- 14 2月, 2016 2 次提交
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound由 Linus Torvalds 提交于
Pull another sound fix from Takashi Iwai: "This contains a fix for the double-free of usb-audio MIDI device at probe failure" * tag 'sound-fix-4.5-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ALSA: usb-audio: avoid freeing umidi object twice
-
git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc由 Linus Torvalds 提交于
Pull ARC fixes from Vineet Gupta: "I've been sitting on some of these fixes for a while. - Corner case of returning to delay slot from interrupt - Changing default interrupt prioiry level - Kconfig'ize support for super pages - Other minor fixes" * tag 'arc-4.5-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc: ARC: mm: Introduce explicit super page size support ARCv2: intc: Allow interruption by lowest priority interrupt ARCv2: Check for LL-SC livelock only if LLSC is enabled ARC: shrink cpuinfo by not saving full timer BCR ARCv2: clocksource: Rename GRTC -> GFRC ... ARCv2: STAR 9000950267: Handle return from intr to Delay Slot #2
-
- 13 2月, 2016 11 次提交
-
-
由 Andrey Konovalov 提交于
The 'umidi' object will be free'd on the error path by snd_usbmidi_free() when tearing down the rawmidi interface. So we shouldn't try to free it in snd_usbmidi_create() after having registered the rawmidi interface. Found by KASAN. Signed-off-by: NAndrey Konovalov <andreyknvl@gmail.com> Acked-by: NClemens Ladisch <clemens@ladisch.de> Cc: <stable@vger.kernel.org> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci由 Linus Torvalds 提交于
Pull PCI fixes from Bjorn Helgaas: "These are some Renesas binding updates for PCI host controllers, a Broadcom fix for a regression we added in v4.5-rc1, and a fix for an AER use-after-free problem that can cause memory corruption. Summary: AER: Flush workqueue on device remove to avoid use-after-free (Sebastian Andrzej Siewior) Broadcom iProc host bridge driver: Allow multiple devices except on PAXC (Ray Jui) Renesas R-Car host bridge driver: Add gen2 device tree support for r8a7793 (Simon Horman) Add device tree support for r8a7793 (Simon Horman)" * tag 'pci-v4.5-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci: PCI: rcar: Add device tree support for r8a7793 PCI: rcar: Add gen2 device tree support for r8a7793 PCI: iproc: Allow multiple devices except on PAXC PCI/AER: Flush workqueue on device remove to avoid use-after-free
-
由 Linus Torvalds 提交于
Merge fixes from Andrew Morton: "10 fixes" The lockdep hlist conversion is in the locking tree too, waiting for the next merge window. Andrew thought it should go in now. I'll take it, since it fixes a real problem and looks trivially correct (famous last words). * emailed patches from Andrew Morton <akpm@linux-foundation.org>: arch/x86/Kconfig: CONFIG_X86_UV should depend on CONFIG_EFI mm: fix pfn_t vs highmem kernel/locking/lockdep.c: convert hash tables to hlists mm,thp: fix spellos in describing __HAVE_ARCH_FLUSH_PMD_TLB_RANGE mm,thp: khugepaged: call pte flush at the time of collapse mm/backing-dev.c: fix error path in wb_init() mm, dax: check for pmd_none() after split_huge_pmd() vsprintf: kptr_restrict is okay in IRQ when 2 mm: fix filemap.c kernel doc warning ubsan: cosmetic fix to Kconfig text
-
git://git.linaro.org/people/ulf.hansson/mmc由 Linus Torvalds 提交于
Pull MMC fixes from Ulf Hansson: "Here are some mmc fixes intended for v4.5 rc4. MMC core: - Fix an sysfs ABI regression - Return an error in a specific error path dealing with mmc ioctls MMC host: - sdhci-pci|acpi: Fix card detect race for Intel BXT/APL - sh_mmcif: Correct TX DMA channel allocation - mmc_spi: Fix error handling for dma mapping errors - sdhci-of-at91: Fix an unbalance issue for the runtime PM usage count - pxamci: Fix the device-tree probe deferral path - pxamci: Fix read-only GPIO polarity" * tag 'mmc-v4.5-rc2' of git://git.linaro.org/people/ulf.hansson/mmc: Revert "mmc: block: don't use parameter prefix if built as module" mmc: sdhci-acpi: Fix card detect race for Intel BXT/APL mmc: sdhci-pci: Fix card detect race for Intel BXT/APL mmc: sdhci: Allow override of get_cd() called from sdhci_request() mmc: sdhci: Allow override of mmc host operations mmc: sh_mmcif: Correct TX DMA channel allocation mmc: block: return error on failed mmc_blk_get() mmc: pxamci: fix the device-tree probe deferral path mmc: mmc_spi: add checks for dma mapping error mmc: sdhci-of-at91: fix pm runtime unbalanced issue in error path mmc: pxamci: fix again read-only gpio detection polarity
-
git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound由 Linus Torvalds 提交于
