- 30 Nov, 2015 40 commits
-
-
Arnd Bergmann authored
commit 777d738a upstream. create_request_message() computes the maximum length of a message, but uses the wrong type for the time stamp: sizeof(struct timespec) may be 8 or 16 depending on the architecture, while sizeof(struct ceph_timespec) is always 8, and that is what gets put into the message. Found while auditing the uses of timespec for y2038 problems. Fixes: b8e69066 ("ceph: include time stamp in every MDS request") Signed-off-by:
Arnd Bergmann <arnd@arndb.de> Signed-off-by:
Yan, Zheng <zyan@redhat.com> Signed-off-by:
Kamal Mostafa <kamal@canonical.com>
-
Chuck Lever authored
commit 7b3d770c upstream. ib_req_notify_cq(IB_CQ_REPORT_MISSED_EVENTS) returns a positive value if WCs were added to a CQ after the last completion upcall but before the CQ has been re-armed. Commit 7f23f6f6 ("xprtrmda: Reduce lock contention in completion handlers") assumed that when ib_req_notify_cq() returned a positive RC, the CQ had also been successfully re-armed, making it safe to return control to the provider without losing any completion signals. That is an invalid assumption. Change both completion handlers to continue polling while ib_req_notify_cq() returns a positive value. Fixes: 7f23f6f6 ("xprtrmda: Reduce lock contention in ...") Signed-off-by:
Chuck Lever <chuck.lever@oracle.com> Reviewed-by:
Sagi Grimberg <sagig@mellanox.com> Reviewed-by:
Devesh Sharma <devesh.sharma@avagotech.com> Tested-By:
Anna Schumaker <Anna.Schumaker@Netapp.com> Signed-off-by:
-
Yinghai Lu authored
commit af86fa40 upstream. David reported that a T5-8 sparc system failed to boot with: pci_sun4v f02dbcfc: PCI host bridge to bus 0000:00 pci_bus 0000:00: root bus resource [io 0x804000000000-0x80400fffffff] (bus address [0x0000-0xfffffff]) pci_bus 0000:00: root bus resource [mem 0x800000000000-0x80007effffff] (bus address [0x00000000-0x7effffff]) pci 0000:00:01.0: can't claim BAR 15 [mem 0x100000000-0x4afffffff pref]: no compatible bridge window Note that we don't know about a host bridge aperture that contains BAR 15. OF does report a MEM64 aperture, but before this patch, pci_determine_mem_io_space() ignored it. Add support for host bridge apertures with 64-bit PCI addresses. Also set IORESOURCE_MEM_64 for PCI device and bridge resources in PCI 64-bit memory space. Sparc doesn't actually print the device and bridge resources, but after this patch, we should have the equivalent of this: pci_sun4v f02dbcfc: PCI host bridge to bus 0000:00 pci_bus 0000:00: root bus resource [io 0x804000000000-0x80400fffffff] (bus address [0x0000-0xfffffff]) pci_bus 0000:00: root bus resource [mem 0x800000000000-0x80007effffff] (bus address [0x00000000-0x7effffff]) pci_bus 0000:00: root bus resource [mem 0x800100000000-0x8007ffffffff] (bus address [0x100000000-0x7ffffffff]) pci 0000:00:01.0: bridge window [mem 0x800100000000-0x8004afffffff 64bit pref] [bhelgaas: changelog, URL to David's report] Fixes: d63e2e1f ("sparc/PCI: Clip bridge windows to fit in upstream windows") Link: http://lkml.kernel.org/r/5514391F.2030300@oracle.comReported-by:
David Ahern <david.ahern@oracle.com> Tested-by:
Khalid Aziz <khalid.aziz@oracle.com> Signed-off-by:
Yinghai Lu <yinghai@kernel.org> Signed-off-by:
Bjorn Helgaas <bhelgaas@google.com> Signed-off-by:
-
Florian Westphal authored
commit dbc3617f upstream. nfnetlink_bind request_module()s all the time as nfnetlink_get_subsys() shifts the argument by 8 to obtain the subsys id. So using type instead of type << 8 always returns NULL. Fixes: 03292745 ("netlink: add nlk->netlink_bind hook for module auto-loading") Signed-off-by:
