- 07 1月, 2021 40 次提交
-
-
由 Fabio Estevam 提交于
stable inclusion from stable-5.10.3 commit 39fb7424d4edea5080b3531cfbdb80fac5f68a56 bugzilla: 46871 -------------------------------- commit c7721e15 upstream. According to the i.MX6UL Errata document: https://www.nxp.com/docs/en/errata/IMX6ULCE.pdf ERR007881 also affects i.MX6UL, so pass the CI_HDRC_DISABLE_DEVICE_STREAMING flag to workaround the issue. Fixes: 52fe568e ("usb: chipidea: imx: add imx6ul usb support") Cc: <stable@vger.kernel.org> Signed-off-by: NFabio Estevam <festevam@gmail.com> Signed-off-by: NPeter Chen <peter.chen@nxp.com> Link: https://lore.kernel.org/r/20201207020909.22483-2-peter.chen@kernel.orgSigned-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NChen Jun <chenjun102@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NChen Jun <chenjun102@huawei.com>
-
由 Will McVicker 提交于
stable inclusion from stable-5.10.3 commit 2a548c32d5505dcd6ead123c02a52fa8d077e9d8 bugzilla: 46871 -------------------------------- commit b00f444f upstream. Align the SuperSpeed Plus bitrate for f_rndis to match f_ncm's ncm_bitrate defined by commit 16501138 ("usb: gadget: f_ncm: add SuperSpeed descriptors for CDC NCM"). Cc: Felipe Balbi <balbi@kernel.org> Cc: EJ Hsu <ejh@nvidia.com> Cc: Peter Chen <peter.chen@nxp.com> Cc: stable <stable@vger.kernel.org> Signed-off-by: NWill McVicker <willmcvicker@google.com> Reviewed-by: NPeter Chen <peter.chen@nxp.com> Link: https://lore.kernel.org/r/20201127140559.381351-2-gregkh@linuxfoundation.orgSigned-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NChen Jun <chenjun102@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NChen Jun <chenjun102@huawei.com>
-
由 Jack Pham 提交于
stable inclusion from stable-5.10.3 commit 4ef3fc712c7702859553e33f9197d70beb3f31c8 bugzilla: 46871 -------------------------------- commit a353397b upstream. In many cases a function that supports SuperSpeed can very well operate in SuperSpeedPlus, if a gadget controller supports it, as the endpoint descriptors (and companion descriptors) are generally identical and can be re-used. This is true for two commonly used functions: Android's ADB and MTP. So we can simply assign the usb_function's ssp_descriptors array to point to its ss_descriptors, if available. Similarly, we need to allow an epfile's ioctl for FUNCTIONFS_ENDPOINT_DESC to correctly return the corresponding SuperSpeed endpoint descriptor in case the connected speed is SuperSpeedPlus as well. The only exception is if a function wants to implement an Isochronous endpoint capable of transferring more than 48KB per service interval when operating at greater than USB 3.1 Gen1 speed, in which case it would require an additional SuperSpeedPlus Isochronous Endpoint Companion descriptor to be returned as part of the Configuration Descriptor. Support for that would need to be separately added to the userspace-facing FunctionFS API which may not be a trivial task--likely a new descriptor format (v3?) may need to be devised to allow for separate SS and SSP descriptors to be supplied. Signed-off-by: NJack Pham <jackp@codeaurora.org> Cc: stable <stable@vger.kernel.org> Link: https://lore.kernel.org/r/20201027230731.9073-1-jackp@codeaurora.orgSigned-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NChen Jun <chenjun102@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NChen Jun <chenjun102@huawei.com>
-
由 Will McVicker 提交于
stable inclusion from stable-5.10.3 commit 245cb2f26ea0ebbdfbb146e55997e935a5f0bc18 bugzilla: 46871 -------------------------------- commit 457a902b upstream. Needed for SuperSpeed Plus support for f_midi. This allows the gadget to work properly without crashing at SuperSpeed rates. Cc: Felipe Balbi <balbi@kernel.org> Cc: stable <stable@vger.kernel.org> Signed-off-by: NWill McVicker <willmcvicker@google.com> Reviewed-by: NPeter Chen <peter.chen@nxp.com> Link: https://lore.kernel.org/r/20201127140559.381351-4-gregkh@linuxfoundation.orgSigned-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NChen Jun <chenjun102@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NChen Jun <chenjun102@huawei.com>
-
由 taehyun.cho 提交于
