1. 14 2月, 2016 5 次提交
    • L
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma · 7686e3c1
      Linus Torvalds 提交于
      Pull more rdma fixes from Doug Ledford:
       "I think we are getting pretty close to done now.  There are four
        one-off fixes in this update:
      
         - fix ipoib multicast joins
         - fix mlx4 error handling
         - fix mlx5 size computation
         - fix a thinko in core code"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma:
        IB/mlx5: Fix RC transport send queue overhead computation
        IB/ipoib: fix for rare multicast join race condition
        IB/core: Fix reading capability mask of the port info class
        net/mlx4: fix some error handling in mlx4_multi_func_init()
      7686e3c1
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending · 2f2e9f2d
      Linus Torvalds 提交于
      Pull SCSI target fixes from Nicholas Bellinger:
       "This includes the long awaited series to address a set of bugs around
        active I/O remote-port LUN_RESET, as well as properly handling this
        same case with concurrent fabric driver session disconnect ->
        reconnect.
      
        Note this set of LUN_RESET bug-fixes has been surviving extended
        testing on both v4.5-rc1 and v3.14.y code over the last weeks, and is
        CC'ed for stable as it's something folks using multiple ESX connected
        hosts with slow backends can certainly trigger.
      
        The highlights also include:
      
         - Fix WRITE_SAME/DISCARD emulation 4k sector conversion in
           target/iblock (Mike Christie)
      
         - Fix TMR abort interaction and AIO type TMR response in qla2xxx
           target (Quinn Tran + Swapnil Nagle)
      
         - Fix >= v3.17 stale descriptor pointer regression in qla2xxx target
           (Quinn Tran)
      
         - Fix >= v4.5-rc1 return regression with unmap_zeros_data_store new
           configfs store handler (nab)
      
         - Add CPU affinity flag + convert qla2xxx to use bit (Quinn + HCH +
           Bart)"
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending:
        qla2xxx: use TARGET_SCF_USE_CPUID flag to indiate CPU Affinity
        target/transport: add flag to indicate CPU Affinity is observed
        target: Fix incorrect unmap_zeroes_data_store return
        qla2xxx: Use ATIO type to send correct tmr response
        qla2xxx: Fix stale pointer access.
        target/user: Fix cast from pointer to phys_addr_t
        target: Drop legacy se_cmd->task_stop_comp + REQUEST_STOP usage
        target: Fix race with SCF_SEND_DELAYED_TAS handling
        target: Fix remote-port TMR ABORT + se_cmd fabric stop
        target: Fix TAS handling for multi-session se_node_acls
        target: Fix LUN_RESET active TMR descriptor handling
        target: Fix LUN_RESET active I/O handling for ACK_KREF
        qla2xxx: Fix TMR ABORT interaction issue between qla2xxx and TCM
        qla2xxx: Fix warning reported by static checker
        target: Fix WRITE_SAME/DISCARD conversion to linux 512b sectors
      2f2e9f2d
    • L
      Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/evalenti/linux-soc-thermal · 4617c220
      Linus Torvalds 提交于
      Pull thermal management fixes from Eduardo Valentin:
       "Specifics in this pull request:
      
         - Compilation fixes on SPEAR, and U8500 thermal drivers.
         - RCAR thermal driver now recognizes OF-thermal based thermal zones.
         - Small code rework on OF-thermal.
         - These change have been CI tested using KernelCI bot [1,2].  \o/
      
        I am taking over on Rui's behalf while he is out.  Happy New Chinese
        Year!
      
        [1] - https://kernelci.org/build/evalenti/kernel/v4.5-rc3-16-ga53b8394ec3c/
        [2] - https://kernelci.org/boot/all/job/evalenti/kernel/v4.5-rc3-16-ga53b8394ec3c/"
      
      * 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/evalenti/linux-soc-thermal:
        thermal: cpu_cooling: fix out of bounds access in time_in_idle
        thermal: allow u8500-thermal driver to be a module
        thermal: allow spear-thermal driver to be a module
        thermal: spear: use __maybe_unused for PM functions
        thermal: rcar: enable to use thermal-zone on DT
        thermal: of: use for_each_available_child_of_node for child iterator
      4617c220
    • L
      Merge tag 'sound-fix-4.5-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · b4e4334d
      Linus Torvalds 提交于
      Pull another sound fix from Takashi Iwai:
       "This contains a fix for the double-free of usb-audio MIDI device at
        probe failure"
      
      * tag 'sound-fix-4.5-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
        ALSA: usb-audio: avoid freeing umidi object twice
      b4e4334d
    • L
      Merge tag 'arc-4.5-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc · e835a65f
      Linus Torvalds 提交于
      Pull ARC fixes from Vineet Gupta:
       "I've been sitting on some of these fixes for a while.
      