Pull sound fixes from Takashi Iwai: "In this rc, we've got more volume than previous rc, unsurprisingly; the majority of updates in ASoC are about Intel drivers, and another major changes are the continued plumbing of ALSA timer bugs revealed by syzkaller fuzzer. Hopefully both settle down now. Other than that, HD-audio received a couple of code fixes as well as the usual quirks, and various small fixes are found for FireWire devices, ASoC codecs and drivers" * tag 'sound-4.5-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (50 commits) ASoC: arizona: fref must be limited in pseudo-fractional mode ASoC: sigmadsp: Fix missleading return value ALSA: timer: Fix race at concurrent reads ALSA: firewire-digi00x: Drop bogus const type qualifier on dot_scrt() ALSA: hda - Fix bad dereference of jack object ALSA: timer: Fix race between stop and interrupt ALSA: timer: Fix wrong instance passed to slave callbacks ASoC: Intel: Add module tags for common match module ASoC: Intel: Load the atom DPCM driver only ASoC: Intel: Create independent acpi match module ASoC: Intel: Revert "ASoC: Intel: fix ACPI probe regression with Atom DPCM driver" ALSA: dummy: Implement timer backend switching more safely ALSA: hda - Fix speaker output from VAIO AiO machines Revert "ALSA: hda - Fix noise on Gigabyte Z170X mobo" ALSA: firewire-tascam: remove needless member for control and status message ALSA: firewire-tascam: remove a flag for controller ALSA: firewire-tascam: add support for FW-1804 ALSA: firewire-tascam: fix NULL pointer dereference when model identification fails ALSA: hda - Fix static checker warning in patch_hdmi.c ASoC: Intel: Skylake: Remove autosuspend delay ...
-
git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linux由 Linus Torvalds 提交于
Pull fbdev fixes from Tomi Valkeinen: - fix omap2plus_defconfig to enable omapfb as it was in v4.4 - ocfb: fix timings for margins - s6e8ax0, da8xx-fb: fix compile warnings - mmp: fix build failure caused by bad printk parameters - imxfb: fix clock issue which kept the display off * tag 'fbdev-fixes-4.5' of git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linux: video: fbdev: imxfb: Provide a reset mechanism fbdev: mmp: print IRQ resource using %pR format string fbdev: da8xx-fb: remove incorrect type cast fbdev: s6e8ax0: avoid unused function warnings ocfb: fix tgdel and tvdel timing parameters ARM: omap2plus_defconfig: update display configs
-
git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi由 Linus Torvalds 提交于
Pull SCSI fixes from James Bottomley: "A set of seven fixes: Two regressions in the new hisi_sas arm driver, a blacklist entry for the marvell console which was causing a reset cascade without it, a race fix in the WRITE_SAME/DISCARD routines, a retry fix for the rdac driver, without which, it would prematurely return EIO and a couple of fixes for the hyper-v storvsc driver" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: block/sd: Return -EREMOTEIO when WRITE SAME and DISCARD are disabled SCSI: Add Marvell Console to VPD blacklist scsi_dh_rdac: always retry MODE SELECT on command lock violation storvsc: Use the specified target ID in device lookup storvsc: Install the storvsc specific timeout handler for FC devices hisi_sas: fix v1 hw check for slot error hisi_sas: add dependency for HAS_IOMEM
-
git://people.freedesktop.org/~airlied/linux由 Linus Torvalds 提交于
Pull drm amd fixes from Dave Airlie: "Been pretty quiet. This is an amdgpu fixes pull from AMD, a bunch of powerplay stability fixes, race fix, hibernate fix, and a possible circular locking fix" * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: (21 commits) drm/amdgpu: fix issue with overlapping userptrs drm/radeon: hold reference to fences in radeon_sa_bo_new drm/amdgpu: remove unnecessary forward declaration drm/amdgpu: hold reference to fences in amdgpu_sa_bo_new (v2) drm/amdgpu: fix s4 resume drm/amdgpu/cz: plumb pg flags through to powerplay drm/amdgpu/tonga: plumb pg flags through to powerplay drma/dmgpu: move cg and pg flags into shared headers drm/amdgpu: remove unused cg defines drm/amdgpu: add a cgs interface to fetch cg and pg flags drm/amd/powerplay/tonga: disable vce pg drm/amd/powerplay/tonga: disable uvd pg drm/amd/powerplay/cz: disable vce pg drm/amd/powerplay/cz: disable uvd pg drm/amdgpu: be consistent with uvd cg flags drm/amdgpu: clean up vce pg flags for cz/st drm/amdgpu: handle vce pg flags properly drm/amdgpu: handle uvd pg flags properly drm/amdgpu/dpm/ci: switch over to the common pcie caps interface drm/amdgpu/cik: don't mess with aspm if gpu is root bus ...
