1. 14 2月, 2016 2 次提交
  2. 13 2月, 2016 11 次提交
    • A
      ALSA: usb-audio: avoid freeing umidi object twice · 07d86ca9
      Andrey Konovalov 提交于
      The 'umidi' object will be free'd on the error path by snd_usbmidi_free()
      when tearing down the rawmidi interface. So we shouldn't try to free it
      in snd_usbmidi_create() after having registered the rawmidi interface.
      
      Found by KASAN.
      Signed-off-by: NAndrey Konovalov <andreyknvl@gmail.com>
      Acked-by: NClemens Ladisch <clemens@ladisch.de>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NTakashi Iwai <tiwai@suse.de>
      07d86ca9
    • L
      Merge tag 'pci-v4.5-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci · 0cbb0b92
      Linus Torvalds 提交于
      Pull PCI fixes from Bjorn Helgaas:
       "These are some Renesas binding updates for PCI host controllers, a
        Broadcom fix for a regression we added in v4.5-rc1, and a fix for an
        AER use-after-free problem that can cause memory corruption.
      
        Summary:
      
        AER:
          Flush workqueue on device remove to avoid use-after-free (Sebastian Andrzej Siewior)
      
        Broadcom iProc host bridge driver:
          Allow multiple devices except on PAXC (Ray Jui)
      
        Renesas R-Car host bridge driver:
          Add gen2 device tree support for r8a7793 (Simon Horman)
          Add device tree support for r8a7793 (Simon Horman)"
      
      * tag 'pci-v4.5-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
        PCI: rcar: Add device tree support for r8a7793
        PCI: rcar: Add gen2 device tree support for r8a7793
        PCI: iproc: Allow multiple devices except on PAXC
        PCI/AER: Flush workqueue on device remove to avoid use-after-free
      0cbb0b92
    • L
      Merge branch 'akpm'(patches from Andrew) · 29f1bf34
      Linus Torvalds 提交于
      Merge fixes from Andrew Morton:
       "10 fixes"
      
      The lockdep hlist conversion is in the locking tree too, waiting for the
      next merge window.  Andrew thought it should go in now.  I'll take it,
      since it fixes a real problem and looks trivially correct (famous last
      words).
      
      * emailed patches from Andrew Morton <akpm@linux-foundation.org>:
        arch/x86/Kconfig: CONFIG_X86_UV should depend on CONFIG_EFI
        mm: fix pfn_t vs highmem
        kernel/locking/lockdep.c: convert hash tables to hlists
        mm,thp: fix spellos in describing __HAVE_ARCH_FLUSH_PMD_TLB_RANGE
        mm,thp: khugepaged: call pte flush at the time of collapse
        mm/backing-dev.c: fix error path in wb_init()
        mm, dax: check for pmd_none() after split_huge_pmd()
        vsprintf: kptr_restrict is okay in IRQ when 2
        mm: fix filemap.c kernel doc warning
        ubsan: cosmetic fix to Kconfig text
      29f1bf34
    • L
      Merge tag 'mmc-v4.5-rc2' of git://git.linaro.org/people/ulf.hansson/mmc · 5952cc77
      Linus Torvalds 提交于
      Pull MMC fixes from Ulf Hansson:
       "Here are some mmc fixes intended for v4.5 rc4.
      
        MMC core:
         - Fix an sysfs ABI regression
         - Return an error in a specific error path dealing with mmc ioctls
      
        MMC host:
         - sdhci-pci|acpi: Fix card detect race for Intel BXT/APL
         - sh_mmcif: Correct TX DMA channel allocation
         - mmc_spi: Fix error handling for dma mapping errors
         - sdhci-of-at91: Fix an unbalance issue for the runtime PM usage count
         - pxamci: Fix the device-tree probe deferral path
         - pxamci: Fix read-only GPIO polarity"
      