         - Corner case of returning to delay slot from interrupt
         - Changing default interrupt prioiry level
         - Kconfig'ize support for super pages
         - Other minor fixes"
      
      * tag 'arc-4.5-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc:
        ARC: mm: Introduce explicit super page size support
        ARCv2: intc: Allow interruption by lowest priority interrupt
        ARCv2: Check for LL-SC livelock only if LLSC is enabled
        ARC: shrink cpuinfo by not saving full timer BCR
        ARCv2: clocksource: Rename GRTC -> GFRC ...
        ARCv2: STAR 9000950267: Handle return from intr to Delay Slot #2
      e835a65f
  2. 13 2月, 2016 13 次提交
    • A
      ALSA: usb-audio: avoid freeing umidi object twice · 07d86ca9
      Andrey Konovalov 提交于
      The 'umidi' object will be free'd on the error path by snd_usbmidi_free()
      when tearing down the rawmidi interface. So we shouldn't try to free it
      in snd_usbmidi_create() after having registered the rawmidi interface.
      
      Found by KASAN.
      Signed-off-by: NAndrey Konovalov <andreyknvl@gmail.com>
      Acked-by: NClemens Ladisch <clemens@ladisch.de>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NTakashi Iwai <tiwai@suse.de>
      07d86ca9
    • L
      Merge tag 'pci-v4.5-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci · 0cbb0b92
      Linus Torvalds 提交于
      Pull PCI fixes from Bjorn Helgaas:
       "These are some Renesas binding updates for PCI host controllers, a
        Broadcom fix for a regression we added in v4.5-rc1, and a fix for an
        AER use-after-free problem that can cause memory corruption.
      
        Summary:
      
        AER:
          Flush workqueue on device remove to avoid use-after-free (Sebastian Andrzej Siewior)
      
        Broadcom iProc host bridge driver:
          Allow multiple devices except on PAXC (Ray Jui)
      
        Renesas R-Car host bridge driver:
          Add gen2 device tree support for r8a7793 (Simon Horman)
          Add device tree support for r8a7793 (Simon Horman)"
      
      * tag 'pci-v4.5-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
        PCI: rcar: Add device tree support for r8a7793
        PCI: rcar: Add gen2 device tree support for r8a7793
        PCI: iproc: Allow multiple devices except on PAXC
        PCI/AER: Flush workqueue on device remove to avoid use-after-free
      0cbb0b92
    • L
      Merge branch 'akpm'(patches from Andrew) · 29f1bf34
      Linus Torvalds 提交于
      Merge fixes from Andrew Morton:
       "10 fixes"
      
      The lockdep hlist conversion is in the locking tree too, waiting for the
      next merge window.  Andrew thought it should go in now.  I'll take it,
      since it fixes a real problem and looks trivially correct (famous last
      words).
      
      * emailed patches from Andrew Morton <akpm@linux-foundation.org>:
        arch/x86/Kconfig: CONFIG_X86_UV should depend on CONFIG_EFI
        mm: fix pfn_t vs highmem
        kernel/locking/lockdep.c: convert hash tables to hlists
        mm,thp: fix spellos in describing __HAVE_ARCH_FLUSH_PMD_TLB_RANGE
        mm,thp: khugepaged: call pte flush at the time of collapse
        mm/backing-dev.c: fix error path in wb_init()
        mm, dax: check for pmd_none() after split_huge_pmd()
        vsprintf: kptr_restrict is okay in IRQ when 2
        mm: fix filemap.c kernel doc warning
        ubsan: cosmetic fix to Kconfig text
      29f1bf34
    • L
      IB/mlx5: Fix RC transport send queue overhead computation · 75c1657e
      Leon Romanovsky 提交于
      Fix the RC QPs send queue overhead computation to take into account
      two additional segments in the WQE which are needed for registration
      operations.
      
      The ATOMIC and UMR segments can't coexist together, so chose maximum out
      of them.
      
      The commit 9e65dc37 ("IB/mlx5: Fix RC transport send queue overhead
      computation") was intended to update RC transport as commit messages
      states, but added the code to UC transport.
      
