Stricted [Wed, 18 Apr 2018 17:17:45 +0000 (19:17 +0200)]
set CONFIG_LOCALVERSION_AUTO
Stricted [Wed, 18 Apr 2018 17:16:43 +0000 (19:16 +0200)]
remove is_data_mounted crap entirely
Stricted [Wed, 18 Apr 2018 13:47:34 +0000 (15:47 +0200)]
store gtp_ref.bin and gtp_clk.bin on /cache
this is safe as the files are getting generated when they dont exist
Stricted [Wed, 18 Apr 2018 12:13:11 +0000 (14:13 +0200)]
work around silly sysfs node requirement for working touch
Stricted [Thu, 22 Mar 2018 15:44:48 +0000 (16:44 +0100)]
fix mali API_VERSION grep
Stricted [Thu, 22 Mar 2018 15:29:10 +0000 (16:29 +0100)]
fix section mismatch warnings
mttkrb [Thu, 22 Mar 2018 08:13:35 +0000 (09:13 +0100)]
Update tpd_debug.c
change include statement to prevent compiler-error because header file not found
Stricted [Tue, 20 Mar 2018 15:52:11 +0000 (16:52 +0100)]
get rid of drvgen
Stricted [Wed, 21 Mar 2018 22:40:26 +0000 (23:40 +0100)]
fix compilation after merge
Stricted [Wed, 21 Mar 2018 22:07:40 +0000 (23:07 +0100)]
Merge tag 'v3.10.108' into update
This is the 3.10.108 stable release
Stricted [Wed, 21 Mar 2018 22:07:35 +0000 (23:07 +0100)]
Merge tag 'v3.10.107' into update
This is the 3.10.107 stable release
Stricted [Wed, 21 Mar 2018 22:06:23 +0000 (23:06 +0100)]
Merge tag 'v3.10.106' into update
This is the 3.10.106 stable release
Stricted [Wed, 21 Mar 2018 22:00:38 +0000 (23:00 +0100)]
Merge tag 'v3.10.105' into update
This is the 3.10.105 stable release
Stricted [Wed, 21 Mar 2018 21:58:25 +0000 (22:58 +0100)]
Merge tag 'v3.10.104' into update
This is the 3.10.104 stable release
Stricted [Wed, 21 Mar 2018 21:58:21 +0000 (22:58 +0100)]
Merge tag 'v3.10.103' into update
This is the 3.10.103 stable release
Stricted [Wed, 21 Mar 2018 21:54:09 +0000 (22:54 +0100)]
Merge tag 'v3.10.102' into update
This is the 3.10.102 stable release
Stricted [Wed, 21 Mar 2018 21:52:41 +0000 (22:52 +0100)]
Merge tag 'v3.10.101' into update
This is the 3.10.101 stable release
Stricted [Wed, 21 Mar 2018 21:52:38 +0000 (22:52 +0100)]
Merge tag 'v3.10.100' into update
This is the 3.10.100 stable release
Stricted [Wed, 21 Mar 2018 21:51:42 +0000 (22:51 +0100)]
Merge tag 'v3.10.99' into update
This is the 3.10.99 stable release
Stricted [Wed, 21 Mar 2018 21:51:37 +0000 (22:51 +0100)]
Merge tag 'v3.10.98' into update
This is the 3.10.98 stable release
Stricted [Wed, 21 Mar 2018 21:51:04 +0000 (22:51 +0100)]
Merge tag 'v3.10.97' into update
This is the 3.10.97 stable release
Stricted [Wed, 21 Mar 2018 21:51:00 +0000 (22:51 +0100)]
Merge tag 'v3.10.96' into update
This is the 3.10.96 stable release
Stricted [Wed, 21 Mar 2018 21:50:56 +0000 (22:50 +0100)]
Merge tag 'v3.10.95' into update
This is the 3.10.95 stable release
Stricted [Wed, 21 Mar 2018 21:49:45 +0000 (22:49 +0100)]
Merge tag 'v3.10.94' into update
This is the 3.10.94 stable release
Stricted [Wed, 21 Mar 2018 21:49:39 +0000 (22:49 +0100)]
Merge tag 'v3.10.93' into update
This is the 3.10.93 stable release
Stricted [Wed, 21 Mar 2018 21:49:35 +0000 (22:49 +0100)]
Merge tag 'v3.10.92' into update
This is the 3.10.92 stable release
Stricted [Wed, 21 Mar 2018 21:48:36 +0000 (22:48 +0100)]
Merge tag 'v3.10.91' into update
This is the 3.10.91 stable release
Stricted [Wed, 21 Mar 2018 21:47:31 +0000 (22:47 +0100)]
