- 01 7月, 2017 4 次提交
-
-
由 Kees Cook 提交于
Some function pointer structures are used externally to the kernel, like the paravirt structures. These should never be randomized, so mark them as such, in preparation for enabling randstruct's automatic selection of all-function-pointer structures. These markings are verbatim from Brad Spengler/PaX Team's code in the last public patch of grsecurity/PaX based on my understanding of the code. Changes or omissions from the original code are mine and don't reflect the original grsecurity/PaX code. Signed-off-by: NKees Cook <keescook@chromium.org>
-
由 Kees Cook 提交于
This marks most of the layout of task_struct as randomizable, but leaves thread_info and scheduler state untouched at the start, and thread_struct untouched at the end. Other parts of the kernel use unnamed structures, but the 0-day builder using gcc-4.4 blows up on static initializers. Officially, it's documented as only working on gcc 4.6 and later, which further confuses me: https://gcc.gnu.org/wiki/C11Status The structure layout randomization already requires gcc 4.7, but instead of depending on the plugin being enabled, just check the gcc versions for wider build testing. At Linus's suggestion, the marking is hidden in a macro to reduce how ugly it looks. Additionally, indenting is left unchanged since it would make things harder to read. Randomization of task_struct is modified from Brad Spengler/PaX Team's code in the last public patch of grsecurity/PaX based on my understanding of the code. Changes or omissions from the original code are mine and don't reflect the original grsecurity/PaX code. Cc: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: NKees Cook <keescook@chromium.org>
-
由 Kees Cook 提交于
This marks many critical kernel structures for randomization. These are structures that have been targeted in the past in security exploits, or contain functions pointers, pointers to function pointer tables, lists, workqueues, ref-counters, credentials, permissions, or are otherwise sensitive. This initial list was extracted from Brad Spengler/PaX Team's code in the last public patch of grsecurity/PaX based on my understanding of the code. Changes or omissions from the original code are mine and don't reflect the original grsecurity/PaX code. Left out of this list is task_struct, which requires special handling and will be covered in a subsequent patch. Signed-off-by: NKees Cook <keescook@chromium.org>
-
由 Arnd Bergmann 提交于
With the new task struct randomization, we can run into a build failure for certain random seeds, which will place fields beyond the allow immediate size in the assembly: arch/arm/kernel/entry-armv.S: Assembler messages: arch/arm/kernel/entry-armv.S:803: Error: bad immediate value for offset (4096) Only two constants in asm-offset.h are affected, and I'm changing both of them here to work correctly in all configurations. One more macro has the problem, but is currently unused, so this removes it instead of adding complexity. Suggested-by: NArd Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: NArnd Bergmann <arnd@arndb.de> [kees: Adjust commit log slightly] Signed-off-by: NKees Cook <keescook@chromium.org>
-
- 23 6月, 2017 5 次提交
-
-
由 Kees Cook 提交于
The NIU ethernet driver intentionally stores a page struct pointer on top of the "mapping" field. Whitelist this case: drivers/net/ethernet/sun/niu.c: In function ‘niu_rx_pkt_ignore’: drivers/net/ethernet/sun/niu.c:3402:10: note: found mismatched ssa struct pointer types: ‘struct page’ and ‘struct address_space’ *link = (struct page *) page->mapping; ~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Cc: David S. Miller <davem@davemloft.net> Signed-off-by: NKees Cook <keescook@chromium.org>
-
由 Kees Cook 提交于
The big_key payload structure intentionally stores a struct path in two void pointers to avoid header soup. Whitelist this case: security/keys/big_key.c: In function ‘big_key_read’: security/keys/big_key.c:293:16: note: found mismatched rhs struct pointer types: ‘struct path’ and ‘void *’ struct path *path = (struct path *)&key->payload.data[big_key_path]; ^~~~ Cc: David Howells <dhowells@redhat.com> Signed-off-by: NKees Cook <keescook@chromium.org>