-
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security由 Linus Torvalds 提交于
Pull crypto fix from James Morris. * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: EVM: Use crypto_memneq() for digest comparisons
-
git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs由 Linus Torvalds 提交于
Pull btrfs fixes from Chris Mason: "This has a few fixes from Filipe, along with a readdir fix from Dave that we've been testing for some time" * 'for-linus-4.5' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs: btrfs: properly set the termination value of ctx->pos in readdir Btrfs: fix hang on extent buffer lock caused by the inode_paths ioctl Btrfs: remove no longer used function extent_read_full_page_nolock() Btrfs: fix page reading in extent_same ioctl leading to csum errors Btrfs: fix invalid page accesses in extent_same (dedup) ioctl
-
git://git.kernel.org/pub/scm/linux/kernel/git/dgc/linux-xfs由 Linus Torvalds 提交于
Pull xfs fix from Dve Chinner: "This contains a fix for an endian conversion issue in new CRC validation in log recovery that was discovered on a ppc64 platform" * tag 'xfs-fixes-for-linus-4.5' of git://git.kernel.org/pub/scm/linux/kernel/git/dgc/linux-xfs: xfs: fix endianness error when checking log block crc on big endian platforms
-
- 12 2月, 2016 16 次提交
-
-
由 Takashi Iwai 提交于
Merge tag 'asoc-fix-v4.5-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus ASoC: Fixes for v4.5 A rather large batch of fixes here, almost all in the Intel driver. The changes that got merged in this merge window for Skylake were rather large and as well as issues that you'd expect in a large block of new code there were some problems created for older processors which needed fixing up. Things are largely settling down now hopefully.
-
由 Ryan Ware 提交于
This patch fixes vulnerability CVE-2016-2085. The problem exists because the vm_verify_hmac() function includes a use of memcmp(). Unfortunately, this allows timing side channel attacks; specifically a MAC forgery complexity drop from 2^128 to 2^12. This patch changes the memcmp() to the cryptographically safe crypto_memneq(). Reported-by: NXiaofei Rex Guo <xiaofei.rex.guo@intel.com> Signed-off-by: NRyan Ware <ware@linux.intel.com> Cc: stable@vger.kernel.org Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: NJames Morris <james.l.morris@oracle.com>
-
由 Vineet Gupta 提交于
MMUv4 supports 2 concurrent page sizes: Normal and Super [4K to 16M] So far Linux supported a single super page size for a given Normal page, depending on the software page walking address split. e.g. we had 11:8:13 address split for 8K page, which meant super page was 2 ^(8+13) = 2M (given that THP size has to be PMD_SHIFT) Now we turn this around, by allowing multiple Super Pages in Kconfig (currently 2M and 16M only) and forcing page walker address split to PGDIR_SHIFT and PAGE_SHIFT For configs without Super page, things are same as before and PGDIR_SHIFT can be hacked to get non default address split The motivation for this change is a customer who needs 16M super page and a 8K Normal page combo. Signed-off-by: NVineet Gupta <vgupta@synopsys.com>
-
由 Andrew Morton 提交于
arch/x86/built-in.o: In function `uv_bios_call': (.text+0xeba00): undefined reference to `efi_call' Reported-by: Nkbuild test robot <fengguang.wu@intel.com> Suggested-by: N"H. Peter Anvin" <hpa@zytor.com> Cc: Ingo Molnar <mingo@elte.hu> Reviewed-by: NMatt Fleming <matt@codeblueprint.co.uk> Acked-by: NAlex Thorlton <athorlton@sgi.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Dan Williams 提交于
The pfn_t type uses an unsigned long to store a pfn + flags value. On a 64-bit platform the upper 12 bits of an unsigned long are never used for storing the value of a pfn. However, this is not true on highmem platforms, all 32-bits of a pfn value are used to address a 44-bit physical address space. A pfn_t needs to store a 64-bit value. Link: https://bugzilla.kernel.org/show_bug.cgi?id=112211 Fixes: 01c8f1c4 ("mm, dax, gpu: convert vm_insert_mixed to pfn_t") Signed-off-by: NDan Williams <dan.j.williams@intel.com> Reported-by: NStuart Foster <smf.linux@ntlworld.com> Reported-by: NJulian Margetson <runaway@candw.ms> Tested-by: NJulian Margetson <runaway@candw.ms> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Andrew Morton 提交于
Mike said: : CONFIG_UBSAN_ALIGNMENT breaks x86-64 kernel with lockdep enabled, i. e : kernel with CONFIG_UBSAN_ALIGNMENT fails to load without even any error : message. : : The problem is that ubsan callbacks use spinlocks and might be called : before lockdep is initialized. Particularly this line in the : reserve_ebda_region function causes problem: : : lowmem = *(unsigned short *)__va(BIOS_LOWMEM_KILOBYTES); : : If i put lockdep_init() before reserve_ebda_region call in : x86_64_start_reservations kernel loads well. Fix this ordering issue permanently: change lockdep so that it uses hlists for the hash tables. Unlike a list_head, an hlist_head is in its initialized state when it is all-zeroes, so lockdep is ready for operation immediately upon boot - lockdep_init() need not have run. The patch will also save some memory. lockdep_init() and lockdep_initialized can be done away with now - a 4.6 patch has been prepared to do this. Reported-by: NMike Krinkin <krinkin.m.u@gmail.com> Suggested-by: NMike Krinkin <krinkin.m.u@gmail.com> Cc: Andrey Ryabinin <aryabinin@virtuozzo.com> Cc: Ingo Molnar <mingo@elte.hu> Cc: Peter Zijlstra <peterz@infradead.org> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Vineet Gupta 提交于