Florian Westphal <fw@strlen.de> Signed-off-by:
Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by:
-
Masahiro Yamada authored
commit 3f5ceec9 upstream. fdt_translate_address() returns OF_BAD_ADDR on error. It is defined as a u64 value, so the variable "addr" should be defined as u64 as well. Fixes: fb11ffe7 ("of/fdt: add FDT serial scanning for earlycon") Signed-off-by:
Masahiro Yamada <yamada.masahiro@socionext.com> Signed-off-by:
Rob Herring <robh@kernel.org> Signed-off-by:
-
Munehisa Kamata authored
commit 94f9cd81 upstream. Commit 8b13eddf ("netfilter: refactor NAT redirect IPv4 to use it from nf_tables") has introduced a trivial logic change which can result in the following crash. BUG: unable to handle kernel NULL pointer dereference at 0000000000000030 IP: [<ffffffffa033002d>] nf_nat_redirect_ipv4+0x2d/0xa0 [nf_nat_redirect] PGD 3ba662067 PUD 3ba661067 PMD 0 Oops: 0000 [#1] SMP Modules linked in: ipv6(E) xt_REDIRECT(E) nf_nat_redirect(E) xt_tcpudp(E) iptable_nat(E) nf_conntrack_ipv4(E) nf_defrag_ipv4(E) nf_nat_ipv4(E) nf_nat(E) nf_conntrack(E) ip_tables(E) x_tables(E) binfmt_misc(E) xfs(E) libcrc32c(E) evbug(E) evdev(E) psmouse(E) i2c_piix4(E) i2c_core(E) acpi_cpufreq(E) button(E) ext4(E) crc16(E) jbd2(E) mbcache(E) dm_mirror(E) dm_region_hash(E) dm_log(E) dm_mod(E) CPU: 0 PID: 2536 Comm: ip Tainted: G E 4.1.7-15.23.amzn1.x86_64 #1 Hardware name: Xen HVM domU, BIOS 4.2.amazon 05/06/2015 task: ffff8800eb438000 ti: ffff8803ba664000 task.ti: ffff8803ba664000 [...] Call Trace: <IRQ> [<ffffffffa0334065>] redirect_tg4+0x15/0x20 [xt_REDIRECT] [<ffffffffa02e2e99>] ipt_do_table+0x2b9/0x5e1 [ip_tables] [<ffffffffa0328045>] iptable_nat_do_chain+0x25/0x30 [iptable_nat] [<ffffffffa031777d>] nf_nat_ipv4_fn+0x13d/0x1f0 [nf_nat_ipv4] [<ffffffffa0328020>] ? iptable_nat_ipv4_fn+0x20/0x20 [iptable_nat] [<ffffffffa031785e>] nf_nat_ipv4_in+0x2e/0x90 [nf_nat_ipv4] [<ffffffffa03280a5>] iptable_nat_ipv4_in+0x15/0x20 [iptable_nat] [<ffffffff81449137>] nf_iterate+0x57/0x80 [<ffffffff814491f7>] nf_hook_slow+0x97/0x100 [<ffffffff814504d4>] ip_rcv+0x314/0x400 unsigned int nf_nat_redirect_ipv4(struct sk_buff *skb, ... { ... rcu_read_lock(); indev = __in_dev_get_rcu(skb->dev); if (indev != NULL) { ifa = indev->ifa_list; newdst = ifa->ifa_local; <--- } rcu_read_unlock(); ... } Before the commit, 'ifa' had been always checked before access. After the commit, however, it could be accessed even if it's NULL. Interestingly, this was once fixed in 2003. http://marc.info/?l=netfilter-devel&m=106668497403047&w=2 In addition to the original one, we have seen the crash when packets that need to be redirected somehow arrive on an interface which hasn't been yet fully configured. This change just reverts the logic to the old behavior to avoid the crash. Fixes: 8b13eddf ("netfilter: refactor NAT redirect IPv4 to use it from nf_tables") Signed-off-by:
Munehisa Kamata <kamatam@amazon.com> Signed-off-by:
-
Sergei Shtylyov authored
commit 76d63c2b upstream. The "compatible" property text contradicts even the example given in the MMCIF binding document itself; moreover, the Renesas MMCIF driver only matches on the generic "compatible" string and doesn't look for the SoC specific strings at all. Thus describe "renesas,sh-mmcif" as a fallback value. Fixes: b4c27763 ("mmc: sh_mmcif: Document DT bindings") Signed-off-by:
Sergei Shtylyov <sergei.shtylyov@cogentembedded.com> Acked-by:
Geert Uytterhoeven <geert+renesas@glider.be> Signed-off-by:
Ulf Hansson <ulf.hansson@linaro.org> Signed-off-by:
-
Tony Lindgren authored