Merge tag 'v3.10.90' into update
This is the 3.10.90 stable release
Stricted [Wed, 21 Mar 2018 21:47:28 +0000 (22:47 +0100)]
Merge tag 'v3.10.89' into update
This is the 3.10.89 stable release
Stricted [Wed, 21 Mar 2018 21:47:25 +0000 (22:47 +0100)]
Merge tag 'v3.10.88' into update
This is the 3.10.88 stable release
Stricted [Wed, 21 Mar 2018 21:47:22 +0000 (22:47 +0100)]
Merge tag 'v3.10.87' into update
This is the 3.10.87 stable release
Stricted [Wed, 21 Mar 2018 21:47:17 +0000 (22:47 +0100)]
Merge tag 'v3.10.86' into update
This is the 3.10.86 stable release
Stricted [Wed, 21 Mar 2018 21:46:39 +0000 (22:46 +0100)]
Merge tag 'v3.10.85' into update
This is the 3.10.85 stable release
Stricted [Wed, 21 Mar 2018 21:46:36 +0000 (22:46 +0100)]
Merge tag 'v3.10.84' into update
This is the 3.10.84 stable release
Stricted [Wed, 21 Mar 2018 21:46:32 +0000 (22:46 +0100)]
Merge tag 'v3.10.83' into update
This is the 3.10.83 stable release
Stricted [Wed, 21 Mar 2018 21:45:38 +0000 (22:45 +0100)]
Merge tag 'v3.10.82' into update
This is the 3.10.82 stable release
Stricted [Wed, 21 Mar 2018 21:45:35 +0000 (22:45 +0100)]
Merge tag 'v3.10.81' into update
This is the 3.10.81 stable release
Stricted [Wed, 21 Mar 2018 21:45:22 +0000 (22:45 +0100)]
Merge tag 'v3.10.80' into update
This is the 3.10.80 stable release
Stricted [Wed, 21 Mar 2018 21:44:42 +0000 (22:44 +0100)]
Merge tag 'v3.10.79' into update
This is the 3.10.79 stable release
Stricted [Wed, 21 Mar 2018 21:44:38 +0000 (22:44 +0100)]
Merge tag 'v3.10.78' into update
This is the 3.10.78 stable release
Stricted [Wed, 21 Mar 2018 21:44:34 +0000 (22:44 +0100)]
Merge tag 'v3.10.77' into update
This is the 3.10.77 stable release
Stricted [Wed, 21 Mar 2018 21:42:30 +0000 (22:42 +0100)]
Merge tag 'v3.10.76' into update
This is the 3.10.76 stable release
Stricted [Wed, 21 Mar 2018 21:41:10 +0000 (22:41 +0100)]
Merge tag 'v3.10.75' into update
This is the 3.10.75 stable release
Stricted [Wed, 21 Mar 2018 21:41:07 +0000 (22:41 +0100)]
Merge tag 'v3.10.74' into update
This is the 3.10.74 stable release
Stricted [Wed, 21 Mar 2018 21:41:03 +0000 (22:41 +0100)]
Merge tag 'v3.10.73' into update
This is the 3.10.73 stable release
Stricted [Wed, 21 Mar 2018 21:40:54 +0000 (22:40 +0100)]
Merge tag 'v3.10.72' into update
This is the 3.10.72 stable release
Stricted [Wed, 21 Mar 2018 21:40:50 +0000 (22:40 +0100)]
Merge tag 'v3.10.71' into update
This is the 3.10.71 stable release
Stricted [Wed, 21 Mar 2018 21:40:47 +0000 (22:40 +0100)]
Merge tag 'v3.10.70' into update
This is the 3.10.70 stable release
Stricted [Wed, 21 Mar 2018 21:39:46 +0000 (22:39 +0100)]
Merge tag 'v3.10.69' into update
This is the 3.10.69 stable release
Stricted [Wed, 21 Mar 2018 21:38:24 +0000 (22:38 +0100)]
Merge tag 'v3.10.68' into update
This is the 3.10.68 stable release
Stricted [Wed, 21 Mar 2018 21:36:30 +0000 (22:36 +0100)]
Merge tag 'v3.10.67' into update
This is the 3.10.67 stable release
Stricted [Wed, 21 Mar 2018 21:36:27 +0000 (22:36 +0100)]
Merge tag 'v3.10.66' into update
This is the 3.10.66 stable release
Stricted [Wed, 21 Mar 2018 21:36:23 +0000 (22:36 +0100)]
Merge tag 'v3.10.65' into update
This is the 3.10.65 stable release
Stricted [Wed, 21 Mar 2018 21:33:51 +0000 (22:33 +0100)]
Merge tag 'v3.10.64' into update
This is the 3.10.64 stable release