-
由 Kees Cook 提交于
This is another false positive in bad cast detection: net/unix/af_unix.c: In function ‘unix_skb_scm_eq’: net/unix/af_unix.c:1621:31: note: found mismatched rhs struct pointer types: ‘struct unix_skb_parms’ and ‘char’ const struct unix_skb_parms *u = &UNIXCB(skb); ^ UNIXCB is: #define UNIXCB(skb) (*(struct unix_skb_parms *)&((skb)->cb)) And ->cb is: char cb[48] __aligned(8); This is a rather crazy cast, but appears to be safe in the face of randomization, so whitelist it in the plugin. Cc: Hannes Frederic Sowa <hannes@stressinduktion.org> Cc: David S. Miller <davem@davemloft.net> Signed-off-by: NKees Cook <keescook@chromium.org>
-
由 Kees Cook 提交于
The LSM initialization routines walk security_hook_heads as an array of struct list_head instead of via names to avoid a ton of needless source. Whitelist this to avoid the false positive warning from the plugin: security/security.c: In function ‘security_init’: security/security.c:59:20: note: found mismatched op0 struct pointer types: ‘struct list_head’ and ‘struct security_hook_heads’ struct list_head *list = (struct list_head *) &security_hook_heads; ^ Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Cc: James Morris <james.l.morris@oracle.com> Signed-off-by: NKees Cook <keescook@chromium.org>
-
由 Kees Cook 提交于
This randstruct plugin is modified from Brad Spengler/PaX Team's code in the last public patch of grsecurity/PaX based on my understanding of the code. Changes or omissions from the original code are mine and don't reflect the original grsecurity/PaX code. The randstruct GCC plugin randomizes the layout of selected structures at compile time, as a probabilistic defense against attacks that need to know the layout of structures within the kernel. This is most useful for "in-house" kernel builds where neither the randomization seed nor other build artifacts are made available to an attacker. While less useful for distribution kernels (where the randomization seed must be exposed for third party kernel module builds), it still has some value there since now all kernel builds would need to be tracked by an attacker. In more performance sensitive scenarios, GCC_PLUGIN_RANDSTRUCT_PERFORMANCE can be selected to make a best effort to restrict randomization to cacheline-sized groups of elements, and will not randomize bitfields. This comes at the cost of reduced randomization. Two annotations are defined,__randomize_layout and __no_randomize_layout, which respectively tell the plugin to either randomize or not to randomize instances of the struct in question. Follow-on patches enable the auto-detection logic for selecting structures for randomization that contain only function pointers. It is disabled here to assist with bisection. Since any randomized structs must be initialized using designated initializers, __randomize_layout includes the __designated_init annotation even when the plugin is disabled so that all builds will require the needed initialization. (With the plugin enabled, annotations for automatically chosen structures are marked as well.) The main differences between this implemenation and grsecurity are: - disable automatic struct selection (to be enabled in follow-up patch) - add designated_init attribute at runtime and for manual marking - clarify debugging output to differentiate bad cast warnings - add whitelisting infrastructure - support gcc 7's DECL_ALIGN and DECL_MODE changes (Laura Abbott) - raise minimum required GCC version to 4.7 Earlier versions of this patch series were ported by Michael Leibowitz. Signed-off-by: NKees Cook <keescook@chromium.org>
-
- 29 5月, 2017 9 次提交
-
-
由 Kees Cook 提交于
This allows structure annotations for requiring designated initialization in GCC 5.1.0 and later: https://gcc.gnu.org/onlinedocs/gcc/Designated-Inits.html The structure randomization layout plugin will be using this to help identify structures that need this form of initialization. Signed-off-by: NKees Cook <keescook@chromium.org>
-
由 Kees Cook 提交于