stable inclusion from stable-5.10.3 commit 798be9a2f9d745b578044eb519c5bca1ec745150 bugzilla: 46871 -------------------------------- commit 3ee05c20 upstream. Setup the SuperSpeed Plus descriptors for f_acm. This allows the gadget to work properly without crashing at SuperSpeed rates. Cc: Felipe Balbi <balbi@kernel.org> Cc: stable <stable@vger.kernel.org> Signed-off-by: Ntaehyun.cho <taehyun.cho@samsung.com> Signed-off-by: NWill McVicker <willmcvicker@google.com> Reviewed-by: NPeter Chen <peter.chen@nxp.com> Link: https://lore.kernel.org/r/20201127140559.381351-3-gregkh@linuxfoundation.orgSigned-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NChen Jun <chenjun102@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NChen Jun <chenjun102@huawei.com>
-
由 Johan Hovold 提交于
stable inclusion from stable-5.10.3 commit e4ef9c8d13b3b61f764242ce9c36a0422cc6b29c bugzilla: 46871 -------------------------------- commit a251963f upstream. Add an interface-number sanity check before testing the device flags to avoid relying on undefined behaviour when left shifting in case a device uses an interface number greater than or equal to BITS_PER_LONG (i.e. 64 or 32). Reported-by: syzbot+8881b478dad0a7971f79@syzkaller.appspotmail.com Fixes: c3a65808 ("USB: serial: option: reimplement interface masking") Cc: stable@vger.kernel.org Reviewed-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NJohan Hovold <johan@kernel.org> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NChen Jun <chenjun102@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NChen Jun <chenjun102@huawei.com>
-
由 Dan Carpenter 提交于
stable inclusion from stable-5.10.3 commit 4cfc27cb56208be233915bb524198a5f1da4679a bugzilla: 46871 -------------------------------- commit 3f6f6343 upstream. This code is using the wrong sizeof() so it does not allocate enough memory. It allocates 32 bytes but 72 are required. That will lead to memory corruption. Fixes: ae078092 ("usb: mtu3: add debugfs interface files") Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com> Link: https://lore.kernel.org/r/X8ikqc4Mo2/0G72j@mwanda Cc: stable <stable@vger.kernel.org> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NChen Jun <chenjun102@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NChen Jun <chenjun102@huawei.com>
-
由 Nicolin Chen 提交于
stable inclusion from stable-5.10.3 commit e8d7daf69edb6a7b0367313098bc554a3b686c1e bugzilla: 46871 -------------------------------- commit b9ce9b0f upstream. This patch simply fixes a bug of referencing speedos[num] in every for-loop iteration in get_process_id function. Fixes: 0dc5a0d8 ("soc/tegra: fuse: Add Tegra210 support") Cc: <stable@vger.kernel.org> Signed-off-by: NNicolin Chen <nicoleotsuka@gmail.com> Signed-off-by: NThierry Reding <treding@nvidia.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NChen Jun <chenjun102@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NChen Jun <chenjun102@huawei.com>
-
由 Artem Labazov 提交于
stable inclusion from stable-5.10.3 commit 5f5240c03aa39b18034ec2b6ecada486ab0d4077 bugzilla: 46871 -------------------------------- commit 9eb78c25 upstream. The table for Unicode upcase conversion requires an order-5 allocation, which may fail on a highly-fragmented system: pool-udisksd: page allocation failure: order:5, mode:0x40dc0(GFP_KERNEL|__GFP_COMP|__GFP_ZERO), nodemask=(null), cpuset=/,mems_allowed=0 CPU: 4 PID: 3756880 Comm: pool-udisksd Tainted: G U 5.8.10-200.fc32.x86_64 #1 Hardware name: Dell Inc. XPS 13 9360/0PVG6D, BIOS 2.13.0 11/14/2019 Call Trace: dump_stack+0x6b/0x88 warn_alloc.cold+0x75/0xd9 ? _cond_resched+0x16/0x40 ? __alloc_pages_direct_compact+0x144/0x150 __alloc_pages_slowpath.constprop.0+0xcfa/0xd30 ? __schedule+0x28a/0x840 ? __wait_on_bit_lock+0x92/0xa0 __alloc_pages_nodemask+0x2df/0x320 kmalloc_order+0x1b/0x80 kmalloc_order_trace+0x1d/0xa0 exfat_create_upcase_table+0x115/0x390 [exfat] exfat_fill_super+0x3ef/0x7f0 [exfat] ? sget_fc+0x1d0/0x240 ? exfat_init_fs_context+0x120/0x120 [exfat] get_tree_bdev+0x15c/0x250 vfs_get_tree+0x25/0xb0 do_mount+0x7c3/0xaf0 ? copy_mount_options+0xab/0x180 __x64_sys_mount+0x8e/0xd0 do_syscall_64+0x4d/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Make the driver use kvcalloc() to eliminate the issue. Fixes: 370e812b ("exfat: add nls operations") Cc: stable@vger.kernel.org #v5.7+ Signed-off-by: NArtem Labazov <123321artyom@gmail.com> Signed-off-by: NNamjae Jeon <namjae.jeon@samsung.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NChen Jun <chenjun102@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NChen Jun <chenjun102@huawei.com>