Stricted [Wed, 21 Mar 2018 21:33:47 +0000 (22:33 +0100)]
Merge tag 'v3.10.63' into update
This is the 3.10.63 stable release
Stricted [Wed, 21 Mar 2018 21:31:45 +0000 (22:31 +0100)]
Merge tag 'v3.10.62' into update
This is the 3.10.62 stable release
Stricted [Wed, 21 Mar 2018 21:31:40 +0000 (22:31 +0100)]
Merge tag 'v3.10.61' into update
This is the 3.10.61 stable release
Stricted [Wed, 21 Mar 2018 21:31:34 +0000 (22:31 +0100)]
Merge tag 'v3.10.60' into update
This is the 3.10.60 stable release
Stricted [Wed, 21 Mar 2018 21:31:29 +0000 (22:31 +0100)]
Merge tag 'v3.10.59' into update
This is the 3.10.59 stable release
Stricted [Wed, 21 Mar 2018 21:31:25 +0000 (22:31 +0100)]
Merge tag 'v3.10.58' into update
This is the 3.10.58 stable release
Stricted [Wed, 21 Mar 2018 21:28:46 +0000 (22:28 +0100)]
Merge tag 'v3.10.57' into update
This is the 3.10.57 stable release
Stricted [Wed, 21 Mar 2018 21:22:19 +0000 (22:22 +0100)]
Merge tag 'v3.10.56' into update
This is the 3.10.56 stable release
Stricted [Wed, 21 Mar 2018 21:13:57 +0000 (22:13 +0100)]
Merge tag 'v3.10.55' into update
This is the 3.10.55 stable release
Stricted [Wed, 21 Mar 2018 14:41:24 +0000 (15:41 +0100)]
disable some mediatekl custom warnings
Stricted [Fri, 16 Mar 2018 11:36:42 +0000 (12:36 +0100)]
scripts: kconfig: fix jump initialization
Stricted [Fri, 16 Mar 2018 11:43:09 +0000 (12:43 +0100)]
scripts: sortextable: fix relocs_size initialization
Stricted [Mon, 19 Mar 2018 16:45:11 +0000 (17:45 +0100)]
cleanup Makefile
Stricted [Mon, 19 Mar 2018 16:33:56 +0000 (17:33 +0100)]
remove useless makefiles and build script
Diogo Ferreira [Fri, 15 Apr 2016 17:34:08 +0000 (18:34 +0100)]
Add an option to multiplex AP and STA on wlan0
This adds CONFIG_MTK_COMBO_AOSP_TETHERING_SUPPORT which, when enabled,
allows ap and wlan to co-exist in the same interface, as Android
expects.
Most of this functionality is also available (albeit not compilable broken)
under CFG_TC1_FEATURE but that has larger implications around the radio
and usb stack that we do not want to adopt.
Change-Id: Ib1d1be40566f1bb9ccc7be45b49ec8d1f3b3ba58
Ticket: PORRIDGE-30
Stricted [Mon, 19 Mar 2018 13:51:56 +0000 (14:51 +0100)]
ignore all warning
i dont really want fix this mess that mediatek did here to get a clean build log
so lets disable the warning for now instead
Kees Cook [Tue, 10 Jun 2014 22:40:23 +0000 (15:40 -0700)]
ARM: add seccomp syscall
Wires up the new seccomp syscall.
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Change-Id: I31a2d38b892e2cd81bf3998a916c7bb539a37767
Stricted [Fri, 16 Mar 2018 11:30:43 +0000 (12:30 +0100)]
replace lcm_mdelay with mdelay
Stricted [Tue, 13 Mar 2018 19:30:12 +0000 (20:30 +0100)]
import PULS_20180308
Stricted [Tue, 13 Mar 2018 19:29:02 +0000 (20:29 +0100)]
import PULS_20160108
Willy Tarreau [Sat, 4 Nov 2017 22:34:48 +0000 (23:34 +0100)]
Linux 3.10.108
Willy Tarreau [Thu, 2 Nov 2017 22:22:31 +0000 (23:22 +0100)]
x86/apic: fix build breakage caused by incomplete backport to 3.10
Commit
928a277 ("x86/apic: Do not init irq remapping if ioapic is
disabled") introduced in 3.10.105 introduced an implicit dependency of
CONFIG_X86_LOCAL_APIC to CONFIG_X86_IO_APIC which was later solved as
part of simplifications on the config dependencies in more recent kernels.