The c-common.h file moved in stock gcc 4.7, not gcc 4.6. However, most people building plugins with gcc 4.6 are using the Debian or Ubuntu version, which includes a patch to move the headers to the 4.7 location. In case anyone trips over this with a stock gcc 4.6, add a pointer to the patch used by Debian/Ubuntu. Signed-off-by: NKees Cook <keescook@chromium.org>
-
由 Kees Cook 提交于
The randstruct plugin requires designated initializers for structures that are entirely function pointers. Cc: Wu-Cheng Li <wuchengli@chromium.org> Cc: Tiffany Lin <tiffany.lin@mediatek.com> Cc: Hans Verkuil <hans.verkuil@cisco.com> Cc: Mauro Carvalho Chehab <mchehab@s-opensource.com> Signed-off-by: NKees Cook <keescook@chromium.org>
-
由 Kees Cook 提交于
The randstruct plugin requires designated initializers for structures that are entirely function pointers. Cc: Christian König <christian.koenig@amd.com> Cc: Eric Huang <JinHuiEric.Huang@amd.com> Cc: Alex Deucher <alexander.deucher@amd.com> Signed-off-by: NKees Cook <keescook@chromium.org>
-
由 Kees Cook 提交于
The randstruct plugin requires structures that are entirely function pointers be initialized using designated initializers. Cc: Alex Deucher <alexander.deucher@amd.com> Cc: Christian König <christian.koenig@amd.com> Signed-off-by: NKees Cook <keescook@chromium.org>
-
由 Kees Cook 提交于
Prepare to mark sensitive kernel structures for randomization by making sure they're using designated initializers. In this case, no initializers are needed (they can be NULL initialized and callers adjusted to check for NULL, which is more efficient than an indirect call). Cc: Robin Holt <robinmholt@gmail.com> Signed-off-by: NKees Cook <keescook@chromium.org> Reviewed-by: NChristoph Hellwig <hch@infradead.org>
-
由 Kees Cook 提交于
When trying to propagate an error result, the error return path attempts to retain the error, but does this with an open cast across very different types, which the upcoming structure layout randomization plugin flags as being potentially dangerous in the face of randomization. This is a false positive, but what this code actually wants to do is use ERR_CAST() to retain the error value. Cc: Mark Fasheh <mfasheh@versity.com> Cc: Joel Becker <jlbec@evilplan.org> Signed-off-by: NKees Cook <keescook@chromium.org>
-
由 Kees Cook 提交于
When trying to propagate an error result, the error return path attempts to retain the error, but does this with an open cast across very different types, which the upcoming structure layout randomization plugin flags as being potentially dangerous in the face of randomization. This is a false positive, but what this code actually wants to do is use ERR_CAST() to retain the error value. Cc: Anton Altaparmakov <anton@tuxera.com> Cc: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: NKees Cook <keescook@chromium.org>
-
由 Kees Cook 提交于
When the call to nfs_devname() fails, the error path attempts to retain the error via the mnt variable, but this requires a cast across very different types (char * to struct vfsmount *), which the upcoming structure layout randomization plugin flags as being potentially dangerous in the face of randomization. This is a false positive, but what this code actually wants to do is retain the error value, so this patch explicitly sets it, instead of using what seems to be an unexpected cast. Signed-off-by: NKees Cook <keescook@chromium.org> Acked-by: NTrond Myklebust <trond.myklebust@primarydata.com> Reviewed-by: NChristoph Hellwig <hch@lst.de>
-
- 22 5月, 2017 8 次提交
-
-
由 Linus Torvalds 提交于
-
由 Linus Torvalds 提交于
The code to fetch a 64-bit value from user space was entirely buggered, and has been since the code was merged in early 2016 in commit b2f68038 ("x86/mm/32: Add support for 64-bit __get_user() on 32-bit kernels"). Happily the buggered routine is almost certainly entirely unused, since the normal way to access user space memory is just with the non-inlined "get_user()", and the inlined version didn't even historically exist. The normal "get_user()" case is handled by external hand-written asm in arch/x86/lib/getuser.S that doesn't have either of these issues. There were two independent bugs in __get_user_asm_u64(): - it still did the STAC/CLAC user space access marking, even though that is now done by the wrapper macros, see commit 