-
由 Andi Kleen 提交于
stable inclusion from stable-5.10.3 commit 84bcbb0779c6a062e51c84abaca356f79be1abeb bugzilla: 46871 -------------------------------- commit e14fd4ba upstream. When a split lock is detected always make sure to disable interrupts before returning from the trap handler. The kernel exit code assumes that all exits run with interrupts disabled, otherwise the SWAPGS sequence can race against interrupts and cause recursing page faults and later panics. The problem will only happen on CPUs with split lock disable functionality, so Icelake Server, Tiger Lake, Snow Ridge, Jacobsville. Fixes: ca4c6a98 ("x86/traps: Make interrupt enable/disable symmetric in C code") Fixes: bce9b042 ("x86/traps: Disable interrupts in exc_aligment_check()") # v5.8+ Signed-off-by: NAndi Kleen <ak@linux.intel.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Fenghua Yu <fenghua.yu@intel.com> Cc: Tony Luck <tony.luck@intel.com> Reviewed-by: NThomas Gleixner <tglx@linutronix.de> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NChen Jun <chenjun102@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NChen Jun <chenjun102@huawei.com>
-
由 Thierry Reding 提交于
stable inclusion from stable-5.10.3 commit eadec7f5374ef01fa4556c24dfc90769ebaefd5e bugzilla: 46871 -------------------------------- commit c9f64d1f upstream. When dumping the name and NTP servers advertised by DHCP, a blank line is emitted if either of the lists is empty. This can lead to confusing issues such as the blank line getting flagged as warning. This happens because the blank line is the result of pr_cont("\n") and that may see its level corrupted by some other driver concurrently writing to the console. Fix this by making sure that the terminating newline is only emitted if at least one entry in the lists was printed before. Reported-by: NJon Hunter <jonathanh@nvidia.com> Signed-off-by: NThierry Reding <treding@nvidia.com> Link: https://lore.kernel.org/r/20201110073757.1284594-1-thierry.reding@gmail.comSigned-off-by: NJakub Kicinski <kuba@kernel.org> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NChen Jun <chenjun102@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NChen Jun <chenjun102@huawei.com>
-
由 Alexander Sverdlin 提交于
stable inclusion from stable-5.10.2 commit dadaf794f207ebd94a42bf786f14bdcea95f8ec6 bugzilla: 46859 -------------------------------- commit d96f04d3 upstream. It has been observed that once per 300-1300 port openings the first transmitted byte is being corrupted on AM3352 ("v" written to FIFO appeared as "e" on the wire). It only happened if single byte has been transmitted right after port open, which means, DMA is not used for this transfer and the corruption never happened afterwards. Therefore I've carefully re-read the MDR1 errata (link below), which says "when accessing the MDR1 registers that causes a dummy under-run condition that will freeze the UART in IrDA transmission. In UART mode, this may corrupt the transferred data". Strictly speaking, omap_8250_mdr1_errataset() performs a read access and if the value is the same as should be written, exits without errata-recommended FIFO reset. A brief check of the serial_omap_mdr1_errataset() from the competing omap-serial driver showed it has no read access of MDR1. After removing the read access from omap_8250_mdr1_errataset() the data corruption never happened any more. Link: https://www.ti.com/lit/er/sprz360i/sprz360i.pdf Fixes: 61929cf0 ("tty: serial: Add 8250-core based omap driver") Cc: stable@vger.kernel.org Signed-off-by: NAlexander Sverdlin <alexander.sverdlin@gmail.com> Link: https://lore.kernel.org/r/20201210055257.1053028-1-alexander.sverdlin@gmail.comSigned-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NChen Jun <chenjun102@huawei.com>
-
由 Takashi Iwai 提交于