[akpm@linux-foundation.org: s/threshhold/threshold/] Signed-off-by: NVineet Gupta <vgupta@synopsys.com> Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Cc: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> Cc: Andrea Arcangeli <aarcange@redhat.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Vineet Gupta 提交于
This showed up on ARC when running LMBench bw_mem tests as Overlapping TLB Machine Check Exception triggered due to STLB entry (2M pages) overlapping some NTLB entry (regular 8K page). bw_mem 2m touches a large chunk of vaddr creating NTLB entries. In the interim khugepaged kicks in, collapsing the contiguous ptes into a single pmd. pmdp_collapse_flush()->flush_pmd_tlb_range() is called to flush out NTLB entries for the ptes. This for ARC (by design) can only shootdown STLB entries (for pmd). The stray NTLB entries cause the overlap with the subsequent STLB entry for collapsed page. So make pmdp_collapse_flush() call pte flush interface not pmd flush. Note that originally all thp flush call sites in generic code called flush_tlb_range() leaving it to architecture to implement the flush for pte and/or pmd. Commit 12ebc158 changed this by calling a new opt-in API flush_pmd_tlb_range() which made the semantics more explicit but failed to distinguish the pte vs pmd flush in generic code, which is what this patch fixes. Note that ARC can fixed w/o touching the generic pmdp_collapse_flush() by defining a ARC version, but that defeats the purpose of generic version, plus sementically this is the right thing to do. Fixes STAR 9000961194: LMBench on AXS103 triggering duplicate TLB exceptions with super pages Fixes: 12ebc158 ("mm,thp: introduce flush_pmd_tlb_range") Signed-off-by: NVineet Gupta <vgupta@synopsys.com> Reviewed-by: NAneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> Acked-by: NKirill A. Shutemov <kirill.shutemov@linux.intel.com> Cc: Andrea Arcangeli <aarcange@redhat.com> Cc: <stable@vger.kernel.org> [4.4] Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Rasmus Villemoes 提交于
We need to use post-decrement to get percpu_counter_destroy() called on &wb->stat[0]. Moreover, the pre-decremebt would cause infinite out-of-bounds accesses if the setup code failed at i==0. Signed-off-by: NRasmus Villemoes <linux@rasmusvillemoes.dk> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Michal Hocko <mhocko@suse.com> Cc: Vladimir Davydov <vdavydov@virtuozzo.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Kirill A. Shutemov 提交于
DAX implements split_huge_pmd() by clearing pmd. This simple approach reduces memory overhead, as we don't need to deposit page table on huge page mapping to make split_huge_pmd() never-fail. PTE table can be allocated and populated later on page fault from backing store. But one side effect is that have to check if pmd is pmd_none() after split_huge_pmd(). In most places we do this already to deal with parallel MADV_DONTNEED. But I found two call sites which is not affected by MADV_DONTNEED (due down_write(mmap_sem)), but need to have the check to work with DAX properly. Signed-off-by: NKirill A. Shutemov <kirill.shutemov@linux.intel.com> Cc: Dan Williams <dan.j.williams@intel.com> Cc: Matthew Wilcox <willy@linux.intel.com> Cc: Andrea Arcangeli <aarcange@redhat.com> Cc: Ross Zwisler <ross.zwisler@linux.intel.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Jason A. Donenfeld 提交于
The kptr_restrict flag, when set to 1, only prints the kernel address when the user has CAP_SYSLOG. When it is set to 2, the kernel address is always printed as zero. When set to 1, this needs to check whether or not we're in IRQ. However, when set to 2, this check is unneccessary, and produces confusing results in dmesg. Thus, only make sure we're not in IRQ when mode 1 is used, but not mode 2. [akpm@linux-foundation.org: coding-style fixes] Signed-off-by: NJason A. Donenfeld <Jason@zx2c4.com> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk> Cc: Kees Cook <keescook@chromium.org> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Randy Dunlap 提交于
Add missing kernel-doc notation for function parameter 'gfp_mask' to fix kernel-doc warning. mm/filemap.c:1898: warning: No description found for parameter 'gfp_mask' Signed-off-by: NRandy Dunlap <rdunlap@infradead.org> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Yang Shi 提交于
When enabling UBSAN_SANITIZE_ALL, the kernel image size gets increased significantly (~3x). So, it sounds better to have some note in Kconfig. And, fixed a typo. Signed-off-by: NYang Shi <yang.shi@linaro.org> Acked-by: NAndrey Ryabinin <aryabinin@virtuozzo.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio由 Linus Torvalds 提交于
Pull GPIO fixes from Linus Walleij: - Probe errorpath fix for the Altera - irqchip ofnode pointer added to the DaVinci driver - controller instance number correction for DaVinci * tag 'gpio-v4.5-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio: gpio: davinci: Fix the number of controllers allocated gpio: davinci: Add the missing of-node pointer gpio: gpio-altera: Remove gpiochip on probe failure.
