1. 06 9月, 2019 2 次提交
  2. 05 9月, 2019 1 次提交
    • D
      drm/vmwgfx: Fix double free in vmw_recv_msg() · 08b0c891
      Dan Carpenter 提交于
      We recently added a kfree() after the end of the loop:
      
      	if (retries == RETRIES) {
      		kfree(reply);
      		return -EINVAL;
      	}
      
      There are two problems.  First the test is wrong and because retries
      equals RETRIES if we succeed on the last iteration through the loop.
      Second if we fail on the last iteration through the loop then the kfree
      is a double free.
      
      When you're reading this code, please note the break statement at the
      end of the while loop.  This patch changes the loop so that if it's not
      successful then "reply" is NULL and we can test for that afterward.
      
      Cc: <stable@vger.kernel.org>
      Fixes: 6b7c3b86 ("drm/vmwgfx: fix memory leak when too many retries have occurred")
      Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com>
      Reviewed-by: NThomas Hellstrom <thellstrom@vmware.com>
      Signed-off-by: NThomas Hellstrom <thellstrom@vmware.com>
      08b0c891
  3. 03 9月, 2019 4 次提交
  4. 02 9月, 2019 6 次提交
    • B
      drm/nouveau/sec2/gp102: add missing MODULE_FIRMWAREs · 55f7e5c3
      Ben Skeggs 提交于
      Signed-off-by: NBen Skeggs <bskeggs@redhat.com>
      Cc: stable@vger.kernel.org [v5.2+]
      55f7e5c3
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 345464fb
      Linus Torvalds 提交于
      Pull networking fixes from David Miller:
      
       1) Fix some length checks during OGM processing in batman-adv, from
          Sven Eckelmann.
      
       2) Fix regression that caused netfilter conntrack sysctls to not be
          per-netns any more. From Florian Westphal.
      
       3) Use after free in netpoll, from Feng Sun.
      
       4) Guard destruction of pfifo_fast per-cpu qdisc stats with
          qdisc_is_percpu_stats(), from Davide Caratti. Similar bug is fixed
          in pfifo_fast_enqueue().
      
       5) Fix memory leak in mld_del_delrec(), from Eric Dumazet.
      
       6) Handle neigh events on internal ports correctly in nfp, from John
          Hurley.
      
       7) Clear SKB timestamp in NF flow table code so that it does not
          confuse fq scheduler. From Florian Westphal.
      
       8) taprio destroy can crash if it is invoked in a failure path of
          taprio_init(), because the list head isn't setup properly yet and
          the list del is unconditional. Perform the list add earlier to
          address this. From Vladimir Oltean.
      
       9) Make sure to reapply vlan filters on device up, in aquantia driver.
          From Dmitry Bogdanov.
      
      10) sgiseeq driver releases DMA memory using free_page() instead of
          dma_free_attrs(). From Christophe JAILLET.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (58 commits)
        net: seeq: Fix the function used to release some memory in an error handling path
        enetc: Add missing call to 'pci_free_irq_vectors()' in probe and remove functions
        net: bcmgenet: use ethtool_op_get_ts_info()
        tc-testing: don't hardcode 'ip' in nsPlugin.py
        net: dsa: microchip: add KSZ8563 compatibility string
        dt-bindings: net: dsa: document additional Microchip KSZ8563 switch
        net: aquantia: fix out of memory condition on rx side
        net: aquantia: linkstate irq should be oneshot
        net: aquantia: reapply vlan filters on up
        net: aquantia: fix limit of vlan filters
        net: aquantia: fix removal of vlan 0
        net/sched: cbs: Set default link speed to 10 Mbps in cbs_set_port_rate
        taprio: Set default link speed to 10 Mbps in taprio_set_picos_per_byte
        taprio: Fix kernel panic in taprio_destroy
        net: dsa: microchip: fill regmap_config name
        rxrpc: Fix lack of conn cleanup when local endpoint is cleaned up [ver #2]
        net: stmmac: dwmac-rk: Don't fail if phy regulator is absent
        amd-xgbe: Fix error path in xgbe_mod_init()
        netfilter: nft_meta_bridge: Fix get NFT_META_BRI_IIFVPROTO in network byteorder
        mac80211: Correctly set noencrypt for PAE frames
        ...
      345464fb
    • C
      net: seeq: Fix the function used to release some memory in an error handling path · e1e54ec7
      Christophe JAILLET 提交于
      In commit 99cd149e ("sgiseeq: replace use of dma_cache_wback_inv"),
      a call to 'get_zeroed_page()' has been turned into a call to
      'dma_alloc_coherent()'. Only the remove function has been updated to turn
      the corresponding 'free_page()' into 'dma_free_attrs()'.
      The error hndling path of the probe function has not been updated.
      