stable inclusion from stable-5.10.2 commit ff654f1d31d5fe2962ea49476635c795653e289a bugzilla: 46859 -------------------------------- commit 175b8d89 upstream. syzbot spotted a potential out-of-bounds shift in the PCM OSS layer where it calculates the buffer size with the arbitrary shift value given via an ioctl. Add a range check for avoiding the undefined behavior. As the value can be treated by a signed integer, the max shift should be 30. Reported-by: syzbot+df7dc146ebdd6435eea3@syzkaller.appspotmail.com Cc: <stable@vger.kernel.org> Link: https://lore.kernel.org/r/20201209084552.17109-2-tiwai@suse.deSigned-off-by: NTakashi Iwai <tiwai@suse.de> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NChen Jun <chenjun102@huawei.com>
-
由 Thomas Gleixner 提交于
stable inclusion from stable-5.10.2 commit 07747a44be4f4e042b0f93f853bc709022980d02 bugzilla: 46859 -------------------------------- commit 862ee699 upstream. The console part of sisusbvga is broken vs. printk(). It uses in_atomic() to detect contexts in which it cannot sleep despite the big fat comment in preempt.h which says: Do not use in_atomic() in driver code. in_atomic() does not work on kernels with CONFIG_PREEMPT_COUNT=n which means that spin/rw_lock held regions are not detected by it. There is no way to make this work by handing context information through to the driver and this only can be solved once the core printk infrastructure supports sleepable console drivers. Make it depend on BROKEN for now. Fixes: 1bbb4f20 ("[PATCH] USB: sisusb[vga] update") Signed-off-by: NThomas Gleixner <tglx@linutronix.de> Cc: Thomas Winischhofer <thomas@winischhofer.net> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: linux-usb@vger.kernel.org Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20201019101109.603244207@linutronix.deSigned-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NChen Jun <chenjun102@huawei.com>
-
由 Oliver Neukum 提交于
stable inclusion from stable-5.10.2 commit 2440c1cb2514447ac4a4e585b47d78d8b85f41b9 bugzilla: 46859 -------------------------------- commit 8010622c upstream. UAS does not share the pessimistic assumption storage is making that devices cannot deal with WRITE_SAME. A few devices supported by UAS, are reported to not deal well with WRITE_SAME. Those need a quirk. Add it to the device that needs it. Reported-by: NDavid C. Partridge <david.partridge@perdrix.co.uk> Signed-off-by: NOliver Neukum <oneukum@suse.com> Cc: stable <stable@vger.kernel.org> Link: https://lore.kernel.org/r/20201209152639.9195-1-oneukum@suse.comSigned-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NChen Jun <chenjun102@huawei.com>
-
由 Mika Westerberg 提交于
stable inclusion from stable-5.10.2 commit d769a22dc01fc01d9b08199472dfab27e378a052 bugzilla: 46859 -------------------------------- commit 5a8e3229 upstream. Intel Maple Ridge is successor of Titan Ridge Thunderbolt controller. As Titan Ridge this one also includes xHCI host controller. In order to safe energy we should put it to low power state by default when idle. For this reason allow host runtime PM for Maple Ridge. Signed-off-by: NMika Westerberg <mika.westerberg@linux.intel.com> Signed-off-by: NMathias Nyman <mathias.nyman@linux.intel.com> Link: https://lore.kernel.org/r/20201208092912.1773650-5-mathias.nyman@linux.intel.com Cc: stable <stable@vger.kernel.org> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NChen Jun <chenjun102@huawei.com>
-
由 Hans de Goede 提交于
stable inclusion from stable-5.10.2 commit 3203c4abf5051790411a0b49393b9f00a45f191a bugzilla: 46859 -------------------------------- commit c4d1ca05 upstream. The xHCI controller on Alpine Ridge LP keeps the whole Thunderbolt controller awake if the host controller is not allowed to sleep. This is the case even if no USB devices are connected to the host. Add the Intel Alpine Ridge LP product-id to the list of product-ids for which we allow runtime PM by default. Fixes: 2815ef7f ("xhci-pci: allow host runtime PM as default for Intel Alpine and Titan Ridge") Cc: <stable@vger.kernel.org> Reviewed-by: NMika Westerberg <mika.westerberg@linux.intel.com> Signed-off-by: NHans de Goede <hdegoede@redhat.com> Signed-off-by: NMathias Nyman <mathias.nyman@linux.intel.com> Link: https://lore.kernel.org/r/20201208092912.1773650-4-mathias.nyman@linux.intel.comSigned-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NChen Jun <chenjun102@huawei.com>