      * tag 'mmc-v4.5-rc2' of git://git.linaro.org/people/ulf.hansson/mmc:
        Revert "mmc: block: don't use parameter prefix if built as module"
        mmc: sdhci-acpi: Fix card detect race for Intel BXT/APL
        mmc: sdhci-pci: Fix card detect race for Intel BXT/APL
        mmc: sdhci: Allow override of get_cd() called from sdhci_request()
        mmc: sdhci: Allow override of mmc host operations
        mmc: sh_mmcif: Correct TX DMA channel allocation
        mmc: block: return error on failed mmc_blk_get()
        mmc: pxamci: fix the device-tree probe deferral path
        mmc: mmc_spi: add checks for dma mapping error
        mmc: sdhci-of-at91: fix pm runtime unbalanced issue in error path
        mmc: pxamci: fix again read-only gpio detection polarity
      5952cc77
    • L
      Merge tag 'sound-4.5-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · 0df34ad9
      Linus Torvalds 提交于
      Pull sound fixes from Takashi Iwai:
       "In this rc, we've got more volume than previous rc, unsurprisingly;
        the majority of updates in ASoC are about Intel drivers, and another
        major changes are the continued plumbing of ALSA timer bugs revealed
        by syzkaller fuzzer.  Hopefully both settle down now.
      
        Other than that, HD-audio received a couple of code fixes as well as
        the usual quirks, and various small fixes are found for FireWire
        devices, ASoC codecs and drivers"
      
      * tag 'sound-4.5-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (50 commits)
        ASoC: arizona: fref must be limited in pseudo-fractional mode
        ASoC: sigmadsp: Fix missleading return value
        ALSA: timer: Fix race at concurrent reads
        ALSA: firewire-digi00x: Drop bogus const type qualifier on dot_scrt()
        ALSA: hda - Fix bad dereference of jack object
        ALSA: timer: Fix race between stop and interrupt
        ALSA: timer: Fix wrong instance passed to slave callbacks
        ASoC: Intel: Add module tags for common match module
        ASoC: Intel: Load the atom DPCM driver only
        ASoC: Intel: Create independent acpi match module
        ASoC: Intel: Revert "ASoC: Intel: fix ACPI probe regression with Atom DPCM driver"
        ALSA: dummy: Implement timer backend switching more safely
        ALSA: hda - Fix speaker output from VAIO AiO machines
        Revert "ALSA: hda - Fix noise on Gigabyte Z170X mobo"
        ALSA: firewire-tascam: remove needless member for control and status message
        ALSA: firewire-tascam: remove a flag for controller
        ALSA: firewire-tascam: add support for FW-1804
        ALSA: firewire-tascam: fix NULL pointer dereference when model identification fails
        ALSA: hda - Fix static checker warning in patch_hdmi.c
        ASoC: Intel: Skylake: Remove autosuspend delay
        ...
      0df34ad9
    • L
      Merge tag 'fbdev-fixes-4.5' of git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linux · 14379cdc
      Linus Torvalds 提交于
      Pull fbdev fixes from Tomi Valkeinen:
       - fix omap2plus_defconfig to enable omapfb as it was in v4.4
       - ocfb: fix timings for margins
       - s6e8ax0, da8xx-fb: fix compile warnings
       - mmp: fix build failure caused by bad printk parameters
       - imxfb: fix clock issue which kept the display off
      
      * tag 'fbdev-fixes-4.5' of git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linux:
        video: fbdev: imxfb: Provide a reset mechanism
        fbdev: mmp: print IRQ resource using %pR format string
        fbdev: da8xx-fb: remove incorrect type cast
        fbdev: s6e8ax0: avoid unused function warnings
        ocfb: fix tgdel and tvdel timing parameters
        ARM: omap2plus_defconfig: update display configs
      14379cdc
    • L
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · 4c05121e
      Linus Torvalds 提交于
      Pull SCSI fixes from James Bottomley:
       "A set of seven fixes:
      
        Two regressions in the new hisi_sas arm driver, a blacklist entry for
        the marvell console which was causing a reset cascade without it, a
        race fix in the WRITE_SAME/DISCARD routines, a retry fix for the rdac
        driver, without which, it would prematurely return EIO and a couple of
        fixes for the hyper-v storvsc driver"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        block/sd: Return -EREMOTEIO when WRITE SAME and DISCARD are disabled
        SCSI: Add Marvell Console to VPD blacklist
        scsi_dh_rdac: always retry MODE SELECT on command lock violation
        storvsc: Use the specified target ID in device lookup
        storvsc: Install the storvsc specific timeout handler for FC devices
        hisi_sas: fix v1 hw check for slot error
        hisi_sas: add dependency for HAS_IOMEM
      4c05121e
    • L
      Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux · c747f97c
      Linus Torvalds 提交于
      Pull drm amd fixes from Dave Airlie:
       "Been pretty quiet.
      
