
UnG/L94l8wX8oemlNYhBf/LvHNlOKzfKqtYVEEHy3c14ONZpeCLc/+TSKaoBWRke
NJ57Pjecde5w2Z56ZhG/oFwRilXraG62O1JkJTAFeDDLXx1UCl5nOCkCQqGxdMWM
mDxLVUKzIjJ8DbWJcq3DlLDWVMt2Dbqy7LA7/AagHBnIS1uuv9mXiUQT7CiVDzzG
8Ekz5Jas6etHn3++K5Mt
=pPiU
-----END PGP SIGNATURE-----
Merge tag 'dmaengine-fix-4.18-rc4' of git://git.infradead.org/users/vkoul/slave-dma
Pull dmaengine fixes from Vinod Koul:
"We have few odd driver fixes and one email update change for you this
time:
- Driver fixes for k3dma (off by one), pl330 (burst residue
granularity) and omap-dma (incorrect residue_granularity)
- Sinan's email update"
* tag 'dmaengine-fix-4.18-rc4' of git://git.infradead.org/users/vkoul/slave-dma:
dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate()
dmaengine: pl330: report BURST residue granularity
MAINTAINERS: Update email-id of Sinan Kaya
dmaengine: ti: omap-dma: Fix OMAP1510 incorrect residue_granularity
an interrupt issue, and one oops fix if init fails in a certain
way on the client driver.
-corey
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJbP9SSAAoJEGHzjJCRm/+BSPIP/3R9/zKTfv11OIHWCWaKtZzc
bb+W5IRddVSNiFHtCJPNuk09ZSRL5q60fNOtYiQvjVWhykzZPqd3ExqkQxFkyIKj
cirN5iJvE/h28nxL/XOrzErqAFzFqJNY8fG32GeoWlwM4ahDz6vTjQOPwi0PKCbx
xyiCqxquuFBtW1qgBcGKVxJAMd9w29UGOEY5q7ifzsNIVHk/jABDKdWrpGKWzxHk
daRRv4lXFyYoKpXk+MDuVZItQMsVwX+91jWOHDCUPohBFYLXcMCf/XSaAlQg84UG
ugYxT5T04r5WwPzg1WPnq/tYQDtUy4RziVG3CGkFVcTzoOdZpOg+CCRbUdcBWesQ
PesXOtkRVua7Ccov3eNuCQND1SzqYvQDC2ynoMuC8FImaJ1E7rwuPvb9qGYmUKwt
M29kfXYIB4WSqMo1DA+Ivf/THnHmaPQGP5mr1sq4xsirtJu1YJrV+ScQXPqO7139
Kou/mTV6VxwbT+VFID5+sno8ao89g+NG+GgGwYLaBGmUPAuW8wA+OZ9jSTaVWCOb
tFg8J4AttQ9QVcohXBGV8MClSWUdKtH3L/9x593PR3gT0uiRBmYXAMnFkcLQU8iH
s/6evtJF8ykMTapiSQCDh8RLDogieHYQVgjSPvYC0KekpK88EysF4zT0mdoc/qOT
fZYqzB5VJrOVh0ZEok33
=lLfC
-----END PGP SIGNATURE-----
Merge tag 'for-linus-4.18-2' of git://github.com/cminyard/linux-ipmi
Pull IPMI fixes from Corey Minyard:
"A couple of small fixes: one to the BMC side of things that fixes an
interrupt issue, and one oops fix if init fails in a certain way on
the client driver"
* tag 'for-linus-4.18-2' of git://github.com/cminyard/linux-ipmi:
ipmi: kcs_bmc: fix IRQ exception if the channel is not open
ipmi: Cleanup oops on initialization failure
Don't access the provided buffer out of bounds - this can cause a kernel
out-of-bounds read when invoked through sys_splice() or other things that
use kernel_write()/__kernel_write().
Fixes: 7f8ec5a4f0 ("x86/mtrr: Convert to use strncpy_from_user() helper")
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/20180706215003.156702-1-jannh@google.com
In commit ca04d9d3e1 ("phy: qcom-qusb2: New driver for QUSB2 PHY on
Qcom chips") you can see a call like:
devm_nvmem_cell_get(dev, NULL);
Note that the cell ID passed to the function is NULL. This is because
the qcom-qusb2 driver is expected to work only on systems where the
PHY node is hooked up via device-tree and is nameless.
This works OK for the most part. The first thing nvmem_cell_get()
does is to call of_nvmem_cell_get() and there it's documented that a
NULL name is fine. The problem happens when the call to
of_nvmem_cell_get() returns -EINVAL. In such a case we'll fall back
to nvmem_cell_get_from_list() and eventually might (if nvmem_cells
isn't an empty list) crash with something that looks like:
strcmp
nvmem_find_cell
__nvmem_device_get
nvmem_cell_get_from_list
nvmem_cell_get
devm_nvmem_cell_get
qusb2_phy_probe
There are several different ways we could fix this problem:
One could argue that perhaps the qcom-qusb2 driver should be changed
to use of_nvmem_cell_get() which is allowed to have a NULL name. In
that case, we'd need to add a patche to introduce
devm_of_nvmem_cell_get() since the qcom-qusb2 driver is using devm
managed resources.