-
由 Tejas Joglekar 提交于
stable inclusion from stable-5.10.2 commit 1bee58e891f26a4246ad10fcc9c8c7e173a898f4 bugzilla: 46859 -------------------------------- commit bac1ec55 upstream. This commit uses the private data passed by parent device to set the quirk for Synopsys xHC. This patch fixes the SNPS xHC hang issue when the data is scattered across small buffers which does not make atleast MPS size for given TRB cache size of SNPS xHC. Signed-off-by: NTejas Joglekar <joglekar@synopsys.com> Signed-off-by: NMathias Nyman <mathias.nyman@linux.intel.com> Link: https://lore.kernel.org/r/20201208092912.1773650-2-mathias.nyman@linux.intel.com Cc: stable <stable@vger.kernel.org> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NChen Jun <chenjun102@huawei.com>
-
由 Li Jun 提交于
stable inclusion from stable-5.10.2 commit 2bd9751e6790c45377628c09b92afbc4f1bfe4ed bugzilla: 46859 -------------------------------- commit c1373f10 upstream. If a USB2 device wakeup is not enabled/supported the link state may still be in U0 in xhci_bus_suspend(), where it's then manually put to suspended U3 state. Just as with selective suspend the device needs time to enter U3 suspend before continuing with further suspend operations (e.g. system suspend), otherwise we may enter system suspend with link state in U0. [commit message rewording -Mathias] Cc: <stable@vger.kernel.org> Signed-off-by: NLi Jun <jun.li@nxp.com> Signed-off-by: NMathias Nyman <mathias.nyman@linux.intel.com> Link: https://lore.kernel.org/r/20201208092912.1773650-6-mathias.nyman@linux.intel.comSigned-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NChen Jun <chenjun102@huawei.com>
-
由 Takashi Iwai 提交于
stable inclusion from stable-5.10.2 commit f1e6ab052c63a3bf3871aa2a8ec846feb7a77be2 bugzilla: 46859 -------------------------------- commit c6dde8ff upstream. The current channel-map control implementation in USB-audio driver may lead to an error message like "control 3:0:0:Playback Channel Map:0: access overflow" when CONFIG_SND_CTL_VALIDATION is set. It's because the chmap get callback clears the whole array no matter which count is set, and rather the false-positive detection. This patch fixes the problem by clearing only the needed array range at usb_chmap_ctl_get(). Cc: <stable@vger.kernel.org> Link: https://lore.kernel.org/r/20201211130048.6358-1-tiwai@suse.deSigned-off-by: NTakashi Iwai <tiwai@suse.de> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NChen Jun <chenjun102@huawei.com>
-
由 Takashi Iwai 提交于
stable inclusion from stable-5.10.2 commit cc3edd81ef035b728955241dca8a3b3c2f333ab6 bugzilla: 46859 -------------------------------- commit 43d5ca88 upstream. syzbot spotted a potential out-of-bounds shift in the USB-audio format parser that receives the arbitrary shift value from the USB descriptor. Add a range check for avoiding the undefined behavior. Reported-by: syzbot+df7dc146ebdd6435eea3@syzkaller.appspotmail.com Cc: <stable@vger.kernel.org> Link: https://lore.kernel.org/r/20201209084552.17109-1-tiwai@suse.deSigned-off-by: NTakashi Iwai <tiwai@suse.de> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NChen Jun <chenjun102@huawei.com>
-
由 Oliver Neukum 提交于
stable inclusion from stable-5.10.2 commit d8f0c9ec3638be7344a3e8ebe4415aae1b356981 bugzilla: 46859 -------------------------------- commit 08a02f95 upstream. I got reports that some models of this old scanner need this when using runtime PM. Signed-off-by: NOliver Neukum <oneukum@suse.com> Cc: stable <stable@vger.kernel.org> Link: https://lore.kernel.org/r/20201207130323.23857-1-oneukum@suse.comSigned-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NChen Jun <chenjun102@huawei.com>
-
由 Bui Quang Minh 提交于