        This is an amdgpu fixes pull from AMD, a bunch of powerplay stability
        fixes, race fix, hibernate fix, and a possible circular locking fix"
      
      * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: (21 commits)
        drm/amdgpu: fix issue with overlapping userptrs
        drm/radeon: hold reference to fences in radeon_sa_bo_new
        drm/amdgpu: remove unnecessary forward declaration
        drm/amdgpu: hold reference to fences in amdgpu_sa_bo_new (v2)
        drm/amdgpu: fix s4 resume
        drm/amdgpu/cz: plumb pg flags through to powerplay
        drm/amdgpu/tonga: plumb pg flags through to powerplay
        drma/dmgpu: move cg and pg flags into shared headers
        drm/amdgpu: remove unused cg defines
        drm/amdgpu: add a cgs interface to fetch cg and pg flags
        drm/amd/powerplay/tonga: disable vce pg
        drm/amd/powerplay/tonga: disable uvd pg
        drm/amd/powerplay/cz: disable vce pg
        drm/amd/powerplay/cz: disable uvd pg
        drm/amdgpu: be consistent with uvd cg flags
        drm/amdgpu: clean up vce pg flags for cz/st
        drm/amdgpu: handle vce pg flags properly
        drm/amdgpu: handle uvd pg flags properly
        drm/amdgpu/dpm/ci: switch over to the common pcie caps interface
        drm/amdgpu/cik: don't mess with aspm if gpu is root bus
        ...
      c747f97c
    • L
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security · df8c2723
      Linus Torvalds 提交于
      Pull crypto fix from James Morris.
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
        EVM: Use crypto_memneq() for digest comparisons
      df8c2723
    • L
      Merge branch 'for-linus-4.5' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs · 27c9d772
      Linus Torvalds 提交于
      Pull btrfs fixes from Chris Mason:
       "This has a few fixes from Filipe, along with a readdir fix from Dave
        that we've been testing for some time"
      
      * 'for-linus-4.5' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs:
        btrfs: properly set the termination value of ctx->pos in readdir
        Btrfs: fix hang on extent buffer lock caused by the inode_paths ioctl
        Btrfs: remove no longer used function extent_read_full_page_nolock()
        Btrfs: fix page reading in extent_same ioctl leading to csum errors
        Btrfs: fix invalid page accesses in extent_same (dedup) ioctl
      27c9d772
    • L
      Merge tag 'xfs-fixes-for-linus-4.5' of git://git.kernel.org/pub/scm/linux/kernel/git/dgc/linux-xfs · dfc85286
      Linus Torvalds 提交于
      Pull xfs fix from Dve Chinner:
       "This contains a fix for an endian conversion issue in new CRC
        validation in log recovery that was discovered on a ppc64 platform"
      
      * tag 'xfs-fixes-for-linus-4.5' of git://git.kernel.org/pub/scm/linux/kernel/git/dgc/linux-xfs:
        xfs: fix endianness error when checking log block crc on big endian platforms
      dfc85286
  3. 12 2月, 2016 16 次提交
  4. 11 2月, 2016 11 次提交
    • U
      Revert "mmc: block: don't use parameter prefix if built as module" · a5ebb87d
      Ulf Hansson 提交于
      This reverts commit 829b6962.
      
      Revert this change as it causes a sysfs path to change and therefore
      introduces and ABI regression. More precisely Android's vold is not being
      able to access /sys/module/mmcblk/parameters/perdev_minors any more, since
      the path becomes changed to: "/sys/module/mmc_block/..."
      
      Fixes: 829b6962 ("mmc: block: don't use parameter prefix if built as
      module")
      Reported-by: NJohn Stultz <john.stultz@linaro.org>
      Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
      Signed-off-by: NUlf Hansson <ulf.hansson@linaro.org>
      a5ebb87d
    • D
      btrfs: properly set the termination value of ctx->pos in readdir · bc4ef759
      David Sterba 提交于
      The value of ctx->pos in the last readdir call is supposed to be set to
      INT_MAX due to 32bit compatibility, unless 'pos' is intentially set to a
      larger value, then it's LLONG_MAX.
      