This dependency results in build failure when CONFIG_X86_LOCAL_APIC is
set without CONFIG_X86_IO_APIC (this setup requires CONFIG_SMP=n). The
reason is that skip_ioapic_setup is declared in apic.c and that the
backported code was picked from a context where the #ifdef surrounding
the function used to cover this condition.
Let's just add the appropriate #ifdef to fix the 3.10 backport.
Thanks to Christoph Biedl for reporting and diagnosing this one.
Reported-by: Christoph Biedl <linux-kernel.bfrz@manchmal.in-ulm.de>
Cc: Christoph Biedl <linux-kernel.bfrz@manchmal.in-ulm.de>
Cc: Jan Beulich <JBeulich@suse.com>
Cc: Wanpeng Li <wanpeng.li@hotmail.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Stefan Mätje [Wed, 18 Oct 2017 11:25:17 +0000 (13:25 +0200)]
can: esd_usb2: Fix can_dlc value for received RTR, frames
commit
72d92e865d1560723e1957ee3f393688c49ca5bf upstream.
The dlc member of the struct rx_msg contains also the ESD_RTR flag to
mark received RTR frames. Without the fix the can_dlc value for received
RTR frames would always be set to 8 by get_can_dlc() instead of the
received value.
Fixes:
96d8e90382dc ("can: Add driver for esd CAN-USB/2 device")
Signed-off-by: Stefan Mätje <stefan.maetje@esd.eu>
Cc: linux-stable <stable@vger.kernel.org>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Dan Carpenter [Tue, 21 Feb 2017 18:46:37 +0000 (21:46 +0300)]
scsi: scsi_dh_emc: return success in clariion_std_inquiry()
commit
4d7d39a18b8b81511f0b893b7d2203790bf8a58b upstream.
We accidentally return an uninitialized variable on success.
Fixes:
b6ff1b14cdf4 ("[SCSI] scsi_dh: Update EMC handler")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Andrew Gabbasov [Sat, 30 Sep 2017 15:55:55 +0000 (08:55 -0700)]
usb: gadget: composite: Fix use-after-free in usb_composite_overwrite_options
commit
aec17e1e249567e82b26dafbb86de7d07fde8729 upstream.
KASAN enabled configuration reports an error
BUG: KASAN: use-after-free in usb_composite_overwrite_options+...
[libcomposite] at addr ...
Read of size 1 by task ...
when some driver is un-bound and then bound again.
For example, this happens with FunctionFS driver when "ffs-test"
test application is run several times in a row.
If the driver has empty manufacturer ID string in initial static data,
it is then replaced with generated string. After driver unbinding
the generated string is freed, but the driver data still keep that
pointer. And if the driver is then bound again, that pointer
is re-used for string emptiness check.
The fix is to clean up the driver string data upon its unbinding
to drop the pointer to freed memory.
Fixes:
cc2683c318a5 ("usb: gadget: Provide a default implementation of default manufacturer string")
Cc: stable@vger.kernel.org
Signed-off-by: Andrew Gabbasov <andrew_gabbasov@mentor.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Haozhong Zhang [Tue, 10 Oct 2017 07:01:22 +0000 (15:01 +0800)]
KVM: nVMX: fix guest CR4 loading when emulating L2 to L1 exit
commit
8eb3f87d903168bdbd1222776a6b1e281f50513e upstream.
When KVM emulates an exit from L2 to L1, it loads L1 CR4 into the
guest CR4. Before this CR4 loading, the guest CR4 refers to L2
CR4. Because these two CR4's are in different levels of guest, we
should vmx_set_cr4() rather than kvm_set_cr4() here. The latter, which
is used to handle guest writes to its CR4, checks the guest change to
CR4 and may fail if the change is invalid.
The failure may cause trouble. Consider we start
a L1 guest with non-zero L1 PCID in use,
(i.e. L1 CR4.PCIDE == 1 && L1 CR3.PCID != 0)
and
a L2 guest with L2 PCID disabled,
(i.e. L2 CR4.PCIDE == 0)
and following events may happen:
1. If kvm_set_cr4() is used in load_vmcs12_host_state() to load L1 CR4
into guest CR4 (in VMCS01) for L2 to L1 exit, it will fail because
of PCID check. As a result, the guest CR4 recorded in L0 KVM (i.e.
vcpu->arch.cr4) is left to the value of L2 CR4.
2. Later, if L1 attempts to change its CR4, e.g., clearing VMXE bit,
kvm_set_cr4() in L0 KVM will think L1 also wants to enable PCID,
because the wrong L2 CR4 is used by L0 KVM as L1 CR4. As L1
CR3.PCID != 0, L0 KVM will inject GP to L1 guest.