      Fix it now.
      
      Rename the corresponding label to something more in line.
      
      Fixes: 99cd149e ("sgiseeq: replace use of dma_cache_wback_inv")
      Signed-off-by: NChristophe JAILLET <christophe.jaillet@wanadoo.fr>
      Reviewed-by: NThomas Bogendoerfer <tbogendoerfer@suse.de>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e1e54ec7
    • L
      Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 9f159ae0
      Linus Torvalds 提交于
      Pull x86 fixes from Thomas Gleixner:
       "A set of fixes for x86:
      
         - Fix the bogus detection of 32bit user mode for uretprobes which
           caused corruption of the user return address resulting in
           application crashes. In the uprobes handler in_ia32_syscall() is
           obviously always returning false on a 64bit kernel. Use
           user_64bit_mode() instead which works correctly.
      
         - Prevent large page splitting when ftrace flips RW/RO on the kernel
           text which caused iTLB performance issues. Ftrace wants to be
           converted to text_poke() which avoids the problem, but for now
           allow large page preservation in the static protections check when
           the change request spawns a full large page.
      
         - Prevent arch_dynirq_lower_bound() from returning 0 when the IOAPIC
           is configured via device tree. In the device tree case the GSI 1:1
           mapping is meaningless therefore the lower bound which protects the
           GSI range on ACPI machines is irrelevant. Return the lower bound
           which the core hands to the function instead of blindly returning 0
           which causes the core to allocate the invalid virtual interupt
           number 0 which in turn prevents all drivers from allocating and
           requesting an interrupt.
      
         - Remove the bogus initialization of LDR and DFR in the 32bit bigsmp
           APIC driver. That uses physical destination mode where LDR/DFR are
           ignored, but the initialization and the missing clear of LDR caused
           the APIC to be left in a inconsistent state on kexec/reboot.
      
         - Clear LDR when clearing the APIC registers so the APIC is in a well
           defined state.
      
         - Initialize variables proper in the find_trampoline_placement()
           code.
      
         - Silence GCC( build warning for the real mode part of the build"
      
      * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/mm/cpa: Prevent large page split when ftrace flips RW on kernel text
        x86/build: Add -Wnoaddress-of-packed-member to REALMODE_CFLAGS, to silence GCC9 build warning
        x86/boot/compressed/64: Fix missing initialization in find_trampoline_placement()
        x86/apic: Include the LDR when clearing out APIC registers
        x86/apic: Do not initialize LDR and DFR for bigsmp
        uprobes/x86: Fix detection of 32-bit user mode
        x86/apic: Fix arch_dynirq_lower_bound() bug for DT enabled machines
      9f159ae0
    • L
      Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 5fb181cb
      Linus Torvalds 提交于
      Pull perf fixes from Thomas Gleixner:
       "Two fixes for perf x86 hardware implementations:
      
         - Restrict the period on Nehalem machines to prevent perf from
           hogging the CPU
      
         - Prevent the AMD IBS driver from overwriting the hardwre controlled
           and pre-seeded reserved bits (0-6) in the count register which
           caused a sample bias for dispatched micro-ops"
      
      * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops
        perf/x86/intel: Restrict period on Nehalem
      5fb181cb
    • L
      Merge branch 'turbostat' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux · 5358e6e7
      Linus Torvalds 提交于
      Pull turbostat updates from Len Brown:
       "User-space turbostat (and x86_energy_perf_policy) patches.
      
        They are primarily bug fixes from users"
      
      * 'turbostat' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux:
        tools/power turbostat: update version number
        tools/power turbostat: Add support for Hygon Fam 18h (Dhyana) RAPL
        tools/power turbostat: Fix caller parameter of get_tdp_amd()
        tools/power turbostat: Fix CPU%C1 display value
        tools/power turbostat: do not enforce 1ms
        tools/power turbostat: read from pipes too
        tools/power turbostat: Add Ice Lake NNPI support
        tools/power turbostat: rename has_hsw_msrs()
        tools/power turbostat: Fix Haswell Core systems
        tools/power turbostat: add Jacobsville support
        tools/power turbostat: fix buffer overrun
        tools/power turbostat: fix file descriptor leaks
        tools/power turbostat: fix leak of file descriptor on error return path
        tools/power turbostat: Make interval calculation per thread to reduce jitter
        tools/power turbostat: remove duplicate pc10 column
        tools/power x86_energy_perf_policy: Fix argument parsing
        tools/power: Fix typo in man page
        tools/power/x86: Enable compiler optimisations and Fortify by default
        tools/power x86_energy_perf_policy: Fix "uninitialized variable" warnings at -O2
      5358e6e7
  5. 01 9月, 2019 27 次提交