      There's a report from PaX SIZE_OVERFLOW plugin that "ctx->pos++"
      overflows (https://forums.grsecurity.net/viewtopic.php?f=1&t=4284), on a
      64bit arch, where the value is 0x7fffffffffffffff ie. LLONG_MAX before
      the increment.
      
      We can get to that situation like that:
      
      * emit all regular readdir entries
      * still in the same call to readdir, bump the last pos to INT_MAX
      * next call to readdir will not emit any entries, but will reach the
        bump code again, finds pos to be INT_MAX and sets it to LLONG_MAX
      
      Normally this is not a problem, but if we call readdir again, we'll find
      'pos' set to LLONG_MAX and the unconditional increment will overflow.
      
      The report from Victor at
      (http://thread.gmane.org/gmane.comp.file-systems.btrfs/49500) with debugging
      print shows that pattern:
      
       Overflow: e
       Overflow: 7fffffff
       Overflow: 7fffffffffffffff
       PAX: size overflow detected in function btrfs_real_readdir
         fs/btrfs/inode.c:5760 cicus.935_282 max, count: 9, decl: pos; num: 0;
         context: dir_context;
       CPU: 0 PID: 2630 Comm: polkitd Not tainted 4.2.3-grsec #1
       Hardware name: Gigabyte Technology Co., Ltd. H81ND2H/H81ND2H, BIOS F3 08/11/2015
        ffffffff81901608 0000000000000000 ffffffff819015e6 ffffc90004973d48
        ffffffff81742f0f 0000000000000007 ffffffff81901608 ffffc90004973d78
        ffffffff811cb706 0000000000000000 ffff8800d47359e0 ffffc90004973ed8
       Call Trace:
        [<ffffffff81742f0f>] dump_stack+0x4c/0x7f
        [<ffffffff811cb706>] report_size_overflow+0x36/0x40
        [<ffffffff812ef0bc>] btrfs_real_readdir+0x69c/0x6d0
        [<ffffffff811dafc8>] iterate_dir+0xa8/0x150
        [<ffffffff811e6d8d>] ? __fget_light+0x2d/0x70
        [<ffffffff811dba3a>] SyS_getdents+0xba/0x1c0
       Overflow: 1a
        [<ffffffff811db070>] ? iterate_dir+0x150/0x150
        [<ffffffff81749b69>] entry_SYSCALL_64_fastpath+0x12/0x83
      
      The jump from 7fffffff to 7fffffffffffffff happens when new dir entries
      are not yet synced and are processed from the delayed list. Then the code
      could go to the bump section again even though it might not emit any new
      dir entries from the delayed list.
      
      The fix avoids entering the "bump" section again once we've finished
      emitting the entries, both for synced and delayed entries.
      
      References: https://forums.grsecurity.net/viewtopic.php?f=1&t=4284Reported-by: NVictor <services@swwu.com>
      CC: stable@vger.kernel.org
      Signed-off-by: NDavid Sterba <dsterba@suse.com>
      Tested-by: NHolger Hoffstätte <holger.hoffstaette@googlemail.com>
      Signed-off-by: NChris Mason <clm@fb.com>
      bc4ef759
    • A
      mmc: sdhci-acpi: Fix card detect race for Intel BXT/APL · 6a645dd8
      Adrian Hunter 提交于
      Intel BXT/APL use a card detect GPIO however the host controller
      will not enable bus power unless it's card detect also reflects
      the presence of a card.  Unfortunately those 2 things race which
      can result in commands not starting, after which the controller
      does nothing and there is a 10 second wait for the driver's
      10-second timer to timeout.
      
      That is fixed by having the driver look also at the present state
      register to determine if the card is present.  Consequently, provide
      a 'get_cd' mmc host operation for BXT/APL that does that.
      Signed-off-by: NAdrian Hunter <adrian.hunter@intel.com>
      Cc: stable@vger.kernel.org # v4.4+
      Signed-off-by: NUlf Hansson <ulf.hansson@linaro.org>
      6a645dd8
    • A
      mmc: sdhci-pci: Fix card detect race for Intel BXT/APL · 163cbe31
      Adrian Hunter 提交于
      Intel BXT/APL use a card detect GPIO however the host controller
      will not enable bus power unless it's card detect also reflects
      the presence of a card.  Unfortunately those 2 things race which
      can result in commands not starting, after which the controller
      does nothing and there is a 10 second wait for the driver's
      10-second timer to timeout.
      