stable inclusion from stable-5.10.2 commit 5fb2a55ad3e0a7f3c5094c36a54c230355ed3d38 bugzilla: 46859 -------------------------------- commit e90cfa81 upstream. This error path err_add_pdata: for (i = 0; i < mod_data.num; i++) kfree(dum[i]); can be triggered when not all dum's elements are initialized. Fix this by initializing all dum's elements to NULL. Acked-by: NAlan Stern <stern@rowland.harvard.edu> Cc: stable <stable@vger.kernel.org> Signed-off-by: NBui Quang Minh <minhquangbui99@gmail.com> Link: https://lore.kernel.org/r/1607063090-3426-1-git-send-email-minhquangbui99@gmail.comSigned-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NChen Jun <chenjun102@huawei.com>
-
由 Alan Stern 提交于
stable inclusion from stable-5.10.2 commit d483f5e5ce532e410dc10d91a025f12ee3fd2c82 bugzilla: 46859 -------------------------------- commit b175d273 upstream. Commit d9f0d82f ("USB: legousbtower: use usb_control_msg_recv()") contained an elementary logical error. The check of the return code from the new usb_control_msg_recv() function was inverted. Reported-and-tested-by: syzbot+9be25235b7a69b24d117@syzkaller.appspotmail.com Signed-off-by: NAlan Stern <stern@rowland.harvard.edu> Link: https://lore.kernel.org/r/20201208163042.GD1298255@rowland.harvard.edu Fixes: d9f0d82f ("USB: legousbtower: use usb_control_msg_recv()") Cc: stable <stable@vger.kernel.org> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NChen Jun <chenjun102@huawei.com>
-
由 Steven Rostedt (VMware) 提交于
stable inclusion from stable-5.10.2 commit 2902e302991a4dacd155658bcb3053e4d6b7d4a0 bugzilla: 46859 -------------------------------- commit 170f4869 upstream. The logic for truncating the log file for emailing based on the MAIL_MAX_SIZE option is confusing and incorrect. Simplify it and have the tail of the log file truncated to the max size specified in the config. Cc: stable@vger.kernel.org Fixes: 855d8abd ("ktest.pl: Change the logic to control the size of the log file emailed") Signed-off-by: NSteven Rostedt (VMware) <rostedt@goodmis.org> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NChen Jun <chenjun102@huawei.com>
-
由 Steven Rostedt (VMware) 提交于
stable inclusion from stable-5.10.2 commit 4e282a8dff800c535a5828dc7d2e46cb18ddbc18 bugzilla: 46859 -------------------------------- commit 8cd6bc03 upstream. If the size of the error log is too big to send via email, and the sending fails, it wont email any result. This can be confusing for the user who is waiting for an email on the completion of the tests. If it fails to send email, then try again without the log file stating that it failed to send an email. Obviously this will not be of use if the sending of email failed for some other reasons, but it will at least give the user some information when it fails for the most common reason. Cc: stable@vger.kernel.org Fixes: c2d84ddb ("ktest.pl: Add MAIL_COMMAND option to define how to send email") Signed-off-by: NSteven Rostedt (VMware) <rostedt@goodmis.org> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NChen Jun <chenjun102@huawei.com>
-
由 Peilin Ye 提交于
stable inclusion from stable-5.10.2 commit d3f4117b0275b2fb2de3a034fe1060a80104833f bugzilla: 46859 -------------------------------- commit 0032ce0f upstream. ptrace_get_syscall_info() is potentially copying uninitialized stack memory to userspace, since the compiler may leave a 3-byte hole near the beginning of `info`. Fix it by adding a padding field to `struct ptrace_syscall_info`. Fixes: 201766a2 ("ptrace: add PTRACE_GET_SYSCALL_INFO request") Suggested-by: NDan Carpenter <dan.carpenter@oracle.com> Signed-off-by: NPeilin Ye <yepeilin.cs@gmail.com> Reviewed-by: NDmitry V. Levin <ldv@altlinux.org> Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20200801152044.230416-1-yepeilin.cs@gmail.comSigned-off-by: NChristian Brauner <christian.brauner@ubuntu.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NChen Jun <chenjun102@huawei.com>
-
由 Hanjun Guo 提交于
hulk inclusion category: feature bugzilla: 46503 CVE: NA --------------------------- Adding more invalidation and clean ABIs for kernel and kernel module use. For now we have 7 functions for module: void flush_icache_range(unsigned long start, unsigned long end); void inval_dcache_area(void *addr, size_t len); void clean_dcache_area(void *addr, size_t len); void flush_dcache_area(void *addr, size_t len); void inval_dcache_range(unsigned long start, unsigned long end); void clean_dcache_range(unsigned long start, unsigned long end); void flush_dcache_range(unsigned long start, unsigned long end); Signed-off-by: NHanjun Guo <guohanjun@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NChen Jun <chenjun102@huawei.com>