      Fixes: 9e65dc37 ("IB/mlx5: Fix RC transport send queue overhead computation")
      Signed-off-by: NKamal Heib <kamalh@mellanox.com>
      Signed-off-by: NLeon Romanovsky <leonro@mellanox.com>
      Reviewed-by: NSagi Grimberg <sagig@mellanox.com>
      Signed-off-by: NDoug Ledford <dledford@redhat.com>
      75c1657e
    • A
      IB/ipoib: fix for rare multicast join race condition · 08bc3276
      Alex Estrin 提交于
      A narrow window for race condition still exist between
      multicast join thread and *dev_flush workers.
      A kernel crash caused by prolong erratic link state changes
      was observed (most likely a faulty cabling):
      
      [167275.656270] BUG: unable to handle kernel NULL pointer dereference at
      0000000000000020
      [167275.665973] IP: [<ffffffffa05f8f2e>] ipoib_mcast_join+0xae/0x1d0 [ib_ipoib]
      [167275.674443] PGD 0
      [167275.677373] Oops: 0000 [#1] SMP
      ...
      [167275.977530] Call Trace:
      [167275.982225]  [<ffffffffa05f92f0>] ? ipoib_mcast_free+0x200/0x200 [ib_ipoib]
      [167275.992024]  [<ffffffffa05fa1b7>] ipoib_mcast_join_task+0x2a7/0x490
      [ib_ipoib]
      [167276.002149]  [<ffffffff8109d5fb>] process_one_work+0x17b/0x470
      [167276.010754]  [<ffffffff8109e3cb>] worker_thread+0x11b/0x400
      [167276.019088]  [<ffffffff8109e2b0>] ? rescuer_thread+0x400/0x400
      [167276.027737]  [<ffffffff810a5aef>] kthread+0xcf/0xe0
      Here was a hit spot:
      ipoib_mcast_join() {
      ..............
            rec.qkey      = priv->broadcast->mcmember.qkey;
                                             ^^^^^^^
      .....
       }
      Proposed patch should prevent multicast join task to continue
      if link state change is detected.
      Signed-off-by: NAlex Estrin <alex.estrin@intel.com>
      
      Changes from v4:
      - as suggested by Doug Ledford, optimized spinlock usage,
      i.e. ipoib_mcast_join() is called with lock held.
      Changes from v3:
      - sync with priv->lock before flag check.
      Chages from v2:
      - Move check for OPER_UP flag state to mcast_join() to
      ensure no event worker is in progress.
      - minor style fixes.
      Changes from v1:
      - No need to lock again if error detected.
      Signed-off-by: NDoug Ledford <dledford@redhat.com>
      08bc3276
    • L
      Merge tag 'mmc-v4.5-rc2' of git://git.linaro.org/people/ulf.hansson/mmc · 5952cc77
      Linus Torvalds 提交于
      Pull MMC fixes from Ulf Hansson:
       "Here are some mmc fixes intended for v4.5 rc4.
      
        MMC core:
         - Fix an sysfs ABI regression
         - Return an error in a specific error path dealing with mmc ioctls
      
        MMC host:
         - sdhci-pci|acpi: Fix card detect race for Intel BXT/APL
         - sh_mmcif: Correct TX DMA channel allocation
         - mmc_spi: Fix error handling for dma mapping errors
         - sdhci-of-at91: Fix an unbalance issue for the runtime PM usage count
         - pxamci: Fix the device-tree probe deferral path
         - pxamci: Fix read-only GPIO polarity"
      
      * tag 'mmc-v4.5-rc2' of git://git.linaro.org/people/ulf.hansson/mmc:
        Revert "mmc: block: don't use parameter prefix if built as module"
        mmc: sdhci-acpi: Fix card detect race for Intel BXT/APL
        mmc: sdhci-pci: Fix card detect race for Intel BXT/APL
        mmc: sdhci: Allow override of get_cd() called from sdhci_request()
        mmc: sdhci: Allow override of mmc host operations
        mmc: sh_mmcif: Correct TX DMA channel allocation
        mmc: block: return error on failed mmc_blk_get()
        mmc: pxamci: fix the device-tree probe deferral path
        mmc: mmc_spi: add checks for dma mapping error
        mmc: sdhci-of-at91: fix pm runtime unbalanced issue in error path
        mmc: pxamci: fix again read-only gpio detection polarity
      5952cc77
    • L
      Merge tag 'sound-4.5-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · 0df34ad9
      Linus Torvalds 提交于
      Pull sound fixes from Takashi Iwai:
       "In this rc, we've got more volume than previous rc, unsurprisingly;
        the majority of updates in ASoC are about Intel drivers, and another
        major changes are the continued plumbing of ALSA timer bugs revealed
        by syzkaller fuzzer.  Hopefully both settle down now.
      