      That is fixed by having the driver look also at the present state
      register to determine if the card is present.  Consequently, provide
      a 'get_cd' mmc host operation for BXT/APL that does that.
      Signed-off-by: NAdrian Hunter <adrian.hunter@intel.com>
      Cc: stable@vger.kernel.org # v4.4+
      Signed-off-by: NUlf Hansson <ulf.hansson@linaro.org>
      163cbe31
    • A
      mmc: sdhci: Allow override of get_cd() called from sdhci_request() · 8d28b7a7
      Adrian Hunter 提交于
      Drivers may need to provide their own get_cd() mmc host op, but
      currently the internals of the current op (sdhci_get_cd()) are
      provided by sdhci_do_get_cd() which is also called from
      sdhci_request().
      
      To allow override of the get_cd functionality, change sdhci_request()
      to call ->get_cd() instead of sdhci_do_get_cd().
      
      Note, in the future the call to ->get_cd() will likely be removed
      from sdhci_request() since most drivers don't need actually it.
      However this change is being done now to facilitate a subsequent
      bug fix.
      Signed-off-by: NAdrian Hunter <adrian.hunter@intel.com>
      Cc: stable@vger.kernel.org # v4.4+
      Signed-off-by: NUlf Hansson <ulf.hansson@linaro.org>
      8d28b7a7
    • A
      mmc: sdhci: Allow override of mmc host operations · bf60e592
      Adrian Hunter 提交于
      In the past, fixes for specific hardware devices were implemented
      in sdhci using quirks.  That approach is no longer accepted because
      the growing number of quirks was starting to make the code difficult
      to understand and maintain.
      
      One alternative to quirks, is to allow drivers to override the default
      mmc host operations.  This patch makes it easy to do that, and it is
      needed for a subsequent bug fix, for which separate patches are
      provided.
      Signed-off-by: NAdrian Hunter <adrian.hunter@intel.com>
      Cc: stable@vger.kernel.org # v4.4+
      Signed-off-by: NUlf Hansson <ulf.hansson@linaro.org>
      bf60e592
    • C
      Merge branch 'integration-4.5' of... · 43d871f0
      Chris Mason 提交于
      Merge branch 'integration-4.5' of git://git.kernel.org/pub/scm/linux/kernel/git/fdmanana/linux into for-linus-4.5
      43d871f0
    • L
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma · 721675fc
      Linus Torvalds 提交于
      Pull rdma fixes from Doug Ledford:
       "A few more minor fixes for rc3:
      
         - One fix to ipoib
         - One fix to core sysfs code
         - Four patches that resolve an oops found in testing of ocrdma and a
           couple other ocrdma issues"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma:
        RDMA/ocrdma: Fixing ocrdma debugfs directory remove
        RDMA/ocrdma: Fix pkey_index returned by driver in rq work completion
        RDMA/ocrdma: populate max_sge_rd in device attributes
        RDMA/ocrdma: Initialize stats resources in the driver before ib device registration.
        IB/sysfs: remove unused va_list args
        IB/IPoIB: Do not set skb truesize since using one linearskb
      721675fc
    • D
      Merge branch 'drm-fixes-4.5' of git://people.freedesktop.org/~agd5f/linux into drm-fixes · c92a428f
      Dave Airlie 提交于
      radeon and amdgpu fixes for 4.5.  Highlights:
      - powerplay fixes for amdgpu
      - race fixes in the sub-allocator in radeon and amdgpu
      - hibernate fix for amdgpu
      - fix a possible circular locking in userptr handling in amdgpu
      