Fixes:
4704d0befb072 ("KVM: nVMX: Exiting from L2 to L1")
Cc: qemu-stable@nongnu.org
Signed-off-by: Haozhong Zhang <haozhong.zhang@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Arnd Bergmann [Tue, 14 Mar 2017 12:18:45 +0000 (13:18 +0100)]
IB/qib: fix false-postive maybe-uninitialized warning
commit
f6aafac184a3e46e919769dd4faa8bf0dc436534 upstream.
aarch64-linux-gcc-7 complains about code it doesn't fully understand:
drivers/infiniband/hw/qib/qib_iba7322.c: In function 'qib_7322_txchk_change':
include/asm-generic/bitops/non-atomic.h:105:35: error: 'shadow' may be used uninitialized in this function [-Werror=maybe-uninitialized]
The code is right, and despite trying hard, I could not come up with a version
that I liked better than just adding a fake initialization here to shut up the
warning.
Fixes:
f931551bafe1 ("IB/qib: Add new qib driver for QLogic PCIe InfiniBand adapters")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Ira Weiny <ira.weiny@intel.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Pan Bian [Mon, 24 Apr 2017 10:29:16 +0000 (18:29 +0800)]
team: fix memory leaks
commit
72ec0bc64b9a5d8e0efcb717abfc757746b101b7 upstream.
In functions team_nl_send_port_list_get() and
team_nl_send_options_get(), pointer skb keeps the return value of
nlmsg_new(). When the call to genlmsg_put() fails, the memory is not
freed(). This will result in memory leak bugs.
Fixes:
9b00cf2d1024 ("team: implement multipart netlink messages for options transfers")
Signed-off-by: Pan Bian <bianpan2016@163.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Feras Daoud [Wed, 28 Dec 2016 12:47:24 +0000 (14:47 +0200)]
IB/ipoib: rtnl_unlock can not come after free_netdev
commit
89a3987ab7a923c047c6dec008e60ad6f41fac22 upstream.
The ipoib_vlan_add function calls rtnl_unlock after free_netdev,
rtnl_unlock not only releases the lock, but also calls netdev_run_todo.
The latter function browses the net_todo_list array and completes the
unregistration of all its net_device instances. If we call free_netdev
before rtnl_unlock, then netdev_run_todo call over the freed device causes
panic.
To fix, move rtnl_unlock call before free_netdev call.
Fixes:
9baa0b036410 ("IB/ipoib: Add rtnl_link_ops support")
Cc: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: Feras Daoud <ferasda@mellanox.com>
Signed-off-by: Erez Shitrit <erezsh@mellanox.com>
Reviewed-by: Yuval Shaia <yuval.shaia@oracle.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
satoru takeuchi [Tue, 12 Sep 2017 13:42:52 +0000 (22:42 +0900)]
btrfs: prevent to set invalid default subvolid
commit
6d6d282932d1a609e60dc4467677e0e863682f57 upstream.
`btrfs sub set-default` succeeds to set an ID which isn't corresponding to any
fs/file tree. If such the bad ID is set to a filesystem, we can't mount this
filesystem without specifying `subvol` or `subvolid` mount options.
Fixes:
6ef5ed0d386b ("Btrfs: add ioctl and incompat flag to set the default mount subvol")
Cc: <stable@vger.kernel.org>
Signed-off-by: Satoru Takeuchi <satoru.takeuchi@gmail.com>
Reviewed-by: Qu Wenruo <quwenruo.btrfs@gmx.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Bo Yan [Mon, 18 Sep 2017 17:03:35 +0000 (10:03 -0700)]
tracing: Erase irqsoff trace with empty write
commit
8dd33bcb7050dd6f8c1432732f930932c9d3a33e upstream.
One convenient way to erase trace is "echo > trace". However, this
is currently broken if the current tracer is irqsoff tracer. This
is because irqsoff tracer use max_buffer as the default trace
buffer.
Set the max_buffer as the one to be cleared when it's the trace
buffer currently in use.
Link: http://lkml.kernel.org/r/1505754215-29411-1-git-send-email-byan@nvidia.com
Cc: <mingo@redhat.com>
Cc: stable@vger.kernel.org
Fixes:
4acd4d00f ("tracing: give easy way to clear trace buffer")
Signed-off-by: Bo Yan <byan@nvidia.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Baohong Liu [Tue, 5 Sep 2017 21:57:19 +0000 (16:57 -0500)]
tracing: Apply trace_clock changes to instance max buffer
commit
170b3b1050e28d1ba0700e262f0899ffa4fccc52 upstream.