11f1a4b9 ("x86: reorganize SMAP handling in user space accesses"). This didn't result in a semantic error, it just means that the inlined optimized version was hugely less efficient than the allegedly slower standard version, since the CLAC/STAC overhead is quite high on modern Intel CPU's. - the double register %eax/%edx was marked as an output, but the %eax part of it was touched early in the asm, and could thus clobber other inputs to the asm that gcc didn't expect it to touch. In particular, that meant that the generated code could look like this: mov (%eax),%eax mov 0x4(%eax),%edx where the load of %edx obviously was _supposed_ to be from the 32-bit word that followed the source of %eax, but because %eax was overwritten by the first instruction, the source of %edx was basically random garbage. The fixes are trivial: remove the extraneous STAC/CLAC entries, and mark the 64-bit output as early-clobber to let gcc know that no inputs should alias with the output register. Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Benjamin LaHaise <bcrl@kvack.org> Cc: Ingo Molnar <mingo@kernel.org> Cc: stable@kernel.org # v4.8+ Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Linus Torvalds 提交于
Al noticed that unsafe_put_user() had type problems, and fixed them in commit a7cc722f ("fix unsafe_put_user()"), which made me look more at those functions. It turns out that unsafe_get_user() had a type issue too: it limited the largest size of the type it could handle to "unsigned long". Which is fine with the current users, but doesn't match our existing normal get_user() semantics, which can also handle "u64" even when that does not fit in a long. While at it, also clean up the type cast in unsafe_put_user(). We actually want to just make it an assignment to the expected type of the pointer, because we actually do want warnings from types that don't convert silently. And it makes the code more readable by not having that one very long and complex line. [ This patch might become stable material if we ever end up back-porting any new users of the unsafe uaccess code, but as things stand now this doesn't matter for any current existing uses. ] Cc: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs由 Linus Torvalds 提交于
Pull misc uaccess fixes from Al Viro: "Fix for unsafe_put_user() (no callers currently in mainline, but anyone starting to use it will step into that) + alpha osf_wait4() infoleak fix" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: osf_wait4(): fix infoleak fix unsafe_put_user()
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip由 Linus Torvalds 提交于
Pull scheduler fix from Thomas Gleixner: "A single scheduler fix: Prevent idle task from ever being preempted. That makes sure that synchronize_rcu_tasks() which is ignoring idle task does not pretend that no task is stuck in preempted state. If that happens and idle was preempted on a ftrace trampoline the machine crashes due to inconsistent state" * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: sched/core: Call __schedule() from do_idle() without enabling preemption
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip由 Linus Torvalds 提交于
Pull irq fixes from Thomas Gleixner: "A set of small fixes for the irq subsystem: - Cure a data ordering problem with chained interrupts - Three small fixlets for the mbigen irq chip" * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: genirq: Fix chained interrupt data ordering irqchip/mbigen: Fix the clear register offset calculation irqchip/mbigen: Fix potential NULL dereferencing irqchip/mbigen: Fix memory mapping code
-
由 Al Viro 提交于
failing sys_wait4() won't fill struct rusage... Cc: stable@vger.kernel.org Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-
由 Al Viro 提交于
__put_user_size() relies upon its first argument having the same type as what the second one points to; the only other user makes sure of that and unsafe_put_user() should do the same. Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-
- 21 5月, 2017 9 次提交
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace由 Linus Torvalds 提交于