      * 'drm-fixes-4.5' of git://people.freedesktop.org/~agd5f/linux: (21 commits)
        drm/amdgpu: fix issue with overlapping userptrs
        drm/radeon: hold reference to fences in radeon_sa_bo_new
        drm/amdgpu: remove unnecessary forward declaration
        drm/amdgpu: hold reference to fences in amdgpu_sa_bo_new (v2)
        drm/amdgpu: fix s4 resume
        drm/amdgpu/cz: plumb pg flags through to powerplay
        drm/amdgpu/tonga: plumb pg flags through to powerplay
        drma/dmgpu: move cg and pg flags into shared headers
        drm/amdgpu: remove unused cg defines
        drm/amdgpu: add a cgs interface to fetch cg and pg flags
        drm/amd/powerplay/tonga: disable vce pg
        drm/amd/powerplay/tonga: disable uvd pg
        drm/amd/powerplay/cz: disable vce pg
        drm/amd/powerplay/cz: disable uvd pg
        drm/amdgpu: be consistent with uvd cg flags
        drm/amdgpu: clean up vce pg flags for cz/st
        drm/amdgpu: handle vce pg flags properly
        drm/amdgpu: handle uvd pg flags properly
        drm/amdgpu/dpm/ci: switch over to the common pcie caps interface
        drm/amdgpu/cik: don't mess with aspm if gpu is root bus
        ...
      c92a428f
    • D
      bpf: fix branch offset adjustment on backjumps after patching ctx expansion · a1b14d27
      Daniel Borkmann 提交于
      When ctx access is used, the kernel often needs to expand/rewrite
      instructions, so after that patching, branch offsets have to be
      adjusted for both forward and backward jumps in the new eBPF program,
      but for backward jumps it fails to account the delta. Meaning, for
      example, if the expansion happens exactly on the insn that sits at
      the jump target, it doesn't fix up the back jump offset.
      
      Analysis on what the check in adjust_branches() is currently doing:
      
        /* adjust offset of jmps if necessary */
        if (i < pos && i + insn->off + 1 > pos)
          insn->off += delta;
        else if (i > pos && i + insn->off + 1 < pos)
          insn->off -= delta;
      
      First condition (forward jumps):
      
        Before:                         After:
      
        insns[0]                        insns[0]
        insns[1] <--- i/insn            insns[1] <--- i/insn
        insns[2] <--- pos               insns[P] <--- pos
        insns[3]                        insns[P]  `------| delta
        insns[4] <--- target_X          insns[P]   `-----|
        insns[5]                        insns[3]
                                        insns[4] <--- target_X
                                        insns[5]
      
      First case is if we cross pos-boundary and the jump instruction was
      before pos. This is handeled correctly. I.e. if i == pos, then this
      would mean our jump that we currently check was the patchlet itself
      that we just injected. Since such patchlets are self-contained and
      have no awareness of any insns before or after the patched one, the
      delta is correctly not adjusted. Also, for the second condition in
      case of i + insn->off + 1 == pos, means we jump to that newly patched
      instruction, so no offset adjustment are needed. That part is correct.
      
      Second condition (backward jumps):
      
        Before:                         After:
      
        insns[0]                        insns[0]
        insns[1] <--- target_X          insns[1] <--- target_X
        insns[2] <--- pos <-- target_Y  insns[P] <--- pos <-- target_Y
        insns[3]                        insns[P]  `------| delta
        insns[4] <--- i/insn            insns[P]   `-----|
        insns[5]                        insns[3]
                                        insns[4] <--- i/insn
                                        insns[5]
      
      Second interesting case is where we cross pos-boundary and the jump
      instruction was after pos. Backward jump with i == pos would be
      impossible and pose a bug somewhere in the patchlet, so the first
      condition checking i > pos is okay only by itself. However, i +
      insn->off + 1 < pos does not always work as intended to trigger the
      adjustment. It works when jump targets would be far off where the
      delta wouldn't matter. But, for example, where the fixed insn->off
      before pointed to pos (target_Y), it now points to pos + delta, so
      that additional room needs to be taken into account for the check.
      This means that i) both tests here need to be adjusted into pos + delta,
      and ii) for the second condition, the test needs to be <= as pos
      itself can be a target in the backjump, too.
      
      Fixes: 9bac3d6d ("bpf: allow extended BPF programs access skb fields")
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a1b14d27
    • L
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input · 74c7b2af
      Linus Torvalds 提交于
      Pull input updates from Dmitry Torokhov:
       "Just small driver fixups"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
        Input: colibri-vf50-ts - add missing #include <linux/of.h>
        Input: adp5589 - fix row 5 handling for adp5589
        Input: edt-ft5x06 - fix setting gain, offset, and threshold via device tree
        Input: vmmouse - fix absolute device registration
        Input: serio - drop warnings in case of EPROBE_DEFER from serio_find_driver()
        Input: cap11xx - add missing of_node_put
        Input: sirfsoc-onkey - allow modular build
        Input: xpad - remove unused function
      74c7b2af