Currently trace_clock timestamps are applied to both regular and max
buffers only for global trace. For instance trace, trace_clock
timestamps are applied only to regular buffer. But, regular and max
buffers can be swapped, for example, following a snapshot. So, for
instance trace, bad timestamps can be seen following a snapshot.
Let's apply trace_clock timestamps to instance max buffer as well.
Link: http://lkml.kernel.org/r/ebdb168d0be042dcdf51f81e696b17fabe3609c1.1504642143.git.tom.zanussi@linux.intel.com
Cc: stable@vger.kernel.org
Fixes:
277ba0446 ("tracing: Add interface to allow multiple trace buffers")
Signed-off-by: Baohong Liu <baohong.liu@intel.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Dan Carpenter [Wed, 30 Aug 2017 13:30:35 +0000 (16:30 +0300)]
scsi: qla2xxx: Fix an integer overflow in sysfs code
commit
e6f77540c067b48dee10f1e33678415bfcc89017 upstream.
The value of "size" comes from the user. When we add "start + size" it
could lead to an integer overflow bug.
It means we vmalloc() a lot more memory than we had intended. I believe
that on 64 bit systems vmalloc() can succeed even if we ask it to
allocate huge 4GB buffers. So we would get memory corruption and likely
a crash when we call ha->isp_ops->write_optrom() and ->read_optrom().
Only root can trigger this bug.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=194061
Cc: <stable@vger.kernel.org>
Fixes:
b7cc176c9eb3 ("[SCSI] qla2xxx: Allow region-based flash-part accesses.")
Reported-by: shqking <shqking@gmail.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Stephan Mueller [Thu, 21 Sep 2017 08:16:53 +0000 (10:16 +0200)]
crypto: AF_ALG - remove SGL terminator indicator when chaining
commit
1d4ba7f963a93a2207fd103d4a36df1b5aeefea2 upstream.
Fixed differently upstream as commit
2d97591ef43d ("crypto: af_alg - consolidation of duplicate code")
The SGL is MAX_SGL_ENTS + 1 in size. The last SG entry is used for the
chaining and is properly updated with the sg_chain invocation. During
the filling-in of the initial SG entries, sg_mark_end is called for each
SG entry. This is appropriate as long as no additional SGL is chained
with the current SGL. However, when a new SGL is chained and the last
SG entry is updated with sg_chain, the last but one entry still contains
the end marker from the sg_mark_end. This end marker must be removed as
otherwise a walk of the chained SGLs will cause a NULL pointer
dereference at the last but one SG entry, because sg_next will return
NULL.
The patch only applies to all kernels up to and including 4.13. The
patch
2d97591ef43d0587be22ad1b0d758d6df4999a0b added to 4.14-rc1
introduced a complete new code base which addresses this bug in
a different way. Yet, that patch is too invasive for stable kernels
and was therefore not marked for stable.
Fixes:
8ff590903d5fc ("crypto: algif_skcipher - User-space interface for skcipher operations")
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Sabrina Dubroca [Wed, 4 Feb 2015 14:25:09 +0000 (15:25 +0100)]
ip6_gre: fix endianness errors in ip6gre_err
commit
d1e158e2d7a0a91110b206653f0e02376e809150 upstream.
info is in network byte order, change it back to host byte order
before use. In particular, the current code sets the MTU of the tunnel
to a wrong (too big) value.
Fixes:
c12b395a4664 ("gre: Support GRE over IPv6")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Eric Dumazet [Fri, 8 Sep 2017 22:48:47 +0000 (15:48 -0700)]
ipv6: fix typo in fib6_net_exit()
commit
32a805baf0fb70b6dbedefcd7249ac7f580f9e3b upstream.
IPv6 FIB should use FIB6_TABLE_HASHSZ, not FIB_TABLE_HASHSZ.
Fixes:
ba1cc08d9488 ("ipv6: fix memory leak with multiple tables during netns destruction")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Sabrina Dubroca [Fri, 8 Sep 2017 08:26:19 +0000 (10:26 +0200)]
ipv6: fix memory leak with multiple tables during netns destruction
commit
ba1cc08d9488c94cb8d94f545305688b72a2a300 upstream.
fib6_net_exit only frees the main and local tables. If another table was
created with fib6_alloc_table, we leak it when the netns is destroyed.
Fix this in the same way ip_fib_net_exit cleans up tables, by walking
through the whole hashtable of fib6_table's. We can get rid of the
special cases for local and main, since they're also part of the
hashtable.