        Other than that, HD-audio received a couple of code fixes as well as
        the usual quirks, and various small fixes are found for FireWire
        devices, ASoC codecs and drivers"
      
      * tag 'sound-4.5-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (50 commits)
        ASoC: arizona: fref must be limited in pseudo-fractional mode
        ASoC: sigmadsp: Fix missleading return value
        ALSA: timer: Fix race at concurrent reads
        ALSA: firewire-digi00x: Drop bogus const type qualifier on dot_scrt()
        ALSA: hda - Fix bad dereference of jack object
        ALSA: timer: Fix race between stop and interrupt
        ALSA: timer: Fix wrong instance passed to slave callbacks
        ASoC: Intel: Add module tags for common match module
        ASoC: Intel: Load the atom DPCM driver only
        ASoC: Intel: Create independent acpi match module
        ASoC: Intel: Revert "ASoC: Intel: fix ACPI probe regression with Atom DPCM driver"
        ALSA: dummy: Implement timer backend switching more safely
        ALSA: hda - Fix speaker output from VAIO AiO machines
        Revert "ALSA: hda - Fix noise on Gigabyte Z170X mobo"
        ALSA: firewire-tascam: remove needless member for control and status message
        ALSA: firewire-tascam: remove a flag for controller
        ALSA: firewire-tascam: add support for FW-1804
        ALSA: firewire-tascam: fix NULL pointer dereference when model identification fails
        ALSA: hda - Fix static checker warning in patch_hdmi.c
        ASoC: Intel: Skylake: Remove autosuspend delay
        ...
      0df34ad9
    • L
      Merge tag 'fbdev-fixes-4.5' of git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linux · 14379cdc
      Linus Torvalds 提交于
      Pull fbdev fixes from Tomi Valkeinen:
       - fix omap2plus_defconfig to enable omapfb as it was in v4.4
       - ocfb: fix timings for margins
       - s6e8ax0, da8xx-fb: fix compile warnings
       - mmp: fix build failure caused by bad printk parameters
       - imxfb: fix clock issue which kept the display off
      
      * tag 'fbdev-fixes-4.5' of git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linux:
        video: fbdev: imxfb: Provide a reset mechanism
        fbdev: mmp: print IRQ resource using %pR format string
        fbdev: da8xx-fb: remove incorrect type cast
        fbdev: s6e8ax0: avoid unused function warnings
        ocfb: fix tgdel and tvdel timing parameters
        ARM: omap2plus_defconfig: update display configs
      14379cdc
    • L
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · 4c05121e
      Linus Torvalds 提交于
      Pull SCSI fixes from James Bottomley:
       "A set of seven fixes:
      
        Two regressions in the new hisi_sas arm driver, a blacklist entry for
        the marvell console which was causing a reset cascade without it, a
        race fix in the WRITE_SAME/DISCARD routines, a retry fix for the rdac
        driver, without which, it would prematurely return EIO and a couple of
        fixes for the hyper-v storvsc driver"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        block/sd: Return -EREMOTEIO when WRITE SAME and DISCARD are disabled
        SCSI: Add Marvell Console to VPD blacklist
        scsi_dh_rdac: always retry MODE SELECT on command lock violation
        storvsc: Use the specified target ID in device lookup
        storvsc: Install the storvsc specific timeout handler for FC devices
        hisi_sas: fix v1 hw check for slot error
        hisi_sas: add dependency for HAS_IOMEM
      4c05121e
    • L
      Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux · c747f97c
      Linus Torvalds 提交于
      Pull drm amd fixes from Dave Airlie:
       "Been pretty quiet.
      