One could also argue that perhaps we could just add a name to
qcom-qusb2. That would be OK but I believe it effectively changes the
device tree bindings, so maybe it's a no-go.
In this patch I have chosen to fix the problem by simply not crashing
when a NULL cell_id is passed to nvmem_cell_get().
NOTE: that for the qcom-qusb2 driver the "nvmem-cells" property is
defined to be optional and thus it's expected to be a common case that
we would hit this crash and this is more than just a theoretical fix.
Fixes: ca04d9d3e1 ("phy: qcom-qusb2: New driver for QUSB2 PHY on Qcom chips")
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The commit 9aaa3b8b4c ("thunderbolt: Add support for preboot ACL")
introduced boot_acl attribute but missed the fact that now userspace
needs to poll the attribute constantly to find out whether it has
changed or not. Fix this by sending notification to the userspace
whenever the boot_acl attribute is changed.
Fixes: 9aaa3b8b4c ("thunderbolt: Add support for preboot ACL")
Reported-and-tested-by: Christian Kellner <christian@kellner.me>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Reviewed-by: Christian Kellner <christian@kellner.me>
Acked-by: Yehezkel Bernat <yehezkelshb@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
We are hitting a regression with the following commit:
commit a93e7b3315
Author: Hamish Martin <hamish.martin@alliedtelesis.co.nz>
Date: Mon May 14 13:32:23 2018 +1200
uio: Prevent device destruction while fds are open
The problem is the addition of spin_lock_irqsave in uio_write. This
leads to hitting uio_write -> copy_from_user -> _copy_from_user ->
might_fault and the logs filling up with sleeping warnings.
I also noticed some uio drivers allocate memory, sleep, grab mutexes
from callouts like open() and release and uio is now doing
spin_lock_irqsave while calling them.
Reported-by: Mike Christie <mchristi@redhat.com>
CC: Hamish Martin <hamish.martin@alliedtelesis.co.nz>
Reviewed-by: Hamish Martin <hamish.martin@alliedtelesis.co.nz>
Signed-off-by: Xiubo Li <xiubli@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
If 'fpga_mgr_create()' fails, we should release some resources, as done
in the other error handling path of the function.
Fixes: 7085e2a94f ("fpga: manager: change api, don't use drvdata")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Reviewed-by: Moritz Fischer <mdf@kernel.org>
Acked-by: Alan Tull <atull@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This read handler had a lot of custom logic and wrote outside the bounds of
the provided buffer. This could lead to kernel and userspace memory
corruption. Just use simple_read_from_buffer() with a stack buffer.
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Cc: stable@vger.kernel.org
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This is two minor bug fixes (aacraid, target) and a fix for a
potential exploit in the way sg handles teardown.
Signed-off-by: James E.J. Bottomley <jejb@linux.vnet.ibm.com>
-----BEGIN PGP SIGNATURE-----
iJwEABMIAEQWIQTnYEDbdso9F2cI+arnQslM7pishQUCWz/hBSYcamFtZXMuYm90
dG9tbGV5QGhhbnNlbnBhcnRuZXJzaGlwLmNvbQAKCRDnQslM7pishUkIAP9JKGYO
rcoNxusKsTi6tMEeUFzX1Mu0IkUr9ApcsCJMyAEAyRL5+b77PoZG8NgQBBo99iFE
8DMbxsNbBMbTzDqbfzk=
=ttS3
-----END PGP SIGNATURE-----
Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
Pull SCSI fixes from James Bottomley:
"This is two minor bug fixes (aacraid, target) and a fix for a
potential exploit in the way sg handles teardown"
* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
scsi: sg: mitigate read/write abuse
scsi: aacraid: Fix PD performance regression over incorrect qd being set
scsi: target: Fix truncated PR-in ReadKeys response
- Build cleanup/fix for the sunxi makefile that tried to save size
but failed and prevented dead code elimination from working
- Two Davinci clk driver fixes for a typo causing build failures
in different configurations and an error check that checks
the wrong variable.
- Undo the DT ABI breaking imx6ul binding header shuffle that got
merged this cycle.