commit 75c08f17 upstream. Commit 68bab866 ("mfd: twl6040: Optional clk32k clock handling") added clock handling for the 32k clock from palmas-clk. However, that patch did not consider a typical situation where twl6040 is built-in, and palmas-clk is a loadable module like we have in omap2plus_defconfig. If palmas-clk is not loaded before twl6040 probes, we will get a "clk32k is not handled" warning during booting. This means that any drivers relying on this clock will mysteriously fail, including omap5-uevm WLAN and audio. Note that for WLAN, we probably should also eventually get the clk32kgaudio for MMC3 directly as that's shared between audio and WLAN SDIO at least for omap5-uevm. It seems the WLAN chip cannot get it as otherwise MMC3 won't get properly probed. Fixes: 68bab866 ("mfd: twl6040: Optional clk32k clock handling") Signed-off-by:
Tony Lindgren <tony@atomide.com> Reviewed-by:
Felipe Balbi <balbi@ti.com> Signed-off-by:
Lee Jones <lee.jones@linaro.org> Signed-off-by:
-
Ralf Baechle authored
commit f25319d2 upstream. Signed-off-by:
Ralf Baechle <ralf@linux-mips.org> Fixes: f24219b4 (cherry picked from commit f0a232cde7be18a207fd057dd79bbac8a0a45dec) Signed-off-by:
-
Linus Walleij authored
commit 7bdccef3 upstream. A static code checker found a memory leak in the Versatile ICST code. Fix it. Fixes: a183da63 "clk: versatile: respect parent rate in ICST clock" Reported-by:
Stephen Boyd <sboyd@codeaurora.org> Signed-off-by:
Linus Walleij <linus.walleij@linaro.org> Signed-off-by:
-
Arnd Bergmann authored
commit cc6a7aab upstream. The gss_key_timeout() function causes a harmless warning in some configurations, e.g. ARM imx_v6_v7_defconfig with gcc-5.2, if the compiler cannot figure out the state of the 'expire' variable across an rcu_read_unlock(): net/sunrpc/auth_gss/auth_gss.c: In function 'gss_key_timeout': net/sunrpc/auth_gss/auth_gss.c:1422:211: warning: 'expire' may be used uninitialized in this function [-Wmaybe-uninitialized] To avoid this warning without adding a bogus initialization, this rewrites the function so the comparison is done inside of the critical section. As a side-effect, it also becomes slightly easier to understand because the implementation now more closely resembles the comment above it. Signed-off-by:
J. Bruce Fields <bfields@redhat.com> Signed-off-by:
-
Takashi Sakamoto authored
commit fef586d5 upstream. In former commit, metering is supported for BeBoB based models customized by M-Audio. The data in transaction is aligned to big-endianness, while in the driver code u16 typed variable is assigned to the data. This causes sparse warnings. bebob_maudio.c:651:31: warning: cast to restricted __be16 bebob_maudio.c:651:31: warning: cast to restricted __be16 bebob_maudio.c:651:31: warning: cast to restricted __be16 bebob_maudio.c:651:31: warning: cast to restricted __be16 This commit fixes this bug by using __be16 variable for the data. Fixes: 3149ac48('ALSA: bebob: Add support for M-Audio special Firewire series') Signed-off-by:
Takashi Sakamoto <o-takashi@sakamocchi.jp> Signed-off-by:
Takashi Iwai <tiwai@suse.de> Signed-off-by:
-
Takashi Sakamoto authored
commit 463543ac upstream. In former commit, snd_efw_command_get_phys_meters() was added to handle metering data. The given buffer is used to save transaction result and to convert between endianness. But this causes sparse warnings. fireworks_command.c:269:25: warning: incorrect type in argument 1 (different base types) fireworks_command.c:269:25: expected unsigned int [usertype] *p fireworks_command.c:269:25: got restricted __be32 [usertype] * This commit fixes this bug. Fixes: bde8a8f2('ALSA: fireworks: Add transaction and some commands') Signed-off-by:
-
Takashi Sakamoto authored
commit cbc6f280 upstream. In former commit, u32 data was assigned to __be32 variable instead of an int variable. This is not enough solution because it still causes sparse warnings. dice.c:80:23: warning: incorrect type in assignment (different base types) dice.c:80:23: expected restricted __be32 [usertype] value dice.c:80:23: got unsigned int dice.c:81:21: warning: restricted __be32 degrades to integer dice.c:81:46: warning: restricted __be32 degrades to integer This commit fixes this bug. Fixes: 7c2d4c0c('ALSA: dice: Split transaction functionality into a file') Signed-off-by:
-
Takashi Sakamoto authored
commit 3e93d42a upstream. Some local variables in some functions are typed as unsigned int, while __be32 value is assigned to them. This causes sparse warnings. dice-stream.c:50:17: warning: incorrect type in assignment (different base types) dice-stream.c:50:17: expected unsigned int [unsigned] channel dice-stream.c:50:17: got restricted __be32 [usertype] <noident> dice-stream.c:74:17: warning: incorrect type in assignment (different base types) dice-stream.c:74:17: expected unsigned int [unsigned] channel dice-stream.c:74:17: got restricted __be32 [usertype] <noident> This commit fixes this bug. Fixes: 288a8d0c('ALSA: dice: Change the way to start stream') Signed-off-by:
-
Lukas Wunner authored
commit 3c67d839 upstream. In its original version, drm_framebuffer_init() returned a negative int if drm_mode_object_get() failed (f453ba04, "DRM: add mode setting support"). This was accidentally disabled by commit 4b096ac1 ("drm: revamp locking around fb creation/destruction"). Thus, drm_framebuffer_init() pretends success if drm_mode_object_get() failed. Reinstate the original behaviour. Also fix erroneous kernel-doc of drm_mode_object_get(). Fixes: 4b096ac1 ("drm: revamp locking around fb creation/ destruction") Cc: Daniel Vetter <daniel.vetter@ffwll.ch> Signed-off-by:
Lukas Wunner <lukas@wunner.de> Signed-off-by:
Daniel Vetter <daniel.vetter@ffwll.ch> Signed-off-by:
-
Takashi Sakamoto authored
commit df483388 upstream. When committed to upstream, these four modules had wrong entries for Makefile. This forces them to be loadable modules even if they're set as built-in. This commit fixes this bug. Fixes: b5b04336('ALSA: fireworks: Add skelton for Fireworks based devices') Fixes: fd6f4b0d('ALSA: bebob: Add skelton for BeBoB based devices') Fixes: 1a4e39c2('ALSA: oxfw: Move to its own directory') Fixes: 14ff6a09('ALSA: dice: Move file to its own directory') Signed-off-by:
-
Arnd Bergmann authored
commit 54c09889 upstream. The z2 machine calls pxa27x_set_pwrmode() in order to power off the machine, but this function gets discarded early at boot because it is marked __init, as pointed out by kbuild: WARNING: vmlinux.o(.text+0x145c4): Section mismatch in reference from the function z2_power_off() to the function .init.text:pxa27x_set_pwrmode() The function z2_power_off() references the function __init pxa27x_set_pwrmode(). This is often because z2_power_off lacks a __init annotation or the annotation of pxa27x_set_pwrmode is wrong. This removes the __init section modifier to fix rebooting and the build error. Signed-off-by:
Robert Jarzmik <robert.jarzmik@free.fr> Signed-off-by:
-
Charles Keepax authored