-
由 Hanjun Guo 提交于
hulk inclusion category: feature bugzilla: 46503 CVE: NA --------------------------- Adding flush_dcache_area() for module use, and export __flush_dcache_area() for that purpose. Signed-off-by: NHanjun Guo <guohanjun@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NChen Jun <chenjun102@huawei.com>
-
由 Xiangyu Lu 提交于
euler inclusion category: bugfix bugzilla: 46850 CVE: NA --------------------------------- Linux kernel allow to specify a single-user mode, or specify the init process by init parameter, which could bypass the login authentication mechanisms, direct access to root identify. Close init kernel boot parameters through CONFIG_SECURITY_BOOT_INIT. Signed-off-by: NXiangyu Lu <luxiangyu@huawei.com> Reviewed-by: NWang Kai <morgan.wang@huawei.com> Signed-off-by: NWeilong Chen <chenweilong@huawei.com> [hj: backport from hulk-3.10 for security enhancement] Signed-off-by: NHanjun Guo <hanjun.guo@linaro.org> Signed-off-by: Ngaobo <gaobo794@huawei.com> Reviewed-by: NJason Yan <yanaijie@huawei.com> Signed-off-by: Nzhangyi (F) <yi.zhang@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NChen Jun <chenjun102@huawei.com>
-
由 Xiongfeng Wang 提交于
euler inclusion category: bugfix bugzilla: 46851 CVE: NA ------------------------------------------------- The PCIe controller in some Hisilicon Chip is not completely ECAM-compliant. Part of its PCIe cores do not support ECAM. Signed-off-by: NXiongfeng Wang <wangxiongfeng2@huawei.com> Reviewed-by: NKefeng Wang <wangkefeng.wang@huawei.com> Signed-off-by: Nyangerkun <yangerkun@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NChen Jun <chenjun102@huawei.com>
-
由 yu kuai 提交于
euler inclusion category: feature bugzilla: 46858 CVE: NA --------------------------- Commit 214b35a353e7 ("fs/dirty_pages: fix kernel panic in concurrency mode") move initialization of buffer from proc_dpages_open() to seq_read_dirty(), and left a variable 'm' set but not used. Fixes: 214b35a353e7 ("fs/dirty_pages: fix kernel panic in concurrency mode") Signed-off-by: Nyu kuai <yukuai3@huawei.com> Reviewed-by: Nzhangyi (F) <yi.zhang@huawei.com> Signed-off-by: Nyangerkun <yangerkun@huawei.com> Signed-off-by: NDianfang Zhang <zhangdianfang@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NChen Jun <chenjun102@huawei.com>
-
由 yu kuai 提交于
euler inclusion category: bugfix bugzilla: 46858 CVE: NA --------------------------- The present code doesn't support concurrency mode, test it this way will cause kernel panic. The reason is that 'buff_used' didn't use any concurrent access mechanism. Fix the problem by following changes: 1. move the initialization of buffer from proc_dpages_open to seq_read_dirty. 2. use mutex for 'buff_used'. 3. before calling simple_read_from_buffer in seq_read_dirty, judge if the buffer changed since last read. If so, return -EFAULT. Signed-off-by: Nyu kuai <yukuai3@huawei.com> Signed-off-by: Nzhangyi (F) <yi.zhang@huawei.com> Signed-off-by: NDianfang Zhang <zhangdianfang@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NChen Jun <chenjun102@huawei.com>
-
由 yu kuai 提交于
euler inclusion category: bugfix bugzilla: 46858 CVE: NA --------------------------- Just code optimization to make the code better, no functional change. Signed-off-by: Nyu kuai <yukuai3@huawei.com> Reviewed-by: Nzhangyi (F) <yi.zhang@huawei.com> Signed-off-by: Nzhangyi (F) <yi.zhang@huawei.com> Signed-off-by: NDianfang Zhang <zhangdianfang@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NChen Jun <chenjun102@huawei.com>
-
由 yu kuai 提交于
euler inclusion category: bugfix bugzilla: 46858 CVE: NA --------------------------- In 'write_proc', if input from userspace is invlid, the 'buff_num' will be set to 0 with unfreed buffer. Fix it by setting 'buff_num' to 'old_buff_num'. Reported-by: Nsong jian <songjian15@huawei.com> Signed-off-by: Nyu kuai <yukuai3@huawei.com> Reviewed-by: Nzhangyi (F) <yi.zhang@huawei.com> Signed-off-by: Nzhangyi (F) <yi.zhang@huawei.com> Signed-off-by: NDianfang Zhang <zhangdianfang@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NChen Jun <chenjun102@huawei.com>