Pull tracing fixes from Steven Rostedt: - Fix a bug caused by not cleaning up the new instance unique triggers when deleting an instance. It also creates a selftest that triggers that bug. - Fix the delayed optimization happening after kprobes boot up self tests being removed by freeing of init memory. - Comment kprobes on why the delay optimization is not a problem for removal of modules, to keep other developers from searching that riddle. - Fix another case of rcu not watching in stack trace tracing. * tag 'trace-v4.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: tracing: Make sure RCU is watching before calling a stack trace kprobes: Document how optimized kprobes are removed from module unload selftests/ftrace: Add test to remove instance with active event triggers selftests/ftrace: Fix bashisms ftrace: Remove #ifdef from code and add clear_ftrace_function_probes() stub ftrace/instances: Clear function triggers when removing instances ftrace: Simplify glob handling in unregister_ftrace_function_probe_func() tracing/kprobes: Enforce kprobes teardown after testing tracing: Move postpone selftests to core from early_initcall
-
git://git.kernel.dk/linux-block由 Linus Torvalds 提交于
Pull block fixes from Jens Axboe: "A small collection of fixes that should go into this cycle. - a pull request from Christoph for NVMe, which ended up being manually applied to avoid pulling in newer bits in master. Mostly fibre channel fixes from James, but also a few fixes from Jon and Vijay - a pull request from Konrad, with just a single fix for xen-blkback from Gustavo. - a fuseblk bdi fix from Jan, fixing a regression in this series with the dynamic backing devices. - a blktrace fix from Shaohua, replacing sscanf() with kstrtoull(). - a request leak fix for drbd from Lars, fixing a regression in the last series with the kref changes. This will go to stable as well" * 'for-linus' of git://git.kernel.dk/linux-block: nvmet: release the sq ref on rdma read errors nvmet-fc: remove target cpu scheduling flag nvme-fc: stop queues on error detection nvme-fc: require target or discovery role for fc-nvme targets nvme-fc: correct port role bits nvme: unmap CMB and remove sysfs file in reset path blktrace: fix integer parse fuseblk: Fix warning in super_setup_bdi_name() block: xen-blkback: add null check to avoid null pointer dereference drbd: fix request leak introduced by locking/atomic, kref: Kill kref_sub()
-
由 Vijay Immanuel 提交于
On rdma read errors, release the sq ref that was taken when the req was initialized. This avoids a hang in nvmet_sq_destroy() when the queue is being freed. Signed-off-by: NVijay Immanuel <vijayi@attalasystems.com> Reviewed-by: NSagi Grimberg <sagi@grimberg.me> Signed-off-by: NChristoph Hellwig <hch@lst.de> Signed-off-by: NJens Axboe <axboe@fb.com>
-
由 James Smart 提交于
Remove NVMET_FCTGTFEAT_NEEDS_CMD_CPUSCHED. It's unnecessary. Signed-off-by: NJames Smart <james.smart@broadcom.com> Reviewed-by: NJohannes Thumshirn <jthumshirn@suse.de> Signed-off-by: NChristoph Hellwig <hch@lst.de> Signed-off-by: NJens Axboe <axboe@fb.com>
-
由 James Smart 提交于
Per the recommendation by Sagi on: http://lists.infradead.org/pipermail/linux-nvme/2017-April/009261.html Rather than waiting for reset work thread to stop queues and abort the ios, immediately stop the queues on error detection. Reset thread will restop the queues (as it's called on other paths), but it does not appear to have a side effect. Signed-off-by: NJames Smart <james.smart@broadcom.com> Reviewed-by: NJohannes Thumshirn <jthumshirn@suse.de> Signed-off-by: NChristoph Hellwig <hch@lst.de> Signed-off-by: NJens Axboe <axboe@fb.com>
-
由 James Smart 提交于
In order to create an association, the remoteport must be serving either a target role or a discovery role. Signed-off-by: NJames Smart <james.smart@broadcom.com> Reviewed-by: NJohannes Thumshirn <jthumshirn@suse.de> Signed-off-by: NChristoph Hellwig <hch@lst.de> Signed-off-by: NJens Axboe <axboe@fb.com>
-
由 James Smart 提交于
FC Port roles is a bit mask, not individual values. Correct nvme definitions to unique bits. Signed-off-by: NJames Smart <james.smart@broadcom.com> Reviewed-by: NJohannes Thumshirn <jthumshirn@suse.de> Signed-off-by: NChristoph Hellwig <hch@lst.de> Signed-off-by: NJens Axboe <axboe@fb.com>