        This is an amdgpu fixes pull from AMD, a bunch of powerplay stability
        fixes, race fix, hibernate fix, and a possible circular locking fix"
      
      * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: (21 commits)
        drm/amdgpu: fix issue with overlapping userptrs
        drm/radeon: hold reference to fences in radeon_sa_bo_new
        drm/amdgpu: remove unnecessary forward declaration
        drm/amdgpu: hold reference to fences in amdgpu_sa_bo_new (v2)
        drm/amdgpu: fix s4 resume
        drm/amdgpu/cz: plumb pg flags through to powerplay
        drm/amdgpu/tonga: plumb pg flags through to powerplay
        drma/dmgpu: move cg and pg flags into shared headers
        drm/amdgpu: remove unused cg defines
        drm/amdgpu: add a cgs interface to fetch cg and pg flags
        drm/amd/powerplay/tonga: disable vce pg
        drm/amd/powerplay/tonga: disable uvd pg
        drm/amd/powerplay/cz: disable vce pg
        drm/amd/powerplay/cz: disable uvd pg
        drm/amdgpu: be consistent with uvd cg flags
        drm/amdgpu: clean up vce pg flags for cz/st
        drm/amdgpu: handle vce pg flags properly
        drm/amdgpu: handle uvd pg flags properly
        drm/amdgpu/dpm/ci: switch over to the common pcie caps interface
        drm/amdgpu/cik: don't mess with aspm if gpu is root bus
        ...
      c747f97c
    • L
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security · df8c2723
      Linus Torvalds 提交于
      Pull crypto fix from James Morris.
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
        EVM: Use crypto_memneq() for digest comparisons
      df8c2723
    • L
      Merge branch 'for-linus-4.5' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs · 27c9d772
      Linus Torvalds 提交于
      Pull btrfs fixes from Chris Mason:
       "This has a few fixes from Filipe, along with a readdir fix from Dave
        that we've been testing for some time"
      
      * 'for-linus-4.5' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs:
        btrfs: properly set the termination value of ctx->pos in readdir
        Btrfs: fix hang on extent buffer lock caused by the inode_paths ioctl
        Btrfs: remove no longer used function extent_read_full_page_nolock()
        Btrfs: fix page reading in extent_same ioctl leading to csum errors
        Btrfs: fix invalid page accesses in extent_same (dedup) ioctl
      27c9d772
    • L
      Merge tag 'xfs-fixes-for-linus-4.5' of git://git.kernel.org/pub/scm/linux/kernel/git/dgc/linux-xfs · dfc85286
      Linus Torvalds 提交于
      Pull xfs fix from Dve Chinner:
       "This contains a fix for an endian conversion issue in new CRC
        validation in log recovery that was discovered on a ppc64 platform"
      
      * tag 'xfs-fixes-for-linus-4.5' of git://git.kernel.org/pub/scm/linux/kernel/git/dgc/linux-xfs:
        xfs: fix endianness error when checking log block crc on big endian platforms
      dfc85286
  3. 12 2月, 2016 18 次提交
  4. 11 2月, 2016 4 次提交
    • U
      Revert "mmc: block: don't use parameter prefix if built as module" · a5ebb87d
      Ulf Hansson 提交于
      This reverts commit 829b6962.
      
      Revert this change as it causes a sysfs path to change and therefore
      introduces and ABI regression. More precisely Android's vold is not being
      able to access /sys/module/mmcblk/parameters/perdev_minors any more, since
      the path becomes changed to: "/sys/module/mmc_block/..."
      
      Fixes: 829b6962 ("mmc: block: don't use parameter prefix if built as
      module")
      Reported-by: NJohn Stultz <john.stultz@linaro.org>
      Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
      Signed-off-by: NUlf Hansson <ulf.hansson@linaro.org>
      a5ebb87d
    • J
      thermal: cpu_cooling: fix out of bounds access in time_in_idle · a53b8394
      Javi Merino 提交于
      In __cpufreq_cooling_register() we allocate the arrays for time_in_idle
      and time_in_idle_timestamp to be as big as the number of cpus in this
      cpufreq device.  However, in get_load() we access this array using the
      cpu number as index, which can result in an out of bound access.
      
      Index time_in_idle{,_timestamp} using the index in the cpufreq_device's
      allowed_cpus mask, as we do for the load_cpu array in
      cpufreq_get_requested_power()
      Reported-by: NNicolas Boichat <drinkcat@chromium.org>
      Cc: Amit Daniel Kachhap <amit.kachhap@gmail.com>
      Cc: Zhang Rui <rui.zhang@intel.com>
      Cc: Eduardo Valentin <edubezval@gmail.com>
      Tested-by: NNicolas Boichat <drinkcat@chromium.org>
      Acked-by: NViresh Kumar <viresh.kumar@linaro.org>
      Signed-off-by: NJavi Merino <javi.merino@arm.com>
      Signed-off-by: NEduardo Valentin <edubezval@gmail.com>
      a53b8394
    • D
      btrfs: properly set the termination value of ctx->pos in readdir · bc4ef759
      David Sterba 提交于
      The value of ctx->pos in the last readdir call is supposed to be set to
      INT_MAX due to 32bit compatibility, unless 'pos' is intentially set to a
      larger value, then it's LLONG_MAX.
      