Reproducer:
ip netns add x
ip -net x -6 rule add from 6003:1::/64 table 100
ip netns del x
Reported-by: Jianlin Shi <jishi@redhat.com>
Fixes:
58f09b78b730 ("[NETNS][IPV6] ip6_fib - make it per network namespace")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Arnd Bergmann [Wed, 23 Aug 2017 13:59:49 +0000 (15:59 +0200)]
qlge: avoid memcpy buffer overflow
commit
e58f95831e7468d25eb6e41f234842ecfe6f014f upstream.
gcc-8.0.0 (snapshot) points out that we copy a variable-length string
into a fixed length field using memcpy() with the destination length,
and that ends up copying whatever follows the string:
inlined from 'ql_core_dump' at drivers/net/ethernet/qlogic/qlge/qlge_dbg.c:1106:2:
drivers/net/ethernet/qlogic/qlge/qlge_dbg.c:708:2: error: 'memcpy' reading 15 bytes from a region of size 14 [-Werror=stringop-overflow=]
memcpy(seg_hdr->description, desc, (sizeof(seg_hdr->description)) - 1);
Changing it to use strncpy() will instead zero-pad the destination,
which seems to be the right thing to do here.
The bug is probably harmless, but it seems like a good idea to address
it in stable kernels as well, if only for the purpose of building with
gcc-8 without warnings.
Fixes:
a61f80261306 ("qlge: Add ethtool register dump function.")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Willy Tarreau <w@1wt.eu>
James Morse [Thu, 16 Mar 2017 14:30:39 +0000 (14:30 +0000)]
ACPI / APEI: Add missing synchronize_rcu() on NOTIFY_SCI removal
commit
7d64f82cceb21e6d95db312d284f5f195e120154 upstream.
When removing a GHES device notified by SCI, list_del_rcu() is used,
ghes_remove() should call synchronize_rcu() before it goes on to call
kfree(ghes), otherwise concurrent RCU readers may still hold this list
entry after it has been freed.
Signed-off-by: James Morse <james.morse@arm.com>
Reviewed-by: "Huang, Ying" <ying.huang@intel.com>
Fixes:
81e88fdc432a (ACPI, APEI, Generic Hardware Error Source POLL/IRQ/NMI notification type support)
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Takashi Iwai [Tue, 22 Aug 2017 06:15:13 +0000 (08:15 +0200)]
ALSA: core: Fix unexpected error at replacing user TLV
commit
88c54cdf61f508ebcf8da2d819f5dfc03e954d1d upstream.
When user tries to replace the user-defined control TLV, the kernel
checks the change of its content via memcmp(). The problem is that
the kernel passes the return value from memcmp() as is. memcmp()
gives a non-zero negative value depending on the comparison result,
and this shall be recognized as an error code.
The patch covers that corner-case, return 1 properly for the changed
TLV.
Fixes:
8aa9b586e420 ("[ALSA] Control API - more robust TLV implementation")
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Arnd Bergmann [Fri, 14 Jul 2017 09:31:03 +0000 (11:31 +0200)]
staging:iio:resolver:ad2s1210 fix negative IIO_ANGL_VEL read
commit
105967ad68d2eb1a041bc041f9cf96af2a653b65 upstream.
gcc-7 points out an older regression:
drivers/staging/iio/resolver/ad2s1210.c: In function 'ad2s1210_read_raw':
drivers/staging/iio/resolver/ad2s1210.c:515:42: error: '<<' in boolean context, did you mean '<' ? [-Werror=int-in-bool-context]
The original code had 'unsigned short' here, but incorrectly got
converted to 'bool'. This reverts the regression and uses a normal
type instead.
Fixes:
29148543c521 ("staging:iio:resolver:ad2s1210 minimal chan spec conversion.")
Cc: stable@vger.kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Willem de Bruijn [Thu, 10 Aug 2017 16:41:58 +0000 (12:41 -0400)]
packet: fix tp_reserve race in packet_set_ring
commit
c27927e372f0785f3303e8fad94b85945e2c97b7 upstream.
Updates to tp_reserve can race with reads of the field in
packet_set_ring. Avoid this by holding the socket lock during
updates in setsockopt PACKET_RESERVE.
This bug was discovered by syzkaller.
Fixes:
8913336a7e8d ("packet: add PACKET_RESERVE sockopt")
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Tejun Heo [Sun, 23 Jul 2017 12:36:15 +0000 (08:36 -0400)]
workqueue: implicit ordered attribute should be overridable
commit
0a94efb5acbb6980d7c9ab604372d93cd507e4d8 upstream.
5c0338c68706 ("workqueue: restore WQ_UNBOUND/max_active==1 to be
ordered") automatically enabled ordered attribute for unbound
workqueues w/ max_active == 1. Because ordered workqueues reject
max_active and some attribute changes, this implicit ordered mode
broke cases where the user creates an unbound workqueue w/ max_active
== 1 and later explicitly changes the related attributes.