-
由 Linus Torvalds 提交于
Merge tag 'platform-drivers-x86-v4.5-3' of git://git.infradead.org/users/dvhart/linux-platform-drivers-x86 Pull x86 platform driver fixes from Darren Hart: "Just two small fixes for the 4.5-rc cycle: intel_scu_ipcutil: - underflow in scu_reg_access() intel-hid: - fix incorrect entries in intel_hid_keymap" * tag 'platform-drivers-x86-v4.5-3' of git://git.infradead.org/users/dvhart/linux-platform-drivers-x86: intel_scu_ipcutil: underflow in scu_reg_access() intel-hid: fix incorrect entries in intel_hid_keymap
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/net由 Linus Torvalds 提交于
Pull networking fixes from David Miller: 1) Fix BPF handling of branch offset adjustmnets on backjumps, from Daniel Borkmann. 2) Make sure selinux knows about SOCK_DESTROY netlink messages, from Lorenzo Colitti. 3) Fix openvswitch tunnel mtu regression, from David Wragg. 4) Fix ICMP handling of TCP sockets in syn_recv state, from Eric Dumazet. 5) Fix SCTP user hmacid byte ordering bug, from Xin Long. 6) Fix recursive locking in ipv6 addrconf, from Subash Abhinov Kasiviswanathan. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: bpf: fix branch offset adjustment on backjumps after patching ctx expansion vxlan, gre, geneve: Set a large MTU on ovs-created tunnel devices geneve: Relax MTU constraints vxlan: Relax MTU constraints flow_dissector: Fix unaligned access in __skb_flow_dissector when used by eth_get_headlen of: of_mdio: Add marvell, 88e1145 to whitelist of PHY compatibilities. selinux: nlmsgtab: add SOCK_DESTROY to the netlink mapping tables sctp: translate network order to host order when users get a hmacid enic: increment devcmd2 result ring in case of timeout tg3: Fix for tg3 transmit queue 0 timed out when too many gso_segs net:Add sysctl_max_skb_frags tcp: do not drop syn_recv on all icmp reports ipv6: fix a lockdep splat unix: correctly track in-flight fds in sending process user_struct update be2net maintainers' email addresses dwc_eth_qos: Reset hardware before PHY start ipv6: addrconf: Fix recursive spin lock call
-
- 11 2月, 2016 11 次提交
-
-
由 Ulf Hansson 提交于
This reverts commit 829b6962. Revert this change as it causes a sysfs path to change and therefore introduces and ABI regression. More precisely Android's vold is not being able to access /sys/module/mmcblk/parameters/perdev_minors any more, since the path becomes changed to: "/sys/module/mmc_block/..." Fixes: 829b6962 ("mmc: block: don't use parameter prefix if built as module") Reported-by: NJohn Stultz <john.stultz@linaro.org> Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by: NUlf Hansson <ulf.hansson@linaro.org>
-
由 David Sterba 提交于
The value of ctx->pos in the last readdir call is supposed to be set to INT_MAX due to 32bit compatibility, unless 'pos' is intentially set to a larger value, then it's LLONG_MAX. There's a report from PaX SIZE_OVERFLOW plugin that "ctx->pos++" overflows (https://forums.grsecurity.net/viewtopic.php?f=1&t=4284), on a 64bit arch, where the value is 0x7fffffffffffffff ie. LLONG_MAX before the increment. We can get to that situation like that: * emit all regular readdir entries * still in the same call to readdir, bump the last pos to INT_MAX * next call to readdir will not emit any entries, but will reach the bump code again, finds pos to be INT_MAX and sets it to LLONG_MAX Normally this is not