-
由 Jon Derrick 提交于
CMB doesn't get unmapped until removal while getting remapped on every reset. Add the unmapping and sysfs file removal to the reset path in nvme_pci_disable to match the mapping path in nvme_pci_enable. Fixes: 202021c1 ("nvme : Add sysfs entry for NVMe CMBs when appropriate") Signed-off-by: NJon Derrick <jonathan.derrick@intel.com> Acked-by: NKeith Busch <keith.busch@intel.com> Reviewed-By: NStephen Bates <sbates@raithlin.com> Cc: <stable@vger.kernel.org> # 4.9+ Signed-off-by: NChristoph Hellwig <hch@lst.de> Signed-off-by: NJens Axboe <axboe@fb.com>
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging由 Linus Torvalds 提交于
Pull staging driver fixes from Greg KH: "Here are a number of staging driver fixes for 4.12-rc2 Most of them are typec driver fixes found by reviewers and users of the code. There are also some removals of files no longer needed in the tree due to the ion driver rewrite in 4.12-rc1, as well as some wifi driver fixes. And to round it out, a MAINTAINERS file update. All have been in linux-next with no reported issues" * tag 'staging-4.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: (22 commits) MAINTAINERS: greybus-dev list is members-only staging: fsl-dpaa2/eth: add ETHERNET dependency staging: typec: fusb302: refactor resume retry mechanism staging: typec: fusb302: reset i2c_busy state in error staging: rtl8723bs: remove re-positioned call to kfree in os_dep/ioctl_cfg80211.c staging: rtl8192e: GetTs Fix invalid TID 7 warning. staging: rtl8192e: rtl92e_get_eeprom_size Fix read size of EPROM_CMD. staging: rtl8192e: fix 2 byte alignment of register BSSIDR. staging: rtl8192e: rtl92e_fill_tx_desc fix write to mapped out memory. staging: vc04_services: Fix bulk cache maintenance staging: ccree: remove extraneous spin_unlock_bh() in error handler staging: typec: Fix sparse warnings about incorrect types staging: typec: fusb302: do not free gpio from managed resource staging: typec: tcpm: Fix Port Power Role field in PS_RDY messages staging: typec: tcpm: Respond to Discover Identity commands staging: typec: tcpm: Set correct flags in PD request messages staging: typec: tcpm: Drop duplicate PD messages staging: typec: fusb302: Fix chip->vbus_present init value staging: typec: fusb302: Fix module autoload staging: typec: tcpci: declare private structure as static ...
-
- 20 5月, 2017 5 次提交
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb由 Linus Torvalds 提交于
Pull USB fixes from Greg KH: "Here are a number of small USB fixes for 4.12-rc2 Most of them come from Johan, in his valiant quest to fix up all drivers that could be affected by "malicious" USB devices. There's also some fixes for more "obscure" drivers to handle some of the vmalloc stack fallout (which for USB drivers, was always the case, but very few people actually ran those systems...) Other than that, the normal set of xhci and gadget and musb driver fixes as well. All have been in linux-next with no reported issues" * tag 'usb-4.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (42 commits) usb: musb: tusb6010_omap: Do not reset the other direction's packet size usb: musb: Fix trying to suspend while active for OTG configurations usb: host: xhci-plat: propagate return value of platform_get_irq() xhci: Fix command ring stop regression in 4.11 xhci: remove GFP_DMA flag from allocation USB: xhci: fix lock-inversion problem usb: host: xhci-ring: don't need to clear interrupt pending for MSI enabled hcd usb: host: xhci-mem: allocate zeroed Scratchpad Buffer xhci: apply PME_STUCK_QUIRK and MISSING_CAS quirk for Denverton usb: xhci: trace URB before giving it back instead of after USB: serial: qcserial: add more Lenovo EM74xx device IDs USB: host: xhci: use max-port define USB: hub: fix SS max number of ports USB: hub: fix non-SS hub-descriptor handling USB: hub: fix SS hub-descriptor handling USB: usbip: fix nonconforming hub descriptor USB: gadget: dummy_hcd: fix hub-descriptor removable fields doc-rst: fixed kernel-doc directives in usb/typec.rst USB: core: of: document reference taken by companion helper USB: ehci-platform: fix companion-device leak ...