-
由 yu kuai 提交于
euler inclusion category: bugfix bugzilla: 46858 CVE: NA --------------------------- In write_proc and write_limit_proc, we alloccate 'msg' with 'PAGE_SIZE' bytes, which is defined as 4096. The problem is that if 'count' is 4096, the following code will cause index out of bounds: msg[count] = '\0' In order to fix the problem, we use kzalloc instead of kmalloc and delete the code above. 'buff_limit' is static int type, but 'temp' is log type in write_limit_proc. Thus if we input a value which is more than 'MAX_INT' (the max integer of int type), we can get a negative number for 'buff_limit'. For example: echo 2147483648 > /proc/dirty/page_threshold cat /proc/dirty/page_threshold -2147483648 Fix the problem by changing 'temp < 0' to 'tmp < 0 || temp > MAX_INT' Fixes: 3296069cbce1 ("fs/dirty_pages: dump the number of dirty pages for each inode") Reported-by: Nsong jian <songjian15@huawei.com> Signed-off-by: Nyu kuai <yukuai3@huawei.com> Reviewed-by: Nzhangyi (F) <yi.zhang@huawei.com> Signed-off-by: Nzhangyi (F) <yi.zhang@huawei.com> Signed-off-by: NDianfang Zhang <zhangdianfang@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NChen Jun <chenjun102@huawei.com>
-
由 yu kuai 提交于
euler inclusion category: feature bugzilla: 46858 CVE: NA --------------------------- In order to analysing the IO performance when using buffer IO, it's useful to obtain the number of dirty pages for a inode in the filesystem. This feather is migrated from redhat-7.2. It create 3 interfaces by using profs. /proc/dirty/buffer_size for buffer allocation and release; /proc/dirty/page_threshold to filter result; /proc/dirty/dirty_list to get dirty pages. Visit http://openeuler.huawei.com/bugzilla/show_bug.cgi?id=23941 for details about modifications and implementations. Signed-off-by: Nyu kuai <yukuai3@huawei.com> Reviewed-by: Nzhangyi (F) <yi.zhang@huawei.com> Signed-off-by: Nzhangyi (F) <yi.zhang@huawei.com> Signed-off-by: NDianfang Zhang <zhangdianfang@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NChen Jun <chenjun102@huawei.com>
-
由 Kefeng Wang 提交于
hulk inclusion category: bugfix bugzilla: 46856 CVE: NA --------------------------- The start_pfn and end_pfn are already available in move_freepages_block(), there is no need to go back and forth between page and pfn in move_freepages and move_freepages_block, and pfn_valid_within() should validate pfn first before touching the page. Signed-off-by: NKefeng Wang <wangkefeng.wang@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NChen Jun <chenjun102@huawei.com>
-
由 Yang Yingliang 提交于
hulk inclusion category: feature bugzilla: 46791 CVE: N/A ------------------------------------------------- Now MBIGEN can support to generate SPIs by writing GICD_SETSPIR. Add dt example to help document. Signed-off-by: NYang Yingliang <yangyingliang@huawei.com> Reviewed-by: NHanjun Guo <guohanjun@huawei.com> Signed-off-by: Nzhangyi (F) <yi.zhang@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NChen Jun <chenjun102@huawei.com>
-
由 Yang Yingliang 提交于
hulk inclusion category: feature bugzilla: 46791 CVE: N/A ------------------------------------------------- Now with 50528752 ("irqchip/gic-v3: Add support for Message Based Interrupts as an MSI controller"), we can support MBIGEN to generate message based SPIs by writing GICD_SETSPIR. The first 64-pins of each MBIGEN chip is used to generate SPIs, and each MBIGEN chip has several MBIGEN nodes, every node has 128 pins for generating LPIs. The total pins are: 64(SPIs) + 128 * node_nr(LPIs). So we can translate the pin index in a unified way in mbigen_domain_translate(). Also Add TYPE and VEC registers that used by generating SPIs, the driver can access them when MBIGEN is used to generate SPIs. Signed-off-by: NYang Yingliang <yangyingliang@huawei.com> Reviewed-by: NHanjun Guo <guohanjun@huawei.com> Signed-off-by: Nzhangyi (F) <yi.zhang@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NChen Jun <chenjun102@huawei.com>
-