a problem, but if we call readdir again, we'll find 'pos' set to LLONG_MAX and the unconditional increment will overflow. The report from Victor at (http://thread.gmane.org/gmane.comp.file-systems.btrfs/49500) with debugging print shows that pattern: Overflow: e Overflow: 7fffffff Overflow: 7fffffffffffffff PAX: size overflow detected in function btrfs_real_readdir fs/btrfs/inode.c:5760 cicus.935_282 max, count: 9, decl: pos; num: 0; context: dir_context; CPU: 0 PID: 2630 Comm: polkitd Not tainted 4.2.3-grsec #1 Hardware name: Gigabyte Technology Co., Ltd. H81ND2H/H81ND2H, BIOS F3 08/11/2015 ffffffff81901608 0000000000000000 ffffffff819015e6 ffffc90004973d48 ffffffff81742f0f 0000000000000007 ffffffff81901608 ffffc90004973d78 ffffffff811cb706 0000000000000000 ffff8800d47359e0 ffffc90004973ed8 Call Trace: [<ffffffff81742f0f>] dump_stack+0x4c/0x7f [<ffffffff811cb706>] report_size_overflow+0x36/0x40 [<ffffffff812ef0bc>] btrfs_real_readdir+0x69c/0x6d0 [<ffffffff811dafc8>] iterate_dir+0xa8/0x150 [<ffffffff811e6d8d>] ? __fget_light+0x2d/0x70 [<ffffffff811dba3a>] SyS_getdents+0xba/0x1c0 Overflow: 1a [<ffffffff811db070>] ? iterate_dir+0x150/0x150 [<ffffffff81749b69>] entry_SYSCALL_64_fastpath+0x12/0x83 The jump from 7fffffff to 7fffffffffffffff happens when new dir entries are not yet synced and are processed from the delayed list. Then the code could go to the bump section again even though it might not emit any new dir entries from the delayed list. The fix avoids entering the "bump" section again once we've finished emitting the entries, both for synced and delayed entries. References: https://forums.grsecurity.net/viewtopic.php?f=1&t=4284Reported-by: NVictor <services@swwu.com> CC: stable@vger.kernel.org Signed-off-by: NDavid Sterba <dsterba@suse.com> Tested-by: NHolger Hoffstätte <holger.hoffstaette@googlemail.com> Signed-off-by: NChris Mason <clm@fb.com>
-
由 Adrian Hunter 提交于
Intel BXT/APL use a card detect GPIO however the host controller will not enable bus power unless it's card detect also reflects the presence of a card. Unfortunately those 2 things race which can result in commands not starting, after which the controller does nothing and there is a 10 second wait for the driver's 10-second timer to timeout. That is fixed by having the driver look also at the present state register to determine if the card is present. Consequently, provide a 'get_cd' mmc host operation for BXT/APL that does that. Signed-off-by: NAdrian Hunter <adrian.hunter@intel.com> Cc: stable@vger.kernel.org # v4.4+ Signed-off-by: NUlf Hansson <ulf.hansson@linaro.org>
-
由 Adrian Hunter 提交于
Intel BXT/APL use a card detect GPIO however the host controller will not enable bus power unless it's card detect also reflects the presence of a card. Unfortunately those 2 things race which can result in commands not starting, after which the controller does nothing and there is a 10 second wait for the driver's 10-second timer to timeout. That is fixed by having the driver look also at the present state register to determine if the card is present. Consequently, provide a 'get_cd' mmc host operation for BXT/APL that does that. Signed-off-by: NAdrian Hunter <adrian.hunter@intel.com> Cc: stable@vger.kernel.org # v4.4+ Signed-off-by: NUlf Hansson <ulf.hansson@linaro.org>
-
由 Adrian Hunter 提交于