This patch distinguishes explicit and implicit ordered setting and
overrides from attribute changes if implict.
Signed-off-by: Tejun Heo <tj@kernel.org>
Fixes:
5c0338c68706 ("workqueue: restore WQ_UNBOUND/max_active==1 to be ordered")
Cc: Holger Hoffstätte <holger@applied-asynchrony.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Mahesh Bandewar [Wed, 19 Jul 2017 22:41:33 +0000 (15:41 -0700)]
ipv4: initialize fib_trie prior to register_netdev_notifier call.
commit
8799a221f5944a7d74516ecf46d58c28ec1d1f75 upstream.
Net stack initialization currently initializes fib-trie after the
first call to netdevice_notifier() call. In fact fib_trie initialization
needs to happen before first rtnl_register(). It does not cause any problem
since there are no devices UP at this moment, but trying to bring 'lo'
UP at initialization would make this assumption wrong and exposes the issue.
Fixes following crash
Call Trace:
? alternate_node_alloc+0x76/0xa0
fib_table_insert+0x1b7/0x4b0
fib_magic.isra.17+0xea/0x120
fib_add_ifaddr+0x7b/0x190
fib_netdev_event+0xc0/0x130
register_netdevice_notifier+0x1c1/0x1d0
ip_fib_init+0x72/0x85
ip_rt_init+0x187/0x1e9
ip_init+0xe/0x1a
inet_init+0x171/0x26c
? ipv4_offload_init+0x66/0x66
do_one_initcall+0x43/0x160
kernel_init_freeable+0x191/0x219
? rest_init+0x80/0x80
kernel_init+0xe/0x150
ret_from_fork+0x22/0x30
Code: f6 46 23 04 74 86 4c 89 f7 e8 ae 45 01 00 49 89 c7 4d 85 ff 0f 85 7b ff ff ff 31 db eb 08 4c 89 ff e8 16 47 01 00 48 8b 44 24 38 <45> 8b 6e 14 4d 63 76 74 48 89 04 24 0f 1f 44 00 00 48 83 c4 08
RIP: kmem_cache_alloc+0xcf/0x1c0 RSP:
ffff9b1500017c28
CR2:
0000000000000014
Fixes:
7b1a74fdbb9e ("[NETNS]: Refactor fib initialization so it can handle multiple namespaces.")
Fixes:
7f9b80529b8a ("[IPV4]: fib hash|trie initialization")
Signed-off-by: Mahesh Bandewar <maheshb@google.com>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Leon Romanovsky [Thu, 29 Dec 2016 16:37:11 +0000 (18:37 +0200)]
net/mlx4: Remove BUG_ON from ICM allocation routine
commit
c1d5f8ff80ea84768f5fae1ca9d1abfbb5e6bbaa upstream.
This patch removes BUG_ON() macro from mlx4_alloc_icm_coherent()
by checking DMA address alignment in advance and performing proper
folding in case of error.
Fixes:
5b0bf5e25efe ("mlx4_core: Support ICM tables in coherent memory")
Reported-by: Ozgur Karatas <okaratas@member.fsf.org>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Tariq Toukan <tariqt@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Jin Yao [Thu, 8 Jun 2017 06:01:44 +0000 (14:01 +0800)]
perf annotate: Fix broken arrow at row 0 connecting jmp instruction to its target
commit
80f62589fa52f530cffc50e78c0b5a2ae572d61e upstream.
When the jump instruction is displayed at the row 0 in annotate view,
the arrow is broken. An example:
16.86 │ ┌──je 82
0.01 │ movsd (%rsp),%xmm0
│ movsd 0x8(%rsp),%xmm4
│ movsd 0x8(%rsp),%xmm1
│ movsd (%rsp),%xmm3
│ divsd %xmm4,%xmm0
│ divsd %xmm3,%xmm1
│ movsd (%rsp),%xmm2
│ addsd %xmm1,%xmm0
│ addsd %xmm2,%xmm0
│ movsd %xmm0,(%rsp)
│82: sub $0x1,%ebx
83.03 │ ↑ jne 38
│ add $0x10,%rsp
│ xor %eax,%eax
│ pop %rbx
│ ← retq
The patch increments the row number before checking with 0.
Signed-off-by: Yao Jin <yao.jin@linux.intel.com>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Kan Liang <kan.liang@intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: stable@vger.kernel.org
Fixes:
944e1abed9e1 ("perf ui browser: Add method to draw up/down arrow line")
Link: http://lkml.kernel.org/r/1496901704-30275-1-git-send-email-yao.jin@linux.intel.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>