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc由 Linus Torvalds 提交于
Pull char/misc driver fixes from Greg KH: "Here are five small bugfixes for reported issues with 4.12-rc1 and earlier kernels. Nothing huge here, just a lp, mem, vpd, and uio driver fix, along with a Kconfig fixup for one of the misc drivers. All of these have been in linux-next with no reported issues" * tag 'char-misc-4.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: firmware: Google VPD: Fix memory allocation error handling drivers: char: mem: Check for address space wraparound with mmap() uio: fix incorrect memory leak cleanup misc: pci_endpoint_test: select CRC32 char: lp: fix possible integer overflow in lp_setup()
-
git://www.linux-watchdog.org/linux-watchdog由 Linus Torvalds 提交于
Pull watchdog fixes from Wim Van Sebroeck: - orion_wdt compile-test dependencies - sama5d4_wdt: WDDIS handling and a race confition - pcwd_usb: fix NULL-deref at probe - cadence_wdt: fix timeout setting - wdt_pci: fix build error if SOFTWARE_REBOOT is defined - iTCO_wdt: all versions count down twice - zx2967: remove redundant dev_err call in zx2967_wdt_probe() - bcm281xx: Fix use of uninitialized spinlock * git://www.linux-watchdog.org/linux-watchdog: watchdog: bcm281xx: Fix use of uninitialized spinlock. watchdog: zx2967: remove redundant dev_err call in zx2967_wdt_probe() iTCO_wdt: all versions count down twice watchdog: wdt_pci: fix build error if define SOFTWARE_REBOOT watchdog: cadence_wdt: fix timeout setting watchdog: pcwd_usb: fix NULL-deref at probe watchdog: sama5d4: fix race condition watchdog: sama5d4: fix WDDIS handling watchdog: orion: fix compile-test dependencies
-
git://people.freedesktop.org/~airlied/linux由 Linus Torvalds 提交于
Pull drm fixes from Dave Airlie: "Mostly nouveau and i915, fairly quiet as usual for rc2" * tag 'drm-fixes-for-v4.12-rc2' of git://people.freedesktop.org/~airlied/linux: drm/atmel-hlcdc: Fix output initialization gpu: host1x: select IOMMU_IOVA drm/nouveau/fifo/gk104-: Silence a locking warning drm/nouveau/secboot: plug memory leak in ls_ucode_img_load_gr() error path drm/nouveau: Fix drm poll_helper handling drm/i915: don't do allocate_va_range again on PIN_UPDATE drm/i915: Fix rawclk readout for g4x drm/i915: Fix runtime PM for LPE audio drm/i915/glk: Fix DSI "*ERROR* ULPS is still active" messages drm/i915/gvt: avoid unnecessary vgpu switch drm/i915/gvt: not to restore in-context mmio drm/etnaviv: don't put fence in case of submit failure drm/i915/gvt: fix typo: "supporte" -> "support" drm: hdlcd: Fix the calculation of the scanout start address
-
git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi由 Linus Torvalds 提交于
Pull SCSI fixes from James Bottomley: "This is the first sweep of mostly minor fixes. There's one security one: the read past the end of a buffer in qedf, and a panic fix for lpfc SLI-3 adapters, but the rest are a set of include and build dependency tidy ups and assorted other small fixes and updates" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: pmcraid: remove redundant check to see if request_size is less than zero scsi: lpfc: ensure els_wq is being checked before destroying it scsi: cxlflash: Select IRQ_POLL scsi: qedf: Avoid reading past end of buffer scsi: qedf: Cleanup the type of io_log->op scsi: lpfc: double lock typo in lpfc_ns_rsp() scsi: qedf: properly update arguments position in function call scsi: scsi_lib: Add #include <scsi/scsi_transport.h> scsi: MAINTAINERS: update OSD entries scsi: Skip deleted devices in __scsi_device_lookup scsi: lpfc: Fix panic on BFS configuration scsi: libfc: do not flood console with messages 'libfc: queue full ...'
-