Drivers may need to provide their own get_cd() mmc host op, but currently the internals of the current op (sdhci_get_cd()) are provided by sdhci_do_get_cd() which is also called from sdhci_request(). To allow override of the get_cd functionality, change sdhci_request() to call ->get_cd() instead of sdhci_do_get_cd(). Note, in the future the call to ->get_cd() will likely be removed from sdhci_request() since most drivers don't need actually it. However this change is being done now to facilitate a subsequent bug fix. Signed-off-by: NAdrian Hunter <adrian.hunter@intel.com> Cc: stable@vger.kernel.org # v4.4+ Signed-off-by: NUlf Hansson <ulf.hansson@linaro.org>
-
由 Adrian Hunter 提交于
In the past, fixes for specific hardware devices were implemented in sdhci using quirks. That approach is no longer accepted because the growing number of quirks was starting to make the code difficult to understand and maintain. One alternative to quirks, is to allow drivers to override the default mmc host operations. This patch makes it easy to do that, and it is needed for a subsequent bug fix, for which separate patches are provided. Signed-off-by: NAdrian Hunter <adrian.hunter@intel.com> Cc: stable@vger.kernel.org # v4.4+ Signed-off-by: NUlf Hansson <ulf.hansson@linaro.org>
-
由 Chris Mason 提交于
Merge branch 'integration-4.5' of git://git.kernel.org/pub/scm/linux/kernel/git/fdmanana/linux into for-linus-4.5
-
git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma由 Linus Torvalds 提交于
Pull rdma fixes from Doug Ledford: "A few more minor fixes for rc3: - One fix to ipoib - One fix to core sysfs code - Four patches that resolve an oops found in testing of ocrdma and a couple other ocrdma issues" * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma: RDMA/ocrdma: Fixing ocrdma debugfs directory remove RDMA/ocrdma: Fix pkey_index returned by driver in rq work completion RDMA/ocrdma: populate max_sge_rd in device attributes RDMA/ocrdma: Initialize stats resources in the driver before ib device registration. IB/sysfs: remove unused va_list args IB/IPoIB: Do not set skb truesize since using one linearskb
-
git://people.freedesktop.org/~agd5f/linux由 Dave Airlie 提交于
radeon and amdgpu fixes for 4.5. Highlights: - powerplay fixes for amdgpu - race fixes in the sub-allocator in radeon and amdgpu - hibernate fix for amdgpu - fix a possible circular locking in userptr handling in amdgpu * 'drm-fixes-4.5' of git://people.freedesktop.org/~agd5f/linux: (21 commits) drm/amdgpu: fix issue with overlapping userptrs drm/radeon: hold reference to fences in radeon_sa_bo_new drm/amdgpu: remove unnecessary forward declaration drm/amdgpu: hold reference to fences in amdgpu_sa_bo_new (v2) drm/amdgpu: fix s4 resume drm/amdgpu/cz: plumb pg flags through to powerplay drm/amdgpu/tonga: plumb pg flags through to powerplay drma/dmgpu: move cg and pg flags into shared headers drm/amdgpu: remove unused cg defines drm/amdgpu: add a cgs interface to fetch cg and pg flags drm/amd/powerplay/tonga: disable vce pg drm/amd/powerplay/tonga: disable uvd pg drm/amd/powerplay/cz: disable vce pg drm/amd/powerplay/cz: disable uvd pg drm/amdgpu: be consistent with uvd cg flags drm/amdgpu: clean up vce pg flags for cz/st drm/amdgpu: handle vce pg flags properly drm/amdgpu: handle uvd pg flags properly drm/amdgpu/dpm/ci: switch over to the common pcie caps interface drm/amdgpu/cik: don't mess with aspm if gpu is root bus ...