commit ce938001 upstream. The LDO1 driver is using the arizona_of_get_named_gpio helper function which will return 0 if an error was encountered whilst parsing the GPIO, as under the pdata scheme 0 was not being treated as a valid GPIO. However, since the regulator framework was expanded to allow the use of GPIO 0 this causes us to attempt to register GPIO 0 when we encountered an error parsing the device tree. This patch uses of_get_named_gpio directly and sets the ena_gpio_initialized flag based on the return value. Fixes: 1de3821a ("regulator: Set ena_gpio_initialized in regulator drivers") Signed-off-by:
Charles Keepax <ckeepax@opensource.wolfsonmicro.com> Signed-off-by:
Mark Brown <broonie@kernel.org> Signed-off-by:
-
Roger Quadros authored
commit e74eba04 upstream. The error handling path is broken as cawake_gpio was defined as unsigned integer causing the following warnings on boards that don't use SSI port and so don't have cawake_gpio defined. e.g. beagleboard C4. [ 30.094635] WARNING: CPU: 0 PID: 322 at drivers/gpio/gpiolib.c:86 gpio_to_desc+0xa4/0xb8() [ 30.103363] invalid GPIO -2 [ 30.106292] Modules linked in: omap_ssi_port(+) cpufreq_dt cfbfillrect cfbimgblt leds_gpio cfbcopyarea thermal_sys led_class hwmon gpio_keys encoder_tfp410 connector_analog_tv connector_dvi omap_hdq snd phy_i [ 30.145477] CPU: 0 PID: 322 Comm: modprobe Not tainted 4.3.0-rc4-00030-gca978c0-dirty #335 [ 30.154174] Hardware name: Generic OMAP3-GP (Flattened Device Tree) [ 30.160827] [<c0016ef4>] (unwind_backtrace) from [<c00131f4>] (show_stack+0x10/0x14) [ 30.168975] [<c00131f4>] (show_stack) from [<c033cf08>] (dump_stack+0x80/0x9c) [ 30.176635] [<c033cf08>] (dump_stack) from [<c003e920>] (warn_slowpath_common+0x7c/0xb8) [ 30.185180] [<c003e920>] (warn_slowpath_common) from [<c003e9f0>] (warn_slowpath_fmt+0x30/0x40) [ 30.194366] [<c003e9f0>] (warn_slowpath_fmt) from [<c0376314>] (gpio_to_desc+0xa4/0xb8) [ 30.202819] [<c0376314>] (gpio_to_desc) from [<c0376ac8>] (gpio_request_one+0x14/0x11c) [ 30.211273] [<c0376ac8>] (gpio_request_one) from [<c037370c>] (devm_gpio_request_one+0x3c/0x78) [ 30.220458] [<c037370c>] (devm_gpio_request_one) from [<bf184210>] (ssi_port_probe+0x118/0x504 [omap_ssi_port]) [ 30.231170] [<bf184210>] (ssi_port_probe [omap_ssi_port]) from [<c03d4cfc>] (platform_drv_probe+0x48/0xa4) [ 30.241424] [<c03d4cfc>] (platform_drv_probe) from [<c03d3678>] (driver_probe_device+0x1dc/0x2a0) [ 30.250793] [<c03d3678>] (driver_probe_device) from [<c03d37d0>] (__driver_attach+0x94/0x98) [ 30.259643] [<c03d37d0>] (__driver_attach) from [<c03d1d60>] (bus_for_each_dev+0x54/0x88) [ 30.268249] [<c03d1d60>] (bus_for_each_dev) from [<c03d2d50>] (bus_add_driver+0xe8/0x1f8) [ 30.276916] [<c03d2d50>] (bus_add_driver) from [<c03d4118>] (driver_register+0x78/0xf4) [ 30.285369] [<c03d4118>] (driver_register) from [<c03d5380>] (__platform_driver_probe+0x34/0xd8) [ 30.294647] [<c03d5380>] (__platform_driver_probe) from [<c00097e4>] (do_one_initcall+0x80/0x1d8) [ 30.303985] [<c00097e4>] (do_one_initcall) from [<c011617c>] (do_init_module+0x5c/0x1cc) [ 30.312561] [<c011617c>] (do_init_module) from [<c00c7a68>] (load_module+0x18c8/0x1f0c) [ 30.320983] [<c00c7a68>] (load_module) from [<c00c8188>] (SyS_init_module+0xdc/0x150) [ 30.329223] [<c00c8188>] (SyS_init_module) from [<c000f7e0>] (ret_fast_syscall+0x0/0x1c) Fixes: b209e047 ("HSI: Introduce OMAP SSI driver") Signed-off-by:
Roger Quadros <rogerq@ti.com> Signed-off-by:
Sebastian Reichel <sre@kernel.org> Signed-off-by:
-
Geliang Tang authored
commit f098a045 upstream. When device_register() fails, kfree() is called in hsi_client_release(), hence there is no need to call kfree in err3 again. Fixes: a2aa2473 ("HSI: Add common DT binding for HSI client devices") Signed-off-by:
Geliang Tang <geliangtang@163.com> Signed-off-by:
-
Sifan Naeem authored