      There's a report from PaX SIZE_OVERFLOW plugin that "ctx->pos++"
      overflows (https://forums.grsecurity.net/viewtopic.php?f=1&t=4284), on a
      64bit arch, where the value is 0x7fffffffffffffff ie. LLONG_MAX before
      the increment.
      
      We can get to that situation like that:
      
      * emit all regular readdir entries
      * still in the same call to readdir, bump the last pos to INT_MAX
      * next call to readdir will not emit any entries, but will reach the
        bump code again, finds pos to be INT_MAX and sets it to LLONG_MAX
      
      Normally this is not a problem, but if we call readdir again, we'll find
      'pos' set to LLONG_MAX and the unconditional increment will overflow.
      
      The report from Victor at
      (http://thread.gmane.org/gmane.comp.file-systems.btrfs/49500) with debugging
      print shows that pattern:
      
       Overflow: e
       Overflow: 7fffffff
       Overflow: 7fffffffffffffff
       PAX: size overflow detected in function btrfs_real_readdir
         fs/btrfs/inode.c:5760 cicus.935_282 max, count: 9, decl: pos; num: 0;
         context: dir_context;
       CPU: 0 PID: 2630 Comm: polkitd Not tainted 4.2.3-grsec #1
       Hardware name: Gigabyte Technology Co., Ltd. H81ND2H/H81ND2H, BIOS F3 08/11/2015
        ffffffff81901608 0000000000000000 ffffffff819015e6 ffffc90004973d48
        ffffffff81742f0f 0000000000000007 ffffffff81901608 ffffc90004973d78
        ffffffff811cb706 0000000000000000 ffff8800d47359e0 ffffc90004973ed8
       Call Trace:
        [<ffffffff81742f0f>] dump_stack+0x4c/0x7f
        [<ffffffff811cb706>] report_size_overflow+0x36/0x40
        [<ffffffff812ef0bc>] btrfs_real_readdir+0x69c/0x6d0
        [<ffffffff811dafc8>] iterate_dir+0xa8/0x150
        [<ffffffff811e6d8d>] ? __fget_light+0x2d/0x70
        [<ffffffff811dba3a>] SyS_getdents+0xba/0x1c0
       Overflow: 1a
        [<ffffffff811db070>] ? iterate_dir+0x150/0x150
        [<ffffffff81749b69>] entry_SYSCALL_64_fastpath+0x12/0x83
      
      The jump from 7fffffff to 7fffffffffffffff happens when new dir entries
      are not yet synced and are processed from the delayed list. Then the code
      could go to the bump section again even though it might not emit any new
      dir entries from the delayed list.
      
      The fix avoids entering the "bump" section again once we've finished
      emitting the entries, both for synced and delayed entries.
      
      References: https://forums.grsecurity.net/viewtopic.php?f=1&t=4284Reported-by: NVictor <services@swwu.com>
      CC: stable@vger.kernel.org
      Signed-off-by: NDavid Sterba <dsterba@suse.com>
      Tested-by: NHolger Hoffstätte <holger.hoffstaette@googlemail.com>
      Signed-off-by: NChris Mason <clm@fb.com>
      bc4ef759
    • A
      mmc: sdhci-acpi: Fix card detect race for Intel BXT/APL · 6a645dd8
      Adrian Hunter 提交于
      Intel BXT/APL use a card detect GPIO however the host controller
      will not enable bus power unless it's card detect also reflects
      the presence of a card.  Unfortunately those 2 things race which
      can result in commands not starting, after which the controller
      does nothing and there is a 10 second wait for the driver's
      10-second timer to timeout.
      
      That is fixed by having the driver look also at the present state
      register to determine if the card is present.  Consequently, provide
      a 'get_cd' mmc host operation for BXT/APL that does that.
      Signed-off-by: NAdrian Hunter <adrian.hunter@intel.com>
      Cc: stable@vger.kernel.org # v4.4+
      Signed-off-by: NUlf Hansson <ulf.hansson@linaro.org>
      6a645dd8
反馈
建议
客服 返回
顶部