-
由 Daniel Borkmann 提交于
When ctx access is used, the kernel often needs to expand/rewrite instructions, so after that patching, branch offsets have to be adjusted for both forward and backward jumps in the new eBPF program, but for backward jumps it fails to account the delta. Meaning, for example, if the expansion happens exactly on the insn that sits at the jump target, it doesn't fix up the back jump offset. Analysis on what the check in adjust_branches() is currently doing: /* adjust offset of jmps if necessary */ if (i < pos && i + insn->off + 1 > pos) insn->off += delta; else if (i > pos && i + insn->off + 1 < pos) insn->off -= delta; First condition (forward jumps): Before: After: insns[0] insns[0] insns[1] <--- i/insn insns[1] <--- i/insn insns[2] <--- pos insns[P] <--- pos insns[3] insns[P] `------| delta insns[4] <--- target_X insns[P] `-----| insns[5] insns[3] insns[4] <--- target_X insns[5] First case is if we cross pos-boundary and the jump instruction was before pos. This is handeled correctly. I.e. if i == pos, then this would mean our jump that we currently check was the patchlet itself that we just injected. Since such patchlets are self-contained and have no awareness of any insns before or after the patched one, the delta is correctly not adjusted. Also, for the second condition in case of i + insn->off + 1 == pos, means we jump to that newly patched instruction, so no offset adjustment are needed. That part is correct. Second condition (backward jumps): Before: After: insns[0] insns[0] insns[1] <--- target_X insns[1] <--- target_X insns[2] <--- pos <-- target_Y insns[P] <--- pos <-- target_Y insns[3] insns[P] `------| delta insns[4] <--- i/insn insns[P] `-----| insns[5] insns[3] insns[4] <--- i/insn insns[5] Second interesting case is where we cross pos-boundary and the jump instruction was after pos. Backward jump with i == pos would be impossible and pose a bug somewhere in the patchlet, so the first condition checking i > pos is okay only by itself. However, i + insn->off + 1 < pos does not always work as intended to trigger the adjustment. It works when jump targets would be far off where the delta wouldn't matter. But, for example, where the fixed insn->off before pointed to pos (target_Y), it now points to pos + delta, so that additional room needs to be taken into account for the check. This means that i) both tests here need to be adjusted into pos + delta, and ii) for the second condition, the test needs to be <= as pos itself can be a target in the backjump, too. Fixes: 9bac3d6d ("bpf: allow extended BPF programs access skb fields") Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input由 Linus Torvalds 提交于
Pull input updates from Dmitry Torokhov: "Just small driver fixups" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: Input: colibri-vf50-ts - add missing #include <linux/of.h> Input: adp5589 - fix row 5 handling for adp5589 Input: edt-ft5x06 - fix setting gain, offset, and threshold via device tree Input: vmmouse - fix absolute device registration Input: serio - drop warnings in case of EPROBE_DEFER from serio_find_driver() Input: cap11xx - add missing of_node_put Input: sirfsoc-onkey - allow modular build Input: xpad - remove unused function
-