commit 58b0497d upstream. The requested bit rate can be outside the range supported by the driver. The maximum bit rate this driver supports at the moment is 400Khz. If the requested bit rate is larger than the maximum supported by the driver, set the bitrate to the maximum supported before bitrate_khz is calculated. Maximum speed supported by the driver can be increased to 1Mhz by adding support for "fast plus mode" in the future. Fixes: commit 27bce457 ("i2c: img-scb: Add Imagination Technologies I2C SCB driver") Signed-off-by:
Sifan Naeem <sifan.naeem@imgtec.com> Acked-by:
James Hogan <james.hogan@imgtec.com> Reviewed-by:
James Hartley <james.hartley@imgtec.com> Signed-off-by:
Wolfram Sang <wsa@the-dreams.de> Signed-off-by:
-
Sifan Naeem authored
commit 1ed6faed upstream. Clear line status and all generated interrupts from the interrupt status register before starting a transfer, as we may have unserviced interrupts from previous transfers that might be handled in the context of the new transfer. Fixes: commit 27bce457 ("i2c: img-scb: Add Imagination Technologies I2C SCB driver") Signed-off-by:
-
Sifan Naeem authored
commit 987008db upstream. Currently, after determining the minimum value for the High period (TCKH) the remainder of the internal clock pulses is set as the Low period (TCKL). This causes the i2c clock duty cycle to be much less than 50%. Modify the starting position to TCKH and TCKL at 50% of the internal clock, and adjusts the TCKH and TCKL values from there should the minimum value for TCKL not be met. This results in duty cycles closer to 50%. Fixes: commit 27bce457 ("i2c: img-scb: Add Imagination Technologies I2C SCB driver") Signed-off-by:
-
Sifan Naeem authored
commit 5728d95f upstream. Using % can be slow depending on the architecture. Using DIV_ROUND_UP is nicer and more efficient way to do it. Fixes: commit 27bce457 ("i2c: img-scb: Add Imagination Technologies I2C SCB driver") Signed-off-by:
-
Sifan Naeem authored
commit 2aefb1bd upstream. Move scb_wr_rd_fence to before reading from fifo and writing to fifo to make sure the the first read/write is done after the required number of cycles. Fixes: commit 27bce457 ("i2c: img-scb: Add Imagination Technologies I2C SCB driver") Signed-off-by:
-
Sifan Naeem authored
commit 0e59378b upstream. The code to read from the master read fifo, and write to the master write fifo, checks a bit in an SCB register before every byte to ensure that the fifo is not full (write fifo) or empty (read fifo). Due to clock domain crossing inside the SCB block the updated value of this bit is only visible after 2 cycles. The scb_wr_rd_fence() function does 2 dummy writes (to the read-only revision register), and it's called before reading from or writing to the fifos to ensure that subsequent reads of the fifo status bits do not read stale values. As the 2 dummy writes are required in all versions of the ip, the version check is dropped. Fixes: commit 27bce457 ("i2c: img-scb: Add Imagination Technologies I2C SCB driver") Signed-off-by:
-
Eric W. Biederman authored
commit 850dcc4d upstream. After a packet has been encapsulated by a tunnel we should use the tunnel sockets local multicast loopback flag to control if the encapsulated packet should be locally loopback back. Pass sk into ip_local_out_sk so that in the rare case we are dealing with a tunneled packet whose tunnel destination address is a multicast address the kernel properly decides to loopback this packet. In practice I don't think this matters as ip_queue_xmit is used by tcp, l2tp and sctp none of which I am aware of uses ip level multicasting as they are all point to point communications protocols. Let's fix this before someone uses ip_queue_xmit for a tunnel protocol that does use multicast. Fixes: aad88724 ("ipv4: add a sock pointer to dst->output() path.") Fixes: b0270e91 ("ipv4: add a sock pointer to ip_queue_xmit()") Signed-off-by:
"Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by:
David S. Miller <davem@davemloft.net> Signed-off-by:
-
Flavio Leitner authored
commit 0647e708 upstream. Remove __nf_conntrack_find() from headers. Fixes: dcd93ed4 ("netfilter: nf_conntrack: remove dead code") Signed-off-by:
Flavio Leitner <fbl@sysclose.org> Signed-off-by:
-
Dan Carpenter authored
commit 1f35d04a upstream. The iomap[] array has PCIM_IOMAP_MAX (6) elements and not DEVICE_COUNT_RESOURCE (16). This bug was found using a static checker. It may be that the "if (!(mask & (1 << i)))" check means we never actually go past the end of the array in real life. Fixes: ec04b075 ('iomap: implement pcim_iounmap_regions()') Signed-off-by:
Dan Carpenter <dan.carpenter@oracle.com> Acked-by:
Tejun Heo <tj@kernel.org> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by:
-
Jonas Gorski authored
commit db1319e1 upstream. Commit d445913c ("usb: ehci-orion: add optional PHY support") added support for optional phys, but devm_phy_optional_get returns -ENOSYS if GENERIC_PHY is not enabled. This causes probe failures, even when there are no phys specified: [ 1.443365] orion-ehci f1058000.usb: init f1058000.usb fail, -38 [ 1.449403] orion-ehci: probe of f1058000.usb failed with error -38 Similar to dwc3, treat -ENOSYS as no phy. Fixes: d445913c ("usb: ehci-orion: add optional PHY support") Signed-off-by:
Jonas Gorski <jogo@openwrt.org> Acked-by:
Alan Stern <stern@rowland.harvard.edu> Signed-off-by:
-
Ezequiel Garcia authored
commit a5d42b8c upstream. When the diver is removed and all the resources are deallocated, we should be iterating through the created devices only. Currently, the iteration ends when vivid_devs[i] is NULL. Since the array contains VIVID_MAX_DEVS elements, it will oops if n_devs=VIVID_MAX_DEVS because in that case, no element is NULL. Fixes: c88a96b0 ('[media] vivid: add core driver code') Signed-off-by:
Ezequiel Garcia <ezequiel@vanguardiasur.com.ar> Signed-off-by:
Mauro Carvalho Chehab <mchehab@osg.samsung.com> Signed-off-by:
-
Eric Dumazet authored
commit 38cb5245 upstream. This fixes a typo : We want to store the NAPI id on child socket. Presumably nobody really uses busy polling, on short lived flows. Fixes: 3d97379a ("tcp: move sk_mark_napi_id() at the right place") Signed-off-by:
Eric Dumazet <edumazet@google.com> Signed-off-by:
-
Andy Shevchenko authored
commit 39416677 upstream. We replace __fls() by __ffs() since we have to find a *minimum* data width that satisfies both source and destination. While here, rename dwc_fast_fls() to dwc_fast_ffs() which it really is. Fixes: 4c2d56c5 (dw_dmac: introduce dwc_fast_fls()) Signed-off-by:
Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by:
Vinod Koul <vinod.koul@intel.com> Signed-off-by:
-
Dan Carpenter authored
commit 1f9c6e1b upstream. There were several bugs here. 1) The done label was in the wrong place so we didn't copy any information out when there was no command given. 2) We were using PAGE_SIZE as the size of the buffer instead of "PAGE_SIZE - pos". 3) snprintf() returns the number of characters that would have been printed if there were enough space. If there was not enough space (and we had fixed the memory corruption bug #2) then it would result in an information leak when we do simple_read_from_buffer(). I've changed it to use scnprintf() instead. I also removed the initialization at the start of the function, because I thought it made the code a little more clear. Fixes: 5e6e3a92 ('wireless: mwifiex: initial commit for Marvell mwifiex driver') Signed-off-by:
Amitkumar Karwar <akarwar@marvell.com> Signed-off-by:
Kalle Valo <kvalo@codeaurora.org> Signed-off-by:
-
Valentin Rothberg authored
commit 90adf98d upstream. Since commit 1c6c6952 ("genirq: Reject bogus threaded irq requests") threaded IRQs without a primary handler need to be requested with IRQF_ONESHOT, otherwise the request will fail. scripts/coccinelle/misc/irqf_oneshot.cocci detected this issue. Fixes: b5874f33 ("wm831x_power: Use genirq") Signed-off-by:
Valentin Rothberg <valentinrothberg@gmail.com> Signed-off-by:
-
Nicolas Iooss authored
commit 97bce7e0 upstream. Module crc32c-intel uses a special read-only data section named .rotata. This section is defined for K_table, and its name seems to be a spelling mistake for .rodata. Fixes: 473946e6 ("crypto: crc32c-pclmul - Shrink K_table to 32-bit words") Signed-off-by:
Nicolas Iooss <nicolas.iooss_linux@m4x.org> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by:
-
Lu, Han authored
commit e2656412 upstream. Broxton and Skylake have the same behavior on display audio. So this patch applys Skylake fix-ups to Broxton. Signed-off-by:
Lu, Han <han.lu@intel.com> Signed-off-by:
-
Eric Biggers authored
commit 6ae08069 upstream. pipe_write() would return 0 if it failed to merge the beginning of the data to write with the last, partially filled pipe buffer. It should return an error code instead. Userspace programs could be confused by write() returning 0 when called with a nonzero 'count'. The EFAULT error case was a regression from f0d1bec9 ("new helper: copy_page_from_iter()"), while the ops->confirm() error case was a much older bug. Test program: #include <assert.h> #include <errno.h> #include <unistd.h> int main(void) { int fd[2]; char data[1] = {0}; assert(0 == pipe(fd)); assert(1 == write(fd[1], data, 1)); /* prior to this patch, write() returned 0 here */ assert(-1 == write(fd[1], NULL, 1)); assert(errno == EFAULT); } Signed-off-by:
Eric Biggers <ebiggers3@gmail.com> Signed-off-by:
Al Viro <viro@zeniv.linux.org.uk> Signed-off-by:
-
Maciej W. Rozycki authored
commit b582ef5c upstream. Do not clobber the buffer space passed from `search_binary_handler' and originally preloaded by `prepare_binprm' with the executable's file header by overwriting it with its interpreter's file header. Instead keep the buffer space intact and directly use the data structure locally allocated for the interpreter's file header, fixing a bug introduced in 2.1.14 with loadable module support (linux-mips.org commit beb11695 [Import of Linux/MIPS 2.1.14], predating kernel.org repo's history). Adjust the amount of data read from the interpreter's file accordingly. This was not an issue before loadable module support, because back then `load_elf_binary' was executed only once for a given ELF executable, whether the function succeeded or failed. With loadable module support supported and enabled, upon a failure of `load_elf_binary' -- which may for example be caused by architecture code rejecting an executable due to a missing hardware feature requested in the file header -- a module load is attempted and then the function reexecuted by `search_binary_handler'. With the executable's file header replaced with its interpreter's file header the executable can then be erroneously accepted in this subsequent attempt. Signed-off-by:
Maciej W. Rozycki <macro@imgtec.com> Signed-off-by:
-