-----BEGIN PGP SIGNATURE-----
iQJFBAABCAAvFiEE9L57QeeUxqYDyoaDrQKIl8bklSUFAls/q0ERHHNib3lkQGtl
cm5lbC5vcmcACgkQrQKIl8bklSW3cA//W6ifpX36cjFATeR3A46V5If0ZXL61aog
cXkh5wCofB3OFdBdJifHFmdDIKjc/7Ix0T3x9rfbMXABsaE2xS6R1ikF4mGl1Osm
TQXmMJHN8cLM58XLf2A0fVjH3UV7KJ+F4s9N2giDi+PVjFTZDI4uL2KGopHUnUx0
BppDhf8XH6cKDWepNzQ/uPukQSburZn/pvwjhPQmgVl2pJaUpGXsPAJ4vqTQKrqJ
IS2iI+wgwHbcIHYtbtabSt18q9jaVQkshy5C0l6fYvXs35on9DnLNGv7hLYK/42i
HSRr6P1F2HMVir/dyDmWVigqiC3mqEVRedaq6zfRka2FAvX+4NiYTsvXyZYV52Uc
p68ywqDFdaUWkz5vIS5YyvKb+ynZqvKU9qUMTXigg4pk3xf21eyPOCz5emvcdQ6W
Tm4muE3xOCMrfPKjDgymkVm6+S8JyeJFjh7lPZxK5NIXSEswlB0y9SOlkn6ycra1
y3PaKSs/DLmKBuoCteJxuuujqaJM/qbTwYtwDht7tH0vIkrw5Q9YqOe7MqqdGVyl
hhyqDs7ZtSw4Co5Mu4DDhmqgjwvwQVT3vpzoZyukakEBoQyWomCVFp28I6Ng+iX6
6RzOEIdNFaNuDOg0kxzENblVPWRmcgv76yYF7JcfrRMhjeDmpYV2xlAEmjHRNp6p
iZohOeq/X48=
=pNsb
-----END PGP SIGNATURE-----
Merge tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux
Pull clk fixes from Stephen Boyd:
"The usual collection of driver fixlets:
- build cleanup/fix for the sunxi makefile that tried to save size
but failed and prevented dead code elimination from working
- two Davinci clk driver fixes for a typo causing build failures in
different configurations and an error check that checks the wrong
variable.
- undo the DT ABI breaking imx6ul binding header shuffle that got
merged this cycle"
* tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux:
dt-bindings: clock: imx6ul: Do not change the clock definition order
clk: davinci: fix a typo (which leads to build failures)
clk: davinci: cfgchip: testing the wrong variable
clk: sunxi-ng: replace lib-y with obj-y
Pull s390 fixes from Martin Schwidefsky:
"A few more changes for v4.18:
- wire up the two new system calls io_pgetevents and rseq
- fix a register corruption in the expolines code for machines
without EXRL
- drastically reduce the memory utilization of the dasd driver
- fix reference counting for KVM page table pages"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
s390: wire up rseq system call
s390: wire up io_pgetevents system call
s390/mm: fix refcount usage for 4K pgste
s390/dasd: reduce the default queue depth and nr of hardware queues
s390: Correct register corruption in critical section cleanup
RTL8822be can't bring up properly on ASUS X530UN, and dmesg says:
[ 8.591333] r8822be: module is from the staging directory, the quality
is unknown, you have been warned.
[ 8.593122] r8822be 0000:02:00.0: enabling device (0000 -> 0003)
[ 8.669163] r8822be: Using firmware rtlwifi/rtl8822befw.bin
[ 9.289939] r8822be: rtlwifi: wireless switch is on
[ 10.056426] r8822be 0000:02:00.0 wlp2s0: renamed from wlan0
...
[ 11.952534] r8822be: halmac_init_hal failed
[ 11.955933] r8822be: halmac_init_hal failed
[ 11.956227] r8822be: halmac_init_hal failed
[ 22.007942] r8822be: halmac_init_hal failed
Jian-Hong reported it works if turn off ASPM with module parameter aspm=0.
In order to fix this problem kindly, this commit don't turn off aspm but
enlarge ASPM L1 latency to 7.
Reported-by: Jian-Hong Pan <jian-hong@endlessm.com>
Tested-by: Jian-Hong Pan <jian-hong@endlessm.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
In general, accessing userspace memory beyond the length of the supplied
buffer in VFS read/write handlers can lead to both kernel memory corruption
(via kernel_read()/kernel_write(), which can e.g. be triggered via
sys_splice()) and privilege escalation inside userspace.
Fix it by using simple_read_from_buffer() instead of custom logic.
Fixes: 6bc235a2e2 ("USB: add driver for Meywa-Denki & Kayac YUREX")
Signed-off-by: Jann Horn <jannh@google.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Corsair Strafe appears to suffer from the same issues
as the Corsair Strafe RGB.
Apply the same quirks (control message delay and init delay)
that the RGB version has to 1b1c:1b15.
With these quirks in place the keyboard works correctly upon
booting the system, and no longer requires reattaching the device.
Signed-off-by: Nico Sneck <snecknico@gmail.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The > should be >= here so that we don't read one element beyond the end
of the ep->stream_info->stream_rings[] array.
Fixes: e9df17eb14 ("USB: xhci: Correct assumptions about number of rings per endpoint.")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linus Torvalds